Ask HN: Is a P2P browser possible?
I'm wondering--if the FCC succeeds in passing their awful law, if Americans will develop some sort of P2P browser (or connection), to get either full speed or better speed than before.
Would something like this be technologically possible?
48 comments
[ 8.5 ms ] story [ 120 ms ] threadhttps://freenetproject.org/
https://zeronet.io/
https://geti2p.net/en/
There's means for dynamic content too: IPNS and Pubsub, the latter was on HN just 3 days ago: https://news.ycombinator.com/item?id=15879752
> However, note that the official client comes with "blocklists" which may be used for censorship
There's no blocklists in any of the IPFS clients and libraries at the moment. However there are plans for opt-in, community-maintained blocklists that'll allow communities to govern what content they allow.
If IPFS ever does take off, this is crucial to avoiding the reputation stink as "that piracy thing" which bittorrent currently enjoys.
ISPs could easily provide you a high speed to Netflix, Amazon, and Youtube's IP ranges. and limit it to 10kbps otherwise.
On the other hand, a whitelist can be much shorter (Facebook, Youtube, Google, that's maybe 50 entries including the CDNs) and simpler (don't pay? not in it.)
Wouldn't they reduce YouTube resolutions and similar things, like they've done in the past?
I think Net Neutrality should also address this.
It also kind of prevents people from running servers at home but renting a server with average connection quality (what you'd get at home, no multiple redundancy and excellent peering) is not much cheaper than the energy costs of running it at home (at least in Europe). So I doubt that this is the main motivation for ISPs.
I was wondering if there was something to decentralize downloading anything without any intervention from the author.
So far nothing like that exists, but potential is huge. Effectively disrupt any cloud service as we know today and make a lot of money without building big and costly hw infrastructure.
Call me Cassandra, but I think it will eventually happen. Come back to this in 10years. :D
There are also decentralized VPN-like networks such as Zeronet and Docker overlay that route peer to peer and plain VPN which requires traffic routed through a central server. Which are very efficient and as a bonus, traffic is encrypted at least part of the way and thus can't easily be tampered with without raising red flags.
Then there is decentralized file hosting like Dat, IPFS, and if you want to go old school Bittorrent (though that has centralized trackers). All are great for spreading bandwidth across hosts and if throttling is bandwidth per destination IP based it might be an effective way to get around it.
None of them would be great at preventing throttling though, except in that they would be less obvious than large amounts of data coming from a central source. But ISPs could "solve" that but using a white list to make some sites immune to limits but have destination IPs severely limited by default.
Overall, I'm not worrying about throttling of websites. I'm worried about throttling of protocols and tampering with websites. An ISP can easily say, for example, only allow some ports to go limitless and completely cripple any other ports. For example... forcing customers to use their DNS which is a big privacy concern.
Edit: Just to add to that DNS piece. I've always felt that Namecoin and the like are underrated. That is to say, DNS on the blockchain. It is an awesome use of blockchain tech that provides both transparency and allows users to look up domains 100% anonymously. Tor and Zeronet both have decentralized service lookup (others do as well, I'm sure) but the service names are often hashes not something friendly,
Why can't I serve a HTTP header or status code to update DNS? Why does propagation take hours when a simple pub-sub model would have worked and been a couple seconds of latency at most? How does DNS, something more important to get right than cryptographic certificates authorities, not come secure by default? How is it that a wildcard cert costs 10x as much as a TLD? Why does my browser not come pre-loaded with the top million DNS records? It would be a couple dozen megabytes (uncompressed).
The whole thing seems so stupidly put together.
Hindsight is 20/20.
It's the same reason why FTP is terrible, and SMTP allows spoofing. The DNS protocol has been updated with additional record-types over time, but the protocol itself is largely unchanged since the time it was created, when the network was smaller, and the world was more trusting.
1) Most websites are actually web applications which have to maintain state via cookies over a TLS secured TCP connection. This means that any indirection must involve tunneling TCP connections, which timeout fairly quickly and require several round-trips to setup.
2) Even when websites are read-only and have no state to maintain, there is no common way for a peer to prove that content is authentic. Unfortunately, the authenticity 'guarantee' that TLS provides does not transfer to a third party [1]. There is a proof of concept server implementation for non-repudation over TLS [2], but every website would have to choose to implement it, and there aren't many incentives to do so.
The best you could do here is trying to reach a consensus about what the content of a page is, but you would have to account for subtle or not-so-subtle differences between requests by different clients at a different time.
[1] https://crypto.stackexchange.com/questions/5455/does-a-trace...
[2] https://tls-n.org/
[1] https://ipfs.io
The problem you'll run into is physical infrastructure. At some point you can't escape the fact that you need to transmit packets over a great distance. This infrastructure comes at great cost and is best distributed and shared amongst everyone much like the highways.
Opera created a peer-to-peer browser not long before going under, Unite IIRC. The browser was both a client and server, you had a virtual fridge to put messages and photos on, could open folders on your computer to any subset of your chosen peers, etc..
I was really excited about the prospects it seemed to offer; I blogged about it at the time, http://alicious.com/opera-about-to-change-the-world/.
Maybe, akin to all the new startup's that don't actually own the infrastructure (Uber/Cars, Airbnb/Housing, Amazon/Retail), a startup could enable with the existing resources to rent people's machine's to each other.
Not to bring everything back to buzzwords, but that actually seems like an interesting application of blockchain tech, letting people rent out their otherwise idle desktops to process and serve web services.
1. You need to be able to verify that the other party is honest
2. When the data is intensive, you need to make sure that the computation is opaque to the computer. This is still an active research area, I believe. One of the keywords I associate with it is homomorphic encryption. Alternatively, consensus or verification can be done, with other zero-knowledge proofs or something similar perhaps.
https://en.wikipedia.org/wiki/Homomorphic_encryption
https://blog.maidsafe.net/2017/12/11/safe-network-autumn-win...
A P2P caching proxy for in front of your existing browser: https://github.com/Psybernetics/Synchrony