Building SILO: a truly private internet
Today we’re pleased to announce that we’ve teamed up with Loki to bring you SILO: a privacy layer for the permaweb. With SILO, communication on the permaweb is possible without interception from any external entity. This means that all data transmitted is private between the publisher and the receiver; there is no third party access, and no snooping of your data by corporations or governments.
Loki is a decentralised network that allows users to transact and communicate privately over the internet, providing a suite of tools to help maintain user privacy while browsing and communicating online. Combining Arweave and Loki’s capabilities, SILO presents a truly private, and permanent online communication.
To understand the significance of SILO, we must first understand how common communication protocols work on the current web:
HTTP: is used to send and receive web pages and files on the internet. However, when you use HTTP everyone intercepts your data as it’s moving — everybody can see who is communicating with who, and what is being said. HTTP is fully transparent.
HTTPS: is the same as HTTP, except that it is secured by an SSL connection that encrypts and decrypts data being sent and received. When two people are communicating online, others will be able to see that they are communicating, but not what they’re saying.
Tor: enables anonymous online communication via ‘onion routing’ — instead of sending data directly from the sender to the recipient, Tor first sends the information on a random path (through other nodes) before it reaches its destination. This makes it very difficult to tell where data came from or where it’s going, but someone with access to the server where the data is being stored is likely still able to see the web pages on disk.
SILO: unlike Tor, offers complete privacy across the network. This means that nobody can see your data in transit, nor can they see who is communicating with who, and nodes storing the data are also unable to see what they are storing. Only the publisher/sender and the people they have given the name to can find and decrypt SILO pages — outside of this, the data cannot be found anywhere. It’s almost like it doesn’t exist.
Explain like I am 12: How does it work?
SILO uses a kind of symmetric encryption scheme to ensure that SILO pages can only be accessed by those that have its name. In the case of SILO, the publisher and accessor both share the same key for encryption and decryption.
Think of it like this — you want to organise a protest in an increasingly authoritarian country. Doing so on the traditional web will put both yourself and others at risk because of censorship, government surveillance and potential disruption. In order to successfully organise your protest, you need a page that can easily be shared amongst others but one that is secret from the prying eyes.
From the publisher’s perspective, they simply deploy their SILO page using the normal Arweave command line deployment tool (GUIs coming in the future!), making sure to specify the SILO name during upload. Those with the SILO name and the Arweave web extension installed can then simply type the ‘web+SILO://’ and the name in their browser and will be taken directly to the page.
Here is what your browser does under-the-hood when connecting you to a SILO page:
- The user enters a SILO site name into the URL bar. It will look something like this: web+SILO://mypage.15
- Your page name will be hashed 2n times, where ’n’ is the number at the end of your SILO page name.
- The output of the hashing is 32 seemingly (to a human) random bytes. By splitting this value, we are able to derive the ‘SILO-ID’ and the ‘key’.
[The number you give your page determines how secure it is. The higher the number, the harder it is to derive the key and ID pair, making it even more difficult for an attacker without the name to access that data.]
4. The Arweave web extension then asks the network for the transaction related to this SILO-ID, communicating via the Loki privacy network. In order to decrypt the page, an observer must have the SILO-ID and the key, so sending the ID to the hosting Arweave node does not expose its content to the hoster.
5. Once the data transaction has been retrieved, the content is decrypted using the secret ‘key’, then rendered in the user’s browser.
As ever, when implementing such privacy protocols we think carefully about accountability. To put it simply: in SILO, if the name of the page becomes public knowledge then it could be traced back to the publisher via their wallet address.
The page is only as secret as its name.
If the name is released outside the circle of people you share it with, it’ll be forever available and the publisher will be accountable for it.
For some miners, storing unknown data sources can be problematic. To accommodate all miners in the Arweave network, we will be implementing an opt-out function before the full release of SILO so that miners can choose whether they wish to store these encrypted files or not. It is worth noting that other decentralised data storage platforms require you to store encrypted files, therefore giving miners no control over the data that they store.
The Arweave-side of the SILO protocol is already implemented and shipped in the Arweave deploy script and web extension, with the Loki side coming soon.
Stay tuned as we be announce more exciting permaweb partnerships in the coming weeks!