Blog Tags: 

ZeroNet and IPFS: uncensorable auto-scaling BitTorrent powered websites

Jeremy recently nudged me into taking a close look at IPFS and ZeroNet, two BitTorrent inspired projects aiming to help achieve a more resilient distributed web that levels the playing field and is less susceptible to centralized control.

The two killer apps seem to be:

  1. DDoS resistant high-performance content distribution at scale without scaling costs and complexity.

    P2P web technology is interesting because the higher the demand, the better the system performs. Scaling is built in. You don't need to do anything special. No load balancers. No global CDN. No DevOps team. No venture capital to pay for all that server infrastructure. If your content is in popular demand, the swarm will take care of it.

  2. Censorship resistance: forbidden political speech in China, leaks of classified government or corporate misdeeds, copyright infringing content, illicit marketplaces, etc. Basically anything that annoys the powers that be for which there is enough demand to power a swarm.

    The P2P web takes the idea of the Internet treating censorship as damage and routing around it to a whole new level. The Internet isn't just routing around censorship, it's routing around the very possibility of censorship. Censorship attempts are the de-facto driving force revolutionizing content distribution.

    Ironically, the recent global crackdown on Torrent sites will probably do more for the rise of an unstoppable P2P web than anything else:

    You can't win Vader. If you strike me down, I shall become more powerful than you can possibly imagine.

    —Obi-Wan

Didn't TOR onion sites already solve censorship resistance?

No, because:

  1. TOR onion sites are relatively slow and hard to scale.

  2. You still have to host your hidden site somewhere and that somewhere becomes the central point of failure. It's very typical for TOR sites to go down or suffer Denial of Service attacks.

  3. The Intelligence Community have been flooding TOR with malicious nodes. With enough of those deducing the location of a hidden website becomes possible eventually. The higher the numbers of malicious nodes the higher the probability that a routing circuit will eventually be created comprising only the attacker's nodes. This allows the attacker to reveal the true IPs for both sides of the connections. This is called a Sybil attack.

    There are probably some technical countermeasures that would make this sort of attack harder, but the kind of troublemaker who would be most likely to lead this effort has been kicked out following what looks an awful lot like a character assassination campaign by JTRIG. Probably the same people behind the allegations of sexual misconduct against Wikileaks co-founder Julian Assange.

  4. Even if TOR wasn't being systematically compromised, keeping a hidden site hidden from determined investigators is very hard. It's easy to make mistakes.

IPFS

This is basically a BitTorrent global filesystem protocol + reference implementation.

For a user to download content from the filesystem at least one node has to be caching it. Any file you download you also host/seed while it's in your cache and if you want to keep it in your cache you can "pin it".

This works great for popular content. The more popular the content the better it works. With unpopular content it essentially degrades to something resembling a client/server model.

In terms of censorship resistance, IPFS includes blacklists of forbidden content in the default distribution, though it's configurable so you can turn it off "at your own risk".

Personally I think all of this willful censorship stuff is just a phase to protect the protocol in its infancy. Blacklisting all forbidden content on a global filesystem is ridiculous. The only popular use case I see for that is blocking ads.

So censorship-free distributions of IPFS implementations that integrate with Tor will probably end up as the default if this ever catches on.

ZeroNet

Unlike IPFS ZeroNet is not just a piece of the puzzle but actually a polished full stack solution for dynamic social P2P websites without any central server. That's an amazing accomplishment and it works right now.

The problem ZeroNet is solving is basically how to BitTorrent the entire website rather than just individual torrents.

I tried it and came away very very impressed. It's implemented in Python and is currently packaged & distributed a lot like the Tor Browser Bundle. There's no installation, you just unpack and it runs in place as a localhost web service your browser connects to.

The default ZeroNet homepage shows off a gallery of reference "zero" sites or zites: a messaging board, reddit-like forum, blog platform, end-to-end encrypted mailing service and social network.

Any site you visit gets "activated" and you join the swarm of users hosting it. It also shows up in the list of sites on the ZeroNet homepage along with the last time the site was updated, which has some privacy implications on shared computers.

I think the sites on the ZeroNet homepage are mostly intended as tech demos because conventional use cases already work well enough as regular websites. Due to its limited audience ZeroNet doesn't yet bring enough to the table to threaten the status quo for use cases where censorship resistance is not a requirement.

That means you need to venture beyond the ZeroNet homepage to see the point of it all. One of the best ways to do that is to search for sites on the Kaffiene search engine:

http://127.0.0.1:43110/kaffiene.bit/

I think at present the best showcase for why ZeroNet could matter is Play, a polished curated site of verified torrents to popular movie releases. Judging by the number of seeders it also seems to be one of the most popular P2P sites on ZeroNet at present.

Well, that and a reddits style gifs site:

http://127.0.0.1:43110/1Gif7PqWTzVWDQ42Mo7np3zXmGAo3DXc7h

The main intrinsic limitation of ZeroNet is that it's less forgiving than the web with regards to unpopular content. The long tail is shorter. Beyond the handful of swarm-happy P2P sites is an empty wasteland of broken links.

You can get future posts delivered by email or good old-fashioned RSS.
TurnKey also has a presence on Google+, Twitter and Facebook.

Comments

VladGets's picture

I am using Tor. Its good programm

What the side of the page?

Pages

Post new comment