Distributed Design: Architecting for User Privacy

User privacy has emerged as a red-hot topic in the news lately. Of course, users have long had questions about their privacy as more and more of information about them traverses the Internet, but with the proliferation of social networking tools that broaden how far information travels, users are understandably becoming more nervous.

There is something about a distributed architecture like BitTorrent which makes for a fundamentally different starting point – something we might call “distributed design”. Although some P2P networks have had their own well-publicized privacy problems, BitTorrent is designed in such a way that there are significantly fewer privacy concerns. This is a theme we hope to continue.

Most web-based apps start out with a highly centralized view of the world. That is to say they assume that the app and all its data are going to live on a central server and scale up to millions of users simply by adding more and more racks of servers doing basically the same thing. The data itself is considered a valuable “asset”, and giant new companies are evolving around the central question of how best to exploit it without upsetting users too much. Publicity is assumed, and privacy is just “to be provided for”.

Our approach to distributed design assumes that as much functionality and data are pushed out to the edge as possible. In general this leads to a somewhat higher investment to build the apps, but much lower operating costs. With a good distributed design, most services and data reside on end users’ computers while only a few core services and the bare minimum of the data are ever centralized. Privacy is assumed and publicity is provided for.

When we decided to build uTorrent Web, a super-simple way for users to manage their torrent clients through a browser from anywhere on the Internet, we started with a distributed design philosophy. To enable uTorrent Web, through a careful distributed design, the security starts at your browser where all private data is encrypted and it stays fully encrypted through our servers all the way to your client where data is finally unencrypted. Our servers don’t handle anything private about your client – all they see are your user-name and your IP address. There are many good reasons for this distributed design approach where as much functionality and data as possible are pushed to the edge:

  • - Using distributed resources places the control in the hands of users, not some faceless corporation. Almost everything is private and users control what to reveal rather than what to hide.
  • - Distributed resources are paid for by the consumer, not the application provider. Sharing the operating costs for the app just makes good economic sense.
  • - Distributed resources scale organically with demand – making capacity planning exercises far less critical.
  • - A distributed design reduces the burden to build ultra-high-security into the server infrastructure – if you invest to make the app itself secure, then the security of the infrastructure matters far less (it still matters of course… but less so).

This final point is especially critical when it comes to planning for large-scale growth. Relying on a combination of a “trust me” public position and saying “sorry” when something goes wrongseems like a poor business design. Perhaps it is far better to design for a less worrying failure scenario? With uTorrent Web, in the worst case scenario, even if privacy is compromised and data is exposed, there is nothing in the servers to be discovered.

Utilizing a distributed design philosophy is a way for BitTorrent to do more with less. It is also a radically different way to build a business. Find out more about our uTorrent Web as part of our Falcon project here.

- Simon -

 Related Posts: