../musings-freer-internet

First published on: 2024-12-19

Musings on a Freer Internet

The internet is one of the marvels of human achievement. It's easy for the generation that grew up with it to take it for granted, but the number of technological breakthroughs and engineering wonders that went behind the internet as it stands today, is enormous, and worth paying tribute to.

Incidentally, the internet is also one of the more "open" technologies. From open protocols, ever-widening access, to a (relatively) decentralized governance. Though as open as it may seem, it's still far from perfect. The post is inspired by some of the problems I have thought of a bit, and what I feel would be good ways to alleviate them

issues with the current internet

There has been lots said¹ and witnessed about the good parts of the current Internet. I'll be skipping right to some of the issues, ahead.

centralizations of all sorts

The internet as it is at present, relies on centralized infrastructure for almost everything. From its access, to hosting of content and offloaded compute - everything is done by a handful of entities. The server-client model², followed as the norm till date, favors such centralization.

While there are clear logistical, cost and performance advantages that come along with it, it also robs away control and freedom from the hands of consumers. We get what we are given, access what we are allowed to, and have to do with the defaults designed for us.

Ad-capitalism, loads of tracking, and other ways or profit-extraction have been imposed upon the consumers as a consequence. And on the governance side, surveillance and censorship are heavily benefited from centralized structures. As it's in them that particular entities could practically enforce control.

While all of this is heavily guised as "good things", the plentiful of bad parts of giving away such levels of control is kept obscured. It's a scary state to be in - when the internet shuts down, what we could access, and even what we believe in (through "personalized" brainwashing); are all things centralized entities have a say over

Having established the bad parts of centralizations, I'll elaborate on some of the ways centralization is deeply-rooted currently

apps with a centralized "server"

Most websites one may have encountered, serve webpages and provide their services through a single-entity owned "server", no matter at what scale. If it's a major entity, there may be a huge datafarm just for this purpose.

The point remains, though. I'd call even cloudflare's content distribution network as centralized. Technically they are distributed across multiple nodes, but every one of them is owned or closely associated with cloudflare - and hence centralized by "control"

What's the issue with this? Having to put blind trust on the providers, over their claims, is one. Claims involving data-protection, performance, and literally what not. Second is, obviously again, what freedom the consumers are left with. Can't pick and choose what to do or whom to trust.

"cloud"

For the not-so-big entities, the "cloud" is the go-to for hosting their services. The issues of centralization carry over here too.

As long as you're having to offload data and computation (in raw form) to someone else's computer, that too when the "someone else" has high profit-and-control motives - there're gonna be conflicts with freedom.

ISPs

Even among people aware of the perils of centralization, who're actively promoting and using decentralized, federated alternatives - there still is a aspect of centralization that's typically missed. And that is of how we access the internet!

Currently we rely on huge ISPs to give us the ability to connect to the internet. The current internet, again, is shaped in such a way, that we need centralized intermediaries to help us access it at all.

What are the downsides of it? Control, costs, and extremely sucky defaults. Even if there are multiple innovative anti-censorship tools and approaches, one is still having to fight for what's supposed to be the default anyway! Sucky defaults include terrible privacy policies. The amount of data collection that is the norm, is mindboggling. And for services beyond internet access, like calls and SMS - everything is unencrypted and free-to-be-tapped. And even for encrypted-at-transport communications, there's always the possibility of DPI and other network analysis approaches

perils of licensed frequency bands, and such

The norm with frequency bands for wireless communications, has been to license to particular entities. This allows centralized-capture of what's supposed to be a common-resource.

I dream of a scenario where the best frequency-bands of the day are used for mesh-networks and communication without reliance on centralized infrastructure. Making way for a truly free and community-owned network

data harvests

tracking, ad-capitalism, and other norms

For service providers of all sorts³ ⁴, harvesting consumer data for various purposes has become a common practice. It's not just limited to services one uses online - ISPs tend to have terrible privacy policies and practices, too.

What's the harm, one might ask? Firstly, it's done without true consent. Most people do not know about the kinds of data being collected. Even if they are made to "accept" privacy policies and ToS, hardly anyone reads through. And worse, plenty of people aren't aware of the implications of having their sensitive data collected.

Tracking for targeted ads is one side. But surveillance over practically every aspect of one's digital life; isn't very comforting. All of this data could (and has) led to targeted propaganda, censorship and control over one's access range, etc. And, when data breaches happen, which is rather frequent - sensitive data then comes in the hands of mostly malicious individuals. It leads to all sorts of scams, frauds, identity forgery, and so on.

AI training over data without consent is also being done at scale - and it's not just a privacy nightmare. It's further violation of the freedoms of people to choose what happens with their data.

For entities claiming responsible data management and what not; see zero trust

freedoms and how they are not being met

What are some freedoms pertaining to the Internet? Here are some that come to my mind:

Freedom of Access
Freedom of Expression
Freedom of Choice
Freedom over Data Control (privacy)
Freedom of Communication

Which ones among these are being met? I'd say, none to a satisfiable degree

1. Freedom of Access

Access to the internet has definitely been expanding over time. So have been access to common internet services (media streaming, communication, email, search, etc). But costs still remain - either monetary, or in the form of sacrificing control or data (compromising the other freedoms). The common adage sums it up; "When something is free, you are the product".

2. Freedom of Expression

it's a big topic, and one that has had enough limelight. It goes without saying, though, that the current internet structures (with its centralizations and norms) only ease censorship and penalties.

3. Freedom of Choice

It definitely has been getting better over time, with multiple options among product and services coming to the forefront, and monopolies being curbed by regulatory bodies. It still isn't an ideal circumstance though, when the pool of choices is rather small, and similar. Say if a few competing ISPs at a place have similar freedom and privacy infringements - what good a scenario is it?

We do have choices, but there's not much variability in the downsides.

4. Freedom over data control

This is the most visibly violated freedom at present. People hardly have autonomy over what data of their's is collected. It's common practice by most service providers to extract as much data as they could - see Data Harvests. And in multiple cases, even restrict people from using their services without providing sensitive, personal data (this coincides with what I talked about regarding freedom of access - giving away freedom over data control, to be avail some access) The situation is so bad that, there are entities gathering data that aren't even remotely related to the services they offer. And it all happens in the background, without much awareness and understanding of the consumers involved.

5. Freedom of Communication

At certain places, who you communicate with, and what - is heavily monitored and regulated. Censorship and penalization are highly established. Expression is suppressed, coinciding with the violation of freedom of expression. And it is after all possible because of how the internet is currently shaped - reliance on centralized entities for access and usage is the default

other important factors

security

Fortunately, security is taken as a high priority by all major internet-entities. At this day, transport encryption is a defacto, and the encryption schemes are super strong, too. While data sovereignty (freedom over data control) as a whole isn't given too much attention, data transport and authentication are highly tight.

Data breaches are still pretty frequent to hear of, and that reveals that there still are fundamental flaws that we work super hard to cover. Firstly, why collect data that's not needed at the first place (apart from commercialization ambitions)? Zero Trust. Secondly, the centralization of storage for data also makes it a sole-target for attackers. Thirdly, most cenetralized storage options store data in unencrypted form, making it further vulnerable.

resilience

With the budget of top entities, resilience isn't an issue. Replication, distribution of content and compute, etc, are things that are built "on top" of the foundational networking protocols of today, though. And aren't "part" of them. And hence, the affordability barrier is pretty high.

governance and control

The existence of something as an internet kill switch illustrates just how much centralization of control is out there. Again, current arragements allow it from the grounds up. While the kill-switch is a drastic measure, things like censorship and content-manipulation and tracking are more regularly employed practices, which again is highly facilitated by the fact that control over major aspects lies in the hands of a few.

infrastructure and its maintenance

The centralized design of the internet also entails huge investments required to serve the growing magnitude of people with access to it. The infrastructure required for such handling tends to be super huge and complicated - and require maintenance busying up countless individuals as their full-time jobs.

It also implies that independent entities face a very hard time spinning-up their own services, without relying on the existing bigger organisations.

costs

From the service-provider side, the costs are clear by the point made about infrastructure requirements. From the consumer-side, however, while (monetary) costs to access have gone down significantly - to avail better freedoms, privacy, security, and even convenience (turning off ads, say), the costs again add up.

freeing up

Having established the issues, what can we do about them?

existing efforts

there's a range of approaches tried out to curb components of the issues mentioned so far. here are some of them:

irdest

is an alternative to the typical modes of internet connectivity emphasizes on decentralization, resilience, and uncensorability

gnunet

A substitute networking stack, alternative to TCP/IP focuses on distributedness, privacy, freedom, sustainability and extensibility hasn't caught much momentum, despite carrying the beacon for over two decades

ipfs

Yet another project trying to distribute the world's data. Emphasises resillience and decentralization

reticulum net

is again a complete substitute to TCP/IP focuses include sovereignity, security, and interoperability highly promising, in my opinion

Reticulum is the cryptography-based networking stack for building local and wide-area networks with readily available hardware. Reticulum can continue to operate even in adverse conditions with very high latency and extremely low bandwidth. The vision of Reticulum is to allow anyone to operate their own sovereign communication networks, and to make it cheap and easy to cover vast areas with a myriad of independent, interconnectable and autonomous networks. Reticulum is Unstoppable Networks for The People.

federation

A decentralization model in which the server/entity that handles a user's data is swappable, while stilll being able to communicate with others on the bigger network, regardless of if they are using the same 'homeserver', or otherwise. Examples are mastodon and lemmy

overlay networks

These try to mask the issues of the internet by creating a network 'ontop of the internet'. For example, TOR and I2P are overlay networks that route communication requests through multiple hops in way from the source to the target. This way, the identifying characteristics of the users stay hidden. The emphasis, as might be guessable, is on providing anonymity.

other notable projects

simpleX and its SMP protocol
nomadnet, built on top of Reticulum Net
https://meshtastic.org/
https://github.com/redecentralize/alternative-internet lists a lot of them, too

cloud storage

In an ideal world, what would cloud storages guarantee? Resillience, zero trust security, affordability, privacy, and lack of vendor lock-ins. Are we living in such a world? Clearly not. Privacy-focused cloud storage providers are hard to come by, and even the ones that exist are moderately costly.

My bias is towards distribution and a move away from centralized providers - and efforts like ipfs and storj are pioneering examples of how it could be achieved. There's still a long way to go, with efficiency and network-effects still to be figured out.

cloud compute

Similar to storage, computations one offloads to the cloud are meant to be private - ideally even uninspectable. Unfortunately, we are far from such an ideal world. While apple's recently introduced private cloud compute is a pionnering-step towards it, it's not an open or free solution. Other aspects obviously include decentralization and distribution, and golem.network is one example of how compute could be distributed. It aggregates spare compute of devices, and makes a global pool that could be used as a cloud computer. Many efforts have been done distributed in history, without relying on centralized providers. Examples include the lichess's fishnet, ai-horde's community AI inference, and prime intellect's intellect-1 training run.

There have been progress to reach the ideals in bits-and-pieces. Some other things I am excited about are verifiable computing and homomorphic encryption⁵ - that could allow even further zero-trust establishments relevant to a distributed cloud compute pool of the future - one that respects all the freedoms, is accessible and affordable, and isn't reliant on any centralized entity

"future internet" ⁶

There have been efforts to change the foundational underpinnings of the internet - the protocols used underneath, and so on. Some examples that are described by the umbrella term include SCION and Named Data Networking.

Previously mentioned efforts like reticulum-net, gnunet, and irdest represent some ad-hoc progresses under the same umbrella.

access to the internet

There have been some efforts to improve the state of how the internet is accessed. Something like starlink is pioneering in availing internet to places it was previously inaccessible. Yet it too is based out of a centralized entity. Community mesh networks, like NYC mesh, are another stream of inspiring work. Most of them have good privacy practices, and make availing the internet free, too. It's been dififcult to scale beyond (relatively) small localities.

This is a crucial component to solve towards the vision of a free internet. Mesh-networking based solutions are currently the most tangible route to alleviating dependence on centralized providers for access to the internet. Projects like gnunet, meshstatic, irdest and reticulum net provide some inspiration. So do community meshes, and it wouldn't be a bad roadmap to empower more such options across other places⁷.

zero trust

Murphy's law: "What can go wrong, will go wrong"

The definition of "zero trust"⁸ has often been conflated. What I mean by it here is, having to place no "trust" on any entity for availing any freedom (including those of data security and privacy).

To exemplify - let's say you want to upload your pictures to the cloud for preservation. If you upload it to an unecrypted platform, you are essentially putting 'trust' on the provider to not snoop into your pictures, or misuse them. In contrast - if you encrypt the pictures on your own device, and then upload it to the cloud - it'd be less trust you're having to place on the provider. Yet it's not guaranteed that the provider won't use a 'store now decrypt later' approach. An even more secure approach would be to split up the encrypted files, and distributed them across multiple distributed providers (like done by storj).

The example could be extrapolated to other scenarios too. When a piece of code is open source and the claims are verifiable - you would have to (in principle) put no trust on the makers behind for the enforcement of the claims. It'd be a natural consequence, so to say.

And there are spectrums to how much trust you're having to put on others for freedoms that are supposed to be fundamental.

Some directions towards zero-trust:

prevent collection of data that's not needed
least privileged access
zero-trust encryption
e2ee as the default
distributed data storage
forward-secrecy

the promising potential of the internet

The internet has been a revolution, in information-sharing, communication, collaboration, and so on. The issues presented thus far do present an impediment to full blossoming of this wonderful technology, but it's tractable.

An ideal internet would first of all respect the freedoms mentioned, fundamentally. It'd also be more secure, resilient, and have minimal (if not zero) power concentration. it'd be decentralized. And openness, transparency, and respecting user autonomy and privacy would be top priorities.

There are many ways to get there, some of which I mentioned in freeing up. And there are also plenty of roadblocks ahead, including some potential cons to the upheaval, too. Resistance from well-established entities benefitting from current arrangements, is one of the obstacles. But so is the momentum that's on their side - factoring in the inertia to change people have. And a common concern of "misuse" of further autonomy (though that's something to be concerned about for every technological advancement)

I am optimistic about our odds of evolving this wonderful tech to better foundations. It'd require work and paradigm shifts, but it'd be absolutely worth it to let the internet blossom into more optimal forms to serve humankind more equitably.

Footnotes

Visit the wikipedia page on the Internet for a more thorough exposition

TODO

https://spyware.neocities.org/articles/

⁴

https://tosdr.org/en

⁵

is basically computations in 'encrypted' form, in a way rendering inspectability of what's being computed, practically impossible. we are pretty far off from reaching ideal efficiency for it, though! an active area of research.

⁶

https://en.wikipedia.org/wiki/Future_Internet

⁷

though there might be regulatory obstacles

⁸

https://en.wikipedia.org/wiki/Zero_trust_architecture