ZeroNet Blogs

Static ZeroNet blogs mirror

ekaterina@blog (personal)

Obligatory Portal 2 reference:

To the people who knew me before I went AWOL for a year:

First of all, sorry for suddenly vanishing without a word. Anxiety got the better of me, so instead of doing the right thing and saying I’ll be gone for a while I vanished like a coward. So I’ll just say it outright: I royally fucked up, no excuses. Feel free to call me names for it, I won’t hold it against anyone since it is well deserved. I just ask for the names to at least be creative so that other people reading them can have some fun too.

Saying something wouldn’t have changed much however, health problems made it impossible for me to continue working on my ZeroNet projects, or anything really, for a long time. My condition effects my brain, I can’t think straight for days until I can again for a few days, like being completely drunk for days on end, so the time I can spend productively is limited as you can imagine. Had to move back in with my parents, I live in a different city now, but at least the internet is better here. My condition hasn’t really gotten better, just different, despite dozens of visits to doctors, but I’m starting to get back on track despite the situation.

I still love ZeroNet and still strongly believe fighting censorship is a fight worth fighting at almost all costs and decentralization is the way to do it, especially now where censorship is on the rise again all around the world, so here I am again.

I’m not going to go into too much detail of what exactly happened, because as you know if you’ve followed me before on ZeroNet, I’m here anonymously and want to remain that way as long as I can.

I won’t be able to be as active as I was before, and I’ll likely need some time to get reacquainted with the source code of my ZeroNet sites, especially the SQL parts which I still hate passionately, and there are probably lots of new ZeroNet features I need to learn, but once I’ve managed to do that there’ll be new updates to my current projects and new projects for sure.

And please don’t see this post as me fishing for sympathy due to my medical situation, I’m not and I don’t want it, if it were up to me I’d say this is the first and the last time it is even mentioned, I just feel I owe it to people to try to explain at least a little bit of why I was away for so long, as much as I can without risking my anonymity, and why going forward I might be unavailable for a few days every now and then when my condition kicks in again too hard.

Also, a big thanks to whoever paid the fee to keep the ZeroPolls namecoin domain running in my absence. I said before I so rudely vanished that’s why I don’t like the idea of using domains, and instead prefer using just the hashes. If someone hadn’t kept the domain registered, all of the ZeroPolls.bit links people shared would have stopped working in my absence, while the hashes just keep working forever, so they are way better in my opinion.

Alright, I think that’s it for now. Oh, one more thing… You won’t believe how sad I am that I missed the launch of ZeroMe. I was looking forward to that so much T_T.

PS: I posted this to both of my blogs just so people see I’m back, just so you aren’t confused if you follow both blogs, if anyone still is.

I said it in my last blog post, the biggest threat we are facing right now is governments trying to outlaw encryption. And then today I read this:

According to an action plan to fight terrorism being drafted by the Hungarian Ministry of Interior, a person using a service providing encrypted communication could be imprisoned for up to two years.

If you don’t know, ZeroNet’s creator lives in Hungary, so this is bad. If I understand it correctly the plan has been put on ice for now, but that they wanted to do it in the first place is bad enough and they still want to put backdoors in encryption software like ZeroNet.

Even though the government has backed off the plan following a five-party consultation, it still plans to target those applications whose aim is to encrypt communication and try to force them to open backdoor access.

So we need to keep a close watch on ZeroNet’s and especially ZeroMail's encryption source code from now on, so that we see if the Hungarian government forces ZeroNet’s creator to add a backdoor. And by "we" I mean people who are experienced with encryption, which I am not. It’s also a reminder that it might be a very good idea to make regular backups of all of ZeroNet’s Github source code repositories, so if the Hungarian government should come back with it’s plans to outlaw encryption, ZeroNet won’t be removed before anyone is able to make a copy to continue it’s development in another country.

More information can be found in this Hacker News thread.

Reddit has been served with a National Security Letter, a gag order used by the American government, specifically the FBI according to Wikipedia, to force companies to become government spies and spy on their customers without being allowed to tell anyone about it or face jail time. This is, as absurd as that sounds, perfectly legal in the United States.

There are right now two top Reddit threads about this: 1 2

A few big companies, including Reddit, have gotten into the habit of releasing yearly transparency reports with something called a “warrant canary”. It’s a reference to the canary used by coal miners to warn them of poisonous gas, the canary would die a bit sooner than a human from the poisonous gas, so if the miners see the bird dies, they run for their life. In this context, it is a sentence in the transparency report that says something along the line of “We have never received a National Security Letter”. Once they do receive one, that line will not be included in the next transparency report and this is what happened with Reddit. If using a warrant canary is actually considered legal, nobody knows for sure, a judge might decide that using such a warrant canary is the same as speaking out and therefore illegal, so Reddit showed quite a bit of courage here to warn their users.

A lot of people were still not sure if this really means Reddit received such a letter, and asked for confirmation, which is stupid because this is the exact purpose of the warrant canary, it is the only thing a company can do to warn it’s users of the privacy invasion by the government, the company is not allowed to say anything. So in answering users, Reddit’s Ceo /u/spez answered by saying he was advised not to say if it’s true or not, which again says that yes of course they did receive the letter, stop asking and use your brain.

According to Reddit’s former CEO, /u/Yishan, who is not bound by the gag order in the National Security Letter, Reddit uses Amazon AWS and he believes Amazon is already a government spy since they have never spoken up for users’ privacy rights when other companies like Microsoft, Google and Apple did, so this might not actually mean things are now worse than they already were at Reddit. It is however proof that things are bad right now, it’s no longer just a belief.

Is this big news? Probably not. Ever since Snowden spoke out, people knew how fucked up the situation in the United States (and many other countries) is. This is just more proof of it. The situation hasn’t gotten worse, it’s been this way for years.

I think the biggest news and the biggest threat right now, the one that EVERYONE should care about a lot, is that a few governments all over the world want to ban encryption for private use. That means no ZeroNet for one, but cryptography drives so many things in our modern lives, it means much more than that. And it also means no privacy online, at all, which is a universal human rights violation according to the UN by the way, privacy is a universal human right and it applies online as well. Amnesty International also just called it a human rights issue in a report.

Sorry for not being on ZeroNet the past week, was a bit under the weather and had lots of things to do which is always a great combination. But now you got this huge blog post for your trouble that I'm sure next to nobody will read to the end :)

Recently, the first very early test version of MaidSafe's SAFE network and the first version of their API for developers was released, finally after ten years and some accusations of it being vaporware or a scam, and I decided to take a look and see how it compares to ZeroNet.

SAFE client

(Screenshot taken from MaidSafe's blog)

This is going to be very long, I will describe everything I have learned about SAFE so far, the TL/DR is ZeroNet is objectively better right now, and in some ways will be forever, but you might still be interested to use both when SAFE is fully released, I certainly am, because due to it's design it will also have some really amazing properties ZeroNet doesn't have (and vice versa). Scroll to the very bottom of this blog post for a big collection of links all about SAFE.

Disclaimer: I participated in the crowdfunding for SAFE a while ago. SAFE together with ZeroNet and IPFS are the most interesting, modern decentralized networks being worked on right now, in my opinion of course. I don't count I2P or Freenet among these, they are very old and mature projects in comparison to these newcomers, they are built upon old ideas, which doesn't mean they are bad, but they are different and to me less interesting than these new ones, but your mileage might vary, I know Freenet and I2P have a lot of fans and likely for good reason.

The SAFE network can be a bit hard to understand, it has a big community behind it (which was also evident by the successful crowdfunding campaign) even though it doesn't even really exist yet, but that is probably because it has been in development for 10 years (only over the last two years I believe actual code has been written, it was all research and planning before), by a scottish company called MaidSafe and therefore had a lot of time to make people interested. MaidSafe and SAFE are often confused, one is the company (MaidSafe), the other (SAFE network) the decentralized network they develop, keep that in mind when reading about it so you don't get confused, but I'm sure you will anyhow, it happens to everyone it seems, me included :)

I've got all my information from reading through the SAFE forums, listening to the unofficial (but really good) SafeCrossroads podcast, and a very little from trying it out myself. I cannot guarantee that all of this information is correct, my information comes mostly from other people's understanding of SAFE and very little from official sources, so take it with a grain of salt, it is absolutely possible that some information I give here will be completely wrong. And even if it isn't wrong, it might change, SAFE is still in development.

SAFE is similar to ZeroNet in that it allows you to create and access censorship resistant, decentralized websites (and native apps). Both projects have been described as Bitcoin meets Bittorrent, but SAFE has (or rather plans to have) additional properties and is implemented in an entirely different way. SAFE has privacy baked in, you don't need to use Tor with it. You download an application (Win, Mac, Linux and at some point iOS, Android), double click it, enter your login information and off you go, supposedly fully secure without having to fear someone knocking on your door (right now you also have to configure your browser or your operating system to access .safenet websites, it's easier than it sounds but not easy enough for mainstream use). It's also like Dropbox because you can use it to create an online backup of all your files, but without having to trust any company that they don't or can't access your private data.

At this point I have to say SAFE is nowhere near ZeroNet in it's current state, it will probably be months before you will be able to make sites as sophisticated as you can do with ZeroNet on the SAFE network. Right now all sites are just static HTML, the first, minimal version of the API for programmers (which can be used from websites or even native applications just like ZeroNet) was just released days ago (on the fifteenth), and it only allows you to store and retrieve data right now, nothing fancy. SAFE is also a bit slow at the moment, especially when you are used to ZeroNet where sites load instantly because you have a local copy that you work on. I hope that is something that will change, but I don't know if that is the case, it might always be a bit slow due to the way it's designed.

The SAFE network is described as a huge file system, one big decentralized harddrive that spans the globe. You can upload data (websites, images, videos, etc.) to that harddrive that anyone can read, or you can upload encrypted data to it that only you or a few select people can read. The difference to ZeroNet is, with ZeroNet if you view a site you also seed it, with SAFE, the network decides who seeds it. There are always 4 copies of a file in existance on the network, encrypted and broken into small chunks up to 1 mb in size, if one copy goes down, it gets replaced. Sounds dangerous, why only 4 copies, but nodes who have shown a high reliability in the past are preferred when storing data, so it's not as dangerous as it sounds, and since these 4 copies are split into chunks they are stored on much more than just four computers.

The network is also tied to a crypto-currency, SafeCoin. It will be used (right now everything is free) to pay for storing data on SAFE (forever, one payment and your file exists forever), using applications, etc. People like me who participated in the crowdfunding received MaidSafeCoin, just a token which will be translated 1:1 into SafeCoin once SafeCoin is actually implemented. Application developers automatically get SafeCoin when their apps are used (and have to pay SafeCoin themself to use some resources of the network with their apps), so the more popular an application is, the more money it makes, which means companies don't need to work against the users' best interest to make money, which is obviously great for both developers and users.

This might also turn out to be a cool way to actually make money with open source software, something that is still quite rare and might give a huge boost to open source. Some people would like to get rid of companies or the concept of money for software completely, but everyone needs to eat, and what about news sites, journalists want to get paid too, this is a model that will support that, without discrimination, everyone anywhere in the world can make money developing software or running a website no matter if he went to an elite university or learned all this himself sitting in front of a slow community laptop shared by 30 people somewhere in Africa. If it's popular, you will get paid, automatically by the SAFE network, without any human intervention and therefore without any human discrimination. The online advertising industry is dying, statistics show half of all web users use an ad blocker, that means not just tech savy people, it means basically everyone from all walks of life. This could be a replacement for advertising, one that does not make users the product to be sold and reaped for profit.

You can also get SafeCoin by providing resources to the network, that includes disk space on your harddrive that other people use to upload data (fully encrypted and chopped into chunks, nobody knows what file is stored where) or your computer's processing power which will be used to create one big computer spanning the globe, running the server side part of applications, which is one feature that ZeroNet doesn't have and application developers would have to use Ethereum or something like it to get the same with ZeroNet without having to rely on central servers. This is all planned, nothing of this is actually available in the downloadable client yet, but that is the idea.

The idea is also that you will be able to earn a good amount of SafeCoin by using a small setup, a good amount meaning enough for you to use the SAFE network for free while probably still having a little bit of SafeCoin left over to sell on an exchange for example, you don't need to be a hardcore bitcoin miner with a huge 20 GPU rig for "mining" to be feasible (that's the idea at least, might turn out to be impossible). And there is no blockchain, instead SafeCoin uses a DHT, a distributed hash table and some cryptography magic I don't understand. SafeCoin actually works like any other message on the SAFE network works from a technical standpoint, there is nothing special about it, when you send a message to a friend it's the same as sending a SafeCoin to someone, with the difference that you transfer ownership of that SafeCoin. The latest episode about SafeCoin from The Daily Decrypt on YouTube (link at the end) has an interview with am employee of MaidSafe about this, she explains all of this in detail.

No blockchain is a huge thing, it's one of the things I really like about ZeroNet as well, it means the SAFE network works without having to download a blockchain for hours or days to be a full node. It also means payment with SafeCoin is anonymous by default, there is no transaction history like you have with Bitcoin, nobody knows where a SafeCoin came from. Since more and more countries want to get rid completely of cash, to always be able to track everything you buy, this will be interesting for a lot of people who do not believe that a government should be allowed to track how many rolls of toilet paper you buy.

Most people probably don't care, they think only people who buy drugs or other illegal goods need to be concerned, but the more the government knows about you, the more it is able to create a profile of you to predict how you behave, which could be used to manipulate you psychologically or eliminate you if you are deemed dangerous. You might not do something illegal or immoral, but your government might. I can't think of any government right now that doesn't regularly do illegal or immoral things.

And while we are talking about full nodes, the SAFE network has both full nodes (vaults as they are called) and thin clients, or light wallets if you know Bitcoin terminology (just called client or launcher in the SAFE network). The part that was just released for download which you can try out on your own computer is the client, the vaults are running on 50 computers controlled by the developers right now to log what happens in the network and find bugs and other problems before really launching the network into the wild, at which point they won't have dictatorial control over it anymore, they won't log anything anymore, because then the users control the network. If you want to earn SafeCoin by contributing some harrdrive space or CPU power to the network, you will need a vault, otherwise using just the client is fine, which will also make running SAFE on mobile phones possible.

When you use the SAFE client you need to create an account. That account is not created through some central server as is the case on ZeroNet's ZeroID right now (as I understand it), instead it is fully decentralized. The account is stored on the SAFE network, a certain set of nodes (vaults), quasi randomly chosen, will store your account information (without even knowing they have that data, or rather encrypted pieces of that data). To locate and retrieve that data, a hash is used. That hash is based on a PIN number and a username (confusingly called keyword right now in the client, but it's just a login username), and access to it is secured by a password.

So you need three pieces of data to login, the pin number (at least 6 numbers), the username (which won't actually be shown to anyone, a public username like ZeroNet's ZeroID can be created later on) and the password.

This also makes it possible to create a fake account, that maybe uses the same username and password which could be given to government officials knocking on your door, but uses a different PIN, so it points to a completely different account. This is interesting for whistleblowers for example, their data will be safe even if their home is raided by a totalitarian country's police and even if they are forced by a court or through torture to give up their username and password. If you use only the client, no data is stored on your computer. Close the application and all traces vanish. At least that's the idea, that is not how it works right now, like I said earlier the developers keep logs of everything that happens on the network to improve the software before they release the vault software into the wild and can't do that anymore.

And that is probably also the biggest difference when comparing SAFE to ZeroNet. It is a basic difference in design which means these two projects will always be different and serve different purposes. In ZeroNet, everything is local, you download a website completely before you ever use it. And then you only download updates to that website. This makes everything extremely fast and it allows you to use websites (including writing comments and voting) even when you don't have a working internet connection. It also means you might store things on your harddrive that you don't want, that you could get in trouble for if someone was to ever look through the files on your harddrive (although you do have some control at least since you don't seed sites you never visited). There is always good and bad sides to everything. SAFE on the other hand, doesn't store anything (unless you are running a vault to earn SafeCoin, but it's still encrypted and split into chunks and you won't have all chunks to be able to restore a file even if you broke the encryption). You log in, you visit a website or use a SAFE desktop app, you close the SAFE client and everything is gone. This means everything is a bit slow (but not unusably slow), it means you have to download everything every time you visit a website, but it also means there are no traces left on your computer.

The last thing that I should mention is the quirky community surrounding SAFE. In the forums, you will find discussions that are, how should I put it, like a plan from the A-Team. You find tons of these huge thought through plans by forum members to discuss possible future projects. It all looks very professional, very technical, it feels like the forum community is Silicon Valley and there are all these little startups with spreadsheets and powerpoint presentations and crowdfunding, lots of crowdfunding, crowdfund all the things! I can't really explain it, you have to see it for yourself. My guess is, since these people have followed and wanted SAFE for so long, but since there just wasn't anything for them to do because it doesn't exist yet, they had to let their mind wander and just fantasize with intricate detail about the things they want to see once SAFE actually exists. I'm not saying this is bad or good by the way, I just thought it's worth mentioning it, because it is very different from anything I've seen before. Some people will love this, will love the enthusiasm, others will think it's a bit crazy. You've been warned ;)

I think that's really all there is to know about SAFE right now, there aren't any cool SAFE websites yet that would be worth mentioning, they are all just "Hey look I'm part of SAFE now, how cool!" messages on simple static HTML pages. SAFE looks quite interesting, if the slowness is something that can be addressed (and it's not as bad as some other decentralized networks) and if they actually manage to implement all that they promise. I'll continue to check it out as it updates (weekly dev updates are posted in the forums every tuesday I believe). I don't plan to switch away from ZeroNet, because ZeroNet already is awesome, but if SAFE ever becomes all what it wants to be, I probably will use both. They work differently enough that that makes sense, they will both have their place, although for some people one will be enough.

Here are some (Clearnet) links for you to check out if you got interested in SAFE:

I decided to create a second blog on ZeroNet, to write about things not related to the sites I develop for ZeroNet. This way people can follow posts from one without having to see posts from the other if they are only interested in my sites or only interested in my thoughts. And it keeps everything nice and tidy :)

I will probably mostly write about decentralized networks here, I've started to check out MaidSafe for example which I crowdfunded and just released a first test version (don't worry, I'm not going anywhere), free speech, censorship, these kind of things. Maybe also books, I love books! And I probably also will talk about other ZeroNet sites that I find and love. We'll see.

This isn't going to be a blog about my private life since I do try to stay anonymous. Not because I really have anything to fear (I believe), but because I like the fact that ZeroNet (with Tor) gives me the freedom to do whatever I want, develop all kinds of websites here on ZeroNet, without having to live in constant fear that I break some insane bureaucratic law and get fined outrageous amounts of money for it, we have a lot of these insane pedantic laws in my country.