Radovan Semančík's Weblog

"You know when we were flying and I was worried we might hit something in the storm and you said the only thing we could possibly hit at this height was a cloud stuffed with rocks?"

"Well?"

"How did you know?"

-- Terry Pratchett, The Light Fantastic

I'm a bit worried about all these proponents of The Cloud. Are they OK? Do they know what they are talking about? Maybe they haven't looked at the sky recently.

What I've seen in the sky are just levitating stone slabs being piloted by a well-trained teams of druids from Amazon and Google. If you are up to flying on a broomstick in the storm, be careful to avoid those clouds stuffed with rocks.

U.S. Government has made a decision. They have decided that it is OK to to seize your laptop for whatever reason, without any suspicion, for however long and to share the information stored there with anyone. This adds up to a pretty long list of nuisances for travellers. But this is the last drop.

I have made my decision. I have decided that I will not use my U.S. Visa for quite a long time. Imagine this: I would suffer a lot of discomfort to get across the ocean, willing to spend a week or so on a series of dawn-to-dusk business meetings, workshops and brainstorming sessions. And my primary tool for being effective would be seized at the borders. Bummer! All my effectively will be lost. I can buy a new laptop on the spot (and get a deal on that, USD is no longer what it used to be). But I will need to restore all the data, customize the environment, etc. I value my time high enough to risk that.

And more that that ... I may happen to carry confidential information in my laptop. Even if that information would be encrypted, can it be considered safe if seized by one of the most powerful organizations in the world? May the agent force me to submit a passphrase? Would I be held responsible for information disclosure if I submit the laptop with proprietary data to U.S.Government? I'm not sure. But I know that I'm not going to risk it.

Dear business partners in the Valley, please do not count on me flying over anytime soon.

Networks. Enabling interactions between any two nodes. Gaining value from "the Net Effect". There should be no channels in networks. There should be no "third parties" .... or ... should they?

This is ongoing discussion through the blogsphere. Let's abstract for a while from the question whether people need hierarchies or not and whether they are good or evil. Let's look at the problem from purely technical point of view. Let's think a while about implementation of one basic use case without a need for channels, hierarchies and third parties.

Use case: I want to share photos from my vacation with friends.

Solution 1: What I'm doing now is to upload the photos to my private server that I'm running in a broomstick closet. I have a perl script that will take the photos and create nice HTML photoalbum from that. I will send link to that album to my friends.

The Storage Problem: Not many people are crazy enough to run their own servers in broomstick closets. Most of them doesn't even know or care what a server is. Where are they going to "upload" the photos? They may keep it on their laptop or home PC. But then it is too bad for any friend who want to look at them while the PC is down. The core of the problem: Where will the user's state (data) be kept?

Solution 2: OK, let's change the paradigm and think of "sending" the photos to friends instead of publishing them.

The Communication Problem: Then, how would I (in Europe) send a photos to someone in Japan if our computers are online only for a few hours a day (and these does not overlap). We are too used to e-mail system and forgetting that e-mail is being queued by third-parties to make it kindof reliable. And how would I even find out the address of my friend's computer? He may be in Japan today and in Australia tomorrow. How will I know where to send the message? The system now is based on organizations under central control (IANA for IP addresses, ICANN for DNS names) and we are so used to it that we tend to overlook that.

Solution 3: Let's change the paradigm again. Let's think peer-to-peer now. That usually means DHT-based networks that allows communication and data storage without substantial centralized coordination. Let's store that data in the network "fabric" itself.

The P2P Problem: Seems perfect. I will store my data to the "network" and retrieve it anytime and anywhere. But ... who will pay for that service? I hear the idealists say: all users will contribute part of their disk space and CPU power to the goodness of everybody. Being raised under the communist rule I'm naturally suspicious to such claims. But even if people would willing to contribute disk space, would it work? Consider that most "terminal" devices of the network will be laptops, mobile "phones", TV sets, etc. These are not always-on devices. And hearing all these things about energy-saving such devices will probably be "mostly-off". And even if they have a disk space to share, such a storage will be quite non-practical. The inaccessibility of the devices will need to be balanced with massive replication of data. That could mean difficult synchronization of different copies of the same datum. Will such system still be practical? Our current empirical data from peer-to-peer systems are based on networks that are usually used to smuggle illegal data, networks with a good incentive for participants to be up and running most of the time. Can reliable peer-to-peer data storage still be practical in different environment? This is yet to be answered.

(Bonus) The Trust and Privacy Problem: Let's pretend that the problems above can be solved. Now I can publish my photos to some reliable P2P network and send a link to my friend over the same P2P network. My friend will like them and not realizing that some of these photos are quite personal will forward the link to his friends. And the link will spread ... violating privacy. How would I make sure that only my friends can see the photos? Maintaining their accounts and forcing all of them to authenticate? Bad idea. Going for some kind of Single Sign On? Then you need to trust someone telling you that "this is really your friend". Maybe a public key crypto can be used for that. But now you need hierarchy (X.509) or web of trust. And that needs state again - the keys. I don't think people will take their keys with them wherever they go. Store the keys this ideal P2P storage we have? Well, then how would you authenticate to the storage itself? And what happens it you lost the keys? Your entire social network that you were building for last few years would be lost? And ... the best of all: If I see a message from person X that I haven't had any previous interaction with, how do I know that I can trust him? (Remember: we want no third party to make any statements about his credibility). I will need to ask my friends whether their friends have some information about person X. But this actually means that all my friends are "third parties"!

The bottom line is that with great freedom comes a great responsibility. Are people ready to take that responsibility? Is technology ready to support it?

I think that the answer to both questions is: No, not yet. Not anytime soon.