On Tue, Jul 10, 2012 at 12:08 PM, Melvin Carvalho <melvincarva...@gmail.com> wrote: > Thanks for the explanation. In practical terms, where, typically > would/could this reverse proxy run?
There are a few options: 1) A commercial provider (e.g. my pagekite.net service) 2) A VPS or home server with a public IP (so a friend could run it) 3) A grassroots organization of volunteers Of these 1) and 2) are real today, 3) is not. For out-of-the-box instant gratification and user-friendliness, 1) and 3) are realistic options, I tend to think 2) is not. Also note that 3) is IMO not a realistic option for clear-text traffic, because there are significant risks of abuse by malware authors and other nasty folks who would just love to "volunteer" to inject crap into your websites. > One of the fundamental motivations for freedombox is for a user to keep > their own logs. Therefore, if I've understood correctly, trust in the > reverse proxy would need to be paramount? Your web server logs stay on your web server. :-) PageKite as written does not log much when running as a relay, it even obfuscates IP addresses before writing to its log. It does not log the contents of a stream. Of course, anyone could hack the code and add more snooping, but that is already the case for all the other routers you rely on (at you ISP and the Internet backbone) for clear-text communication. So as usual, if you are concerned about snooping, you use end-to-end HTTPS. This reduces the snooping potential to information like: "IP x.y.z.a communicated with host.foo.com over SSL at Date/Time and transferred N bytes". Again, this is exactly the same info as all the existing routers on the Internet can (and often do) already collect. Using PageKite in MITM SSL mode provides a middle ground where all the other routers are denied access to the contents of your communication, but the PageKite relay could still snoop. So there is still a risk, but it is (depending on who your adversary is) significantly decreased, especially if you have a good trust relationship with the person running your PageKite relay (and they know how to keep their servers secure). -- Bjarni R. Einarsson Founder, lead developer of PageKite. Make localhost servers visible to the world: https://pagekite.net/ _______________________________________________ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
