Internet DRAFT - draft-fabbrini-web-model-unentangled-network

draft-fabbrini-web-model-unentangled-network



Independent Submission                                       M. Fabbrini
Internet-Draft                                          February 8, 2020         
Intended status: Informational                     
Expires: August 11, 2020    
                             

                 A Web Model where Content Is Stored in a 
                  File's Source: The Unentangled Network

              draft-fabbrini-web-model-unentangled-network-01


Abstract

   This document describes an experimental model of web whose main 
   characteristic is that the content is stored in a file's source and 
   accessed through a common text browser from the command line under 
   Linux Os.

   This work also aims to evaluate the implications of such a network 
   in relation, among other aspects, to security and tracking.


Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on August 11, 2020.


Copyright Notice

   Copyright (c) 2020 IETF Trust and the persons identified as the
   document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of

Fabbrini                 Expires August 11, 2020                [Page 1]
Internet-Draft           The Unentangled Network           February 2020

   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.  


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  2
     1.1.  Requirements Language  . . . . . . . . . . . . . . . . . .  2
   2.  The Core . . . . . . . . . . . . . . . . . . . . . . . . . . .  3
   3.  System Requirements  . . . . . . . . . . . . . . . . . . . . .  3
   4.  Content Retrieving . . . . . . . . . . . . . . . . . . . . . .  3   
   5.  Ineffectiveness of Malicious Scripts . . . . . . . . . . . . .  3
   6.  Fingerprinting . . . . . . . . . . . . . . . . . . . . . . . .  4 
   7.  Ads  . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  4 
   8.  Separation of Content and Form . . . . . . . . . . . . . . . .  4     
   9.  Enhanced Trust . . . . . . . . . . . . . . . . . . . . . . . .  4   
  10.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . .  4  
  11.  Security Considerations  . . . . . . . . . . . . . . . . . . .  4   
  12.  Informative References . . . . . . . . . . . . . . . . . . . .  5
  Author's Address  . . . . . . . . . . . . . . . . . . . . . . . . .  5


1.  Introduction

   Nowadays getting text content is not a risk-free task and also 
   involves some drawbacks that often discourage the intensive use of 
   the internet by some users who are particularly sensitive to privacy 
   issues. 

   Rendering a web page in a browser poses first of all security risks 
   deriving mostly from the execution of malicious script code.
 
   Secondly, the tracking of every user action carried out by the 
   advertising machine, which was once mainly represented by cookies, 
   is now enriched by tools that are permanently installed on local 
   storages, such as for example service workers and IndexedDB.
   The particular web model proposed in this document mitigates both
   the security risks and the intrusiveness of tracking tools.


1.1.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this

Fabbrini                 Expires August 11, 2020                [Page 2]
Internet-Draft           The Unentangled Network           February 2020

   document are to be interpreted as described in RFC 2119 [RFC2119].


2.  The Core

   The peculiar characteristic of this model is that the text content 
   is inserted in the source of a file. 

   The carrier document can be of two types:

      i.  a text file saved as an image or binary format. 
     ii.  a file in which the textual content follows the correct hex 
          signature such as for instance "42 4D" relating to the BMP 
          format.


3.  System Requirements

   The model was imagined for the Linux Os environment with Lynx as 
   text browser. Lynx, one of the most popular web browsers for 
   command-line interfaces, was originally designed to display plain 
   ASCII text on simple terminals of UNIX, without including any 
   multimedia content. Although Lynx is preferable for some specific 
   features, any other text web browser can be used.


4.  Content Retrieving

   To start Lynx, at the command line prompt, enter 'lynx' followed 
   by the '-source' option and append a carrier document's url. 

   Example:

   'lynx -source https://example.com/.../foo.png'

   The result of executing this command is that the unrendered source 
   of the document is displayed.


5.  Ineffectiveness of Malicious Scripts

   Since the unrendered source is retrieved, no event can be triggered 
   by a script. 

   In particular, attacks launched via JavaScript will be impossible 
   to perform. 



Fabbrini                 Expires August 11, 2020                [Page 3]
Internet-Draft           The Unentangled Network           February 2020

6.  Fingerprinting

   Browser fingerprinting involves gathering information about an 
   internet user's browser and associated software and hardware, such 
   as the browser type, the operating system, various network request 
   headers, cookies, extensions, screen resolution and so on.

   These properties can be collected using JavaScript.

   Since in this environment no script can be run, fingerprinting 
   methodologies based on JavaScript are ineffective.


7.  Ads

   In a text-only environment, with scripting languages out of the game, 
   the invasive banner and video ads that often make the content de 
   facto impossible to read, will not find space. 


8.  Separation of Content and Form

   This web model allows the separation of content and form. 

   In fact, it is up to the user to choose the font, size, color, acting
   on the terminal settings of the installed Linux version.

 
9.  Enhanced Trust

   As a consequence of what is discussed in paragraphs 5, 6 and 7, the 
   information system resulting from the implementation of such a 
   network model will be probably trusted by the users.


10. IANA Considerations

   This memo includes no request to IANA.


11. Security Considerations

   In addition to what is examined in paragraph 5, it is worth noting 
   that although in any browser it is possible to disable JavaScript, 
   in the Unentangled Network security is in a certain sense 
   "by design". In fact, it is the model itself that prevent scripts 
   from running and no user intervention is required.


Fabbrini                 Expires August 11, 2020                [Page 4]
Internet-Draft           The Unentangled Network           February 2020

12. Informative References

   [I-D.wood-pearg-website-fingerprinting]
                      I. Goldberg, T. Wang, C. Wood, "Network-Based 
                      Website Fingerprinting", draft-wood-pearg-website
                      -fingerprinting-00, (work in progress).

   [SW]               F. Copes "Service Workers explained"
                      <https://flaviocopes.com/service-workers/>

   [Lynx]             Thomas E. Dickey
                      <http://lynx.invisible-island.net/>
     
   [JSTAttacks]       Michael Schwarz, Florian Lackner, Daniel Gruss
                      Graz University of Technology "JavaScript 
                      Template Attacks: Automatically Inferring Host 
                      Information for Targeted Exploits

                      <https://www.ndss-symposium.org/wp-content/
                      uploads/2019/02/ndss2019_01B-4_Schwarz_paper.pdf>
   

   [JSFingerprinting] T.Claburn "JavaScript tells all, which turns out 
                      not to be so great for privacy: Side-channel 
                      leaks can be exploited to follow you around the 
                      interweb
                      <https://www.theregister.co.uk/2019/06/11/
                      javascript_fingerprinting/>


Author's Address

   Michele Fabbrini
   Email: unentangled.net@protonmail.com   
   335 Via Statale Abetone
   I-56017 San Giuliano Terme
   Pisa, Tuscany
   Country: Italy 
   

Fabbrini                 Expires August 11, 2020                [Page 5]
Internet-Draft           The Unentangled Network           February 2020