The new internet should meet the following criteria. The quality of security and privacy might vary between the different exposed services.
I. Privacy and Security Criteria
Data security is at the core of our technical approach. It is not sufficient to only secure the contents of communications. We also want to prevent the systematic collection of communication profiles (metadata), as the analysis of the social graph of a population poses a particular threat to democracy.
- Free Software: consistent use of free and open software, putting the system under permanent public scrutiny and giving users control over their computation;
- End-to-end-encryption: ubiquitous end-to-end encryption, removing the necessity to trust any third parties that might access our data while it is being transmitted or stored. No intermediate actors gain access to the exchanged content.
- Perfect Forward Secrecy: encryption is regularly renewed in such a way that past communications cannot be retroactively be decrypted upon access to key material.
- Link Encryption
- Meta data protection: obfuscation of transmission patterns, preventing the analysis of social relations, behavior patterns and topical interests of the participants in a network;
- Authentication: by direct interaction or by common social contacts, no trust delegation to external third party authorities. When interacting among private persons, the counterpart is directly or socially authenticated by default. When interacting with businesses, customers choose whether to stay fully anonymous, to adopt a long-term pseudonymity (equivalent to accepting a web cookie) or to authenticate themselves as a physical person. An integrated payment system enables an economy where the customer can remain anonymous.
- Decentralization: Essential to removing single points of failures and highly concentrated data flow from the calculation. Without distribution it is not enough: Whenever there is a fixed server in charge of a certain person it will gain access to all of that person's metadata. Even worse if that server is operating in a Federation kind of style or the application assumes its server to be in any way a safe place to store private data;
- Distributed data flow and storage: making bulk collection of data economically unattractive. No traditional server nodes may gain access to either content or metadata of communications, therefore only a distributed system of agnostic relay nodes can provide scalability, intermediate storage and anonymity from third parties all at once;
II. Performance, Reliability and Usability Criteria
Beyond the application of cutting-edge security standards, our concept emphasizes scalability and usability. We want to establish an attractive technological platform for applications that can be used by large user bases and businesses worldwide. Using a modular approach, we are integrating existing best practices and results from the scientific community to build a coherent system.
- Easy to install
- Usage: the user interface is intuitively usable;
- Accessibility: The interface(s) of the software are accessible (to people with impairments/disabilities);
- Functionality representation: the user interface represents in an easy way the functionality that is laying beneath;
- Efficient distribution: heterogeneous distribution trees, because we need to interconnect billions of users without resorting to cloud technology
- Security vs. Performance: The network shall be as performing as it can be, considering the grade of security for the specific services;
- Available public data: The infrastructure enables caching and intelligent distribution of public data, yet provides anonymous access to it (Examples known to fulfill this requirement: Maidsafe, Secushare, Freenet) -> Knowledge representation and file sharing in P2P networks;
- Resilience: The network has to be resilient: stable, adaptable, fault-tolerant (e.g. against jamming);
- Robust against fluctuating node participation;
- Real-time communication: The infrastructure supports also real-time communication;
- Partial resource sovereignty: The amount of bandwidth for private usage can be configured;
- Energy consumption restrictions: The nodes can be mobile, but technology in mobile devices must be aware of energy consumption restrictions;
- Sneakernet: Whenever necessary, data exchange may also happen by taking a storage device physically from one place to another (Briar, GNUnet transports etc.);
- Resource contribution incentives: The network provides incentives for peers to contribute more resources than they consume;
III. Software Criteria
- Free software with free as in liberty.
- Code Criteria, The code providing the GNU Internet protocol stack must be:
- logically verified,
- well documented,
- well tested,
- Secure Updating: It is possible to securely update system components;
- Reproducible Builds: Available as reproducible builds
- Holistic solution: it includes OSI-layer two to seven.
IV. Society and Legal Criteria
- Public support: ethically, politically and financially supported by public entities;
- Restrictions to proprietary applications: they may use the new Internet protocol stack under the conditions that:
- they run in a securely sand-boxed environment;
- they do not gain access to any data of constitutional relevance, in particular not the social graph which the user is not entitled to share with external third parties as other people are affected by such gesture;
- Participation: The network is open: that means everyone can easily participate (after installation of the protocol stack);
The following criteria are inherited from the
- Social-Swarm-working group
- GNU consensus-working group
- The-21st-century-vision paper of the #youbroketheinternet-working group
- counterantidisintermediation-working group
- GNUnet publication for "Protecting online privacy by enhancing IT security and strengthening EU IT capabilities"- event of the European Parliament
- and developed by lynX and Dmos.
- Pfitzmann, Andreas; Hansen, Marit (2010): A terminology for talking about privacy by data minimization