Introduction
~~~~~~~~~~~~

Back in the mid-90's, the public Internet was a *vast* improvement
over the mail-order catalogs, gigantic mail rooms, and expensive
toll-free phone numbers that businesses were paying for, so the quick
move of commerce to the Internet made a whole lot of economic sense.
(And it *was* quick: it only took about 10 years for everyone to go
the web.)  But it also drowned out the needs of normal non-business
people who just want to communicate with each other for whatever
reason, such that now the only way to do it is to pay for your own
infrastructure (above and beyond what you already pay for Internet
access) or rely on a "free" service that is delivering your eyeballs
to marketers and the history of your entire life to governments and
nosy employers.

Recently, Eben Moglen presented a speech titled "Freedom in the Cloud"
touting the idea of a "freedom box", a way for users to restore the
peer-to-peer nature of the Internet.  Basically a gumstix or
Sheevaplug that just needs power and a net connection, the freedom box
would automatically hook up to the local Internet, update dynamic DNS
to be reachable, and then serve people's private social stuff without
letting the server logs go to corporations / governments.  It's a very
nice idea.  There is a transcript here:
http://www.softwarefreedom.org/events/2010/isoc-ny/FreedomInTheCloud-transcript.html

It also made me think of BBSes because BBSes are great for
local-low-latency, remote-high-latency networks.  (So is UUCP for that
matter.)  They are store-and-forward, and *what* they forward is
lean-and-mean.  Raw text email, not HTML/MIME with attached images and
such.  BBSes also predate TCP/IP and do not need to understand IPv4 vs
IPv6, they just need a pipe/socket/port with something on the other
end.

So let's imagine such a box...



End User Experience
~~~~~~~~~~~~~~~~~~~

Plug in the box, and it automatically connects up to wifi and then one
or more darknets.  The box represents "you" but it's also a fully
modern "BBS".  It is designed for multiple users, but practically it
will serve only a few users -- your various identities and perhaps
others in your household -- just like a modern desktop computer does.

You can connect to the box in several ways:

  * Point your web browser at it to see your personal email, shared
    forums, local and remote files, and inter-BBS applications (games,
    posting walls, etc.)

  * Point your POP/IMAP email client at it and download messages or
    request remote files.

  * Point your ssh BBS client at it and see a text-based interface to
    the same information.  Read messages, play games, chat, etc. right
    off the text interface, or transfer messages to your offline
    reader for later use.  Also request files from other nodes and
    share your files with other users.

The BBS knows about your identity(ies), it knows about other BBSes,
but it has no knowledge about how to route things between nodes.
Instead it relies on darknet technology (I2P and others) and makes
*all* of its (virtual) connections point-to-point.  There is no star
topology or recording of message paths required to respond to a
message.  From the BBS's perspective, every node is adjacent.

You queue a message, your local node connects to the remote side,
delivers, done.  Just like your normal email client, except that there
is no ISP to log the message and the message is seamlessly encrypted
to the recipient's BBS key.

When you travel, you just take the box with you.  Or put it in your
friend's house for a week: you'll be able to find your digital self
from anywhere.



Pros and Cons
~~~~~~~~~~~~~

What are the wins?

1. True peer to peer: you no longer need an ISP's outbound SMTP
   server, web-based email provider, unblocked ports, etc., to keep
   you connected to your friends.  You *are* your own ISP within the
   darknet.

2. Privacy and security:

   * Email no longer has to be externally routable or in HTML/MIME
     format.

     - Everything outside the raw body text can be stripped out (no
       more viruses propagating in email).

     - Email can be re-categorized: brief (SMS-like), normal, or long
       (file transfer).  One email message can be 56GB in size - it'll
       get there eventually.  (BBSes know all about partial file
       transfers and crash recovery.)

     - Email can be encrypted by default.

   * Darknet technology completely separates the nodes from the
     content (no more IP addresses in the "Received:" headers of an
     email message).  It becomes easy to communicate with everyone on
     the same darknet, yet exceedingly difficult to track down that
     communication to a single IP address.

3. User friendliness: the command line is too low level, but the BBS
   sysop level is about right.  Imagine some of the options on the
   "configure your node" screen:

   * Enable:  [ ] POP3 [ ] IMAP [ ] WWW [ ] Text console

   * Allow darknet users to login to this node directly?  ( ) Yes ( ) No

   * New users:  ( ) Always ( ) Require Activation ( ) Never

   * Allow users to see user list:  ( ) Yes  ( ) No

   Compare this to configuring daemons, adding new users, etc.  Some
   of these options are very hard to do on Unix at all (such as
   disallow user listing since most Unix'es require /etc/passwd be
   readable).  The BBS users list is also distinct from the underlying
   operating system's user list - the former matches with human names
   and aliases while the latter can be humans, services, roles, etc.

What are the losses?

1. Near-real-time: the darknet will impose latency, making things like
   IRC and IM slower than their public Internet counterparts.  (But
   maybe not all that much slower: I2P has IM-like services.)

2. Central naming and searching services: how will you know who to ask
   for, or what is available on other nodes?  Individual darknets such
   as I2P have their naming services, but how will one voluntarily
   link themselves across multiple darknets and/or the public
   Internet?

What doesn't change?

1. Mass archiving of received data.  Expect every public forum post on
   every darknet to appear on Google, Yahoo, Bing, etc., including the
   BBS user and node names.  All it takes is one rogue node in the
   darket to do that, or one user who allowed their HTTPS server to
   accept public connections (say from their cell phone) and their
   local username/password got intercepted.

2. The public Internet.  We'll still go to Amazon, eBay, Google, etc.,
   to find and participate in the lifeblood of commerce.  And that's
   fine: those sites serve an important public function and require
   vast resources to scale.



Why BBS Concepts and Technology?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

BBSes are actually a great fit here:

1. They understand the notion of multiple users where each user means
   a human being.

2. They know how to speak to both humans and computers in many ways.
   They communicate to the end user over modem, telnet, etc., using
   multiple UI styles (text, WWW, POP, etc.), and they also span
   multiple messaging networks (DOVE-Net, FidoNet, etc.)  BBSes can
   keep data from different darknets segregated yet still accessible
   for one user.

3. The data they pass around stays inert: messages and files.  Not web
   pages with hundreds of URIs that require the most complex end-user
   applications ever devised (web browsers) to view.  Browsers which
   must often leak information all over the public Internet as they
   fetch web page sub-resources, or worse expose the user to a
   drive-by exploit made possible through bugs in the JavaScript
   engine or various plugins.

4. They are already capable of cleaning files of viruses and
   re-archiving into newer formats.  It is a small step from here to
   also clean EXIF data from images and other privacy leaks.

In the modern BBS world, most users are actually sysops.  This is
often seen as a sign that BBSes and BBS culture are dead/dying.  But
what if instead BBSes happened to be on the leading cusp of the next
digital revolution?

BBSes were at the forefront in bringing the masses to the digital
world as end users back in the 1980's and 90's.  _What we need now is
to upgrade those same masses to be their own *sysops* of the digital
world._

As Moglen says, let's all run our own servers and control our own
logs.  All the pieces are present, we just need to bring them
together.  There will always be a Facebook, LinkedIn, Twitter,
etc. for our "public" selves.  This idea is to restore to users the
ability to have multiple "private" selves that are free to be human
and connect to others and share what we want to.



The Vision
~~~~~~~~~~

A BBS, carrying libraries for:

  * ssh server and client

  * I2P darket integration

  * POP3 over SSL

  * IMAP over SSL

  * RSS over SSL

  * SFTP

  * (Optional install) HTTPS server and various apps:
    configuration, webmail, web torrents, ...

  * ... others?  You tell me ...

Most of the BBS concepts remain similar but with some updates.

Terminology:

  * "Administrator", "admin" and "root" have
specific meanings that
    most often involve someone who is NOT a user: either "the IT
    person" or "the account we should never run as".

  * Let's bring back the word "sysop" to mean "user who is in personal
    control of their Internet experience."  That's really what most
    modern BBS sysops are anyway.

Message bases:

  * Message bases are threaded and non-local by default - think Reddit.

  * Each message base automatically has a corresponding shared file
    base.

  * Users can create any shared message base + corresponding file base
    they want, so they can easily share with friends or others.  They
    just need to advertise their BBS key and message base name for
    others to pick it up.

  * Usenet-style killfiles are supported, as are automated spam
    filters.

  * All private messages (email) require a public key to encrypt to.
    The BBS automatically fetches them directly from the other end
    when they are unavailable.

  * Private messages can be organized into their own folder trees and
    tagged for smart folders.

File bases:

  * File bases can be regular or "smart" (automatically generated from
    tags or other search terms).

  * A file base can be flagged for a particular file type.  Only files
    that match that general type are allowed in.

    - Image bases turn into thumbnail photo albums in the web
      renderer.  (Image uploads are automatically stripped of
      identifying data.)

    - Text bases turn into news-like headlines.

    - Music bases play sample snippets of every song.

    - Video bases generate automatic screenshots from the movie.

    - etc...

  * Local file bases have ACLs defining which remote users can request
    the list of files and individual files.  By default nothing is
    allowed.

  * Shared file bases can be set to automatically replicate (with
    appropriate bandwidth limitations).

  * P2P file bases (torrents) can be associated with local
    download-only and download-and-share bases.

    - Torrent swarms traverse through the darknet(s) by default.

  * File bases are mirrored to disk by default.  Moving a file across
    directories (or creating a symlink) is enough to have it appear in
    the other file base.

Users:

  * By default, interactive sessions (normal human users - POP/IMAP,
    webmail, RSS, file bases, text UI, ...) are only allowed from the
    local subnet.  Only non-interactive sessions (messages, files) are
    allowed through incoming darknet connections.

  * New users are disabled by default, must be created by the sysop.

Cryptography:

  * The BBS keeps its own list of public keys and notifies the user
    when any of them change, particularly for email messages.

  * The BBS advertises its own public keys to anyone who wants it.
    (This is in addition to the keys necessary for I2P connections.)
    You can use telnet, HTTP or any number of unencrypted protocols
    and it will tell you how to access the encrypted interfaces and
    what key you should expect to see.



Summary
~~~~~~~

It's a BBS with (by default) only one or two users, connected to one
or more darknets with potentially many other similar systems.  It's
right in the middle between "client-server" and "peer-to-peer".

It's not a "web site" or "application server" requiring complex
configuration to work, it's just one program that runs in the
background and everything that is enabled "just works".

It separates presentation from content.  Each user can have their own
look and feel and make it perfect for them.  Sysops who really want to
dig into HTML/CSS can make new themes.

It uses only encrypted communications yet still doesn't care about
"trusted" CAs, SSL certificates, etc. -- you know, those technologies
that allow schools, employers, and governments everywhere to quietly
snoop on everything from Blackberry messages to banking sessions.

Backups are as simple as copying the entire BBS directory tree to
another computer and running it there.  Incremental backups are
possible with rsync, robocopy, and similar tools.

Install it inside a VM.  Or make two of them, one for home and one for
traveling, and set them to mirror each other.  Or put files you really
care about on a replicated file base you share with your friends.

Its ultimate purpose is to make the Internet more convenient for the
end user.  Get rid of the need for your ISP to "generously" provide an
outgoing email server or unblock particular ports.  Provide the
ability to publish your opinion and share files without being at the
mercy of someone else's infrastructure or forcing your friends to view
annoying advertisements.



So what do you think?

... MultiMail, the new multi-platform, multi-format offline reader!
--- MultiMail/Linux v0.49
--- SBBSecho 2.12-Win32