How To Break Open The Web


The Internet’s designers and a new generation of hackers are unraveling the knots keeping the web from living up to its original promise.

One of us is writing this piece from an airplane over the Atlantic Ocean. The other is working from his home in California. Not long ago this would have sounded like science fiction. Today it’s becoming routine in a world where we do more and more with amazing digital tools on far-flung networks.

But there’s a catch. We’re doing this on an Internet that is breaking its original promise.

We rarely think about how it works, how our data moves around the Internet. We need to, because this government-created, radically decentralized network of networks, which has spawned so much innovation at the edges, is rapidly being re-centralized. Control is being captured by and corporations and taken away from—or being ceded by—the rest of us.

Network Structures of the InternetIllustration: Sandra Schön

What’s at stake here? In a word, permission. People should not need permission to speak, to assemble, to innovate, to be private, and more. But when governments and corporations control choke points, they also control whether average people can participate fully in society, politics, commerce, and more.

That’s why we spent three days earlier this month in San Francisco with technologists and activists who are determined to re-decentralize or redistribute the web (and by extension, the broader Internet), by returning control and permission to the edges. Hosted by Internet Archivefounder Brewster Kahle, who has called for a “moon shot” to “lock the web open,”the Decentralized Web Summit brought together some of the graybeards who invented it all with millennials who see beyond the boundaries of Facebook. (You can watch the talks and discussions on the Internet Archive’s video player.)

Kahle framed the gathering with three key questions: How can we build a reliable decentralized web? How can we make it more private? And how do we keep it fun and evolving?

No one was more keen to make this happen than Tim Berners-Lee, who invented the World Wide Web and launched the first web page 25 years ago. He had both modest and galactic motives at the start, he recalled in San Francisco, to “make something that worked” and to create a system where “you can do anything you like.”

As Berners-Lee noted, he’d built atop things that already worked, such as the domain name system and TCP/IP. He took what we now call the “cloud” as a given and added, among other things, HTML for display and URLs (these are “names, not places,” he stressed). And then the rest of us built atop his and others’ work, connecting computers and devices that had little in common except their agreement to understand each others’ data. We didn’t have to worry about how data would get from one place to another. It just did.

Fast forward, through the emergence of giant web-centric companies like Google, Facebook, Twitter, and Salesforce. We find ourselves in the silo era. Data and service silos hold what we do—our work, our play, our very thoughts— hostage, even as they provide genuine convenience and value in other ways. Mobile devices exacerbate the problem. Many mobile apps are essentially browsers that work on a single website. Add government and telecom control-freakery to the mix, and it’s all too easy to worry that we may already have lost.


The San Francisco gathering launched with an invitation-only “Builders Day” followed by the official summit. We heard from people like Kahle; Berners-Lee; Vint Cerf, one of the acknowledged “fathers of the Internet,” now chief Internet evangelist at—irony alert?—Google; Van Jacobson, a central player in improving the TCP/IP protocol that is at the heart of the Internet (also now with Google); and Mitchell Baker, who chairs the Mozilla Foundation and corporation, among others. (Note: The authors of this post were not impartial here; we were among the invited participants.)

In her talk early that first morning, Baker offered a few basic design principles for a re-decentralized web:

  1. The web is immediate. This means safe instant access to content through a universal address without needing to install anything else in the browser.
  2. The web is open. Anyone can publish content without permission or barrier to its audience, and provide access as they see fit, without the interference of a third party.
  3. The web is universal. Content runs on any device or platform. We achieve this through standards.
  4. The web has agency. A “user agent,” in developer lingo, can choose how to interpret content provided by a service to you. In other words, you control your browser; for example, you can use ad-blockers.

On “Founders Day,” the participants split into groups to ponder some of these principles, and develop specific proposals for addressing them. Each group tackled a separate topic—online identity, security, governance, risks, standardization—and quickly encountered a set of daunting nuances and complexities.

Consider security, for instance. We’ve seen repeated examples of flawed code leading to horrendous data breaches. Decentralization can lead to more safety if it boosts overall resilience. But when we are running code from any number of services somewhere out there in the cloud, the points of failure expand, too.

Another complication is resistance from incumbent industries that fear disruption. Peer-to-peer computing is at the heart of decentralization, but Hollywood and its copyright-maximalist allies sued some of the mostinnovative startups in that field out of business in recent years.

How would today’s commercial Internet fare on a decentralized or distributed web? That’s impossible to say with any clarity. We can’t just turn on a newly decentralized Internet; it looks more and more like a collection of overlays that, over time, could replace some core technologies. Moreover, userslike using Facebook and Google and Twitter and the rest. As long as they derive what they consider value from the centralized players, it’ll be an uphill battle for decentralization. At the least, some hope, a corporate web will learn to co-exist with a web where people can find value in keeping control of their own data, where they don’t have to head toward the center in order to function at the edge.

Kahle spoke about one tantalizing possibility in the commercial realm. He envisioned an era when creators can use the emerging identity and payment systems to post and make money from what they’ve created—for example, a “WordPress, but decentralized” environment where payments, tips, and donations are part of the technology, where “the First Amendment is baked into the code itself.”

Tim Berners-LeePhoto: Flickr user Internet Archive


Amid the talks and panels, the summit’s participants represented a wave of other ideas that are being tested by innovative startups and research in the decentralized Internet. Among the most intriguing:

  • The Indieweb movement encourages us to reclaim our data and how it’s replicated. What we post on our own sites is reflected into the silos (e.g. Facebook and Twitter); comments and “likes” there are reflected back into our own sites. IndieWeb people are also contributing to the W3C Social Web group. (This article’s co-author, Kevin Marks, is active in this project.)
  • The idea of content-addressability underlying many of these decentralized protocols enables you to retrieve a file based on a verifiable “fingerprint,” and means that you don’t need to go to a specific server or route to fetch it. This means your file can come from someone else’s computer nearby—more quickly, and without going through third parties—or from a flash drive, which makes a big difference in countries where the cost of connectivity is a huge fraction of the average wage. “Interplanetary File System” (IPFS)—a peer-to-peer protocol that enables applications and files to live everywhere, not just on specific services—is real and working, ZeroNet works on the same principle, and the Named Data Networking project, led by Van Jacobson, seeks to retire the TCP/IP protocols in favor of a similar model.
  • In the early web, it was easy to communicate from one personal computer to another on the Internet. That’s gotten a lot more complicated due to the massive growth of devices and limits in the addressing system. New browser standards such as WebRTC and Service Workers are restoring some of the early capabilities, and adding others, in today’s vastly more complex network of networks. Among other advantages, they help us connect to previously non-web systems like Bittorrent and IPFS. For example, by watching videos on, visitors could simultaneously help distribute them to other people watching them, too.
  • Decentralized data hosting services are being built on cryptography in the browser, in projects like MaidSafe, Backfeed, and Dat. They’re creating specialized tools that could have wider uses.

Many of the technologies and projects are complementary, not necessarily competitive. They seem almost modular: a web-like set of technologies building a more dynamic and resilient Internet on top of the existing networks.

Several things will happen as a result of these newer technologies. First, the people creating things on and through the Internet—media, services, etc.—won’t have to store them in (or run them from) centralized servers to ensure that others can find and use them. The users, meanwhile, will still be able to find what they need, but won’t have to go through choke points along the way, or worry as much about content disappearing. New technologies will be able to be substituted in without breaking the larger systems.

Peter Van Garderen, Primavera de Filippi, and Max Ogden at the Decentralize Web SummitPhoto: Flickr user Internet Archive


In recent years, big investors have been looking hard, and launching cash, at decentralized systems, including public key encryption technology and peer-to-peer networks. None is more important, or at least fashionable, than “blockchain”—the technology underlying Bitcoin—which has the potential to create what some call a “web of trust” that spans a wide variety of industries beyond finance.

There’s been some hope in the “let’s decentralize” world that computer code could fix organizational problems and messy politics, ushering a new era of cooperation without the need for top-down, governance-style coordination. So far, the hope is a myth, and it’s been tested during crises. When a bug affected Bitcoin operations in 2013, only agreement among leaders in the Bitcoin community—not simply better code—solved the issue. (In describing the effort to fix the problem, the official reportnotes, with some relief, that “the right people were online and available in IRC or could be contacted directly.”) Likewise, when flaws have been found in key security protocols, it took leadership and human-to-human communications to protect the Internet more widely.

Meanwhile, in the days after the summit, a crisis enveloped one of the key participants, Ethereum, a platform for creating blockchain-based services including currency. The biggest “Decentralized Autonomous Organization” using the platform was found to have a bug that enabled a hacker to move a large amount of its value, some $50 million, into another entity under the hacker’s control. The incident has shown that, so far, anyway, decentralized code won’t fix itself—a sign of the persistent challenge of balancing governance with decentralization.


To get to that future, we have to think and act with our children’s Internet in mind. In a rousing talk, Cory Doctorow, the writer and activist, pleaded with the technology people in the room to make decisions right now that will prevent them from doing damage later on—such as making end-to-end encryption a fundamental design principle, not an add-on. His single slide depicted Ulysses lashed to his ship’s mast, a choice he made so that he wouldn’t be seduced by the sirens’ calls.

Cory DoctorowPhoto: Flickr user Cory Doctorow

“We are, all of us, a mix of short-sighted and long-term,” he said. “We must give each other moral support, literal support to uphold the morals of the decentralized web, by agreeing now on what an open decentralized web is.”

If the effort works, almost no one outside the tech community will notice—except to realize once in awhile, like Louis CK, that they’re sitting in a chair in the sky. Or, as Douglas Adams wrote in 1999:

Another problem with the net is that it’s still “technology,” and “technology,” as the computer scientist Bran Ferren memorably defined it, is “stuff that doesn’t work yet.” We no longer think of chairs as technology, we just think of them as chairs. But there was a time when we hadn’t worked out how many legs chairs should have, how tall they should be, and they would often “crash” when we tried to use them.

When we get technology right, it’s a series of incremental advances that make us notice one day that something like a miracle has occurred. To get there now, we should be aware of how all the parts connect—that it’s not a miracle, but a collaborative if complex project—and make sure that we’re not being fenced in in the process. We’ve come to love the convenience of the centralized web, but we’ve failed to recognize how much we now have to ask permission.

All of us, technically minded or not, need to understand the tradeoffs we’ve been making. Then we need to make decisions. We can accept choke points and lock-in. Or we can look for ways to reclaim control—declining to rely so much on centralized services, and using encryption and the new decentralized tools, such as the already-working IndieWeb, as they become available.

The tradeoffs were part of writing this essay. No explicit permission was required to collaborate so conveniently in—irony alert no. 2—Google Docs. But we were relying on implicit and often obscure rules that can change at any time. Can we have convenience and independence? For everyone’s sake, we’d better.

First appeared at Fast Company