I read an article by Cory Doctorow in volume 26 of Make Magazine about two interrelated topics: distributed denial of service (DDoS) attacks, and the difficulty of finding a willing hosting provider for your site when it comes under scrutiny from and legal pressure by government agencies seeking information and data by force. In each case, your site, or one upon which you rely, can be slowed or stopped, either by a person or group who apply brute-force technology (whether governmental or otherwise), or by the equally overwhelming force of law. The result in either case is a chilling effect upon the willingness of hosting providers to host your site once it becomes more trouble than it is worth.
It got me thinking about what might be done to prevent or frustrate such attacks; is there a way to distribute not only the network itself, but the applications that run on it as well? Server farms and load balancers don't go far enough because they still concentrate application resources at one provider, even if they have multiple locations, backups, alternate internet backbones, and all the rest of the safeguards that go toward giving them the ability to guarantee uptime.
What comes to mind is a protocol like BitTorrent where resources are distributed not in a client-server way but in a peer-to-peer topology, providing redundancy and distribution of data in a way that would be much more difficult to stop or interrogate than the traditional internet server model. Imagine a DDoS attempt on a BitTorrent "hosted" application: there is no single choke point to attack. What about a subpoena requesting hosting information when the peer hosts are so varied in number and location?
Of course there is a major flaw in this simplistic approach: how do you trust the peers who are hosting part of your application not to poison the torrent, examine incoming and outgoing traffic, etc? Also, the nature of applications today is that they are interactive and real-time, not "download once and run," and even if you did choose to use application logic that lives solely on the client once it is obtained, in most cases in order to be useful at all the application will need to communicate with network resources and possibly persist data in the cloud.
But, in terms just of redundancy, distribution, and the lack of a central hosting provider, that kind of model seems like a step in the right direction.
