From 47c0d7ea974b89fc889d3dddeeeffa06390f11e0 Mon Sep 17 00:00:00 2001
From: inference <admin@inferencium.net>
Date: Thu, 30 Jun 2022 01:52:14 +0100
Subject: [PATCH] Add Blog #2 - Untrusted: The Issue with Decentralisation.

---
 ...usted-the-issue-with-decentralisation.html | 129 ++++++++++++++++++
 1 file changed, 129 insertions(+)
 create mode 100644 blog/untrusted-the-issue-with-decentralisation.html

diff --git a/blog/untrusted-the-issue-with-decentralisation.html b/blog/untrusted-the-issue-with-decentralisation.html
new file mode 100644
index 0000000..1252fe2
--- /dev/null
+++ b/blog/untrusted-the-issue-with-decentralisation.html
@@ -0,0 +1,129 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Inferencium Network - Blog - Untrusted: The Issue with Decentralisation</title>
+<link rel="stylesheet" href="../infnet.css">
+</head>
+<body>
+<h1>Blog - #2</h1>
+<br>
+<h2>Untrusted: The Issue with Decentralisation</h2>
+<br>
+<p>Posted: 2022-06-29 (UTC+00:00)</p>
+<p>Updated: 2022-06-29 (UTC+00:00)</p>
+<br>
+<h4>Introduction</h4>
+<p>A recent trend is seeing people move towards decentralised services and<br>
+platforms. While this is reasonable and I can understand why they are doing<br>
+such a thing, they are seemingly doing it without thinking about the<br>
+possible consequences of doing so. The issue with decentralisation is<br>
+trust; there is no way to pin a key to a specific person, to ensure that<br>
+you are communicating with the same person you are supposed to be<br>
+communicating with. In this article, I will discuss some of the security<br>
+issues with the decentralised model.</p>
+<br>
+<h4>Example: Messaging</h4>
+<p>When it comes to messaging your contacts on a centralised platform,<br>
+such as Twitter or Facebook, the keys are pinned to that user account,<br>
+using the user's password as the method of identification. This approach<br>
+makes it impossible to log in as a specific user without their password,<br>
+should it be strong enough to not be guessed, whether via personal guessing<br>
+or exhaustive search. The trust in this centralised model is the high<br>
+security these platforms have. It is extremely unlikely that anyone other<br>
+than a government would be able to access the accounts stored on such<br>
+platforms' servers, which makes the physical security trusted. As for<br>
+remote security, should a user's password be compromised, it can typically<br>
+be reset if the user can prove they are the owner of the account via some<br>
+form of identification; this is where the trust issue of decentralisation<br>
+occurs.</p>
+<br>
+In the decentralised model, keys are kept on the users' devices, in their<br>
+possession. While this soveriegnty is welcomed, it indroduces a critical<br>
+flaw in the security of communicating with anyone via a decentralised<br>
+platform; should a user's device be lost, stolen, or otherwise compromised,<br>
+there is no way to know it happened and what the new keys really are, and<br>
+if the same user generated those keys. There is no centralised point where<br>
+anyone can go to check if the compromised user has updated their keys,<br>
+which means there must already have been at least one other secure channel<br>
+in place before the compromise occurred. Even if there was, the security<br>
+of endpoint devices, especially typical users, is much lower than a well<br>
+protected corporation's servers, making even those secure channels<br>
+questionable to trust. Should all secure channels be compromised, there is<br>
+literally no way to know if the person you are communicating with is the<br>
+real person or an imposter; there is no root of trust. This point is fatal;<br>
+game over. The only way to establish trust again would be to physically<br>
+meet and exchange keys.</p>
+<br>
+<h4>Solution</h4>
+<p>I'll cut to the chase; there isn't a definitive solution. The best way<br>
+to handle this situation is to design your threat model and think about<br>
+your reasoning for avoiding centralised platforms. Is it lack of trust of<br>
+a specific company? Is it the possibility of centralised platforms going<br>
+offline? Only by thinking logically and tactically can you solve both the<br>
+issue of centralisation and decentralisation. Often, one size fits all is<br>
+never the correct approach, nor does it typically work.</p>
+<br>
+In order to avoid the issue of loss of trust due to lack of root of trust,<br>
+all users' keys must be stored in a centralised location where all contacts<br>
+are able to go to in case of compromise or to periodically check the state<br>
+of keys and to see if they have changed. This centralised location requires<br>
+some sort of identification to ensure that the user changing their keys is<br>
+really the same person who initially signed up for the platform, using a<br>
+trust-on-first-use (TOFU) model, which isn't much different than what<br>
+today's centralised platforms are already doing; the only difference is who<br>
+is controlling the location; trust is still present and required.</p>
+<br>
+In order to have a root of trust, I have posted my keys to my website,<br>
+which is protected by multiple layers of security:<br>
+<br>
+1. I have provided identification to my domain name registrar, to ensure I<br>
+can access the website I rightfully own, should it be compromised, by<br>
+providing identification to the domain name registrar.<br>
+<br>
+2. I have provided identification to my virtual private server host, to<br>
+ensure I can access the virtual private servers I rightfully rent, should<br>
+they be compromised, by providing identification to the virtual private<br>
+server host.<br>
+<br>
+3. I have pinned my website to a globally trusted certificate authority,<br>
+Let's Encrypt, which is a trsuted party to manage TLS certificates and<br>
+ensure ownership of the domain when connecting to it.<br>
+<br>
+4. I have enabled DNSSEC on my domain, so it is extremely difficult to<br>
+spoof my domain to make you believe you're connecting to it when you're<br>
+actually connecting to someone else's.
+<br>
+While not the most secure implementation a root of trust, but it is the<br>
+most secure implementation currently available to me. While the domain<br>
+name registrar or virtual private server host could tamper with my domain<br>
+and data, they are the most trustworthy parties available.<br>
+In its current form, decentralisation would make this impossible to<br>
+implement in any form.<br>
+<br>
+<h4>Conclusion</h4>
+<p>Do not demand anonymity; demand privacy and control of your own data.<br>
+It is possible for someone else to hold your keys, without them taking<br>
+control of them and dictating what you can and cannot do (Twitter's<br>
+misinformation policy comes to mind). If a platform is not listening to<br>
+your or other people's concerns about how it is run, show those platforms<br>
+that you will not stand for it, and move to a different one. This may not<br>
+be ideal, but it's not different to moving from one decentralised platform<br>
+to another. Centralisation isn't what is evil, the people in control of the<br>
+platforms are what is potentially evil. Carefully, logically, and<br>
+tactically, choose who to trust. Decentralisation doesn't do much for trust<br>
+when you must still trust the operator of the decentralised platform, and<br>
+are still subject to the possibly draconian policies of that decentralised<br>
+platform. If government is what you are trying to avoid, there is no<br>
+denying it is feasibly impossible to avoid it; a government could always<br>
+take down the decentralised platform, forcing you to move to another,<br>
+and they could also take down the centralised key storage site mentioned<br>
+earlier in this article. A government is not something you can so easily<br>
+avoid. Decentralisation does not solve the government issue. In order to<br>
+live a happy, fun, and fulfilled life, while protecting yourself against<br>
+logical threats, there are only two words you must live by: Threat model.</p>
+<br>
+<br>
+<br>
+<a href="blog.html">Back</a>
+</body>
+</html>