Exploring the P2P world with WebRTC & JavaScript

0 0

[Applause] thank you very much I'm very glad to be here and first let me introduce myself briefly my name is Nikita and I work at made safe but it's a company that develops very barren Network and so my day job is kind of related to the topic of my today's talk and today I want to talk to you about WebRTC and for those who don't know it's an html5 technology that's commonly used to transfer video and voice data Google Hangouts uses it as well as many other tools that you might have used to talk to other people directly in your browser it's been available in most of the major browsers for a while since at least year to 2012 I guess on both desktop and mobile platforms but actually web RTC is capable of much more than simply transferring media and in fact in my opinion WebRTC is able to spark a new decentralisation revolution and help in building a new internet so my goal today is not a teacher about all the intricate details of this technology but to inspire you to take to take you to take action and help to bring that revolution closer but there is a reasonable question that you might have why do we need that revolution at all do we need a new web like the current one works quite perfectly now right well in my opinion it does but at the same time the web and the internet were created a long long time ago and on the fundamental level they're a little bit flawed because the internet was originally conceived and created as a completely decentralized network that no single authority can control and the web as well was thought of as kind of a cyberspace where every human being is not in control of any government or any corporation and that they have complete freedom to say what they think and what they want and the web was a place without any censorship however lately this situation has changed drastically nowadays the web is largely dependent on big corporations that run our infrastructure like giant data centers and they provide many useful services like email for example it wasn't always like that though at first people set up and run their own email servers and control their own communications this approach was not scalable so so natural consequence was that a lot of small commercial email email providers sprang up at first they were small and if he was there at the early days of the web you might remember that it was a great feeling to just create your accounts and get access to whole 10 to 15 megabytes of your own inbox space but then something has changed the more people started to use the internet the more our services are consolidated around just a few of big providers and the result of that is that now our email usage is confined just a few giant services and almost no one runs their own servers and that's pretty understandable because it's just too inconvenient and not even strictly required to deal with all that spam all by yourself and handle all those daunting administration tasks and actually what happened to email is not unique we have seen the same process follow it for almost anything we use and see on the web and despite the email protocol itself being decentralized as many of other original internet protocols like a before instance or FTP we don't have centralized authorities that we depend upon and previously we had a concept of home pages we could which you could serve from your own home computer and put there anything you would like now you can kind of still do that but far more people just create their Facebook or Twitter profiles and now that what they can write and their profiles are determined not by people themselves by but by the policies of these websites it's like that so we have exchange tile control and our privacy for convenience and now the large corporations can tell us what we can say on the internet now it depends on those centralized services to do many things to share files through Dropbox we share messages through servers that we can control we pay with PayPal you might ask why is it bad though isn't that protocol to bring millions and now even a billion of users to the Internet well of course these services are very nice and there is nothing wrong with them as such but it's not only about the freedom of speech it's also about the fact that government started to snoop into our private data and communications in the name of good things like predicting children or protecting the world from terrorism and while these intentions are good the consequences of allowing other people to read your private data are not the more power the governments have the more likely it is that they will use this power in the wrong way and this is uh not some kind of theoretical or imaginable problem because this is our reality already in countries like turkey Russia and China where they block hundreds and thousands websites that they deem inappropriate or bad but actually what website you can name is bad different cultures have different concepts and understanding of of that and inappropriate but it's just you easy to use this excuse of a bad website to introduce censorship and silence the political opposition and we have seen that here already even in European countries like when Spain blocked websites and censored information that was related to their friend in Catalunya and of course we all know about the case of NSA the American spatial agency that collected private data of people from all around the world so with the power of social networks which are very large part of our lives now the governments and corporations can have another present its control over their lives or something like that can we change these beliefs current state over that I believe that began we just need to rethink the web from scratch and that might sound impossible to you at first but we can create the centralized networks and the centralized web apps that are just as easy to use as any other modern-day web application and I personally believe that the user experience is even more important than privacy or anything else because why would you use an app that frustrates your you don't understand how to use properly that's one of the reasons why so many privacy's Android applications failed in the past like take for example PGP and mio encryption which are bulletproof but at the same time they're also just inconvenient for everyday use and almost no one increases their immune email messages nowadays so that's also the reason why so many the surprise Network failed as well and that's why we need to incentivize users to is applications that are aware of these privacy concerns and I believe that diversity can be the answer now it's already available in most browsers and you don't need to install any software or a browser plug-ins for it to work you just open a web page and it connects directly to same users as you without passing data through any intermediary servers and a lot of people use forever to see now to transfer media but not a lot of people know that it can also be used to transfer any arbitrary text or binary data in an addition to that despite having weapon its name it's not confined to the web only and the protocol itself is open and you can use it from anywhere not only from a browser and that's a very powerful idea because you can create a beber this application that reberty's applications that work on desktop or Internet of Things devices all these devices will be compatible with web browsers and you can communicate with them directly skipping any third parties that together and analyze your private data Roberta C can also be used to create general-purpose and large-scale peer-to-peer networks which do not depend on centralized servers or any authorities it can also play a significant role in the recent trend of raid centralization or bringing back the Internet to its origins there are already exist a lot of decentralized applications that we use every day it all started with BitTorrent and Bitcoin which showed that global scalable peer-to-peer networks are possible and today not a small part of the world's Internet traffic consists of Bitcoin Bitcoin usage and this is where important fact that shows that decentralized apps are not purely like abstract or theoretical and that they are needed by the people so reberty see can serve as a kind of a bridge to existing peer-to-peer networks and with its help that can create a lot of new networks as well on the practical side the vibrating capi is simple it's a bit hard when it gets to establishing gas connection as we will see but for the message passing it's really similar to the websocket api just to initialize a data channel which is a data stream between two peers you set a callback function that will be called each time you get a new message and then you can send a message to itself the other side will get it and the own message callback will be triggered and that's almost all you need to know about exchanging messages in the RTC and behind the scenes the protocol guarantees that your messages will be encrypted the encryption thief is defined in the standard and it is mandatory you don't need to do anything to set it up the session encryption keys will be automatically created during the connection and tells a ssin step so our communications are secure and they can be tapped by anyone but most importantly you have to set up the connection properly first and you do that eventually you need to understand the concept of signalling which is quite complex topic by itself but to put it simply it's a connection stage when peers share their IP addresses and encryption keys with each other and they do that through some point of exchange that they have a great opponent advance that point of exchange can be practically anything and WebSocket server and mail exchange for some secure chat it doesn't matter some people might consider it this point of exchange as a kind of a centralization or a single point of failure though and in some sense it is but it's not really centralized because the way you do signalling is not defined in the WebRTC standards itself and it gives you a big extent of freedom in choosing the most efficient way that suits your application best so it can be compared to DNS if your Gena's server doesn't respond to your request you can always still get to the server if you know it's a be address right so have that information can bypass some of the centralized parts of the internet architecture infrastructure and the same thing basically applies to ever to see if you know IP addresses of your peers they can exchange the session information with them directly and when they get that information you won't need to deal with any kind of centralized servers anymore and now that we have learned the basic concepts we can try to establish our vertice connection which is a bit more complicated than the data channels API but when you learn it it becomes for other intuitive so what we need to know about it is that there are two sides of the handshake process and the connection the initiator and the recipient the initiator creates an offer which contains the session encryption key and in case if you want to stream media it will also contain the information about media encoding available codecs and so on so when an initiator has created an offer they need to sell it as a local description of the connection which will tell the browser how it should decode the incoming messages as a final step you need to send your offer to the recipient through the signaling channel which again can be a web secure connection or whatever you choose it to be and on the other end the party that you want to connect you the recipient receives an offer through the signaling channel and then they follow almost the same exact steps only at this time they will need to set your offer as a remote description instead which which will tell the browser how it should encode the outgoing messages then the other end should create an answer which in turn will contain their encryption keys and the session information they set it as their local description and then send it through the same signaling channel to the initiator party finally when the initiator gets the answer they just set it as their remote description and now both parties should have the full information to exchange messages both should know it there's encryption keys and now we can forget about the signaling server for now but not really because you also have to care about exchanging not only the encryption keys between the two parties but also and most importantly and most crucially their connection information that is you need to know an IP address of the other side to connect to them directly and there is a key that for the direct connections because in the real world most likely you will have to deal with Nats or network address translators most people deal with Nats in the form of rooters switch translate addresses from your local network to their real internet IP addresses and in fact it's not unusual to see case when behind a single global IP address there are several hundreds devices in the local network area and we need Nats because the IP version 4 address space is limited with 4 billion addresses and we have a lot more devices in the both now and because of Nats direct connections to peers in peer-to-peer networks become complicated you have to bypass this mess with one of the natural result techniques and this task is a bit complicated because because of the fact that there is no single standard way for Nats there's no single standard way to structure Nats but there aren't many of them kocoum port restricted symmetric Nats and even more non-conventional configurations and each type requires its own approach to bypass it but the good thing is these techniques are well known and in the simplest case it works in a pretty straightforward way you just send a request to some external address and that opens a port so that the external party could send you a response now if you know that port number you can just reuse it and send it back to your peer along with your public IP address and now that that knows that any data that gets to the sport should be forwarded to you you can communicate with your peers directly and WebRTC takes care about all of that for us so we don't need to be involved in that at all all their support from us is to collect our public IP address and afford and transfer them to our peer through the signaling channel but you have to discover your own IP addresses and port in the first place like most often you would do that through stun stun is a basic protocol that allows you to get your own IP address by sending a request to a stun server which basically acts as a kind of a mirror a sentry request from your local network and the stun server sees your translated address and the port and send them back to you and then you just need to broadcast them through the signaling channel it is a simplest case through because sometimes for various reasons your peers can't connect you directly like in the case when you're behind the symmetric net which will have a random port numbers assigned for each connections and but this problem can be solved as well with the other teams to bypass Nets it is called turn but turn is a kind of last resort because it basically works as a proxy server relay in traffic between peers obviously turn is a costly solution and you can't find a turn server in the wild as opposed to stun which is commonly provided by many servers there is a Google stun server so you can find a lot of them but luckily you won't need to resort to turn in many cases because symmetric Nats are not that common so to exchange the connection information there exists another special protocol that WebRTC uses which is called ice ice helps to discover all candidates or IP addresses and port payers by combining marie's in the traversal techniques it also collects your local IP addresses so your peers are on the local network you won't even need to go through the internet to connect to them so with ice we gather all candidates that we can find and send them to the other party which tries to use them all at once as synchronously meaning they will try to connect to us through all available means and finally hopefully resulting in a successful connection and the WebRTC implementation of this protocol allows us to concentrate on the application side because all that it requires from us is that team to provide that we need to provide the stun and turn server addresses then we set a callback function and sandwich collected candidate through the signaling channel in all the other end our peer listens on the signaling channel for incoming ice candidates and tries to use them as soon as they come in the real world however it's a bit much a bit more nuanced but basically that's all we need to know about setting up basic emergency connection however what we have seen so far was just the most simple possible topology what set up a connection between just two peers which can be useful of course but usually you imagine peer to peer networks is having more actors like if you have just two peers in your network you can just have a chat or exchange files with other person but it's not that useful and if they want to connect more peers to your network that's where it starts to get more complicated with multiple peers there are many ways to structure the p2p network you can just connect all peers to each other but it won't be the most efficient way to do that because if you transfer large files or voice or video data it will have to duplicate this traffic traffic for each connection and it might work for small connection with four or five peers but at one scale to hundreds and even tens of years it will just require no too much bandwidth and processing power there's an answer to that problem too you can choose one or more peers that have the most processing power and make them serve all other peers relating to traffic and multiplexing requests this is called star topology and it is pretty efficient it is also secure because the serving peers still won't have access to the session encryption keys but at the same time your network will start to rely on a single point of failure and it will depend on a good behavior of just a couple of notes so it will be kind of centralized again it is efficient for transferring a video and voice data though and many such applications use it like Google Hangouts for instance but there are also many more alternative ways of structuring p2p networks this topic is a bits out of scope of this talk unfortunately because it's it will be easy to spend at least 30 minutes more to talk just about one of the algorithms so we can just mention that one of the prominent ones is the distributed hash table which has many different implementations it is also used by the BitTorrent Network for example and many of us have used be turned at least once and this protocol also has an interesting history because at first it dependent on centralized trackers to find the connection info and IP addresses of peers that serve files that you are searching for and this has an obvious disadvantage of trackers being that authorities are able to log the trackers and then you can can't find their current connection information and then you can download the file so now in BitTorrent and supports the distributed hash table algorithm so all you need to do is just find a single pair to bootstrap from because requests for files can be propagated throughout the network with several hops instead of relying on a single failure and the process of the initial connection to the network is now usually done by just by contacting a well-known node and then it can continue to work in a decentralized way because each node knows about its neighbours or theirs knows who contacted them so if you know at least a single IP address of a patrolling node you can join the full network and now an interesting question what will happen if we can bind the big current with WebRTC we get web torrent which has a bitter end protocol implementation for JavaScript which can work in browsers as well as on the server side and also it can communicate with BitTorrent peers directly from a browser because of incompatible Network protocols it still allows us to do a lot of interesting things and it simplifies the interaction with the verticity recall a lot we don't need to care about signaling and all that stuff all we have to do is to serve a file to the network and this file will be automatically converted into the torrent and announced on the tracker behind the schemes and that point has a pretty straightforward API you can serve basically anything as a file can be a blob a JSON object or even a JavaScript stream other peers knowing that torrent hash can download this file and set it further in files are generally not limited to a Linux distribution archives or whatever you usually download from torrents any information can be represented as an abstract file so web turn can be used for much more than just file sharing for instance we can build a distributed github quite easily because git extensively uses and relies in hashes for its internal implementation and so it will be a very straightforward to serve the get packed objects through torrents there is an proof-of-concept project called get torrent that already does just that and we can reuse the same protocol to serve web pages or static content and make a kind of distributed content delivery network so that each visitor of your website will serve the website's content to each other visitor and you didn't find many more applications of the BitTorrent protocol but still despite of being very promising whatever he sees in mature technology it still needs to come a long way to support large-scale networks that can transform the current centralized state of the web it's not perfect and has many limitations the browser support is not perfect for instance and current modern web browser such as Chrome or Firefox stolen at a number of connections that you can establish and because of this limitation and because of the handshake overhead it's practically impossible to build DHT networks which made the web for implementation dependent on the centralized trackers for now in addition to that Weber GC doesn't allow to allow us to use raw sockets so you can't connect to the existing networks directly they'll have to go through the proxies and another important issue is that browser sessions are usually short-lived when you close your tab you know lows you will lose all connections and the next time you will have to go through the costly signaling and the connection initiation process again this problem can be theoretically alleviated by allowing to run WebRTC sessions in service workers so that even if you close a tab with a very juicy connection you will still maintain your connection to the network of peers but it's kind of not possible for now and it's currently being developed another possible solution to the problem of short-lived sessions is hybrid servers because as I said earlier the Beverley's implementation is not limited to browsers so we can integrate the WebRTC protocol support into the existing peer-to-peer networks and they can act as kind of intermediary servers still well there is a there is a lot of problems to overcome WebRTC is very useful today and I'm hoping to see many new projects that used this particle but between networks in general have their own set of problems to solve because these networks are trustless it's hard to solve the problem of malicious peers for instance which can span your network work misbehave in order to gain some advantages in a fist or contained and multiple nodes but step under the territory of distributed systems which are very complex because we'll have to deal with data consistency in churn because imagine that all knows that store some file on the network leave all at once effectively this file will be lost and it's completely fine if that file has no value to you like if it's on another of Justin Bieber songs or whatever but imagine if that file was your Bitcoin wallet you certainly wouldn't want to lose it that's why for redundancy we have to make sure to have enough copies of the same file distributed over mail well over many nodes and it is not definitely not an easy task to coordinate nodes which don't trust each other so if we are talking about a long lasting global scale network we need to make sure that Pearson these networks are incentivized to stay and in my opinion the economy of p2p networks is even more important than their algorithms because not a lot of people would want to share their resources if there is no reward for them but can kind of solve this problem by giving some coins to mining nodes but it's tricky because some strategies can lead to centralization all over again we have seen that on the same example of Bitcoin where mining is now largely consolidated around just a few large pools and remember that the Internet itself originally was started as a distributed network - but the question of who provides the resources and who serves the webpages leads us to use in modern days of giant centralized data centers and mega corporations so this is an open question and we ought to look for an answer because I think answering this question will be very beneficial for very beneficial for all of us we can do a lot with WebRTC and we can confirm the current internet we can bring existing p2p networks such as tor to web by putting them to dissemble and adding the WebRTC protocol support we can build new p2p networks that point depends on the will of governments and greedy corporations these networks can be used to get back the control over data to the people because they are more secure and resilient in the application of a bird ECM will be especially important in the area of Internet of Things as we can see that medical devices self-driving cars smart homes and critical infrastructure already depends on the internet which is by and large controlled by a few big players now and I strongly believe that it's not right to give these mega corporations and governments even more power and control over our data and consequently or our daily lives so you can find me on Twitter and there is a link to page listing some is for resources related to this talk and thanks a lot for your attention [Applause] you