Lecture: Deploy your own ecosystem for electronic communication
From bare metal servers to fripost.org in minutes
Between giants Email Service Providers and people running their own email server at home stands Fripost, a democratic email association where executives are elected by the members, and which is aiming to keep the right balance between decentralisation and accessibility. I will present the details of our infrastructure, in the hope that it will be discussed, improved, and cloned, leading to sister organisations.
The internet, and electronic mail in particular, started out as
decentralized protocols. However, since the 90's the trend has been for
giant corporations to centralize said protocols, or worse create new
proprietary ones not even compatible with that of their competitors.
If these large internet actors are interested in providing such services
at a large scale, often free of charge, it is clearly not by
philanthropy, but because that makes their users — or "products"
as Bruce Schneier puts it — a better value for their
customers, the advertisers.
Furthermore, centralisation often means central point of failure, and
the revelations of secrete programs such as PRISM show how valuable
large internet actors are for intelligence agencies, and the extend of
the ties between them, whether they are built voluntarily, through
National Security Letters, or via a rogue employee.
On the other extreme one could always run their own SMTP and IMAP
servers at home; however that usually comes with a lack of redundancy,
and is a solution only at the disposition of the few tech-savvy among us.
In the middle stands Fripost,
a democratic organisation created in late 2010 in Gothenburg, where all
members have the right to vote and to be heard, and where the
infrastructure is taken care of by a few elected administrators.
As emphazise is put on the democratic participation of the members, we
don't have a large geographical diversity. Instead, we would rather see
the creation of sister organisations. To this end, we have worked on
making the deployment of our infrastructure automatic and reproducible,
independently of the underlying physical topology. The development is
freely available (under
the conditions of the GNU GPLv3) for audit, critics, and participation.
During this talk, I will recall how email works and identify the
different components that are needed to make it work, then explain where
and how they fit in our ecosystem, and finally describe our design
choices when putting everything together. I will conclude with remarks
on email (in)security, and some future plans in that regard.