• Combating privacy and website takedowns, HTML5 to the rescue

    by  • January 24, 2012 • HTML5, Journal, Programming • 1 Comment

    In light of the recent SOPA protests and the takedown of MegaUpload, one of the worlds largest file download sites and at one point, the 13th most popular website on the internet, some of the various internet communities have started to wonder how to protect themselves in the future, even if they aren’t doing anything wrong.

    There already exists a variety of different ways that users can increase their own security while being online. One of the most popular of these is the Tor Project which is a piece of free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy.

    Tor works by creating an encrypted link from client to server through a series of intermediate nodes, each node only knows the previous and next node and thus can not map the entire path, and thus an intermediate link can not determine source or origin via traffic analysis.

    To construct the list of intermediate nodes, the client must first connect to a Tor server to download the list of nodes, however it is moving towards a mesh model to store these.

    I’ve always liked the concept of Mesh networks, they  are a type of network where there is no one server, each node in the network acts as both client and server.

    This idea got me thinking when I was reading peoples ideas on how to solve the takedown or DNS seizures that are occurring; one person was suggesting constantly changing the domain address, i.e. create a single ‘floating’ domain. From this I thought why not create a mesh network, where there is no one website domain, but a large number of ‘floating’ domain names that are constantly being made or changing which form a mesh network to provide content, all the user needs to know is one of the possible hundreds of available web addresses at any one time.

    This idea still doesn’t sound that unique because it is still just servers holding the data but talking to each other indirectly, but then I thought why can’t the users visiting the website actually be the resource hosting the websites content; effectively acting as a huge replicated file store which is then combined to build the webpages and other files.

    This is nice but still doesn’t give website owners and users much security, so the concept behind the Tor Project could be integrated where data is sent via indirect encrypted paths with limited mapping information.

    How could this be done? – Well HTML5 of course!

    HTML5 introduces the WebSocket API, allowing client host communication, this as well as the existing AJAX support means we have a rich framework to communicate between nodes, and the encrypted communication themselves can utilise a modified version of the Tor protocol. Clients could even utilise Google search to find other client websites to aid node discovery . For content storage, we can use the HTML5 Web Storage API to locally cache content (encrypted of course!). For even more security the user could use Tor to visit the initial web page.

    So WebSockets can be used for the initial connection to a DHT – Discovery host, but for the Peer to Peer stage within the mesh network would be done via WebRTC – Real Time Communications between browsers. This is currently in the draft phase by W3C but when / if it becomes a reality, I believe this will lead to Web 3.0 just as AJAX led to Web 2.0

    Why not use a dedicated app?

    It would be reasonable to suggest the use of a dedicated application, but the reason for creating this concept as a series of websites is that it bypasses a lot of application blocking found on some systems, and most dedicated applications; such as Tor or most BitTorrent apps do not host webpage content but only files.

    Privacy, we can rebuild you, we have the technology!

    About

    Software engineer. Tea drinker

    http://MrPfister.com

    One Response to Combating privacy and website takedowns, HTML5 to the rescue

    1. James
      January 25, 2012 at 4:58 am

      Interesting. You could but websites are rarely static any more. The distributed node concept would have difficulty unless the ttl on the content was low causing it to croud update often based on timestamps.

      That would even work for large file sets (such as those you’d find for large content sites) as long as the files were immutable. As soon as they were dynamic you’d have a bandwidth issue.

      Nice thinking Kevin.

    Leave a Reply

    Your email address will not be published. Required fields are marked *