Hacker News new | past | comments | ask | show | jobs | submit login
The Blockstack Browser: A Gateway to a New, Decentralized Internet (blockstack.org)
378 points by adunk on May 23, 2017 | hide | past | web | favorite | 159 comments

Unless I can unplug the WAN connection on my router and connect to your product instead, keep in mind that you haven't invented the next internet. You might be able to decentralize the worldwide web of HTML pages and hyperlinks, or invent another protocol that can be encapsulated in TCP/IP packets and ethernet frames, but the internet (the graph of inter-connected networks that speak common protocols) is still a fundamental requirement for your product, and the metadata associated with those stacks is still very real and trackable.

To that point as well, the internet already "works how real life works." Sick of Company X and the way their business treats employees? Shop elsewhere, remembering that it won't be as convenient with fewer choices. Sick of Google tracking the websites you visit? Use a search engine that doesn't track you, remembering that they probably can't pay as much for great engineers.

It's Conway's Law. We are largely constrained to create systems (including the internet) that mirror the organizational structure we're a part of. Yes, we can evolve and revolutionize occasionally, but it will always mirror "real life" because they will always influence each other.

> Sick of Company X and the way their business treats employees? Shop elsewhere, remembering that it won't be as convenient with fewer choices. Sick of Google tracking the websites you visit? Use a search engine that doesn't track you, remembering that they probably can't pay as much for great engineers.

Hard sell. There's a reason why the government has laws against monopolies. Especially when it comes to the internet, consumers tend to choose the best/fastest product over the most ethical one.

I don't know, the alternatives are getting better. Maybe not consumer grade, but usable, especially for a developer. For the past few years I've made a reasonable effort to use ethical software as long as it doesn't make my job too hard, and here are the results:

- Ubuntu is my daily driver OS, with Windows getting booted once in a blue moon to play some games

- Firefox for 80% of my browsing (the other 20% is Chromium on a Chromebook, which seems to run faster than FF even in an Ubuntu chroot with crouton)

- Thunderbird and a plain ol' IMAP mail server for email

- Maybe half of my messaging has moved to Signal

- Searx.me for web searches, sure I'm using the Google results more often than not, but at least my queries are anonymized, and switching to other providers is easy

I started a business on a very boring, conventional tech stack that gets a lot of hate on HN--PHP and WordPress--but it's a free and ethical stack, and I sleep better at night because of that. I gave our latest hire most of the same desktop software I use, and so far no major problems.

I'll grant you that the UI of some of this software is a little creaky, but I get by, and overall I'd say most of the nasty bugs we have to deal with in our toolkit are in closed source SaaS stuff.

Some notable unethical holdouts include occasional Skype/Hangouts calls, Slack, Google Docs, and Dropbox. Also a bunch of small-time SaaS products. But give me time.

> a very boring, conventional tech stack that gets a lot of hate on HN--PHP and WordPress--but it's a free and ethical stack

That's not exactly a unique feature of this stack. Most web stacks are free and open source.

Why do you consider "small-time SaaS products" as "unethical", if I may ask? They may be "potentially unethical" since you don't know exactly what they are doing with your data, but it's not for certain.

he said a "bunch of small-time SaaS products", not all of them.

This is a deliberate oversimplification, but in order of most to least concerning, these are flags which get raised in my brain most often. If they get raised then I consider the company's ethics questionable and when time permits we evaluate alternatives.

- The company supports or enables injustice or human rights violations - The company collects a lot of personal information and does creepy or obscure stuff with it - The company does not release the source of its products

Virtually all SaaS gets dinged because of #3, and in a perfect world we'd somehow replace them all with self-hosted, open source alternatives, but that's a tall order.

I'm not a zealot about any of this, I just make sure I set aside a little time aside every quarter to evaluate ethical alternatives. Legitimately "doing no evil" is absolutely a benefit I'll pay money for.

So are you hosting your own IMAP server? If so, have you any problems with your emails being filtered out as spam?

EDIT: Bit of a brain-fart. IMAP is just a client of a mail server. So to rephrase my question - what mail server do you use?

This reminds me of that "hackproof" box BBC reviewed that was a Raspberry Pi that couldn't update itself.

Also, having run an email startup in London, patching and anti-spam at almost any scale is nontrivial.

For personal mailboxes we're running exim on a managed VPS with a dedicated IP at a small hosting company. They have very diligent customer support and appear to keep their IP allocation clean, as we've never had problems with our emails being filtered as flagged as spam. They generally handle patching and configuration when we ask them to, or assist us when we want to do it ourselves.

For volume mailing we use ESPs like Mailgun and Sendgrid. Occasional deliverability problems are a fact of life at those.

Yeah, that's a good point. The funny part is that it's the very consumer choice we champion that eventually leads to a total lack of consumer choice. We choose the best, they're rewarded, they dominate, choice disappears, they're free to stagnate without repercussion.

It's a feedback effect of consumer choice with corporate oligopolization and monocultural cost-optimization.

Popular, easy and cheap wins most of the time, even if it hides deferred costs like terrible security and engineering choices.

Combatting this, though, seems to be one of the fundamental problems with combatting corruption. If there is a bottleneck in value, then the controllers of that value can demand something of greater aggregate value in exchange for access to it.

Dunno about this. Duckduckgo has become my default search engine at this point for ethical reasons. I just bought a new Linux laptop to replace my surface, and have just about severed all ties with MS/Apple junk at this point.

Outside of programmers, I don't know anyone who takes the time to do this. Be careful of the Malkovich Bias--the assumption that most people who use the internet use it like you do. Most people don't give a second thought to Google and Facebook selling their data... or in insert most countries in the world their government watching and censoring them.

> Unless I can unplug the WAN connection on my router and connect to your product instead, keep in mind that you haven't invented the next internet.

I realize this isn't exactly what you're talking about, but it is indeed possible to unplug your WAN connection and plug something else in instead. Amateur radio operators do this amazing and fun thing with self-discovering, self-linking mesh networks. Great fun to learn and explore!

A good starting point: http://www.broadband-hamnet.org/

HSMM-MESH is cool, really really cool, and people should definitely go check it out, but to quote the website you've linked:

  it is NOT a replacement for your home internet connection
    being an Amateur Radio network, it can only carry traffic that is allowed under FCC Part 97 rules
    several types of internet traffic violate these rules
  also, it is NOT a replacement for your home internet connection
  finally, it is N O T a replacement for your home internet connection
  and by the way, it most certainly CANNOT be used in any way with your business network
I understand much of the traffic you'd usually send over the internet is not permissible over broadband hamnet.

Anything of a commercial nature, yes. You can still discuss, talk, etc. about anything else. If you're going to use a mode of communication so drastically different and with completely different content rules, most of your traffic will necessarily fall in those rules. Just don't expect to put up a blog with AdWords about how to run a startup. :-p

Wouldn't any end-to-end encrypted traffic, regardless of the commercial/non-commercial nature, be illegal?

Yes, the content of any message must be clear to any external observer.

Four years ago, Moxie Marlinspike offered a good explanation of why this "vote with your feet" approach doesn't really work, at DEFCON 18. His talk is called "Changing Threats to Privacy" and I highly recommend watching it: https://www.youtube.com/watch?v=DoeNbZlxfUM

If you're impatient, you can skip the first 10 minutes and 40 seconds: https://www.youtube.com/watch?v=DoeNbZlxfUM#t=10m40s

This almost assures some quite terrible conclusions in the long-term:

When it becomes technologically possible to interface electronics into our brains, corporations will have almost unprecedented opportunities to do some really terrible things directly when the world becomes socially-pressured to be neurally-connected.

I say "almost" because the manufacturing of consent and desires exist now and it is popularly believed to "apply other people but never me," a direct connection has the potential to make this manipulation cheaper and stimulate the brain in ways a glowing screen looks like banging rocks together.

https://youtu.be/IFe9wiDfb0E And I'll add this text just to say this is very relevant to what you said and not just a drive-by spam drop.

Muneeb from Blockstack here. We're not reinventing anything at/below TCP/IP. That stack works fairly well and can function in a decentralized way.

We are replacing things above TCP/IP like DNS, Certificate Authorities (CAs), how data is discovered, data silos, and dependence on remote servers for running your apps.

http://blockstack.org/whitepaper.pdf has more details.

>Sick of Google tracking the websites you visit? Use a search engine that doesn't track you....

I do use alternative search engines; however, look at the traffic on just about any website and you'll see Google ip traffic spewing in all directions. I'm quite confident that tracking still occurs, regardless of how I get from one site to the other. This can be locked down a bit, but not 100% and not without effort and maintenance.

I think your right on about google tracking. you visit a website and they're probably using google analytics or google ads somewhere, or it's a 3rd party feeding data to some form of google ad network.

Globally block all the Google scripts that are running

I use Baidu. Works well enough.

Baidu is good if you like having Beijing filter your results. I just did a baidu search for "tiananmen square" and the top answers all said "Tiananmen massacre a myth".

Lol you think google doesn't do that as well?

It's all fake news. /s

>Sick of Google tracking the websites you visit? Use a search engine that doesn't track you...

You have fundamentally misunderstood how Google tracks your visits. If website uses AdSense, they track you, if website uses Google Analytics, they track you, or Google fonts or scripts or what ever, they track you.

This means that the problem is much larger and the solution is not very simple.

I don't think it's that hard, just email the people at http://viewdns.info/reversewhois/?q=dns-admin%40google.com for the full list of Google's domains and add it to a domain blacklist. Then you won't send any data to Google at all. It might break some sites, but sites are broken all the time...

I'm very much aware of all the free tools provided by large companies that just end up reporting back to Google, Facebook, etc.

There are ways to prevent those requests, however. Install a chrome extension to block all adsense & analytics requests, fonts, etc. Black hole their IP addresses or DNS. There are plenty of concerted efforts to improve anonymity despite these issues (e.g. the TOR browser).

There are varying costs to these approaches but it's not impossible, or even that hard if you trust the Tor team more than Google.

I'm not saying there aren't additional avenues worth investigating, but that you nearly always have to decide how much efficiency/cost you're willing to pay for anonymity.

Then your statement is even worse because you knew that the issue is deeper but still went with over simplified false premise.

They can tell that a particular IP sent a request to their servers, but they can't correlate different requests to the same underlying entity without cookies. Simply saying "they track you" is misleading.

I guess this was about scripts and fonts (because others are obvious cases).

I did a test, beside IP address also User-Agent, Accept-Language and Referer headers were sent.

Perhaps not good for very precise finger printing but still more that you claimed and can be cross correlated with other requests with more precise information.

Google has claimed that they do not use this cases for tracking. One can believe this statement, or one can prefer to not do.

How can you cross-correlate them? Most people are viewing the internet from behind a NAT, so there isn't a one-to-one mapping between IP address and person.

Pretty much all of those fingerprints require the ability to run javascript on the client side. Getting static content from Google doesn't allow them to do any real fingerprinting. Obviously, if you're executing arbitrary code provided by Google, they will be able to track you pretty much always.

You cross correlate IP address and request header parameters (such as user agent, language etc) with previous requests (or future requests) with the same configuration but with known identity.

It does not give you perfect match but is much more precise than just the IP address and with limited number of users would be probably sufficient to distinguish different users behind single IP address.

I think you're overestimating the entropy of the request header parameters (assuming no cookies). How are they going to distinguish me from all the other English-speaking Windows users using Chrome? True, it is better than nothing, but I'm not sure what you could do with such low quality tracking data. You might be able to do something with that, but I can't think of any possible way to use that to violate my privacy.

To clarify it further, for the case I described, I did not assume a user that actively tries to suppress the signal to Google, but assumed a user that only does not visit Google search (or any other its services).

I then assumed that at certain moment this user can be uniquely identified (by AdSense, Analytics etc).

Then accesses to pages without active tracking but with links to Google fonts or other passive API can be still identified with high confidence given the access happens from the same network.

I do not know if such extra signal is interesting for Google, but it can be acquired. Also mind you that using an ad blocker is also a signal and can be assumed from the access pattern.

The same logic applies also to an user who uses ad blocking but still uses limited Google services.

Again I do not know how much Google finds this kind of signal interesting but it is possible to collect it.

You're overthinking this. Blockstack is just throwing out features that the indigent will purchase shares in during an 'ico' the validity of the claims don't matter. This is what blockchains are for.

> To that point as well, the internet already "works how real life works."

Power corrupts, and absolute power corrupts absolutely? Or did you mean, you can fool some of the people all of the time, and all of the people some of the time, but you can't fool all of the people all of the time ...

> you can fool some of the people all of the time, and all of the people some of the time, but you can't fool all of the people all of the time

This saying needs a caveat - sometimes, you can fool all of the people for enough time to complete your evil scheme.

You version also needs a caveat.

It's more like: "You can fool enough of the people for enough of the time to complete your evil scheme".

Goldman Sachs. More times than I can know or count.

>Unless I can unplug the WAN connection on my router and connect to your product instead, keep in mind that you haven't invented the next internet.

My thoughts exactly. A truly new internet would require new pipes, not just another protocol layer.

I don't follow your argument. You are saying that because we have nearly a tree structure within the workplace, the Internet will approximately have nearly tree structure?

Seems that it's just a matter if the most efficient structure being this way for both cases rather than us mimicking the workplace in the structuring of the Internet.

This actually isn't true; you can invent organizations of the imagination and mirror those. This "imagination driven programming" is actually quite dangerous and tends to devolve into state secrets and so on since you are solving the problems created by people who "don't exist" but may in fact have lives that are SURPRISINGLY SIMILAR to the lives of people who are doing jobs that are better kept secret.

So you can get around the law...but only by risking the integration of something that should be kept secret into the organizational structure...which makes its way into your system. Most people aren't willing to cross that threshold.

So Conway's law is true for most people, just not all.

If you want to think about it from the adversarial point of view, you can say that all programs are designed to transform or destroy organizations; programs mirror organizational structures because people want to determine the "resonant frequency" of an organization and understand its "social vulnerabilities" in much the same way a physical structure has structural vulnerabilities.

One person or AI can do such "imagination driven programming" to mirror any organisation. so i guess organisation of n people can also mirror any organization they want, if that organization is more complex than theirs. Organization can also use some kind of obfuscator to change program structure to not mirror their organization and also mirror less complex organizations.

I don't understand how this is dangerous. can you please give an example? I guess if you mimic more complex organization it may be dangerous.

"Javascript Required." "Oh snap! Your browser doesn't support Javascript."

I have seen so many of these Javascript-only "websites" posted on HN I am wondering is this coming from some web development template? How difficult is it to have a page with text for those not using Javascript? Something like

  <html class=nojs>
  <p>This website was designed for browsers that run Javascript.  Are you using one?  Here are some examples of browsers that work well with our website: browser1, browser2, etc.  Alternatively, a no-JS version of the website is available <a href=https://blockstack-site-api.herokuapp.com/v1/blog-rss>here</a>.</p>
There are of course other ways to do this. The point is that it can be done and is not difficult.

For those not using or with Javascript disabled:


And a blog

   curl -o 1.htm https://blockstack-site-api.herokuapp.com/v1/blog-rss
   tr -cd '\12\40-\176' < 1.htm > 2.htm
   xyz 2.htm
where xyz is some program that displays html or rss.

<noscript> is what you're looking for. It has been supported since Firefox v1.


There are a bunch of very popular web development frameworks where pretty much all the functionality comes from the javascript. Angular and React are some of the better known ones.

I can sorta kinda understand that you would use something like that for a rich web application, but this is literally a blog post. It doesn't get any more static than that.

one of react's differentiating qualities is that it can render the entire page on the back-end, so there's no reason for the page to fail if the user does not run javascript.

Whilst this is often true, not all React code will render server side. You need to take care to make sure your React code stays isomorphic, which usually lasts right up to the point you discover some third party React component you reused would require significant rewriting to support server side rendering. That's how my personal projects usually end up anyway!

It's not difficult at all, but is either overlooked or left out on purpose so you can't read the article without them tracking you. For sites that have active developers and cashflow, it's always the latter.

"The internet is broken. It has been for a while" is the first words of the article you cannot read because of Javascriptosis. Quite ironic.

Haha. Added this commentary to the https://github.com/globalcitizen/taoup fortune database in the section 'randoms on change'.

I'd argue Javascript has largely 'un-broken' the Web. It transformed it from a static, pageload-based medium to something far more dynamic.

I hope this dies in its current form because:

0. It's self-promoting a panacea "fix" as a product at the wrong level of abstraction.

1. Protocols and standards exist for interoperability.

2. Tries to rebuild everything (supply- and demand-sides) while fixing very little.

Fix what's here and now for the benefit of everyone with a migration path, not for the benefit of a few in a temporary, constrained, arbitrary way divides people similarly to the way Facebook tried to foist another internet onto the third-world.

It's an open-source project with 4 years of research and development behind it. The architecture implemented here is actually inspired by David Clark (Chief Protocol Architect of the internet) and his new design principle, called trust-to-trust design, that aims to fix critical security issues with the current design of the internet.

I agree that rebuilding everything is hard and that's why we reuse not only TCP/IP and everything below TCP/IP in the stack, but we also reuse existing infrastructure in a decentralized way.

We've already built this stack and have been running it in production for 3+ years. Please see our peer-reviewed research papers and our whitepaper at http://blockstack.org/papers for more details. Happy to answer any questions!

Oh, bummer, I thought this was some sort of like, "turn your wifi router into a mesh network connector" thing.

I don't really know much about blockchain, but I know to access whatever this is, I still have to pay Comcast 50 bucks a month for the right to use their "tubes."

My hope is for low orbit satelite internet to really become a thing. Putting pressure on monopolies to lower prices to compete and giving you at least another option for an ISP.

Bob Kahn, not TBL, is the other "father of the internet".

> Today we are proud to announce the Blockstack browser, which allows developers everywhere to access a whole new internet.

reminded me of then-Senator Ted Stevens' take on net neutrality

> Ten movies streaming across that, that Internet, and what happens to your own personal Internet? I just the other day got... an Internet was sent by my staff at 10 o'clock in the morning on Friday. I got it yesterday [Tuesday]. Why? Because it got tangled up with all these things going on the Internet commercially.

In other words, what a load of hot air! Looking forward to their $50M seed round.

Muneeb from Blockstack here. Yep, many people like Bob Kahn, Vint Cerf, David Clark, Tim Berners-Lee and others helped build the various components of what we today know as the internet.

I'd highly recommend looking at our peer-reviewed research papers at http://blockstack.org/papers. We've been obsessed with performance and scalability and 3-4 years of research, engineering, and hard work went into this.

We already have enough money and are grateful for having investors like Union Square Ventures, Naval Ravikant, Y Combinator, SV Angel, Lux Capital, and others who share our vision. Building a truly decentralized internet will take years/decades and we're looking forward to growing our open-source community that can take on this grand challenge.

Not sure which "we" you're talking about, but most folks you want to be excited about this know the difference between www and the internet, and some even have strong opinions: https://softwareengineering.stackexchange.com/questions/1917...

Thanks for the link! This kind of project is really exciting, so I'm sorry if the nitpicking detracts any from your awesome aspirations :-)

I remembered the "series of tubes" comment but never heard this part:

I just the other day got... an Internet was sent by my staff at 10 o'clock in the morning on Friday. I got it yesterday

I had to go back to listen to the original. Man what a trip.

[1] https://www.youtube.com/watch?v=f99PcP0aFNE

Reminds me of an old classic, the then-Minister for Communications in Australia back in 2010.


(misinformed)People tend to conflate the Internet and the World Wide Web

> Developers can build apps on this new internet by downloading the Blockstack Mac or Linux app (Windows coming soon) and by using nothing more than your existing Chrome or Safari browsers.

Why Chrome and not Firefox? In their context, the later makes way more sense.

Support the decentralized internet by using the products of a company currently trying to centralize the internet!

And being open source friendly, proposing using closed browsers...

I welcome the ideas of Blockstack but the implementation with Chrome and Safari is obviously a big mistake. I will not even try it since the ideas of Blockstack on one hand and Google and Apple on the other hand are not compatible.

Larry from Blockstack here. It works on whichever browser is your default browser and soon all of your browsers. Nothing is Chrome (or Safari!) specific! If you have a problem using Blockstack with your favorite browser, we'd love to know about it so that we can fix it! Sorry about the confusion!

Thanks, then I guess there was no point in singling out Chrome and Safari in the article.

Wouldn't surprise me if they never test in non-WebKit browsers, seems common these days.

Looks like it now says "Chrome or Safari or Firefox"

Wait, so does this mean anybody who wants to run this project needs a copy of the whole internet on their machine? Or connect to someone who has a whole copy of the internet?

Regular bitcoin only deals with tiny transactions and already it takes days to download its blockchain on an older DSL link.

Also, how is this better than just, you know, running your own website? Is that too Web 1.0 for today's hip youth? How much aggregate computer power is necessary to deliver one page in this system? How about 10 years from now when it has petabytes of data to deliver?

No, you don't need the whole internet.

You can't run application code with just pure HTML. The processing code has to run somewhere. Blockstack runs it using Javascript in your browser, and with bring your own storage.

Only naming (identity) is pegged to Bitcoin, blockstack has a virtual blockchain on top of this which has functionality akin to DNS (and CA). That DNS can point to your storage, so you can have things on Dropbox or Amazon S3 or wherever.

So it scales pretty well, you don't download what you're not interested it. It will work with a lot of infrastructre/services that exist, but you can cut out a lot of middle men.

You could host your application code on your Amazon S3. But when a user runs it, the app can store private data in THEIR chosen storage. And if you have public data, that could be either stored with their chosen storage without encryption (only signature) so it is public, or indeed you could store it in your application storage.

How does this free you from corporate masters then? Is this to prevent governments from seizing your DNS when they can't get access to the hosting?

But you see, this is better because it has... blockchain.

Don't worry, the internet comes in a small box, just make sure you don't drop the box [0]

[0]: https://www.youtube.com/watch?v=iDbyYGrswtg

Google Aubrie Herbalot How small is the internet really?

I'm not getting any relevant results for that

See? That's how small it is.

There are great many explorations on a decentralized protocols (this, Zeronet, IPFS, urbit) but I don't see many infrastructure related projects that we can play with today. Anyone can knows of hardware stack that enables fault-tolerant meshnets?

I know about this project in my neighborhood: https://oaklandnorth.net/2013/11/27/mesh-network-offers-pote...

That's really cool! I wonder if there are other projects like that elsewhere in the Bay Area

I'd love to see an implementation that uses "parasitic storage". There seem to be enough free places to post content now that it would be workable, especially if you thought broader than just things like Google drive. Throw in free blogging platforms, pastebins, free email + attachments, etc, and a bit of PKI (obfuscate) + redundant copies.

That would allow for real world use without having to rely on things like "pinning".

Couple years ago, a couple friends and I threw together something like that.

GPG encrypted messages with a huge list of fallbacks where messages got stored. (Pastes, private subreddit, Facebook via RSS).

The code was truly awful, but the premise was we just needed each others public keys, and all was good. (Killed the project when one of us lost their private key, and we realized hardcoding the public keys had been a terrible idea).

I don't think I have the code anymore, but shouldn't be much more than a weekend project if you stick with text only.

Blockstack 'Gaia' is a bit like that. But more focused on the actual storage services like Google Drive / S3 / Dropbox. Mentioned in the whitepaper: https://blockstack.org/papers

At my university there is ongoing research into a next-generation internet architecture: https://www.scion-architecture.net/

Once again, a manifesto on the landing page that explains nothing about what is actually being proposed.

Please link to summaries of what has been done, why, and where it's going.

(On the face of it, a "blockchain" seems like a god-awful fundament for a distributed net, compared to e.g. IPFS.)

I stopped skimming this at "If you are not an engineer at Google or Facebook, it's hard for you to innovate."

I don't get it. I browsed the web site and didn't find an About Us page. Is this a browser? Is this a platform to build applications on top of? I initially thought IPFS and BitCoin but not sure what to make of the product. What is being presented is not summarized in a clear manner to me.

This works using the bitcoin blockchain and is a great example regarding the usefulness of blockchains.

I mention this because in the previous threads regarding crypto currencies, people were asking for some value-creation technologies based on blockchains (other than speculation and money laundering)

> This works using the bitcoin blockchain and is a great example regarding the usefulness of blockchains.

Is it? I thought you didn't do anything on the bitcoin chain without value changing hands.

Is there some kind of high-level overview available for those of us who are totally unfamiliar with the inner workings of blockchains, and would nonetheless like to gain a firm enough grasp to understand what Blockstack actually offers? I'd love to read such a thing, but haven't yet found it on the Blockstack site.

Indeed, in order to have something stored in the blockchain, you have to make a transaction, which incurs costs. However, reading the blockchain is free (once you exclude network traffic costs and electricity).

This is an overview of how blockstack works: https://blockstack.org/docs/how-blockstack-works

This is a description regarding the transaction fees on the bitcoin blockchain: https://en.bitcoin.it/wiki/Transaction_fees

Here are some real time stats regarding the costs/byte of info to be stored in the blockchain (in satoshis - 1 USD is approx 45k satoshis at today's BTC price)

Still struggling to wrap my head around this, mostly trying to make sense of:


This is DNS on top of the blockchain right?

Though where it deviates some is:

"Even though only data record hashes are stored in blockchain transactions, we can use them to verify the authenticity and integrity of the data itself once we get it. For example, you can host your data in S3, and other peers can verify your data by first obtaining the hash from Blockstack DNS and then checking it against your data's hash."

So functionally what this is solving is (I'm asking here):

- Nobody can take your domain away b/c they don't have the keys, so stuff like domain sniping, ISP interference, Government seizure, etc. are less likely (notwithstanding https://xkcd.com/538/)

- Every piece of data is checksummed so you can (and maybe this is what the Blockstack browsers are doing) verify that it hasn't been tampered with ala MITM.

But even with that, I'm still unclear on just what's the right way to think about this. Like if I setup a new web site on a domain, would I also enter in every file on the page as a separate 'data record hash'?

in my view, this is where all the blockchain ideas break down. once you require a central party holding the data for the service, its no longer decentralized. theres a reason the bitcoin blockchain is slow, expensive and hard to use. All of its weaknesses are sacrifices the users make in order to obtain decentralized uncensored internet money.

No. The data record hash is only about your zone file. The zone file is just like DNS. It can point to different things. So say you point 'profile' to 'mywebsite.com/myprofile.json', and then in your profile you can update things about yourself independently. Just make sure to always attach a signature to it, so people can verify that you actually did that.

Here's a profile: https://blockstack.s3.amazonaws.com/muneeb.id

Here's how a simple zone file looks (from https://onename.com/muneeb.json):

  $ORIGIN muneeb.id
  $TTL 3600
  _http._tcp IN URI 10 1 "https://blockstack.s3.amazonaws.com/muneeb.id"

We have a decentralized storage system, called Gaia, and you publish the files there. This gives you performance and reliability comparable to cloud computing.

Only the domain registrations hit the blockchain and it's a one-time operation (just like buying a domain name for your website or app).

How is this different than using Mist? (https://github.com/ethereum/mist)

Is it another Silicon Valley promo just like that machine learning compression a couple of days ago?

Is this like ZeroNet? Does anyone knows the difference?

ZeroNet executes arbitrary javascript from anonymous/unknown sources. I hope this one does not.

Isn't it your browser that executes the javascript? Just like the normal web?

From what I remember, ZeroNet ran in whatever browser you used to access it.

In the normal web if you browse a well known site there's a degree of trust that the site is not serving malware to you.

That's why is good to use a dedicated device/OS user or at least browser profile to access your bank and doing random browsing.

This is what I was going to ask. It looks very similar and operates (to user at least) the same way. I wonder if they could support each other by making the sites accessible from either service.

Can you provide some more precise examples of the things this tech would prevent, and how it would prevent them? From an outsider's perspective, it seems like google or whomever could always add an extra layer of junk to any underlying technology to bring it back exactly to where we are now, but just less efficiently.

> Imagine a world where people don't have property rights. In this world, you cannot own a house, and all your belongings are kept in a storage facility owned by a few corporations. And in this world, walking into any store or theater implies that you disclose all your personal information, places you've been, other things you've bought to the business owners. You are tracked 24/7, your belongings are stolen from storage facilities, and you can't do anything about it.

Since it's done to curb terrorism and protect children from predators, isn't this what most people want? I mean, I personally would rather shoot myself than live like that, but I'm not most people. I seem to recall that the UK's internet censorship bill (or whatever exactly it was, someone correct me please) has majority voter support.

Skimmed that whole page, and now feel that I understand even less what it is than when I started.

So, it's like a Smoodie?

This is really good proof of concept project. Blockchain is super exciting and I share your enthusiasm. Problems it solves are real.

I kind of feel it will not take off, no windows support etc, but you never know, if anything is hot these days, it is blockchain solutions.

it costs an average of 0.025 btc (~$60 US) to register a name which seems suspiciously expensive for something this new. Has anyone gone through the process of registering an Id and building an app yet? I would love to hear some unbiased feed back

You're burning that money. Noone gets it. If it costs 0.025 btc you're trying to register a very short name. Try a longer one, it's a lot cheaper.

I've registered an ID. I did it through onename.com which pays the registration fee for you (as a way to get more people into it, it won't stay that way).

Read the blockstack papers, they're the best info around and makes everything clearer. It is a bit hard to wrap heads around. I've been trying to unsuccessfully explain it many times, there's so many good ideas and so much potential there!

(I'm unaffiliated btw, but have been following the project for a long time)

It's taken hours so far to complete the registration. Transferring BTC to the Blockstack wallet first. Now waiting on the name registration to complete.

Edit: transitorykris.id is now registered.. but doesn't appear linked to my keys.

I am an app developer. Why do I choose to do my app on BlockStack? I get that as a user i want to control my data, but who are these people who want to make apps on it?

If I knew how, I would, because as a developer I want my users to control their data.

Larry from Blockstack here.

Yes! Users should be in control of their data and Blockstack enables this. There are also practical advantages for developers.

User control of data means you don't have to have the responsibility and cost that comes along with storing other people's information. With lots of user data, you're a valuable target for hackers and governments. It also frees you from maintaining expensive backend infrastructure and devops. This lets your app scale without a huge bill from your favorite cloud infrastructure provider.

How about Walmart's automated supply chain. Who are the users, why do they benefit from controlling their data? Why does Walmart want to build on some future incarnation of this?

has anybody here actually tried to get it to work by following the installation instructions? I've been unsuccessful so far. I tried to install it using the given shell script but it fails. I tried to install it using the manual installation steps but this also fails. It cant find the necessary installation files.

What's getting stored in a blockchain?

See https://blockstack.org/blog/blockstack-whitepaper-part-1:

"Blockstack binds (human-readable) domains to public keys to establish ownership of domains. These domains have associated data records as well. These small bindings are stored on the blockchain and are tamper resistant. The actual payload from the data records is stored outside of the blockchain because blockchains have limited storage space and are not meant to be used as general-purpose databases."

How is this different than:


Blockstack project originally ran on namecoin. But it is not a secure blockchain.

Also, it stores much data in the blockchain, so it has scaling problems. Blockstack stores the zone file data in its own Atlas (DHT-inspired) network, and the zone files point to where the actual application-level data is stored.

Blockstack can work on top of any blockchain, so if Bitcoin is not the most secure anymore, it could be moved. Separating into different layers allows scaling and resiliency. And you don't have to run a blockchain, which is good, because that already exists.

....and then $NATION_STATE puts enough nodes on the network to execute a 51% attack, and we're back where we started.

Basing anything on proof-of-work puts you in a perpetual race to control more compute than your adversaries.

I am wondering how this compares with TBL's Solid. Also IPFS, like is this a rival, or something that could run on IPFS, or what. Also, could you access this with tor?

I do not know of Solid. But IPFS is a storage layer, so you can use IPFS as part of Blockstack. It is even normally mentioned in the architecture diagrams. Have a look at the picture down on the page here: https://blockstack.org/intro

Where it says "storage layer" it has things like Dropbox and S3, in some versions of the picture it also has IPFS. This is up to the user. As long as you can fetch it, it can be used. Usually that would mean you'd have to use HTTP, but it depends on the browser you're running.

You can also read about 'Gaia' (where it uses storage as Dropbox/S3 as 'dumb harddrives' where it can dump encrypted blobs on) in the whitepaper: https://blockstack.org/whitepaper.pdf

It's not a particularly good sign that the gateway to this "gateway", as it were, doesn't like you not having JS enabled.

I like the idea of storing data and apps locally!

So do I...

Lets take a fun game. How about all of Atari 2600?


Ok.. This is remote, across all the machines that have that IPFS hash. In other words, its not local.

(in console) ipfs pin add QmacAqRVhJX9eS7YJX1vY3ifFKF9CduDqPEgaCUSa4x5xb

Now its local!

Or lets do something more than a game... How about Node-Red in browser(PageNodes)?


EDIT: I had the point in my head, but didn't put it down here. In other words, we already have this technology, and not using buzzword-bingo like "Its the interwebz but with blockchains!". These links are direct proof that it not only exists, but is working right now.

And in reality, making a type of blockchain in IPFS would not be hard. It's an immutable data structure, with append-only characteristics.

And, I also am partial to IPFS, primarily because it feels like a proper IETF-internet scale project. ZeroNET looks prettier, but.. throw away. Again, some subjective feel there, but IPFS feels elegant.

I've been partial to IPFS since I first learn of it but I know there's a few competitors in this space. Is there anywhere with some comparisons of the technology and maybe popularity (since the more people, the more robust the network) of these projects?.

Well.. I know of a few. ZeroNET, Maidsafe (kind of), this project. There's also some DRM encrusted version kind of like this. I forget their name. But they wanted a pay-gateway. EDIT: found it. Called "LBRY" (I'm absolutely not impressed.. https://lbry.io/ )

Primarily, I see ZeroNET as its competitor. And ZeroNET has the bling and the wow factor, but much of the underlying system is.. unfinished. It also requires some heafty frontend with backing DB as well. It seems cobbled on and over-engineered.

IPFS, on the other hand, is clean and clear of its focus. It's simple enough to do as it purports. It works now. It seamlessly works with gateways to allow non-IPFS users to access the network. It's network agnostic: ip4, 6, and whatever else is a protocol addon. And it seems to be on its way to an IETF standard.

i've been exploring secure scuttlebutt for the last couple of days. very cool project built around a fully decentralized FOAF graph of peers publishing/storing/forwarding append-only logs. they even have some nice applications that you can use today!

ipfs is a decent storage system, but i think there are better ways to model applications for a decentralized world.

[0]: https://www.scuttlebutt.nz/ [1]: http://scuttlebot.io/

Blockstack can use IPFS for storage. If you create "mycoolapp.app" (or "myname.id" to use a namespace that currently exists), you can store application code or even data in IPFS (using the http-gateway just like you did now).

Blockstack provides naming, identity and security (you know what public key is connected to "myname.id").

IPFS fails to be a viable next-gen protocol on a few important fronts, probably most importantly on immutability. IPFS is a great P2P network for document archives, but its narrow focus means it will not exceed that limitation, IMO.

Ok, can I just run the server to support the project? I have some Azure credits and would like to put them to good use.

I don't know too much about Blockchains, but wouldn't Ethereum be a better choice for something like this?

No. Better to have a dumb network. Keep things as simple as possible. Transactions on the bitcoin network suffice.

Perpetual motion is finally here!

Any ideas about whether this is ready for someone to start a company on?

I believe the current internet is a living creature and the sarcasm and snark it produces are natural defenses against any new internet someone tries to create.

Ethereum is going to dominate this.

All of these blockchain-based protocols are impractical. Blockchain is wasteful and slow. It may work adequately for a transaction ledger, but it doesn't work for the web's primary purpose of distributing arbitrary information ad-hoc and on-demand.

Totally agree. A lot of hype without real understanding of the limitations.


> Imagine a world where people don't have property rights. In this world, you cannot own a house, and all your belongings are kept in a storage facility owned by a few corporations. And in this world, walking into any store or theater implies that you disclose all your personal information, places you've been, other things you've bought to the business owners. You are tracked 24/7, your belongings are stolen from storage facilities, and you can't do anything about it.

Most of us would not stand for this in our real, everyday lives. But on the internet, we tolerate and even expect it. We become dependent on nameless, faceless, remote parties just by connecting. On the internet, we are powerless. Our existence on the internet is defined by others, whether that other be a mega-corporation or a government.

Now, we can change that.

Beautiful mission statement.

I like that it's an anti-corporate sentiment, but with an appeal to property rights. I almost suspect it's a deliberate clever way to appeal across the spectrum.

Well, you can still support individual/grassroots property rights while rejecting corporativism

Indeed it is! I'd love to know more about the technology backing it, but right now my options appear to be either the app developer tutorials, which reveal nothing, or deep-diving the core code, which I lack anything remotely resembling time enough to do.

What am I missing?

Here's a page with papers about how it works: https://blockstack.org/papers

The problem that the blockchain solves is essentially one of decentralised consensus on mutable data. Decentralised consensus on immutable data is "easy" (see Bittorrent, IPFS), but getting everyone to agree on who owns "yoursite.com" and what data it points to fundamentally depends on a universally agreed key-value mapping. Using a blockchain allows everyone to agree on such a mapping, with some nice extras thrown in like blind auctions and public key crypto. Namecoin and the newly launched Ethereum Name Service work similarly.

The big question given the inefficiency of proof-of-work blockchains is whether there are other ways to do decentralised mutable data. I'm currently working for MaidSafe, whose approach is based on a more traditional DHT and voting amongst randomised groups of nodes. We're still in alpha however, so for now the working systems are all blockchain based.

So...this whole thing is basically a DNSSEC competitor?

Yes, but arguably more decentralised

And more expensive, and slower, and only functional at all after buying into an entire parallel infrastructure that doesn't appear to interoperate with what the rest of the world uses, and all you actually get out of it is name service.

This is not a new Internet. This is a good way to waste time, effort, and money on something that's had a lot more thought put into the comprehensiveness of its rhetoric than into the comprehensiveness of its actual offering.

Is it from Silicon Valley (tv show) ?

While that one is mostly fictional, it is creating an actual completely decentralized version of the internet by creating an ad-hoc network using people's phones.

This still requires you to have your normal internet to connect to it and use it.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact