Private Internet
kevincox.caMost of these proposals would probably make the internet a worse place rather than a better one.
Complete anonymity on L3 would result in all tracking being on L7 instead. Right now at least most people can use Google/YouTube/most other websites without creating an account. With complete anonymity, it's all but certain that all of these would need to be gated by account creation to prevent abuse.
This would actively increase the ability for websites to track you, or else they'd need to be able to somehow handle abuse with exactly 0 information about where any given connection is coming from.
I don't think these proposals were seriously thought out by the OP.
> Most of these proposals would probably make the internet a worse place rather than a better one.
Nice try, Google.
But more seriously:
> Complete anonymity on L3 would result in all tracking being on L7 instead
Good. Then we the users will have more control over it, and outright shut any tracking down. Even using a PiHole might become a thing of the past in this new reality, while also preserving anonymity and being able to pick and choose which traffic is desirable (at the client).
> With complete anonymity, it's all but certain that all of these would need to be gated by account creation to prevent abuse.
"Abuse" is such a nebulous term so as to be nearly meaningless these days. YouTube, Twitch and many others have claimed "abuse" for practically every single thing they don't like. Even today they are trying to shut down downloaders like yt-dlp by trying to obfuscate sources of the videos, adding short-lived tokens for access, and introducing ever more complex JS snippets for the official players to parse and run before being able to stream the video.
> This would actively increase the ability for websites to track you, or else they'd need to be able to somehow handle abuse with exactly 0 information about where any given connection is coming from.
Well, I for one will not weep for at least 80% of today's internet if it got down tomorrow because tracking no longer exist and those "businesses" are no longer solvent and able to sustain themselves.
As for flooding, maybe it should not be their prerogative then. ISPs should handle it. "User X just sent 1 million packets in the last 5 seconds! Shut him down!" and what do you know, suddendly DoS attacks nearly cease to exist overnight. That includes shutting down an entire internet cafe from which somebody decided to play hacker from the movies. Let the internet cafe figure it out. Let them buy a better router or install software that enforces packets per second. This software will quickly get commoditized in this new era and it will be mostly trivially easy to install it.
There are possibilities.
...I'll grant you that DDoS is still a problem though. But with enough encryption and going through several hops it might become impractical -- or at least less practical than it is right now, because these two factors increase your latency towards the attacked target, meaning that the attacked server(s) should absorb the attack(s) easier than before. And, again, individual ISPs should firmly say "NOPE" to any bad actor.
And even if this new routing and encryption get so commoditized that our current levels of DDoS become feasible again, I'll say again and again that ISPs should learn to quickly throttle misbehaving users.
Finally, how do we address malicious state actors owning their own ISPs or even entire peerings between several of them? No idea, but the next-ish ISP in the chain could still severely throttle packets per second if the bad actor ISP starts spamming. But here I am truly not sure if this can actually be solved.
Is anything I said feasible, or even making a lot of sense? Likely not much, granted, but I am not seeing "abuse" as an excuse to last much longer. Git gud, corporations!
Finally, we have so much modern tech that we can start modernizing the internet tomorrow. Of course we can't just swap tech that uses old protocols but putting payloads on top of TCP or UDP is not a problem; part of the desired anonymity guarantees will disappear, sure, but I find it weird how we in general wouldn't take even a partial win.
> User X just sent 1 million packets in the last 5 seconds! Shut him down!
How can you tell the difference between participating in a DoS versus uploading a file?
As long as we're redesigning the entire internet, make it so that a computer can request from its upstream that it no longer receive packets from a source. That upstream can request the same from its upstream and so on. I'm surprised this doesn't already exist honestly.
A sort of blacklist that propagates upstream, progressing thru DNS to final IP ranges. A preponderance of evidence gets a range banned until compliance is evident. Sounds good!
I don't think any file uploading software will send 1 million packets in 5 seconds. They will likely be several dozens of big packets.
I agree. Complete anonymity is bullshit. Internet should be pseudoanonymous. I mean, users should have static IP and thats it. Getting additional information about IP should be limited to law enforcement gov organizations (crime fighting).
Users should build they reputation on internet. If someone is asshole, then ok, expect to be banned on most places. Right now people do NOT care, because they are quite anonymous.
As for all other points he mentions, they are absolutly bad for Internet. He specified somethink more like a TOR (with he mentions) with is ok. Thats the point, maybe its time to treat internet more like a transport network and build small Internets on top of it. Infra is already there, there are shitload of VPN providers so people are kinda aware of that layer.
> Getting additional information about IP should be limited to law enforcement gov organizations (crime fighting).
How would that work in practice? Wouldn't companies like Google and Facebook still have so much user data as to effectively know everything they need about user IPs?
> Users should build they reputation on internet. If someone is asshole, then ok, expect to be banned on most places. Right now people do NOT care, because they are quite anonymous.
Combined with legal restrictions on IPs, how would this work? We would need some central authority for universal identity. If we look to the government there as well they'd have an easy path to censor whomever they want online.
They only know more because people are careless, providing them all the data. That is out of the scope. If you are careless, bad things can happen.
As for censorship, thet already can do it easy. Block domain for example of site when you publish you. Just try it yourself, setup up VPS w/ web that is very out of align with your gov. :)
> They only know more because people are careless, providing them all the data. That is out of the scope. If you are careless, bad things can happen.
Anyone seriously interested in not providing any data likely isn't using the internet at all though they're already fine regardless of IP tracking. There are very few types of online service that don't require some kind of data to be useful, whether its a user login, email address, or search queries.
> As for censorship, thet already can do it easy. Block domain for example of site when you publish you. Just try it yourself, setup up VPS w/ web that is very out of align with your gov. :)
That's a single point of attack though. The government can censor my website by forcing infrastructure companies to block it. Unless I misunderstood your earlier message though, a central authority gate keeping IP data would almost certainly lead to a single entity having the power to block me from the internet entirely.
If you have better solution. I am all ears.
I am myself not interested in providing any data to those companies and I am still using Internet. Yeah, I am avoid FAANG and related sites tho. Not that I am feeling Im loosing anything importand really...
> information about IP should be limited to law enforcement gov organizations (crime fighting).
AND, the limits on gov use should be strict and gov officials should be accountable for misuse. Without these, then the rest is for nothing.
Why do we want to be anonymous? I think if we look at it closely it is for self-centered reasons. We want the video platform but we don't want the ads to know who we are so we don't have to deal with spam (IE pay for the platform we want). We want to comment without editing what we say (troll) and not worry about the repercussions. The best moral reason I can come up with is to avoid sharing personal details that can be tracked back to us or used against us. Before the internet this was called a secret. You just didn't tell anyone. Generally there are ways around all the anonymity concerns that just involve abstaining or giving up feeling entitled to getting things for free or being able to dump our negativity on other "anonymous" people. What's wrong with traceability in all things. If we want to make the internet safer accountability works IRL why not online?