English | Deutsch

Rebooting the internet into secure mode

The internet is vulnerable to wiretapping at its root. Organisations like the NSA or the GHQ are collecting petabytes of metadata on every individual on the planet. Every day. Everywhere. And they keep it for many years. The word "privacy" doesn't mean anything to them. But it means something to most of the people living in peaceful countries. Personal freedom is at stake.

So what to do? Using encrypted services such as HTTPS, TLS help hiding the content of your communication. However at the very core of the internet, you still leave tons of traces as unencrypted metadata. Every request to resolve a domain name such as when you type https://www.example.com/ will result in a query to your name-servers. This is in the clear, no matter how secure the site is you are communicating with. The NSA might not know what you are doing on www.example.com. But it will know that you use that site and will think you could be an example-terrorist. This creates personal profiles based on your liking, your habits etc. It can bring you into the cursor of surveillance and has the potential to put you on blacklists such as the no fly list and is an insult to your personal freedom. There is no way to know, no way to correct. The only thing you can do is suffer. For life.

What's the solution?

The solution is to encrypt everything, or everything you can. Reduce the amount of metadata you leak reduces the risks a lot. Minimize any traces you leave. The bootstrap.is initiative starts at the root of all: the domain name system (DNS). bootstrap.is will give you an encrypted DNS service. Any application you use which uses hostnames will profit from it. Mail, Web, Instant messaging, Your app which checks if there's an update (and thus revealing you have this app), all that DNS communication is now instantly encrypted. Enabling SSL/TLS in the apps then is the second step. And if securing the communications is absolutely vital, adding VPN's is a third level.

So to start we need a widely available high performance, encrypted DNS infrastructure. Protocols such as DNScurve and DNScrypt are the building blocks of it. But it takes more to arrive on the mainstream.

What are the side effects?

You will skip DNS based censorship imposed by your favourite government or ISP.

Why not simply use DNSSEC?

DNS Sec will not help you in encrypting DNS. It helps you in verifying the authenticity of the information provided but the communication is still in the clear from a resolver to the DNS server(s).

What about

Google's DNS servers are a similar distributed infrastructure but its not encrypting. It helps you on the censorship avoidance maybe. Google is US based and thus subject to american search warrants which are based on secret laws with lousy legal boundaries. There are endless examples of abuse by FBI and CIA just because they can. Also NSA did wiretap Google directly in the past. If you want to trust Google's management or not is not even the question anymore.

What about secret orders to wiretap bundled with gag orders etc.?

Operating out of Switzerland and Iceland, we are not subject to any fabricated US search warrants, gag orders or similar weapons of mass humiliation. Switzerland and Iceland are in the topmost peaceful places on earth and hold up privacy and respect. So unless there are some real serious crimes at stake, wiretapping wont be allowed and in all cases a judge has to order it, no exception.

So what's the plan?

Here is what bootstrap.is will do for you: On top of that, additional services can be built such as secure Mail, VPN etc. which we might pursue in a second step.

Who's behind all this?

I want this! What now?

We plan to launch a funding campaign through Indiegogo. Leave your email and we will inform you when we launch it. After the service is launched, we plan to offer it for a very very small yearly fee. Initial backers would get a lifetime account.

e-mail:    (mandatory)

How can you help?

As this is a heavy infrastructure based project, the running costs will be very substantial. So this only works out if we have many millions of users. And for that we need to reach the critical mass to make the project worth while. So talk about this initiative to your friends. Help others understanding that privacy matters. You can also donate by bitcoin to 1HQmUeFJHDkEdLPQPeAP1CbkDynYbxPfZK. If you are an ISP, you can donate rackspace and connectivity in major datacenters. We also will need support for other languages and we will need crypto and security experts to assist us in verifying it stays secure.

There's lots to be done. Lets bootstrap the internet into secure mode and get our privacy back!


Your e-mail: