Image licensed by Adobe Stock

The Web3: outlines

At the beginning of 2022, with the post titled “Data Protection Day 2022”, we had pointed to Web3 or Web 3.0 as one of the following challenges with which to confront regarding personal data protection and privacy.

Web3 or Web 3.0 is an existing and not a future reality.

The Web has had its evolution, and the development process continues, as evident from the following image.

Source: Digital Communications team blog

What does Web3 consist of, and how does it differ from Web2 or Web 2.0?

There is no definition of Web3, but it is expressed with the concept of decentralization and dynamism compared to Web2, which, on the other hand, is considered centralized and static.

Ethereum with the post titled Introduction to Web3 describes Web3 in the following terms :

Web3 has become a catch-all term for the vision of a new, better internet. At its core, Web3 uses blockchains, cryptocurrencies, and NFTs to give power back to the users in the form of ownership. A 2020 post on Twitter said it best: Web1 was read-only, Web2 is read-write, Web3 will be read-write-own.

The topic is undoubtedly complex and not yet fully defined, although there are already applications and solutions, as we will illustrate below.

The features known to be attributed to Web3 that distinguish it from Web2 are:

1. Blockchain: Web3 is based on blockchain, which by its nature uses data encryption with greater assurance for users;
2. Decentralization: data is stored within peer-to-peer connections, allowing users to access it at all times while retaining ownership of it and having relative control over it;
3. Ubiquity: Anywhere accessibility of content and services through any device;
4. Semantic Web: Technologies enable understanding of the meaning of words;
5. Artificial Intelligence (AI): The development of AI systems allows semantics to be combined with natural language processing so that more relevant results can be delivered;
6. 3D Graphics: use of three-dimensional graphics;
7. Edge Computing: data is processed in the network as close as possible to where it was generated, thus enabling better response with lower latency and additional benefits;
8. Permissionless: everyone can have access without exclusion;
9. Native payments: through cryptocurrencies;
10. Trustless: works with inexpensive mechanisms without relying on third parties.

IPFS

Decentralization cannot prescind from the IPFS system, which stands for InterPlanetary File System.

The description on the official website reads:

A peer-to-peer hypermedia protocol designed to preserve and grow humanity’s knowledge by making the web upgradeable, resilient, and more open.

What is IPFS? The answer is on the official IPFS documentation site, which describes it in these terms:

IPFS is a distributed system for storing and accessing files, websites, applications, and data.

The explanation of how IPFS works is on the official website and can be summarized as follows:

• By adding a file to the IPFS, it is broken down into smaller parts (chunks), cryptographically hashed, and given a unique fingerprint called a content identifier (Content IDentifier - CID) that becomes the permanent record of the file (in the form QmchJPQNLE5EUSYTzfzUsNFyPozXyANiZHFDSFKWdLNdRR).
• Through decentralization, when nodes search for the file, they ask other nodes which are storing the content related to that CID.
• A node can store the content to keep it (and provide it) forever, or download it to save space. Therefore, each node in the network stores only the content it is interested in, plus some indexing information.
• Should a new version of the file be added to the IPFS, it changes its cryptographic hash and receives a unique identifier (Content IDentifier - CID). This ensures that files stored on IPFS are resistant to tampering and censorship: any change to a file does not overwrite the original.
• IPFS can still find the latest version of the file using the decentralized naming system (InterPlanetary Name System - IPNS), while DNSLink can be used to map (Content IDentifier) CIDs into human-readable DNS.

To test IPFS, we downloaded both the Desktop app of IPFS and the CLI to the Mac, which allowed the machine to connect to IPFS so that it became a node of IPFS itself. When looking for content, IPFS Desktop will enable you to find it quickly because your machine, a node of IPFS, has access to the content you are looking for.

Please refer to the documentation found online for further discussion.

We have implemented our sites on Web3 and IPFS, and now they are also reachable indifferently at the following URLs (it is necessary to use the browsers: Brave, Safari, Opera or others below):

• NicFab:
  • https://ipfs.io/ipns/www.nicfab.eu
  • https://ipfs.io/ipns/nicfab.eu
  • https://nicfab.eth.limo (nicfab.eth is the Ethereum domain name)
• NicFab Notes:
  • https://ipfs.io/ipns/notes.nicfab.eu
  • https://notes.nicfab.eth.limo (notes.nicfab.eth is the Ethereum domain name)
• DAPPREMO:
  • https://ipfs.io/ipns/www.dappremo.eu
  • https://ipfs.io/ipns/dappremo.eu
  • https://dappremo.eth.limo (dappremo.eth is the Ethereum domain name)

However, “traditional” URLs remain valid, namely:

• NicFab:
  • https://www.nicfab.eu
  • https://nicfab.eu
• NicFab Notes:
  • https://notes.nicfab.eu
• DAPPREMO:
  • https://www.dappremo.eu
  • https://dappremo.eu

We think it appropriate to highlight one consideration. Although the topic deserves its venue, we want to point out that the concept of decentralization–in our view–is different from that of “decentralized architecture,” in that the latter represents only a limited, decentralized ecosystem to the developed solution. Decentralization, on the other hand, is understood primarily but not only in the Web3 represents a system in which control is no longer in the hands of an individual (individual, organization, or group) but a distributed network.

DAPPS

Apps in Web3 are called DAPPS, which stands for Decentralized Apps.

Several solutions have already been developed, and you can find the ones available at Awesome IPFS.

Of course, as many Web3 solutions and DAPPSs use IPFS, more projects are expected, releasing numerous resources.

Cloud

The cloud represents one of the earliest Web3 projects, and among those using IPFS, we understand there are already several existing resources.

Filecoin is one of the leading projects for blockchain-based storage and IPFS.

Another cloud resource on IPFS is Peergos, which has a free plan limited to 200 MB and then a paid plan with more space.

An additional resource is Fleek, which offers several services, including storage using Filecoin.

We also tried web3.storage, which offers a free 5 GB plan. This project in beta should go into production by the end of the year. The feature is the service has its own “w3link” gateway.

Finally, among our tests is the project Storj, which is not structured on a blockchain but on a decentralized cloud system that uses IPFS and leverages nodes globally. Specifically, once a file (object) is uploaded, it is encrypted and divided into 80 chunks, then distributed across the network; only 29 pieces (chunks) are needed to retrieve the file.

Mail: Skiff Mail

Currently, we understand that the only DAPP that leverages IPFS for email management is Skiff Mail.

We decided to create an account to use Skiff, which constitutes a suite that includes a mail client (Skiff Mail), a resource for making pages (Pages), and a recently added cloud solution (Drive).

Skiff Mail is open source, and thus, the code and related encryption protocol can be verified by anyone.

Skiff Mail can be used both from the browser, with the Desktop app, and with mobile apps (we tried the iOS apps). You need to register, and the same credentials will allow access to the apps.
Once logged in, you will be able to allow access your crypto wallet to take full advantage of the blockchain and Web3 features, including digital identity.

We have allowed access to our wallet by enabling the addition of the domain name nicfab.eth, created on Ethereum name service (from ENS), which contains our identity data so that the recipient can-using blockchain access-be sure of the sender’s identity.

With Skiff Mail, emails are encrypted and secure, and the encryption system is described in the white paper available at this page.

However, some clarifications are necessary.

Emails exchanged between Skiff Mail users are end-to-end encrypted.

Regarding emails exchanged between Skiff Mail users and external parties (i.e., non-Skiff), the system is as follows:

• for outgoing emails, Skiff encrypts the email and then decrypts it by dialing the outgoing MIME to allow the recipient to read the message;
• for incoming, unencrypted emails, Skiff turns them into an encrypted message on Skiff Mail to ensure unencrypted copies are never kept.

The Skiff Mail system is perfect, especially the blockchain aspects and thus the ability to have certainty about the identity of users (Skiff at present).

The support is efficient because they respond within 24 hours.

However, it is a “closed” system, with security and privacy parameters solely within the Skiff ecosystem. It is also not possible to configure an email client for sending and receiving Skiff emails.

We hope, therefore, that in the future, Skiff can implement the service, allowing both the exchange of encrypted messages even with users outside its ecosystem and the possibility to configure email clients and thus use Skiff fully.

Browser

Browsers must also be made for the Web3, and among many, we mention:

• Brave browser;
• Opera;
• Puma browser;
• Osiris browser;
• Decentr.

We tried Apple Safari, and it seems to work on IPFS.

Conclusions and privacy remarks

We have tried briefly describing Web3 and some of the current leading solutions.

From our perspective, the focus is always on data protection and privacy. It is necessary to be technically familiar with Web3, IPFS, and related resources-although without any particular depth to assess the compliance of these solutions with personal data protection and privacy.

The existence of encryption and hashing in all solutions mitigates the profile of security and related risks.

Decentralization, blockchain, ubiquity, and additional features of Web3 bring to our attention an essential aspect: data transfer outside Europe and vice versa, as provided in Chapter V of the GDPR.

In our humble opinion, and subject to further study, it seems that the use of cryptography and blockchain, ubiquity, and defragmentation of files (objects), may exclude the existence of data as defined by Article 4(1) and therefore, consequently of the processing and application of the GDPR.

The topic is broad and complex and needs to be explored further.

Follow us on Mastodon

Stay tuned!