One of the fun things about the Internet and Open Source community is that from time to time I’ll be pondering some problem. “How do I set up a ___” and after working the issue for an hour or two, decide to just do a quick web-search on the idea… and find others have already “gone there”. It is bitter sweet sometimes as I’ve often discovered someone else stole my bright idea before I even had it ;-) but such is life.
Recently, censorship and attacks on freedom of speech have become rampant tools of the Petulant Insufferable Left. The poor little dears, snowflakes all, can’t stand the idea of people having thoughts they have not approved and positively recoil in horror when anyone says those thoughts or, GASP!, writes them down. (For example, saying that “since the Koran states Mohammed had sex with a prepubescent 9 year old girl, you are wondering if that makes him a pedophile?” can get you hounded off of Twitter, banned from Facebook, and fined in the EU – even though the facts are accurate and you are just asking a question as you don’t know the answer… As a second example, I’m now wondering if just stating a hypothetical example is enough to cause assaults of various kinds.)
But whatever. The simple fact is that all sorts of voices are being silenced and soon the Internet will be safe for all the Globalist Leftist Snowflakes and also useless for anything beyond ordering a pizza.
What brought this on was the current banning of Alex Jones / Infowars and the Twitter / Facebook purges that sent a huge conservative wave of users to Gab.ai and Bitchute; and then got Gab.ai de-platformed. Clearly there is an all out assault on free speech with special emphasis on conservatives and unpopular-with-the-globalist-left speech.
So what to do?
In the short run it will be a game of whack-a-mole with the deplatformed folks moving to new providers (until, one hopes, they land on a set with a bit of spine…)
The end game will be a full on Peer-to-Peer based system over encrypted VPN links so there simply isn’t any platform to be kicked off of, nor any ISP who can shut you down. The worst case would be needing to do that in a Dark Web mode, such as using TOR over the .onion net or something similar.
But how to get from one to another and what is the state of play today?
Well first off the good news is that all this has already been worked out and is in use. Nothing new needs to be written. The bad news is it is mostly used for things that are illegal, unpopular, or forbidden somewhere (for all the Dark Web stuff). While the basic services, like a VPN, are not illegal or even suspicious, the Dark Web is not for everyone. It would most likely be better to build an analog of it, but for shunned services and speech as opposed to illegal activities (though as noted above, just stating the facts is now illegal in parts of the E.U.)
So I was pondering what it would take to set up an overlay network and have folks using private side DNS and their own P2P web servers and such. It occurred to me that traffic would need to go from home to home over a VPN virtual private network so that the ISP couldn’t even see it. There would need to be a private DNS system for the overlay network, and then some services built, like private web servers and email servers. All pretty standard stuff in the corporate world, but not familiar to the average Joe or Jane.
FWIW, I’ve set up many private networks between corporate sites. The description above is what is typically done inside a company by the I.T. staff. You have a private network, your internal machines are in your own DNS server, you have your own internal email, web, etc. servers and services. I’ve even set up various VPN links to partner companies or remote branches of the same company, so those resources could be privately shared but hidden from public view (or even the view of the ISP Internet Service Provider – who just sees an encrypted river of bits).
But the hard bit would be making this ‘user friendly’ enough for the home gamer to do it. Especially setting up a VPN based overlay network and running a DNS server. It is my opinion that there is a niche here for an integrated application that configures and joins such a private network with little more than answering a few questions.
One first step would be making the VPN mesh overlay network. I had just started to ponder it when I thought “Has it been done?”
Tinc is an open-source, self-routing, mesh networking protocol and software implementation used for compressed and encrypted virtual private networks. It was started in 1998 by Guus Sliepen, Ivo Timmermans, and Wessel Dankers, and released as a GPL-licensed project.
Tinc is available on Linux, FreeBSD, OpenBSD, NetBSD, DragonFly BSD, Mac OS X, Microsoft Windows, Solaris, iOS, Android with full support for IPv6.
The authors of Tinc have goals of providing a platform that is secure, stable, reliable, scalable, easily configurable, and flexible.
Tinc uses OpenSSL or LibreSSL as the encryption library and gives the options of compressing communications with zlib for “best compression” or LZO for “fast compression”.
Projects that use tinc
Freifunk has tinc enabled in their routers as of October 2006.
OpenWrt has an installable package for tinc.
OPNsense, an open source router and firewall distribution, has a plugin for Tinc
pfSense has an installable package in the 2.3 release.
Tomato has tinc support included in the Shibby mod.
NYC Mesh use tinc to encrypt traffic around their mesh network
Oh, gee, a fairly simple to install and configure self-routing mesh VPN for Windows, Mac, & *Nix. Already in use.
It uses config files, so would need maintenance each time a new user node joined. I could see an enhancement to let nodes join, advertize their information, and have it automatically add to the config files (for ease of use) or leave it as-is to keep it a controlled trust group.
What is tinc?
tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet. tinc is Free Software and licensed under the GNU General Public License version 2 or later. Because the VPN appears to the IP level network code as a normal network device, there is no need to adapt any existing software. This allows VPN sites to share information with each other over the Internet without exposing any information to others. In addition, tinc has the following features:
Encryption, authentication and compression
All traffic is optionally compressed using zlib or LZO, and LibreSSL or OpenSSL is used to encrypt the traffic and protect it from alteration with message authentication codes and sequence numbers.
Automatic full mesh routing
Regardless of how you set up the tinc daemons to connect to each other, VPN traffic is always (if possible) sent directly to the destination, without going through intermediate hops.
As long as one node in the VPN allows incoming connections on a public IP address (even if it is a dynamic IP address), tinc will be able to do NAT traversal, allowing direct communication between peers.
Easily expand your VPN
When you want to add nodes to your VPN, all you have to do is add an extra configuration file, there is no need to start new daemons or create and configure new devices or network interfaces.
Ability to bridge ethernet segments
You can link multiple ethernet segments together to work like a single segment, allowing you to run applications and games that normally only work on a LAN over the Internet.
Runs on many operating systems and supports IPv6
Currently Linux, FreeBSD, OpenBSD, NetBSD, OS X, Solaris, Windows 2000, XP, Vista and Windows 7 and 8 platforms are supported. See our section about supported platforms for more information about the state of the ports. tinc has also full support for IPv6, providing both the possibility of tunneling IPv6 traffic over its tunnels and of creating tunnels over existing IPv6 networks.
So at present a new guy wanting to join means everyone gets to edit a config file. That’s just one daemon and a message passing away from fully self configuring.
Inside of such a mesh VPN you would still need to run some services. Email, file sharing, web browsing, FTP servers, etc. Many present P2P services are for things like file sharing (BITorrent for getting things like software and songs), but there are others. Some of them have their own way of making the overlay network:
In P2P networks, clients both provide and use resources. This means that unlike client-server systems, the content-serving capacity of peer-to-peer networks can actually increase as more users begin to access the content (especially with protocols such as Bittorrent that require users to share, refer a performance measurement study). This property is one of the major advantages of using P2P networks because it makes the setup and running costs very small for the original content distributor.
Many file peer-to-peer file sharing networks, such as Gnutella, G2, and the eDonkey network popularized peer-to-peer technologies.
Peer-to-peer content delivery networks.
Peer-to-peer content services, e.g. caches for improved performance such as Correli Caches
Software publication and distribution (Linux distribution, several games); via file sharing networks.
It is worth noting that Bitchute runs as P2P:
The company was founded by Ray Vahey. He described it as a way to avoid censorship and demonetisation by established services like YouTube.
The first video on BitChute was posted on January 3, 2017. It was called “This is the first video on #BitChute”, It was a sample video of a woman using a tablet. The video was uploaded to test the uploading process.
In September 2017, conservative internet celebrity Lauren Southern said she was considering switching to the site in response to YouTube’s demonetisation of political videos. Southern automatically mirrors her YouTube channel on BitChute since March 23, 2017.
BitChute is based on the peer-to-peer WebTorrent system; a torrent program that can run in a web browser. Users watching a video also seed it. WebTorrent, despite similar functionally, is not compatible with BitTorrent.
The BitChute website acts as a front end and portal for WebTorrent. When users upload a video it is converted to a WebTorrent and given a page on BitChute’s website.
Hard to deplatform the video server when it is all of the video watchers ;-)
IMHO, this is the end game. Things like Bitchute running over voluntary overlay networks in a meshed VPN system.
Similarly, for “micro-blogging” (think “tweeting”…) we have Twister:
Twister is free software for experimental peer-to-peer microblogging. Being completely decentralized means that no one is able to shut it down, as there is no single point to attack. The system uses end-to-end encryption to safeguard communications. It is based on both BitTorrent and Bitcoin-like protocols and is considered a (distributed) Twitter clone.
The problem with these kinds of systems is that performance is low when first starting up as nobody else is seeding the given material, then once a topic has lost interest it also has few seeds. With enough growth in users, that tends to end as a problem.
Twister is a Twitter-like microblogging platform that utilizes the same blockchain technology as Bitcoin, and the file exchange method from BitTorrent, both based on P2P technologies.
Twister is experimental software in alpha phase, implemented as a distributed file sharing system. User registration and authentication is provided by a Bitcoin-like network, so it is completely distributed and does not depend on any central authority. Distribution of posts uses Kademlia distributed hash table (DHT) network and BitTorrent-like swarms, both provided by libtorrent. Included versions of both Bitcoin and libtorrent are highly patched, and intentionally not interoperable with the already existing networks.
As a completely decentralized network, no one is capable of incapacitating Twister since there is not a unique point of attack to the system. Twister uses end-to-end encryption to protect the communications. Furthermore, Twister is designed to prevent other users from knowing your GSM localization, IP address, and who you are following. Users can publish public messages as with other microblogging platforms, but when they send direct messages and private messages to other users, these are protected from unsolicited access.
In an extreme limit case, folks can resort to Friend To Friend or F2F networks where you must know someone who trusts you to gain access:
A friend-to-friend (or F2F) computer network is a type of peer-to-peer network in which users only make direct connections with people they know. Passwords or digital signatures can be used for authentication.
Unlike other kinds of private P2P, users in a friend-to-friend network cannot find out who else is participating beyond their own circle of friends, so F2F networks can grow in size without compromising their users’ anonymity. Retroshare, WASTE, GNUnet, Freenet and OneSwarm are examples of software that can be used to build F2F networks, though RetroShare is the only one of these configured for friend-to-friend operation by default.
Many F2F networks support indirect anonymous or pseudonymous communication between users who do not know or trust one another. For example, a node in a friend-to-friend overlay can automatically forward a file (or a request for a file) anonymously between two friends, without telling either of them the other’s name or IP address. These friends can in turn automatically forward the same file (or request) to their own friends, and so on.
Dan Bricklin coined the term “friend-to-friend network” in 2000.
While I’d rather we just kept the top web free and open, the simple fact is that the Dark Web has been around for decades and we can easily add other layers. Then it is also possible for any subset of the internet to just move onto a private overlay network of their own. Even a mesh VPN based one if desired, or the simpler F2F sort. There are plenty of P2P services already running on the open internet so that is an option as well
So the bits will flow. Just a question of over which paths.