## Big Browser is Watching You

Big Browser Is Watching You

by 20h

## Introduction

* Introduce the HTT Protocol.
* Introduce the gopher protocol.

* Compare both protocols
	* complexity-wise
	* security-wise
	* privacy-wise
	* implementation-wise
	* stability-wise

## The HTT Protocol

HyperText Transfer Protocol (HTTP)

* first released in 1991 as version 0.9
* version 1.0 released in 1996
* version 1.1 released in 1997, 1999 and 2014
* HTTP/2 released in 2015
* HTTP/3 released in 2022

## Complexity Comparison: HTTP/0.9

	C: GET search
	S: <HTML></HTML>

## HTTP/1.0

	C: GET|HEAD|POST search HTTP/1.0
	C: User-Agent: SpyOnMe/1.1 (BillGates 95)
	S: HTTP/1.0 200 OK
	S: Content-Type: text/html
	S: Server: RealIndian 0.69
	S:
	S: <HTML></HTML>

## HTTP/1.1

	C: GET|HEAD|POST|POST|PUT|DELETE|TRACE|OPTIONS search HTTP/1.1
	C: Host: microsoft.com
	C: User-Agent: SpyOnMe/1.1 (BillGates 95)
	C: Accept: text/html;q=0.9,*/*;q=0.8
	C: Accept-Language: en-US,en;q=0.5
	C: Accept-Encoding: gzip, deflate
	C: Referer: https://xvideos.com

## HTTP/1.1

	S: HTTP/1.1 200 OK
	S: Connection: Keep-Alive
	S: Content-Type: text/html; charset=utf-8
	S: Date: Fri, 22 Jul 2022 10:40:32 CEST
	S: Server: RealIndian 0.69
	S: Vary: Cookie, Accept-Encoding
	S: Age: 69696969696969
	S: Etag: "547fa7e369ef56031dd3bff2ace9fc0832eb251a"
	S:
	S: <HTML></HTML>

## HTTP/2

	C: GET ...
	C: Upgrade:
	S:

	[complex binary multiplexing protocol]

Multiplexing over TCP, so many files can be retrieved.

Different protocol types over one channel.

## HTTP/3

	C: GET ...
	C: Upgrade:
	S:

	[Complex binary multiplexing protocol over a UDP protocol]
	[breaking TCP reliability]

More logic additionally to HTTP/2, but now replacing TCP too and
then reimplementing all advantages of TCP.

## HTML

HyperText Markup Language

* Complex iterations of abstractions with sub standards of complexity.
	* CSS, XHTML etc.

## JavaScript

* Adding a full scripting language to all your simple HTTP connection
  sessions.
* supports 3D
* supports hardware drivers like USB
* created exploits even to the CPU memory level

## HTTPS

HTTP with TLS

* now inherent in HTTP/2 and HTTP/3

* has all modern TLS versions

## The Gopher Protocol

* first released in 1991
* includes a specification for the hierarchy
* is meant to be simple
* gopher+ never grew up

## Complexity Comparison: Gopher

	C: selector
	S: [response]

	C: selector\tsearch
	S: [response]

## Gopher Menu

	ItemType\tText\tselector\tserver\tport\r\n

## Gopher TLS

* a simple standard based on reading the first byte of a selector

* simple backwards compatibility to all old servers

* no separate port required

* use your favourite TLS library

* gives all TLS security features (cert checking)

* will simply be upgradable to whatever TLS gives in the future

## Security Comparison

* HTTP uses TLS

* Gopher uses TLS

	technical equality


* but see implementation comparison

## Privacy Comparison HTTP

* has complex headers

	* they used to be MIME, which is even more complex

	Some-Complex-Header: Some long line is here
		and even longer; attribute=something

	* allow easy footprinting of the user

	* user has no control over headers

* all layers above HTTP are even more privacy-ridden

	* (eternal) cookies
	
	* javascript, which reads out hardware details, for example

	* CSS and javascript reading from other tabs in the browser

## Privacy Comparison Gopher

* there are no headers

* tracking would be obvious

	* by IP

	* by some selector path

		/session/$session

See the Gopher Onion Project for how to be really anonymous on the
Internet:

	gopher://bitreich.org/1/onion

## Implementation Comparison

A comparison of fully-fledged implementations of the protocol.

## Implementation Comparison HTTP

Chromium: 12GB of disk space.
(Checking out chromium takes days!)

	% sloccount httpd # Apache httpd
	230984

## Implementation Comparison Gopher

	% printf "/\r\n" | nc server 70 | cut -f 1 | cut -c 2-

	% sloccount sacc
	1924

	% sloccount geomyidae
	2040

## Stability Comparison HTTP

* HTTP is changing over and over again.

	* See timeline above.

* The protocol is a political playball by Google to make profits and
  control the market.

	* Google will add implementation details just to hurt you.

* It is unreliable to invest into this protocol.

## Stability Comparison Gopher

* Stable for years.

* Noone has some interest to change it.

	* See how people moved to gemini and did not reform gopher.

* Perfect long-term investment for anyone who wants stability.

	* Noone wants to hurt you.

## Summary

If you want stability, simple implementations (1 major bug in 1000
sloc!), you are best off using gopher in any future product.

If you need privacy to protect your life from some dictator, use
gopher (over tor).

Google is evil.

Join the Berners-Lee Kicking Club!

## Questions

Any Questions?

## Thanks

Comments and Critique please to:

	Christoph Lohmann <20h@r-36.net>