Wow, I backed this on Kickstarter in 2011 for $60.
I was supposed to receive "A custom made FreedomBox Foundation MicroSD card reader so you can keep your freedom running in style and a MicroSD card loaded with Freedom Box software"
These home server boxes never include self-hosting email. Is it because anyone running their own SMTP is assumed to be a spammer?
It's annoying because hosted email services are strangely expensive. Oh, they'll let you have multiple email addresses for a low rate, but as soon as you want multiple mailboxes (which is just a separate directory as far as the server is concerned), suddenly I'm paying way way more.
>These home server boxes never include self-hosting email. Is it because anyone running their own SMTP is assumed to be a spammer?
Yes, that's part of the issue. Because many home computers got infected by viruses to become bots sending bulk spam, email sourced from residential ip addresses became "guilty until proven innocent".
Even the recent $499 "home email appliance" such as Helm[1][2][3] for private encrypted email ends up using a centralized service such as Amazon AWS for the routing of email packets.
>Oh, they'll let you have multiple email addresses for a low rate, but as soon as you want multiple mailboxes (which is just a separate directory as far as the server is concerned), suddenly I'm paying way way more.
If you don't need business-class type of email service ("business" meaning Outlook sync, shared calendars, 99.999% uptime, etc), then the cheapest way I found for multiple mailboxes is a shared hosting plan. E.g. I pay $49/year for 5 website domains that includes email hosting with unlimited mailboxes. Not just unlimited addresses/aliases but mailboxes. Shared hosting is way cheaper than the $144/year that Rackspace charges for just 5 mailboxes.
I recently switch to mailcow-dockerized on a cheap 3€/month VPS and it works perfectly. I can create as many mailboxes as I want (until the disk is full) and also have as many domains / email adresses connected. It's really awesome and way easier than I imagined.
helm was $300 for a time - $100 a year service fee after. I see they are now showing out of stock. And they started to add other services, including hosting some services on it with nextcloud.
I use Pobox Basic ($20/year) + AllMail ($10/domain to forward all addresses at that domain) [1].
Mail for anybody@example.com goes to Pobox, which forwards to me@home.example.com (my home server). My server is configured to send all outgoing mail through Pobox's servers, which avoids the problem of people blocking residential SMTP.
I am another longtime @pobox person. However, I recently got told that its held up as a source of spammy mail, is characterised by many other SMTP speakers as a problem.
pobox is now owned by fastmail. They are an Australian company and for other reasons (crypto nation state issues) are not always suitable, but technology wise are very smart.
I'm sticking with my @pobox identity, its possible fastmail offer better domain-centric mail forwarding options for you noting the AU crypto law issue.
(in case its not clear, pobox and fastmail are in the same "space" but appear to operate independently)
I know that residential ISPs block outgoing port 25 because of the spam issue. Is it common for them to block it incoming as well? You don't really need outgoing port 25 to run your own mail server.
Directly, yes, but not via a smart host, which is how most SOHO mailservers (where used) are configured.
It's not quite a full-fledged, full-privilege system, but it continues to provide major benefits over Webmail or client-based (POPS, IMAPS) configurations.
Hosting incoming SMTP requires doing network config at the provider level - stable static IP, port 25 unblocking, and static DNS.
Needing to host outgoing SMTP is an anachronism. It's only needed since client IPs are often considered dirty, so hosting it on your home connection can't fix that!
FWIW if you just don't want the responsibility of securing an Internet-facing server yourself but don't mind some config otherwise, you could sort email yourself with fetchmail+procmail or the like.
At least in my experience, residential networks aren't worth bothering with for email.
It's all about reliability - I need my email to work at all points in time. I can't deal with ISPs blocking the port, not to mention everything will flag your emails as spam because it's coming from a residential IP.
If you're selling a commercial offering then you're going to need to fix those issues, otherwise, why wouldn't you pay for a "standard" solution that solves those issues for you?
Generally residential connections block outbound port 25, because of the spam issues that were caused by compromised computers in decades passed.
Also, I ran an email server at home when I was a teenager, the availability of the server was less than I wanted, so I've had to move that email service elsewhere. I suspect relatively average people would have a very hard time operating a satisfactory email service at home even if all of the SMTP stuff is perfectly reliable and foolproof.
In case your are interested, the YunoHost project includes a fully-functional mail stack out of the box (modulo the DNS records which you must set in your registrar according to the recommended DNS conf provided by YunoHost ;))
I occasionally contribute to the project, and afaik the general opinion is that mail servers would be too tedious and error prone exactly because of this problem. Did I miss something?
My main issue with things like this is security. I don't particularly want to be responsible for running Internet-facing services as a hobby. I would only consider it if they had a good track record and really solid story around security, perhaps including rapid automatic updates or a remote kill switch in case something critical is found.
Freedombox is a pure Debian stable blend.
That means 100% Debian (just configured to the purpose) with automatic security updates.
Debian has a quite good track record.
What are we comparing, a Debian installation which follows the debian guidelines of sane defaults vs?
The point of debian is that mis-configuration is either bugs or explicitly done by the user. A good example is ssh which do not allow root to log in by default.
That's an issue, certainly. But by default, Debian has no outward-facing services. And by default, ssh login by root is disabled. One would hope that people switch to key-based authentication, and keep their private keys safe. But yes, people screw up sometimes, and maybe hobbyists do more often.
Installing nginx is easy now, and the defaults are quite sane. The configuration logic is a little counter-intuitive, but it's not hard to find setup guides online.
I'm not so sure about the practicability of a user-based Web. For one thing, most ISPs are touchy about websites on home accounts. And many plans still have low upload caps. In the US, anyway.
It's appropriately called "FreedomBox", not "SecurityBox". If you would rather give up your freedom and prefer whatever notions of security centralised services have, then this is not for you.
Also there is that infamous quote, "Those who give up freedom for security deserve neither."
People are already running home servers. It's just that we call them 'modems' and 'routers'. Most come with few if any system updates. Enough that the FBI have issued national alerts to reboot routers[0].
Turris Omnia[1], based on OpenWRT and maintained by the Czech national domain registrar, is a notable exception, and it is itself a highly capable server. It updates automatically and regularly over the network. With the (optional, supported, and documented[2]) addition of an SSD storage, or an external drive (USB or network), it can provide read/write-heavy services as well (otherwise the onboard flash storage wears too quickly).
Though standing in as a personal social/media server is not its core goal.
I think the argument is that all of our personal servers should be treated as such (that is, not appliances that require zero maintenance), and that this is a step in that direction.
All the router hacking of 2018 was possible because we treated our home Internet services as dumb-connections instead of treating them as the vulnerable “Internet Services” that they are.
It's that the stumbling block of "people won't run servers" is already untrue. People do.
(They may not realise it, but they do.)
They run fairly limited servers, with fairly low attack surfaces and assets, and they (with no small fault of vendors) administer them very poorly. But they run servers.
I am both enthusiastic about what FreedomBox are trying to do and apprehensive of both possible success and consequences (I've been submitting multiple related articles to HN myself over the past few days). I'm watching the discussion with interest, there are good points being made.
If you break down the challenge, it has multiple parts.
Hardware really isn't the problem -- a $25 RaPi, the Olimex box, a Turris product, or one of Zotex's Pico systems[0] could serve amply, at price-points up to about $300, with full ownership of data, hardware, and link.
Software mostly isn't -- the basic pieces exist, though some are rough. The federated social space, probably Friendica, is a good bet. Mastodon addreses microblogging. For blog-type interactions, RSS/Atom and a feed reader or aggregator works well, and would be a good addition to the FreedomBox.
Social graph -- user adoption -- is a huge issue, though it's also somewhat self-sorting. Early adoptors of such technologies tend to be a fairly high-affinity and the space, if it develops sufficient early momentum, something that could be as few as several 100s or 1,000s of active users (and that could be 10k - 10m registrations or trials) may take root. Though early organic growth may appear slow.
It's the soft areas can be frustratingly hard: picking the technology stack, from harware to OS, protocols, and implementations. This is where choice cuts two or three ways, often leaving bloody stumps. For the advocates, it's a battle for supremacy, for the general public its all a confusing blur. A hidden benefit of tech monopolies is that the constrain choice and simplify decisionmaking.
As we've learnt over the past five years or so, the social consequences, large and small, of wholly unregulated or cabalistically controlled media systems are huge, and how FreedomBox or equivalents peturb that dynamic isn't clear, though I might be prepared to place some bets.[1]
Media systems simply do not and can not resist hierarchical consolidation for reasons of basic graph theory, though the particulars of that consolidation and the administration, objectives, and guiding principles of key hubs fall along a wide continuum. Even with FreedomBox, it's certain that people will share resources and systems -- possibly a handful as families, households, and friends, possibly communities of hundreds, thousands, or millions. Services are cheap -- the direct provisioning costs of Diaspora run about $0.25/user-year[2], which is the definition of "too cheap to meter". As a service, bundling at less than 100-1,000 users is logistically impossible. Among my thoughts is how community bundlng might be facilitated.
Running persistent network services over consumer-grade broadband (or worse) is also a major pain in the backside, often through vendor limitations, though those are imposed with good reason. Registering and keeping control of a domain space is an obstacle to most people. Maybe not you, maybe not some of your friends, but yes, the general public.
And then we get to the direct service-administration risks: anything from service interruptions to hardware failure, data loss, system compromise, botnets, malware, denial of service, surveillance, credentials fraud, blackmail, legal regulations (copyright, patents, privacy, libel), and more. Decidedly nontrivial.
FreedomBox at least is building from some of the best possible bases: Debian GNU/Linux, experts in online law[3], Free Software, open protocols, and simple, inexpensive hardware. It might succeed, and if it fails, the lessons should be highly illuminating.
But, and back to my point previously, the hurdle of getting people to run dedicated server appliances is not the core challenge, though possibly having them do that without realising they're doing so is informative.
1. I'm somewhat involved in a project in this space, https://Darcy.is
2. Experience from https://pluspora.com, run by two people and hosting 10k+ users. Mind that additional admin and moderation services add to this.
3. Eben Moglen, a/k/a "Richard Stallman's lawyer", and Yochai Benkler (Th Wealth of Networks), whom I'm very late to the party in discovering just within the past week, among many others.
No what? You didn't actually disagree, you just went on an unrelated rant.
FreedomBox is just another way of expanding your attack surface. People won't run servers because of this, and pretending like all hardware are"servers" diverts from that point. They're too much work to keep safe, and complain all you want about that work already being necessary, it's irrelevant to the conversation.
As I've mentioned on other stories about this device (like [1]), a part of the user story that's still missing is how these devices are supposed to interact with each other. Running a few web services inside your home network is neat, I guess, but not very useful if they're only accessible within that network.
There's also a lot of weird overlap between the services provided by the various apps installed by FreedomBox. It's unclear how much, if any, integration work FreedomBox is doing, or if the user is expected to do that on their own.
If it's a web server, then it would be accessible outside your home Internet network, would it not?
Regarding the use cases for something like this, I can think of a few:
- Roll-your-own cloud storage (pics, documents, videos) and access them anywhere you are. No need to hand over more of your data to iCloud, Dropbox etc
- Host a personal website. For the types that complain about being deplatformed from Twitter or whatever, here's the solution.
- Pihole or the nearest equivalent. All devices could have network-wide adblocking automatically.
To reach your freedombox from the internet you can: use a public IP address, use DynDNS, use PageKite, or use TOR.
About connecting boxes: FreedomBox is a platform for services/apps that then can connect.
About integration work: True; Some apps are indeed one-click installations and are running and usable after that, others (e.g. tahoe-lafs) would need more setup to be actually usable.
Interesting concept. A user friendly Pi-alike that runs services locally so you don't have to trust the big corporations. (said corporations may have very different goals than you do for your data, he says as neutrally as possible...)
I'm very happy that such things are possible nowadays: small inexpensive hardware running Linux, with some well constructed software UI on top. Similar to what Mozilla is doing with their IoT webthings gateway (which I have running on my Retropie since most of the time it sits idle and sips tiny amounts of power). I know it's "on the shoulders of giants" but I think we shouldn't underestimate the power that an open, hackable platform like the Pi gives back to people.
This should support home automation devices, especially security cameras. Don't let that stuff go off-premises. Maybe log encrypted video to an external site, but with a key the external site does not have.
Wonder who their target demographic is. People balk at paying for email from a known provider, let alone buy a box to run it out of their own home for $100. You’d have to have a lot of motivation to do so, and it feels like the Venn diagram of people who are savvy and motivated enough to care about digital privacy, intersected with those with technical skills feels like nearly 90% overlap. And I’m not so sure the privacy group is so sizable. I’d probably be in this camp but I really don’t want to have to worry about spam filters, triggering them in others by sending from my home ISP, nor dealing with backup or corrupted databases. Wonder what their plan is there...
The average person who wants this without being their own sysadmin should probably just use Apple products. I work for Apple and can attest that privacy isn’t just marketing — it permeates all decision making in every discussion I’ve been a part of... sometimes making it harder or impossible to create the things we’d like to have (privacy wins). I know many on HN will want their “freedom” as in “freedom box,” but the average user massively benefits from an ecosystem designed to make things as easy, desirable, and supported as possible.
I think the target market is a little larger than you think. The problem with Apple products is that they're a walled garden, and an expensive one to boot. My privacy isn't worth $4000 for a set of new computers, but it might be worth $100. I'd still probably end up using Linux for my day-to-day programming needs, because I find it easier to use.
While I suspect most of the target market could set up their own server (it's not rocket science-a smart 12 year-old could), a lot of us couldn't be bothered. A lot of people who buy hammers at the store probably could make their own hammer in their shop, but why would they?
Also, speaking of 12-year olds, I think this would be a great thing for kids to tinker with .. set up their own website and whatnot.
I assume you're getting downvoted due to the Apple advocacy in your second paragraph, and hopefully not for your first paragraph. I entirely agree with that. I wish I didn't have to be cynical about things like this, but I just don't see the market for this device, and when it comes to social-network-like things, you need a large market for network effects to kick in.
The initial idea was a device similar to a answering machine in size, price and interface. That is, a $10-$20 price range and a simple configure-once-and-forget interface.
Pioneer Edition FreedomBox Home Server Kit is clearly not there yet, but I would hazard a guess that their target demographic is currently on developers and tech savvy privacy advocates who can afford a bit steeper price for a "server kit".
But still, who would buy that $10-$20 device? If it doesn't replicate their Facebook/Instagram/whatever experience, and they don't know how to get their friends on it (the majority of whom probably aren't too privacy-conscious), it's just a paperweight
You can get the same network effects of these cloud services through federated networks. Imagine "Federate-book" I run and host my own "Facebook wall" on my local box (or wherever I choose to host), friends can request access to view my content ("friend requests") which I can then control and manage myself, "Facebook groups" are hosted by wherever their creator decides, and moderation is the right/responsibility of the creator of the group.
If some host-er of the federate-book wants to aggregate my data and sell it to third parties, they can make that clear in their terms and I can opt-in/out of that arrangement. If my host-er wants to use machine learning and other methods to wipe my feed of their definition of "abuse" or "fake news", they can try that and I can determine if I trust their judgement. I'll choose whether I want to hear what Alex Jones has to say for myself, thank you very much. If somebody is illicitly calling for violence and should be forcefully banned and punished, then this can be dealt with by the (admittedly imperfect,) relatively transparent and principled system of laws that include foundational principles of justice like innocence until proven guilty, and the rights of the accused to defend themselves.
The status quo cloud-silos governed by a small group of executives opining about what censorship-policies will garner them the greatest profits next quarter are dangerous single points of failure for user privacy, and inherently at risk for becoming tools of tyrannical control and manipulation. Yes there is much work to be done in building good protocols for federated social networks that even grandma can make use of, but guess whose fault that is? "The cloud" didn't exist 20 years ago either, and its ubiquity and ease of use should be attributed to the literal billions (if not trillions) of dollars of R&D that has been thrown at it.
We really can "have our cake and eat it too" in this domain, if the engineers and venture capitalists that build/fund these tools directed R&D appropriately. As the (predictable but unfortunately unmitigated) true cost of a generation of "cloud" mania slowly becomes apparent to the general public, we will likely see a greater groundswell of market demand "fediverse" products and services. Undoubtedly the rent-seeking cloud providers will try and prevent this through propaganda and by force -- we're already seeing this in the "fake news" hysteria and Zuckerberg's call for regulation of social media. But if America's legal institutions and popular support can hold the barbarians at bay, we will hopefully be living with a very different internet 20 years from now.
(Didn't really know where I would end up with this comment and it sort of turned into a rallying cry so I'll go with it. Yeah HN, let's do it!)
We've had this for years already, more or less. It's called Diaspora, and it hasn't succeeded in pulling the masses away from Facebook.
You can get network effects through any kind of network, but you still need to get your friends on that network in order to build those effects. I just don't see this sort of thing being successful at that.
There are certainly more people angry about what FB has been doing with their data there was a couple years ago, but the majority of them seem to still continue posting on FB, because that's where all their friends are.
I love the vision, but there are some pretty sizable hurdles not so easy to clear. Dynamic IPs, ports blocked by over zealous ISPs, bandwidth throttling, power redundancy, etc, etc...
Just by joining the zeronet[1], you get most of the functions you can get the clearnet in decentralized form:
Forum,
Blog,
Social Network,
Search Engine,
Wiki,
Mailing,
Chats,
e.t.c.
I was supposed to receive "A custom made FreedomBox Foundation MicroSD card reader so you can keep your freedom running in style and a MicroSD card loaded with Freedom Box software"
...I have not received anything (yet?)