[tahoe-dev] Weekly Dev Chat reports 2013-07-09 and 2013-07-16

[Avi Freedman]

> In regards to people asking for europe based servers: i think you are right that it wont help against PRISM / NSA activity. 

> Still, from a legal point of view, it might be something very different, as different (european) privacy laws apply, which - depending on a customers use case - might be important.

I think it does matter eventually.

For example...

If you had separate tahoe procs and ports per customer, and
the upstream provider was doing netflow, what would the retention
be and who could access it?

Ditto for getting on a server to get raw traffic data to see if
users are up/downloading?

And if the government identifies an object that is shared via a proxy
or just by sharing introducer access as 'subversive', what direct
or indirect (upstream) access can they get to track IPs that 
have accessed that introducer or the filecap (if on the machine)?

The above are some of the risks of running dedicated nodes per
customer, which is the first launch plan for Havenco's LAFS 
service.

Long term we think one path that could help is to specify the 
infrastructure with a tool like chef/puppet and enable good 3rd 
party auditing from other trusted groups working in the privacy 
space to be able to do 3rd party warrant canaries.

All that said, we'd be happy to help LA find reasonable collo.
Or can collo with us to start, though for the LAFS ecosystem
to be strongest long term it probably is best to have diverse 
businesses that might coopetete but are independent.

Avi