Anyone remember the P2P craze of the early 2000s'?
Or was it late 90s? What's left over from that? Freenet?
What I'm always wondering about: Someone needs to foot the server/bandwidth bills. Who?
If you run a Pi on your home network and serve requests with your 5MB/s upload: That's fine. More power to you. We need more of that. (and in that case, you are paying your ISP)
But the transformation envisioned and the bandwidth and compute required doesn't come for free. Someone's gotta pay. In things like dollars.
How can this work?
P2P systems historically have dealt with the problem altruistically, or with limited tit-for-tat, which both work in many cases, but have so far failed to work for large scale long-term resilient systems.
This is where Bitcoin managed to do something remarkable: achieve high uptimes typical of the best centralized systems, through a very clever, but still open and permissionless, economic incentive structure. Markets have been shown to be extremely useful to create a robust Open Services. More on these ideas here: https://www.youtube.com/watch?v=IfLIoOr4p0A -- we think this kind of thing is going to lead to extensive, global, public utilities run w/ internet-native money.
But it will take a while-- this stuff is extremely difficult to build right now-- it feels similar in nature to very early Web, or pre-unix systems. Lots of hand-rolled primitives, many with the capacity to cause serious failure (not very old cryptography, and complex security questions). Perhaps better programming languages will help us build these systems dramatically faster/easier. For now though, you can see the entire blockchain space wrestling with these problems.
P2P craze gave birth to BitTorrent. And p2p bandwidth does actually come for free for modern broadband ISPs with fiber to the building kind of infrastructure. In fact p2p allows ISPs to even save on expensive bandwidth by pushing more traffic over local and inexpensive routes that sit unused. Although bandwidth costs are already insignificant, take like $1 per month per consumer tops, so it shouldn't even be of any concern.
It's not the cost that's preventing what you mentioned. It's the ISPs which don't allow incoming traffic and have symmetric NATs all over there network. IPV6 is here and we should have gotten rid of NAT long ago but there's no incentive for corporations or ISPs so we are stuck here.
The main barrier to P2P isn't cost or bandwidth or algorithms. The main barrier is NAT. As long as IPv4 with P2P-unfriendly symmetric NAT is the dominant way of accessing the network, P2P will remain hard and niche.
One ugly hack to get around one problem (IPv4 address scarcity) has single-handedly transformed the structure of the Internet from a mesh to a top-down monopoly-driven medium. NAT is like literally Satan.
It wouldn't be quite as evil if it weren't so often symmetric, but for some odd reason symmetric is what many vendors implement. I can't for the life of me understand why symmetric NAT exists when the same scalability can be achieved with port restricted cone NAT that falls back to symmetric-like behavior if port preservation is not possible due to resource exhaustion. That would yield working P2P >90% of the time instead of <5% of the time.
Things aren't that bad. Hole punching can still work most of the time for broadband and you don't really need all that many nodes with routable IP addresses. Scale makes this problem even less of an issue. Mobile networks are somewhat problematic though, but they cannot be heavy nodes either way and have to be lightweight clients that piggy back from normal nodes.
We actually find NAT to be a pretty big problem still. Even using NAT-PMP, upnp, and hole punching, we still see a roughly 70% (sometimes much higher) undialable rate. Especially for people running ipfs in China (though high failure rates are also observed in other countries).
We're pushing hard on getting libp2p relays up and running to help get through this. The idea is that we can use a relay to make the initial connection, then ask the remote peer to try dialing back (assuming that both peers involved arent undialable).
NAT is merely a tool. Using it to restrict user activity is bad. Using it on your home network to preserve your privacy (ie how many devices you have and what each is doing) is good. There are also other use cases (both good and bad) that I'm omitting here.
NAT doesn't help privacy either. There are a million plus one ways to fingerprint or track a web browser without knowing anything about the end user's IP. A modern browser presents a ton of surface area. It's also quite easy to track by externally visible IP or IP prefix (e.g. /24 or /64 in IPv6) if you make certain nearly-always-valid assumptions about the timing and sequential nature of user behavior.
I think a lot of people just don't grasp how easy tracking actually is. Think of how obscure and sophisticated hardware-level attacks have become: Spectre, RAMBleed, etc. Now imagine the surface area presented by a browser. It can and does get that clever.
The only way to really prevent tracking is to use a sandboxed browser with strong anti-tracking features and redirect your traffic... or use a P2P decentralized system!
If we didn't have NAT, we'd probably have much more privacy-respecting P2P alternatives to the centralized web and we'd also have easy to use P2P systems for anonymizing requests by bouncing them off other peers. In other words without NAT our privacy tech would be better.
I'll be more accurate than saying NAT is Satan. NAT is a massive piece of technical debt. It's a "simple" hack that breaks something fundamental about the Internet, namely namespace unity. That in turn makes a ton of other stuff exponentially more difficult.
Regarding privacy, your response seems very focused on web browsing. I agree that NAT plays no role there - it's at a lower level. I was referring only to the potential for masking devices - with NAT, there's no way to tell how many (or how few) devices are producing a given stream of traffic. To the extent possible, I'd rather external observers (particularly my ISP) not be able to tell what's going on inside my network or how it's configured.
In case this isn't making sense, imagine a scenario in which your ISP equates simultaneously active IP addresses to number of active devices and then adopts a fee structure based on this. Or perhaps just tries to profile the types of devices that are active on your network in order to sell that data to third parties. For example, identifying how many Alexas or smart locks or whatevers that you have, correlating that with how many devices are streaming or browsing, correlating this with customer demographics, and so on.
NAT is a useful tool for engaging in namespace shenanigans - consider NAT-based load balancing, for example. It can also be used for ill, and I agree that the current state of affairs is unfortunate.
There are cases where NAT can be used beneficially but those are probably less than 10% of NAT usage. Most NAT usage is to get around IPv4 address shortages. Symmetric NAT is just pointless.
I also still think you're not fully enlightened as to just how easy tracking can be. It's not just web browsers. Every single distinguishable characteristic of a client forms one bit in a hash that can be used to track it, and thus distinguishing precision is 2^N where N is the number of bits of information that can be gathered.
Your IPv4 /24 already provides 24 almost always unique bits, so that's a good start for any tracker. Now start correlating /24's over time using clustering algorithms. Now start TCP fingerprinting, keeping track of pinned certs, measuring anything and everything that can be measured about a client. Pretty soon you're up to something like 32 bits which is one in four billion.
I use web browsers as an example because they're just embarrassingly easy to fingerprint.
Fair enough, I don't know enough about usage of different NAT types to debate such things (and never intended to).
Regarding tracking, I'm still not sure that we're talking about the same thing here. Are you saying that fingerprinting could be used to accurately extract per-device data from the aggregated stream? That is, if an entire network is hosted behind a single external address via NAT, are you suggesting that the carrier could reconstruct the separate fingerprints from the aggregate data stream that they have access to?
If so, that would be news to me. Obviously they can make some educated guesses (a single device probably isn't originating simultaneous Netflix and YouTube video streams), but I'm assuming that aggregated (TLS encrypted) data streams are going to be fairly difficult for an external observer to tease apart.
BitTorrent, Tor, Bitcoin, and the other cryptocurrencies are the results of "the P2P craze of the early 2000s". They resulted in Wikileaks, Snowden, and Trump, not to mention the current blockchain feeding frenzy. Freenet is, by comparison, somewhat less important.
I'm puzzled by your comment because in the second paragraph you provide the answer to the question your third paragraph is about. If people are paying their ISPs for bandwidth in things like dollars, what's the problem? It's true that bandwidth is more expensive when you buy it retail from ISPs rather than wholesale in data centers, but only by a factor of two or three, so this is only an issue for the most bandwidth-intensive applications, such as Netflix streaming.
Bandwidth and computation are extremely cheap now, so I don't think this is really an issue. As a point of comparison, when I started browsing the web in a graphical web browser in 1993, I was running it on a ≈100-MIPS RS/6000 with a couple of dozen other people. There were nearly a thousand web servers (in the world, not on the RS/6000), but each one could only serve about one or two hits per second, mostly on machines similar to that one. Shortly after that, my university, with a few thousand students, upgraded its shared connection to 45 megabits per second, as part of a contract to manage a supercomputer center in another state.
My cellphone runs about 10,000 MIPS, and would have no trouble handling 5000 hits per second; this is more than the entire WWW at the time and well into 1994. Most homes in rich countries have more individual bandwidth than I was sharing with hundreds of other active users at the time.
We don't have a shortage of bandwidth or computation. We have a shortage of community, a shortage of innovation, a shortage of cooperation, a shortage of imagination, and a shortage of freedom. But bandwidth and computation are abundant in a way that was unimaginable in the days when we built the WWW.
What I'm always wondering about: Someone needs to foot the server/bandwidth bills. Who? If you run a Pi on your home network and serve requests with your 5MB/s upload: That's fine. More power to you. We need more of that. (and in that case, you are paying your ISP)
But the transformation envisioned and the bandwidth and compute required doesn't come for free. Someone's gotta pay. In things like dollars. How can this work?