You Broke The Internet – We’ll Make Ourselves A GNU One

#youbroketheinternet is an initiative to foster and form an

architecture that implements a parallel private internet and cuts out
the middle man. By addressing the most difficult of use cases being
scalable social communications and data exchanges, we aim to foster
a comprehensive solution for privacy, scalability and usability. The
new Internet stack is supposed to provide actual intimacy when
exchanging mail, messaging and telephony but also be confidential
for conferencing and social networking.
#youbroketheinternet addresses just the kind of things that
became a basic commodity of life for very many people in the last
twenty years. For those born after 1990 it is the normal state of the
In fact not only private citizens want to keep informational
sovereignty and ownership of their data in their social networks, also
companies have strong requirements to protect against industry
espionage. #youbroketheinternet fosters free software that
does not belong to any company but enables secure economic
interchange among businesses and between business and
The Secrecy of Correspondence isn’t just a fundamental right, it’s
an essential requirement for a fully functional democracy. Yet in the
past twenty years, by slowly migrating our habits towards e-mail and
SMS, humanity has corroded one of the foundations of liberty on a
worldwide scale. #youbroketheinternet aims to bundle
technologies that recreate this basic foundation of liberty.
Not just dissidents and activists, also doctors, lawyers and
journalists depend on trustworthy communication via secure
channels, encompassing features such as end-to-end encryption,
social graph obfuscation, forward secrecy, self hosted data storage,
free and open software and, in the very end, self determined
communication meshes, independent from hierarchically managed
networks, as well as free and open hardware that is unlikely to be
equipped with backdoors. But the current sorry state of networks
and facilities on the Internet does not provide any of that in almost
all use cases.
#youbroketheinternet organizes meetings and collaboration
of software projects that implement these missing services and
promote their large scale adoption. A substantial number of projects
already exist that purport to fulfill these goals. We have placed them
on a common architectural map. Each of them provides some pieces
of the challenge, to deliver a complete solution with regards to
#youbroketheinternet will not be yet another project to build
the ideal system from scratch, but rather it will integrate, re-use, and
motivate existing projects to work towards the common goal of
providing an alternative Internet protocol stack.
“You broke the Internet!” is a sarcastic way to summarize the
feeling of Internet users and activists, even if many of them know
that the claim isn’t actually true. Last summer at the latest the
virginity of the Internet was taken, the naive belief that even though
abuse is possible it wasn’t actually happening. We chose it as a motto
to host some paper presentations that would open the minds on the
possibility of engineering a better Internet, rather than host crypto
parties that promote totally insufficient technologies such as PGP.
The motto evidently struck a chord since the video of the talks
was viewed over a hundred thousand times. Few weeks later the
secushare, Social Swarm and GNU Consensus working groups met in
Berlin. We found ourselves surprisingly on the same page concerning
both the requirements for a better Internet and some fundamental
technological choices. So we decided to pursue the plan of
organizing an even larger meeting at December’s 30c3 congress —
and since our challenge was no longer limited to redesigning social
networking, we turned the motto of the previous event into our
working group name.
Technology Consensus
Scalable many-to-many communication is a particular topic of
interest for us since there will not be a replacement to Facebook and
Twitter until this problem has been tackled. Currently available
technologies lack the necessary ability to distribute efficiently, but
we believe that the goals of multicasting and onion routing can be
combined into a synergic hybrid strategy. The larger the recipient
groups, the better the cover traffic for intimate messaging. With the
ability to multicast encrypted data, caching is no longer useful.
We also consider transaction data security one of the primary
aims we strive for in future communication technology. If taken in on
a global scale, social graph data gives you enough information to be
a threat to liberty and democracy of entire populations. Institutions
like the Stasi have had an impressive impact on German history
although 40 years of Stasi activity haven’t produced a fraction of
NSA’s intake. Of course the NSA won’t put dissident minds in prison
camps, but who knows who will be next in charge of the power to
rule the planet? The power to observe how a person is forming her
political opinion? Maybe even the ability to detect future opposition
leaders before they know it themselves? In a world of big data,
Arnold the Terminator does not need time travel capabilities. Never
before could it be so easy to manage a totalitarian system. The
so-called German Democratic Republic is several decades away, but
the fear of taking a risk, each time you speak freely, is back.
Unfortunately, all of the established technologies on today’s
Internet require access to transaction meta data and are thus
unsuitable for a future Internet. That includes SMTP, SIP and XMPP.
The ideal of federation that has been promoted by Internet activists
for decades is wrong and harmful to digital intimacy. Not to mention
that all link-level encryption depend on an unreliable set of so-called
“certification authorities” (X.509).
While the web browser, in its best intention to enable
server-based computing, has become overladen with surveillance
functionality such as cookies, invisible counters, AJAX, e-tags and
potential Javascript security issues. It now comes also with WebRTC,
which relies on web servers for authentication and thus enables
them to automate man in the middle attacks as deemed appropriate.
Voice and video authentication by reading out aloud a shared
authentication string could help, but will people actually do that?
Will browsers let them?
Also, as recent revelations have shown, servers are hard to
secure (see targeted server and router operations or virtual machine
attack vectors as examples), and by aggregating data of many users
these servers become worthwhile targets.
Paradigm Shift
Distributed Hash Table (DHT) technology has been in use for
peer-to-peer file sharing and telephony for over a decade now. It has
had its share of security issues and learned from it. Several projects
have started routing Internet packets by DHT look-ups of
cryptographic identities rather than IP numbers. This technology
allows to replace not only DNS and X.509 (the hierarchical
certification system used by TLS and “HTTPS”) but even the likes of
the Border Gateway Protocol (BGP). The DHT allows any peer to
equally and securely contact any other peer, thus makes federation
unnecessary, too.
DHT technology even dramatically reduces cost of operation.
Once the software is installed on the node it starts operating. There
are zero administration costs. DHT-based routing should work by
itself and the trade-off between obfuscation, latency and
performance can be chosen by the user and her applications. Just
think of all the more interesting and useful work those SMTP, XMPP,
DNS, VoIP and X.509 administrators could be doing in future.
Overcome Conservatism
Internet technologists can currently be divided in two categories.
Those who still try to make the conglomerate of old technologies
function and those who use DHT technology each day and find it
hard to understand why anyone would want to do otherwise.
#youbroketheinternet meetings have turned out to be
dominated by the latter.
It’s ironical how we criticize our political leaders for not tackling
important issues while at the same time we panic at the idea of
having to obsolete SMTP and similarly ill-architected technologies in
order to introduce the necessary degree of digital intimacy. It’s the
same typically human instinct: Conservation. We try to conserve
what is actually way dysfunctional, thinking that we can somehow
get back to the good old times. It’s the same with the world
economy and the energy and ecology questions. By not embracing
the new – and rather fixing up the old – we are acting just like old
politicians. But history repeats itself. When the first cars were
developed, most of the world’s engineers where probably focused
on refining the efficiency of horse carriages.
Failure of Open Standards
Open standards are bad for humanity when they are actually not
doing their job well and at the same time impeding the development
of new ideas and alternatives, because.. hey, we have a standard.
OStatus is a formidable example — it standardized things that aren’t
working properly at all. There isn’t a single federated social
networking platform that actually scales and functions well enough
to challenge the likes of Facebook, and yet there is this hype of
wanting to standardize things that do not work which blocked the
entire federated social web community from making progress for
Other examples are XMPP and PubSubHubbub. Both were
written without worrying about scalability issues, leaving it to
companies to develop solutions that would tackle that. No surprise
the largest installations of both protocols are operated by a
company called Google. Even today it is a problem to have more than
a hundred friends on a federated XMPP server, let alone do social
networking with them. The more time passes, the harder it gets to
tackle such a bug in the standards, because by then many companies
are earning money by selling scalable server solutions — a protocol
that actually scales properly by design would be detrimental to their
We might not care if it wasn’t for our most private data.
Companies should be doing business over the Internet, not by
making the Internet technologically dependent on them. Open
standards were intended to serve the purpose of making companies
have their proprietary technologies speak a common language — but
since proprietary technology by design cannot be reliably respectful
of privacy, that is no longer a reasonable goal — at least for all
protocols and devices in the technological stack that are intended to
deliver human private correspondence.
What we need instead is a well-defined and reviewed GNU
licensed codebase, all applications can be made interoperable using
that. Tor is a fine example for how that process works.
Democracy is the Priority
The current condition of the Internet makes it a must for
business players to collect and market big data in order to be
competitive. Even if it is in their best intentions to do no evil,
corporations have to play by the rules of the market. With threats
such as PRISM it seems like there is no functional business model for
privacy. That’s why we cannot put the burden on companies to work
something out without legislation backing it up. It’s a wrong idea of
entrepreneurial freedom.
The current operation of the Internet isn’t just harmful to civil
rights of its users, it is infringing principles that are essential for
democracy to function and are therefore in many countries
enshrined into their respective Constitutions. Internet has thus
become a threat to civil society rather than the participatory
improvement network activists wish it to be.
The general population should pressure their respective
Supreme Courts to apply their respective Constitutions to the
Internet, potentially having it be declared illegal. Courts should
suggest a deadline by which the Internet needs to be brought in line
with the lessons humanity should have learned from the holocaust.
Had Hitler lived today, the Internet would have been his ideal tool.
Even the wealthiest children among us will not lead a decent life
fifty years from now if we don’t protect democracy, and the Internet
has to be an enabler rather than a threat.
Governments should foster the development of a free and open
Internet technology that actually works and regulate its introduction
for businesses to enjoy a new level playfield of opportunities that no
longer carry the burden of inevitable civil rights infringements.
Politicians neither need to understand nor develop the
underpinnings. We just expect a very simple decision from them
acting according to their national and global responsibilities: Are the
principles of democracy which are the foundation of our modern
society more important than other interests, or not?
We are proposing an EU law to require obfuscated and
end-to-end encrypted communications in all telephony and
computer appliances sold after 2014. The law shall include ways to
ensure its correct implementation and a transition path from the
existing unencrypted systems. It tackles most issues net politicians
have been worried about in the past decade (net neutrality,
copyright, data retention, data protection, hardware transparency
and open standards) in a single rather simple and clear law proposal.
You can preview the draft legislation here.
Introducing laws like this one makes the development of a
correctly operating Internet a priority for all participants, mobilizing
investment and research. A network that complies by these
legislative requirements creates more equal business opportunities
that do not collide with the Secrecy of Correspondence and other
civil rights at the foundation of democracy.
The name #youbroketheinternet is only ironically pointing a
finger, since we know that governments are operating in best
intentions like everyone else. Unfortunately however, by not tackling
the constitutional aspects of technology rolling into our everyday
lives, governments have led us on a slippery slope towards
authoritarian control. It’s not about the comfortable well-being of
individuals. It’s about protecting democracy so that we get a chance
to tackle the even larger problems humanity is facing.


Comments are closed.