Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Data collection/usage/privacy policy #26

Open
1 task
darkdrgn2k opened this issue Jun 27, 2020 · 11 comments
Open
1 task

Data collection/usage/privacy policy #26

darkdrgn2k opened this issue Jun 27, 2020 · 11 comments
Assignees
Labels
governance Organizational and Program Governance

Comments

@darkdrgn2k
Copy link
Contributor

darkdrgn2k commented Jun 27, 2020

This initial comment is collaborative and open to modification by all.

Policy for Data Collection/Usage/Privacy

🎟️ Re-ticketed from: #
πŸ“… Due date: N/A
🎯 Success criteria: Establish a policy for data usage.

...

Background

  • Toronto Mesh is an unincorporated volunteer based collective entity
  • The primary project is Toronto Community Network

Issues

  • Short term: As an organization there are many types of data currently generated and used by Toronto Mesh, without any explicit policy for use of these different types of data
  • Medium term: As more individuals or organizations start using Toronto Mesh installed infrastructure, data policies are required to fulfil any commitments
  • Long term: Toronto Mesh intends to be a replicable organization, in the style of an open organization or open innovation process, which requires the vast majority of data and content produced by Toronto mesh to be openly available, modifiable and resuable by anyone else.

Types of Data currently collected and used by Toronto Mesh:

  1. Contact information for members (e.g. contact spreadheet)
  2. Contact information for non-member stakeholders (e.g. contact spreadheet)
  3. Formal agreements with entities (e.g. Hypha, Free Geek Toronto, Toronto Public Library)
  4. Formal correspondence between members and anyone else (e.g. email)
  5. Informal Correspondence between members (e.g. Element/Riot)
  6. Tracking of organizaiton and project issues (e.g. Github)
  7. Notes from meetings (e.g. typepad)
  8. Content generated from meetings (Video, Sketches, Milosh Powerpoints and Jamboards)
  9. Public consumption communicaitons (e.g. website, social media)
  10. Locations of Toronto Mesh equipment intallations (e.g. node map)
  11. Usage of of Toronto Mesh equipment (e.g. range, traffic etc.)

Current Practice

In the absence of written (or uniformly followed) policies, the implementation then becomes the defacto policy.
i.e. code is the law. If I have the permission to change a particular type of content (e.g. website) whatever changes I make to the website becomes the public facing communication for Toronto Mesh.

Risks

Simple: If I change content on the website within my permission capabilities, but without coordination with other communication activities, the website content could become out of sync with organizational priorities.

Complicated: If I am a new member and have been added to Toronto Mesh Element chat, can I take any member to member content including jokes and sarcastic comments, and publish it on another public website out of context?

Complex: If we want to be an open organization, whose processes are replicable, should we record video of all meetings? On one hand it males it available to members who could not attend the meeting, but it also limits discussion for those concerned about privacy or quotes taken out of context [add existing video policy discusion here]

Priorities

Establish clear criteria for a membership list and types of members
This will document who has permission to do what.

  • ...
@darkdrgn2k
Copy link
Contributor Author

Resources - https://docs.nycmesh.net/security/

@darkdrgn2k darkdrgn2k added the governance Organizational and Program Governance label Jul 19, 2020
@benhylau
Copy link
Member

Had a long conversation with @Pedro-on-a-bike in chat about sustainable infra and labour, probably should be written into usage policy. For example:

  • If someone wants to run an ISP off of the common infrastructure
  • If someone wants to run a videoconferencing server or a media archive

Does it matter whether they charge for it vs. not, that it is a for-profit vs. non-profit initiative?

When does it transition from "experimentation" (we want to support) to "a business" (we didn't discuss this yet)?

What is the cost of resources (IP, bandwidth, support labour) to the network and at what threshold shall TCN make fair use or payment arrangements?

@makew0rld
Copy link
Collaborator

I feel like businesses profiting off of the free/volunteer labour of community network workers is problematic. Maybe if we want to still include businesses, there could be a contract that involves donating to Open Collective or similar?

Does it matter whether they charge for it vs. not, that it is a for-profit vs. non-profit initiative?

There are non-profits that will still charge for a service though. I wonder if a distinction should be made between free service vs paid service, or for-profit vs non-profit. I feel like the difference between for-profit and non-profit is significant.

@Pedro-on-a-bike
Copy link
Collaborator

I was thinking that there are two aspects of what we are trying achieve. One aspect is to standardize and document the efforts of the group as a whole, to create a template for anyone else who wants to setup their own mesh-node/super-node/gateway-exit community. I feel that this has been the essence of Toronto Mesh. An open source project that anyone can access, share information and collaborate together.

The other aspect is the actual design, implementation, maintenance and sustainability of a physical mesh community. Due to the real costs, upkeep and constraints, different groups/communities may have different approaches as to how they want to implement their network. I believe its important that any group is able to maintain their own agency and try different models that best fits their situation and unique constraints. Nobody would be forced for volunteer or work for one local group or the other. However I think it is also important that all groups and communities that are setting up their own network are working together to have some sort of standard/common infrastructure so we can all learn from our experiences.

For example, you might have one group of people who wants to setup a nonprofit to provide internet access to their local community and is thinking of donations/volunteer hours/grants to maintain it. Another group could also be a nonprofit that wants to collect membership fees to maintain the network. Or you could have a for-profit group that wants to provide a premium service and bootstrap it. Whether you are a for profit or non profit, both organizations still function as a "business". The same principles of planning, finances, product or service development, customer understanding, sustainability, etc still apply. Each individual group or community should have the choice as to how they are going to maintain their network and organization based on their own incentives and values.

TCN, which could be one group as described above, is currently setting up a local [(mesh-node/gateway)exit] infrastructure at 200 Woolner and in the future could setup another local (mesh-node/gateway) infrastructure that uses the same initial exit. Another nonprofit community however, that is not directly tied with TCN, might want setup and manage their own (mesh-node/gateway) but use TCN's exit resource for various reasons. We would have to figure out how to handle this situation if we want to support them. If too many users/groups begin to saturate a limited resource, there needs to be a mechanism to regulate this or hopefully a way for us to increase its capacity. Even within TCN's own network, a local Access Point may become overwhelmed with users/traffic and may need to be upgraded. Or a few years down the road, the entire infrastructure might need to be updated, in which case those costs need to be accounted for. Or there might need to be a permanent staff for IT/maintenance/support. There might also come a time where the overhead costs, such as a backhaul, are nolonger donated, but only partially subsidized and a new revenue stream needs to be found to pay for it. There needs to be a sustainable model to maintain network quality for the community and to make sure there are adequate resources are available when needed.

@Pedro-on-a-bike
Copy link
Collaborator

I wanted to add, I don't think a for-profit entity would actually work as a feasible solution. Though someone is welcome to prove me wrong. Let's imagine ForProfitCo wanted to start a sudo mesh/WISP business as two people and you want to use mesh to reduce your costs. The idea being that you would interconnect your community using a mesh infrastructure for your clients and the gateway would connect as a traditional spoke-hub model. One person would be Business Development/Marketing/Accounting/Customer Support and the other would be Engineering/Operations/Installations/Technical Support. The both each have a below market salary of $80,000.

The cost of a backhaul for your gateway is easily going to be $300-$500/month for a 1000Mbps pipe. Let's go with $300. Your business model is all about low cost internet. A traditional 25Mbps service is about $50/month, you want to provide that for half the cost. $25/month. Your 1000Mbps pipe can service about 40 people at 25Mbps, but most WISPs oversubscribe to 3:1 (traditional ISPs oversubscribe for 20:1, however there might be network quality issues because you are using wireless). This means you can potentially service 120 clients on your one gateway. That is $2.50 of your $25 just to cover the backhaul. However, you also have costs for the rooftop lease, colo costs for your exit, not to mention the backhaul costs for your exit pipe, equipment leases, electricity, software fees, permits, etc. I would imagine you're going to have to triple that $2.50 to $7.50 just to cover all that. This leaves about $17.50 per client to pay for everything else and make a profit. Forgetting about licencing, legal, office, equipment maintenance, travel, advertising, research/development and other costs, just to pay the $160,000 salary for two people to run this operation full time, you're going to need just over 9000 clients to cover that. That's a lot just for two people to handle.

I think there's been some misunderstanding when I've brought up utilizing an incentivized mesh. Incentivized mesh != for profit mesh. Though many people have altruistic motivations to volunteer and help with a project, a monetary incentive is a tool to provide some sort of security to let someone know that if they are purchasing equipment with their own money to setup a gateway or a group of nodes, they can have some assurance they will be refunded for the costs. Or if many of their own volunteer hours begin to consume a big part of their day, their time may need to be subsidized to help compensate to make sure the network is properly maintained. I honestly believe a hybrid model, a non-profit with incentive, is going to be needed to make a project like this sustainable at scale. There needs to be some sort of mechanism to help cover costs that the gateway and exit operators face, as well as overall costs to support the entire network. It could be a general membership fee for the whole community as a non-profit, it could be an individual node or gateway tariff for each access point, where a part of it goes to cover the costs of the gateway operator and the other part goes to the community as a whole. In this model, everyone is still part of the non-profit collective and there's transparency of where all the funds are going. I'm just trying to point out that nobody is going to make "bank" through this project. However I do think there are some real hard costs associated with it that shouldn't be overlooked and an actual business plan needs be discussed.

@benhylau
Copy link
Member

I think the non-profit vs. for-profit legal entity is perhaps less important than whether someone is using significant resources. Let's consider:

  1. Someone runs a one-person local network video streaming service incorporated as a non-profit, pays all revenue minus expenses to themselves as a salary, so the business is technically a non-profit organization which pays no income tax. In doing do, they also used up 90% of the total network bandwidth, but they pay nothing to expand the TCN infrastructure.

  2. Someone runs a small for-profit business hosting websites for local shops, lightly profitable and can expand to provide employment opportunity to more people. They use minimal TCN bandwidth.

It doesn't make sense TCN charges (2) but not (1). So perhaps in the scope of this ticket, we need a policy that allows us to support both use cases, as well as ones @Pedro-on-a-bike listed:

For example, you might have one group of people who wants to setup a nonprofit to provide internet access to their local community and is thinking of donations/volunteer hours/grants to maintain it. Another group could also be a nonprofit that wants to collect membership fees to maintain the network. Or you could have a for-profit group that wants to provide a premium service and bootstrap it.

Firstly, we need to map out what TCN wants to support. Am I correct that all of the above are things we want people to do? If so, then a "MVP" of this ticket would be:

  1. Define "usage of resources" and how it is measured
  2. Fair use policy and how it is enforced
  3. How to be operationally ready to accept contributions (monetary or otherwise) that will keep a sustainable common network (sustainable labour compensation and reserve for infrastructural costs)

We are now relying on grants and voluntary labour to bootstrap a network. I do not think relying on grants and voluntary labour is sustainable long term, or would provide the quality we'd like from our long-term objectives.

@Pedro-on-a-bike
Copy link
Collaborator

I agree with your example in that it doesn't make sense TCN charges (2) but not (1).

With regards to "usage of resources", this kinda goes back to a discussion we had a while ago in that bandwidth is really the main scarce resource in the network. For example, with the LAP-LITE-120 that we're using, the device can only push 300Mbps at any one time, and with 802.11ac, there are only 23 non-overlapping channels at 20Mhz - assuming that there is no environmental noise. This really limits the total available bandwidth to service a local group of users. If too many users are trying to connect to one Access Point at the same time, service rapidly degrades. Same thing goes with the total aggregate users trying to access the Gateways and Exit. The backhaul bandwidth capacity limitations need to be considered as well.

Althea also identified bandwidth as a main limiting resource however they found it quite difficult to incorporate "bandwidth usage" into Babel as a cost function. So the alternative they used is data usage. It was a lot easier to add this into Babel/Althea and still produce a behaviour response in the users to self-regulate their usage. If someone leaves YouTube running in the background at 4K just to listen to music, you want to curb back this activity, unless they are willing to pay for it. Basically, if the demand on an Access Point increases and the node is overwhelmed, the cost to use it goes up and users can set a limit as to how much they're willing to pay so they are not overcharged. I understand that this can potentially price out some users from connecting to an Access Point, however I feel this is the basis for an incentivized mesh. If an Access Point becomes too expensive to use because too many users are trying to connect to it at once, then you can use the proceeds from the users who are willing to pay a higher price to setup more Access Points, thereby driving down future cost and increase connectivity. There are also other mechanics such as traffic shaping, setting cost caps, etc, but this would be the principle idea. I do think we need some way to set price caps on the network so there is an upper limit for all users - I don't want an agent to abuse the network and dedicate all the bandwidth to themselves just because they have the money for it. There should also be a lower limit so that we actually collect funds to sustain the network overall.

If you're not looking at Althea and charging for data usage with a dynamic cost schedule, there is the traditional model of traffic shaping and having tiered services. Ubiquiti has a payment CRM built into their UNMS user management system for a traditional WISP structure. However I don't believe it is dynamic. You pay for your "up to" 25Mbps at $20/month and that's it. I would rather have a dynamic model like Althea where, if no users are connected an Access Point, then it is "free" or some really low cost, and then cost increases based on the number of users, up to a point.

The main idea is that you need to have some way for users to self-regulate their usage and be cost conscious of the bandwidth limitations, along with potentially having a basic service fee. I'll have to give your "MVP" for this ticket more time, but the above is my initial thought.

@darkdrgn2k
Copy link
Contributor Author

I would warn that this conversation is going into very very specific examples.
We are NOT running Althea currently with all its wonders, and in addition we have NO access control to the network what-so-ever when it comes to the core network.

We need to zoom out as we are no where near a place this even becomes relevant, let alone know what it would look like when it is.

I feel like businesses profiting off of the free/volunteer labor of community network workers is problematic.

There needs to be a symbiosis in the ecosystem. Remember that the the community network is also "profiting" in resources from for-profit entities in the form of donations. Similarly i think there is a place for profit in the mesh as well. I would point to open source platforms that have a paid level of support as an example of how this can be done.

My node doesn't work, do i learn and fix it myself, do i submit a ticket and hope some one can fix it, or do i pay my neighborhood mesh guy to make it work?

As in this example, I dont think we could even limit that kind of work if we wanted to.

One aspect is to standardize and document the efforts of the group as a whole, to create a template for anyone else who wants to setup their own mesh-node/super-node/gateway-exit community.

The goal of this project is to distribute the knowledge and not to be centralized. There is currently a bit of tech debt with this first node as i am rushing but the goal is to go back and collect all the information pushed into issues into a more coherent structure (see issue #32).

bandwidth as a resource

Few things i want to point out

  • I think its important to remember we are NOT TRYING TO BE AN ISP.
    • If you want fast reliable (rtt, ping) high performing internet, there are several options to choose from!
  • I think its also important to remember what our CURRENT level of service was decided to match with that the city noted:

the aim is to provide enough coverage and strength to read news, submit online forms, use messenger apps, but not stream media/games.

I think this is OK to change as we grow and learn. Currently we are not planning on limiting any speeds artificially but it may be required to keep the above level of service available, or maybe not...

With regards to "usage of resources", ... LAP-LITE-120 that we're using, the device can only push 300Mbps at any one time, and with 802.11ac, there are only 23 non-overlapping channels at 20Mhz...

There are ways (and new tech coming out all the time) to make a denser super node. LAPs are "cheap and easy" way to get started. NYCMesh started deploying prisims on their more denser nodes.

You make the node denser by limiting the 120 degree range of the antenna down to 60, or even 30 degrees.

For example:

By switching from 1 LAP-120 that does 300mbps in a 120 degrees range, to 4 prisms at 30 degrees that cover the the same 120 degree (30 degrees each) range you can pack 300x4=1.2Gbps into the same space. Their engineering also tries to limit the amount the lobes encroach on neighboring signals.

I wanted to add, I don't think a for-profit entity would actually work as a feasible solution.

There have been several attempts in toronto for free-wifi-as-a-buesiness that failed

@darkdrgn2k
Copy link
Contributor Author

So perhaps in the scope of this ticket,,,

This ticket needs to re renamed ad a new one created for

  • Data collection policy (ie logs)
  • Usage (ie SLA and what it this mesh aims provide)
  • Privacy Policy (related to the above)

Firstly, we need to map out what TCN wants to support.

Yes

Am I correct that all of the above are things we want people to do?

I'm in no rush to try to do this. I know these conversations need to happen but we need to create a SELF SUFFICIENT core first.

Currently, this whole deck of cards can fall if any one of the 3rd party supporters fall off. Some resources we are/will be using have a limited life span. I feel this is where the efforts should be.

I think @Pedro-on-a-bike has a good grasp of many aspects of the mesh. However i don't think this mesh will take of as fast as he thinks, even with a for-profit backing an ISP deployment based on TCN as back haul.

I think getting first nodes connected will be a huge challenge.

If some one wants to come up and do an experimental mesh spinoff based on TCNs backbone and is willing to work with us, experiment, etc etc i think that would be great, but defining boundaries and process for something we have no idea about i think is not a good use of resources at this time.

my 2 cents

@benhylau
Copy link
Member

Relevant to data policy tomeshnet/node-list#16

@benhylau
Copy link
Member

@ultush updated top post with draft, for review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
governance Organizational and Program Governance
Projects
None yet
Development

No branches or pull requests

6 participants