I’ve submitted a pull request over on the Known project git repo that allows you to specify a CURL proxy connect string (which has since been merged).
If specified, this connection string will make all web service and web mention calls be sent via a proxy server.
This was a relatively small change, but is useful in many ways – for example, for communicating through a corporate firewall. It is also provides a way of routing Known to Known communication over TOR.
Why would you want to do this?
Well, this is part of an ongoing effort to harden Known against the new attack realities we face on the internet in the 21st century.
One of the things that the Snowden documents have revealed, is that the bad guys are particularly interested in harvesting everyone’s social graph – who knows who – so that they can, among other things, automate guilt by association.
Going to some lengths to hide this information from an attacker sitting on the wire, is therefore, a prudent thing to do.
Ok, how?
- Install the TOR proxy on your server; this may just be as simple as typing
apt-get install tor. - By default the tor package only installs the client, so you’ll need to modify the config to open up a SOCKS relay.
- Next, tell your known site to use this relay; open your
config.iniand set theproxy_string:
proxy_string = 'socks5://path.to.tor.proxy:9100'
Gotchas
Routing over TOR is only part of the solution of course. For the communication to be properly safe, you should also encrypt the communication using HTTPS.
Unfortunately, whether a connection is conducted over encrypted HTTPS or not is largely up to your friend’s webserver. But, you wouldn’t be silly enough to run unencrypted, right?
Given the numbers of nasty attacks that can be launched against an unencrypted web connection, the internet at large is now moving towards deprecating unencrypted port 80 HTTP. Google search results will now give preferential treatment to encrypted websites, so that’s another reason!
So, don’t be part of the problem. Have fun!
retweeted this.
favorited this.
retweeted this.
retweeted this.
@mapkyca Have you considered trying to run Known on Tor Hidden Services? Imagine a robust social media platform living solely in onion land!
@mapkyca Hey @HongPong check this out too. Those pesky people at the NSA shouldn’t be able to get our social graphs without a fight.
favorited this.
@CaptainKurtis Considered, but not yet tried 😉 Theoretically there’s no reason why it wouldn’t just work…
Ello, Known, #indieweb, and life after “Peak Facebook”
5 min read
People are intrigued when they hear that I’m working on some new
social network software, but they’re also skeptical. Facebook seems so
dominant, is there room for anything else? When they describe their personal Facebook experience, though, most
folks don’t seem to be enjoying it all that much. Ads, feeling like a
lab rat being experimented on, ads, trying to get privacy settings
right, ads, friends whose accounts got suspended and had to send in a
copy of their drivers license to get it back, ads … And for a lot of people, scrolling through their feed on Facebook
feels kind of like watching a mediocre TV show: mildly engaging in a
mind-numbing way, but basically like a waste of time. By the time we’re
done talking, a surprising number of people agree with me that yes,
there may well be room for something besides Facebook.ElloThe
artists, designers, and developers who created Ello presumably had some
similar conversations with their friends, and came to the same
conclusion: a lot of people are ready for something different. And
talk about good timing! Not long after Ello launched their
invitation-only beta test, Facebook reignited the nymwars by suspending
drag queens’ accounts. A surge of interest in the LGBTQ community lead
to broader visibility and reams of press coverage.Turns
out that Ello’s promise of a “simple, beautiful, ad-free” social
network that’s a tool of empowerment, and the manifesto’s rousing
conclusion “you are not a product”
resonate with a heck of a lot of people. The “hockey stick” graph on
the right gives an idea of how quickly their search results spiked on
Google. By late last week they were getting 30,000 requests for
invitations and a wave of largely-positive publicity … every startup’s
dream “viral launch”.Ello’s functionality is still very basic: feeds, following,
mentioning people by name, email notifications. You can certainly have
good conversations with interesting people there — @lynneluvah says it
reminded her of Vox and/or Live Journal (as @smorespaces points out with an updated feed-style interface). It’s got emoji 🙂
Visually it’s very distinctive, with monospaced fonts and the
juxtaposition of circular avatars and square input boxes. It’s
certainly not Facebook.It’s early days yet for Ello. As Amie Stepanovich and others have pointed out, we’ve yet to see how real their privacy claims are; and more generally, who knows how far they can take this
early success. No matter how it comes out, kudos to them for getting
this far! They’ve got a lot of opportunities, as well as some
challenges; and there’s a lot to learn here. More about that in a
future post.Known and #indiewebMeanwhile, social publishing startup Known also has a message that’s
resonating broadly: own your data and control your feed. Known lets
you share whatever you post to social networks like Facebook, Twitter,
SoundCloud and see the responses; so you can spend less time on Facebook
without completely cutting your ties.Known’s open-source, so others can build on it — and contribute back to the community, as Marcus Povey has with the LinkedIn integration and routing over Tor.
It’s self-hostable: you can run it on your own domain if you want to,
or you can use their easy-to-setup hosted site). And like Ello, it’s a
collaboration between a designer (Erin Jo Richey) and a developer (Ben
Werdmuller, co-founder of elgg).I’m pretty excited about Known, and in fact I’ve switched over to it
for TapestryMaker’s blogging. And more generally, I’m excited about the
broader Indieweb movement that
Known’s aligned with.* Indieweb’s all about being decentralized:
instead of having a single site control everything, there are lots of
sites interacting with each other (which means that Known can
interoperate with other Indieweb-compatible sites). I went to
Indiewebcamp in June, and was blown away by how much energy there is …
literally dozens of developers working on various projects. And as new social networks like Ello come along, no problem: they can be
integrated with Indieweb sites just like Facebook and all the others.Life after “Peak Facebook”
Of course, there are still some pieces missing. Ello launched without
the ability to block annoying users. Known is working on granular
privacy controls (if you’re self-hosting, you can enable them now by
turning on “experimental mode”). And beyond that, sharing and
following people’s streams is only a piece of what people want in an
online home — the TapestryMaker prototype also has group discussions,
private messages, group chat, streaming audio (DJ Anomaly did a special
set for our party in August!), and a heavily-customizable user
interface.Still, the excitement Ello and Known are sparking is pretty dramatic
validation of just how tired people are of Facebook treating them as
products to be experimented on, packaged, and exploited. Facebook’s
been lucky so far: Diaspora had software engineering challenges and then
a tragic suicide, Google+ shot themselves in the foot with the original
nymwars, and acquiring Instagram and WhatsApp staved off a couple more threats. Now, they’ve apologized to the drag queens and the broader LGBT community **; if they listen to suggestions from people like Nadia Kayyali of EFF, they may dodge another bullet.But with the underlying mistrust and dissatisfaction continuing to
increase (and the continual need to stuff more and more ads down
people’s throats to make their numbers) they’re increasingly
vulnerable. And there are starting to be some pretty interesting
alternatives.
* Amber Case’s Intro to the Indieweb presentation and Dan Gillmor’s Why the Indieweb movement is so important are good overviews of the Indieweb’s philosophy and progress so far.** The latest in a long list of apologies