SurfingSchool - Personal Telco Project

A "modest" proposal to remake PTP. I am putting this on the wiki, rather than over email, so other PTP members can improve the idea. Please comment positively - rather than trash the page because you want to do something different with PTP, expand this idea and make it more palatable to you and others, or more technically sound. Put your competing alternatives on other pages, and link to them from here if you want. Thank you! --- KeithLofstrom

Proposals are great. Actually implementing those proposals and field testing them to discover whether they work in practice would be even greater. --RussellSenior

PTP no longer provides the only free nodes in Portland. However, PTP can provide the safest and most educational nodes in Portland, with extra local content that helps the users of our nodes become better internet users.

We have members and guests that want to educate others in secure web connections, proper password use, and other safe habits for surviving and thriving on the Internet. There are productive and non-productive ways to do this - the embarrassment-heavy one-upsmanship "lessons" that work so well with a bunch of competitive hackers at DEFCON are not going to work with grandma connecting to the Internet for the first time. Savvy teachers match the learning style to the student.

PTP nodes pass all the bytes of user traffic, and provide a localized way to interact with users. If a PTP node also offers hardwire connections (and why can't it?), and does much of its work with HTTPS, then we can engage in very secure interactions with user laptops. But most safer surfing features can be designed to be safely offered over wireless even with sniffing hackers present.

Imagine an additional click box on every NoCat splash page - Safer Surfing . This connects to a local set of pages on the node computer itself, with content maintained by PTP. The Safer Surfing page connects to PTP University static pages and videos explaining various aspects of wifi usage, selecting wifi cards, setting up PTP nodes, etc. Some of it may connect offsite, but most of this can be stored on the node itself and frequently updated and securely audited. Each adequately equipped node may have gigabytes of content of this sort, available at full link bandwidth to nearby users. The content does not have to be local - older nodes with small, un-upgradable disks can connect securely to servers elsewhere, and WRT-style AP-only nodes may not even have room for the links. However, Free Geek has plenty of adequate machines available for upgrades, and not every node must offer all the safer surfing content.

More important than large local content is user-selectable, interactive content and filter features. Some features have quite small disk and computation requirements. Here are some examples:

Unencrypted Form Data Detection: Most passwords are sent in the clear out of ignorance, not intention - many people don't know the difference between a web form that will use HTTPS or other secure protocol, and a web form that is sending the data in the clear. If the DEFCON bunch can build programs to detect and display open passwords, we can certainly watch the traffic stream going through the node and detect when passwords are going by, and pop up a warning box when this happens. Better yet, with more ingenuity we can look at the incoming webforms about to be fed to the user's browser, and let the user know that the response to those forms will be sent in the clear, even before the forms are filled out.
Password Designer: Algorithms exist for measuring the entropy of passwords. A training page that teaches users to design easy-to-remember but difficult-to-crack passwords, rates user examples, and even takes a shot at cracking them with crack-style programs, would help users design better passwords.
Laptop Firewall Testing: The node could run NMAP against the user's laptop, looking for open ports and other potential exploits.
HTTPS page reformatting: Even if a website on the Internet is unsecured, the node can modify the pages and serve them HTTPS to our wireless users. Snoopers on the local radio link won't have much to see.
HTTPS secured local downloads and updates: Imagine a user is running a Microsoft OS, and a new virus appears that is highly contagious and spread all over the Internet. They might not be able to connect to Microsoft and download the patch before their machine gets infected. If the patches are available locally, from a PTP node, they can go to a node and get their download without risking their machine on the open network. We could host guest pages for Microsoft and other companies with these updates, which the companies themselves could maintain. We could also host local downloadable copies of Firefox, Putty, and other tools that could help users upgrade their machines without exposing them to the delays and dangers of the open Internet. This would require much larger disks to store all the updates, but that could be subsidized by guest companies, since it would improve their service and reduce their bandwidth.
Etcetera:. Plenty of other security tests and tools are available, and we can host some provided and maintained by third parties. If we can develop a "plug-in" architecture for the base load for the node, we can provide space for these tools while letting the providers of the tools perform most of the maintenance.

I want to emphasize strongly that all these behaviors are user-selectable and voluntary. We may not like someone using bad Internet habits, and we can inform them of our dislike, but we are not here to be nannies, just wise friends. We may put in detection for spam and virus broadcasts, and limit those, but in most cases a warning message to the user will cause them to take appropriate action.

We offer all these services with extensive disclaimers, of course. We offer safer surfing, not "perfectly secure" surfing. People will gravitate to PTP nodes, not to avoid banner ads or because they hate big companies, but because they can learn from us and can be sure we are working towards their best interests. I bet this will result in a better class of customers for the businesses that provide PTP nodes. We will also be developing content that PTP can rebrand and rebuild (for a fee) to the big proprietary networks (much as Cygnus Solutions got rich selling "free" GNU software). That will give our underemployed members something to do.