People here are bringing up the difficulty for a regular user to set up HTTPS.
I want to go one further: WHY does a regular user need to buy a human-readable domain name, maintain it, and pay for a hosting company to host on that domain?
It used to be worse - you had to have your own machine or use some crappy shared hosting service. Amazon figured out that letting people share managed virtual machine instances was good savings. That’s now called “the cloud” but it’s still under the control of some landlord - Amazon, DigitalOcean, etc.
Let’s face it, the easiest thing we have today is some web based control panel by CPanel running on some host that charges $5/month or something.
It’s 2018. Why don’t we have something like MaidSAFE and Dat working yet? We should have:
1) End to end encryption
2) One giant, actually decentralized cloud composed of all nodes running the software
3) Storing chunks of encrypted data using Kademlia DHT or similar
4) Maybe even periodic churn on the back-end so you can’d find and collude with the servers hosting the chunks
5) All underlying URLs would be non-human-readable and clients would display (possibly outdated) metadata like an icon and title (this metadata may change on the Web anyway). Storing and sharing could occur using QR codes, NFC bluetooth, Javascript variables, or anything else. For static files, the links could be content-addressable.
6) All apps and data would be stored encrypted in the cloud and only decrypted at the edges. They would run on the clients only. Apps could also be distributed outside the cloud, but usually just via a link to a cloud URL.
7) Communities would likewise be just regular users, rather than private enterprises running on privileged servers running some software like github is now. No more server side SaaS selling your data or epic hacks and breaches.
8) Users would have private/public key pairs to auth with each community or friend. They would verify those relationships on side channels for extra security if needed (eg meet in person or deliver a code over SMS or phone). Identity and friend discovery across domains would be totally up to the user.
9) Private keys would never leave devices and encryption keys would be rotated if a device is reported stolen by M of N of other devices.
10) Push notifications would be done by shifting nodes at the edges, rather than by a centralized service like Apple or Google. In exchange for convenience, they can expose a user to surveillance and timing attacks.
No more waiting endlessly to be “online” in order to work in a SaaS document. The default for most apps is to work offline and sync with others later.
No central authorities, CAs or any crap like that. Everything is peer to peer. The only “downside” is the inability to type in a URL. Instead, you can use one or more indexes (read: search engines) some of which will let you type existing URLs, or something far more user friendly than that, to get to resources.
Domains and encryption key generation would be so cheap that anyone can have a domain for a community of any kind, or even just for collaborating on a document.
There won’t any longer be a NEED for coupling domains to specific hardware somewhere, and third party private ownership/stewardship of user-submitted content would be far less of a foregone conclusion, fixing the power imbalance we have with the feudal lords on the Internet today.
Once built, this can easily support any applications from cryptocurrency to any group activities, media, resources etc.
If you are intrigued by this architecture, and want to learn more or possibly get involved, contact greg+qbix followed by @ qbix.com - we are BUILDING IT!
> I want to go one further: WHY does a regular user need to buy a human-readable domain name, maintain it, and pay for a hosting company to host on that domain?
Because there's no interest in that. Getting a domain name is already cheap and easy.
> Storing chunks of encrypted data using Kademlia DHT or similar [...]
I've yet to see any P2P system have low latency, high speed and high reliability.
> All underlying URLs would be non-human-readable and clients would display (possibly outdated) metadata like an icon and title (this metadata may change on the Web anyway). Storing and sharing could occur using QR codes, NFC bluetooth, Javascript variables, or anything else. For static files, the links could be content-addressable.
Why?
> The only “downside” is the inability to type in a URL.
Good luck saying to your friend the nice webstore you got your hoodie from is [insert non-readable non-pronounceable url].
> and third party private ownership/stewardship of user-submitted content would be far less of a foregone conclusion
This is unacceptable for law enforcement
> If you are intrigued by this architecture, and want to learn more or possibly get involved, contact greg+qbix followed by @ qbix.com - we are BUILDING IT!
I'm not trying to advertise, but Beaker browser does a real good job of making p2p delivery transparent to the end user. It's probably slower than most sites in normal usage, but certainly acceptable speeds for static sites, and it performs better under the hug-of-death a site gets when posted on Hacker News. :)
Plus, it already has existing methods to map DNS records or servers to the p2p records, so I can access dat://beakerbrowser.com/ or dat://epa.hashbase.io/ and get it served across the p2p network or pull it up offline if I've viewed it before.
> The only “downside” is the inability to type in a URL.
This is not tenable. You have to solve Zooko's Triangle or no one will use your thing. That's the existing problem with Dat, which otherwise works wonderfully.
Because people don't just send URLs around online? If you tell people your site address in person/by phone/in a non tech context, they need to be able to type it in easily enough.
So you can just have your company’s NAME on Google let’s say. Many people actually type stuff into Google instead of the address bar. They don’t even know the difference!
And honestly, I know what it is like to dictate a phone number or name over the phone. You have to spell it out, then they say it back to you. They say “C like Charlie”. Seriously? This is what you are saying people will WANT to preserve this crap?
No way. People will be very happy to get rid of dictating stuff on the phone. How about AT LEAST copypasting into a text? Using words to dictate an address or phone number requires error correction and super slow annoying transmission.
And if you DO tell people something, it is usually typed into a search engine. What if I want to share a URL that’s more complex than “nytimes.com”? What if I want to share an article on NYTimes? HAVE YOU EVER DICTATED THAT TO SOMEONE? So come on. The most you can comfortably do via manually typing what you heard into an address line is to go to the fromt page of a website. That’s a tiny subset of the URLs.
I want to go one further: WHY does a regular user need to buy a human-readable domain name, maintain it, and pay for a hosting company to host on that domain?
It used to be worse - you had to have your own machine or use some crappy shared hosting service. Amazon figured out that letting people share managed virtual machine instances was good savings. That’s now called “the cloud” but it’s still under the control of some landlord - Amazon, DigitalOcean, etc.
Let’s face it, the easiest thing we have today is some web based control panel by CPanel running on some host that charges $5/month or something.
It’s 2018. Why don’t we have something like MaidSAFE and Dat working yet? We should have:
No more waiting endlessly to be “online” in order to work in a SaaS document. The default for most apps is to work offline and sync with others later.No central authorities, CAs or any crap like that. Everything is peer to peer. The only “downside” is the inability to type in a URL. Instead, you can use one or more indexes (read: search engines) some of which will let you type existing URLs, or something far more user friendly than that, to get to resources.
Domains and encryption key generation would be so cheap that anyone can have a domain for a community of any kind, or even just for collaborating on a document.
There won’t any longer be a NEED for coupling domains to specific hardware somewhere, and third party private ownership/stewardship of user-submitted content would be far less of a foregone conclusion, fixing the power imbalance we have with the feudal lords on the Internet today.
Once built, this can easily support any applications from cryptocurrency to any group activities, media, resources etc.
If you are intrigued by this architecture, and want to learn more or possibly get involved, contact greg+qbix followed by @ qbix.com - we are BUILDING IT!