I'm surprised by the beginning of the post talking about pioneering in 2019. Maybe it is the case for ENS (I never cared for it), but regarding IPFS, my website was available over IPFS 3 years before that in 2016 [1]. Granted, I was never IPFS only. I also started publishing a series of article about censorship-resistant internet (Tor, I2P, IPFS, and ZeroNet) in 2600 Magazine – The Hacker Quarterly – back in 2017 [2].
Anyway, I came to the same conclusion as the author, but several years ago: in the end, nothing is actually decentralized, and maintaining this illusion of decentralization is actually costly, for no real purpose (other than the initial enjoyment of playing with a new tech, that is).
So I stopped maintaining it a few years ago. That decision was also because of the growing involvement of some of these projects with blockchain tech that I never wanted to be a part of. This is also why I cancelled my article series in 2600 before publishing those on IPFS and ZeroNet.
[1] See for example this archive of my HN profile page from 2016 with the link to it: https://web.archive.org/web/20161122210110/https://news.ycom...
Do you have any writing (blog posts, HN comments, etc.) where you explore this thought more? I'm in the thick of building p2p software, very interested in what you came to know during that time.
True P2P networks don't scale, because every node has to store an (accurate if partial) representation of the whole network. Growing the network is easy, but growing every single node is virtually impossible (unless you control them all...). Any attempt to tackle that tends to increase centralization, e.g. in the form of routing authorities.
And if you try to tackle centralization directly (like banning routers or something), you will often create an anti-centralization regulator, which is, you guessed it, another form of centralization.
So your decentralized P2P network is either small and works good, medium and works not so good, or large and not actually decentralized.
The best P2P networks know their limits and don't try to scale infinitely. For human-oriented network, Dunbar's Number (N=~150) is a decent rule of thumb; any P2P network larger than that almost certainly has some form of centralization (like trusted bootstrapping/coordination server addresses that are hard-coded in every client install, etc.)
Former LimeWire dev here... which P2P networks use a fully meshed topology? LimeWire and other Gnutella clients just have a random mesh with a fixed number of (ultra)peers. If the network gets too large, then your constrained broadcast queries hit their hop count before reaching the edge of the network, but that seems fine.
Last I checked, Freenet used a variation on a random mesh.
Kademlia's routing tables take O(log(N)) space and traffic per-peer to maintain (so O(N log(N)) for global total network space and traffic). Same for Chord (though, twice as much traffic due to not using a symmetric distance metric like XOR).
There are plenty of "True" (non-centralized) P2P networks that aren't fully meshed.
Creator of Freenet here. Freenet[1] relies on peers self-organizing into a small world network[2].
Small world networks have the advantage of being able to find data in log N time where N is the network size, they're also completely decentralized, self-healing, and distribute load evenly across peers. The principle is similar to DHTs like Kademlia but more flexible and intuitive IMO, while having similar scaling characteristics.
It's surprisingly common for people to confuse small world networks with "scale free networks", but scale free networks rely on a subset of highly connected peers which do a disproportionate amount of the work - which isn't truly decentralized.
The new Freenet design incorporates adaptive learning into the routing algorithm. When a peer is deciding where to route a message, it predicts the response probability and time for each neighboring peer based on past performance and chooses the best. With conventional "greedy routing", peers choose the neighbor with a location closest to the data being retrieved. The new approach is adaptive to actual network performance.
[1] Both the original Freenet from 1999 and the new sequel we're currently building - see https://freenet.org/ for more. We hope to launch the network in the next few weeks.
[2] https://en.wikipedia.org/wiki/Small-world_network
Thanks for the great work, Ian!
As far a second-generation Freenet, I heard i2p started out as a proposed re-factoring and generalization of Freenet's encrypted transport layer. Are there any plans on using i2p to carry Freenet traffic?
I think ive been following the dev chat long enough to answer that the new freenet is a new, seperate network to the original (now called hyphanet I think) that handles transport by itself, and end to end encryption is not in scope of the project but can be built on top
This is correct - while old and new Freenet both rely on a small-world network, they are very different and not compatible. Borrowing from our FAQ[1], the main differences are:
Functionality: The previous version of Freenet (now called Hyphanet) was analogous to a decentralized hard drive, while the current version is analogous to a full decentralized computer.
Real-time Interaction: The current version allows users to subscribe to data and be notified immediately if it changes. This is essential for systems like instant messaging or group chat.
Programming Language: Unlike the previous version, which was developed in Java, the current Freenet is implemented in Rust. This allows for better efficiency and integration into a wide variety of platforms (Windows, Mac, Android, MacOS, etc).
Transparency: The current version is a drop-in replacement for the world wide web and is just as easy to use.
Anonymity: While the previous version was designed with a focus on anonymity, the current version does not offer built-in anonymity but allows for a choice of anonymizing systems to be layered on top.
[1] https://freenet.org/faq#faq-2
Doesn't Java have the widest variety of hardware running it, thanks to its Virtual Machine ?
I can even remember my Motorola Razr being arguably (almost) a smartphone because, while a far cry from Symbian, it could already run Java applications ! (Notably, IIRC, Opera mini ?)
P.S.: Also, I tried Freenet about around that time too ! I'm a bit confused about this being a "new" project... why not naming it "Freenet 2" then ? Why did Freenet "1" had to change its name ??
Java has the advantage that you can run it on a wide variety of hardware platforms without recompilation, but it has largely failed to attain broad usage/support for desktop apps and so it's a bad choice for something like Freenet in 2024.
A systems programming language like Rust gives us a lot more control over things like memory allocation, allowing apps to be a lot more efficient. This is important with Freenet because we need it to run in the background without slowing down the user's computer.
Rust can also be compiled to run on all major platforms, Windows, Mac, Linux, Android, iOS, etc.
Using the name for the new software was a difficult decision and not without risk.
The "Freenet" name was never intended to belong to a specific codebase. From the start we viewed the original Java implementation as a prototype, which is one reason we never actually released version 1.0 (even 7 years after the project started we were still on version 0.7). At the time I had no idea that it would be over 20 years before I had a design I thought would be suitable, but here we are.
This new Freenet is the original concept but designed, not as a prototype, but as software that can gain broad adoption. In that sense it is the fulfilment of my original vision.
I did consider calling it Freenet 2, but these days not that many people have heard of the original, so on balance I believe it would have been confusing for the (hopefully) much bigger userbase we hope to reach.
Thank you :)
I2P was created by someone who was previously involved with Freenet, but its design is a lot closer to Tor than to Freenet. Both I2P and Tor are anonymizing proxies, they allow services to be hidden, but they're still centralized.
While they are quite different, there is enough overlap that running Freenet over I2P (or Tor) would be wildly inefficient and slow, so I wouldn't recommend it. Freenet is designed to run over UDP directly.
The new Freenet is designed to allow the creation of completely decentralized services. Briefly, it's a global key-value store in which keys are webassembly code that specify what values are permitted under that key, and the conditions under which those values can be modified. This key-value store is observable, so anyone can subscribe to a key and be notified immediately if the value changes.
This is just scratching the surface, for anyone interested in a much more comprehensive explanation of the new Freenet please see this talk I gave a few months ago: [1] You can also find a FAQ here: [2]
[1] https://www.youtube.com/watch?v=yBtyNIqZios
[2] https://freenet.org/faq
Clever. I care about congestion control issues mainly. Got that handled? Tried ecn?
The low-level transport is one of the final components we're working on prior to launch - we previously hoped to use something off-the-shelf but on close examination nothing fit our requirements.
We handle congestion by specifying a global maximum upload rate for the peer, which will be a fraction of the peer's total available bandwidth - the goal being to avoid congestion. In the future we'll likely use an isotonic regression to determine the relationship between upstream bandwidth usage and packet loss, so that we can adaptively choose an appropriate maximum rate.
This is a more detailed explanation of the transport protocol, it's quite a bit simpler than ECN but we'll refine it over time: [1]
At a higher level a peer's resource usage will be proportional to the number of connected peers, and so the peer will adaptively add or remove connections to stay under resource usage limits (which includes bandwidth).
[1] https://github.com/freenet/freenet-core/blob/186770521_port_...
Freenet is very cool. You did good work. Absolute giga chad.
Thank you, first time I've been called a Chad - I'll take it ;)
I've always taken interest into p2p, but never heard of Freenet so thanks for being here!
Question: how good is the latency once connections are already established, say for a real time video call over Freenet, or if this is not possible? Is there any server in the middle that all packets need to route to, especially for peers behind firewall
We're aiming for the delay between a contract's state being modified and all subscribers being notified to be no more than 1 second, which should be acceptable for applications like IM.
If you were doing something like a video call you'd negotiate it over Freenet and then establish a direct connection for the video/audio for minimal latency.
Freenet uses UDP hole-punching to establish direct connections between peers even if both are behind firewalls. A new peer uses a public (non-firewalled) peer to join the network initially but once joined all further communications can be between firewalled peers.
Sure, but ultrapeers/supernodes/routers/etc are forms of centralization. Locally, the network is centralized around these supernodes, and they can be annoying/impossible to bypass. The "inner network" or backbone of supernodes, if exists, can also represent a central authority. Nothing necessarily wrong with any of this, but it can stretch the meaning of P2P if it really means P2central-authority2P.
Functionally there is almost no difference between me sending you an (anonymous, encrypted) message over Facebook versus over some sophisticated, large, hierarchical "P2P" network. We still have to trust the local authorities, so to speak.
Your software cannot be more decentralized than your hardware.
For example, true p2p can only happen if you meet with someone and use a cable, bluetooth or local wifi. Anything over the internet needs to pass through routers and *poof* decentralization's gone and you now need to trust servers to a varying level of degrees
"varying" is a pretty wide range here. If you mean "trust" as in trust to maintain connectivity, yes, but beyond that there are established ways to create secure channels over untrusted networks. Could you provide specifics about what you mean if anything beyond basic connectivity?
Sure: what is the process to start downloading a torrent? what is the process to message someone on Jami? what is the process to call someone on (old) Skype or Jitsi? Answer this and you realize you can only get as decentralized as your hardware infrastructure
Well for torrent it starts by contacting one of the various trackers that know other peers. It's not centralized but there's only a couple of trackers out there.
There's no trust between any of the peers, but each of the torrent piece has associated hash, meaning peers cannot give you invalid data without being caught (unless hash collision occurs).
Peers can be discovered with DHT magic, but ultimately, can only be dialed if the ISP allows peers to receive connections.
That's not true. Yes the strict p2p connection is gone but decentralization is what the name says, a network of connections without a single center. The internet and it's routing systems are decentralized. Of course every decentralized system can also be stressed to a point of failure and not every node is automatically trustworthy.
I'll add to what others have said better.
Decentralized, globally accessible resources still take some kind of coordination to discover those resources, and a shit-ton of redundant nodes and data and routing. There is always some coordination or consensus.
At least, that's my take on it. Does not tor have official records for exit and bridge nodes?
The main thing is that "true" (in the sense of absolute) decentralization does not actually work. It doesn't work technically, and it doesn't work socially/politically. We always need some form of collective control over what's going on. We need moderation tools, we need to me able to make errors and fix them, etc. Centralized systems tend to be authoritarians, but the pursue of absolute decentralization always end up being very individualistic (and some kind of wrongly placed elitism). There are middle grounds: federated systems for example, like Mastodon or emails, actually work.
That is not to say that all p2p software is bad, especially since we call p2p a lot of things that are not entirely p2p. For example, BitTorrent is a p2p software, but its actual usage by humans relies on multiple more-or-less centralized point, trackers and torrent search engine.
I may be missing something, but name resolution has been touted as one of the more legitimate and sensible uses for blockchain for a very long time. Could you clarify what your issues with it in IPFS context are?
Well, I do not actually believe that blockchains can do name resolution correctly. First and foremost, the essential thing to understand about blockchains is that the only thing that is guaranteed by writing an information on a blockchain is that this information is written on this blockchain. And that's it. If the writing itself is not performative, in that it's mere existence performs what it describes, then nothing has been done. It works for crypto-assets because what makes a transaction happen is that it is written on the blockchain where that crypto-asset lives and where people look to see what happened with that crypto-asset.
But for any other usage, it cannot work, blockchain are useless. Someone or something somewhere has to make sure either that what's written on the blockchain corresponds to the real world, or to make the real worlds corresponds to what's written on the blockchain. Either way you need to have a kind of central authority, or at least trusted third parties. And that means you don't actually need a blockchain in the first place. We have better, more secured, more efficient, less costly alternatives to using a blockchain.
Back to name resolutions.
Virtually no one is going to actually host locally the blockchain where all names are stored. That would be way too big and could only get bigger and bigger, as a blockchain stores transactions (i.e., diffs) rather than current state. So in practice people and their devices would ask resolvers, just like they currently do with DNS. These resolvers would need to keep a database of the state of all names up-to-date because querying a blockchain is way too inefficient, running such a resolvers would be a lot more costly than running a DNS servers so there would be less of them. Here we just lost decentralization which was the point of the system. But that's just a technical problem. There is more: what if someone gets a name and we as a society (i.e., justice, whatever) decides that they should not be in control of it? Either we are able to enforce this decision and it means the system is not actually decentralized (so, we don't need a blockchain), or we can't, and that's a problem. What if a private key is lost, the associated names are gone forever? What if your private key is leaked by mistake and someone hostile take control of your name?
Using a blockchain for names resolution doesn't actually work, not for a human society.
You lost me here. Couldn't the local user ('s process) reference the same block chain instead of another trusted party?
The problem with block chains is you need the entire history, or at least a good chunk of it to walk it for data. The latest end of the chain doesn't contain everything, it simply contains the most recent transactions.
This can be hundreds of gigabytes if not more at scale.
This is where the central authority comes in play, in the name of storage and performance efficiency.
Even crypto wallet apps use third party central servers to query your wallet totals. Because you aren't fitting the download of the block chain on your phone.
I don't think the blockchain walk has to be done locally. Much like someone looking up DNS records don't need to participate in the DB management to get their records, there can be intermediaries which provide the response and still rely on the blockchain as a source of truth?
The value of the blockchain (in the context of name resolution) would (should) be limited to enabling trustless-ness of the response. I can cryptographically authenticate the origin of the response. If you don't trust that source, zk proofs would enable the user to validate the response is part of the latest version of the blockchain's state without looking at all of the history.
I think the cost of carrying the whole history is a red herring.
But then you have to trust the intermediaries. You can verify their claim, but doing so is so costly it's what made you turn to intermediaries in the first place.
A blockchain is not needed for that, certificates can do that.
Knowing enough information about the latest version of a blockchain's state to validate responses would require either that you trust the third party which would provide the hash of the last block to you, or that you follow, blocks after blocks, what's added to to ledger, verifying each block's integrity and all. I'm not saying that's not doable, but that it either requires some boot-up time or to be online all the time; i.e., it more or less amounts to running a node which is what we seem to agree is not something most people / end devices will do.
You should be able to cryptographically prove a) the block height of the current block and b) the state of any account, in constant space, using zero-knowledge proofs.
You don't need to trust a third party and do not need to be online all the time for that.
Not everyone needs to run a node, and not everyone could, but it is totally feasible for an individual to run their own if they decide they can't trust anyone else for whatever reason. Especially if you were running a node specifically for the purpose of name resolution you could discard the vast, vast majority of data on the Ethereum blockchain (for example).
No, that is a feature of a decentralized system. Individual node operators would be able to decide whether or not to serve particular records, but censorship resistance is one of the core features of blockchains in the first place.
The association wouldn't be gone, it would just be unchangeable until it eventually expires. This is a known tradeoff if you are choosing ENS over traditional domain name registration.
As opposed to today where someone hostile, like for instance the Afghani government (The Taliban), can seize your domain for any reason or no reason at all?
---
I think we just have a fundamental disagreement about what types of features and use cases a name resolution system should have. That's completely fine, you're entitled to your own believes. You can use the system that most closely resembles your beliefs, and I'll use the one that most closely resembles mine. Fortunately for us different name resolution system can peacefully coexist due to the nature of name mappings. At least for now, none that I know of collide in namespace.
Exactly, take a look at Sci Hub or The Pirate Bay continuously needing to change domain names due to seizures, for example. I'd want them to be able to actually own their domain names, either via blockchain or private key (e.g. Tor).
In fact Sci Hub tried HNS for some time but seems to have dropped out of it.
That's a feature.
Do you think lawlessness is a feature?
It isn't. Unless you want a long incomprehensible string.
Someone is always going to want a short, unique, and memorable name. And when two people share the same name (McDonald, Nissan, etc) there needs to be a way to disambiguate them.
If people die and are unable to release a desirable name, that just makes the whole system less desirable.
I know one of the canonical hard problems in Computer Science is "naming things" and this is a prime example!
Namecoin has existed for a long time. It acts just like a traditional domain registar. First person to register a name gets it, and they have to pay a maintenance fee to keep it. Don't pay the maintenance fee and then someone else can register the name.
Yes, but statistically nobody uses it due to those problems. Squatters quickly snapped up the most popular DNS names but since nobody uses it there’s no financial benefit from paying Danegeld, and that’s a vicious cycle of irrelevance.
This is the core flaw of most of these systems: people hype them up selling the idea that it’ll become huge later, but without some link to real value or authority there’s no reason to favor one implementation over another or doing nothing at all.
This comes up a lot in the case of IPFS because the core problem is that most people won’t host anything on the internet. It’s expensive and legally risky, which forces you to vet who you host and then you have a less revolutionary pitch which has to be based on cost, performance, etc. and that’s a tough market.
It might not be popular in general, but surely IPFS crowd specifically would be a lot more receptive to such a thing? IPFS itself is similarly niche.
Perhaps, but that doesn’t mean they’re suckers. If you’re going to have to deal with bootstrapping an alternate root anyway you probably aren’t motivated to pay off a speculator for the privilege of making their holdings more valuable.
ENS (which is what the GP refers to) has human readable names. But it doesn't have support for A/AAAA records today (does anyone know why? A-record support was in the original spec). Aside from that the only reason you wouldn't be able to type "mycoolsite.eth" into your browsers URL bar and have it resolve to an IP is because no browser has an ENS resolver built in. Yet.
Brave does right?
And if you want a long incomprehensible string we already have that .onion sites work without a blockchain, too.
Blockchain enthusiasts have a history of talking out of their ass and being susceptible to the lies of others.
Downvotes, nice. Whatever helps you sleep at night.
I never fully understood the use of ipfs/iroh for websites, but I really like the idea for data caching in data science packages.
It makes me more sense to me that someone would be much more willing to serve large databases and neural network weights that they actually use everyday, rather than 'that one guys website they went to that one time'.
I'm very surprised it's not as popular, if not more popular to just have @iroh-memoize decorators everywhere in people's database ETL code.
That's a better use case (sense the user has a vested interest in keeping the data up) than helping people host we sites.
IMO the case for something like IPFS gets worse and worse the larger proportion of clients are on battery. This makes it a really poor choice for the modern, public Web, where a whole lot of traffic comes from mobile devices.
Serving things that are mostly or nigh-exclusively used by machines connected to the power grid (and, ideally, great and consistent Internet connections) is a much better use case.
This is half the reason why P2P died in the late 2000s. Mobile clients need to leech off a server to function.
The other reason why it died is privacy. Participating in a P2P network reveals your IP address, which can be used to get a subscriber address via DMCA subpoenas, which is how the RIAA, MPAA, and later Prenda Law attacked the shit out of Gnutella and BitTorrent. Centralized systems don't usually expose their users to legal risk like P2P does.
I have to wonder: how does IPFS protect people from learning what websites I've been on, or have pinned, without compromising the security of the network?
Spotify killed music sharing, not the RIAA.
There's still plenty of video and book pirating happening. Until the streaming industry gets its shit together and coalesces into a single provider, or allows peering, then that's going to continue.
The legal and privacy risks of P2P are both mitigated very simply with a VPN.
They also need to just sell a 'license for a "personal private viewing copy"' of a work and provide non-DRM files that users can self archive and maintain.
No, DRM is not necessary, it's already proven that someone, among the 8 billion monkeys (with some really smart ones) hammering away _will_ figure out a way of liberating the data from the shackles. The whole premise is fundamentally broken in that the viewers are distrusted from seeing the data in the clear. It just adds cost, friction, and failure points.
Convenience (EASE OF USE!!!), a fair price, and content that doesn't go away are how alternative distribution methods die. Just low how bootleg booze largely doesn't exist outside of prohibition since the market functions.
Tell me that you hang out with law abiding citizens without telling me...
Moonshine, home brew... people are out there sticking it too the man as much as they can.
If you have made home made cider, or beer, or yogurt, pickles, canned anything you know that its a labor but the product is better and far cheaper than what you can buy.
Convenience, quality, ease of use... People will pay a massive premium for these things. This (to this dismay of HN) is the Apple model. You can bleed the customer if they love you, if you have a good product.
This was a problem in early film, and the paramount decree was a thing: https://www.promarket.org/2022/12/12/the-paramount-decrees-a...
One would think that this should apply to streaming services, but sadly no, they get treated like network television did (does).
And I know that one of you will glom on to the paramount decree as an argument for the iPhone App Store shenanigans of late. Sadly they aren't remotely close to each other Apple isnt restricting your timing, or telling you what your price should be.
If everyone's on VPNs, nobody can connect to each other. I'm only aware of a couple of VPN services that offer port forwarding.
They had a single provider. They purposefully moved away from that model to make more money, and it's working.
How did it "die" in the late oughties, when FAIs were boasting about releasing routers with built-in NAS with torrent support in 2011, and projects like Popcorn Time only got popular in 2014 ?
A clueless gen-z user maybe, which was born with smartphones. On some media, ED2K and Nicotine+ (Soulseek network) it's the only way to fetch that content. Classical series/movies/comic books/special vinyl editions ripped into FLAC... those won't be at full FLAC/CBZ quality (high DPI png's) on YT/Spotify or whatever web site or APP for tablets.
P2P it's still pretty much alive, at least for Bittorrent and ED2K.
Desci Labs (1) do something like this - papers and all the associated data (raw data, code, analyses, peer review comments) are published and linked together - along with all the citations to other papers - in a big DAG.
I believe their data is stored in a p2p - it might interest you!
1. https://desci.com/
I very much enjoyed your articles on Tor and I2P :) I2P was entirely new to me, so I found that particularly interesting. I did idly wonder when the next article was coming, so I’m glad I didn’t just miss it in some issue. Totally understand where you’re coming from.
Thanks! It's always great to have feedback on paper-published content :).
When evaluating use-cases where blockchain technology is leveraged to disintermediate, I came to your same conclusions. Technically novel? Yes, sure. But, for what?
For incentive alignment, consensus, trustless, etc
Oh yeah, I was referring strictly to IPFS+ENS websites. I have been working with it for several years so my mind goes for this use-case automatically.