This post is about truly decentralizing the Web. We will write another post about making the Web more social, especially on mobile devices. To achieve both of these objectives, Qbix is working on a new Social Web Browser.
We are coming up on the 30th anniversary of the invention of the Web. It has been one of the biggest drivers of economic and technological innovation on the Internet. It has lowered the barrier to publishing and accessing information for people around the world. It has enabled commerce and online payments to go mainstream. And it has done all this in a radically open-source way: the HTML source code for every web page can be easily accessed via the browser. As a result, the Web has led to an explosion of wealth and innovation, removing the old gatekeepers.
However, the Web’s client-server design has also led to new gatekeepers and centralization. People have come to rely on giant, monolithic websites to connect them, and trust them with their data, identity and brand. Sometimes that results in epic security breaches by hackers, bulk collection of data by spy agencies, betrayals of trust, revocation of access, With Google, Facebook, Apple, Microsoft and Amazon, the Web has become, in many ways a Feudal society. With a few Root Certificate Authorities, we also centralize our trust in a few companies. Finally, the Domain Name System uses a centralized, although federated, database, so domains have to be bought through a registrar, and maintained.
But what if we challenge some of these assumptions? For example, what if a regular user didn’t need to buy a human-readable domain name, maintain it, and pay for a hosting company to host on that domain? What if identities and domains were as cheap to create and maintain as files?
Until around 2010, it was even harder. To have a website, most users would have to have their own server in a data center, or rely some limited shared hosting service. Most people opted to use let companies like Facebook host their whole identity online instead. Amazon figured out that letting people share managed virtual machine instances was good savings. Today, that’s called “the cloud”, but it’s still under the control of some landlord – Amazon, Google, DigitalOcean, etc.
It’s 2018, and still the easiest thing we have today is using some web based control panel running on some shared host that charges $5/month or something.
Here is what we should have instead:
- End to end encryption
- One giant, actually decentralized cloud composed of all nodes running the software
- Storing chunks of encrypted data using Kademlia Distributed Hash Table, a technology that’s available since 2002 and used in BitTorrent and MaidSAFE
- All underlying URLs would be non-human-readable and clients would display (possibly outdated) metadata like an icon and title (this metadata may change on the Web anyway). Storing and sharing could occur using QR codes, NFC bluetooth, Javascript variables, or anything else. For static files, the links could be content-addressable.
- All apps and data would be stored encrypted in the cloud and only decrypted at the edges. They would run on the clients only. Apps could also be distributed outside the cloud, but usually just via a link to a cloud URL.
- Communities would likewise be just regular users, rather than private enterprises running on privileged servers running some software like github is now. No more server side SaaS selling your data or epic hacks and breaches.
- Users would have private/public key pairs to auth with each community or friend. They would verify those relationships on side channels for extra security if needed (eg meet in person or deliver a code over SMS or phone). Identity and friend discovery across domains would be totally up to the user.
- Private keys would never leave devices and encryption keys would be rotated if a device is reported stolen by M of N of other devices.
- Push notifications would be done by shifting nodes at the edges, rather than by a centralized service like Apple or Google. In exchange for convenience, they can expose a user to surveillance and timing attacks.
- Validation of transactions can be done by random participants in the network, such as the 40,000 people around the world running our Calendar App, but unlike Proof of Work Mining in a way that puts next to no strain on their computers.
No more waiting endlessly to be “online” in order to work in a SaaS document. The default for most apps is to work offline and sync with others later.
Instead of central authorities, everything is peer to peer, with a data stored encrypted in a truly decentralized cloud. The only “downside” is the inability to type in a URL. Instead, you can use one or more indexes (read: search engines) some of which will let you type existing URLs, or something far more user friendly than that, to get to resources.
Domains and encryption key generation would be so cheap that anyone can have a domain for a community of any kind, or even just for collaborating on a document. There won’t any longer be a need for coupling domains to specific hardware somewhere, and third party private ownership/stewardship of user-submitted content would be far less of a foregone conclusion, fixing the power imbalance we have with the feudal lords on the Internet today.
Once built, this can easily support any applications from cryptocurrency to any group activities, media, resources etc.
If you are intrigued by this architecture, and want to learn more or possibly get involved, email us.