Internet Centralization: How We Got from There to Here -- Identifying the Root Cause

My one-pager to IRTF DINRG Workshop on Internet Centralization

https://datatracker.ietf.org/meeting/interim-2021-dinrg-01/materials/slides-interim-2021-dinrg-01-sessa-searching-for-the-root-cause-lixia-zhang-00

Lixia Zhang (lixia@cs.ucla.edu), May 16 2021 

Recent years have witnessed a growing number of efforts and activities in developing solutions to “decentralize the Internet” – clearly the Internet today is no longer what it is used to be. However, in order to find effective means to move forward, the first step is to understand how we got here.

Unprecedented Internet growth took most, if not all, people by surprise and unprepared. Only in retrospect, one gets to see a bit clearly what has happened. It seems to me that today’s control power centralization resulted from an imbalance among the three factors: economy, network architecture, and regulation. 

If we look at the architecture first: the original Internet was distributed because anyone could communicate with anyone else with an IP address, with a basic client-server app model. Anyone could pull off new stuff when others find it useful. That is no longer the case today. Communication has moved up to app-layer using names/identities; no app developers dealing with IP addresses. But more importantly, communication today must be secured. Unfortunately, people in general don't have identities that can be used to reach them directly, don't have tools to secure such direct communications (obviously, sine security is tied to identity). So there is really no means to write or deploy truly peer-to-peer apps. Note that users today do have identities, just that everyone’s identity is assigned and managed by the big guys running the cloud (e.g. single-sign-on using gmail addr. or Facebook ID). Therefore, users can only communicate THROUGH the cloud, not independent of it. Given the success of Internet is really the success of its applications, a decentralized internet means running decentralized apps. The architecture, that the Internet started with, no longer offers its users to communicate peer-to-peer directly and securely. As a result, truly decentralized apps do not have a ground to get started (and blockchain does not solve this problem; see more below). 

Economy: the market missed no time in grabbing the opportunity of controlling the server end in the client-server model when few people paid attention, and quickly turned all clients to revenue-generating eyeballs. Not knowing better, together with no technical alternatives, Internet user community at large was powerless, while a few companies rode on economy-of-scale to become cyber giants and took over everything. Economy-of-scale is not new, has always been a big factor driving centralization (maybe bigger & faster this time). In the past it was counter-measured by regulation. However, this time not only the regulation has been falling pretty far behind, it would also not be effective by itself in countering market centralization, if centralized servers are the only means to build apps – now we circle back to the architecture inefficacy.

Today’s Internet is insecure; the only place that seems secure is inside the cloud. As a side note and supporting evidence: all the three examples (email, DNS, Wen) cited by the IAB DEDR workshop report RFC8980, which started being distributed and now centralized, share the same root cause: (lack of) security. The report even mentioned this point, but fell short to see it as the common cause of all:

1. Under email: "need for coordination to defend against spam and other attacks.” 

2. Under DNS: "Future developments in DNS may see concentration through the use of globally available common resolver services, which evolve rapidly and can offer better security” 

3. Under Web: "Their services provide scaling, distribution, and prevention of denial of service in ways that new entrants and smaller systems operators would find difficult to replicate”. 

It seems clear that steering Internet away from today’s consolidation needs to start from establishing a basic framework on how to improve Internet security, in particular at edge, enabling direct, secure user-user communication. There seems a lack of shared understanding on how such a framework would look like. Consequently, efforts on securing Internet (there are lots of them) seem scattered and isolated. There is also much misconception floating around, confusing necessary coordination in running a global-scale system with centralization, and security with anonymity (which leads to all the high hopes in blockchain direction). I would further add that the real privacy should be by-products of a truly secured distributed system; isolated privacy solutions at component levels may not help much; when someone can see every key click one makes, running DoH to hide DNS lookup from local ISPs does little in improving user privacy.

(ran out of space and time to really wrapping up ...)

Comments

  1. MichaelNovember 10, 2021 at 11:20 PM

    It's ironic that I can only choose my Google Account as my name to answer here :-)

    I have read this after having seen Geoff Huston's talk yesterday ( https://www.youtube.com/watch?v=xMoaj4w3R6k ) and found it very inspirational.

    Regarding the architecture, you conclude that "The architecture, that the Internet started with, no longer offers its users to communicate peer-to-peer directly and securely.", but it seems clear from the same paragraph that the problem is only the lack of an identity. Long ago, a person's identity was mapped to a single IP address - perhaps that's what you mean with "the architecture that the Internet started with". This association is long gone, and for the better, I would say. But if the lack of an identity is what gets in the way of writing truly peer-to-peer applications, then wouldn't this be solved by giving people identities? - at least for the ones who care about keeping true p2p connectivity as a service (as the Internet becomes more monopolized, this number may rapidly grow). Let everyone have a private key, let's define that as a person's identity, let's define how people can obtain these private keys?

    Regarding part 2, the economy, I agree, but I'm not sure there's much we can do about it.

    Regarding part 3, security, here, you write: "It seems clear that steering Internet away from today’s consolidation needs to start from establishing a basic framework on how to improve Internet security, in particular at edge, enabling direct, secure user-user communication.". I agree. And: "There seems a lack of shared understanding on how such a framework would look like." That's sad. Can it be fixed?

    If the architectural problem is to give people an identity, then this automatically removes any form of anonymity from part 3 - it's not a necessary element to make user-user communication survive (it could probably be built on top of whatever is conceived). With that out of the way, isn't an end-to-end transport protocol with encrypted payload all that's needed?

    ReplyDelete
    Replies
    1. MichaelNovember 10, 2021 at 11:27 PM

      ... answering myself, as an addition to the end of my previous message: no it isn't, we'd also need a DNS that maps user identities (their public keys) to IP addresses... or ... well ... some means via which they can be reached, even when they're behind a NAT. Okay, this needs more. An overlay network service, standardized, not "owned" by a monopoly, which users can actively join with their public key, to become a part of this brave new Internet. And the new DNS would then have to map onto a path within this new network service.

      Delete

Post a Comment

Popular posts from this blog

Do not Associate Internet Centralization with DNS in the Absence of Facts

The last decade witnessed an ever increasing centralization of the Internet, which has triggered a grassroots movement toward Internet decentralization. However there seems an urgent need to understand the root cause of Internet centralization, so that all the decentralization efforts could lead to effective outcome. One view that I have heard from many people at many places, IETF community included, is that DNS is a centralized system and therefore the decentralization efforts must find effective solutions to circumvent all DNS usage. I can name multiple efforts heading to the direction of circumventing DNS entirely, but I have never been given scientific supporting evidences showing how, and how much, the use of DNS names actually contributed to the Internet centralization.  Yes the DNS namespace has a governance body to ensure DNS names' uniqueness. As far as I know, that namespace governance has not stopped anyone from getting a DNS name; many of my colleagues have got their  p
Read more