DIY ISPs of the world, unite!
This article is meant to provide the reasons why people behind DIYISP are actually running their own ISPs and not using services from large commercial ones. For a manifesto, please see the according page.
Let's try to keep this short. Politics and ethics tend to take up much time for discussions, though in the end, nothing but argueing is achieved.
Tens of cases of large providers having data leaks, hackers breaking into their systems and stealing data or even ISPs selling their customer data directly have shown that you cannot trust your provider.
Some people tend to anonymize or just refuse to use certain services, but our solution to that is to regain control of our data. Many services nowadays used in the Internet are open or have open alternatives, so nothing prevents you from running your own ISP running all these services on yourself.
As it is one of the principles to keep the ISP small and federated, you know each other: If you are one of the active administrars, you know your colleagues. If you are just a user of the services, you still only have a small personal group of admins you know.
So, if something bad should happen to your data, you know the one responsible for that, he is your friend. Or, in the better case, you have control yourself over it.
Or, another case: Just look at the data retention. Nobody will get your data if they don't ask you directly. Nobody will be able to tap your communication without you knowing it (assuming secure servers). Because you have control over your infrastructure.
Back in the old days when it was developed by DARPA, the Internet was built with decentralization in mind. Failure of a single system must not impact the others. But where are we today? Even though there is redundancy everywhere, there are still many single points of failures.
Building our own networks, we enhance the stability. When a major provider goes down for whatever reasons, we might still be able to have Internet. There were numerous cases of large providers having even short outages, but affecting hundreds of millions of people to be unable to use their well-known communication channels.
You learn a lot of things. There are many services you would never use otherwise, or which you wouldn't be able to offer in a greater scale. Having a mailserver for yourself is different to having a mailserver for several hundred persons. You would never use Kerberos or LDAP or Radius for yourself, but for an ISP, they might be required.
Or who knows how a dial-up network works, how DSL reselling works, how to register your own IPs, etc.? You wouldn't be able to learn that without becoming an ISP.
You know what you are doing. You are not just a politician talking, or some troll blurting out phrases, you know what you are doing and why things are like they are. You will see discussions different, from the provider view, not only from the customer view.
You are able to help others. As your ISP will not only consist of active admins, you will have many people who don't know how to use your services, but who are still interested. Especially when it comes to securing services, you will have interested people (in the end, that's why they don't go to larger providers). They will be thankful if you help them.
As an ISP, politicians will listen to you. Maybe not to your small ISP alone, but if you are in a larger network, you will get heard. Especially when you are in a more rural area, or if you are the only ISP in your area (because other providers won't deliver), local politicians will see you as technically proficient.
A situation might arise where you can get money from your community anyway for buying new equipment, so you should keep a link to local politics anyway.
Large providers have faced much criticism, partially because of their own policies, partially because of political restrictions forced upon them.
When you run an ISP yourself, you will also obey the law (as otherwise, you will be shut down or face high penalties). But you won't be as easily forced to censor the web like others (which large providers in UK were forced to). And you can decide to not implement technics large providers are doing in preemptive obedience (the same, DNS filtering in Germany without even a law!). You can decide to supply net-neutral Internet, i.e. to treat every traffic the same, regardless of its source or target. You can decide to deliver real flatrates without shaping traffic, and make fair terms of services.
Though DIY ISPs are not a political movement or intended to be politically active (though some are, of course), there seems to be a general mindset across people active in DIY ISPs:
Data retention is a big topic in the EU. As an official provider, you won't be able to omit it. But you will have to know what exactly you have to implement, and you can inform your users. In the case of IN-Berlin, we had a well-visited meeting when data retention was launched in Germany, where we held a talk about the exact information we had to save, where this will lead in the long run, and handing out forms for the sue case against data retention. You can also make sure you only implement what is necessary and not more, and that you will be able to remove the data and to control that only legitimate authorities will have access to it.
Shaping traffic depending on its content or origin has been tackled by several large access providers in the EU. Our goal is to not do so.
But, in this case, things might get difficult. You are dependant on your upstream provider or your peering partners, and you might be able to deliver some traffic for free while other traffic is shaped or costly. But in that case, you have to communicate that
Censorship is reality in some countries (UK) already, others have it on a voluntary basis (Germany), but often only for single large ISPs. So, we want to deliver a censorfree Internet, without any DNS or other filters.
Our pricing should be fair. We don't want to offer flatrates where we don't really have flatrates to offer. We have to be honest.
To involve others as well as to make others learn from you, you should be transparent. If some system failed, tell it. People will be happy to know that you are indeed telling them when something happened instead of just trying to hide it.
The same for your technics: If somebody asks, why don't you tell them which server software you are running? As you don't have to compete with anyone, you don't have to hide information.
Of course this doesn't mean you should publish your finances in the Internet, but generally, there are only few secrets to be kept. But the legislative administrators and system administrators should know which information should be considered sensitive.
Users who will come to you are usually very concerned about their privacy. And so should you! It is strictly forbidden to do anything with the data supplied by your customers other than using it for the services they are needed for. If you use another provider for realizing some contents (e.g., Radius proxying), you should communicate what is actually being handed over from their data.
As well as privacy, this is a matter of course for any sysadmin. But you should be especially careful. As mentioned earlier, people are not only paying you to provide services, they are actually handing over trust. Don't fail that, be conscious about security! If you know there is a broken protocol or cipher, don't use it, but propose your users to use something else and get away from it.
And if people ask, help them setting up their SSL certificates and PGP.
If you are community-organized, why just not be democratic at all? If you want to do things yourself, and others do as well - organizing democratically (or meritrocrally) is one of the key values to being successful.
This sounds a bit strange and opposes the things said earlier, but it is a good idea to be not too political. As an ISP, you should mind your business. Don't try to act in political areas where an ISP is not supposed to be. But for political issues where you are affected as an ISP, there you should have an opinion. Data retention is something that directly affects you, but social cuts or animal rights don't.
If you want autonomous, self-made Internet, be inclusive. Don't restrict your members to be of the same political opinion as yours. The Internet should be a place of diversity. In the end, that is the same point as censorship and democracy – if there was only one opinion out there, why should you care for censorship or democracy anyway?
That also means that you should try not to be too close to political parties or NGOs which have more topics than you as an ISP do. As much as you like the Pirate Party or Amnesty International, they are different.
Being neutral is one of the key aspects of a system or net administrator.
We're closely related to the Free Software movement. We're complementary. Without a free network, there would be no free software. Without free software, there would be no Internet. We share the same values when it comes to openness, transparency, societal impact, democracy, autonomy.
Thus, you should try to use free & open source software where possible. Linux and BSDs are the “best” server operating systems anyway, the same holds for most of the generic server softwares for e.g. web, mail, radius etc. servers.
Often, there are efforts to write and improve free software when needed, as it has been done for l2tpns by some members of FDN in France.
Last but not least, building your own provider is fun! You meet nice people with the same mind, interested in the same technologies and politics as you.