I’ve been working on other things for the last few days, or at least trying to accomplish a few things despite the inevitable distractions. My post last week about Facebook struck a chord. Traffic has broken all records, surpassing the previous all-time most popular posts Amazon Really Doesn’t Like Free eBooks, and Detailed Analysis Of iPhone Location Data.
So I’ve been working on other unrelated things, but today by accident, I stumbled upon an interesting post on Medium that led me to Project Meshnet.
Our objective is to create a versatile, decentralized network built on secure protocols for routing traffic over private mesh or public internetworks independent of a central supporting infrastructure.
I’ve been expecting this. It’s not the only project of its kind, but it seems to me that we’re at a point where it’s likely to attract some serious interest.
I started writing a post almost two years ago on what I saw as growing technological, cultural, and societal trends. That post remains unfinished, but Project Meshnet seems to be one of the next logical steps continuing the trend, which I thought I saw, and which seems to have fully emerged with the sweeping events following the Arab Spring. I haven’t found a good name for this trend–perhaps an anthropologist could help here–I can only describe as it as a collective citizen empowerment. The coming decades may be the People’s Decades.
It will be interesting to see where Project Meshnet goes. One thing strikes me, however. If decentralized peer networks on private or public infrastructures are going to protect not just the content that flows through them, but also that metadata, they must not rely on the types of routing shown in the introductory video on their website. Anyone spying on such a network can still tell who is talking to whom, just like you and I can tell which user is sending a message to which other user when we watch the animation showing how the messages can be routed through individual peers.
In order to protect the connections between peers, in addition to the content of their communications, something else is needed. The network would have to be more like a broadcast network instead of point-to-point. If every message is sent to every node on the network then the metadata of who connects with whom is effectively obscured. Further, if every message is encrypted so that it can only be read by the intended receiver, then the security is maintained, because each node would simply discard a message it couldn’t decrypt.
It’s true that a “rogue node” could record all the messages and try to decrypt them, but security would be assured for the lifetime of the chosen cryptographic system.
Of course such a scheme is not scalable and would likely remain so for the foreseeable future. Distributed networks like these will be bandwidth constrained for a long time. On the other hand, I think there are ways that this could be feasibly implemented. I’d be surprised if the people working Project Meshnet weren’t already thinking about it, and if so, I suspect this could become the intelligence agencies’ worst nightmare.