Cult of the Dead Cow releases Veilid: A secure open-source Peer-to-Peer network for apps that flips off the surveillance economy

A stage with sign in background showing DEFCON, and a lady with green coloured hair standing behind a podium, with a bald-looking man standing beside here holding a microphone in his right hand.

DEF CON Infosec super-band the Cult of the Dead Cow has released Veilid (pronounced vay-lid), an open-source project applications can use to connect up clients and transfer information in a peer-to-peer decentralized manner.

The idea being here that apps – mobile, desktop, web, and headless – can find and talk to each other across the internet privately and securely without having to go through centralized and often corporate-owned systems. Veilid provides code for app developers to drop into their software so that their clients can join and communicate in a peer-to-peer community.

If an app on one device connects to an app on another via Veilid, it shouldn’t be possible for either client to know the other’s IP address or location from that connectivity, which is good for privacy, for instance. The app makers can’t get that info, either.

The framework is conceptually similar to IPFS and Tor, but faster and designed from the ground-up to provide all services over a privately routed network. The framework enables development of fully-distributed applications without a ‘blockchain’ or a ‘transactional layer’ at their base.

To demonstrate the concept, they have published the code for a chat app called Veilid. Veilid is designed with a social dimension in mind, so that each user can have their personal content stored on the network, but also can share that content with other people of their choosing, or with the entire world if they want. The primary purpose of the Veilid network is to provide the infrastructure for a specific kind of shared data: social media in various forms. That includes light-weight content such as Twitter’s tweets or Mastodon’s toots, medium-weight content like images and songs, and heavy-weight content like videos. Meta-content such as personal feeds, replies, private messages, and so forth are also intended to run atop Veilid.

The easiest way to help grow the Veilid network is to run your own node. Every user of Veilid is a node, but some nodes help the netowrk more than others. These network support nodes are heavier than the node a user would establish on their phone in the form of a chat or social media application. A cloud based virtual private server (VPS), such as Digital Ocean Droplets or AWS EC2, with high bandwidth, processing resources, and uptime availability is crucial for building the fast, secure, and private routing that Veilid is built to provide.

The interesting thing for me here is, that usually with peer-to-peer client apps, they need to know, or be able to discover, the IP addresses of other P2P client apps in order to connect over the Internet. This is obviously a major privacy issue, but without it being able to happen, a P2P network cannot be established. So, I’ll be interested to read more about how they have solved this in a workable manner.

Peer-to-peer networks have always been the most censorship resistant, full ownership of identity, etc but the downsides were the IP address advertisement, the difficulty of finding anyone else on the network, and often having a separate identity for every device. The closest I’ve seen so far in addressing the shortcomings has been the Nostr protocol. So, I’ll be following discussions on Nostr about this to get a better idea of how Veilid compares with Nostr.

The questions really for most will be, how easy and practical will Veilid be for average users to use, and how will it fit in with the W3C standard declared for social networking (will it be yet another extra social network).

See https://www.theregister.com/2023/08/12/veilid_privacy_data/

Comments