We’ve had enough of digital monopolies and surveillance capitalism. We want an alternative world that works for everyone, just like the original intention of the web and net.
We seek a world of open platforms and protocols with real choices of applications and services for people. We care about privacy, transparency and autonomy. Our tools and organisations should fundamentally be accountable and resilient.
I think it's interesting to look at what existing entities do when faced with DNS MITM and takedowns. The various torrent searchers and anti-censorship entities just diversified the TLDs they depend upon. So when their ".com" or ".net" domain gets taken down or man-in-the-middled, they tell their users to shift to .is , .ch, .se or some other TLD with a different regulatory framework, thus avoiding a single point of failure.Â
If a new mechanism depends on the inconvenience of a browser extension anyway, why not automate the process people already use? For example "colmmacc.multi" could be intercepted by an extension and translated into 5 DNS requests against say SHA-2("colmmacc").[com|ch|ly|se|is] and the extension could use a simple majority quorum of the answers to defend against a tampered response. Of course it means you have to register and host your domain 5 times, but that's pretty cheap these days.
Other nice properties: works with all existing DNS security mechanisms (including DNSSEC or DNScurve), provides security against registrar or registry level tampering or compromises. Hash of the domain makes it hard for registries to block domains (they have no idea what the name is until it is popular) and also resets the clock on squatters.
My instinct is that long game, they're right and HTTP is fatally
It is a fundamentally centralizing protocol - the domain in a URL is
both the name of the resource *and* the place you go to get that
Short term is another matter. There are lots of incremental things
people can and should do now.
The dig at WebRTC is uncalled for - yes, right now you have to have
some other identity system to use it, and that is necessarily
central. But it's an open standard, pluggable compontent that can be
used in lots of ways.
If you have some other decentralized identification system, you can
then use WebRTC on top of it somehow later.
On Sun, Dec 29, 2013 at 09:46:31PM -0600, Paul Frazee wrote:
> No kidding about the diagram.
> Interesting statement on http://youbroketheinternet.org/map
> Because the web browser is so overladen with surveillance functionality
> > what the server tells it to. Now comes WebRTC which relies on web servers
> > for authentication and thus enables them to run a man in the middle attack,
> > and AJAX, which took off as the foundation of the web 2.0 and landed as a
> > surveillance tool. Should we want to do web-based user interfaces, we'll
> > have to use a custom browser with disabled HTTP support.
> I'm not sure they justify dropping HTTP support. Â Aren't these issues with
> the access policies in the browser? I'm slow to let go of the legacy and
> relative simplicity when incremental fixes are still possible.
> They also knock on X.509 and DNS in that page. There's been some talk about
> namecoin. Anybody follow that closely enough to comment?
> Regarding WebRTC's MITM vulnerability, I wonder about using
> http://www.w3.org/TR/WebCryptoAPI/ someday to do client certs, though
> tcpacek's FUD about client-side crypto is hard to ignore. Any counter
> On Sun, Dec 29, 2013 at 7:49 PM, Francis Irving <email@example.com>wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > Wow, that's a pretty hardcore diagram!
> > Any key projects on it that are missing from this list?
> > https://github.com/redecentralize/alternative-internet
> > Francis
> > On Sun, Dec 29, 2013 at 06:08:24PM +0000, Benjamin Heitmann wrote:
> > > Hello there,
> > >
> > > I found this via the 30C3 coverage, its very relevant,
> > > however I did not see it mentioned here, so I thought I would share it:
> > >
> > > http://youbroketheinternet.org/
> > >
> > > encourages projects to make a new internet stack from low level
> > infrastructure all the way up to
> > > end user applications.
> > >
> > > I wanted to attached is a picture which assigns various projects to
> > different levels of the stack,
> > > but the picture is too big.. ;)
> > >
> > > All in all a very interesting umbrella project.
> > >
> > > cheers, Benjamin.
> > >
> > >
> > > --
> > > Benjamin Heitmann, BSc, MSc
> > > PhD Researcher
> > > Unit for Information Mining and Retrieval (UIMR)
> > > Digital Enterprise Research Institute (DERI)
> > > NUI Galway, Ireland
> > >
> > > publications and slides:
> > > http://www.deri.ie/about/team/member/benjamin_heitmann/
> > > http://www.slideshare.net/metaman/
> > > https://www.researchgate.net/profile/Benjamin_Heitmann/
> > >
> > > public PGP key available at: http://keys.gnupg.net/
> > >
> > - --
> > Do *you* have an awesome idea you never quite manage to do?
> > http://www.awesomefoundation.org/en/chapters/liverpool/
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.12 (Darwin)
> > iEYEARECAAYFAlLA0ScACgkQhRiKo+HhcsDhRACfRCwVZumd3gxZcffzxGjJQ+B8
> > 4agAoIRkz1+rNCm1lN5T6s6S9pUc/XUx
> > =Lppo
> > -----END PGP SIGNATURE-----
Do *you* have an awesome idea you never quite manage to do?