Question:
Once freedombox is properly installed behind my router, are each of the devices on my home network more secure (in virtue of that installation alone) ? In other words, more secure than the security provided by my ISP ?
Comment
It appears to me that FreedomBox requires some knowledge of GNU/Linux - more than most people have - to benefit much from it immediately. Just take a look at most of the issues that come up in this Forum. And that means that it’s going to be quite a while before we take back the internet “one FreedomBox at a time” don’t you think?
I wouldn’t necessarily agree. It all depends on what you expect from Freedombox.
If you comply with all the installation instructions and provide the necessary infrastructure (i.e. modem, network, domain, etc. and be able to configure these external elements where necessary) and not meddle with anything that comes default with Freedombox, things work just fine out of the box. As with any software, there may be some minor bumps on the road but generally none of them turn out to be a big issue.
Where I stand, I’m using Freedombox as a tool for both being independent and for learning. Usually, everything I break is because I’m curious about modifying/personalizing some default settings for myself. There are instances that when I’m meddling with something, I break something else and if I cant find a solution, I ask for help here on the forum. On the other hand, if I do find something, I share it nevertheless. This is mostly because I’m not a software developer and have no knowledge in coding and almost no knowledge in the systems.
There are also instances when I want to introduce additional apps and services that do not come bundled with Freedombox. Ofcourse, the same as above applies here : )
Personally, I wouldn’t judge the software in regard to whats being posted on the forum. For me, the whole point of the forum is to discuss things to get the software working for “everyone’s” needs (which doesn’t always happen). I for one post stuff that I discovered working / not working and that are not always defaults. In my view I’m actually doing my best to contribute to the community and the software in my own way.
If the forum was a place where everyone just wrote how great everything was working, I think it would contradict with having a forum at all : ) If you would agree to approach it as a platform for sharing and learning, I wish it would be more for your benefit as everyone elses.
So, coming back to your comment. Stick to the defaults, no need to know much. Meddle around and try to get thing working how you want - yes, it will boost your learning experience.
Answer: No. Only the addition of a Freedombox behind a home router does not add any level of additional security. Adds only another device to the home network. Using it in the place of a home router adds one. Behind the router should be adjusted to VPN, proxy or Tor in order to have any additional level of protection and security. This will still not change the security of the home router, but the devices that are connected to the Freedombox.
Regarding the comment: Freedombox is the easiest, affordable and cheap home server solution as possible as all others. Everything is done to install with only one click and very few settings that do not require any knowledge of GNU/Linux.
No. But it’s not marketed strictly as an infosec gadget. Consider it a fresh canvas on which to paint an assortment of freedom-respecting computing services that may alleviate your reliance on proprietary and/or less secure options. There are things you can do with it to strengthen your network, but you generally have to enable the desired services first.
I obviously cannot speak to your experience, but I’ve found things to be relatively easy to log in, install services, and trust that they work, with minimal pre-requisite Linux experience. Having administered Linux systems before, I’m going to be biased, but it is several degrees of magnitude easier than setting things up by hand.
As stated by @Ged296123, it’s not easy to appreciate all that a product has to offer or does well when perusing a forum where people congregate to express difficulty with a problem and ask for help, or discuss technical development.
No, I don’t think so. I think you may first want to ask yourself what your expectationss are for the device. If you share them with us, perhaps we could provide some guidance to illustrate how FreedomBox can best suit your needs.
As others have stated, out of the box & after following the instructions, setup was really easy for what it is & there’s nothing else like it on the market for that price.
You need to know your own network settings for setup & that’s the way it should be, no one has the same exact network/settings/devices.
Overall, I’m really pleased with mine: it costs almost nothing to operate, it’s quiet, doesn’t generate heat (unlike my old home servers), is FOSS and full of features; it’s earned it’s place in my network cabinet.
As far as problems/issues go; I haven’t had any that were “forum post worthy” & my FreedomBox has been up & running constantly for the last 6 months (my electric bill has even gone down).
Again, as others have stated, if you have some specific issue, post it & I’m sure someone will jump into help. I’m not affiliated in any way with the company, I’m just a satisfied customer, btw.
One goal of this project is to be usable only using the web interface.
So far, I completely sticked to only using the web interface except for:
addition of an external disk
restoration of a remote backup
repairing the micro SD card following problems (not frequent)
I did the above exceptions because:
it was confirmed that this could not interfere with the web interface
these are basic features for keeping the freedombox in operation
it could not be done by the web interface
To me, the web interface should be improved to handle the addition of a disk and the easy restoration of a remote backup.
If you find other basic features missing from the web interface, or some things not clear, it is important to raise it on this forum, so that it can be improved.
I am not a developper, I have some small experience of GNU/Linux, in particular I appreciate that this project is entirely based on software on Debian free repository, without any fancy third-party tool, so I trust Debian and nothing else.
I hope to contribute making freedombox closer to its goal by reporting issues and improving the documentation (I am starting by translating to French, my native language).
I think so, yes. Any home server service which you migrate to Freedombox will be protected by a verifiable SSL connection using HTTPS. This protects you better in two ways: 1) the traffic inside your home to Freedombox is well encrypted protecting your privacy in some ways, and 2) when you connect to your Freedombox you have assurance that you are connecting to the service you intend to connect to without a “man in the middle,” or imposter. Both of these are good things which your ISP device will not do for you.
In your situation you are also well positioned to take the next security step which would be to bypass or eliminate your ISP provided equipment leaving yourself completely in control of security. This is what I do - I have a purchased cable modem connected directly to Freedombox which is my router and no dependence on my ISP for anything other than the data service. It works brilliantly, and I believe the security is improved over the rubbish ISP consumer products.
The Freedombox team has done a great job with documentation and automation, and when it comes to installing Freedombox on bare metal I do agree with you. If this is outside of your comfort zone then having it done for you with one of the pre-installed solutions is a good choice. Once Freedombox is installed you don’t need to be a linux expert - just like you don’t need to be a linux expert to use an Android device when it’s pre-installed. I have experience as a unix sysadmin and I’ve used linux for years and years, but I am determined to use Freedombox using only the GUI tools provided in the system. So far it’s working out very well. It’s a good solution for what it does, and it does not require expertise with linux to use it happily.
If you use a dedicated device for Freedombox and stay within the design use cases it is absolutely solid.
Thank you again Avron for your responses. You are very helpful and you “listen” non-defensively. I agree with those comments that the installation of FreedomBox is easy and no knowledge of GNU/Linux etc is required. Respectfully, I believe some rsponded defensively as if I was disparaging FreedomBox. I was not. FreedomBox is a fantastic development and I intend to use it as much as possible, especially with some many willing to help.
I have been a linux user for many years (albeit light, not developer) but I have not yet had any success with my box.
Took ages to boot and setup, and still have not been able to install any apps. Help and support is thin on the ground.
As for someone without any experience being able to purchase and use out of the box, that just is incredibly unlikely… And a shame as it promises so much. Most would give up who are not enthusiasts.
You’re last problem seem to be a network issue & was resolved, correct?
Forum support can be spotty as with any Linux project, people go on holiday, get swamped at work/don’t have the time to log in or maybe they’re just doing other things. Most of us are not officially affiliated and are just trying to help others out.
After using FB for awhile now, I still believe it is the most user friendly alternative out there. My first experience was positive & pretty straight forward; I’ve already posted about that.
The only real wait with the initial installation I experienced were the updates, which couldn’t be helped and it wasn’t excessively long (shorter than installing Windows updates on a new PC). I did have some downtime with the Debian upgrade, but that is to be expected with system upgrades.
I set up 2 new FB’s in August (2023) without any issues, going through switches and routers that I did not own/have admin access to. As with my previous FreedomBox installations, setup was again by the numbers & every application that we have used so far is working correctly. One was a refresh of an original device from Olimex and the other a decommissioned Windows PC, now running Debian with multiple hard-drives for work.
There’s complete documentation online for almost everything about this project and I love it; It helped me to ditch Apple, Icloud/Google drive & I am happy about that.
So here is a thank you to the maintainers and developers of this project, your work is appreciated.
How exactly are you going about accessing the FB (Pioneer Edition) from the command line? What do you see coming back from the FB?
When you try to access the web interface, you’re doing so from a computer that’s plugged into an Ethernet port on the same router the FB’s Ethernet port is plugged into? What are the IP addresses of both the FB and the computer you’re using to try to get to the web interface? (the router should know both addresses). You’ve tried using the FB’s IP address in a URL in your browser as described in the Olimex quickstarrt leaflet, right?
Your browser isn’t set up to use a proxy, is it? That’s something that bites me periodically.
No, I never worked out what the issue was and networked the device in a different way. The first way should have worked but DNS name resolution was not working and I couldn’t work out why.
I have another issue now that after a day or so the web interface stops working. If I power it down completely I seem to be able to connect but this stops working. I can access via CLI and have to reboot there.
I didn’t have these issues when testing on a debian build on a full-fat PC with debian installed so not sure if it is the device or the slimmed down FB OS.
Still don’t think this is the easiest way for a novice into this by any means!