2008-08-11»
gmail down; p2p dnsยปMore fuel for the decentralisation fire with Gmail’s downtime today (Google’s apology). Again, as much as these events people to reconsider keeping all their data marooned on Google’s tiny island in the wider Net, it’s not as if anyone has a more reliable service in place — yet.
It also made me realise that think of another reason why you might want a centralised (or radically decentralised) service that didn’t run on your edge of the Network. Central services are terrible for privacy, but can be better in some contexts for anonymity. Creating a throwaway mail account on a central service (or better still, getting somebody else to), and then using Tor or another anonymising service to access it would provide more temporary anonymity than receiving mail on your own machine (or serving web pages from it). There can also be a big different from serving and hosting data in an authoritarian regime than holding your information remotely in another, more privacy-friendly or remote, jurisdiction. There’s a good reason why a lot of activists use webmail (and why so many were outraged when Yahoo’s webmail service handed over Shi Tao‘s details to the Chinese government).
Tor actually does offer an anonymised service feature, letting you run services from a mystery Tor node, and point to it using a fake domain like http://duskgytldkxiuqc6.onion/. If you were using Tor right now, that would lead you a webpage, served over Tor from an anonymous endpoint. So you can run anonymous services, in theory from the edge. Of course, not everyone is using Tor, so that’s hardly universal provision.
This brings me to another issue that I talked about on Sunday: mapping other non-DNS protocols into the current DNS system. I believe I’ve mentioned before John Gilmore’s semi-serious suggestion a few years back that we grandfather in the current DNS by saying that all current domains are actually in a new, even more top level domain, .icann. — so this would be www.oblomovka.com.icann., allowing us to experiment with new alternatives to DNS, like dannyobrienshomeserver.p2p., or somesuch, in the rest of the namespace.
Other name systems frequently do something like this already: there’s Tor’s .onion fake domain, and Microsoft’s P2P DNS alternative, which resolves to whateveryourhomemachineiscalled.pnrp.net. What neither of those do, however, is have a gateway mapping for legacy DNS users — a DNS server that would respond to standard DNS queries for those addresses, use the P2P protocol to find the IP, then return it to anyone querying using the existing DNS system. That might be a more backward-friendly system than John’s idea.
In Microsoft’s case, that would be pretty easy, even though apparently they don’t do it right now. Resolving .onion in normal DNSspace wouldn’t be possible currently, although I suppose could hack something up (maybe over IPv6, like PNRP) if you were willing to carry all the traffic (and had asked ICANN nicely for the .onion TLD).
I’m not the first person to think that this might be something that would make an interesting Firefox plugin in the meantime.