A better web

Published: Tue 02 August 2022

The current web has become hostile for both its users and the society at large; its problems include control, surveillance and manipulation. At Peergos, we have implemented an improved web architecture, which includes strict sandboxing and permissions, to empower and protect end-users. Our solution is not only secure, but convenient, as it works in existing browsers.

The web as it is today is, by design, ridden with hostility. The problems faced by its users fall into three main categories: ownership of identity, ownership of data, and surveillance capitalism. Websites want to own the identity of their users. This results in compromising either the convenience by having to log in to every site separately – or security and privacy, by outsourcing identity control to other third-party sites (“Would you like to log in with your Google or Facebook account?”), thus disclosing movements throughout the internet.

Websites also want to own their users' data. This means they can lock users out from their own data (or delete it) with little or no recourse. There are many examples of people losing their accounts or data in Dropbox or Google because an AI got a false positive. It also means users are forced into the provider’s interface for viewing data. Anyone who has ever been upset at a website's redesign knows this problem (e.g. see the recent outcry because of Instagram changing their interface trying to be more like Tiktok).

Big tech are hell-bent on maximising their profits at all costs - be it personal or societal. Every part of any major website is highly optimised to keep users engaged. This is the direct result of business models that compel companies to exploit their users like a resource: surveil them to serve them targeted ads, and manipulate them to spend more and more time on a website (to see more ads). There are many examples of this, quite frankly, abusive design deliberately manipulating users. Take the notification emails saying, "You've got a new message on our site, come login to see it!", when the message itself could have just been included in the email. Or the habit-forming “infinite scroll” in user feeds that tricks them into never leaving. Technology should be a useful tool, not an addictive drug that prevents consumers from doing anything else.

Apart from the above problems for users on the web, there are problems for creators as well. Creating a web app requires managing a server, arranging a domain name and TLS certificates, and perhaps running a database and handling data export and deletion requests. What if someone just wants to make some content and share it? Or maybe control access to their content so they can charge for it as well? The only viable option right now is to post to one of the big oppressive platforms like YouTube or Twitter.

The current web architecture looks like this:

current web
The current web's architecture, where each website controls your identity and owns your data.

A better architecture for users would let people own their identity and data and selectively grant web apps access to these. This is illustrated below:

ideal web
A better web architecture empowering users to own their identity and data and grant apps access to parts of it.

This architecture is exactly what we've created in Peergos. User identity is controlled by users themselves, not by their home servers, or the Peergos network. Users own their data, since it is all stored in their personal datastore, fully encrypted. Users decide who can see what.

We have an application sandbox to run custom apps. How does it work? An app in Peergos is basically just a folder of HTML5 assets. The sandbox locks down the app totally, so it can't steal private data. The idea is that even running a malicious app and granting it read-access to private data is still perfectly safe. Because an app is just a folder, access to it can be controlled – just like anything else in Peergos. Charging users for an app? Not a problem! Additionally, the app sandbox also prevents the app from communicating with its author without user consent, making tracking impossible by design. We want to isolate apps from each other, and from the main Peergos page. The architecture looks like this:

app sandbox
App sandbox

Each app is loaded on a unique subdomain (a hash of the Peergos path of the app code). The sandbox runs in a separate operating system process with the use of COOP and COEP headers, and CSP is used to lock down the sandbox so it can't talk to the external web. The server returns the same static assets for all subdomains. These assets simply set up a service worker, and load the app in an iframe. The service worker intercepts requests from the app for assets or API calls, and send them via post messages to the parent Peergos context, where they can be checked against any permissions the app has been granted before answering.

One of the permissions that the app can be granted is the ability to store data in a folder within Peergos. This data is owned and controlled by the user, since it is in their private drive. Other permissions include reading a file or folder, reading and modifying a file, registering to open certain kinds of files, sending messages to selected friends, and much more. We have some demo apps written here that include:

image  editor
Image editor

winamp clone
Winamp clone

tiddly wiki
TiddlyWiki 5 - a non-linear personal web notebook

We also used the sandbox to implement a web browser for private websites in Peergos. Any Peergos folder of HTML assets can be viewed in this browser, and different sites are isolated from each other in the same way different apps are. Different websites can be linked via their Peergos path, and anyone who has access to those files can follow the links. During this process, the Peergos server doesn't see any paths or assets. All requests are handled locally just as for other Peergos files.

Such a private web is super cool because not only is third-party tracking impossible because of the sandbox, but even first-party tracking can be prevented, depending on how Peergos is run. This is how the web should be, protecting end users, not exploiting them. The inventor and futurist Buckminster Fuller once said,

“You never change things by fighting the existing reality. To change something, build a new model that makes the existing model obsolete.”

Want to join the party? Create a free account on https://peergos.net or self-host your own private personal datastore.

NGI Pointer NGI Pointer

This project has received funding from the European Union’s Horizon 2020 research and innovation programme within the framework of the NGI-POINTER Project funded under grant agreement No 871528


Back to Top