#+title: Freenet for Journalists #+LANGUAGE: en #+options: num:nil toc:nil tags:not-in-toc html-postamble:nil ^:nil #+html_head: #+LaTeX_HEADER: \DeclareUnicodeCharacter{221A}{\checkmark} % M-x describe-char -> code point in charset #+BEGIN_ABSTRACT #+BEGIN_QUOTE /“There is now no shield from forced exposure…The foundation of Groklaw is over…the Internet is over”/ --Groklaw, [[http://www.groklaw.net/article.php?story=20130818120421175][Forced Exposure (2013-08-20)]] #+END_QUOTE #+END_ABSTRACT #+TOC: headlines 2 * What Freenet can do Freenet provides email without exposing metadata. It enables secure peer-to-peer communication and censorship-resistant publishing in partially hostile environments. It provides anonymity with reliable pseudonyms and decentralized publishing without single points of failure, as well as a darknet-mode with secure connections between friends. To achieve this functionality, the Freenet team solved numerous technical challenges, including global connectivity over restricted routes using a small-world structur and spam resistance in anonymous networks. The next step for the Freenet project is polishing it for specific workflows to make it the tool of choice for people who can benefit strongly from using it - starting with journalists and whistleblowers. They are the ones who are in dire need of features like the ones provided by Freenet: - The journalist in a countrywide newspaper, maintaining a point-of-contact to anonymous sources without requiring lots of infrastructure on the side of the journalist or the source. - The whistleblower in a medium-sized state-contractor, sending documents to a journalist and being available for questions to verify their origin without disclosing the whistleblower’s real identity to the journalist (or anyone else). For more information, see our [[./slides.pdf][Presentation Slides]]. * Why we need you Sadly most whistleblowers and journalists are unable to communicate securely in the current state of the internet. The main reason is that the current state of the usability of most cryptographic tools is horrible - represented excellently by the following quote from Glenn Greenwald: #+BEGIN_QUOTE /“I announced myself this cryptographic master that I was really becoming advanced and I looked at both of them and I didn’t see any return pride coming my way. Actually I saw them trying very hard to avoid rolling their eyes out of their head at me to one another. I said «why are you reacting that way and why is this why isn’t that a great accomplishment?» They let some moments and no one wanted to break it to me. Finally Snowden piped in and said «Truecrypt is really meant for your little brother to master, it’s not all that impressive.»”/ --[[http://media.ccc.de/browse/congress/2013/30C3_-_5622_-_en_-_saal_1_-_201312271930_-_30c3_keynote_-_glenn_greenwald_-_frank.html][Glenn Greenwald at 30c3]] #+END_QUOTE The issue described in this story is not the fault of journalists. We have lots of solutions, but our best tools are much too complicated. And Freenet is kind of the poster-child of this problem. Making the most important use cases of Freenet accessible to journalists will be a lot of work. Freenet can already be used for them today, if you know what you are doing. Even then, setup requires time, patience, and experience with security tools. Journalists are always lacking the first, whistleblowers should not need the third and the second should be required by no one who uses a computer. It has all the problems, Poul Henning-Kamp pointed out at Fosdem2014: #+BEGIN_QUOTE /“Are you sure you know what you are doing? Do you have a PhD in this?”/ --Poul-Henning Kamp ([[http://phk.freebsd.dk/_downloads/FOSDEM_2014.pdf][slides]], [[http://mirrors.dotsrc.org/fosdem/2014/Janson/Sunday/NSA_operation_ORCHESTRA_Annual_Status_Report.webm][video]]) #+END_QUOTE Freenet is at the point where it actually works well on the technical side. It features exchanging files invisibly with only a password, spam-resistant anonymous comments, and email that does not provide metadata that can be spied on. However, Freenet has always suffered from mediocre to bad user interfaces and rough edges like high delays on simple tasks, database corruption, and complex multi-step workflows for basic use cases like posting to a forum. Much of its potential is unrealized: existing features are often unpolished, and some features have been written but are not yet included because of a lack of developer hours to review and merge code. * How to test Freenet #+BEGIN_QUOTE /This is no longer just about Syria or Iran. If journalists cannot talk confidentially to anonymous sources, all of investigative journalism is at stake. This is why nowadays Freenet is more important than ever: email over Freenet hides metadata./ #+END_QUOTE To test what Freenet already provides, go to [[https://freenetproject.org][freenetproject.org]] and download and run the installer. As soon as Freenet has started, you should see its web interface with default bookmarks. To see what you can do besides browsing and [[/USK@940RYvj1-aowEHGsb5HeMTigq8gnV14pbKNsIvUO~-0,FdTbR3gIz21QNfDtnK~MiWgAf2kfwHe-cpyJXuLHdOE,AQACAAE/publish/3/][publishing]] anonymous sites and exchanging hidden files with just a password (used as “KSK”-key), have a look at the [[/USK@t5zaONbYd5DvGNNSokVnDCdrIEytn9U5SSD~pYF0RTE,guWyS9aCMcywU5PFBrKsMiXs7LzwKfQlGSRi17fpffc,AQACAAE/fsng/58/][Freenet Social Networking Guide]]. Currently creating a *pseudonym* and setting up *anonymous email*, *microblogging* and *forums* takes some time and effort (up to an hour). That’s part of what we want to change. * Who we are We are a team of about a dozen developers around the world. While we all have different goals, we all subscribe to the common mission of providing the technical foundation for freedom of the press in the internet. Our focus is best captured in the following quote from Mike Godwin: #+BEGIN_QUOTE "/I worry about my child and the Internet all the time, even though she' too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say 'Daddy, where were you when they took freedom of the press away from the Internet?/'" --Mike Godwin, Electronic Frontier Foundation, [[https://w2.eff.org/Misc/EFF/quotes.eff.txt][“Fear of Freedom” (1995)]] #+END_QUOTE Over the last years, many bright minds assembled around this focus and turned freenet into a tool which can actually provide an unmatched level of privacy. It has the potential to be the central technology for critical journalists worldwide. But experience also showed that with the current pace of development it will be very hard to reach this goal fast enough to make a difference before control by of the web by a few big actors gets so strong that people cannot even spread the word about Freenet anymore. And this is why we ask you for your help. * What we want to do #+BEGIN_QUOTE /In 2000 we said that the internet is at a crossroad between surveillance and freedom. Freenet started to fight for ensuring freedom of the press. Then 9/11 happened. In 2013 Edward Snowden made the general public realize that we are already far past that crossroad. He gave us precious time and backing to turn back the wheel and take the road towards freedom./ #+END_QUOTE We want to make Freenet the definite tool for privacy and free speech, one use case at a time. We want to allow ordinary users to tap all of Freenet's features and realize the goal of robust censorship resistance. That will require concentrated effort and lots of good legwork - the kind of work which has to be done, but does not give the coding-credibility or fame which draws many volunteers. For this we need your help. To realize the potential of Freenet, we want to finance two or more full-time developers who will focus on individual use cases to polish the user experience and make them easily accessible to their target groups. ** The ideal group Our ideal group would be a team of 8 people funded for 5 years (so people can lay down their current day-jobs to work on Freenet): - Three programmers -- one dedicated to core development, one for plugins, and one who ties both sides together. With this coverage we can ensure code review of all the different parts. The core developer needs serious skill in working with legacy Java code and improving it iteratively, as well as in security. At least one of the developers needs serious experience with Windows. - Two UI/UX designers who can code front end. At least one of them with robust prior experience on clearly presenting complex security decisions so that they are easier to make. Usable privacy tools are one of the big usability challenges out there. - One product manager and community coordinator who has experience with free software projects. The task is to pique the enthusiasm of the development community, and get volunteers to improve the core functionality of Freenet, develop apps and plugins, etc. (We need it because we suck at this.) - One person for outreach and training -- the "go-to" person for users in the field. This is someone whom journalists can contact to get set up using Freenet. He or she is also responsible for managing events and social media, such as Twitter, Facebook and a blog. Has to be able to work with the current, very diverse userbase. (We need that because we suck at this, and keeping contact with journalists is essential for spreading Freenet -- and as such to realize its mission.) - One fundraising coordinator and director -- in charge of fundraising, as well as all of those other managerial tasks that have to get done, e.g. dealing with the accounts, taxes and payroll. *** Cost estimate - Salaries: 3.2 million € (80k€ real cost per person per year - that’s what the University of Karlsruhe (KIT) estimates) - Office space: 60,000 € (about 1000€ per month in Technologiepark Bruchsal) - Computers and servers: 20,000 € - Other Office Equipment: 10,000 € - Running Expenses: 18,000 € (about 300€ per month) - External Security Audit: 500,000 € (one basic audit after the first year, then regular targeted audits) - Presence at journalist and privacy fairs (4 per year): still to be estimated (I asked Sandra from OpenITP) = 3,8 million Euro + presence at fairs + taxes to pay upfront on the funding money ** The minimal group The minimal group with which we could finish the basic functionality would be a team of 3 people full-time and one part-time, funded for 2 years: - Two programmers, one for the core, one for plugins and usability, one of them part-time. - One community coordinator and trainer. - One fundraising coordinator, director and developer. *** Cost estimate - Salaries: 490,000 € (70k€ real cost per person per year) - Office space: 12,000 € (about 500€ per month in Technologiepark Bruchsal) - Computers: 5,000 € - Other Office Equipment: 5,000 € - Running Expenses: 3,600 € (about 150€ per month) - External Security Audit: 100,000 € (minimal: about 2 weeks of audit after one year) - Presence at journalist and privacy fairs (2 per year): still to be estimated (I asked Sandra from OpenITP) = 615,600 Euro + presence at fairs + taxes to pay upfront on the funding money ** The good group The group with which we should be able to do effective work without having to fill multiple roles per person would be 5 people, funded for 3 years: - Two programmers, one for the core, one for plugins. - One user experience designer with programming experience. - One community coordinator and trainer. - One fundraising coordinator and director. *** Cost estimate - Salaries: 1.2 million € (80k€ real cost per person per year) - Office space: 36,000 € (about 1000€ per month in Technologiepark Bruchsal) - Computers: 10,000 € - Other Office Equipment: 10,000 € - Running Expenses: 7,200 € (about 200€ per month) - External Security Audit: 200,000 € (basic: content sanitizers and crypto) - Presence at journalist and privacy fairs (2 per year): still to be estimated (I asked Sandra from OpenITP) = 1.5 million Euro + presence at fairs + taxes to pay upfront on the funding money * Our two year vision With this team, we should be able within at most two years to get Freenet into a state where it makes whistleblowing safe and easy, as in the following example. Everything written below is already possible with the current capabilities of Freenet, but much less convenient than described here. #+BEGIN_QUOTE ------ Nick is a journalist. He has been active in Freenet for a few months, using a small computer running in his office. He maintains a website in Freenet which he links from the site from the newspaper he works for, and he republishes some of his articles to Freenet to spread information about his work to anonymous people. On this website he publishes an email address for contacting him over Freenet, and he regularly gets feedback to his articles from anonymous and non-anonymous people alike. Janice is working for a big military contractor. She has been questioning the effect of her work for years, and last year she got information about a secret project she cannot reconcile with her conscience. She wants to contact a journalist anonymously to check whether he is interested in the information, and if so perhaps she would provide some documents about the secret project. One week ago she talked to a friend about this, and the friend passed her Nick's business card, along with a special USB stick from her friend. She can use the special software on the USB stick (Linux Live System) to connect to Freenet without leaving any trace on her notebook or having to install any new application. Janice now goes to a bar with internet access, puts the USB stick into her laptop and starts it. A browser starts and shows a list of anonymous websites within Freenet, including the site from Nick. After she is certain that Nick is the right person to contact, she clicks on his contact address. The address brings her to a screen where she can compose a message and then send it anonymously to Nick. Freenet shows her the confirmation “message saved. Do you have an existing pseudonym you want to use or do you want to create a new one?” Janice clicks on "select new pseudonym”. Freenet prints the message “Your new pseudonym is Koyah_McLaughlin (randomly generated). Please save its key (cryptographically secure code) by writing down the following list of words or taking a photo of its QR image. You can use that to connect with your pseudonym from any computer that has access to Freenet.” Janice takes a photo of the black-and-white QR image on her screen in order to reuse the pseudonym at a later time. Then she orders a coffee and reads on: “Your message is being delivered. Please give Freenet a few minutes to upload it.” Then she watches a progressbar fill up. Just as she finishes her coffee, Freenet shows her that the message is delivered. Janice shuts down her laptop, pays in cash and leaves the bar. Since she only ran a Live Linux, nothing was written to her notebook and all traces of her actions disappear when it powers down. The next day Nick comes home and checks his messages. He instantly sees the new message sent via Freenet from Janice, identified as Koyah_McLaughlin, the pseudonym Janice used. While reading the information from Janice he feels a familiar jolt of excitement. This could be big. He crosschecks what he can, then sends a reply to Janice via Freenet. Her pseudonym allows Nick to answer her and shows him that he is communicating with the same person over time instead of several different anonymous people. The next week, Janice goes into another bar with internet access. She orders a coffee and plugs in the USB stick. In the browser she clicks on “read messages”. Freenet asks her to type the list of words for her pseudonym into a text field or show its image to the webcam. Janice holds the photo of her key in front of her webcam. Freenet confirms the key and asks her to wait a few minutes while her pseudonym is being restored. Just as she finishes her coffee, she sees the new email in her inbox: Nick answered. Over the next few weeks Nick and Janice keep in contact. Their messages are stored on hundreds of places within Freenet at once, making it impossible to delete them or to trace who sent or received them. Nick gives Janice advice on how she can keep a low profile, then he runs his story. A few months later Nick gets another message from Janice. His news story shook up the company, but Janice was able to keep clear of major problems. Freenet helped her to keep her name out of trouble despite complete surveillance on the normal internet. Now she has gotten wind of another unethical project, and she wants to ensure that it does not stay hidden from the public. ------ #+END_QUOTE * Work items (first year deliverables) workflow items (these have to be easy and convenient): - maintain journalist site - contact a journalist via the site - use a traceless persistent pseudonym (QR or written key) - Freenet-stick - invisible darknet (steganography) - grow the darknet over android ** Technical Tasks The following lists the tasks we can finish within one year to move towards our vision, marked by the group with which it should be possible to finish them in the first year. The items link to bugtracker entries with additional details. | task | ideal group | good group | minimal group | |----------------------------------+-------------+------------+---------------| | easy site creation | √ | √ | √ | | site: RSS import | √ | √ | | | site: twitter, FB, ... | √ | | | | site: authenticated list | √ | √ | | | site: comments | √ | √ | | | site: robust, secure backups | √ | | | | email a journalist from the site | √ | √ | √ | | email: connect seen pseudonyms | √ | √ | | | email: really robust installers | √ | √ | √ | | delayed WoT | √ | √ | | | faster WoT | √ | | | | traceless persistent pseudonym | √ | √ | √ | | Freenet-stick | √ | √ | √ | | darknet invites | √ | √ | √ | | FOAF-connections | √ | √ | | | preseeded WoT introduction | √ | √ | | | blinded sponsored WoT | √ | | | | merge transport plugin framework | √ | √ | √ | | several transport plugins | √ | | | | android-based darknet connection | √ | √ | √ | | andriod-based invitation | √ | | | | use home-node over android | √ | √ | | ** Task notes and grouping - maintain journalist site - easy site creation - blog-like functionality for simple sites (polish or integrate flog helper) - manage site uploading via the web-interface for more complex sites (automatic or scheduled updates) - integrate different data-sources - polished freereader-like functionality (RSS) - import tweets - comments via Sone, FMS, ... - really robust installers - prevent any chance of data-loss - robust backups! - encrypted backups with WoT ID as key - contact a journalist - email a journalist from the site - list authenticated journalist sites - pseudonymous email with address from a Freenet site - connect seen Pseudonyms - integrate WoT in Winterface - semantic WoT API - delayed WoT with automatic pseudonym creation - faster WoT - use a traceless persistent pseudonym - easier to write key encoding (think Windows Activation Key) - QR encoding and decoding of the insert key (print or take a photo) - share a Freenet-stick - darknet invites - FOAF connections - preseeded WoT introduction - create via GUI - blinded sponsored WoT trust for introducing a few WoT IDs without the sponsor being able to know the ID - connect over invisible darknet (steganography) - transport plugins - grow the darknet over android - merge android app backend code - fix and polish android refnode exchange - share invitation bundles over android (alternative to the Freenet stick) * stretch goals: Future use cases After we get Freenet into a state where it is the definite tool for journalists and whistleblowers, we can turn to other usecases to make easy. High profile use cases could be easier anonymous publication and collaboration: - the platform for political bloggers (with a transient browser-based mode for easier anonymous access), - the social network which respects privacy by design, and - a decentral, anonymous programming platform. Also a distributed anonymous datastore like Freenet can make use-cases easy which are hard in the current internet: - a spam-resistent, pseudonymous comment system for static websites, and - a core utility for exchanging files with your friends. And once we have transport plugins, there are many possibilities for making Freenet harder to detect and block: - integrating a VoIP client and hiding data in the noise of the video- and audio-stream, - hiding data in image-attachments of emails, - pre-filling USB-sticks over night which you exchange with friends and collegues during the day, - … and many more - see [[https://wiki.freenetproject.org/Steganography][Steganography]]. All the foundations for these are laid, but most of them are inaccessible for general users and inconvenient even for advanced users. ** More detailed descriptions of possible use-cases *** “Make your own freesite with 3 clicks” - start my freesite (click) → paste the first article (click) → publish (click). - Optionally set a name, a description and a logo (image). - currently that would also require solving 10 captchas to make the freesite visible - The name for the Pseudonym would be either an existing ID or autogenerated (just a pre-filled field). - “Pseudonym to use for publishing [create new with name TEXTFIELD, ] http://127.0.0.1:8888/Sone/viewPost.html?post=4b134fc5-6947-49b6-ab41-a85d3ceddb2a *** Publish in Syria - The activists in Syria publishing their experiences for journalists in other countries to take up. Most Facebook pages from Syria are gone. “Facebook pages are the only outlet that allows Syrians and media activists to convey the events and atrocities in Syria to the world”² which means that right now, conveying events from Syria to the world means disclosing your identity. And this has dire consequences: “On December 9, five men stormed her organization’s office in the Damascus suburb of Douma and kidnapped her, along with her husband and two colleagues”. With Freenet a news site can be published anonymously without requiring lots of resources and especially without requiring any constantly available hardware. And everyone can copy a site in Freenet ²: http://www.theatlantic.com/international/archive/2014/02/the-syrian-opposition-is-disappearing-from-facebook/283562/ *** Communicate in the UK - Political activists in the UK keeping in contact and working together without revealing their group structures. Just three years ago the Guardian reported about complaints from activists that “dozens of politically linked Facebook accounts have been removed or suspended”.¹ This easily disrupts group structures and can as such be an efficient way to silence the opposition. Due to complete surveillance of communications, it is possible to determine essential people in a group and dissolve the group with minimal effort and backlash. Freenet can hide these structures and thus stop part of the network analysis. ¹: http://www.theguardian.com/uk/2011/apr/29/facebook-activist-pages-purged ** technical stuff - optimization for video sites - integration with jitsi or other XMPP programs and/or free games to simplify invisible Freenet usage piggibacking on existing services * Other projects There are some projects which try to provide support for this usecase: - [[http://torproject.org][tor]]: Via hidden services it can provide anonymous access, but they require strong infrastructure for the journalist to keep them active when the journalist becomes inconvenient to someone in power. When the main hoster of tor sites was busted some time ago, half the hidden services went offline. - [[http://geti2p.net][i2p]]: Similar to tor, but with decentralized forums which can be migrated to other services. It provides the decentral storage solution TAHOE-LAFS. - [[https://tahoe-lafs.org/trac/tahoe-lafs][TAHOE-LAFS]] offers limited hosting space and privacy. Different from Freenet it does not provide decaying storage with access-dependent lifetimes which is required to provide free publishing for people who might not be able to afford maintaining huge infrastructure. Instead the availability depends on whether the publishers want to keep investing in the content (see [[https://tahoe-lafs.org/trac/tahoe-lafs/browser/trunk/docs/garbage-collection.rst][garbage collection]]). - [[http://maidsafe.net/][MaidSafe]] seems to be a decentralized hosting solution with some scarcity built in to give fairness between publishers. It does not provide usage-dependent availability like Freenet and lacks darknet options. Freenet has a decaying store to provide freedom of the press by ensuring that content which users access stays available. MaidSafe gives limited storage which provides hosting for those which support the network. As such it does not equalize publishing among publishers. Due to that MaidSafe competes in the space TAHOE-LAFS and not in the space of Freenet. Like Freenet MaidSafe is free licensed but different from freenet it requires a [[http://maidsafe.net/licenses/CONTRIBUTOR.txt][contributor agreement]]. That agreement promises that the contributed code will always be available under free licenses. So its company can pull off a proprietarization of new code, but not of contributions. The contributor agreement effectively strips away the copyleft from the contributions but only for the MaidSafe developers. - [[https://pressfreedomfoundation.org/securedrop][SecureDrop]]: Allows two-way communication, but must be maintained by the journalist, so it is again a single point of failure. - [[http://wiki.xmpp.org/web/OTR][XMPP with OTR]] provides encrypted communication, but does not hide the identities of the discussing parties. It cannot provide anonymity to sources. - [[http://invisible.im/][invisible.im]]: This combines Tor with XMPP and OTR. Like Tor it requires powerful infrastructure from journalists. Also different from Freenet it has no solution to limit spam. - [[https://qabel.de/][qabel]]: Server-based, tries to cash in by making the parent company the only one which is allowed to make money with it, which [[http://draketo.de/light/english/politics/free-culture-danger-noncommercial][is a big problem for a community]]. Not GPL-compatible. Freenet is unique in that it /already provides/ spam-resistant, anonymous communication and publication without the need to maintain a powerful server and with availability for stuff users access. It has a proven track record of providing censorship resistant publishing and communication since 2000. It just needs to be made easier to use to restore privacy in online communication and publishing.