I Want To Surf the Not-World Not-Wide Web

The World Wide Web is awesome. It’s “World-Wide”, and it’s a “Web”, meaning everybody and anybody can connect with everybody and anybody! Information is shared and everybody can read it! The WWW rocks.

Well, it rocks for things that are meant to publicly available.

Once you want to share information with just one or a few people things get a little weird.

If you want to host your own private little island on the web for just you and a few known friends or family you find that the web is hostile to your intentions.

“But that’s not the point of the web! It’s for sharing information publicly!” True, but there are other use-cases that could benefit from the amazing tech of the web, and they are being shunned right now, and it’s unfortunate.

I would like to leverage the amazing qualities of web technologies for a different use-case: private interactions. Essentially I want to use the web browser, but to browse the not-World not-Wide Web.

Web browsers are great

  • Web browsers are available on any operating system. Ubiquitous.
  • There are alternative browsers by different vendors. Choice.
  • They’re built on standards and don’t break backwards compatibility. Longevity.
  • Most web browsers have good security and isolation properties. Safety.
  • I can create a well formatted readable document with just a bit of HTML and CSS. Simplicity.
  • I can create a highly interactive application using JavaScript, if I choose to. No limits.

The browser platform is incredible. But the networking protocols they work with are utterly hostile to private interactions.

I have built web-apps that are private-only. One is Leftovers. I also have a shopping list web-app my wife and I use. My personal note-taking app is a web-app, I am its sole user. I have ideas for others. In fact I’m building an entire platform for supporting these use cases.

But the thing I keep coming up against is the “World” “Wide” “Web”.

The problem

Here is how the web works, basically:

  1. you enter or click on an address, like http://olivierforget.net/blog/
  2. that gets turned into a magic number, the IP, that looks like 50.18.142.31
  3. your request is sent to the computer at that IP.
  4. that computer sends you what it deems is at that address

Looks fine, right? Let’s look at those steps again in light of a private interaction:

  1. you enter or click on an address. The domain is a public record that may even contain your personal info like your physical home address.
  2. get that public IP address by contacting some 3rd party server that may or may not keep a record of the fact you looked up this address
  3. the request is sent to the other computer over the public IP network.
  4. It’s only after you’ve done all this that the other computer gets a chance to ask you for your username and password to get into a private interaction.

So much of this private interaction leaves a public trace.

It’s like having to set up a booth on Times Square to get a hug from your grandma.

It just doesn’t make any sense.

It also means that to serve something privately, you have to expose the computer to the public internet, which means you’re on the receiving end of bots and other unsavory characters. Remember how the great thing about the WWW is that it allows anybody and everybody to connect? Yeah, that applies to all the state actors and script kiddies too.

Setting up a computer with a public IP is like walking into a pirate bar with an “I Hate Parrots” t-shirt.

Don’t get me wrong, again. I love the World Wide Web… for Public information. But for doing private, family and friends stuff it’s just the wrong architecture.

What do I want?

I’d like to be able to leverage some of the technologies of the web, like the fantastic run-anywhere abilities of HTML+CSS+JS, but via a private network.

  • I don’t want to have to buy and renew a globally unique domain name just to share with a dozen people
  • I don’t want that domain name part of the public record along with my home address (and I don’t want to pay extra to hide personal details)
  • I should not need an external service to navigate to this domain, like a DNS server run by some company
  • I don’t want to have to go through a third party to obtain a TLS cert that goes into the public record just to get a secure context
  • I don’t want the computers where I host stuff for my friends and family to have reachable public IPs

What does it look like?

I don’t know exactly. This is a gripe / wishful thinking post, not a solution post. Sorry.

But I suspect it’s a bit like a Tailscale tailnet, but geared more towards personal interactions.

Perhaps web browsers would embrace Wireguard natively and treat such connections as secure. Something like that.

We’d need an alternative to the whole Public DNS thing. Maybe GNU Name system? But it needs to be user-friendly and browsers would have to support it.

So yeah, I’m just dreaming here.

Olivier Forget

Los Angeles, USA
RSS Email Mastodon

Aerospace Engineer turned sofware developer and bootstrappin' entrepreneur.