Maybe you have noticed it. Privacy is an issue. A bit strange since there are only 9 days left until the new EU General Data Protection Regulation (GDPR) will become fully enforceable throughout the European Union.
So before end of May 2018 all organizations that process data of EU citizens must comply with this General Data Protection Regulation. Determining how to design and improve your systems to meet the GDPR is not straightforward. The Internet was not designed with security and privacy in mind.
So instead of investing a lot of time and money to get privacy right in an environment that is hostile to privacy why not build an alternative Internet that has privacy build-in?
The good news is: A lot of people have had this idea the last ten year. Even better news: Smart people started to actually build a new Internet where privacy and security are taken into account from the start. Some great examples of this idea are:
- Edgenet. Edgenet is a peer-to-peer opportunistic network built over mobile devices (and potentially home routers). Edgenet was a concept, build upon many already existing layers (ZeroMQ, Zyre). Pieter Hintjens started this initiative and did a successful fundraising. Even a working concept was built. However when Pieter died the community around this project felt apart.
- Cryptosphere. The Cryptosphere is a global peer-to-peer cryptosystem for publishing and securely distributing both data and HTML5/JS applications pseudonymously with no central point of failure. It’s built on top of the next-generation Networking and Cryptography (NaCl) library and the Git data model. But despite getting a working prototype, also this initiative died.
- GNUnet. GNUnet is an alternative network stack for building secure, decentralized and privacy-preserving distributed applications. GNUnet is alive and kicking, so you can use it today directly, e.g. for secure filesharing. A number of applications for GNUnet are already developed, and the foundation is alive and getting better and better. E.g. the GNU Name System (GNS) is a now a fully decentralized and censorship-resistant public key infrastructure.
- Freenet. Freenet is free software which lets you anonymously share files, browse and publish “freesites” (web sites accessible only through Freenet) and chat on forums, without fear of censorship.
Currently there are also new initiatives emerging for a privacy friendly decentralized Internet. Most are blockchain enabled but not all. These new initiatives do offer in essence the same functionality as GNUnet or Freenet, but have some more demo applications working already. To name a few currently very active projects:
- Blockstack. Blockstack claims to be a new internet for decentralized apps.
- IPFS. IPFS aims to replace HTTP and build a better web for all of us.
- Dat Project. Dat is a nonprofit-backed community & open protocol for building apps of the future. The Dat Project imagines a web of commons created by global communities on open and secure protocols. With more and more applications are being creating e.g. ScienceFair, this project has also working applications in real life.
- Solid. Solid aims to radically change the way Web applications work today, resulting in true data ownership as well as improved privacy. Solid is based on Linked Data principles. This project is created by Tim Berners-Lee, inventor of the World Wide Web.
- OpenBazaar. OpenBazaar is a different way to do online commerce. It can be best compared with eBay. OpenBazaar is a peer to peer application eBay platform that doesn’t require middlemen, which means no fees & no restrictions. OpenBazaar makes use of IPFS.
These new initiates are all promising from a privacy, security and technology point of view. Choosing a project to dive in can be hard. Some questions you should ask yourself to help before experimenting with a new Internet alternative are:
- Is the foundation creating the technology real open in all aspects?
- How is privacy and security guaranteed with the alternative Internet / application platform?
- What drives the foundation, company and people who are developing this platform or applications for this platform?
- How open is the platform and the community?
- Is it possible to move your data and applications to another decentralized platform without extreme effort?
- How decentralized is the platform and the governance for the platform arranged?
- What rules are in place to steer the developments? How are the rules controlled and managed?
There is no perfect platform or community, so make your own choice, based on your principles. The massive tracking and tracing of users on the Internet is fuel for developing these new privacy friendly alternatives. All new initiatives are based on the principles for real freedom without centralized control. However all platforms do have rules to make sure core principles are guarded.
A decentralized privacy friendly internet should be an Internet where users don’t need to trust intermediaries or companies for following GDPR principles. In a privacy friendly Internet users control their own data they expose. So as user you are responsible for managing your own privacy. No longer is massive sharing and selling of your personal data technical possible without your approval. So no more fingerprinting and other techniques on a new privacy friendly Internet.
This blog post will be added (after rewrite) as an extension on the ‘Open Reference Architecture for Security and Privacy‘. We are working on an renewed version. Please join us!