17 June 2019 - 9 minute read

There are a tremendous amount of issues with the internet today. I've already written about this. I didn't cover everything though. The issues go deeper than just who uses the internet - it's the internet itself.

There is a terrifying degree of centralisation in the internet. DNS is centralised, allowing these central authorities to spy on, modify, or just censor what other people do. Just getting permission to use a certain domain requires forking out money to centralised authorities that have placed permission to control anything behind a pay wall. SSL certificates cost money too. With the internet being unencrypted and thus completely insecure by default, you are literally required to pay for the ability to be secure, which is just morally wrong. Privacy is a right, and putting it behind a pay wall violates that right. The problem starts almost right at the very beginning with ISPs, which can see everything entering and leaving your local network. Couple that with a "bundled" router running proprietary software and for all you know your ISP is watching everything on your local network too. The internet truly is broken right to its very core.

Is it possible to fix the current internet then? What if we all have our own SSL certificates and have people manually add us as CAs when they wish to communicate with us? Then have them add entries to their own host files so they can reach you without needing DNS. It solves some of the issues, but we still suffer from a tremendous amount of issues, like the lack of security by default. Headers in HTTP requests are unencrypted even if we're using HTTPS. Tremendous amounts of information can be deduced or just read in plain text from these "secure" requests being made.


One solution that's very easy to overlook is one in which we just do away with just about everything and start again. When first presented with such an idea, it seems fairly easy to almost laugh at it. "The current internet has been being developed for some 50 years. It'll take decades to create anything to replace it and even longer to get people using it". Well, how does a project that already exists, has already had 20 years of development, and is already usable sound? A "new net" that is built to be secure right down to the lowest level, provide control to every user, powerful authority over one's own data, and customisable degrees of anonymity on demand.


This is a project I found very recently. The GNUnet aims to create a new systems, new security, and a new paradigm. The GNUnet - unlike what the docs call the "legacy internet" - is completely decentralised. Every part of it - even DNS which is replaced with "GNS" - functions entirely without any centralised systems at all. Requests for information are passed into the network and sent around until someone has what is being asked for, in which event it is passed back. The best part of this system though is that everything is encrypted. A "peer" responding to a request doesn't know what the request is for as it can't decrypt it, doesn't know what the answer to the request is as it can't decrypt that either (unless the given peer is the origin of the material and has a plain text copy), but can only verify that the unknown information being sent back is correct. This uses some crazy clever cryptography that I am not even remotely qualified to try and explain so I'm not going to try. You're welcome to read and understand yourself from the PDF here though.

This complete P2P-oriented system allows for tremendous flexibility. I can communicate with friends, share files, publish content like blog posts, and so on, all without relying on any centralised services or having to trust anyone except myself and the person on the other end that I'm communicating with. I have complete and unwavering control over my content. I choose not only who I communicate with, but also who is allowed to see what of mine. I can even choose to retrieve content another has made publicly available without disclosing who I am to that other. In the GNUnet, there is no requirement to disclose your existence, let alone your every move as with the legacy internet.

I discovered this project just a few days ago and was truly blown away. It's an incredible feat and is demonstrably effective, fast, and very much usable. I have done a tremendous amount of reading over the last few days, and my arbitrary head-schedule (I don't plan my leisure in any remotely concrete manner) is saying that right after I have this post published, I'm going to be diving in and installing GNUnet on my laptop. I'm going to get connected and play with what I can considering my limited connections to others. If I can get a friend on there too then I'll be able to do much more and experiment with all sorts. If I can get it working well, then I plan on making a more GNU-net oriented version of this site and making it available for others to read. My social reach on the internet isn't the most size-able thing at the moment, but if I take my Mastodon follower count as some hypothetical scale (64 lovely people as of writing this), and say I persuade half to start interacting with GNUnet, that could be a statistically significant boost to the size of the GNUnet. In a talk I was watching a video of from 2017, it was stated that the size of the network was around 160 peers at the time. If growth was good in proportion and we're at ~320 now, then it would mean a 10% increase in the size of the GNUnet, which would be tremendous.


There is of course the idealist view to be had that the GNUnet will take off and everyone will start using it. There are certainly plenty of use cases that would immediately benefit, such as any form of private communication that may be required, such as from human rights activists, whistle blowers, or highly confidential documents, be it for medical or government use. Similarly though, it immediately benefits regular users like you and me, because now we can communicate with our friends and family without also letting anyone listening see that we're talking and what kinds of content we're sharing, or the centralised platform owner just being able to read everything and share it with anyone it wishes.

Online shopping for instance is a perfect example of something that would be dramatically different and also dramatically better with GNUnet. Here is what Christian Grothoff described when I asked about how a business might have a presence on the GNUnet:

We have started very early work on a secure multiparty auction protocol (ebay-like), and I would imagine we might similarly eventually have something like a decentralized shopping protocol, where you effectively would specify the product you are looking for and get offers from all shops offering the particular product. So at that point, someone running an online shop would post the catalog of their products with prices, and wouldn't have to bother with JS/CSS and styling & marketing.

Whether or not GNUnet ends up being the future, I strongly believe that it should be the future. Raising increasing awareness for this incredible project and bringing more people onto it, writing guides and better documentation, and contributing code, features, and bug fixes only helps to make this project bigger and better to benefit everyone. I've joined the mailing list and I fully intent to learn as much as possible and begin contributing as soon as I feel able to because I want this project to do as well as it possibly can and I want to help it do that. Even if my contributions are minor, I'm still contributing, and that's what matters.


Ethics - Internet


Copyright Oliver Ayre 2019. Site licensed under the GNU Affero General Public Licence version 3 (AGPLv3).