Monthly Archives: March 2017

The Decentralized Internet

The vision, to create a peer-to-peer Internet that is free from firewalls, government regulation, and spying, is one shared by the Decentralized Web movement. It isn’t exactly a new idea. In the real world, the Decentralized Web movement has been working for a couple of years to link people interested in advancing the effort, and pieces of the technology are being developed in various corporate and university labs. Making a true decentralized Web—or decentralized Internet (the two are a little different)—isn’t going to be fast or easy, Decentralized Web evangelist and Internet Archive founder Brewster Kahle told me last month, because, although it is a good idea, it is hard to execute.

At the University of Michigan, Robert Dick, associate professor of electrical engineering and computer science, and a team of two doctoral students and more than a dozen undergraduate volunteers have been focused for seven years on designing and implementing a decentralized network. If the Internet is shut down or blocked in some way, it maintains connections by sending data hopping from phone to phone. The team will this year roll out an app called Anonymouse that allows anonymous microblogs, including images and text, to be sent around its network by phone hopping. There’s no ability to serve Web pages just yet, although that feature is on the road map. Dick says he’s aware of—and may end up teaming with—other organizations working on similar technology.

“We deployed a research prototype with 100 people using it at the University of Michigan,” Dick said. “Messages typically reached 80 percent of the participants in a day. That surprised us; we didn’t think it would work until we reached about 5 percent of the university population—over 2,000 people. We were also surprised by how quickly messages were ferried between campuses, as a user passed another and then got on a bus, for example.”

The challenge, Dick indicated, is getting enough people to use it so it works efficiently. That’s the challenge the fictional Hendricks is wrestling with as well. Hendricks said in a recent episode, “People won’t want to participate until the quality is high, and the quality won’t be high until we got a lot of people.” Hendricks proposes offering users free data compression to encourage them to run the app; Dick intends to target markets where fear of censorship is a very big deal, so the app will be its own reason for existence. For now, the group is taking sign-ups for a public beta to start in the third quarter of this year.

“I can’t get people in the U.S. to understand just how awful it can be when a few people control what everybody else can say,” Dick told me. “However, I can try to make sure that, if and when they understand, the technology to help them will be available.”

Taking a different approach to reinventing the Internet is MaidSafe, a company based in Troon, Scotland, that has been working since 2006 to create a “massive array of interconnected discs secure access for everyone.”

MaidSafe chief operating officer Nick Lambert says that the company’s goal is to decentralize all Web services, with users offering up bandwidth and storage space in exchange for a cryptographic token the company calls SafeCoin that users can then use to pay for network services or convert into cash. The data travels across the existing Internet, but it is more secure because it is broken into chunks and encrypted. One password is required to store and retrieve data, plus another one to encrypt and decrypt it, because the data is distributed and because the network, although it travels across the same wires as the Internet, doesn’t use the same addressing system. The only way to prevent access to the data would be by shutting down the Internet, Lambert says.

The company recently tested the system on a 100-node network running inside a data center, then rolled it out to several hundred alpha users using laptop and desktop computers. These users were given demo apps to run that allow them to create websites and send email; eventually, the company hopes a developer community focused on building out more sophisticated apps will emerge. Lambert says the company is currently developing better support for mobile devices for its next alpha test, and then it will move on to testing network recovery from massive power outages in alpha 3. Lambert says a more extensive beta test is on the horizon for the near future.

Contest Solve Big Internet Challenges

The Internet of refrigerators is, of course, fiction. But could an Internet that is this resilient—or nearly so—be a reality? Mozilla and the U.S. National Science Foundation think it’s possible, and aim to accelerate its creation by offering $2 million in prize money to teams that invent it—or at least get close.

“We’ve picked two of the most challenging situations in which people are disconnected from the Internet,” Mozilla program manager Mehan Jayasuriya told me. These are, “Connecting people in the U.S. who don’t have reliable or affordable Internet and connecting people as quickly as possible after a major disaster, when the traditional networks go down.”

 Mozilla and the NSF are addressing that first group—an estimated 34 million people—with the “Smart-Community Networks Challenge” that seeks wireless technology designed to enhance Internet connectivity by building on top of existing infrastructure.

For the second group, there’s the “Off-The-Grid Internet Challenge.” That contest seeks technology that can be quickly deployed after a disaster to allow people to communicate when Internet access is gone.

The teams submit initial designs, and then later, working prototypes. Prizes at the design stage range from $10,000 to $60,000. At the working prototype stage, the stakes range from $50,000 to $400,000, with one of the top awards given for each challenge category.

Judging criteria for both challenges include affordability, feasibility, social impact, and scalability. Off-the-grid technology also has to be portable and have a portable power source. The smart community networks technology will also consider density, range, bandwidth, and security. Potential entrants must submit an intent to apply form by 15 October; the whole thing wraps up next August.

“A lot of projects out there address some parts of these problems,” Jayasuriya says. “With $2 million on the table, we are hoping this challenge encourages people to fill their technologies out.”

Were Pied Piper a real company, it would have a decent chance at winning some of that cash. Says Jayasuriya:It’s the kind of thing we are looking for—a big idea, a crazy idea, an idea about how you piggyback on things that already exist. Pied Piper’s approach is like that, looking at all the phones out there and thinking that these phones have radios, and power, and CPUs, so why wouldn’t you take them and turn them into nodes on a network.

Browser Fingerprinting Tech

Browser fingerprinting is an online tracking technique commonly used to authenticate users for retail and banking sites and to identify them for targeted advertising. By combing through information available from JavaScript and the Flash plugin, it’s possible for third parties to create a “fingerprint” for any online user.

That fingerprint includes information about users’ browsers and screen settings—such as screen resolution or which fonts they’ve installed—which can then be used to distinguish them from someone else as they peruse the Web.

In the past, though, these techniques worked only if people continued to use the same browser—once they switched, say, to Firefox from Safari, the fingerprint was no longer very useful. Now, Cao’s method allows third parties to reliably track users across browsers by incorporating several new features that reveal information about their devices and operating systems.

Cao, along with his colleagues at Lehigh and Washington University, in St. Louis, began creating their tech by first examining the 17 features included in AmIUnique, the popular single-browser fingerprinting system, to see which ones might also work across browsers.

For example, one feature that AmIUnique relies on is screen resolution. Cao found that screen resolution can actually change for users if they adjust their zoom levels, so it’s not a very reliable feature for any kind of fingerprinting. As an alternative, he used a screen’s ratio of width to height because that ratio remains consistent even when someone zooms in.

Cao borrowed or adapted four such features from AmIUnique for his own cross-browser technique, and he also came up with several new features that revealed details about users’ hardware or operating systems, which remain consistent no matter which browser they open.

The new features he developed include an examination of a user’s audio stack, graphics card, and CPU. Overall, he relied on a suite of 29 features to create cross-browser fingerprints.

To extract that information from someone’s computer, Cao wrote scripting languages that force a user’s system to perform 36 tasks. The results from these tasks include information about the system, such as the sample rate and channel count in the audio stack. It takes less than a minute for the script to complete all 36 tasks.

To test the accuracy of his 29-point method, Cao recruited 1,903 helpers from Amazon Mechanical Turks and Microworkers. He asked them to visit a website from multiple browsers and found that the method worked across many popular browsers, including Google Chrome, Internet Explorer, Safari, Firefox, Microsoft Edge Browser, and Opera, as well as a few obscure ones, such as Maxthon and Coconut.

The only browser that his method didn’t work on was Tor. Earlier this month, Cao published the open source code for his technique so that anyone could use it. His next step? To work on more ways that users can avoid being fingerprinted across browsers, should they wish to opt out.

The Push for a Decentralized Web

The first episode of the new season (Season 4) of HBO’s “Silicon Valley,” beleaguered entrepreneur Richard Hendricks, asked by eccentric venture capitalist Russ Hanneman, what, given unlimited time and resources, he would want to build.

“A new Internet,” says Hendricks.

“Why?” asks Hanneman.

Hendricks babbles about telescopes and the moon landing and calculators and the massive computing power in phones today, and says: “What if we used all those phones to build a massive network?… We use my compression algorithm to make everything small and efficient, to move things around…. If we could do it, we could build a completely decentralized version of our current Internet with no firewalls, no tolls, no government regulation, no spying. Information would be totally free in every sense of the word.”

Hel-lo! Decentralized Internet? That’s a concept I’ve heard bubbling around the tech world for a while now, but not so much in the consciousness of the general public. Is HBO’s “Silicon Valley” about to take the push for a Decentralized Web mainstream? And is what Hendricks talks about on the show really what the Decentralized Web is all about?

I contacted Brewster Kahle, founder of the Internet Archive and the pioneer of the Decentralized Web movement: he first pitched the idea of a Decentralized Web in February 2015, initially describing it as “Locking the Web Open,” at the first meeting hosted by NetGain, a partnership of some of the largest U.S. foundations aimed at strengthening digital society. In August of that year he published a manifesto (he calls it a white paper) making a detailed case for the Decentralized Web, and in June 2016 he hosted a conference to bring key potential players together to move the project forward.

The Decentralized Web, he told me, “would be everywhere and nowhere. There would be no web servers, it would be a peer-to-peer backend, so if any piece of hardware went down, you wouldn’t lose websites. It would be more like the Internet itself is today—if a piece goes down, you can route around the problem. The current Web isn’t like that.

“Today, if you stand in front of a website, you can tell all the traffic going to it. We know that GCHQ, the NSA of the United Kingdom, recorded all the IP addresses going into WikiLeaks.”

This kind of thing, he says, “would be far more difficult in a decentralized world.”

Is that what the fictional Hendricks was talking about? Kahle, who watched the episode, says yes, mostly.

“He says one of the things it would get you is privacy, and it certainly would,” says Kahle. “He also mentioned that it would start to get around firewalls, like the great firewall of China. And it could do that; if someone behind the firewall had read a website, someone else could get it from them.”

Translating the “no tolls” part of Hendricks’ vision into the real world is a little tricky. If by “no tolls,” he was referencing the current debates over net neutrality, that is, whether Internet providers should be allowed to charge content providers for the use of fast lanes, the Decentralized Web would definitely blow those virtual tollbooths out of the road. If, instead, Kahle says, “no tolls” means no paywalls, not so much. Indeed, the vision of the Decentralized Web involves making it easier to pay for content in order to let readers support publishers, instead of just advertisers.