 Okay, hi, my name is Martin. I'm one of the commentators of new net and Today I will talk a bit about the project. I think if you have been here in the morning as well I think it ties in quite nicely with Other projects that we have heard about today when it comes to decentralization of the internet So I think I'm preaching to the choir. So the internet is under attack But I I want to give you a kind of a different perspective from what we have heard today in this aspect If we look at the internet how it works today It's not just centralized services and applications that we need to decentralize the internet is a technology stack That that goes deep up to the from from applications down to the physical layer So we have the ethernet we have IP BGP. So this is the OSI ISO stack so you have a physical layer then you have a data link layer, which if you have a cable It's the ethernet then you have a network layer, which is IP and BGP Which is usually used for routing then you have a transport layer where there are transport layer protocols Then you usually also have a naming system which now is the DNS for most internet applications and on top of that now you have at the moment very very centralized and large applications and services Now as we heard before today and as we probably also heard in the news Those centralized services are very easy to subvert so programs like prism and any other lawful interception methods Can basically directly collect data from you by simply going to those services and taking it and In order to avoid that of course it makes sense to think about how can those applications be decentralized But that's only half of the story because you're forgetting about the rest of the stack So a lot of times when you hear about the blockchains or blockchain based applications It's completely forgotten that if you attack the network On a deeper level then your blockchain is not really worth much or at least the security guarantees it gives you simply because The ISPs and the routing infrastructure. You have no control over that And it also doesn't provide inherently any security on its metadata for example and As we have heard before also in the news People are killed based on metadata, right? and This is hardly ever addressed in in in projects that try to decentralize applications be that Identity services or be that I don't know social network services But you always need to keep that in mind because everything is built on top of the internet infrastructure And then of course you have the naming system, which is a completely different story And DNS is something that is not only does not provide you any kind of security But it's also arguably managed and governed by by corrupt organizations, which we have seen with the dot-org case just recently So there's absolutely no aspect in this whole stack that actually provides us with any security guarantees And we cannot actually use it to build decentralized applications on top It doesn't make any sense. You don't have a proper foundation to do that And that is where the vision of the new net project actually starts So you know that wants to basically build a full stack that provides you with the individual layers of the ISO OSI stack So that decentralized applications Can be built in a meaningful way And we need metadata protection. We need encryption and we decentralization We need a stack that supports those three features and specifically metadata protection So if we were to like have a clean slate and just think about okay, so What would we like to have in the stack or how should it look like? Then I'm going to for now exclude the physical layer because that's a bit tricky But let's think about ethernet. So the ethernet is usually used To have a protocol that connects two nodes like directly So if you want to decentralize a system, you can think about your direct neighbors If you're in a decentralized network, you are going to communicate with your direct neighbors What kind of protocol would you want for that and You would probably want some kind of trust on first use of the record protocol That basically does a key exchange with a public key trust on first use Maybe has some Rekeying protocol is well built in but something like that. So at least that a passive observer of the network Cannot see What is happening or what what is part of the communication and more importantly that Encryption layer protects the metadata of the next layer So if you now need a routing protocol or a transport protocol that metadata is implicitly protected against the passive attacker The next thing what you need in a decentralized network is routing because usually this is what IP and BGP does for you, but you cannot rely on this infrastructure anymore because that is managed by ISPs DHT is implicitly have built-in routing mechanisms now Usually you think of DHT as key value stores But they do provide routing so you can use it to discover routes across the network and This has worked since bit torrent and this works now with IPFS. So it's it's a good method Now once you are able to You have your hop-by-hop encryption and you have a way to discover paths across your PHP network if you now want to address a remote peer or communicate with it you still need end-to-end encryption and State of the art at that point would be some kind of ratchet encryption protocol You might even want something like onion routing at that point naming Well, you want something that is less susceptible to more cobble and more cobble and Well less like I can and Once you have such a stack Now you can start building proper decentralized applications Of course, you can build them before and then after that address the stack But it makes sense to keep in mind that without the stack you distance your decentralized application is not Really giving you any value How does this relate to new net well in new net for the over the record layer? So the protocol we speak With other direct neighbors. It's just called core. It's to me It's quite a boring protocol because the only thing it does is just you know Connect to a connect some kind of a machine that you have a connection to do a key exchange and then Talk The digital hash table in unit is called r5n and there is a publication. I've put it at the end of the slides So you can download them and and look at it it's a special DHT that is combining combining Randomized routing with cadmilia style routing and is particularly use particularly good in restricted route environments So if you have a you only have very few connections In new net the protocol that is used to actually communicate with a peer that is Multiple hops away from you is called cadet. No cadet does is it uses the DHT to discover a path to a remote peer? This is done by simply retrieving by simply doing a get a get request against a peer ID and the other Peer does a put request against its own peer ID and that way you can basically find the path from one peer to the other peer Cut at the moment in in unit doesn't implement a ratchet for encryption But I think it does not at the moment implement some kind of onion routing across the path probably the most Stable component at the moment in new net is the new name system We currently have a project with an L net as well to write basically an independent standard on how to implement on how the wire format of the new name system actually looks like The new name system essentially if you know how DNS works in DNS You have usually a recursive DNS server that iteratively queries Other DNS servers until it has found an actual result the new name system does not use any servers instead All of the record information in the DNS system is stored in the distributed hash table In addition to that we use a little bit of a fancy elliptic craft Cryptography as part of the keys and values what is stored in the DHT in order to realize what is called a private information retrieval scheme And that means that if you are a passive Attacker on the network or if you're just observing queries and responses in DNS Then you cannot tell what is queried and you also cannot really read the answers Unless you know what is queried so passively just collecting all of the queries and responses doesn't really get you anywhere and There are also some planned and existing applications on top of GNU net wait I have slides on GNS, but they are only in there because So you can look at them how it works Next slide There are already some planned and existing applications on top of GNU net One of them is the Secure Share project, which is not directly part I think of GNU net at the moment and is still in development. Then there's also Secure Share by the way is a Social network, I think so it's it's kind of a replacement for something like Facebook Then there's GNU TALA. GNU TALA is a Privacy-friendly payment system and Something a project that I'm also involved with is Reclaim ID Reclaim ID is we have heard it. I think three times now today what you will call a self sovereign identity system What it does a bit differently I guess is that the only thing Reclaim ID tries to achieve is to decentralize the open ID connect service So I think I think I heard today that When you whenever you do authentication That you can basically simply Use open ID connect and then the authentication will happen For you and that is not actually true because often open ID connect They have actually nothing to do with authentication. It's actually says that in the spec The only thing open ID connect helps you to do is to authorize another party to access your data somewhere That's the only thing the protocol actually does doesn't have anything to do with authentication Authentication and that is what Rickley mighty does so users can basically use a standardized way to share personal information with other websites But it it does not include any kind of authentication Okay, so Rickley mighty basically is just a combination of open ID connect With GNS now one thing I left out until now and that is Probably the most important thing if you want to use the stack obviously at some point You need to bring it to the real world, right? Your software needs to run on something and The most straightforward way if you build any P2P system is to just say I'm going to open a TCP socket to the other peers And then you're done Which makes sense as long as this works as long as your peer-to-peer protocol part is not blocked as long as the network is not Blocked in any way, you know, for example by deep package inspection then this is fine But what if your network is more restricted? At that point you could think well, I'm just going to run my protocol over Application layer protocol. I could just say well, then I'm going to run over HTTPS because who's going to block HTTPS So that's another option Until somebody maybe tries to I Don't know probe your HTTPS servers that are not really HTTPS servers So the third option might be to go lower in the stack and you say well if I can use ethernet Maybe I can use ethernet, but if I can't use ethernet Then maybe I need to use like bare Wi-Fi or Bluetooth meshes or I don't know satellites So that I have some kind of physical mechanism That I can run my protocols on that are not under the control of some kind of infrastructure provider The answer in lunat and how to solve this is Yes, we're just going to use all of them So basically we have a separate layer that exposes a transport API To our stack But the actual connectivity that a note has is you can think of it like a plug-in infrastructure So you can basically enable or disable plug-ins such as a TCP plug-in an HTTP plug-in a Wi-Fi Bluetooth plug-in quick plug-in you can think of it and it doesn't really matter what plug-ins you have enabled You will still be using the same stack So somebody who lives who has a very restricted network might need to use a Bluetooth mesh network somebody who Just wants to use the network something productive and is in a very liberal network might be able to use the TCP Node just as well and it will work But the important thing is that this is abstracted from the actual application. So it will just work Now this is the core Ignunate stack if you look at it from the OS ISO OC layer perspective. This is something that you can just use and One thing I would like to note at that point is that whenever somebody looks at GNUNAT and look at the documentation Then obviously everything in that stack is documented. So the documentation is huge. It looks very complex But if you think about it if you want to open a socket somewhere You're not looking up how Ethernet works. Nobody does that You're not looking up how your Wi-Fi actually does the connection and the signaling works so in GNUNAT if you need a name system, you just have to look at GNS and if you only Need a transport layer protocol. You can only look at CAD it and then you're done and the API is for the individual layers are actually quite quite lean Now we can also look at this graph a bit differently if you actually would start a GNUNAT node You would basically get a number of processes that are started and each process is Essentially a layer in our core stack. So you would get a process for the transport layer You will get a process for the name system for the resolver. You would get a process for your transports Etc. And I guess today you would call this a microservice architecture and put them in containers But the GNUNAT protocol as a GNUNAT project is over 10 years old. So back then those names didn't exist But this is how it looks like The nice thing that you can do and that is currently also happening because I told you that we're currently standardizing the GNS name system And what somebody else is doing in part of the project is he says Well, just one thing Nuit is written in C and usually we get something like it's written in C I don't want to write C but you don't really have to because what you can do is you can just write a Service in another language. So currently somebody writes a go implementation of GNS And you don't have to implement the whole stack down to make this work because Each layer in GNS in the user space communicates with the lower and upper layers using sockets It could be a Unix domain socket or a TCP socket doesn't really matter and you can like Drop in replace any service that you want and This is also true for example for the go service. So you can just Listen to the proper sockets and use the proper sockets and then would just work So extension is not really tied to the to the technology used in the framework Actually, we are currently rewriting the the transport stack because it has some architectural deficits currently for example the The plugins that we use TCP HTTP if one of those plugins currently crashes It takes the transport service with it because it's a dynamic library and we want to change that so that every Actually transport plug-in is its own process. So if it crashes, we don't really care and we can still provide the transport layer And at this point I should probably say that I have not been quite honest with you So this is a very simplistic view over how new net works The truth is there are a lot of applications and services currently implemented in Gnounet And if you go to our website and look at architecture, you will get this picture Which is the new net spaghetti monster But it's actually if you now know that the core The core framework of Gnounet consists of the services that I've just shown you you can you can easily find them again here So in the middle you have a core if you can read it and in the above you have cadet and there's a DHT somewhere But it's just already a huge application ecosystem One thing that that you can see here is on the left side You can see that there's an FS application, which is essentially file-sharing think IPFS There's a voting application on the top right. You can see conversation, which is a voice over IP service And hope if you can see the sec usher. So Personally I think we should probably remove this picture and replace it with something more simplistic on the other hand This is more truth to what is actually currently implemented. So We probably need to think about this Okay, so Where's good? What's the current state and where are we going? I would say that Gnounet currently is not something that you can just use and build a productive application with it because just in December we had to basically break compatibility and Reimplement some of the cryptography and obviously that basically broke the whole network and now it has to rebuild itself And we are planning to do that at least once again this year because there's just still a lot of things to do and A lot of things to get right especially in the lower levels. So especially in transport layer Especially in the core layers to get this right We're on the other hand the the the upper layers they look a lot better So we're currently standardizing the GNS protocol at which point we probably don't want to change anything regarding that anymore That's why there's also currently an alternative implementation Right and beyond that we have obviously larger goals one of the largest one is probably offer Maybe something like a dot org replacement authority Using the new name system. Obviously there needs to be some kind of an organization that actually manages this Which is probably they're not going to be us and also We will be continued to implement additional transports I think the the ability to use different transports and to implement them is actually quite interesting So if somebody's interested in writing a transport then Feel free to contact us We're also going to participate in this year's Google some more codes. I don't know yet what kind of projects. We're going to offer But there's probably going to be from very simple projects to like very difficult tasks a few options So if you're interested that you can just Contact us. Yeah That was my final slide. Thank you. And if you have any questions Thanks, so I I love the project especially that Tyler. I really like the payment system I have a question about the name system GNS does each name owned by one entity If yes, how do you make sure and who did decide who owns the name and if not when I come to resolve a name How do I know which of the yeah values to take so the the idea that it's initially supposed to work Is I don't know if you heard about hyperlocal root in DNS So we're going to basically ship a root zone for you That is basically a list of top-double domains that map against the public key And if the user wants to change that he can do that Because it's just a configuration file, but that's basically the concept So you have a local root zone file that you can modify it and that basically assures that most of the time You will have the same names Every Okay, Zavada good every technology stack has certain affordances is The problems with the left-hand stack are really obvious now Is anyone thinking ahead to what the unintended consequences of the right-hand side might be are you doing things like? Consequence scanning if you got people who are maybe not technologists working with you to think about the political implications The political implications of the right-hand stack Do you mean within our project if we're thinking about that? I think there are people that think about this I'm all the techie. I don't really care about it. I just wanted to work But but yeah, if you like if you write on the mailing list I'm sure there will be a few people that have comments on that, but I'm not the right person probably Sorry, can you tell us a bit on the performances of no net the problems of no net there are actual numbers on that We have reached last year done a study for example on the performance of the DHT and the and with it with it the GNS So you can look that up. It's on our webpage and it's obviously it's not as good as the current internet, right? But but it but it's enough to do your regular work and then to do things with it. Hi. Hello Is there any plan to like have it run on top of Web socket and implementing everything inside the browser, for example, there is there is a project that is That is working. I'm not working on the new net.io. You can look it up somebody compiled new net which is see into web assembly using mscripten and wrote a Transport plug-in for web socket so that it just runs in the browser. So that works Are there any further questions if you want to leave please leave silently? Guess that's it Then thank you very much for giving this talk Martin As this room is known to get full every year We ask you that during the break you try to move as much inside as possible so people who come late Can find a seat