In association with heise online

So what's Unhosted's solution?

"We need to break the one-to-one link between the software publisher who writes a web site (e.g. Google, Inc) and the 'hostage provider' who hosts that web site (e.g. also Google, Inc). If we create a simple grease layer in the form of an open standard between the hosted software and the servers that host it, then this is decoupled.

"As a first step, I'm working on a prototype that I hope to launch in time for Christmas, so that web devs can play with it over the holidays. A web site's code will need to be very Ajaxy first, so that all the servers do is store and serve json data. No server-side processing. Next, we need to switch from transport-layer encryption to client-side payload encryption, because we no longer necessarily trust the server we're talking to. Then we need a bit of code-signing, to know we can trust everything that is running in our browser, and we're done. The user will have the same experience (except for a one-off plug-in-prompt), but the web site is unhosted in the sense that the servers you talk to only see encrypted data and don't even know which application you are running."

That code is now available as an alpha release on GitHub. The key idea is that the apps run locally, with encrypted data stored in the cloud on “dumb” servers.

Whereas a hosted web site provides both processing and storage, an unhosted web site only hosts its source code (or merely a bootloader). As one of the people behind Unhosted, Michiel de Jong, explained to me, in practice it will work like this:

"Someone who runs an unhosted node, provides for the users that are his customers. He knows exactly who every one of them is, although he cannot see the content of their data packets (but he can see the existence of them). So it's like hosting a mail server that hosts PGP-encrypted emails. Or like your ISP watching your https traffic. If the provider of an unhosted-node receives a search warrant, then he would give up the IP address of the person behind the account. So it's not a darknet. This is on purpose. Unhosted is about fighting monopolies, and we don't want the confusion with anonymity networks, for which services already exist.

As far as the end-user is concerned, if a hosted web site is converted to unhosted, he should not notice the difference and will need to take no action; the developers felt it vital that end-user usability should not be compromised. And as Moglen predicted, all this can be done "using existing stuff":

As for the people behind the project, 'Unhosted' is the brainchild of Kenny Bentley and Michiel de Jong. Kenny was the original programmer of Tuenti, an invitation-only social network that became this decade's most successful Spanish start-up before being sold to Telefonica this summer. He and Michiel met at Tuenti, and founded an altruistic project that aims to stop the big companies that dominate the web today. To cut living expenses while working on the project full time, Michiel moved to Bali, from where he works with nothing more than a backpack, a laptop, and the flaky Wi-Fi connections of Bali's beach bars.

Their hopes are pretty ambitious: if their infrastructure can become the support for apps such as Diaspora, federated social web, vendor relationship management, Bitcoin, and so forth, open source will be as successful in the service area as it is in installed software. And this would "help keep Google, Facebook and Apple in check, so they compete on merit only."

Given its generally centralized nature web search would be challenging. However, there is already an interesting open source decentralized search engine project called YaCy. Anybody can use this to create a search portal either for an intranet or the public web. It is fully decentralized and nobody should be able to censor the index.

That just leaves us to find some kind of decentralized payment system to replace credit cards and PayPal; how about this?

Bitcoin is a peer-to-peer digital currency. Peer-to-peer (P2P) means that there is no central authority to issue new money or keep track of transactions. Instead, these tasks are managed collectively by the nodes of the network.


  • Bitcoins can be sent easily through the Internet, without having to trust middlemen.
  • Transactions are designed to be irreversible.
  • Be safe from instability caused by fractional reserve banking and central banks. The limited inflation of the Bitcoin system’s money supply is distributed evenly (by CPU power) throughout the network, not monopolised by banks.
  • Bitcoin is an open source project currently in beta development stage.

One of the (minor) problems with open source is that many of the “obvious” categories of software are already overpopulated, making it hard for a new hacker to make his or her mark. However, the recent travails of WikiLeaks alert us to the crucial importance of a new class of free software: Web services using a completely decentralised approach. As this article has shown, there are already some promising projects starting to explore this domain: so what are you waiting for?

Follow me @glynmoody on Twitter or For other feature articles by Glyn Moody, please see the archive.

Print Version | Permalink:
  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit