(I’ll be updating this regularly during the day. New stuff will be at the bottom of the post, not the top, on the principle that most people reading this will read it only once or twice. Maybe I’m wrong, but that’s the method in my madness. For great to-the-moment info, follow Kevin Marks on Twitter.)
After an amazing Builders Day–a gathering of technologists who talked deep code about the potential to re-decentralize the Web and the larger Internet–it’s the official start of the Decentralized Web Summit. Brewster Kahle, founder of the Internet Archive, convened the event and the archive is hosting it. (My blogging from yesterday is here.)
Note: You can watch a live stream of the event.
Mitchell Baker, executive chair of the Mozilla Foundation and Corp., is launching the day. She has three guiding principles:
- Immediate. Safe instant access to content accessible via a universal address without the need for install.
- Open. anyone can publish content without permission or barrier and provide access as they see fit.
- Agency: user agent can choose how to interpret content provided by a service offering.
It’s not about a particular technology, she says. It’s about much more than that.
Vint Cerf, one of the genuine originators of the Internet, is calling himself the “chief Internet evangelist” in the room. Fair enough. (More below…)
He’s here to talk about a “self-archiving web”–and starts with some Internet lessons:
- Collaborate and cooperate
- Open design and evolution process.
- Anyone can join if they follow the protocols.
- Room for multiple business models.
- Modular design, layered evolution.
- E pluribus Unum
He’s thinking about archiving. Traditionally it’s meant storing a document somewhere. But “think about what we do with software,” with versioning capabilities. The Web is a “complex reference structure,” he notes, and archiving isn’t a trivial issue; it’s really hard.
The Internet Archive takes snapshots. Yet the web is a constantly changing entity or collection of entities. Not only do pages change rapidly, but they look different to different users.
“The web can hardly contain itself,” he notes. Links deteriorate (can we have a permanent link system, as Tim Berners-Lee has called for)? HTML rendering is a challenge because HTML itself changes. Then there are permissions, access controls, and copyright restrictions.
He suggests the Google Docs editing/storage/synchronization process may be a useful way to think about the challenge, especially in the automatic, cooperative replication of pages. Maybe Pub/Sub (publish/subscribe) can work? A definite need is metadata–information about information–and lots of it.
We’ll need software libraries to handle a lot of this. And we’ll need to have ability to run the old software by emulating old hardware.
How will we surf the self-archiving web? Multiple sources and methods of access, to start.
Vint notes that print publications have editions, which are snapshots. A question, then, is how often should we be making snapshots of stuff in the future.
He lists some useful properties of, and issues raised by, a self-archiving web:
- Automatic archive upon publication.
- Do we sign up for this? Cost? Who pays?
- How do rendering engines and permissions work?
- Filter malware?
- How much fidelity to the original? Should links persist? Or just a surface-level look?
- What’s the vocabulary for all this?
Is this official records? Once it’s archived, is a page “an indelible and unalterable instance” (lawyers, start your subpoena engines?)? What about encrypted content? Can we put access controls on individual pieces; e.g. let people see it after 25 years?
What’s the role of containers? Virtual machines are sandboxes, but containers can interact with underlying OS and communicate with each other. Interesting potential.
A question about mobile, which is degrading the web as apps (read: Facebook for the most part) become a primary access-to-info method. Vint isn’t sure he knows the answer. He observes that Android apps now run natively inside the Chrome OS. This isn’t a fix, he acknowledges.
The app space, he says, is almost out of control: too many and an expectation/hope among developers that their specific app, which does one thing, will be what people want and use. He definitely wants Internet of Things not to go there. Web apps may be a useful alternative, an underlying structure. (He semi-ducks a question about business models.)
What about things in archives that we don’t want (right to be forgotten)? In order to remember to wipe something out of index we have to remember it, he says, or else it might come back. It’s not just stuff we generate; it’s the stuff other people generate. He suggests we need better social practices, and says there’s no simple ethical solution on the horizon.
Tim Berners-Lee, the actual creator of the World Wide Web, is up to discuss some of the strategic issues involved in re-decentralizing the web, something he’s advocated repeatedly in recent months.
“The objective was to make something that worked,” he says, connecting a variety of systems and knowledge. He talks about early standards and protocols, and how they had a way of helping get information from here to there. A way to locate pages was part of the process. HTTP was kind of a way to combine the idea of “headers” (e.g. SMTP) and HTML content. Web addresses (URLs) were another vital building block.
One result: anybody could publish and put ideas out there, and anyone could find and link to them. We had a web where we could have good, smart discussions.
He observes the vast creativity that has emerged since then, to turn the web into the huge thing it is where “you can do anything you like”–a fountain of innovative work.
The silo-ization of the web, into silos like Facebook etc., worries him a great deal. People talk in one silo, have pictures in another, and they’re frustrated. The idea that everyone can participate with their own domain, server, etc., is still true but less relevant. And advertising has become the favored way to make money.
This isn’t optimal, he says. If someone claims it is, that’s a myth.
He wants to bring back some of the early ethos, and not letting our data and conversations live inside other people’s silos–bring back a truly decentralized web. He’s working on a project called SOLID, a collection of ideas and technologies aimed at re-decentralizing, in part by separating data from the things applications do to the data. He’s not happy about using the current domain name system, but alternatives are, at the moment, not reliable enough.
Don’t think of URLs as places, he advises. Think of them as names of things you want to see and use. (Big benefits can derive from that including security.)
Again, he says how frustrated the silos have made him. He’s “excited” that we can re-decentralize the web.
How do we persuade non-technical people to not be siloed given how hard it is to use truly decentralized tech? “It’s a really important problem,” he says. He wants “really great designers” to be part of this process. PGP (encryption) is great software, for example, but horrible from a user-experience point of view–and almost no one is working to improve that.
Several follow-up questions are quite technical. Kevin Marks is translating well into English (link at top).
Brewster Kahle is up next. He wrote a pivotal essay last year called “Locking the Web Open,” which helped me crystallize some of my own thoughts about what is happening.
“The way we code the web will determine a lot about how we live our lives online,” he says.
The web is an essential system but it doesn’t have some of the basic structure that preserves privacy, liberty and so much more that we need, he says. And it’s not available everywhere, due to censorship (and digital divide issues).
It’s an ephemeral medium, he says. And it’s being used to spy on people.
Is it reliable? Sort of. Is it private. No. Is it fun? Yes. We get one out of three at the moment. We need all three: reliable, private, fun.
He distinguishes the web from the Internet. A key nature of the Internet as a whole is reliability through resiliency. (“Five guys locked into a room for a year” made it happen.)
He discusses Amazon’s cloud: a decentralized system under one owner’s control. He’d like to make AWS features available to everyone in the world but not under Amazon’s control.
“We want to make it reader-private,” so you don’t fear spies (and others) doing things based on what you read. Writer-private is easier than reader-private.
We also need to think media and how creators can more easily get paid.
Encryption: We won that war in the 1990s, but we use it mostly for online commerce. We can do a lot better, he says. We can use crypto in our browsers in new ways. Blockchain could be part of it as well. Ditto peer-to-peer in new ways.
His proposal: “WordPress, but decentralized.” (Matt Mullenweg should be here…)
Could we do this? Goals:
- Normal browser, no download or plugin.
- Good names, e.g. http://brewsterblog.dweb
- Good performance.
- Fun to post/comment
- User IDs with different roles
With JS as an operating system, it already works at the browser level, he says. He’s demo-ing on a distributed system I mentioned yesterday: IPFS. It worked. Amazing…
Easy names? There are people in the room who are working on this.
Performance needs ISPs and CDNs. Get the hashes closer to users.
Updates need to be decentralized. Mutable torrents, and other possible solutions.
Identity is complex. Bitcoin’s system is a possible model, maybe the basis. Bonus: tipping and commerce included.
“We can have WordPress, but decentralized,” he says. “A lot of the pieces actually exist.”
“We can bake the First Amendment into the code itself.”
Zooko Wilcox, from ZCash, a censorship-resistant digital money system (he’s also doing Tahoe-LAFS).
David Dias is part of the IPFS (interplanetary file system, an amazing achievement in decentralization).
Gavin Wood’s Ethcore is working on ways of improving and expanding on open-source blockchain systems.
Feross Aboukhadijeh works on WebTorrent, a client that runs natively in the browser. BItTorrent launched a hugely successful protocol, but it’s used via applications you install. He’s putting torrent protocol into the browser directly. This has potential for all kinds of data sharing in highly useful ways.
A conversation about whether GitHub is centralized or decentralized. (The answer seems to be Yes.)
Apps are winning on mobile, but browsers are getting more competitive as the standards process (always slower than what a private company can do, says Aboukhadijeh) proceeds.
Wilcox: Facebook’s is winning in part because it can exclude people and add-on services. This can be good for the user experience.
A question: Who pays for all this? Several speakers the payment possibilities inherent in blockchain technology. Also, says Wilcox: With decentraliztion there are fewer risks from current hosting operations.
Chelsea Barabas from the MIT Media Lab leads panel on naming an identity.
She asks for an anecdote illustrating the problem.
Jeremy Rand (Namecoin): Certificate authorities that have power to tell us what websites are authentic can be incompetent, compromised or outright corrupt. If criminals or governments can impersonate a website, that’s “problematic.” Namecoin repurposes BitCoin into a naming system; could be replacement for DNS? Maybe.
Joachim Lohkamp (Jolocom) is working on decoupling data from application, and providing authentication and control of data to users.
Muneeb Ali (BlockStack) asks you to consider how many trust points you navigate in launching BitCoin’s website from your computer. A lot: More than 10. Something wrong with that. BlockStack (decentralizing the DNS as well) wants to fix that.
Christopher Allen has been in this field for many years. Centralization “has a way of creeping in,” he says. He’s working on projects that help the underprivileged–including refugees–have identity systems that give them more rights.
Mistakes from the early days of the web still haunt us, but there were some successes, too. TLS beat back Mastercard and Visa, not a small achievement, notes Allen. Microsoft tried Passport, but no one wanted it to control even a federated system.
Twitter/Facebook/etc. single signon systems are using what had been decentralized tech but don’t allow others to use it with them. A one-way process.
How do we break the cycle?
Lohkamp again stresses decoupling data from applications (Facebook the example of tightly coupled).
Ali: Biggest change is BitCoin, which solved a hard problem, namely trust, via a neutral playing field where identity can be created and verified.
Rand: Lots of attempts to replace cert authorities, with no success. He, too, likes BitCoin’s ability to evade the third-party control.
Cory Doctorow has been thinking as long and hard about technological control-freakery as anyone.
He starts with advice: Use the will-power you have now, when you’re strong, so you’ll not do the wrong thing when you have a moment of weakness. It goes to “how we build things that work well and fail well.”
The web is closed today because “just like you make compromises.” Little compromises, one after another. We discount future costs of present benefits.
Make it more expensive. Take options off the table now.
Pressure on browser vendors and other tech companies means they won’t block Google Docs. But the GPL is locked open, incapable of compromise, and because it’s indispensible it’s being used. Hence Linux, which uses GPL.
Cory talks about a variety of projects that are more and less open and free in all senses of the word.
Systems that work well and fail badly die in flames. GPL is designed to fail well. No one wants to take the risk of suing and setting a bad precedent.
He turns to DRM, which he’s trying to destroy (in a project with the Electronic Frontier Foundation), pointing out that it doesn’t work well but that the Draconian DMCA (Digital Millennium Copyright Act) is a powerful weapon deterring people from tampering with it–including security researchers.
DRM has metastasized, he says, to control how purchasers can use or fix all kinds of products including cars. It’s in, um, rectal thermometers. Now it’s in web browsers, to prevent some videos from playing or being turned into screencasts.
No legislature has banned what companies are banning to stop user conduct. Worst, he says, it “turning browsers into no-go zones” and the impact on security research. When the W3C did this, it compromised in a small but terrible way, he says.
It’s the sum of a million tiny compromises. We thought if we refused to compromise, others down the road would do it.
Companies frequently abuse standards bodies to achieve control (via patents), he says. But W3C has a good policy on patents; they can’t be used in the process.
How do we keep DMCA from colonizing the open web? We participate in the open web. Take the control systems off the table, now, he says.
The EFF has proposed this at W3C, and in proposals for DMCA exceptions for medical implants.
We can go further, he says. Law is required. So is giving each other support.
We have to agree now what to take off the table, to prevent tomorrow’s compromises. Two principles:
One: When a computer receives conflicting instructions from its owner and third party, the owner always wins. Systems should only be designed so remote instructions cannot be followed without owner’s consent. Otherwise, among other things, you create security risks.
(While we’re at it, throw away the Computer Fraud and Abuse Act).
Two: Never give corporations or the state the power to silence people who find flaws.
Be hard-liners on these principles, Cory says. If you don’t safeguard users from control, you will be remembered badly.
We can’t lock it open forever. We can leave behind the material to leave a better world.
David Reed asks why Librarian of Congress is the only person who can make exceptions to DMCA. Librarian can agree to exceptions, but can’t permit anyone to make the tools to do so.
EFF will change this in legislatures by increments, and with litigation challenging constitutionality of the DMCA altogether.
Panel: values and the decentralized web.
[Got derailed temporarily…back now.]
A wide-ranging discussion about the need to create infrastructure that contemplates good practices ahead of time. This resonates with Cory’s talk.
Wendy Seltzer from the W3C is talking about how standards follow layered principles on which the net itself was built, where most of innovation rides on top of the lower layers.
How do we build reader privacy into all this? Max Ogden (dat project) disagrees with people who say software isn’t political. “We have control over intent,” he says, encouraging encryption by default including transport. Support initiatives like that, he suggests.
(My net connection was down for a bit…
Now it’s “security in a world of black hats” — a key topic in thinking about a decentralized web.
Moderator Ross Schulman of the Open Technology Institute asks, what is your threat model?
Paige Peterson of Maidsafe (encrypted communications) talks about protecting against “large actor” (read: nation state), is talking having networks monitor themselves via various nodes.
Tor’s Mike Perry: A great number of threats, depending on the user, but everything from nation-states to adversaries trying to monitor the users. Approach: eliminating single oints of failure.
Brian Warner, working on Tahoe-LAFS: trying to allow users to use servers but not totally depend on them for security.
Van Jacobson (Google and Named Data Networking Project; see yesterday): If producers of info sign it, sig lets network check to see if it’s been corrupted. Receiver has the choices. For sender who wants message to be read, credentials needed.
What can we export from centralized systems re security for decentralized?
Warner: We don’t know much about users since we don’t monitor them, where centralized systems can report failures more easily.
Peterson talks about evolving codebase due to evolving features. Moved from C++ to Rust, aimed at developers looking for more modern languages and for longer term sustainability.
Jacobson says physical locality can be a factor in trust. He gives the example of his house, where devices might trust each other but nothing outside.
Perry talks about how the organization works to prevent single points of failure. Fascinating and complex mixture of machine and human rules. He’s describing multiple levels of protection.
Brewster wonders how Tor can help others provide better reader privacy. Warner says the more applications that run over Tor, the better. He notes that it’s too easy to leak information about IP address, etc. Think about protocol weaknesses early, not late, he says.
Final panel: How might we decentralize scientific journal articles.
Note: this is ultimately a demo that should be watched via the stream.
Juan Benet, IPFS (interplanetary file system), goal to make internet work across everything, everywhere. “We care about lifting the web from its location.”
Trent McConaghy, BigChainDB and IPDB (latter is interplanetary database): data existing in distributed ways. Ways of storing data are permeable. “It’s just there.”
Evan Schwartz, InterLedger: If we want to build payment systems, we have to pick specific existing networks. Already been solved for information: the Internet. Routing packets over disparate networks. This is about routing packets of money over disparate networks.
Denis Nazarov, MediaChain: lets participants describe media and ID it. Uses Content ID.
Karissa McKelvey, dat project: Decentralize data the way universities and labs already are. We help them share in P2P way.
Each of them demos what their projects. For today’s purposes, we’re seeing some potential interoperation. It’s not hard to imagine how these technologies could fit alongside and into each other.
Brewster Kahle sums up the day. The key question now: What do we do next?
Foundations can help us get over some of the humps. Do we need a bunch of conferences? Awards? Lock some of it open? Licensing requirements on distributed code?
He thanks everyone for joining this gathering.
Last word: “Let’s build the decentralized web.”