17 June 2019 - 9 minute read
There are a tremendous amount of issues with the internet today. I've already
written about this. I didn't cover everything though. The issues go deeper than
just who uses the internet - it's the internet itself.

There is a terrifying degree of centralisation in the internet. DNS is
centralised, allowing these central authorities to spy on, modify, or just
censor what other people do. Just getting permission to use a certain domain
requires forking out money to centralised authorities that have placed
permission to control anything behind a pay wall. SSL certificates cost money
too. With the internet being unencrypted and thus completely insecure by
default, you are literally required to pay for the ability to be secure, which
is just morally wrong. Privacy is a right, and putting it behind a pay wall
violates that right. The problem starts almost right at the very beginning with
ISPs, which can see everything entering and leaving your local network. Couple
that with a "bundled" router running proprietary software and for all you know
your ISP is watching everything on your local network too. The internet truly
is broken right to its very core.

Is it possible to fix the current internet then? What if we all have our own SSL
certificates and have people manually add us as CAs when they wish to
communicate with us? Then have them add entries to their own host files so they
can reach you without needing DNS. It solves some of the issues, but we still
suffer from a tremendous amount of issues, like the lack of security by default.
Headers in HTTP requests are unencrypted even if we're using HTTPS. Tremendous
amounts of information can be deduced or just read in plain text from these
"secure" requests being made.


One solution that's very easy to overlook is one in which we just do away with
just about everything and start again. When first presented with such an idea,
it seems fairly easy to almost laugh at it. "The current internet has been being
developed for some 50 years. It'll take decades to create anything to replace it
and even longer to get people using it". Well, how does a project that already
exists, has already had 20 years of development, and is already usable sound? A
"new net" that is built to be secure right down to the lowest level, provide
control to every user, powerful authority over one's own data, and customisable
degrees of anonymity on demand.

### THE GNU NET ###

This is a project I found very recently. The GNUnet aims to create a new
systems, new security, and a new paradigm. The GNUnet - unlike what the docs
call the "legacy internet" - is completely decentralised. Every part of it -
even DNS which is replaced with "GNS" - functions entirely without any
centralised systems at all. Requests for information are passed into the network
and sent around until someone has what is being asked for, in which event it is
passed back. The best part of this system though is that everything is
encrypted. A "peer" responding to a request doesn't know what the request is for
as it can't decrypt it, doesn't know what the answer to the request is as it
can't decrypt that either (unless the given peer is the origin of the material
and has a plain text copy), but can only verify that the unknown information
being sent back is correct. This uses some crazy clever cryptography that I am
not even remotely qualified to try and explain so I'm not going to try. You're
welcome to read and understand yourself from the PDF here though.

This complete P2P-oriented system allows for tremendous flexibility. I can
communicate with friends, share files, publish content like blog posts, and so
on, all without relying on any centralised services or having to trust anyone
except myself and the person on the other end that I'm communicating with. I
have complete and unwavering control over my content. I choose not only who I
communicate with, but also who is allowed to see what of mine. I can even choose
to retrieve content another has made publicly available without disclosing who I
am to that other. In the GNUnet, there is no requirement to disclose your
existence, let alone your every move as with the legacy internet.

I discovered this project just a few days ago and was truly blown away. It's an
incredible feat and is demonstrably effective, fast, and very much usable. I
have done a tremendous amount of reading over the last few days, and my
arbitrary head-schedule (I don't plan my leisure in any remotely concrete
manner) is saying that right after I have this post published, I'm going to be
diving in and installing GNUnet on my laptop. I'm going to get connected and
play with what I can considering my limited connections to others. If I can get
a friend on there too then I'll be able to do much more and experiment with all
sorts. If I can get it working well, then I plan on making a more GNU-net
oriented version of this site and making it available for others to read. My
social reach on the internet isn't the most size-able thing at the moment, but
if I take my Mastodon follower count as some hypothetical scale (64 lovely
people as of writing this), and say I persuade half to start interacting with
GNUnet, that could be a statistically significant boost to the size of the
GNUnet. In a talk I was watching a video of from 2017, it was stated that the
size of the network was around 160 peers at the time. If growth was good in
proportion and we're at ~320 now, then it would mean a 10% increase in the size
of the GNUnet, which would be tremendous.


There is of course the idealist view to be had that the GNUnet will take off and
everyone will start using it. There are certainly plenty of use cases that would
immediately benefit, such as any form of private communication that may be
required, such as from human rights activists, whistle blowers, or highly
confidential documents, be it for medical or government use. Similarly though,
it immediately benefits regular users like you and me, because now we can
communicate with our friends and family without also letting anyone listening
see that we're talking and what kinds of content we're sharing, or the
centralised platform owner just being able to read everything and share it with
anyone it wishes.

Online shopping for instance is a perfect example of something that would be
dramatically different and also dramatically better with GNUnet. Here is what
Christian Grothoff described when I asked about how a business might have a
presence on the GNUnet:

We have started very early work on a secure multiparty auction protocol
(ebay-like), and I would imagine we might similarly eventually have
something like a decentralized shopping protocol, where you effectively
would specify the product you are looking for and get offers from all shops
offering the particular product. So at that point, someone running an online
shop would post the catalog of their products with prices, and wouldn't have
to bother with JS/CSS and styling & marketing.

Whether or not GNUnet ends up being the future, I strongly believe that it
should be the future. Raising increasing awareness for this incredible project
and bringing more people onto it, writing guides and better documentation, and
contributing code, features, and bug fixes only helps to make this project
bigger and better to benefit everyone. I've joined the mailing list and I fully
intent to learn as much as possible and begin contributing as soon as I feel
able to because I want this project to do as well as it possibly can and I want
to help it do that. Even if my contributions are minor, I'm still contributing,
and that's what matters.


Ethics - Internet
Copyright Oliver Ayre 2019. Site licensed under the GNU Affero General Public
Licence version 3 (AGPLv3).