What is End-to-End Encryption (E2EE) and How Does it Protect Your Data?

Today we communicate with others more online than we do in person.

For instance, according to a study done by cloud mobile and online business messaging solutions LivePerson, 65% of Millenials (born between 1981 and 1996) and Gen Z (1997-2012) communicate with others more digitally than face-to-face.

This communication often involves private and other sensitive data and social networks such as Facebook or email providers like Gmail do not offer sufficient privacy and security for your data.

This means that you need end-to-end encryption to secure your online communication.

What is End-to-End Encryption?#

So what is end-to-end encryption?

Think of it as a way to send data in such a way that only you (the sender) and the recipient can open and read the message.

Even if a third party, like a hacker, somehow manages to intercept your email message, for instance, they won’t be able to open it, read it, or otherwise tamper with it because of the way that end-to-end encryption works.

How Does End-to-End Encryption Work?#

True end-to-end encryption uses a pair of keys - public and private.

With the private key, the sender encrypts the message before sending it to the intended recipient. Thus encrypted, the message turns into an incomprehensible mess of letters, numbers and special characters that is useless to anyone intercepting the message.

However, the same key can not be used to open the message.

Instead, the recipient needs to generate a private key, which only they own, to decrypt and open the message.

This type of encryption, using a pair of public and private keys, is called asymmetric encryption and is different from another type, which only uses one key to both encrypt and decrypt the message, which is called symmetric encryption.

(You can read more about asymmetric and symmetric encryption here).

Let’s use a classic example with Bob and Alice to paint a picture of how end-to-end encryption works.

  1. Bob wants to send Alice a private email message
  2. Alice generates two keys - public and private
  3. She sends the public key to Bob, but keeps the private key
  4. Bob then encrypts the message with the public key
  5. Thus encrypted, the private message goes to Alice
  6. Finally, Alice uses her own private key to decrypt the message

Types of End-to-End Encryption#

There are two types of end-to-end encryption:

  1. Pretty Good Privacy (PGP)
  2. Secure Multipurpose Internet Mail Extension (S/MIME)

We’ll talk more about the two some other time, but for now, let’s just say that the main difference is that:

  • In PGP, the keys are exchanged between the users (in a way we described above)
  • While in S/MIME, a third party (Certificate Authority) provides a digital certificate that authenticates the sender (proves that they are who they say).

Advantages and Disadvantages of End-to-End Encryption#

Any system has its good and bad sides and, naturally, this goes for end-to-end encryption as well.

So what are these?

Advantages#

  • Protects your privacy from the service provider

If you use an email service like Gmail (here are 5 reasons to drop Gmail, btw), or want to send a message through Facebook, then your data will be stored on Google’s or Facebook’s servers. This means that they will have the keys to decrypt it. With E2EE, they can’t.

  • Secure against hacking

Even if the server on which the encrypted message is stored is hacked and the data breached, the attackers won’t be able to do much with it if they don’t have the decryption key.

  • Protects free speech

End-to-end encryption is an important key for any journalist, whistleblower, or activist, who wants to speak freely and be safe from government intimidation and surveillance.

Disadvantages#

  • Losing or forgetting the private key

What happens if you lose or forget the private key? In that case, what was the main advantage of end-to-end encryption becomes its biggest flaw, as you can no longer decrypt and read the message.

  • End-point security

One risk with E2EE lies with the end-point. If the recipient’s device itself is unsecure, for instance, if they stored the private key in plain sight, then the whole point of encrypting and decrypting is void.

It’s like in that Simpsons scene where Mr. Burns and Smithers go through all the high-tech security of Burn’s nuclear plant only to find a door to the back alley on the other side through which a dog can waltz in.

  • Data transfer is visible

While the data itself is hidden with E2EE, the fact that there was a data transfer isn’t.

What does this mean? Well, if there are records of data transfer, it is possible for someone to decipher what its contents might be based on who sent it (sender) and who received it (recipient).

Conclusion#

End-to-end encryption remains a highly divisive topic. On one side are those who want to protect their data privacy, while on the other side are those who want to ban it, claiming that it helps terrorists and criminals.

At Telios, we believe that every person has the right to choose if and how they want to protect their sensitive information. We understand that end-to-end encryption is not for everyone, but for those that do need it and want it, our decentralized email provides secure communication with encrypted data and email.

What are the Key Differences Between a Peer-to-Peer Network and a Client-Server Network That You Should Know?

The key to any system is a solid network.

For instance, we can have a network of friends, colleagues and partners; a business can have a network of suppliers and so on.

When it comes to computer networks, we can distinguish between two types:

  1. Peer-to-peer network, and
  2. Client-server network

So let’s briefly introduce you to each (we’ll cover them more in-depth in the future) and take a look at the key differences between a peer-to-peer network and a client-server network.

What is a Peer-to-Peer Network?#

If you ever played a game of Among Us with a bunch of friends, you already had a taste of a peer-to-peer or P2P network for short.

In a P2P network, two or more computers are connected and they share individual resources like disk drivers, printers, etc.

Here, there is no one central server like we will see in the client-server network. Instead, each computer or node in the network is, at the same time, both a client and a server and it communicates directly with other computers/nodes in the network.

This way, everybody who is in the network can directly share files without having to go through a central server.

What is a Client-Server Network?#

The client-server network is much more broadly used than a peer-to-peer network model.

In this model, the computers in the network, aka “clients” are all connected to a central server and pool data and resources from it.

For example, if you go online and want to read an article (like this one) on a website, your local browser needs to find the server on which the website where the article is written is housed and connect you to that server.

In fact, you need not look no further for a real-life example of a client-server model than the World Wide Web.

Differences Between a Peer-to-Peer Network and Client-Server Network?#

If you’ve been paying attention while reading this article you probably already know one difference between a peer-to-peer and a client-server network.

Nothing? Ok, we’ll give you a hint: in peer-to-peer networks, all computers in the network are at the same time servers and clients and in the client-server network there is just one server and all computers are connected to it individually as clients.

But that's far from the only difference between these two. Let’s take a look at some of the other ways they differ:

Peer-to-Peer NetworkClient-Server Network
There is no difference between a server and a client. Everybody in the network can play both roles.There is only one server. Everyone else on the network acts as a client.
Each peer in the network must store its own data.The server is used for storing data.
Clients share data with each other.Clients must go through the server to access and share data.
Better for connectivityBetter for sharing information.
As the number of peers increases, the network becomes less stable.More stable in general than peer-to-peer networks.
Usually work in smaller networks.Can be used in both small and large networks.
Less expensive than the client-server network to implement.More costly than the P2P network to implement.
DecentralizedCentralized
Less time to access a service for the node.Nodes/clients have to wait more for access.

Conclusion#

Both peer-to-peer and client-server networks have their well-earned place and the question is just what you need them for.

If you’re looking for a decentralized network that is easier and cheaper to implement and that better works in a small network, then you should go for a peer-to-peer network.

However, if you need a more robust, stable and centralized network, then the choice is a client-server network.

Telios is a secure end-to-end encrypted email service that works on a decentralized, peer-to-peer network. That means all your metadata and email contents stay private and the encryption keys are stored locally on your device, where only you can access them.

You can download and check out the Telios desktop app (still in beta) for Windows, macOS and GNU/Linux.

Top 8 Decentralized Storage Networks to Store and Share Your Data Securely

For a long time cloud has figured as the top option for storing files. Now, however, with the rise of blockchain, more and more decentralized storage networks threaten to disrupt the cloud as the storage option of choice for many users.

Here are 8 decentralized cloud storage options to pay attention to:

BitTorerrent#

As far as longevity and number of users are in question, BitTorrent is the number one peer-to-peer network in the world.

Founded in 2001 by an American software engineer, Bram Cohen, BitTorrent is a decentralized P2P protocol that allows users to upload and download files on the Internet.

Instead of uploading and downloading entire files (which can be quite large as people use BitTorrent to download movies for instance), each file is broken into smaller fragments. These fragments are then sent over the peer-to-peer network of seeds and peers until the user can receive the full file on their device.

The seed is the person who originally shared the full file (aka the uploader) and the peers are the users who receive fragments of the file via the distributed network.*

Sia#

Sia is a decentralized storage platform that utilizes blockchain technology in order to secure the user’s files and/or folders.

So how does it work exactly?

First of all, Sia looks for unused hard drive space from computers in its decentralized network around the globe. Next, when it has located the necessary storage space, a data storage marketplace is created, which boasts much lower storage than traditional cloud storage.

The security is, however, where Sia really shines.

First of all, since the files are distributed among multiple hosts and locations, there is no single point of failure to worry about. You won’t have to worry about the server going down due to a DNS failure or anything like that.

Second, your files are encrypted and as the owner, you are the only one with access to the private key that can be used to decrypt them. Nobody else, including the storage provider, can do that.

MaidSafe#

If you’re on the SAFE peer-to-peer, decentralized network, you can share your hard disk space, memory and processing power and “farm” MaidSafeCoins (MAID).

The network uses Proof-of-Resource which the network uses to determine if the nodes that store fragments of encrypted data (called “Farmers”) are actually following the rules of the network.

Basically, the Proof-of-Resource determines if the “Farmer” has the necessary resources (disk storage space, processor speed, bandwidth, online time) to store and/or retrieve data fragments. If not, that node is removed from the SAFE network.

Finally, it should also be noted that anyone can join the SAFE network completely anonymously, thus there is no worry about censorship or anything like that and all files are fully encrypted.

Storj#

Storj is a decentralized cloud storage platform based on the Ethereum blockchain where each network member can provide free space on their local device.

What do you need to become a part of the Storj decentralized network?

Only some free disk space and enough bandwidth to send and receive data.

Let’s say you want to send something over the Storj decentralized network. First of all, your file will be fully encrypted with the private key so you are the only one with access to the file.

The file will be split into multiple smaller fragments and each of these fragments in turn will be stored on PCs around the world that are a part of the Storj network. Once you need to file, the file will be downloaded via multiple connections and naturally distributed back to you.

FileCoin#

FileCoin is a decentralized cloud storage platform that is based on the IPFS P2P file storage protocol (more on IPFS later).

Anyone can join the FileCoin network and become a miner. In fact, the miners are rewarded for storing, organizing and distributing data on their local storage devices (all you need is enough disk space and a good Internet connection) with FIL tokens.

To become a miner, you have to bid against other miners for storage, where asks and bids are visible to all (the lowest price wins).

Once you become a miner, you will be evaluated based on two consensus mechanisms:

Proof-of-Spacetime - which ensures that you continue to store a unique piece of data for the network and,

Proof-of-Replication - which shows that you have stored as many copies of data as you claim to have on your drive storage.

Ocean#

Another decentralized storage network that uses blockchain technology, smart contracts and tokens to share and exchange data in a trustless way is the Ocean Protocol.

Participants in the network range from crypto nerds, AI devs, to nonprofits and businesses.

Internxt#

Internxt is a decentralized cloud storage service that keeps your sensitive data safe using AES-256 CTR encryption, which ensures that you are the only one who can access your files.

Each user has access to free 2GB storage via their browser on their Windows or macOS device or they can download the program or the app on their Android or iOS.

Since the files are broken into smaller chunks and then randomly dispersed on the multiple servers on the decentralized network, which means there is no single point of failure and a potential hacker can’t get the whole file, but only a part of it.

IPFS#

We already briefly mentioned IPFS when we talked about FileCoin, but it definitely deserves a section of its own.

IPFS stands for InterPlanetary File System and is a distributed file system for sharing and storing data that works similarly to torrents.

Basically, files are not hosted on one location, like a central server, but are instead distributed over a network of computers (basically, anyone who wants to host a file is welcome on the network).

One issue with IPFS is that it doesn’t ensure permanence so you would have to integrate it with another tool like FileCoin to ensure that your data is stored over a longer period of time.

Speaking of storage, if the data is not used frequently, IPFS uses a process called Garbage collection through which it deletes that data and that way clears up memory space. To ensure that your data is stored locally, you need to add a local “pin”.

Conclusion#

Are decentralized storage networks here to replace traditional centralized solutions by big providers like Dropbox, Amazon, IBM, Google, etc?

Probably not, at least not any time soon. For the average user, centralized solutions are still far too convenient to really bother switching to something they may not fully understand just yet.

However, what decentralized storage solutions have for themselves is that they are much better at protecting your privacy and they also give you the incentive (usually through tokens on the network) to store someone else’s files on your disk space.

Telios itself uses the Sia decentralized storage service to store your encrypted emails. Download Telios to enjoy better security and privacy over a peer-to-peer decentralized email today.

Can We Stop the Splinternet? Is the Cyberbalkanization of the Internet Inevitable or Can We Stop it?

On 29th April 2022, 60+ countries, including the United States, members of the European Union and 33 other countries signed The Declaration for the Future of the Internet, that calls for “all partners who actively support a future for the Internet that is open, free, global, interoperable, reliable, and secure”.

In other words, the Declaration aims to stop the balkanization of the Internet, or the “Splinternet”.

What is the Splinternet?#

The Splinternet or the balkanization of the Internet is the process of dividing the Internet into pieces caused by any of the following factors:

  • Politics
  • Geography
  • Religion
  • National interests
  • Technology
  • Commerce

Once fragmented like this, each separate fragment becomes an entity of its own, disconnected from the rest of the Internet and at the whim of whoever is controlling it (usually the local government).

Examples of the Splinternet#

Unfortunately, the Splinternet is not a theoretical threat.

It is already happening and there are several examples of what awaits us if we allow it.

The Great Firewall of China#

In 2003, China initiated its Golden Shield Project, a huge censoring and surveillance system, and fully completed it in 2006.

An important part of this project is the Great Firewall, which basically bans all international websites that the Communist Party of China (CPC) deems “unsafe”.

This includes 311,000 domains, according to the GFWatch system developed by a group of academics who tested 534 million domains between April and December 2020.

Some of the blocked websites include:

  • Google
  • Facebook
  • Wikipedia
  • Zoom
  • Reddit
  • Spotify
  • Twitch
  • Twitter
  • Youtube
  • Etc.

Russian “Runet”#

Although Russia definitely stepped up their Internet censorship game since the invasion of Ukraine, they’ve actually been pushing for an Internet they can easily control for some time now.

Since the start of the Ukraine war on 24th February, Russia has blocked 2.633 websites including:

  • 2,012 news sites
  • 482 sites that contribute to the Ukraine war efforts
  • 26 charity and non-profit websites, including Human Rights Watch and Amnesty International
  • Popular sites like Google News, Facebook, Instagram, Twitter, etc.

In 2019, Russian President Vladimir Putin signed the “Sovereign Internet Law” legislation which aimed to stop “US’s aggressive cybersecurity strategy”.

This law led to “Runet”, an intranet completely separate from the global Internet and independent from other sources, through which the Russian government can filter and control what its citizens can see.

North Korea and Iran#

Access to the Internet in North Korea is only available to its citizens and visitors through a 3G phone network and even then all you can see is government propaganda and websites that praise Kim Jong-un 24/7.

To access the global Internet, you’d have to be a high-ranking government official.

Iran is also heavily blocking Internet content that they see as “immoral”.

Some of the sites blocked in Iran include:

  • YouTube
  • Twitter
  • Wordpress.org
  • Netflix
  • Hulu
  • CNN
  • Fox News
  • Facebook Messenger
  • Etc.

Why We Can’t Allow the Splinternet to Happen?#

So why is Splinternet dangerous and why is it important not to let it take full swing?

First of all, the “promise of the Internet” is to be “an open ‘network of networks’”.

This means the Internet should be open to everyone and free of government and corporate influence.

That is the only way to ensure the free flow of information and the exchange of ideas.

The Splinternet aims to do just the opposite and that is to fragment the Internet in a way that allows individual governments to fully control its content on the little Internet island that they now control.

Another problem that the Splinternet will lead to are more cyberattacks and the weaponization of the Internet.

Countries like Russia and China are already busy sending out government-backed hackers to disrupt and block western websites and spread misinformation. As the Internet gets fragmented, these threat actors no longer have to worry about the Internet in their country but can easily carry out cyberattacks in other countries, aka, its “enemies”.

Splinternet is NOT Decentralization#

Splinternet should not and must not be confused with decentralized Internet.

In fact, it is the centralization of the Internet that has been happening for a while now that has been largely responsible for the censorship on the Internet and thus the Splinternet itself.

The Declaration for the Future of the Internet says that:

“The Internet should operate as a single, decentralized network of networks - with global reach and governed through the multistakeholder approach, whereby governments and relevant authorities partner with academics, civil society, the private sector, technical community and others.”

At Telios, we would also add “that ensures secure communication and the privacy of your data”.

One of the main ways to communicate online is through email. Unfortunately, popular email services like Gmail or YahooMail are not safe and even secure and end-to-end email services like ProtonMail can be controlled as long as you control their servers.

Telios is a peer-to-peer decentralized email built for privacy and security that ensures that only you can access your encrypted information.

You can download the Telios desktop app for Windows, macOS, or GNU/Linux or get the lifetime deal at AppSumo for $59 with a 60-day full money-back guarantee.

What is Decentralized Cloud Storage and Why You Should Start Thinking About it?

Decentralized

Where do you keep your important data? If you are like most people, probably either on a physical medium like a hard drive on your computer and/or on a cloud server.

Cloud computing is growing every year. In fact, according to Statista, the number of personal cloud storage users (like those using Google Drive) has doubled between 2014 and 2020 from 1,136 million to 2,309 million.

But here’s the problem with centralized cloud storage.

You don’t own it. Once your data is hosted on their servers, you don’t really own your data either.

Let me introduce you to decentralized storage.

But before, read why centralized Internet is a bad idea to get the whole picture.

What is Decentralized Cloud Storage?#

Okay, so what is decentralized cloud storage?

Unlike centralized cloud storage, where your data is stored on a single cloud server, owned by Google (read here why you should drop Google) or Amazon, for instance, in decentralized cloud storage, your data is stored across multiple servers.

These servers are hosted and maintained by multiple users and groups, rather than a single company and they all work to keep your data accessible and secure.

How Does Decentralized Storage Work?#

In a decentralized storage system, your data is stored on a decentralized network, on so-called “nodes”.

Nodes are physical devices in a network (like a computer), which can receive and forward transmissions from and to other nodes in the network.

In a centralized storage system, you can download or upload files from or to a centralized data server, which in turn receives and forwards data from multiple servers.

Things work a little differently in decentralized storage.

Here, you don’t receive the entire file at once from just one server. Instead, each node in the network holds a piece of it and you download these pieces until you have the full file.

Isn’t My Data Safer With Google Than With Some Random People?#

Google

Now, why would you have your data stored on some random nodes, run by random people?

Isn’t a multi-billion corporation like Google or Amazon safer?

No. Because those random people can’t read your data, while Google or Amazon (or any other centralized cloud provider) can.

How is this the case?

On a centralized cloud server, your data is encrypted using 256-bit encryption. Which is fine.

This means that your encrypted data can only be read if you have the decryption key.

Guess who owns that key?

Hint: it’s not you.

On the other hand, in decentralized storage, you’re the only one that has the decryption key. This means that not even those that are running the nodes can read your data.

They are only there to safely store your data.

And, even if they somehow managed to get ahold of your decryption key, it wouldn’t matter too much. Remember, it’s “decentralized”? They would only be able to access a fraction of the data and not the whole.

Decentralized Storage Pros & Cons#

Decentralized cloud storage has its pros and cons, so let’s take a look at these.

Decentralized Cloud Storage Pros#

  • It’s faster One big problem with centralized storage is that it can create a bottleneck.

Think of it as having only one road that leads to a big city. If the traffic is too high for that road, it will eventually get jammed.

Now think of having multiple roads to that same city. If you see one road getting a bit slower, you can just switch to another one and get to your destination faster.

  • Better security and privacy We already explained a bit how your data is encrypted on centralized vs decentralized cloud storage. But let’s reiterate:
    • You’re the only one who has the decryption key and can therefore access it and read it
    • Your data is stored in multiple locations, in pieces, rather than in a single location
  • Cheaper storage Of course, there are free cloud storage options that you can use, but it’s usually very limited.

For instance, Google Drive offers 15GB, iCloud 5GB (for Apple users only), One Drive 5GB, Amazon Drive 5GB (for Prime subs) and Dropbox only 2GB.

A few big files, like video games or movies and you’re all out of space on your drive.

So what then?

Then you have to start paying for storage. The problem here is that storage is limited. Which means higher cost.

Now, decentralized storage relies on nodes as we said. Individually, these nodes are small and so don’t have a lot of storage space. But, there are millions of available nodes to host your data (remember, each node holds only a piece of the data).

This leads to lower storage costs when compared to centralized cloud storage platforms.

  • Reduced file and data loss Centralized storage is like putting all your eggs into one basket. What happens when that basket gets stolen or damaged?

You’ll lose all your eggs, of course.

Decentralized cloud storage is like putting a few eggs in one basket, then a few in another and so on. If you lose some of your data/eggs, no worries, there are copies of it in other nodes/baskets.

Decentralized Cloud Storage Cons:#

  • Lack of legal accountability With centralized cloud storage, if your data is lost, the provider is held accountable.

But if your data is lost or stolen in a decentralized cloud storage? Which node in the network is accountable?

  • Technology still isn’t “ quite there” Decentralized storage is still very much in the experimental stage. And this means that a lot of people and businesses will be reluctant to migrate from the relatively stable centralized cloud storage to it.

In fact, at the moment, 94% of businesses are using centralized cloud storage, according to Cisco Global Cloud Index (2016-2021).

  • Is decentralized cloud storage superior to centralized? There’s still no definitive answer to this question and there probably won’t be for a few more years.

This means that decentralized storage is fighting an uphill battle on the market. Centralized storage providers are already well entrenched and won’t give up their positions that easily.

Conclusion#

Even though decentralized cloud storage is still very much in its infancy and there are a lot of things to get right, the potential is clearly there, especially when it comes to security and privacy.

At Telios, we are firm believers in decentralization. Check this article on the benefits of decentralized Internet to understand why. The same, of course, goes for decentralized storage options.

Over time, we believe that more and more people and businesses will see that the benefits outweigh the problems and will turn to decentralized cloud storage.

What do you think?

5 Reasons to drop Gmail

Today, when people ask you for your email address, they don’t ask “what’s your email?”, but “what is your Gmail?” That’s how popular and widespread Google’s email service is.

For most Internet users, Gmail makes perfect sense. It’s free and convenient and everyone uses it. However, for a privacy-focused user, the popular email service has its fair share of downsides.

In this article, we’ll take a look at 4 reasons to drop Gmail (or other popular email providers) for a decentralized and secure email service.

1. Gmail Collects and Reads Your Data#

It’s no secret that Google has access to your data. And, of course, it also reads your emails.

If you ask Google, this is all to “provide better user experience and product personalization”, but most people don’t think much about what information they are “giving” to Google.

Flickr great deletion

Gmail links the following data to you:

  • Contact information
  • Location
  • Contacts
  • Search history
  • User content
  • Purchases
  • Identifiers
  • Diagnostics
  • Other data

So what does Google do with that data?

2. Selling Your Data to Advertisers#

“Now hang on just a moment there, Google says it will never sell your personal information!”

What we have here is a very clever use of the word “sell” by Google.

You see, according to the California Consumer Privacy Act (CCPA), a “sale” is “any exchange of personal information for ‘valuable consideration’ (meaning ‘money’ in most cases).

Technically, that isn’t what Google is doing.

But they are still making money out of your personal information.

How?

There are two ways that Google monetizes your data:

It directly shares data with advertisers, who can then bid on individual ads, or It builds profiles based on the user data it collects with shared interests and demographics, thanks to which advertisers can target people based on those traits.

Read more on how Google shares, monetizes and exploits your data on EFF.org.

3. Gmail Doesn’t Offer End-to-End Encryption (by Default)#

At least not by default. Look, you can install a PGP plugin for Gmail like FlowCrypt, but that’s a lot of work and Gmail wasn’t built with privacy and security of its users in mind.

That’s not to say that Gmail doesn’t have “any” type of encryption. It does have TLS or Transport Layer Security, but that only works if the data is in transit, so between the sender and the recipient. Gmail does nothing to protect your data while it’s on the sender’s or recipient’s email server (endpoints).

This is why end-to-end encryption does. It ensures that only the sender and recipient can access the email contents.

4. No Zero Access Protection#

For those unfamiliar, “zero access protection” means that the service provider (in this case Gmail) cannot access your data even if it is stored on its server.

Combined with end-to-end encryption, zero access protection ensures that you are the only one who has access to your data.

How?

Let’s say you want to send an encrypted email to a friend. The email is encrypted using a public key, but the only way to read it is to use a private key and decrypt it with it.

Normally, in the perfect scenario, only the recipient will have that private key. However, what if the service provider, like Gmail, also has that key? They’d be able to read your encrypted emails with no problem.

But, with zero access encryption, that can’t happen and only the user has access to his or her emails.

5. It’s a Big Attack Surface#

Google has over 270 products and services under its umbrella and Gmail is but one. All of these services are in one way or another connected.

The good side of this is that everything is much easier to use and it’s all under one account and one login.

The bad side is that if one service is breached, your data is at risk on all of them.

As the largest email service in the world, Gmail is also the most likely target for email scams, spam and phishing campaigns.

According to a 2020 APWG study titled “Phishing Activity Trends Report”, 72% of all BEC (Business Email Compromise) attacks in Q2 2020 were sent from free webmail accounts and of those about 50% used Gmail.

Flickr great deletion

Conclusion#

Again, we're not saying that Gmail doesn’t work. For most folks, it’s perfectly fine. But if you’re looking to protect your data and not have others make money out of it without your permission, then you should drop it.

Drop it for what exactly?

A decentralized & secure email service, like Telios. Telios is a peer-to-peer decentralized and encrypted email (meaning that not only is the email fully encrypted, but it is also stored locally on your device so only you have access to it).

Ready to take back control of your email data? Download the Telios app today for Windows, macOS, or GNU/Linux.

What is a Peer to Peer Network?

Internet communication happens so fast today that you might think that you are directly communicating with the other side. However, this is usually not the case and instead, data that you send from your computer first goes to a centralized server before it reaches the recipient.

This is called a “centralized” or “client-server” network

However, in some cases, such as when we want to directly share a file from one computer to the other, we don’t need a central server and instead a so-called peer-to-peer network is established.

So what is a peer-to-peer network, how does it work, what is the difference between P2P and centralized networks and is email communication done peer-to-peer?

What is a Peer-to-Peer Network?#

Let’s begin by explaining what is a peer-to-peer network.

A peer-to-peer or P2P network is one in which two or more computers are connected and share their resources without a central server in between them.

For example, when you connect your smartphone to another phone via Bluetooth to share files, you are creating a peer-to-peer network between the two devices.

Or, if you connect two computers via a USB to transfer files, you are also creating a P2P network.

The idea of a peer-to-peer network is that each computer in the network is considered equal and communication between computers is done in both ways. However, the appearance of the web browser changed all that and as content distribution became more important, we saw a shift from peer-to-peer to client-server networks.

But this wasn’t the end of the peer-to-peer network.

People still needed a way to share files quickly and in the late 1990s and early 2000s, we witnessed the arrival of peer-to-peer file-sharing networks such as Napster, Kazaa and BitTorrent.

Very soon, users started seeing these P2P networks as superior and faster when it comes to sharing files than a client-server network and many of them are still widely used today by users all over the Internet.

What is the Difference Between a Peer-to-Peer and a Server-Based Network?#

We already explained that, in a peer-to-peer (P2P) network, two or more computers interact with each other directly and without a middleman between them.

With a server-based or client-server network, all computers in the network are connected to a central computer called a “server”. This means that all data that is sent by one computer goes through that server before it can be received by another computer in that network.

For example, when you want to visit a webpage, like Telios.io, you don’t directly interact with that website but instead, the client (your browser) sends a request to the server on which the website is hosted and the server in return sends a response by downloading a copy of the webpage to your machine which is then shown in your web browser.

Decentralized P2P Network vs Distributed Network#

Another type of network-based centralized and decentralized or peer-to-peer is a distributed network.

As this type of network is often confused with a peer-to-peer network it’s useful to understand the differences between the two as well.

In a distributed network, all parts of the network are considered nodes and can interact with one another like in a peer-to-peer network. The difference here is that some of those nodes can temporarily become server nodes themselves to coordinate other nodes in the sub-network.

Examples and Applications of a Peer-to-Peer Network#

Here are some examples and uses of peer-to-peer networks:

  1. BitTorrent BitTorrent is perhaps the best example of how different clients can interact and share files in a peer-to-peer network. In fact, it is estimated that BitTorrent itself is responsible for more than 70% of all peer-to-peer traffic on the Internet.

  2. Zoom When it comes to video-sharing and communication, having a central server through which the communication would happen would be detrimental and would seriously slow down the communication. Instead, users can share video and audio seamlessly with each other using a P2P network through the Zoom app.

Of course, this goes for other video conferencing apps like Skype, Loom and more.

  1. Windows Windows gives several examples of a peer-to-peer network, especially with Windows 7 and Windows 8 versions.

First, in Windows 7, Windows 8 and Windows 10 (prior to version 1803) you could connect all computers in your home to a Homegroup and create a peer-to-peer network in which they can share storage and other resources.

Another example of a P2P network in Windows is also creating an ad-hoc network through WiFi on Windows 7 and Windows 8.

  1. Online Gaming Platforms Although plenty of online gaming platforms like GoG and Steam use dedicated servers instead of P2P, some major publishers prefer a peer-to-peer architecture. One such is Blizzard, which distributes its games through a P2P network.

Peer-to-Peer Network Pros and Cons#

Peer-to-peer network architecture has its advantages over both centralized and distributed architecture, but even it is not perfect and has some disadvantages as well.

Let’s see what does advantages and disadvantages are:

Peer-to-Peer Advantages:#
  • There are no expenses to maintain a central server
  • If one part of the network fails, the rest is unaffected, making it more reliable
  • It’s easier to set up and implement than a client-server network
  • Less technical staff is needed and each user gets to set their own permissions as they see fit
  • Downloading files may not be affected by the Internet speed
  • It’s scalable. If extra clients are added, the networks’ performance doesn’t change
Peer-to-Peer Disadvantages:#
  • The performance of a network degrades as more devices are added to it
  • No central backup. Instead, the only way to backup files is to store them on individual computers in the network
  • P2P networks lack security as each user is responsible for their end to assign access permissions and avoid viruses and malware that can spread throughout the network
  • It is possible to get remote access to a terminal in a P2P network without permission thanks to unsecured and unsigned codes

Conclusion#

So what about email? Is it peer-to-peer?

Traditional email services, like Gmail, YahooMail and even secure email services like Proton and Tutanota all require a central server to store data.

This means that, when you send an email to another person, that message first goes through the server before it reaches them.

Telios, however, uses a peer-to-peer network, which means that your emails can go to the intended recipient faster and vice versa and as a result, all your email content and metadata remain private.

Ready to take back control of your data and privacy? Download the Telios desktop app for Windows, macOS, or GNU/Linux (the app is still in Beta) or join our Discord channel.

What is decentralization? Benefits of a Decentralized Internet

Who controls the Internet?

If you google that question, this is the answer you’ll get:

“No one person, company, organization or government runs the Internet.”

And that is how the Internet was intended and was at first, true. But then a handful of companies started collecting and storing all data. This, to the point that you almost can’t use the Internet without them.

Sure, they may not “own” the Internet on paper, but in reality, they do.

This is why more and more people are calling for a return to the “glory days” of a decentralized and distributed Internet.

But what is decentralization and why would a (more) decentralized Internet be a good idea?

What is Decentralization?#

To understand the decentralized Internet we first need to understand what decentralization is in general.

Decentralization is a type of organizational and managerial structure in which decision-making and day-to-day operations are delegated from top management down to middle and lower management.

In the context of an organization, there are several benefits of decentralization, including:

1. It allows the organization to better diversify its products

When an organization is heavily reliant on a central authority, such as its owner or founder, it inevitably starts to stagnate as no new ideas, save those from or approved by the central authority, can swim to the surface.

In a decentralized organization, however, new ideas, markets, activities, products, etc are much more promoted.

2. Faster decision-making

Since the decisions in a decentralized organization are made closer to the problem and don’t have to be referred through the “chain of command”, this promotes faster decision-making.

In their book “Extreme Ownership”, Jocko Willink and Leif Babin explain the importance of decentralized command:

“With the understanding of the company’s mission and plan to achieve it, junior leaders must also be empowered to take action and make decisions that get the overall team closer to accomplishing that goal.”

3. Getting better executives

With more authority given, lower-level executives are in a better position to take initiative and grow their talent. This naturally makes them better at their job.

4. Less burden on the top management

In a centralized structure, where all decisions are made by the top executive(s), this creates more and more burden on them, especially as the organization grows.

Decentralizing authority serves to relieve a lot of that burden and frees up the top management from operational and day-to-day activities to focus more on managerial activities.

5. Improves control and communication

Although many organizations avoid decentralizing for the fear of losing control, in reality, decentralizing actually improves control. That’s because each department is now more accountable for its own results and their performance can be better monitored and measured.

At the same time, communication is also improved both vertically (from top management to subordinates and vice versa) and horizontally (between departments).

What is Decentralized Internet?#

Now let’s take a look at decentralization from the point of the Internet and the web.

Cory Doctorow, Special Consultant at the Electronic Frontier Foundation (EFF), a leading non-profit organization for defending digital privacy, free speech and innovation, says that:

“A Web designed to resist attempts to centralize its architecture, services, or protocols so that no individual, state, or corporation can substantially control its use.”

We’ve already talked about why a centralized Internet is a bad idea, including having:

  1. A single point of failure
  2. A single source of information
  3. And the question of “who owns the data”?

Now, let’s take a look at the alternative and see what the benefits of a decentralized Internet would be.

What are the Benefits of a Decentralized Internet or Web?#

Just like decentralization in general, decentralized Internet also has plenty of advantages, including:

1. Truly own your data

Big Data companies became “big” by monetizing your data. In fact, if say, Google disappeared one day, it would take your data with it for good.

In such a scenario, can you say that you own your data?

In a distributed and decentralized Internet, however, you will both be able to store the data yourself and be the only one with the keys to them.

2. No more single point of failure

Did you know that all data that is uploaded to Facebook must pass through one of its data centers? The same goes for Google, Amazon and the rest of the Big Tech.

Now, it’s true that Facebook (or Meta) has many data centers, but if any of them fails, that’s millions of users’ data exposed because of a single point of failure.

In a decentralized network, however, participants themselves contribute to the storage capacity. This means that, if one of them fails or gets hacked, the others can jump in and plug the gap.

3. You don’t have to put all your trust in a single, central authority

While some trust in a central authority is necessary, for instance the trust in the government to protect us against criminals, that trust has its limits.

Take the situation with Flickr in 2019. Flickr was a popular photo-sharing site owned by Yahoo, but it has over the years, fallen on some hard times.

In 2018, the site was acquired by SmugMug and the next year, started deleting Flickr images of free users.

In fact, according to one user, SmugMug deleted 63% of Flickr’s photos.

Flickr great deletion This is a perfect example of the danger of “putting all your eggs into one basket” and understanding that we don’t have to put all our trust in one place as we can never know if that’s going to fail.

4. More free speech, less censorship

Censorship doesn’t come just from countries like China or Russia. It is also prevalent in the United States for example.

With the Internet controlled by Facebook and Google and they themselves have to defer to the government, free speech is becoming a rarity and is often subdued and even stomped on.

In truth, this is probably one thing for which we can’t blame Big Tech for. If they refuse, their central serves can get shut down so they have to play along.

However, with decentralized web and peer-to-peer networks, this is much harder to do as communication doesn’t go through any server.

5. It will help the Internet grow

Yes, the Internet, as huge as it already is, can get even bigger if it gets decentralized. This is where we come back to diversifying the product. If one organization, even a big one like Google, is working on everything, things get slow.

If, on the other hand, several organizations work on different Internet and web problems, we can get more solutions, tools, products and services that help the user faster.

Conclusion#

Is decentralized Internet without fault? Of course not. We shouldn’t forget that it comes with its set of challenges.

However, at Telios, we believe that decentralized Internet advantages clearly outweigh the disadvantages, especially when it comes to your data privacy and security.

Why is a Centralized Internet a Bad Idea?

Why is a Centralized Internet a Bad Idea?#

The Internet was not meant to look like we know it today. Originally, it was much more decentralized. The inventor of the world wide web, Sir Tim Berners-Lee did not intend to have a few tech company giants controlling all our data.

How did we get to this point and why is centralized Internet bad?

Let’s explore how the Internet became centralized (or how we allowed Google, Facebook and other big tech companies to control our data) and what we, as netizens, can do about it.

From Decentralized to Centralized: How the Internet Became Like This?#

The Internet traces its origins to the ARPANET network, which was initially created in the 1960s to connect academic and military networks in the United States. However, widespread use was not really possible until much later, in the 1990s, when Tim Berners-Lee built five crucial tools for the web:

  1. Hyper-Text Transfer Protocol (HTTP)
  2. Hyper-Text Markup Language (HTML)
  3. The first web browser
  4. The first HTTP server software
  5. And the first web page

Back then, the Internet was a bit of a wild west. Anyone could publish anything and you didn’t have to rely on a single company or service to do anything.

However, soon this became too chaotic and most users started looking for what looked like a more organized Internet. This allowed companies like Google and Facebook to start dominating vital Internet services like email, search and social media by getting more and more control over users’ data.

Soon, this data control became so big that, if you ran a company and wanted to have a presence online, you had to play by their rules. Otherwise, your content stood no chance of being discovered.

What’s Wrong with the Centralized Internet?#

No doubt that, for an average Internet user, the Internet as it is today is perfect. Google, in particular, with its many interconnected services such as email, search engine, calendar, drive storage, etc. has made it all incredibly convenient and easy to use.

That said, there are many more flaws to the centralized Internet than there are for a decentralized one.

We’ll name just the biggest 3.

1. Single Point of Failure#

What would happen to your data if Google suddenly stopped working?

This seems highly unlikely from our perspective today, but is it impossible?

For example, Google officially left Russia after the government there had frozen its bank account.

Google had issued a statement about the situation:

“The Russian authorities’ seizure of Google Russia’s bank account has made it untenable for our Russia office to function, including employing and paying Russia-based employees, paying suppliers and vendors, and meeting other financial obligations.”

Up until that point, Google was the second largest search engine by market share in the Russian Federation, behind YANDEX with 47.23% market share versus YANDEX’s 50.18% in April 2022, according to figures by StatCounter.

At the same time, when it came to search engine traffic distribution, in Q1, 2022, Google was also second with 37.79%, behind YANDEX with 60.98%, according to Statista.

search engine centralization

2. Single Source of Information#

The centralized Internet doesn’t just give you a single point of failure, but also a single source of information.

We believe that we are much better informed today than our fathers and mothers or our grandparents before them thanks to the Internet. But if you have to use Google to search for information and then rely on whatever they deem fitting to be on the top (which will always be some large website), how much of a choice there you really got?

In fact, according to estimates, Google handles around 8 billion searchesevery day and 77% of users check Google at least 3 times per day to search online.

The bottom line is this - if you have a question, Google will pick an answer for you.

And that answer may not always be accurate.

For instance, in 2017, Google News cited fake news from a popular imageboard site 4chan in relation to a shooting at the Route 91 Harvest music festival In Las Vegas, Nevada.

Namely, six 4chan threads “identified” the shooter as Geary Danley and Google picked this as “Top Stories”, when the real shooter was a man named Stephen Paddock.

And that wasn’t even the end of it. Two trending stories regarding the shooting on Facebook came from the Russian government news agency “Sputnik”, which falsely claimed that the FBI had linked the shooter to a terrorist organization.

Another situation that showed that Google shouldn’t always be trusted could be found in its featured snippet.

If you’re unaware of what a “featured snippet” is, it is basically a highlighted excerpt from a text at the top of Google’s search results page. In other words, this is “Position 0”.

Technically, this position is reserved for the most accurate information on Google on a certain topic, but that’s not always the case.

In 2017, for instance, if you googled “presidents in the klan”, you would get this result in your featured snippet:

google search snippet

Then, another search, this one for “presidents in the Ku Klux Klan”, served a slightly different featured snippet, with some different names:

google search snippet

Of course, there is zero evidence that any of these presidents were ever in the KKK, but this only shows that Google search can be manipulated to spread false information.

The reason for this is that Google uses several different signals to determine what will end up on top of its search results. In the case of the Las Vegas 2017 shooting, the fact that there were very few searches for Danley's name meant that Google News would pick this news as “fresh” and put it under “Top Stories”.

A statement from Google explains what went wrong here:

“We use a number of signals to determine the ranking of results - this includes both the authoritativeness of a site as well as how fresh it is. We’re constantly working to improve the balance and, in this case, did not get it right.”

3. Who Owns Your Data?#

Finally, we get to the biggest issue of centralized Internet and that is security and privacy.

If all your data is saved in a data center that is controlled by Google or another big tech company, can you say that you “own” your sensitive data?

This problem is two-pronged.

On one hand, there is nothing stopping Google, for instance, to deny you access to your own data. Since the data is stored in the data centers that they own and control, they can, technically, do just that and you wouldn’t have much say in the matter.

On the other hand, and this one is connected to a single point of failure that we mentioned earlier, having data from billions of users stored in one place will naturally attract bad actors like state-sponsored hackers, with the idea of stealing personal information from so many users.

Conclusion#

In a way, we’ve come full circle when the Internet is in question. In the early days of the net, there was very little order and even fewer rules. Everyone could post anything and things didn’t always run smoothly.

Over time, however, everything started becoming siloed through a handful of big players, including most importantly, our own data.

Well, it’s time to get your data back and decentralized Internet, using blockchain technology, looks to be the solution we’ve been waiting for so long.

Beta Updates

Pierre Kraus

Pierre Kraus

Business Analyst @Telios

Account Settings Page, Contact Page Redesign and Improved Network Stability#

Over the last couple of months, in between our weekly games of pickle ball and occasional Playstation FIFA breaks, we have been hard at work to bring stability to the Telios network, in the form of a faster app and more reliable email delivery.

Alongside we have also added an Account Settings page which will later house our paid tiers and we gave the contact page a much needed facelift.

We've put our blood sweat and tears into this release, we know there are still some bugs and area of improvements. More stability to be had, more features to develop and refine, and aspects of the UI/UX that aren't consistent across the board but we are freaking proud of what we have accomplished with our small team.

Building a fully encrypted and private decentralized email protocol/service is a tall order, and I'd be lying if I told you this is a walk in the park. Truth is, this project has tested our limits both mentally and emotionally but it'll all be worth it.

So if you're a beta tester and you're digging this project, let it be known it helps fuel our fire of innovation.

Enough of the ramblin'

You will find below a quick summary of has been done, broken up by section of the app.

Mailbox Page#

  • Performance improvements on loading time and retrieving emails from data store
  • Updated and moved the Sync Message notification. It will now appear at the bottom of the mailbox folder navigation.

Contact Page#

  • Design update - check it out it looks completely different. Nicer to use I'd say.

Account Settings Page - NEW#

This is brand new and didn't exist before. It's just a humble beginning but eventually this section will house a lot of the control to customize your Telios experience. At the moment we have 3 tabs.

  • General Settings: Add avatar, add display name (name that will be attached to your email when sending form primary account).
  • Plan/Billing: Houses account limits and what plan you are on.
  • Security: If you're curious about the keypair your device generated you can find them there.

The things that are important but can't see#

  • We've started Mobile development and have a rough draft in testing. We were able to send and receive emails from it which is pretty amazing. It sounds trivial but don't forget we're on top of a decentralized peer to peer network.
  • The backend was completely re-written and the hypercore updated to the latest version available.
  • A migration script was develop to migrate existing user onto the latest core.
  • We modified the architecture a little bit to allow password recovery, this isn't in the UI yet but will be soon.