mirror of
https://codeberg.org/lethe/mayvaneday-mu
synced 2025-01-05 01:15:50 +01:00
70 lines
12 KiB
Text
70 lines
12 KiB
Text
> Let's Decentralize: alternatives to the standard Internet stack
|
|
|
|
This is a NomadNet page (directory? node?) dedicated to methods of decentralized publishing on the web. The name is a reference to Let's Encrypt: what they did for securing network transmissions by offering free TLS certificates, making HTTPS possible for small indie servers, this page(?) hopes to do for web hosting by offering simple instructions on how to host a website at home as opposed to spending exorbiant amounts of money on hosting on someone else's server. Other than the (optional) purchase of a Raspberry Pi or other small server if one wants to go the client-server route (or have a seedbox for their peer-to-peer sites), `!none of these options require any money to be spent`!, meaning there will never be any `F908`_`[web3 nonsense`https://web.archive.org/web/20240106003325/https://soatok.blog/2021/10/19/against-web3-and-faux-decentralization/`]`_`f on this page and there `F908`_`[never will`https://web.archive.org/web/20240106003709/https://www.stephendiehl.com/blog/web3-bullshit.html`]`_`f.
|
|
|
|
>> Routing networks: these are ways to set up a standard client-server connection for applications.
|
|
|
|
`!Tor`! is "free and open-source software for enabling anonymous communication by directing Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays in order to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis." `F908`_`[Wikipedia`https://en.wikipedia.org/wiki/Tor_(anonymity_network)`]`_`f
|
|
|
|
Tor is not a silver bullet (many websites block visitors coming from known Tor exit nodes, and Google's captchas are notoriously slow, although this is due to Google being assholes), but it can be a massively helpful tool for breaking through firewalls or concealing one's browsing habits from traffic sniffers. Programs can be configured to use Tor via a SOCKS proxy or by a wrapper like `_torsocks`_.
|
|
|
|
Although it is not Tor's primary purpose, as a side effect of its routing methods, it can also be used to set up "hidden services", or websites/services that can only be accessed through Tor.
|
|
|
|
`!I2P`! is "an anonymous network layer (implemented as a Mix Network) that allows for censorship resistant, peer to peer communication. Anonymous connections are achieved by encrypting the user's traffic (by using end-to-end encryption), and sending it through a volunteer-run network of roughly 55,000 computers distributed around the world." `F908`_`[Wikipedia`https://en.wikipedia.org/wiki/I2P`]`_`f
|
|
|
|
Unlike Tor, I2P's primary purpose is to facilitate hidden services. While "outproxies" exist to route clearnet traffic through I2P, these are slow, rare, and cannot guarantee any amount of privacy. Therefore, programs configured for I2P should ONLY be used for I2P. Because I2P's routing is peer-to-peer instead of through dedicated "guard" and "entry" nodes like Tor, sometimes it can fail to create routes to servers, meaning sites that are up may appear to be down on occasion.
|
|
|
|
`!Lokinet`! is a decentralized onion router that uses the same service nodes as the Loki/Oxen blockchain (developed by the same team) for routing. Because servers that want to be service nodes are required to meet a minimum standard for bandwidth and processing power, Lokinet is (at least, according to the documentation) near-guaranteed to be fast and low-latency. `F908`_`[Lokinet homepage`https://lokinet.org`]`_`f
|
|
|
|
It uses a system-wide local DNS server that only handles domains ending in `_.loki`_, so it neither interferes with clearnet traffic nor requires programs to be specially configured for Lokinet. While Tor can only handle TCP traffic, Lokinet can handle any IP-based protocol, including UDP, ICMP, `*and`* TCP. Lokinet seems to only be able to grant each device `*one`* address, meaning that hosting more than one hidden service (or "snapp" as the official documentation calls them) requires configuring subdomains in one's web server configuration.
|
|
|
|
`!Yggdrasil`! is "an early-stage implementation of a fully end-to-end encrypted IPv6 network. It is lightweight, self-arranging, supported on multiple platforms and allows pretty much any IPv6-capable application to communicate securely with other Yggdrasil nodes. Yggdrasil does not require you to have IPv6 Internet connectivity - it also works over IPv4." `F908`_`[Yggdrasil homepage`https://yggdrasil-network.github.io`]`_`f
|
|
|
|
Unlike the other routing networks listed here, Yggdrasil uses IPv6 addresses instead of public keys. Thus, while not particularly anonymous, it can coexist with standard DNS resolvers; the IP Yggdrasil gives can be assigned to any standard domain or subdomain's AAAA record (although obviously it will require Yggdrasil to access). From personal experience, Yggdrasil does not seem to play nicely with Linux distributions not using `_systemd`_ as their init system.
|
|
|
|
`!Reticulum`! is "the cryptography-based networking stack for building local and wide-area networks with readily available hardware. Reticulum can continue to operate even in adverse conditions with very high latency and extremely low bandwidth." `F908`_`[Reticulum homepage`https://reticulum.network`]`_`f
|
|
|
|
Reticulum can connect peers over anything from traditional TCP/IP networks to darknets like Yggdrasil and I2P to exotic networking interfaces like LoRa and packet radio. All packets are encrypted; unencrypted packets are forcibly dropped from the network.
|
|
|
|
You can't (currently) directly host webpages over the Reticulum network, but a tool for both chat and hosting pages already exists: NomadNet.
|
|
|
|
>> Peer-to-peer website sharing: these are ways to publish documents or, well, `*websites`* without the need for a centralized server.
|
|
|
|
`!ZeroNet`! is "a decentralized web-like network of peer-to-peer users... Instead of having an IP address, sites are identified by a public key (specifically a bitcoin address)." `F908`_`[Wikipedia`https://en.wikipedia.org/wiki/ZeroNet`]`_`f
|
|
|
|
ZeroNet is basically BitTorrent for websites, where instead of domains, websites are identified using a Bitcoin public key (although ZeroNet supports `F908`_`[a few ways`https://proxy.zeronet.dev/1NAMEz7stUPZErkV1d3yLkVWQFa4PTqDNv/`]`_`f to `F908`_`[link a public key`https://www.namecoin.org/`]`_`f to a ZeroNet-specific domain name). Unlike traditional BitTorrent, however, "zites" (ZeroNet sites) can be updated after they have been originally published while retaining the same key and peers.
|
|
|
|
Because ZeroNet is not a client-server network, traditional website applications like WordPress that require server-side languages like PHP will not work on it. ZeroNet works best with static sites (HTML/CSS/client-side JavaScript), or you can use `F908`_`[CoffeeScript and ZeroNet's special APIs`https://web.archive.org/web/20240108145827/https://zeronet.io/docs/site_development/getting_started/`]`_`f to create decentralized applications.
|
|
|
|
Please note that development in the `F908`_`[official repository`https://web.archive.org/web/20240108145934/https://github.com/hellozeronet/zeronet`]`_`f seems to have halted completely. The main developers are AWOL, and (almost?) all attempts to contact them have failed. There are multiple forks of the ZeroNet code by people seeking to continue development, but all the ones we (the webmasters) have seen have either also slowed/stopped development-wise or are developed by individuals we do not consider trustworthy enough to keep such a high-risk application as ZeroNet secure. If you `*must`* run ZeroNet, run it in a virtual machine, preferably also with a VPN and an isolated network.
|
|
|
|
`!IPFS`! is "a protocol and peer-to-peer network for storing and sharing data in a distributed file system. IPFS uses content-addressing to uniquely identify each file in a global namespace connecting all computing devices." `F908`_`[Wikipedia`https://en.wikipedia.org/wiki/InterPlanetary_File_System`]`_`f
|
|
|
|
Similar to BitTorrent, IPFS allows its users to both receive data from other users who are hosting the file and to share that data in turn with other users looking for that file. Unlike BitTorrent, it seeks to create a unified global network. Files use hashes, meaning if two users publish the same file, that file will be available under the same hash.
|
|
|
|
While IPFS hashes themselves are immutable, meaning they cannot be changed once published, IPFS supports `F908`_`[a system called IPNS`https://web.archive.org/web/20240108150343/https://medium.com/coinmonks/how-to-add-site-to-ipfs-and-ipns-f121b4cfc8ee`]`_`f where the hash can be of a peer themselves instead of the file, enabling mutable (re-writable) files and folders and ultimately websites.
|
|
|
|
`!Hyphanet`! is "a peer-to-peer platform for censorship-resistant communication. It uses a decentralized distributed data store to keep and deliver information, and has a suite of free software for publishing and communicating on the Web without fear of censorship." `F908`_`[Wikipedia`https://en.wikipedia.org/wiki/Freenet`]`_`f
|
|
|
|
Hyphanet's first release (then named Freenet) was on March 2000. It is (probably) the oldest project on this page (other than Gopher), and is still receiving regular updates to this day.
|
|
|
|
Unlike ZeroNet and IPFS, you do not necessarily have control over the data that is seeded on your device. Data is split into several small blocks, which are replicated to multiple nodes. You designate a set amount of disk space to give Hyphanet (usually between fifteen and fifty gigabytes), and it caches the most popular information on the network. The more frequently accessed a Hyphanet site is by Hyphanet users, the more users that will seed the content. Data is encrypted on disk, and can only be accessed through Hyphanet's web interface.
|
|
|
|
`!Hyperdrive`! is a "secure, real-time distributed file system designed for easy P2P file sharing." `F908`_`[Hyperdrive homepage`https://docs.holepunch.to/building-blocks/hyperdrive`]`_`f
|
|
|
|
Hyperdrive is the successor to the `F908`_`[Dat protocol`http://web.archive.org/web/20230702162753/https://dat-ecosystem.org/`]`_`f. You can deploy static webpages, which can be viewed in a browser that supports `_hyper://`_ such as `F908`_`[Beaker-ng`https://github.com/Alex313031/beaker-ng`]`_`f or `F908`_`[Agregore`https://github.com/AgregoreWeb/agregore-browser`]`_`f. The main implementation is unfortunately written in Node.js.
|
|
|
|
>> Protocols: sometimes HTTP just isn't enough (or is too much). These can be combined with routing networks to provide additional anonymity or transport security.
|
|
|
|
`!Gopher`! is "a communications protocol designed for distributing, searching, and retrieving documents in Internet Protocol networks. The design of the Gopher protocol and user interface is menu-driven". `F908`_`[Wikipedia`https://en.wikipedia.org/wiki/Gopher_(protocol)`]`_`f
|
|
|
|
The experience of browsing a Gopherhole (a site on Gopher) is essentially the same as browsing a folder on your local hard drive: content is hierarchical (organized into a folder structure). While HTML files can be shared, the vast majority of Gopher clients either do not support viewing HTML in-browser or do not support CSS.
|
|
|
|
Because Gopher was created before the advent of SSL/TLS, it has `*no transport security`*. Someone eavesdropping on your internet connection, like your ISP or network administrator, can know exactly what files you access on a Gopherhole and what the contents of those are, and modify them in transit (a man-in-the-middle attack). This can be mitigated by serving a Gopherhole over an encrypted network like the ones in the first section of this webpage, but unfortunately the vast majority of Gopher administrators do not offer their holes on these.
|
|
|
|
`!Gemini`! is "a new, collaboratively designed internet protocol, which explores the space inbetween [sic] gopher and the web, striving to address (perceived) limitations of one while avoiding the (undeniable) pitfalls of the other." `F908`_`[Project Gemini homepage`https://web.archive.org/web/20200501075437/https://gemini.circumlunar.space/`]`_`f
|
|
|
|
Like HTTPS, it uses TLS to secure connections (required by the protocol spec); like Gopher, it serves documents in one-off connections with minimal traffic overhead. Most Gemini clients support a new file type called "gemtext" (.gmi, mimetype "`_text/gemini`_"), which is like a stripped-down Markdown with only bullet lists, a few levels of document headers, and links that can only be on their own line. Thus it offers a bit more customization than Gopher's gophermaps, but not by much.
|
|
|
|
Hungry for more: `F908`_`[Visit the clearnet version of this site at https://letsdecentralize.org`https://letsdecentralize.org`]`_`f
|