NEXTLEAP pursues three main objectives

  1. The creation of a fundamental rights-preserving socio-technical science of decentralised internet architecture.
  2. A fundamental re-thinking of the ethical and philosophical foundations of the Internet.
  3. The modular specification of decentralised protocols implemented as open-source software modules for
    1. Privacy-preserving contact lists and presence services supporting federated identity
    2. Secure messaging services that hide metadata (e.g., who, when, how often, etc.)
    3. Privacy-preserving analytics collection and computation.

The technical solutions developed by NEXTLEAP will be rooted in both philosophy and real-world usage of the Internet. In this aspect the project partners will strive to answer the following questions:

What motivations and values can be used to predict successful adoption of decentralised systems by communities of users?

While it appears users are often unhappy with losing control of their data to companies that own centralised platforms, very few users do move to alternatives and what precisely the social success or failure of a system is unclear.

Is there a decentralised philosophy at the core of the Internet that makes sense of the success of existing protocols?

It is claimed that values around collective intelligence, open innovation, privacy, and decentralisation are built into Internet protocols, but the precise philosophical grounding of these principles – and any new kinds of “internet rights” they entail - is often vague.

It is answers to these questions that are crucial for building succcessful protocols and systems that are adopted by citizens. The NEXTLEAP protocol will verify that the designed protocols have the properties required to guarantee the rights and needs elicited from the answers to the above questions.

NEXTLEAP's main technical questions.

Can decentralisation help privacy and anonymity?

While intuitively many people claim that decentralisation helps privacy, de-anonymisation and surveillance can sometimes be easier on naively decentralised networks. It requires careful design and consideration of security properties to leverage decentralized designs.

How can we build scalable, high-performing, and secure decentralised architectures based on verified protocols?

Decentralisation typically has impact on the performance of the system with respect to centralised solution. Necessary security properties need to be proven in many protocols, and then also hold as part of a larger heterogeneous system.

These aspects are hard to understand by users and developers. The modular components and automated analysis developed in NEXTLEAP will help building secure and privacy-preserving Internet services.

NEXTLEAP's three technical responses.

Private address books.

An address-book (“friends”, social graph, contacts, etc.) is the fundamental building block for any messaging protocol. Such an addressbook can be based on a sharable identifier ranging from [email protected] to a hash of a public key (as used in Bitcoin). Currently, identities and their addressbooks that contain information such as public key material typically are centralised and, if decentralised, not accessed in a privacy-preserving manner. Can we achieve a breakthrough to allow users to keep track of their contacts without losing their rights or becoming part of a centralised silo?

Secure messaging.

How can a person send secure messages to others, regardless of what system they are using? These messages need to be end-to-end encrypted, resistant to ‘metadata’ analysis, and may have a number of properties such as forward secrecy and future secrecy. While currently a number of secure next generation protocols exist such as Signal’s Axolotl are emerging, existing secure messaging systems are incompatible and so lead to silos between systems such as CryptoCat, Signal, and Telegram. Existing interoperable protocols like SMTP (e-mail) are by default non-encrypted and leak metadata. Can we unify a protocol that starts with e-mail and goes all the way to secure messaging?

A more decentralized Internet.

Lastly, much of the drive towards centralisation in Internet-based systems is also driven by practical needs to harness the collective ‘wisdom of the crowds’, improve their system, and to ‘know your user.’ However, even those that run the system are typically not interested in the personal data of individual users, but only in answering questions about groups. Can we create privacy-preserving analytics that can harness the power of machine-learning for good while respecting the rights of their users?