Talk:Risks and Threat Models

From PlexodusWiki
Revision as of 13:48, 16 October 2018 by Dredmorbius (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Let's talk about this.


Let's try to keep the general discussion thread within this section, and build out the content discussion below.

My sense is that this page is going to be among the more critical resources we can offer here, and I'd like to make it 1) good 2) accessible to the typical reader and 3) useful to the advanced reader / site administrator.

There are a ton of weaknesses I'd like to address, structure below.

  • The whole field of self-hosted / p2p systems is either poorly covered or lacking general awareness in the literature. I've been in the tech field for 3+ decades and have worked on or for numerous large sites. This isn't something I know well.
  • The tech field as a whole has _not_ traditionally cooperated well on security, though much may have changed in the past 5 years that I've largely been outside of it. I'm aware of some larger-player initiatives, vaguely, though not familiar with them.
  • p2p / self-hosting / independent players is pretty much precisely where the EFF and EPIC came from. They may be useful. IFTF is another organisation. This needs research.

--Dredmorbius (talk) 05:11, 15 October 2018 (CEST)

User concerns[edit]

Users use services, but do not, generally, administer, moderate, host, or provide connectivity. The most commonly expressed concerns among G+ users in exodus seem to be

  • lack of confidence in data security (who can access my photos, for example; and how do I know the site moderator can be trusted)
  • limits on user control over blocking undesirable contacts (by marking someone's posts or comments - sometimes two separate issues) from the user's "feed"
  • inaccessibility of moderation by site owners or other moderator authorities (to bar entry to a group at a meta-level above the user)
  • arbitrary moderation that infringes an individual's perceived or actual rights to "free speech" or "free association"
  • inaccessibility of the server due to local frailties of the host (particularly for small distributed servers that are unlikely to have robust infrastructure like a commercial datacenter)
  • ineptitude: regardless of the current degree of polish or lack thereof; can the service provider deliver in the long run? After all, even Google couldn't keep G+ open in the long run. We certainly don't want to go through all this mess again in another year or two.

There are diametric conflicts inherent in these concerns:

  • demand for inexpensive or completely free service vs. demand for reliable and diligent attention by administrators of the service (I want service and I want it for free!)
  • demand for an interesting, diverse and engaging community vs. demand for protections of individuals against objectionable content (keep the door open, but not TOO open!)
  • develop a social network system that works for everyone vs. don't keep changing it once I understand it

Admin concerns[edit]

Admins include moderators, forum owners, platform owners, and the administrators of specific systems: SysAdmins, NetAdmins, and DatabaseAdmins (DBAs).

Consistency - everyone is different. Nobody wants to check "the manual", especially when they are working for free and they already know what "looks OK". The more moderators there are, the more likely they will disagree about what constitutes "acceptable" content. Making clear and enduring statements about the content of a community is extremely difficult. This is complicated by individuals' conflicting agendas - when fostering volunteer groups, one must be accommodating to their varied sensibilities. (You have to take the good with the bad)

Moderator coordination becomes far easier where there are activity logs. G+ lacks these entirely. Reddit's Moderation log is good, and goes back forever in time (this has proved ... useful ... where a forum was taken over by nazis or rascists, in the past). A specific moderator channel as well (I've created one for the G+MM community, and this Talk page is MediaWiki's answer.) Good moderation remains an art and skill, not a science or grunt labour. And burnout is a real concern. --Dredmorbius (talk) 16:40, 15 October 2018 (CEST)

Host concerns[edit]

Hosting is the provision of facilities for one or more systems. Colo (colocation) and cloud (virtualised server hosting) are two of the larger operations, server farm refers to a hosting facility, physical or virtual. Hosting is generally physical bare-metal or various forms of virtual: virtualhosts served by a single web server, virtual machines such as Xen, Qemu, VMWare, or Azure, lightweight "jail" capabilties, or systems such as Kubernetes and Qubes.

Telco concerns[edit]

Connectivity providers.


This combines one or more roles at a small scale. There's interesting developments such as the FreedomBox project (in various states of Failing To Deliver AFAIK), Raspberry Pi, and OpenWRT. Given that a home router may offer several GB of memory, fast CPUs, several GB of local disk, and the option of attaching multiple TB of external or NAS storage, there is a surprisingly capability represented here.

Primary concerns are intermittency (residential/business-grade broadband is not highly reliable), speed/performance, network congestion (your household/business may prefer not having VOIP services limited by a sudden usage spike on your self-hosted social media box), and the fact that your home/office IP may be directly revealed to remote sites.

Network syndication, content caching, a leafnode-type peering system (where self-hosts aggregate to a regional pass-through peer, fronting the broader network), edge-caching (CloudFront, Limelight, CloudFlare, Google), Tor, and other options, may address traffic and privacy issues. I am sorely underinformed on options here.

Tim Berners-Lee's Solid and Inrupt may address this, but are also fairly nascent in development.

Hubzilla _may_ address some of these concerns, possibly Friendica.

We need informed expertise on all of this.


Pluspora is a key example of this. Effectively, affiliated groups of people organise or volunteer to offer services collectively or to others. There's a rat's nest of considerations here, with exposures to users, admin/hosts, and possibly others. Operational continuity and financing in particular, on top of the usual suspects.

Abuse and harassment, particularly of vulnerable individuals and populations[edit]

I can claim no expertise here but really, really, really, really want this well-addressed. It's a massive weakness.

External manipulation / abuse of networks[edit]

If you build it, they will come, and they are not your friends.

Woozle came up with the observation that as we build out our small, technical, friends-and-families-and-associates networks, they eventually become large, interesting, or influential enough for others to seek to influence them. Advertising, disruption, data extraction, data injection, disinformation, misinformation, malware distribution, and more. Large or influential audiences are themselves a significant, rare, valuable, and vulnerable asset. My own awareness is recent, and exposes a huge void in my previous knowledge. A large part of that is recognising that information technology is in large part media technology concerning the exchange and dissemination of information through communities and cultures, and that it is directly related to social, economic, and political power. Even if you aren't interested in acquiring and exploiting those, others are.

(The other major component is control technology where machines talk to machines. Both concepts are tightly connected, fall within the notion of systems control loops and the like. If you've heard of an OODA Loop, USAF Col. Boyd's observe, orient, decide, act, that's a basic control system. Norbert Wiener's cybernetics address this in both mechanical and social systems, with direct references to totalitarianism, fascism, Catholicism(!), politics, and more. It's a highly underappreciated field and set of concepts, and exploration of it is very strongly encouraged. The Humane Use of Human Beings is vastly more interesting and compassionate than its title would suggest.)

Regulatory and legal environments[edit]

An area of constant and much recent change. Tons of risk for many involved.

  • EU: GDPR
  • EU: Article 13
  • Copyright, generally.
  • Criminal activity, generally.
  • Civil risks (lawsuits), generally.
  • US: National Security Letters.
  • Search warrants, other demands.

Organisations, advocacy, and support[edit]

  • EFF
  • EPIC
  • C3 (Chaos Computing Club)