One thing I don't really talk about much is that most of my designs work within HTTP and do not rely on DNS.
There are two reasons for this:
- I want to support Onion Services and Tor users in general.
- DNSSEC evangelism sucks.
Discussion
Loading...
By "rely on DNS" I mean "doesn't add its own data to DNS records" like some proposals do.
I know Web PKI implicitly relies on DNS to map domain names to IP addresses. I wasn't talking about that.
If you want an indieweb to thrive, and for communications to be private:
Corporations are your adversary.
The US Government is your adversary. (Cloud Act, etc.)
The EU Government is your adversary. (Chat Control, etc.)
The coalitions you want to form are among queer / nerd subcultures.
You want kinksters. You want furries. You want bronies. You want Warhammer 40K players. You want otaku. You want therians. You want juggalos. You want Sonic the Hedgehog fans. You want the cringe TikTokers. You want D&D players and LARPers. You want people who attend Renaissance Festivals. You want people that attend Cowboy Fast Draw events.
You can have all those without the Nazis.
You can have all those without any government's permission.
Without corporate gentrification and rent-seeking.
Both corporations and authoritarianism benefit from centralization.
DNS is ultimately under government or corporate control.
indeed, a .onion is the only FQDN you truly own since you are the [priv] key holder, and the protocol itself enforces and manages e2ee
no registry to put a hold on your domain, no certificate authority to revoke your certs, no DNS
run it on your own server at home safely behind NAT since it's natively a reverse proxy, no need to do firewall management or manage an "edge router"
i cannot wait for the activitypub web stack that is fully compatible with onion services
(i blogged about a dating app idea doing this https://yawnbox.eu/blog/online-dating-with-dignity/)
@soatok I must not understand what a DNS is I thought it was just a big lookup table that points URLs to IP address
@KatS @soatok is there a practical alternative to DNSs?
I guess you could have lots of smaller or 'more open' DNSs but, to me, that just sounds like moving the problem. Ofc I probably misunderstand parts of the problem.
I've heard of the reticulum network stack which seems to do the whole Internet thing without much centralized infrastructure but idk how practical that is for larger scale stuff ( I've been meaning to look more into that but time qwq )
@spycrab @soatok You've just put your finger on the root of the problem: we don't have a viable alternative, and it's not for lack of trying.
If we did, the migration would already be underway.
The sheer scale of things is why it's so difficult. Making your own DNS replacement for a few thousand addresses is one thing. Millions of them, managed in chunks by thousands of organisations around the world? That's a whole other kind of problem.
Once you've implemented that and started rolling it out, now you need to get everybody on the internet to start using both systems in parallel, and that's probably an even harder problem.
At this point, you probably feel like having a drink :)
1 more replies (not shown)
@soatok Control of DNS is also not a hard-and-fast guarantee, and imo it's weird it became such an accepted verifier of identity. One of the many eyebrow-raisers in ATProto/Bsky.
@mttaggart Yeah, and it's one of the more common methods for government takedowns.
But if you can run everything over Tor, censorship becomes much more difficult.