a staggering percentage of communications flow through a small set of
corporations—and thus, under the profound influence of those companies
and other institutions. Google, for instance, now comprises twenty-five
per cent of all North American Internet traffic; an outage last August caused worldwide traffic to plummet by around forty per cent.
Engineers anticipated this convergence. As early as 1967, one of the
key architects of the system for exchanging small packets of data that
gave birth to the Internet, Paul Baran, predicted
the rise of a centralized “computer utility” that would offer computing
much the same way that power companies provide electricity. Today, that
model is largely embodied by the information empires of Amazon, Google,
and other cloud-computing companies. Like Baran anticipated, they offer
us convenience at the expense of privacy.
Internet users now regularly submit to terms-of-service agreements
that give companies license to share their personal data with other
institutions, from advertisers to governments. In the U.S., the
Electronic Communications Privacy Act, a law that predates the Web,
allows law enforcement to obtain without a warrant private data that citizens entrust to third parties—including location data
passively gathered from cell phones and the contents of e-mails that
have either been opened or left unattended for a hundred and eighty
days. As Edward Snowden’s leaks have shown, these vast troves of
information allow intelligence agencies to focus on just a few key
targets in order to monitor large portions of the world’s population.
One of those leaks, reported by the Washington Post
in late October, revealed that the National Security Agency secretly
wiretapped the connections between data centers owned by Google and
Yahoo, allowing the agency to collect users’ data as it flowed across
the companies’ networks. Google engineers bristled
at the news, and responded by encrypting those connections to prevent
future intrusions; Yahoo has said it plans to do so by next year. More
recently, Microsoft announced
it would do the same, as well as open “transparency centers” that will
allow some of its software’s source code to be inspected for hidden back
doors. (However, that privilege appears to only extend to “government
customers.”) On Monday, eight major tech firms, many of them competitors, united to demand an overhaul of government transparency and surveillance laws.
Still, an air of distrust surrounds the U.S. cloud industry. The N.S.A. collects data through formal arrangements with tech companies; ingests Web traffic as it enters and leaves the U.S.; and deliberately weakens cryptographic standards. A recently revealed document
detailing the agency’s strategy specifically notes its mission to
“influence the global commercial encryption market through commercial
relationships” with companies developing and deploying security
One solution, espoused by some programmers, is to make the Internet
more like it used to be—less centralized and more distributed. Jacob
Cook, a twenty-three-year-old student, is the brains behind ArkOS,
a lightweight version of the free Linux operating system. It runs on
the credit-card-sized Raspberry Pi, a thirty-five dollar microcomputer
adored by teachers and tinkerers. It’s designed so that average users
can create personal clouds to store data that they can access anywhere,
without relying on a distant data center owned by Dropbox or Amazon.
It’s sort of like buying and maintaining your own car to get around,
rather than relying on privately owned taxis. Cook’s mission is to “make
hosting a server as easy as using a desktop P.C. or a smartphone,” he
Like other privacy advocates, Cook’s goal isn’t to end surveillance,
but to make it harder to do en masse. “When you couple a secure,
self-hosted platform with properly implemented cryptography, you can
make N.S.A.-style spying and network intrusion extremely difficult and
expensive,” he told me in an e-mail.
Persuading consumers to ditch the convenience of the cloud has never
been an easy sell, however. In 2010, a team of young programmers
announced Diaspora, a privacy-centric social network, to challenge
Facebook’s centralized dominance. A year later, Eben Moglen, a law
professor and champion of the Free Software movement, proposed a similar
solution called the Freedom Box.
The device he envisioned was to be a small computer that plugs into
your home network, hosting files, enabling secure communication, and
connecting to other boxes when needed. It was considered a call to
arms—you alone would control your data.
But, while both projects met their fund-raising goals and drummed up a
good deal of hype, neither came to fruition. Diaspora’s team fell into
disarray after a disappointing beta launch, personal drama, and the
appearance of new competitors such as Google+; apart from some privacy software released last year, Moglen’s Freedom Box has yet to materialize at all.
“There is a bigger problem with why so many of these efforts have
failed” to achieve mass adoption, said Brennan Novak, a user-interface
designer who works on privacy tools. The challenge, Novak said, is to
make decentralized alternatives that are as secure, convenient, and
seductive as a Google account. “It’s a tricky thing to pin down,” he
told me in an encrypted online chat. “But I believe the problem exists
somewhere between the barrier to entry (user-interface design, technical
difficulty to set up, and over-all user experience) versus the
perceived value of the tool, as seen by Joe Public and Joe Amateur
One of Novak’s projects, Mailpile, is a crowd-funded e-mail
application with built-in security tools that are normally too onerous
for average people to set up and use—namely, Phil Zimmermann’s
revolutionary but never widely adopted Pretty Good Privacy.
“It’s a hard thing to explain…. A lot of peoples’ eyes glaze over,” he
said. Instead, Mailpile is being designed in a way that gives users a
sense of their level of privacy, without knowing about encryption keys
or other complicated technology. Just as important, the app will allow
users to self-host their e-mail accounts on a machine they control, so
it can run on platforms like ArkOS.
“There already exist deep and geeky communities in cryptology or
self-hosting or free software, but the message is rarely aimed at
non-technical people,” said Irina Bolychevsky, an organizer for Redecentralize.org, an advocacy group that provides support for projects that aim to make the Web less centralized.
Several of those projects have been inspired by Bitcoin, the math-based e-money created by the mysterious Satoshi Nakamoto. While the peer-to-peer technology that Bitcoin employs isn’t novel, many engineers consider its implementation
an enormous technical achievement. The network’s “nodes”—users running
the Bitcoin software on their computers—collectively check the integrity
of other nodes to ensure that no one spends the same coins twice. All
transactions are published on a shared public ledger, called the “block
chain,” and verified by “miners,” users whose powerful computers solve
difficult math problems in exchange for freshly minted bitcoins. The
system’s elegance has led some to wonder: if money can be decentralized
and, to some extent, anonymized, can’t the same model be applied to
other things, like e-mail?
is an e-mail replacement proposed last year that has been called the
“the Bitcoin of online communication.” Instead of talking to a central
mail server, Bitmessage distributes messages across a network of peers
running the Bitmessage software. Unlike both Bitcoin and e-mail,
Bitmessage “addresses” are cryptographically derived sequences that help
encrypt a message’s contents automatically. That means that many
parties help store and deliver the message, but only the intended
recipient can read it. Another option obscures the sender’s identity; an
alternate address sends the message on her behalf, similar to the
anonymous “re-mailers” that arose from the cypherpunk movement of the
Another ambitious project, Namecoin, is a P2P system almost identical
to Bitcoin. But instead of currency, it functions as a decentralized
replacement for the Internet’s Domain Name System. The D.N.S. is the
essential “phone book” that translates a Web site’s typed address (www.newyorker.com)
to the corresponding computer’s numerical I.P. address (192.168.1.1).
The directory is decentralized by design, but it still has central
points of authority: domain registrars, which buy and lease Web
addresses to site owners, and the U.S.-based Internet Corporation for Assigned Names and Numbers, or I.C.A.N.N., which controls the distribution of domains.
The infrastructure does allow for large-scale takedowns, like in
2010, when the Department of Justice tried to seize ten domains it
believed to be hosting child pornography, but accidentally took down eighty-four thousand innocent Web sites in the process.
Instead of centralized registrars, Namecoin uses cryptographic tokens
similar to bitcoins to authenticate ownership of “.bit” domains. In
theory, these domain names can’t be hijacked by criminals or blocked by
governments; no one except the owner can surrender them.
Solutions like these follow a path different from Mailpile and ArkOS.
Their peer-to-peer architecture holds the potential for greatly
improved privacy and security on the Internet. But existing apart from
commonly used protocols and standards can also preclude any possibility
of widespread adoption. Still, Novak said, the transition to an Internet
that relies more extensively on decentralized, P2P technology is “an
absolutely essential development,” since it would make many attacks by
malicious actors—criminals and intelligence agencies alike—impractical.
Though Snowden has raised the profile of privacy technology, it will
be up to engineers and their allies to make that technology viable for
the masses. “Decentralization must become a viable alternative,” said
Cook, the ArkOS developer, “not just to give options to users that can
self-host, but also to put pressure on the political and corporate
“Discussions about innovation, resilience, open protocols, data
ownership and the numerous surrounding issues,” said Redecentralize’s
Bolychevsky, “need to become mainstream if we want the Internet to stay
free, democratic, and engaging.”