The technical solutions developed by NEXTLEAP will be rooted in both philosophy and real-world usage of the Internet. In this aspect the project partners will strive to answer the following questions:
While it appears users are often unhappy with losing control of their data to companies that own centralised platforms, very few users do move to alternatives and what precisely the social success or failure of a system is unclear.
It is claimed that values around collective intelligence, open innovation, privacy, and decentralisation are built into Internet protocols, but the precise philosophical grounding of these principles – and any new kinds of “internet rights” they entail - is often vague.
It is answers to these questions that are crucial for building succcessful protocols and systems that are adopted by citizens. The NEXTLEAP protocol will verify that the designed protocols have the properties required to guarantee the rights and needs elicited from the answers to the above questions.
While intuitively many people claim that decentralisation helps privacy, de-anonymisation and surveillance can sometimes be easier on naively decentralised networks. It requires careful design and consideration of security properties to leverage decentralized designs.
Decentralisation typically has impact on the performance of the system with respect to centralised solution. Necessary security properties need to be proven in many protocols, and then also hold as part of a larger heterogeneous system.
These aspects are hard to understand by users and developers. The modular components and automated analysis developed in NEXTLEAP will help building secure and privacy-preserving Internet services.
An address-book (“friends”, social graph, contacts, etc.) is the fundamental building block for any messaging protocol. Such an addressbook can be based on a sharable identifier ranging from [email protected] to a hash of a public key (as used in Bitcoin). Currently, identities and their addressbooks that contain information such as public key material typically are centralised and, if decentralised, not accessed in a privacy-preserving manner. Can we achieve a breakthrough to allow users to keep track of their contacts without losing their rights or becoming part of a centralised silo?
How can a person send secure messages to others, regardless of what system they are using? These messages need to be end-to-end encrypted, resistant to ‘metadata’ analysis, and may have a number of properties such as forward secrecy and future secrecy. While currently a number of secure next generation protocols exist such as Signal’s Axolotl are emerging, existing secure messaging systems are incompatible and so lead to silos between systems such as CryptoCat, Signal, and Telegram. Existing interoperable protocols like SMTP (e-mail) are by default non-encrypted and leak metadata. Can we unify a protocol that starts with e-mail and goes all the way to secure messaging?
Lastly, much of the drive towards centralisation in Internet-based systems is also driven by practical needs to harness the collective ‘wisdom of the crowds’, improve their system, and to ‘know your user.’ However, even those that run the system are typically not interested in the personal data of individual users, but only in answering questions about groups. Can we create privacy-preserving analytics that can harness the power of machine-learning for good while respecting the rights of their users?