The next time you type the name of a website into your browser, pause for a second to think about what happens after you press “enter.”
What happens is that your browser sends that name—technologyreview.com, say—to a network of computers called the Domain Name System. The DNS is often called the internet’s phone book, and it converts (or in internet parlance, “resolves”) website names into IP addresses—in this case, 188.8.131.52. These numbers are what allow your browser to find the right server on the internet and connect to it.
We use the DNS because most humans are bad at keeping track of long numbers. It doesn’t get much attention; you don’t normally have to think about what the DNS is doing in the background. But you do have to trust it, which means trusting a handful of organizations that have been charged with keeping the DNS working and secure.
To people like Steven McKie, a developer for and investor in an open-source project called the Handshake Network, this centralized power over internet naming makes the internet vulnerable to both censorship and cyberattacks. Handshake wants to decentralize it by creating an alternative naming system that nobody controls. In doing so, it could help protect us from hackers trying to exploit the DNS’s security weaknesses, and from governments hoping to use it to block free expression.
The system would be based on blockchain technology, meaning it would be software that runs on a widely distributed network of computers. In theory, it would have no single point of failure and depend on no human-run organization that could be corrupted or co-opted. Handshake’s software is a heavily modified version (or “fork”) of Bitcoin, and just as Bitcoin’s network of miners protects the cryptocurrency from manipulation and makes it virtually impossible for authorities to shut down, a similar network could keep a permanent, censorship-resistant record of internet names.
The Handshake team is far from the first to try to create a decentralized naming system for the web. But unlike previous efforts, Handshake isn’t trying to replace DNS but work with it. “The point is to create an alternative, resilient network for people to fall back on,” says McKie.
What’s in a name? In the real world, multiple things or people can have the same one. In computer network protocols, the answer is more specific. A principle called Zooko’s Triangle, after cryptographer Zooko Wilcox-O’Hearn, holds that an ideal name should have three distinct qualities.
First, a name should be secure. When you type a website’s name into your browser, you should be able to trust that the response didn’t come from an imposter. Second, an ideal name should make sense to humans as well as to computers. Finally, no central authority should be able to censor or block it. “That’s the leg of the triangle that they skip to get it to work,” says Joseph Bonneau, an assistant professor of computer science at New York University.
The organization with the most centralized power over the DNS is a Los Angeles–based nonprofit, the Internet Corporation for Assigned Names and Numbers. ICANN is responsible for overseeing the so-called DNS root, the highest level of the hierarchical global network of DNS servers. ICANN is also responsible for allocating new “top-level domain names,” which include .com, .org, .net, and most two-letter country codes.
Advocates of freedom of expression online have long warned that relying on a single, bureaucratic organization both to oversee the DNS root and to assign top-level domains is dangerous. They worry that ICANN could decide, perhaps under pressure from certain governments or corporations, to censor the internet by removing names from the DNS, or by prohibiting the use of certain names to begin with.
Besides ICANN, there’s yet another class of organization whose job Handshake aims to decentralize. See that little padlock icon in your browser bar, to the left of the domain name? That means your computer has verified that your connection to this website is encrypted and that the site is authentic, not a fake one designed by a criminal trying to steal your login credentials. It does that by checking the veracity of a string of numbers called the site’s digital certificate, issued by one of a number of so-called certificate authorities. These entities, many of which are for-profit companies, are crucial to internet security.
They can also get hacked. And if one gets breached, and an attacker can start issuing fake certificates, it undermines the security of the whole internet. But if website names are managed on a tamper-resistant blockchain, then you don’t need certificate authorities; the naming system itself can provide the guarantee that the site you’re connected to is real. That’s what Handshake aims to do.
Learning from Namecoin
The idea that a blockchain could be used to uphold Zooko’s Triangle has appealed to enthusiasts from almost day one. A project called Namecoin, which is widely believed to be the first fork of Bitcoin, is still up and running after launching in April 2011. Like Handshake, Namecoin lets people buy their own domain names and record them on a blockchain. But it hasn’t caught on, at least outside a small number of enthusiasts. In 2015, Bonneau and several colleagues took a close look at Namecoin and found “a system in disrepair.” Of 120,000 registered names, only 28 actually seemed to be in use.
Handshake takes advantage of a number of tools and technologies that were unavailable or impractical for Namecoin, says McKie. For example, Namecoin allocates names on a first come, first served basis. This has encouraged “name squatting”—people can register any name they can think of, regardless of whether they intend to build a website with it, hoping to cash in later life someone wants to use it for real. Handshake, by contrast, uses what’s called a Vickrey auction, a sealed bidding process in which the highest bidder wins but pays the price of the second-highest bid. This, at least in theory, gives bidders an incentive to bid what a name is actually worth to them.
Handshake’s software will also be more efficient at storing name data, and easier to use than Namecoin’s, McKie says. Instead of requiring each user to run what’s called a “full node,” which entails downloading a copy of the entire Handshake blockchain with all the domain names stored on it (and requires a certain technical proficiency), Handshake also has a “light client” that can retrieve addresses from the network as needed and can be bundled in an easy-to-use browser extension, he says.
Perhaps most important, Handshake, unlike Namecoin, doesn’t compete with the traditional DNS but is compatible with it. The top 100,000 most popular domains are already in its chain. If you enter one of those names, and if the owner hasn’t yet registered with Handshake, the software will simply redirect your request to regular DNS servers, says McKie: “If it doesn’t exist on Handshake, it’s just going to fall back, redundantly, to the normal web.”
If you build it, will they come?
Why would anyone actually use Handshake, though?
Some people might like the fact that names on Handshake won’t have to follow established conventions. I can’t register http://mike.orcutton traditional DNS, for example—ICANN won’t create a top-level domain called .orcutt for me—but I could on Handshake.
The advantages might be more obvious in nations with heavy censorship and surveillance, says Tieshun Roquerre, CEO of Namebase, a company that will help users easily buy and register names on Handshake. For instance, website owners in China must register with their real names. Since the government controls the internet service providers, it can easily use the DNS to shut down websites it doesn’t like. “With Handshake, you can register these names anonymously and it’s unstoppable,” says Roquerre. Even if the government found the web server somehow, the owner could switch to another one, maybe located in a different country, and update the name records.
Another reason to prefer a decentralized naming system is that DNS can be hacked. In 2016, a large-scale denial of service attack aimed at a prominent DNS server host took out large swaths of the internet in the US for several hours. In theory, Handshake could serve as an emergency backup in certain cases. More recently, security researchers at Cisco reported that DNS hackers sponsored by an unnamed government directed people to fake websites so they could be spied on. The sites spoofed were mainly those of government agencies and energy firms in the Middle East and North Africa.
Still, getting Handshake to take off won’t be easy. Blockchain networks have one big disadvantage compared with a centralized body like ICANN: they can’t offer all the benefits of the technology unless they’ve achieved a certain size.
Bitcoin is widely considered to be the most tamper-resistant blockchain network in large part because it has a large network of miners—the people who maintain copies of the Bitcoin ledger on their computers and run the computations that record transactions on it. Handshake will use the same general process as Bitcoin, called proof of work, and just like Bitcoin miners, Handshake miners will be rewarded with newly minted coins, in this case called HNS. But as a smaller network it’s more vulnerable to attacks aimed at manipulating the information in the database.
Handshake also needs developers to build easy-to-use services and applications that can help users take advantage of the network, just as developers make your smartphone worth having by building apps for it. To solve this problem, a stash of “premined” coins will be handed out to open-source developers. These will have no strings attached; the idea is that if coin holders make the network better and more people use it, their coins will become more valuable. That too, though, is a gamble.
The right to go by a name
Handshake will have other hurdles to overcome. One is the risk that name squatters will figure out how to game even the sophisticated Vickrey auction system. Another, which will face all blockchain-based naming systems, is the question of how to resolve disputes, says NYU’s Bonneau.
“The core question in all of these systems is ‘Who has the right to go by which name?’” he says. In the traditional DNS world, if you think someone is squatting in bad faith on a domain to which you have a more legitimate claim, you can file a complaint with ICANN. Those disputes can become “inherently political,” Bonneau says. For instance, who should get the name “Jaguar”? Is it Jaguar the car maker, Jaguar the Apple operating system, the NFL football team called the Jaguars, or a foundation devoted to conserving jaguars? That a blockchain system could be used to handle these kinds of disputes without the involvement of a human authority seems “pretty unlikely,” Bonneau says.
So perhaps internet naming will always depend on some centralized decision-making. Even if that’s true, though, it doesn’t mean blockchain-based naming systems like Handshake won’t add something, says Bonneau. Assuming a network can attract a critical mass of participants to keep it running and secure, it doesn’t necessarily have to become the status quo to make a difference.
There is arguably already a model for this: Bitcoin. Very few people use it compared with the traditional banking system, but it has nonetheless shown it can be an alternative to government-controlled currency as a store of value. Some people are even using it this way, particularly in nations with wildly unstable currencies.
If Handshake can achieve something like that, but for internet name records instead of monetary value, perhaps the internet will be little more free. That may take a while, though; Bitcoin has been building its network for a decade. Until then, you’ll just have to keep trusting the regular DNS.