Rationale

What is Dandelion?

Dandelion is a ground-up re-thinking of the last 3 decades of the Internet. In short, I believe that the World Wide Web is flawed because it led to the premature discarding of an older Internet technology, UUCP. In the days before DNS, UUCP was the technology used to implement e-mail. UUCP was also the basis for the first online social media network, Usenet.

At a conceptual level, Dandelion is what you'd get if you made a smoothie using the manually-curated mesh network of UUCP, the privacy of Signal or TOR, and the decentralized on-demand sharing of data of BitTorrent. It is intended to be fully usable in situations with limited or spotty Internet connectivity, making it a “delay-tolerant network”.

Dandelion is not a replacement for the World Wide Web, at least not in any direct sense. It is meant to provide an alternative platform for services that would otherwise pick HTTP out of habit, even when the inherent centralization of HTTP is wildly inappropriate. Once Dandelion exists, I plan to build a fully decentralized social network on top of it, one that respects that one person can belong to multiple communities, and that those communities may or may not overlap in membership and interests.

Why “Dandelion”?

Dandelions are fast-spreading, hard to kill, and hated by people who cultivate conformity and monoculture as a show of power. And yet, while they are non-native in much of the world and sometimes invasive, they're not particularly bad neighbors to most plant life. In fact, their deep taproots help to bring nutrients closer to the surface where neighboring shallow-rooted plants can get to them, and they are often among the “secondary succession” pioneer organisms that start the reclamation of land after human abuse.

Is Dandelion ready for use?

Not even close! I'm still designing the underlying protocol. Here are some of the goals and considerations:

  • The Dandelion reference implementation will be multi-platform, supporting Windows, macOS, Linux, Android, and other popular operating systems. Some platforms may only have incremental support for a subset of features — I am fully aware that this is a project that will take person-decades of work, but I hope to get around to them all eventually! — and it will probably never be available for iOS due to Apple's App Store policies.
  • The Dandelion reference implementation will be released under an ethical source license.
  • The primary means of communication in Dandelion is encrypted UDP, using a wire encryption format very much inspired by the Wireguard VPN protocol. Like Tailscale, a Wireguard-based commercial service for private VPNs, Dandelion will use UDP NAT busting so that computers will be able to talk directly to each other without sending their communication through a central server, even if both computers are firewalled from the Internet on separate networks.
  • Other means of communication will also be explicitly supported, including Wormhole-like central proxy servers, airgaps bridged with USB flash drives, and probably others.
  • Computers running the Dandelion software, called “nodes”, talk to other nodes via one or more communication channels, called “links”. Each link must be approved by the owners of both nodes, although the decision-making for such approvals may be partially or fully automated by the node owners, especially if a link between them already exists via another medium.
  • Two or more nodes that are already mutually linked together can choose to form a “zone”. A node can be in any number of zones. All nodes in a zone know of each other's existence, and can talk to each other “directly” via at least one link (which need not be reliable). Zones can be manually created, or they can be autodiscovered using UDP multicast on local networks. Autodiscovery will always be OFF by default.
  • Communication between zones uses zone-to-zone onion routing. Nodes in one zone do not know which nodes are members of another zone, but they gossip about which nodes in their own zone know how to talk to external zones. Some of those nodes may even be members of both zones, but only the nodes that overlap both zones know for sure.
  • All traffic is cryptographically signed using NaCl, the closest thing the world has to a de-facto modern cryptography standard that isn't wedded to interactive, real-time streaming connections. Traffic between zones is encrypted as well, also using NaCl. The links themselves use symmetric ciphers to protect their privacy, in addition to the signing and encryption of the messages traveling over those links.
  • Beyond nodes, links, and zones, there are “entities” and “bundles”. Other resource types can be defined on top of entities and bundles. For example, a “user” entity can have a a “profile” bundle that contains a social media profile, complete with profile image.
  • (Nodes and zones are actually two specific entity types pre-defined by the protocol, but they are pre-defined because they are treated somewhat specially for mesh routing purposes. Links are not entities in their own right.)
  • An entity is something that can sign messages, send encrypted messages to other entities, and receive encrypted messages from other entities. Each entity has a cryptographic identity that no one else can fake.
  • A bundle is conceptually similar to a .zip file or other archive format, but the data bytes and the metadata are transmitted separately. The bundle's data bytes are divided into evenly-sized blocks (BitTorrent style), encrypted, made partially redundant using Reed-Solomon encoding, and then hashed. The bundle's metadata has an owner, a name, a type that identifies the format of the files inside the bundle, a revision number, the symmetric crypto key for decrypting the data bytes, and the list of block hashes. It may also contain some additional metadata that depends on the bundle type.
  • Each bundle is uniquely identified by its owner, type, and name. The revision number goes up by one each time a newer version of the bundle is created, but the symmetric key is reused, and the metadata will probably offer some sort of delta encoding so that newer revisions can re-use data blocks from older revisions. Other entities can ask the bundle owner to let them know when a bundle is updated, which the owner need not honor.
  • One entity can find out about another entity only if the other entity permits it. Likewise for finding out about the bundles owned by that entity.
  • More than one node can host an entity and its bundles. Nodes that share ownership of an entity must be in a zone together, so that they can stay in sync. For example, I might create a zone that contains my home PC, my laptop, and my phone, and my user profile might be co-owned by all three nodes in that zone.
  • The collection of private keys that you have access to is your “keyring”, which is the actual thing that has to be shared between all of your devices. The keyring gives access to all the entities you own, including your “user” entities. It'll probably be encrypted at rest using a password + KDF, a YubiKey, a TPM, or some other such secure storage.
  • Long term, actual applications that run on Dandelion will be published as bundles that contain executables in WebAssembly WASI format, or perhaps in some other virtual machine format that also uses a “permit nothing by default” sandbox. This may include command line applications, native GUI applications (with WebGPU support), or web applications that run on localhost. Such applications, when permitted by the owner of the node, will be able to declare new entity and bundle types, to create new entities and bundles, and to download bundles from other entities, with the Dandelion node software doing the heavy lifting for actually talking to the rest of the network.
  • The Dandelion platform is meant to be extensible, via WASM or via a local plugin protocol using AF_UNIX sockets, to the degree that there will never be a strong need for alternative implementations or major feature development once the reference implementation is complete. You can do what you want, of course, subject to copyright law. But in the long term, most of the actual useful features will be distributed as WASM-containing bundles on the network itself, in much the same way that you don't need to patch Chromium when you're creating a website that uses JavaScript.

What are the founding principles of Dandelion?

Dandelion was spurred by anarchist ideology.

Like socialism and communism — it has deep ties to both — anarchism got a bad name in the 19th and 20th centuries due to the backlash against leftism and worker rights. The image of the “bomb-throwing anarchist” captured the popular imagination in the aftermath of the Haymarket Affair of 1886, even though all of the protestors but one were peaceful, and even though they were factory workers simply asking for an eight hour workday. The police couldn't find the person who made or threw the bomb, so eight innocent people were arrested as scapegoats, and four of them were put to death and a fifth died in prison. The remaining three were eventually pardoned seven years later.

Anarchism is not the absence of rules or laws. The Greek roots of the word literally mean “without a king”, so anarchy is the absence of central authority. Anarchism demands that each person have the choice of deciding what to do with their life's work. Having that choice taken away, so that you are forced to spend your life doing what other people tell you to do, is what Karl Marx called “alienation of labor”. Anarchism is skeptical of all hierarchies, but is outright contemptuous of hierarchies of leadership and control. As was common in most of human history, anarchists generally prefer the shunning and exile of community members who break the agreed-upon rules, rather than imprisonment or other direct punishment.

Anarchism is easily confused with libertarianism, because libertarianism shares many of the same influences in terms of European philosophy. However, when the libertarian says that everything should be permissible except force, the anarchist points out that libertarianism whole-heartedly endorses imbalances of power, and that such imbalances are never fair because the threat of force hangs over every decision made. Even if the person with more power in a situation never intentionally threatens the person with less power, the person with less power will still be intimidated by that power, and will be biased to make decisions that appease the more-powerful person.

Power is the ability to make something happen. You can have power over another person by being physically stronger than them, or by having a weapon that they don't have, or by knowing things that they do not, or by having resources that they do not, or by being able to call in favors from bystanders that would not do the same for them. Power imbalances will always exist: we are all born helpless as children, which means we are each born into a situation in which everyone around us has power over us. However, the situation is not hopeless: we can reduce the imbalance in many cases by organizing the community to minimize situations in which decisions by the more powerful will affect those less powerful than them. And when such imbalances are unavoidable, those with power over another can go out of their way to be honest about the fact that the imbalance exists and to defer as much of their decision-making as possible to the community, especially to those community members who would similarly lack power if they were in the situation.

Power is also complex. It is multidimensional. Strength cannot substitute for knowledge, and knowledge cannot substitute for social capital. Power cannot be distilled down to a single number that fits all situations. One person might be more powerful than another in some situations, but less powerful in others. It is nearly true that everyone will have power over another person at some point in their lives. Each and every person in the community needs to learn how to manage their power in ways that are fair to others, and to demand that others do the same for them.

What is Dandelion's position on cryptocurrency and NFTs?

Decentralized currencies are inherently unethical. The Dandelion protocol itself will never take any action for the sake of supporting them, and may even take actions to prevent their spread if such action is deemed necessary by the broader Dandelion user community, once it exists.

Money represents an IOU from a community to yourself, which you can give to another community member so that the favor owed now goes to them instead of to you. The fact that you are giving the IOU to another person must be known to the community: the community must know which action of yours generated the IOU, and therefore that the favor it represents is worth repaying to the person you gave the IOU to. The money isn't the value being passed on; the community goodwill is the value, and the money is a token to remind you of it.

For small communities, it is standard for everyone to know everyone's business, so everyone should know about each and every transfer of an IOU. For large communities, trust is traditionally delegated to a central agent (such as a government) who is responsible for verifying that the IOU came from legitimate activity, and not from actions that impacted any third member of the community in ways they didn't agree to.

Advocates of decentralized currency, and cryptography in general, are often obsessed with ”privacy”. But the desire for privacy is a reaction to a lack of trust. Communities are built on trust, and so privacy will erode and destroy community if it is deployed in ways that encourage the undermining of trust.

Privacy from everyone is neither possible nor desirable. When people call for increased privacy, what they actually need is the power to freely associate: to find and choose their own communities, and to choose which spheres of their lives can be entrusted to each such community. “Privacy”, then, is the ability to ignore and be ignored by communities that you are not a part of and do not trust.

To be crystal clear: you-having-privacy is a restriction on people-who-are-not-you, so that they are not permitted to have the power to know what you are doing. Such a restriction is only fair to them if your actions cannot harm them, just as it would not be fair to you if other people were allowed to conspire in ways that would harm you. If one person can harm another, then by definition of what I mean by the word “community”, you are both part of the same community, whether you want to be or not.

And your mutual activities in a community cannot, must not, be private if you expect other community members to honor your accrued social captial (IOUs, “money”) in that community. The existence of some form of “money” that every person in the world accepts as valuable implies the existence of a community that every person in the world is a member of, a “global community” you might call it, and so long as that global community exists and you are a part of it, everyone in the world is entitled to know whether or not you are behaving in a manner that they should feel safe trusting.

The goal of Dandelion, and the anarchist project in general, is to reduce the scope of community by promoting increased freedom of association, so that we can achieve a world where trust is possible because everyone in a community knows each other and is there by choice. If money represents social capital in a specific community, then some currency honored in one community cannot be replaced by currency from just any other arbitrary community. Different communities place different values on different favors! And so the idea of a “universal”, “fungible” currency is dangerously misguided, even if done in a centralized manner but especially if done in a decentralized, trustless manner.

What is Dandelion's position on blockchain technology?

Blockchains are mostly useless.

Merkle trees have some very specific applications where they shine: the TLS Certificate Transparency system is one of the few real-world examples. The Git version control system also uses them… although (unpopular opinion) I consider that a mistake.

But moving on from Merkle trees in general…

“Blockchains”, i.e. append-only public ledgers that use Merkle trees as Merkle linked lists to store records of ownership, are inherently contradictory: they are advocated by people who yell for privacy over trust, but they make everyone's transactions visible to the entire world, not limited to any one community, so that people you explicitly do not trust know about all of your financial transactions.

Don't get me started on consensus algorithms. I truly do not understand why someone would think that letting untrusted strangers vote on whether or not your financial transaction is legitimate would be a good thing in anyone's mind. Majority rule is still a centralized authority, in the sense that public whim is your ruling body, and not some community you chose of your own free will because of your mutual trust with fellow members.