Re: Using a CDN or some other mirror?

[Hartmut Goebel <hartmut@goebel-consult.de>]

[-- Attachment #1: Type: text/plain, Size: 3938 bytes --]

Am 09.12.2018 um 04:33 schrieb Chris Marusich:
> Instead, we would be using a CDN as a performance optimization that is
> transparent to a Guix user.  You seem unsettled by the idea of
> entrusting any part of substitute delivery to a third party, but
> concretely what risks do you foresee?

I have serious privacy concerns.

TL;DR: A CDN is a centralized infrastructure, allowing to collect
information about valuable vulnerability information of almost all
Guix-users and -systems. This is might become a thread to freedom of
speech, human rights, democracy and economics. Guix should build on a
decentralized infrastructure.

A distribution provider gets a notion which system is running which
software in which version. In case of guix, the provider even gets the
exact version of the software and all its dependencies. Combining this
with the rise of IPv6, which per default uses the MAC address as part of
the IP address, actually allows identifying a single system.

This information is extremely valuable for all kinds of attackers as it
eases attacking a system a lot. This becomes a thread to

  * to opposition members, dissidents and human rights activists as the
    intelligent agencies can target these persons much more precisely,
  * to companies all over the world as many countries do industrial
    espionage.

This becomes even worst when using a CDN, since the CDN is a centralized
system: A single CDN provider gains knowledge for almost all systems all
over the world. Which means: this valuable vulnerability information is
collected at a single place. Intelligence agencies might be keen on
getting access to this information and a centralized system makes it
easy for them. And there is evidence they actually collect this
information [*].

This gets even worse when the CDN belongs to one of these companies
compiling personal profiles, like Google, Facebook or Tencent. Amazon
belongs to this group.

I have the strong opinion that Guix should build on a decentralized
infrastructure to support keeping the freedom of speech, democracy and
human rights.

[*] Actually it is known the US-American intelligence agencies have
equipment placed at Verizon to collect all kind of data [1]. One can
reason the same is true for other big providers in the US. The USA has
the FISA act AFAIU enforcing US companies to collaborate in industrial
espionage. In Germany it is known that the BND is extracting high-volume
data at the central internet exchange (DE-CIX) [2]. One can reason such
also happens in other countries, esp. members of the five-eyes, France,
Russia, China, Israel, Saudi Arabia, Iran, Irak, etc.

> Regarding your suggestion to ask universities to host mirrors (really,
> caching proxies), I think it could be a good idea.  As Leo mentioned,
> the configuration to set up an NGINX caching proxy of Hydra (or berlin)
> is freely available in maintenance.git.  Do you think we could convince
> some universities to host caching proxies that just run an NGINX web
> server using those configurations?

The difference is: For a traditional "ftp"-mirror, an organization just
needs to add another source to its existing configuration and administer
to the save way as all other mirrors. Whereas for a caching proxy they
need to change the setup of the web-server and learn how to administer
the cache. This difference might make it difficult to convince
organizations to mirror.

I could try and ask a few organizations in my area, but I would need
figures for this.


[1] https://www.bbc.com/news/world-us-canada-23123964 or search the
internet for e.g. "cia verizon espionage"
[2]
https://www.heise.de/newsticker/meldung/Gerichtsurteil-BND-darf-weiterhin-Internet-Knoten-De-CIX-anzapfen-4061494.html
[3] https://en.wikipedia.org/wiki/Foreign_Intelligence_Surveillance_Act
[4]

-- 
+++hartmut

| Hartmut Goebel            |                       |
| hartmut@goebel-consult.de | www.goebel-consult.de |


[-- Attachment #2: Type: text/html, Size: 5368 bytes --]