Where we are
The network now has 2 major design flaws, that can have great influence on the usability of the network in the future.
The first one is that ZeroNet provides the low cost creating new user accounts and relatively high cost filtering them. Due to the growing popularity of ZeroNet, the probability that various destructive forces will pay attention to Zeronet increases. In the current design, ZeroNet has little or no means to protect from bots, spam, DoS attacks etc. The user blacklisting approach is not reliable against massive spam attacks in the long run.
We should take into account the worst case, when automated attacks render any zite, that provides the write access for the user (ZeroId) certificates, totally unusable. ZeroID certificate provider itself can also be easily put out of action, registerings lots of certificates and/or DDoS-ing the hoster's IP addresses.
The second issue is what we recently faced, when balancer73, the owner of lots of ZeroNet forums and blogs died.
The current ZeroNet infrastructure is controlled by several sparse individuals and totally depends on them. If the owner dies, gets in jail, gets intimidated or just losts his/her interest in the project, the zites gets unmaintained. It is still better than the complete lost of Clearnet sites in the same case, but I believe we can do it better.
There is also the third issue, that is not a design flaw, but a whitespace in the organization of our community. We have a lot of various zites here, including popular ones, such as Talk.ZeroNetwork.bit and ZeroMe, but the most of those zites are just common "talk about everything" zites, and none of them is dedicated to the development of the network. The discussions about zite and network development are scattered here and there, on a couple of forums, a couple of chats, ZeroMe, ZeroMedium, some blogs etc. Github is also a place for many discussion, but Github is a centralized site, that can be a point of failure.
So I guess we should run a discussion zite or a number of zites, dedicated to the network itself, where all the notable developers will probably participate.
What we can do
Taking into account all the above, I offer creating a set of zites and also an informal organization that manages those zites.
The policy of accessing the zites should be such, that the zites would be reliable against spam attacks. It is the white-listing policy. We can start with the usual black-listing policy (i.e. only real spammers are blocked), so any users have the access by default. But in the case of the attack or the attack threat, we switch to the restrictive policy, so any know non-spam account are allowed to post, and all others are not. (Technically, it can be done by setting zero as the default
max_size value, and setting some actual non-zero value for each real user individually.)
That zite or zites should be known as the place, that is ready to react to the attack as soon as possible, so in the case of troubles users can get there, discuss the situation and make some decisions.
On the zite, there should be contacts in various messaging services and media, where the zite administrators can be found, so new users can ask for adding them. There should also be some well-known ways to safely for the community to communicate outside of ZeroNet in critical situations. (Maybe Tox, BitMessage etc)
That addresses the first issue.
To address the second issue, and also to increase the readiness to react to an attack, there should be several administrators on a zite. If a zite is managed in cooperative way, the reliability is greatly increased. The life circumstances of a single individual is not a single point of failure any more. As far as I know, the current implementation allows assigning a set of keys for each content.json
include-d from the root content.json, so we can assign different access levels for different persons. It is not only the primary private key owner who is allowed to modify the essential parts of the zite. The owner can share the write access to trusted users.
And since the trusted users, who run the zite, are probably developers (or at least, most of them), that zite would also be a nice place for productive discussions about the network development. So it addresses the third issue.
We can start with the default ZeroTalk engine, and step by step, we can develop a powerful forum engine. If we start and keep addressing issues, that appears during the use of the engine, we can finally get a nice engine suitable not only for our project, but for many other zites.
In the same way, we can improve other engines, such as ZeroBlog or ZeroUp.
I believe our community needs more cooperation and integration. I know there are great developers here, and if we work together, we can create wonderful tools for the better future.
Vadim Ushakov firstname.lastname@example.org
Jan 31, 2019