Earendil: an uncensorable decentralized network (3/3)
Some interesting use cases of censorship-resistant communication and payments
In previous blogposts, we took a look at Earendil's
- overall design and architecture as a decentralized anonymous communication network that even ISPs cannot censor, as well as
- its very simple incentive structure, based on a free market for resources negotiated and settled link-by-link
But why would something like Earendil be useful? Here I want to very briefly introduce a few major use cases for a decentralized, anonymous, and censorship-resistant transport layer, though I will most likely expand on these subjects in future blogposts.
Anonymously browsing websites
This is the boring "Tor but better" use case. Unlike Tor (but like Nym and I2P), Earendil does not come with built-in web proxying functionality, but we can set up a simple proxy or VPN server (using something standard like SOCKS5) that listens on the Earendil network, then use it over Earendil. Earendil here replaces the network layer of a "clearnet" proxy server:
Using Earendil this way gives several benefits over using Tor or something like a VPN:
- Stronger traffic anonymization: although I did not mention it in the previous blogposts, Earendil can optionally operate as a mixnet, adding delays and reordering to messages. Similar to Nym, this provides significantly stronger anonymization than onion routers like Tor, at the cost of slower speeds.
- Better quality of service: Earendil's incentives should reduce the sort of resource shortage we see in volunteer-run services like Tor or I2P, and even compared to tax-and-subsidy systems like Nym, economic efficiency is likely to be higher. This probably means less congestion and better quality of service; I wouldn't be surprised if bulk data transfer jobs typically frowned upon in Tor, like torrenting and downloading OS updates, work very well on Earendil.
- Censorship circumvention: Tor uses a separate module known as pluggable transports to achieve "ban-resistance", while other similar systems like I2P and Nym typically do not support it at all. Earendil, on the other hand, is hard to block out of the box, and can be a useful censorship circumention tool for browsing similar to Geph or Lantern.
Of course, as a general-purpose transport layer, Earendil can be used to host things other than proxy servers. These anonymous services are known as havens.
Confederal "haven" services
Like their counterparts in I2P, Tor, and Nym, these "havens" can be conventional Internet servers like websites, blockchain RPCs, and chat servers.
But more interestingly, we can imagine Earendil powering a world of confederal protocols — federated protocols with user sovereignty based on true freedom of choice between providers. Earendil is particularly suited for the confederal model, since anonymous, censorship-resistant communication allows for a much more open market in providers than the cleartext Internet. Servers in heavily censored regions or behind NATs can now compete on the same playing field as those running on AWS. Hostile ISPs would also be unable to limit clients to "compliant" providers the way, the Great Firewall of China forces Chinese email users to use poor-quality domestic hosts.
Earendil's payment channel functionality also happens to be useful for the more decentralized and automated service payments a confederal world would require, such as paying a membership fee to access a community chat server. But funding confederal protocols is just a particular instance of the broader problem of decentralized economic coordination that Earendil payments can help solve.
Flow-based decentralized cryptoeconomics
Using cryptoeconomics to secure entirely non-blockchain decentralized protocols is a relatively unexplored area, probably because the current generation of cryptoeconomic incentives typically rely on blockchain smart contracts. It is very difficult to prove what happened on a P2P file-sharing swarm or a confederal chat service to a smart contract without some sort of trusted oracle (which would defeat decentralization).
A general micropayment network like Earendil, however, lets us design flow-based incentives similar to that used to fund Earendil nodes themselves. The idea here is that we do not attempt to prove correct behavior non-interactively to a smart contract and somehow ensure that good deeds and rewards happen in an atomic and irreversible transaction. Instead, protocol participants continually prove correctness to the subjective judgement of their counterparties. In return, they receive a continual trickle of micropayments by their counterparties.
In other words, instead of Alice atomically swapping her money with the apple that Bob's selling, Bob holds the apple as Alice gives Bob a few pennies for each bite she takes. If Alice finds any bite to be not worth the price, she can immediately stop payment, while if Bob finds Alice underpaying, he can immediately remove the apple. Neither Alice nor Bob is able to substantially cheat the other party.
This can be applied to a lot of notoriously hard problems in permissionless networks, like ensuring that an untrusted party keeps a file online. In that case, a file owner can continually stream payments to a file host, as long as the file host interactively produces data-availability proofs to the owner, something that sidesteps many tricky issues related to non-interactive data availability proofs that blockchain-based systems like Filecoin or Arweave face. By using a few redundant file hosts and quickly switching providers when one host misbehaves, the owner can incentivize the high reliability and censorship resistance that decentralized file storage networks typically promise.
There's a lot left to be said about cryptoeconomic design using micropayment flows – certainly multiple blogposts down the line – but I will end with an observation that because every indefinite income stream is equivalent in market value to some lump-sum payment, micropayment rewards (keep this data feed online and get paid $0.01 per minute) is essentially equivalent to slashing punishment (lose this data feed and your $1000 stake gets burnt). In both case, $X in rewards are lost if the party misbehaves. The only major difference is capital efficiency, which clearly favors micropayment flows.
Funding censorship circumvention
One particularly "fun" consequence of widespread Earendil deployment would be that providing access to the wider Earendil network from restrictive environments can become extremely profitable. This in turn is likely to fund developments in both resilient physical network technology and censorship-resistant obfuscation protocols.
An Earendil node operator controlling the only available link out of a crisis region with an international Internet shutdown can charge very high rates for any transit in and out of the area — at least until the profit opportunity becomes big enough that competitors set up their own clandestine links by whatever means necessary: Starlink terminals, mesh WiFi across the border, bribes to telecom officials...
In more ordinary circumstances, even with "normal" sub-shutdown levels of Internet censorship in places like China and Iran, advances in traffic obfuscation technology directly benefit the reliability and thus income of node operators in these networks. Node operators are thus well-incentivized to fund research into lower-cost and higher-reliability ways of getting around Internet filters.
This is especially the case because protocols are negotiated and can be upgraded link-by-link. This gives early adopters of better technologies — say, Chinese nodes who first upgrade to a better protocol for their cross-GFW international links — an immediate first-mover advantage. Research into censorship resistance then becomes partially privatized, making funding much less of a collective action problem than it would be if it were purely a public good.