How Can We Create a Censorship-Free Internet?

This post, authored by Dr RP, is republished with permission from The Daily Sceptic

VPN signups skyrocketed last month, with some providers seeing rises of 1,400% and VPNs for mobiles taking top places in app stores as the British public demonstrated their contempt for the British Government’s new internet censorship regime.

Although the Online Safety Act was voted through by the previous, supposedly conservative, government, the main symptom of it emerged this July.

Social media companies began age-gating various content, much of it entirely benign or of significant political importance, in a dangerous potential precursor to a digital ID system. Recall that the present government is running a consultation on Digital ID, deadline August 21^st. Britons, wanting none of this, rushed to buy VPNs.

Government Censorship Of The Internet Is Worse Than EVER In The UK

Labour’s ministers condemned VPN usage while claiming for them on expenses. To be clear, while corporate and organisational VPNs use exactly the same underlying technology as anti-censorship services, the fact that Business Secretary Jonathon Reynolds claimed for NordVPN shows he was buying a service – many others are available too – which lets users bypass censorship and avoid surveillance by ISPs (Internet Service Providers). His use of VPNs was not therefore limited to using a government-hosted VPN to access official resources from off-site as if he were in an office.

Hypocritical as it is for surveillance-apologists to use the tools which they wish to deny to everyone else, I cannot fault anyone for wishing to keep their own private affairs private. The need for privacy and anonymity has rarely been stronger. After all, when providing commentary on political matters and employing words as “elegant weapons for a more civilised age”, there is every reason one should seek to cloak oneself in pseudonyms and encrypted connections so as to prevent governments’ using “clumsy and random” actual weapons – sticks and stones and breaking bones – in response to criticism.

It is worth, then, considering why the Online Safety Act is able to have so disruptive an effect. It can definitely be argued that for earlier iterations of the internet it could not have done so. It is perhaps because so much of the internet has now become “five giant websites, each filled with screenshots of the other four”, that governmental fiat has been able to have this effect at all. 

Many people will consider VPNs to be a magic solution to this censorship, but all a VPN does is provide a tunnel from a censored country to a free one. A VPN ceases to help if there are no free countries left. The situation is severe in Canada, Australia, Ireland, France, Denmark and the EU. Switzerland is at some risk, and threats against internet freedom are even being made by governments in beacons of pandemic-common-sense like Sweden. The USA could be at risk too. Even with free countries still in existence, VPNs do not solve everything. Far too many of the monopolistic mega-websites, annoyed that VPNs might deny them tracking information which they can sell to advertisers, already serve more limited versions of the site to users visiting from known VPN IP addresses. Social media services often refuse new account creation for users visiting via a VPN or a Tor exit node, or demand SMS verification via a phone number which they can recognise by the + prefix (+44 for the UK for example) as being in the user’s physical location, not their VPN’s location.

The internet was initially established to avoid single points of failure – it was decentralised by design. Nowadays, 43% of traffic involves web services owned by just six companies and some people’s internet experience consists solely of what social media serves up for them. The task of the censor then becomes not a whack-a-mole process of trying to target hundreds of thousands of small sites, but simply one of calling a major platform to demand the removal of suspect content. The early adopting “cypherpunks” of the internet would have struggled to imagine that a system designed to be so decentralised – although it is a myth that the motivation for this design was specifically to aid its survival in a nuclear war – would end up carved up into the territories of a tiny number of massive corporations.

Other casualties of the Online Safety Act include UK forums. Many felt sufficiently threatened by the Act’s onerous demands that they shut down rather than risk monumental fines. I sincerely hope they’ve kept backups of historic posts, because, as Maureen O’Hara’s teacher said in the Second World War life-under-occupation drama This Land is Mine, the pages which censors demand are torn from textbooks are going to be glued back in some day.

The Act’s threat is credible to forum owners because the internet’s current architecture does almost nothing to hide the ownership of websites. Anonymously browsing the internet is feasible enough – VPNs and the Tor network do exist – but anonymously running a website is hard. Websites need domain names, identities more memorable than the IP addresses of servers and, unlike IP addresses, not subject to change at any moment. Simply having a domain name puts one at the mercy of registrars, some of whom will try to defend against governmental attempts to take a domain down but few of whom will stand against a court order in whichever country they are headquartered. Any who did resist an order to take down particular domains could be steamrollered by a government going to the next step up the chain and threatening instead whichever top-level domain owner that rebellious registrar was themselves relying upon. Hosting a site is necessary too; this either relies on someone paying a commercial service – again a pressure point – to host a site for them, or on dedicating a computer of their own to serve as a host, and therefore having to keep it powered, securely updated and connected to the internet at all times unless they want their website to go offline.

And so, our discussion now moves to Tor. Originally developed by the US Naval Research Lab as a means for American agents abroad to send messages back to base, it was open-sourced as a way for American agent needles to hide in a haystack of civilian users. Fear-mongering media organisations have tried to claim that VPN users will be drawn-in to the dark-web, yet as well as Tor and VPNs being different technologies, even within Tor the vast majority (93.3% to 96.6%) of data flowing through the network comes from people using Tor as an anonymised route – effectively a VPN in use-case if not in technical terms – to ordinary clear-web websites. Only 3.4% to 6.7% of Tor usage accesses the dark web of onion domain hidden services. It is this dark web where fear-mongers say that criminals reside, and criminal onion websites do exist. But the reality is that most of the dark web is barely navigable, and there is very little motivation for sites which claim to offer illegal goods or services not to simply take a cryptocurrency payment and then run away with it. The technical concept of onion services is an interesting one though.

Unlike the regular internet, onion services are designed to hide the identity of the server as well as letting visitors be anonymous. This anonymity is not perfect; there have been de-anonymisations of onion services by correlating things such as when a particular onion website was down against when power or internet outages, however brief, occurred for geographic areas in which the service’s server might be. Most onion websites taken down in this way have been vile services which deserved to go offline, but because it can happen to those services, it is also technically possible for morally upstanding services to be tracked and shut down the same way. Onion domains are not a flawless means to anonymously run an uncensorable website; just ask Ross Ulbricht, jailed in 2015 and recently pardoned by Trump. Donald Trump, of-course, remains overdue on fulfilling his ally, R.F. Kennedy Jr’s promise to pardon the more deserving Edward Snowden. 

The other great flaw of onion domains is that they require some technical skill to access – not much, but enough that people who have only ever known computers in tablet and phone form, without even a real folder structure, may struggle to install Tor and verify its digital signature. This means any onion domain – also a very difficult thing to advertise as they are not search-engine crawl-able – will reach a much smaller audience than a regular webpage. Onion domains are also much more difficult for someone to set up than the ease by which people, unaware of the harm that doing so causes to their privacy, can log in to a social media website and frantically type out their spontaneous musings for all the world to see.

What would the perfect censorship-proof internet look like then? I haven’t all the answers, but I can point out three key problems, among possibly many more, it would need to overcome.

• How can we run a network without depending on centralised corporations for the physical architecture? Since it’s earliest incarnations, the internet has depended for the physical layer upon other people’s hardware, and this was fine until telecoms companies became targets for state pressure. The technologies discussed so far – VPNs, Tor, onion services – are all designed to work around this fundamental problem; cryptography can let much be accomplished despite a centralised, compromised, physical layer. But governments are now, in their efforts to suppress dissent, advancing on so many fronts that a redesign of the physical layer – to take a step so far ahead that the censors can never catch up – looks the only hope for the long term.

The difficulty is that a physically peer-to-peer network is going to need an awful lot of bandwidth. Radio spectrum is, alas, a limited resource, and while many in Britain would be glad to see overbearing Ofcom defunded, that organisation’s original core role still needs to be performed somehow. Sharing spectrum without a monopolist taking over may be one of the very few things a free market alone cannot solve. The answer is to avoid having to share a spectrum at all; using line-of-sight optical or infrared relays means you don’t need to worry about one communication link interfering with another. And while a line-of-sight link can be temporarily disrupted by anything crossing the path, it makes widespread jamming by an adversary almost impossible. A variety of links running between, for example, mountain peaks, could transfer data effortlessly over the top of the land-border fencing of a heavily censored country. The key unsolved questions for the design of this sort of physical layer are those of resilience; those of how some equivalent to the Border Gateway Protocol would guide traffic across the physical network without needing centralised trusted parties; and of how to hide and therefore protect the nodes from tampering by censorious goons. How one would then operate the upper OSI stack layers running atop this network is a solved problem; no new work in encryption, for example, is needed. Encryption which already works over a compromised, centralised present-day network would work over a peer-to-peer optical one.

• How can we ensure people can still trust websites to act honestly when the very architecture of the perfect internet would make their identities untraceable by technical means? As I remarked on above, the dark-web is all too attractive a place for someone to take payments for services they never deliver. Obviously, that is a symptom of cryptocurrency payments – impossible by design to backcharge for refunds – not just of anonymised web addressing. But because card processors have been engaging in censorship, the perfect network would probably need some as-yet-unimagined method of payment, with neither the centralisation of existing infrastructures nor the scamming potential of cryptocurrencies. It would need a means by which users could compel a refund if scammed, but no means by which any authorities could block payments. 

“Fediverse”-type models based on community reputation can fail when censorious collectives of busybody individuals throw their weight around. Models based on micropayments, beloved of many Web 3.0 cryptocurrency enthusiasts who seem to believe they can be applied to everything, smell more like opportunities for rent-seeking profiteering rather than functional ways to keep a system running. 

It is already a risk that while mere browsing and social media might be able to migrate away from platforms where online censorship-disguised-as-safety fanatics hold power, online commerce would have a much more difficult time operating in a world where everyone needs VPNs and anonymity layers to avoid falling victim to a social credit system. Anyone thinking Everything is Just Fine because they can get around a block on an article or video should ask whether their bypass would be so reliable if they wanted to order an irritatingly non-metric type of machine screw from the one seller which existed for that type but who had recently been forced to implement digital ID checks for every purchase.

Note in this question I said untraceable by technical means: a legitimate business operating a website would still surely have a literal street address on their website. So part of this question becomes a solved problem. Digital signatures based on PGP/GnuPG exist which let it be proved, in the absence of serious quantum computing power, that only the person who knows a particular secret password can be the one who has signed some piece of content with it. We therefore already have the means for a person or organisation which one already trusts to prove that a service is theirs and not an imposter’s, so long as the signature you check for was delivered beforehand along a verifiable channel, like a sign outside their office, shop or warehouse.

• How can new services on a perfect network ever grow to compete with existing services? For more traditional services this is a bit easier: if you run a journalistic website publishing articles, then provided people know it exists they will come to wherever you are hosting it so long as it is easy enough to do. But for services playing a social-media-like role it is much harder. The attractiveness of a social media service to each new user is proportionate – okay, probably non-linearly but still monotonic – to how many users are already on there. How can a new service compete in a type of market where existing large players enjoy an entrenched, effectively monopolistic, advantage?

The logic of this problem also links back to the first of these three hard problems, developing the physical architecture’s design is not enough. There needs to be sufficient adoption of one specific physical layer architecture, lest it wither away as so many competing open-source privacy projects have done when they failed to get enough users to become self-sustaining. A tool to symmetrically encrypt local files is still a working tool if even only one person wants it; a network infrastructure only works if lots of people use it.

Of course, aside from these technical “hard problems”, efforts to defend free speech via every political avenue and legal-case are vital too, and support for these efforts is stronger than ever before. Many people previously saw censorship as a distant threat on the horizon; with this latest example of government over-reach, it has stormed down from the mountains and made its presence all too strongly felt at the gates. The public aren’t happy, and to paraphrase a Roman senator, their attitude has become one of “Censorship Delenda Est”!

Stop Press: Lord Sumption, former Supreme Court Judge and principled opponent of Covid over-reach, has condemned the absurdity of restricting internet usage for under 18-year-olds while simultaneously handing 16 and 17 year-olds the vote. As yet he doesn’t “have an objection to [the Online Safety Act] in itself”, but just as his opposition to vaccine passports only occurred when he saw just how far they would reach, I’m sure he’ll come around to realising what a gross invasion of the general population’s liberty and privacy the Act is.

Dr R P completed a robotics PhD during the global over-reaction to Covid. He spends his time with one eye on an oscilloscope, one hand on a soldering iron and one ear waiting for the latest bad news.

Your support is crucial in helping us defeat mass censorship. Please consider donating via Locals or check out our unique merch. Follow us on X @ModernityNews.

The post How Can We Create a Censorship-Free Internet? first appeared on modernity.