Fixing The Broken Web (Alternatives to DNS and The Web 3.0)

The internet and the protocols at its foundation are terribly designed and broken.

December 2nd, 2021

Fixing The Broken Web (Alternatives to DNS and The Web 3.0)

A short while ago the Epik domain registry was hacked by Anonymous (or at least a group claiming to be Anonymous) and all their customer data was leaked. Although a lot of commentators discussed the political implications and how some of the users apparently deserved it, the only thing that was going through my mind was how could this happen. How is it that in order to have a website I need to put my trust into an organisation that I cannot verify is following good security practices. After all it wasn't too long before that GoDaddy itself had been hacked and exposed 1.2 Million user emails.

Unfortunately to deal with the issue of domain scarcity and assignment, registrars are a necessary annoyance. However, ever since this recent leak searching for alternatives to DNS and the web has a whole has never been more appealing.

Current Internet Technology

To understand why registrars are needed it's important to understand the Domain Name System (DNS) protocol. When you search for a domain in your browser your computer queries a range of different DNS servers starting from the local cache on your computer all the way to the top-level domain (TLD) server. The TLD is the abbreviation after the domain name such as .com, .org etc... A diagram of this can be seen below.

When the internet was first created it was essentially just a few computers serving up websites to each other in a peer to peer system. The idea that we could run out of domain names let alone IP addresses was never imagined at the time. As such a lot of the protocols developed for the backbone of the internet never really took privacy or decentralisation to heart. A middleman was needed to register domain names and also insure the authenticity of the IP addresses associated with a domain. This is the primary reason we have DNS registrars.

The problem with having large centralised organisations responsible for domain authenticity is that you are completely reliant on their security practices and privacy policies. Even the TLD providers themselves have the ability to shut down access to the internet if God forbid an issue ever happened to the .com DNS servers. Due to laws and regulations with ICANN some TLD providers, such as .com, are legally required to ask you your address and contact info. This is why so much personal data was leaked in the Epik domain hack (although the easiest solution was to just give fake info).

There are some interesting projects that have been discussed in the privacy and security space as alternatives to HTTP such as Gopher and Gemini. I've heard great things about these technologies such as better performance and more security but unfortunately they are only replacements for HTTP itself and still rely on DNS.

Current Alternatives

Implementing a decentralised system for domain lookups is actually a relatively easy feat. One system that has been used in many cryptocurrencies and other decentralised projects is the distributed hash table (DHT). DHT's work in the same way a regular hash table works in that a key is provided and a value is returned. The only difference is the key-value pairs are stored on many different nodes across a network. Since the key-value pairs are encoded with a hashing algorithm nobody can see the data on their computer unless they have the key from the hash function. It is a very handy way of storing data across a distributed network on nodes.

This isn't to say that alternatives to DNS and other internet protocols don't exist. Anyone could easily design and implement a protocol tomorrow and it could be far superior to the currently used ones. The problem is that none of the technology or infrastructure we use could implement it unless they were designed to. Especially with all the large regulatory bodies who are responsible for defining and standardising every single aspect of a protocol, gaining mass adoption of alternatives is a much more difficult task than the technological development.

That's not to say that there aren't alternatives out there to the current internet stack. One of the most well-known and famous ones is InterPlanetart File System (IPFS). IPFS is a P2P file storage system similar to bit torrent. It uses DHT as mentioned above to store the data across the various nodes. Similarly to blockchain, objects stored on the network cannot be altered, however versioning can be used to alter files such as a text document or a html file for a website. IPFS has a lot of integrated blockchain projects as well as an entire ecosystem of features and is well on its way to becoming an alternative to the traditional tech stack.

GnuNet is another network protocol stack that is created by the GNU foundation who are responsible for most of the tools and utilities that made Linux possible. It contains alternatives to DNS, IP addresses, filesharing and messaging. Although a tech stack created by the GNU foundation would be a dream come true for privacy advocates, unfortunately there haven't been many projects or applications that have used it so far. The best way to change this is to advocate for it and develope with their stack ourselves.

There are a few other notable projects that don't quite fit the bill but are worth mentioning. Freenet is a project created for P2P file sharing and is best comparable to the Tor project. It is very security and privacy focused and similarly to Tor, isn't the most suitable tech stack for applications that require high bandwidth, such as video streaming. I've heard that similarly to Tor it's become synonymous with less than desirable content as of late.

Issues With Alternatives

Although the projects mentioned above are great there are a number of obstacles in the way of mass adoption. Tor is a great service as it contains exit nodes, meaning that although people can host Onion sites they can also visit regular surface sites too. The tech stacks above do not allow external access meaning you can't access the regular web through them. This is good in a way as accessing the bloated, unsecure internet defeats the purpose but what it also means is that all the current web browsers and other utilities. That being said, there are services such as Unstoppable Domains that allow users to navigate to IPFS files through regular DNS domains by mapping the domain to the hash.


The road to a better internet will be long and hard and realistically won't be realised soon. The easiest way accelerate this journey is to embrace alternatives and to help popularise them as much as possible. In the future I may do tutorials on how to setup websites or applications on these alternatives but for now there are many resources out there to help.

Stay happy and stay private.