Greetings!
Surely it will not be big news to you that not far off - the law comes into force already 1 November this year.
Unfortunately, how it will (and will it?) work is not entirely clear: there are still no exact instructions for telecom operators in the public domain. Also, there are no methods, fines, plans, distribution of duties and responsibilities - there is just a declaration.
A similar situation was observed with regard to the implementation of the plans of the "Yarovaya law" - the equipment for the law did not have time to develop on time and the country's leading telecom operators were forced to repeatedly turn to potential manufacturers of specialized equipment with relevant questions. However, they did not receive an answer either about information about the equipment or the samples themselves.
But the main thing is not how soon the law will come into force and what changes await us. The main thing is that thanks to the introduction of this bill, the community of enthusiasts began to deploy an independent telecommunications environment in our country.
Today I will talk about what we have already done, what we are going to do in the near future, and what difficulties and problems we had to face in the development of the project.
What is the law about?
Before proceeding to the technical part of our project, I need to make a reservation about what the law "On sovereign Runet" is.
In short: the authorities want to “secure” the Russian segment of the Internet in case the hypothetical enemies want to turn it off for us. But “the road to hell is paved with good intentions” - it is not entirely clear who they are going to protect us from and how “enemies” can, in principle, disrupt the work of the Russian segment of the Internet.
To implement this attack scenario, all the countries of the world must conspire, cut all cross-border cables, shoot down domestic satellites and create constant radio interference.
Doesn't sound very plausible.
What is "Medium"?
Medium (English Medium — “intermediary”, original slogan — Don't ask for your privacy. take it back; also in English word medium means "intermediate") - a Russian decentralized Internet provider that provides network access services at no cost.
When, where and why was "Medium" created?
The project was originally conceived as в .
"Medium" was formed in April 2019 as part of the creation of an independent telecommunications environment by providing end users with access to the resources of the Yggdrasil network through the use of Wi-Fi wireless data transmission technology.
Where can I find a complete list of all network points?You can find it in .
What is Yggdrasil and why is Medium using it as its primary transport?
is self-organizing , which has the ability to connect routers both in overlay mode (over the Internet), and directly to each other via a wired or wireless connection.
Yggdrasil is a continuation of the project . The main difference between Yggdrasil and CjDNS is the use of the protocol (spanning tree protocol).
By default, all routers on the network use to transfer data between other participants.
The choice of the Yggdrasil network as the main transport was due to the need to increase the connection speed (until August 2019, Medium used ).
The transition to Yggdrasil also provided the project participants with the opportunity to start deploying a Mesh network with a Full-Mesh topology. This networking is the most effective antidote to censorship.
Debriefing: what rake we have already stepped on
"Experience is the son of difficult mistakes." During the development of "Medium" we managed to solve many problems that arose on our way.
Mistake #1: Public Key Infrastructure
One of the main problems at the time of designing the network was the ability to . The traffic between the operator's router and the client's device was not encrypted in any way, because the main traffic was decrypted directly on the operator's router.
The problem was that anyone could be behind the router - and we really didn’t want this “someone” to be able to listen to everything that clients receive.
Our first mistake was the introduction (PKI).
Through the use of level 7 we got rid of attacks like MITM, but got a new problem - the need to install certificates of root CAs. And certification centers are another extra problem. The key word here is "trust".
Again, you need to trust someone! What if the certificate authority is compromised? As comrade Murphy tells us, sooner or later the certification center will really be compromised. And this is the bitter truth.
We thought about resolving this problem for a long time and eventually came to the conclusion that there is no need to use PKI - it is enough to use .
After making the appropriate adjustments, the topology of the Medium network took the following form:
Mistake #2: Centralized DNS
We needed a domain name system from the very beginning, because cumbersome IPv6 addresses didn’t look very bad - it was inconvenient to use them in hyperlinks, and the lack of a semantic component was a big inconvenience.
We created several root DNS servers that kept a copy of the list located in .
However, the problem of trust has not gone away - the IPv6 address on the DNS server could be changed by its operator in the blink of an eye. With a certain skill - even almost imperceptibly to others.
Since we do not use HTTPS and, in particular, technology , when spoofing the address in DNS, it was possible to carry out an attack by spoofing the IPv6 address of the destination server without any problems.
The decision was not long in coming: we decided to resort to using technology - decentralized DNS.
In a sense, EmerDNS is like a hosts file, where there are records of all known sites. But unlike hosts:
- Each line in EmerDNS can only be modified by its owner, and no one else
- The impossibility of "intervention of God (super-admin)" is ensured by the consensus of the miners
- This file is the same for everyone, which is provided by the blockchain replication mechanism
- A quick search engine is attached to the file
Source:
Mistake #3: Centralizing everything
Initially, the word "Internet" meant nothing more than interconnected networks or network of networks.
Over time, the Internet has ceased to be associated with something academic and has become a more mundane concept, as its influence has spread widely to the lives of ordinary people.
That is, initially the Internet was decentralized. Now it’s hard to call it decentralization, despite the fact that the concept has survived to this day – only the largest traffic exchange nodes are controlled by large companies. Large companies, in turn, are controlled by the state.
But back to our problem - the centralization trend is set by the operators of individual services like social networks, email servers, instant messengers, and so on.
"Medium" in this regard, practically did not differ from the big Internet until now - most of the services were centralized and controlled by individual operators.
Now we have decided to head for complete decentralization so that vital services can continue to work regardless of whether the operator’s central server fails or not.
As an instant messaging system we use . As social networks и . For video hosting .
Of course, most services are still centralized and still controlled by individual operators, but the main thing is that there is a movement towards full decentralization and it is felt by all community members.
Free Internet in Russia starts with you
You can render all possible assistance in establishing a free Internet in Russia today. We have compiled a comprehensive list of how you can help the network:
Tell your friends and colleagues about the Medium network
Share it to this article in social networks or personal blog
Take part in the discussion of technical issues of the Medium network
Create your web service online
Raise your to the Medium network
See also:
Have questions? Join the discussion on Telegram: .
A small gift for those who read to the end
Only registered users can participate in the survey. , you are welcome.
Alternative voting: it is important for us to know the opinion of those who do not have a full account on Habré
-
↑
-
↓
68 users voted. 16 users abstained.
Source: habr.com