The Internet is always good. But even better, when control over it is carried out by the community, and not by the state and corporations.
In this post, I’ll talk about how and why the enthusiastic community is developing Medium, a decentralized alternative to the current Internet.
Since the development process for some time was more closed, some of the users quite naturally formed a double opinion about the network.
The metamorphoses that the project has undergone throughout its formation, to an inexperienced person in reality, may seem extremely strange.
Therefore, the publication also presents a kind of “work on bugs” – an exhaustive list of errors that we encountered during the development of Medium.
On April 24, 2019, a project was born with the goal of creating an independent telecommunications environment in the Russian Federation.
We called it Medium, which means “intermediary” in English (one of the possible variants of translation is “intermediate”) – this word is perfect for generalizing the concept of our network.
Our common goal is to deploy the Mesh network at the L2 level and support the development of overlay Mesh networks at the L3 level (for example, we are actively involved in the development of software for the Yggdrasil network).
What is a Medium?
Medium (eng. Medium – "intermediary", the original slogan – Don't ask for your privacy. Take it back; also in English the word medium means “intermediate”) – an independent telecommunications environment that provides access to the Yggdrasil network at no cost.
Yggdrasil is a distributed Mesh network that works in overlay mode and allows you to make the Internet over the Internet.
It was established in April 2019 as part of the creation of an independent telecommunications environment by providing end users with access to Yggdrasil network resources using Wi-Fi wireless data technology.
Yggdrasil is a network transport that uses Medium to provide connectivity between the so-called “Network islands” – groups of devices combined with each other through the use of B.A.T.M.A.N. network protocols and 801.11s.
Prerequisites for the creation of an independent telecommunications environment
On May 1, 2019, the incumbent president of the Russian Federation signed Federal Law No. 90-ФЗ “On Amending the Federal Law“ On Communications ”and the Federal Law“ On Information, Information Technologies and the Protection of Information ”, also known as the draft law“ On Sovereign Runet ” .
On November 1, 2019, the sovereign Internet law entered into force.
It means that:
- Telecommunications operators will be required to install state equipment at traffic exchange points within the country and communication lines crossing the border of the Russian Federation
- Will be implemented the possibility of "centralized management" Runet
- Traffic exchange between telecom operators will be carried out only through exchange points entered in a special register, the order of inclusion in which will be determined by the Russian government
- Restriction of access to banned Internet resources in the Russian Federation will be implemented
- A “national domain name system” will be created
Unfortunately, how it will work (and whether it will work?) Is not entirely clear: there are so far no clear instructions for telecom operators. Also, there are no methods, fines, plans, distribution of responsibilities and those responsible – there is simply a declaration.
A similar situation was observed in relation to the implementation of the plans of the “Spring Law” – the equipment for the law did not have time to develop on time and the country's leading telecom operators were forced to repeatedly contact potential manufacturers of specialized equipment with relevant questions. However, they did not receive a response either about information about the equipment, or the samples themselves.
But the main thing is not that the law has already entered into force. The main thing is that, thanks to the introduction of this bill, the community of enthusiasts began to deploy an independent telecommunications environment in our country.
Frequently Asked Questions
Source: AMA with Medium (Direct Line with Medium Developers)
Why is there a name that is very easy to confuse with medium.com?
Answer: since we are building a L2 mesh network through the use of B.A.T.M.A.N. wireless protocols and 802.11s, it was quite logical to come up with a name, one way or another connected with wireless technologies.
In the case of our network, we decided to dwell on such a name, because it perfectly described the essence of the project.
Firstly, “medium” can be translated from English as “intermediary” (or “intermediate”) – each network operator in its own way is an intermediary between the end user and the network itself. By the way, inside the community of network operators we informally call mediums.
Secondly, according to Wikipedia, “a medium is a sensitive individual who, according to the followers of spiritualism, serves as a bridge between the two worlds: the material and the spiritual.” Indeed: this definition fits very well with our network concept!
It was repeatedly mentioned that it is easy for an inexperienced person to confuse our network with the medium.com resource due to the similarity of the name. This is true, but in the community we do not consider this an acute problem – for example, Yggdrasil network members have long known that Medium is about mesh, not about blogs.
Moreover, we are not a commercial organization and in accordance with the tenth principle of our manifesto, “the possibility of independent development of the project is much more important than the possibility of making profit from the activities carried out by the Community”.
Our business does not overlap with that of medium.com. Yes, and it would be impractical to create another blog platform with a similar name. However, since we pursue other goals, it was decided to leave this name in memory of the initial idea of the project.
Do not be afraid of persecution by the FSB / RCN, etc. organizations?
Answer: We are actively cooperating with RosKomSvoboda and have already sent an appeal to the Ministry of Communications. They even got an answer. But it turned out to be not entirely useful – it contains only an extract from the code of laws. We are currently awaiting an additional response.
I didn’t find enthusiasts in the default city (well, or they are not marked on the map). One and a half people do not count.
Answer: Yes, unfortunately, at the moment in Moscow there are no active points. We plan to correct this situation in the near future.
Do you plan to sell your hardware to organize the network "out of the box"?
Answer: in the future, this is a natural scenario. At the moment, we are working on the OpenWRT firmware generator for equipment compatible with 802.11s.
I did not find any technical details.
I know Yggdrasil, but what is the Medium project for you? nic.medium does not work, there is no information on the github.
Answer: Yggdrasil is already running on top of the existing L3 network. Medium is the network infrastructure over which Yggdrasil runs. Medium uses different protocols to organize the partial mesh topology – B.A.T.M.A.N. and 802.11s. In order to "connect" all the nodes of the Medium network, Yggdrasil is used.
How legal is this idea and what consequences may arise?
Answer: it is completely legal and no consequences should arise. We work closely with RosKomSvoboda (which, by the way, has a very rich judicial practice in the field of information technology) and consulted with her about this.
By the way, RosKomSvoboda recently released material about Medium in its blog. In one of the paragraphs, the position of RosKomSvoboda in relation to the Medium network is clearly indicated:
I want to become a network operator. Will they find me?
This issue has already been discussed by both community members and us – and we did not find any problems with the free provision of mobile radio services by the decentralized Internet provider Medium in the Russian Federation.
Where are the guarantees that the feast will not be planted like Bogatova?
Answer: The peer provides connectivity within the Yggdrasil network. Unless you specifically install proxies on the big Internet there and tell everyone about it, then nothing threatens you.
“Only insurance can give a person peace of mind,” Ostap answered, not slowing down. “So any life insurance agent will tell you.” Personally, I no longer need you. Here is the state, it will probably be interested in you soon. ”
“Experience is the son of difficult mistakes.” During the development of the Medium network, we managed to resolve many problems that arose in our way.
Mistake # 1: Public Key Infrastructure
One of the main problems at the time of network design was the ability to conduct a MITM attack. The traffic between the operator’s router and the client’s device was not encrypted in any way, because the main traffic was decrypted directly on the operator’s router.
The problem was that anyone could be behind the router – and we really didn’t want this “someone” to listen to everything that customers receive.
Our first mistake was the implementation of the Public Key Infrastructure (PKI).
Thanks to the use of level 7 of the OSI network model, we got rid of attacks such as MITM, but got a new problem – the need to install certificates of root certification authorities. And certification authorities are another superfluous problem. The key word here is "trust."
Again you need to trust someone! What if a certification authority is compromised? As comrade Murphy tells us, sooner or later the certification center will really be compromised. And this is the bitter truth.
We thought about the resolution of this problem for a long time and eventually came to the conclusion that there is no need to use PKI – it is enough to use Yggdrasil native encryption.
Mistake # 2: centralized DNS
We needed the domain name system from the very beginning, because bulky IPv6 addresses weren’t looking very good – it was inconvenient to use them in hyperlinks, and the lack of a semantic component was a big inconvenience.
We created several root DNS servers that stored a copy of the list of AAAA records located in the repository on GitHub.
However, the trust problem has not gone away – its operator could implement IPv6 address change on the DNS server in no time. In the presence of a certain dexterity – even almost imperceptibly for others.
Since we do not use HTTPS and, in particular, HSTS technology, when changing addresses in DNS, it was possible to carry out an attack by substituting the IPv6 address of the destination server without any problems.
The solution was not long in coming: we decided to resort to developing our own implementation of DNS servers.
The first implementation was Wyrd – a decentralized implementation of DNS, which was a kind of crawler that bypassed all nodes of the Yggdrasil network, simultaneously collecting the relations “host name” – “IPv6 address” and forming a database of domain names from this.
The second implementation was Doppler, a much simpler implementation of a domain name server.
Its principle of operation is extremely simple: a string in Base32 format is generated from the IPv6 address of the Yggdrasil network node.
Access to a network resource is possible at addresses similar to those of I2P network resources – for example, izktqzg2rzgg2ig2bmatzmm2znid2eg2rogd3ahrroadyig.b32.ygg is defined as 200: 1863 :: 1447: c300: 24cf: 6a5e.
Mistake # 3: centralized everything
Initially, the word "Internet" meant by itself nothing more than interconnected networks or network of networks.
Over time, the Internet has ceased to be associated with something academic in people and has become a more commonplace concept, since its influence has spread widely to the lives of ordinary people.
That is, initially the Internet was decentralized. Now it’s hard to call it decentralization, despite the fact that the concept has been preserved to this day – only the largest traffic exchange nodes are controlled by large companies. And large companies, in turn, are controlled by the state.
But back to our problem – the tendency towards centralization is set by the operators of individual services like social networks, email servers, instant messengers and so on.
Medium in this regard has practically not differed from the large Internet to date – most of the services have been centralized and controlled by individual operators.
Now we decided to take a course towards full decentralization – so that vital services could continue to work, regardless of whether the failure happened on the central server of the operator or not.
Of course, most services are still centralized and still controlled by individual operators, but the main thing is that there is a movement towards full decentralization and it is felt by all members of the community.
Mistake # 4: calling yourself an Internet provider, essentially not being
For a very long time, we mistakenly called Medium an Internet provider.
Some of the observers have suggested that this is a marketing ploy. But in fact, everything was much simpler – at the stage of the project's inception, we needed to add a few words to the name of the Medium network in order to at least be different from the blog platform of the same name and not to mislead people.
For this reason, we called ourselves an Internet provider for a long time, and only when the ValdikSS user made a comment on this subject did we reconsider our attitude to such a name and systematically, step by step, began to refuse it.
During these ups and downs, many observers could notice awkward problems that occurred out of the blue: links that led nowhere, outdated project names, and so on.
But the main thing is that we admitted our mistake and corrected ourselves.
Currently, the network is alive and actively developing.
We are working hard to develop a truly independent telecommunications environment in Russia.
And we want to inform you that you have the opportunity to join our community of enthusiasts, having a hand in the development of a free Internet.
We recommend you to familiarize yourself with:
“Prepare Medium in the summer, and Telegram in the winter”
We tell you how to connect to the Yggdrasil network and create your own wireless access point inside the Medium network.
And a little educational program in the end:
What is a Medium?
Let's see what the main differences between the Medium network and the familiar Internet are.
We at Telegram: Read / To talk