In the previous post in this series, I highlighted some standards that I think could help communicate the variances in networks. I had some great feedback from several individuals which pushed me to explore the roles of network administration and effect on control a bit deeper. Networks like Skype (before switching to client-server in 2014) and Spotify have structures that are peer-to-peer (p2p) topographically but also include a central entity for system critical components like registration and peer discovery. Since this sort of set-up is widely considered p2p and technically falls under our definition of distributed (passes messages directly between clients) but does not hold up to the requirements of decentralized due to the centralized administration points, how can we fit this network type into our terminology standards? What effect does this administration role in an otherwise p2p network have?
The Hidden Hand That Feeds
Hybrid or Pure
To better communicate the difference between p2p networks with central registration and closed access (Skype, Spotify) and those with decentralized registration or no registration and open access (SAFE Network, Bitcoin, BitTorrent), a great resource to consider is A Definition of Peer-to-Peer Networking for the Classification of Peer-to-Peer Architectures and Applications (pdf) by Rüdiger Schollmeier published in 2002. And while I made an indication in the last write-up that frequent revisiting of terms is necessary for such evolving technology, this is a case where the standards defined have stayed consistent with modern use cases and incorporating them into our language adds value. In this paper, Schollmeier defines p2p networks with administration roles or where “a central entity is necessary to provide parts of the offered network services” as hybrid peer-to-peer networks. Contrarily, he defines pure peer-to-peer networks as those where any “…entity can be removed from the network without having the network suffering any loss of network service.” I quite like this wording as the hybrid and pure descriptors make the distinctions easily understood. It’s valid here to point out the terms closed and open as analogous to hybrid and pure but in some contexts might be more useful especially when distinguishing central registration processes from those with decentralized or no registration. So while peer-to-peer is used to describe network structure, it does not paint the whole picture and using these new terms to talk more specifically about networks takes us a step beyond network topology to make clear whether hidden entities exist.
Required or Facilitating
In the Skype example, the central coordinating entity was required for registration and finding connections between peers which categorizes it as hybrid. It’s important here to note that this administration point is a requirement for proper network function and that it’s possible for pure p2p networks to use administration points for simply facilitating discovery. While not discussed in the Schollmeier paper, we can still relate to the definitions he laid out. BitTorrent trackers are central entities for finding peers faster but not “…necessary to provide parts of the offered network services”. To avoid a central discovery requirement, peer-to-peer networks often employ gossip protocols for decentralized node discovery where nodes relay information about already connected peers to facilitate new connections. In another example, the mesh networking application for sharing internet access by Open Garden should be considered a pure p2p network even with a server to facilitate finding other devices because it is not required. Here, the entity acts to provide a more seamless user experience, but in situations where a device is without Internet access or ISP networks are congested, a user can do manual pairing and bypass the admin. For the record their other app, FireChat, should be considered a hybrid and closed p2p network because of its central entity requirement for initial user registration and login even though there is a similar manual connection process if the server isn’t accessible post-registration. To avoid centrally controlled registration in a p2p network, employing blockchains is becoming a more popular solution but comes with privacy concerns if users aren’t proactive. MaidSafe has built an alternate approach removing third-parties and preserving anonymity called self-authentication for the SAFE Network. So while there are many kinds of networks which make use of p2p topology, some fall short when it comes to registration or peer discovery requirements as opposed to being independent of administration and accepting an optional, facilitating hand.
Decentralizing Administration with Multiple Hands
A final consideration of networks with p2p topologies are those with multiple administrative points rather than a single entity. While not as common, we can look at the Tor network’s use of directory authorities as an example. I should take this time to quickly mention that in the last post, I classified Tor a decentralized (but not p2p) network because it maintains a client-server infrastructure (which implies a hierarchy rather than flat structure) but nevertheless, the concept of dependence on administrative roles is carried over. Directory authorities are servers in the Tor network which create consensus around a public list of network nodes to route traffic through. This allows for properties like blacklisting IP addresses showing suspicious behavior and maintaining a complete list of Tor nodes without storing this data on each of them. If clients are blocked from accessing these authorities (ie. via the Great Firewall), they may connect through private servers called bridge relays but Tor routing nodes still need this list to access other connections to further forward the traffic. While Tor functionality depends on this directory, it is maintained by a consensus process made up of several independently run servers and thus alleviating a central administrator. Similarly, in the beginning days of the BitTorrent network (before implementing a dht-based discovery process), it required the tracker servers for discovering other peers. Categorizing these situations as pure or hybrid is therefore mostly dependent on the number and ownership of administration points: the more directory authorities owned by a diverse group of people, for example, the less the network depends on a single authority and teetering classification towards pure.
The Hand That Feeds is the Hand That Owns
The Range of De/centralization
By dissecting the role of administrative points in decentralized and p2p networks it is now clear that network topology is only one aspect that is important to consider in how we communicate networks. Requirements for entities outside of the topology illustrate how even p2p networks can have hidden ownership structures. While the collection of nodes is still a vital component in the functionality of a p2p system, the required administrative points carry more importance for network functionality and therefore, the people operating these points have proportionately more ownership than those operating network nodes. While central network ownership through an admin is not inherently bad, the consequences of this model can be detrimental and prone to censorship, surveillance or attack. This ownership model brings back vulnerabilities of centralized network topologies where all messages must go through a central point. Likewise, networks with multiple admin points show similar ownership properties as decentralized networks where there are a smaller number of backbone nodes enabling greater capabilities like longer distance connections in mesh networks or increased computing and hosting power like servers in the traditional Internet. Whether part of the topology or not, central points of dependence hold more importance in functionality of the overall network and as a result correlates to power and ownership. If there are enough of these points, it is not necessarily a problem but it is not enough to have multiple points: they must also be maintained by different people as to reduce chances of centralization or collusion.
The Range of De/centralization
The term “decentralized” in this sense should be seen as a range where the more spread out the ownership of the network is, the more decentralized the network itself is. Even when considering pure p2p networks, distribution of node ownership is critical. Networks like Tor, MaidSafe and Bitcoin lose a lot of their security properties the more a single entity owns network nodes. A common vulnerability in p2p networks happens when an entity can flood the system with nodes under their control or through the reverse where individual users discontinue operation of nodes, shrinking the spread of power. Outreach programs for Tor aim to onboard new node operators as there are fears that organizations like the NSA operate many Tor nodes in an attempt to undermine the security and monitor network traffic. This is also a strong point in the current Bitcoin blocksize debate where those against large blocksizes argue that the larger the bitcoin blockchain is, the more resources a node requires thus removing ability for some people to run them and effectively pushing it towards a less decentralized network and a greater potential for centralizing ownership. In the SAFE Network, we have implemented a more dynamic resource usage algorithm based off a sigmoid curve in hopes to diversify the ownership of the network as much as possible and greater resistance to attacks from actors owning many nodes by requiring a chain of consensus for each action.
Communicating Commonly Owned Networks
By zeroing in on some finer points of networks beyond topology such as administration roles and ownership considerations, we can continue to clarify distinctions between networks in order to understand them better. While closed networks operated and maintained by a company might gain some benefit from central administrative and ownership capabilities of hybrid p2p networks, open networks that are for the benefit of a general population should prioritise wider ownership to remove central dependences. Attacks on decentralized networks become harder and general network health increases with the more individuals that participate and take partial ownership. Unfortunately for the current Internet, corporations have taken ownership of much of the network and are in critical positions of power. By re-aligning incentive structures to spread out ownership, p2p networks like SAFE will give Internet users a second chance to rally around an alternative that offers an commonly maintained and owned infrastructure.