Think time

A project log for Web security everywhere

Secure your Internet, control your data, fight censorship. Bring your autonomous all in one privacy device everywhere.

Arcadia LabsArcadia Labs 09/09/2014 at 13:140 Comments

Hi people,

Given the comments and reactions on the project blog article, I think it's time for a little explaination. I think there was some misunderstanding, maybe because of the name's project.
I don't mean to secure the whole world internet with this box. Many people are way smarter than me on this subject, and they are doing well most of the time. But I also know there is something to do from the end-user perspective.

For the last 15 years, I worked in many structures, always doing some computers repair / cleanup / hardening, etc. I had many (well, thousands, litterally) end users computers to work on, and also many small / moderate / big companies. During these many years, one thing became clear, from the end-user perspective : privacy is too difficult for individuals to really interest in. People computers are full of virus and malwares all the time, because it's just to difficult to not click on the last Facebook link. People use the same weak password everywhere, and continue to do so, just because it's too difficult to remember them all. And I could tell you many other stories. Companies are not different, really.
During these many years, when I work on people computers, often directly at their home, I take this time, while I'm repairing/cleaning their computer, to give them advices, tell them about privacy, what to do to harden it. Some listen, many don't. Sometimes, I could even teach them about some linux, and remove their old Windows XP for some fresh distro.
But, when I leave someone computer, it's meant to be secure, at least for a few hours (and then, they return on clicking on this stupid FB video...). Believe it or not, the last active virus I met on my own computers, was wormblast, many years ago. This one teached me many things.

Now that I own my own (still very new) little one-man company, I could do whatever I want. I don't have people above me to tell me how to do things anymore, when they just want to hide easy processes, because they think computer litterate people could hurt their business. A boss urged me to remove the tools that I often install and configure for customers (you see, a simple noscript plugin) because it would hurt his business. This is a silly practice, and this time is over (for me at least).

I may have not made myself clear enough. I don't meant this box could be use to add privacy to an already crippled endpoint. It's meant to help keep privacy on a already clean endpoint. Cleaning computers is my all day job (well until recently ^^), this part I could assume, and I think I'm known to do it well. But I know many people would be interested in a little standalone box to help them understand all this, while being easy to use. Installing TOR / VPN tunnel / HTTPS everywhere, configuring them well, and using them on the endpoint is not a solution for these people. They want to push a button to activate privacy, basically. If I could teach them how and why to use Keepass for example, this would be a win already. I don't blame them at all, this is not their job. This is mine. 

From an other point of view, when customers see my device, they ask me what is it, they are interested in it. This could easily lead me to teach them some privacy concepts, from a fun perspective : "yes, I built it from scratch, and it does this". Wow factor is a great way to teach important stuff to people, nowadays.

I agree with both the two guys that are discussing on the project blog article : there are things to change on my concept. There are many components to remove, this box should be almost barebone. The actual prototypes, I built them for me, from start. Because I needed this kind of tool in my everyday work. There's a LCD screen (and camera on the first HaD prototype) because I used my first Raspberry Pi as a learning tool, did many things with it, and had a lot of fun. Look at the very first prototype video, more than one year ago : it's just a very autonomous box, with 2 bicolors leds only (I posted a fun log about UnJailPi evolution). It connected the OpenVPN tunnel automatically when it detected some internet access, nothing else. And it worked well. But with only one RPi at this time, I had to move on learning. And I also wanted some kind of interface.

This is the reason why I posted the Doodle poll. I know a barebone box would be better, but I also wanted to know what end-users are interested in. They will use a device they like, not something they detest. This is maybe a stupid assumption, but I think they are more willing to use something actually "fun" or "beautiful" (they say it everyday to me).
People would change their default WPA2 key themselves and their bad habits if it was more easy&fun to do.
See the poll results, it talks by itself. People are not interested in a barebone box, they expect some bells and whistles nowadays. And remember, we are in a contest, where final design is important, where user interface is important. Part of this contest is about bells ans whistles.
Yes we are still talking about web privacy device here, not the last iPhone...

I see I maybe have open a little can of worms here. It's perfect, really. It was one of the intended goals. The other goal was to collect some feedback... I'm not disappointed, really. From my perspective, I already won my own little contest.

So, basically, these two people are right. I have to build another, barebone, more robust prototype. I'm currently building it already, almost from scratch. But I bet this one won't make me do the cut to the final round. I perhaps could apply some of my crazy (but not so stupid IMHO) ideas on it, I will post another project log about these.

In 3 weeks I still have to learn some 3D, draw some enclosures drafts, post the actual sources, etc... There are many things left to do, and I'm already working a lot on this prototype. But I'm ok, I will work on another one.

I didn't thought to make it to this stage, but I'm in. So let's play this game, this is a wonderful learning experience for me.

(I apologize for this not-so-structured post. You made me think about many things in a few days, and I really enjoy this moment. And please remember... English is not my primary language, sometimes I could express myself really bad...)