The dark side of the decentralized web

On a recent Bloom Network community call introducing the decentralized web, a couple of people asked about the potentially harmful uses of the technology. We didn’t have much time to get into it on the call, but there are valid concerns here that I think warrant further discussion.

The issue at hand

To summarize the concerns, it makes sense to first give a brief introduction to decentralized web technologies and explain why they’re important and different from the web most of the world uses today.

The basic goal of the decentralized web is to remove centralized points of weakness on the web, making the web more secure, private, resilient, and censorship-resistant. For example:

  • Domain names in the traditional web are controlled by a corporation called ICANN, who can revoke the names from users whenever they want. Yes there are technically conditions that must be met before the name can be seized, but ICANN itself defines these conditions so… anyways if they (or your government) don’t like what you’re publishing on your website, they can make your site harder to find by taking away the domain name. Blockchain name systems are a decentralized web technology that provides an alternative to the ICANN-owned domain name system and gives end users true ownership of their domain names.
  • TLS/SSL Certificates in the traditional web are issued by organizations called Certificate Authorities. There are hundreds of Certificate Authorities and your browser will trust a certificate issued for a website by any one of them. This power has been abused to man-in-the-middle entire countries, likely in an attempt to spy on political dissidents. Decentralized public key infrastructure is a decentralized web technology that provides an alternative to Certificate Authorities, where users can issue their own certificates and cryptographically link them to their domain name using a blockchain name system.
  • File hosting in the traditional web is provided by organizations that host digital files on centralized servers. While these web hosts do their best to keep the files available using backups and data redundancy, they can still experience issues that lead to catastrophic losses. Distributed file and data storage systems are decentralized web technologies that decentralize the job performed by file hosts. Files (or pieces of files) are stored on computers operated by multiple hosts instead of relying on a single web host to make the files available. This makes it less likely for data to get lost and permanently taken offline if one or multiple hosts go down.
  • Electronic payments over the traditional web have historically relied on centralized intermediaries such as payment processors and banks. These middlemen have abused their privileged positions of power to attack their own customers for political reasons, or for no good reason at all. Cryptocurrency is a decentralized web technology that makes it possible to send payments online without an intermediary, so payments can be sent by anyone, to anyone, anytime and anywhere – a simple yet powerful concept.

While all of these decentralized web technologies help provide strong protections for normal web users against security vulnerabilities, privacy intrusions, and censorship, because these technologies are freely available, they also provide these protections to bad people too. The main concern that people have brought up about decentralized web technologies is that they believe these technologies make it harder to catch bad people or stop them from using the internet to do crime.

Before addressing the concern, first a brief trip down memory lane…

The Four Horsemen of the Infocalypse

To provide some more context, it’s worth pointing out that concerns about bad people using the internet to do bad things are as old as the internet itself. Back in the early 1990s, during the first Crypto War (which cryptographers won, btw), such concerns were brought up as a reason for backdooring encryption or otherwise breaking the security of the internet so often that Timothy May came up with a name for them: The Four Horsemen of the Infocalypse. So these concerns are not new or unique to the decentralized web.

Still, how do we (people developing and promoting decentralized web technologies) respond to these concerns? Here’s how I think about it:

The positives outweigh the negatives

Ok so the concerns aren’t new. But that doesn’t mean they’re not valid, right? Only that we’re still grappling with them, almost thirty years later.

Indeed. As technologists, it is certainly important to think about the ethics of the technology we are developing. Is this technology a net benefit for the world? Does the technology do more harm than good? From personal firearms and nuclear weapons to smartphones and the internet, humans have constantly grappled with the question of whether the positives of the technologies we develop outweigh the negatives.

As someone who helps develop decentralized web technology and promotes its usage, I personally believe that the positives far outweigh the negatives. The benefits that billions of people could gain from a more secure, more private, more resilient and censorship-resistant web to me far outweighs the bad that a relatively small number of people could do with the technology.

Striking at the root of evil

That brings the discussion to the actual concern being raised: bad people doing bad things online. Ok, so there’s this technology that can be used to publish harmful content online in a way that could be hard to censor or track back to the source. What do we do about that? Well, we cannot un-invent the technology. It’s out there, it’s open source software published in public repositories that anyone can use now. So how do we deal with online-based crime in a world where information can now be strongly encrypted and permanently published to the internet?

To answer this question, I would first interrogate further: why is there crime to begin with? Why do people do the bad things that they do? How do their victims end up in situations where they are victimized? What can we do to stop crime before it happens? Trying to answer these questions exposes deep societal problems that are out of scope for this blog post, but suffice to say that when it comes to criminals using software to commit crimes, there’s a lot the government itself could do to fix their own policies that create crime in the world (drug prohibition, supporting terrorists, sex work criminalization, as just a few examples) before we even think about how open source software comes into the equation.

Now let’s assume that governments and everyone else have done just about everything possible to reduce crime caused by or enabled by bad policies and bad personal habits. There will still be a small minority of people who are just born to do bad things, and they will probably use the internet and decentralized web technologies to do some of those bad things. How do we deal with that?

I think that, just as it’s difficult to erase something off the internet today, it will continue to be difficult to erase something off the internet in the future. Decentralized web technology doesn’t necessarily create a new capability here, it just makes that level of resilience more accessible to more people. Similarly, end-to-end encryption has been widely available since the release of PGP in the early 90s, and today is made easier to use by end-to-end encrypted messaging apps such as Signal. Again, decentralized web technology doesn’t introduce new encryption capabilities here, but rather can help make secure end-to-end encryption more easily usable with DPKI and more private by removing messaging intermediaries.

So to answer the question “how do we deal with bad people who do bad things using decentralized web technologies” we could ask law enforcement, military, and other people in the security industry how they deal with the crime on the internet today. Many tactics they use will probably still be relevant. They may have to shift tactics or develop new tactics. And, yes, in some cases (such as deleting links to illegal content stored on the bitcoin blockchain) they won’t be able to do anything about it at all, except to track and find the source of the content and cut the problem out at the root to prevent further harm.

My computer, my business

“But, but,” the concerned people protest, “couldn’t we just force developers to make it possible for law enforcement to break decentralized web technologies in limited circumstances?”

This request for a “golden key” or “backdoor” is another old zombie policy proposal that just won’t die, and the answer is, was, and always will be: no.

Quoting a tweet I sent recently:

think of my computer as an extension of my brain. you can’t force a company to give you access to the contents of my brain. you shouldn’t expect to be able to force a company to give you access to the contents of my computer, either.

Under the U.S. Constitution, people have a right to privacy and the right to remain silent. These rights exist to protect innocent people from having their private life unfairly intruded on by the government. We also have a right to free speech, a right that an increasingly large number of people are finding hard to exercise on the internet, with unaccountable corporations acting as the final arbiter of what speech is allowed and what is not.

Decentralized web protocols provide a technological means of protecting these rights. Remember that not everyone in the government is acting with the best of intentions. It’s important that these rights be protected by the Constitution, but in case the government fails to respect our rights (it wouldn’t be the first time), or in cases where such rights are weak or nonexistent, it’s also important that we have these technological means of protecting our rights.

Besides, even if we did put backdoors in decentralized web software, bad people would just create versions of the software that do not have a backdoor, so they could continue their bad activities unconcerned about unwanted guests intruding on their business. It’s better that we have secure software that protects everybody, rather than expect innocent people to use software with backdoor vulnerabilities on the delusional hope that it would make it easier to catch and stop criminals. All a backdoor in the decentralized web would really accomplish would be to make innocent people less safe online while criminals continue their business using software without backdoors.

Making the best of it

Decentralized web technologies such as cryptocurrency, blockchain name systems, DPKI, and distributed file and storage systems are exciting new tools that can help improve on existing shortcomings with the web, including security and resilience problems. They can also help protect our rights to privacy and free speech. Yes, like every other tool ever invented, it is also possible to use these tools for bad as well. We will have to adapt and accept that some problems that are created by these new technologies cannot be completely eliminated, only mitigated. We have accepted this trade-off for countless other technologies in human history, including for the internet itself, and I think it’s reasonable to accept this trade-off for the decentralized web as well.

There’s so much good that the decentralized web makes possible. Let’s make the best of this new reality and use these technologies to improve our world, to liberate ourselves and others and improve our digital lives.

P.S. One final point: although it is possible for other people to use the decentralized web to host objectionable content, remember that as a user of this technology you are in no way obligated to help host that content! You can delete any data off your computer that you do not want to host. Part of the benefit of the decentralized web is that you are in control. Such content filtering can even be automated, so if you are running a file hosting node for example any objectionable material can automatically be rejected as soon as it’s detected on your computer. It’s like avoiding the bad part of town – you can just not go there!


 

Email is probably the most popular decentralized messaging protocol, and I expect it to be around for a while. Add yourself to my email contacts if you would like to stay in touch!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s