Are Doughnuts Better than Cookies?

Nicole Upchurch
CENNZnet
Published in
6 min readJun 3, 2020

Despite appearances, this won’t be an epic debate between which of these popular treats reigns supreme. But if you find the online architecture of tomorrow interesting, there are plenty of valuable insights ahead.

Since the inception of the world wide web, the internet has gone through distinct phases of development. These phases have come to represent our past and present interactions with the online world. However, this trajectory remains at odds with the founding principles of online infrastructure. Prominent early-web architects like Tim Berners-Lee remain vocal in their opposition to the current centralisation of web platforms.

However, today’s decentralised technologies offer an alternative to the dominant client-server platforms we have come to rely on. For many, Web 3.0 or the decentralised web presents an opportunity to rectify the issues resulting from decades of rampant, often unauthorised data collection.

Source: Deloitte

However cookies, one of many tools used to obtain user data, have been subject to greater scrutiny in the wake of a ‘user privacy’ push back. Recurring data breaches continue to exacerbate online privacy concerns, and momentum is building. For those visiting EU-based web pages, the recently enacted GDPR protocol now requires the use of cookie notification banners. However, while some data collection mechanisms remain distinctly intrusive, cookies also serve to optimise the online experience by storing credentials for future reference.

So, how do we find a balance between privacy and efficiency? Fortunately, the advent of decentralised technologies and resulting integrations present a path forward. However, to adequately highlight these advancements, an understanding of early authorisation credentials is key.

What are Cookies?

Cookies came to be in 1994 as an internet efficiency mechanism. However, they have since become a crucial source of data for online advertisers, shopping platforms, and page personalisation efforts. But what are they exactly?

In short, cookies are messages passed from a web server to a web browser when visiting a site. Browsers store each of these messages in a small file known as a “cookie.txt.” Whenever internet users visit a website, browsers send cookies back to the server for future reference. Cookie files typically include information about each web page visit along with any user data offered up on the page.

Source: Reddit

Cookies are most commonly used to track website activity — think of it as a digital identification card. Upon each visit to a particular website, browsers cross-reference prior visits, seeking authorisation to display personalised information. While this authorisation method has been in use for decades, more recent iterations offer greater control over permissions.

Macaroons: Layered Cookies

Recall that cookie data collection methods present several privacy concerns and offer relatively basic functionality — enter Google’s Macaroons. It’s crucial to note that macaroons represent a proposed method of distributed authorisation; the technology is not technically decentralised.

Macaroons, or “layered cookies,” build on the authorisation methods of regular cookies by embedding caveats that attenuate and contextually dictate when, where, by who, and for what purpose a target service should authorize requests. The introduction of these contextual caveats facilitates distributed authorisation.

Source: The Mobility House

In the example above, a user wishes to limit macaroon access to a select username within a set period of time. To achieve this, two layers of first-party caveats are set before it’s sent to another party. By adding these caveats, the macaroon is attenuated, or the user attenuates the macaroons rights. As such, the macaroon is only able to access associated services with a specific username within a set timeframe.

While this functionality is an improvement over early web cookies, Web 3.0 development has begun to generate fully decentralised authorisation technologies capable of achieving further autonomy.

Doughnuts: Decentralised Cookies

According to Consensys, the first two generations of web infrastructure, or Web 1.0 and 2.0, added $4 trillion to the global GDP and created 25 million jobs in the US alone. If the development of Web 3.0 continues as forecast, another $4 trillion in global GDP is expected along with millions of new jobs. But getting to this place will require ongoing collaboration across the blockchain ecosystem.

Aiming to build a solution that accelerates this transformative process, Centrality has introduced a proprietary, decentralised cookie known as “Doughnut.” But why call it a doughnut? In short, the name reflects the concept of decentralization; there’s no centre in a Doughnut nor central authority in a decentralised network. By giving users control of their data, these Doughnuts expand on the distributed nature of macaroons but more closely emulate the functions of cookies.

But for the sake of comparison, we can look to JSON Web Tokens (JWTs) to better understand how doughnuts work in the decentralised realm.

JSON Web Tokens (JWTs)

In essence, a Doughnut is a blockchain-optimised version of a JWT — despite being distinctly different technologies. However, assessing the functions of a JWT precludes a better understanding of Centrality’s Doughnut technology. In general, JWTs are an open, industry-standard RFC 7519 method for securely representing claims between two parties.

Source: Toptotal

However, while Doughnuts are optimised for the decentralised realm, JWTs remain a product of centralised ecosystems. But how are they the same? When a user successfully logs into a centralised platform using their credentials, a JWAT is generated. Mirroring this dynamic, user-generated Doughnuts provide user access to platforms. While these comparisons highlight an apparent inverse relationship, Doughnuts also expand on the functionality of JWT solutions.

Why Doughnuts Are Better than Cookies (and Macaroons)

As mentioned, Doughnuts are a blockchain-built authorisation mechanism — but what makes them so unique? To start, unlike their centralised cousins, Doughnuts provide access to both centralised and decentralised technologies, advancing interoperability. Further, although distributed macaroons offer up improved functionality over centralised technologies, they too remain incompatible with decentralised technology. With these relationships in mind, we can begin to elaborate on the benefits of Doughnut technology and this unique approach to managing online permissions.

Decentralised Permissions

Although Doughnuts are issued by an “issuing party,” users must initiate this process by requesting an address that provides access to a particular platform. Unlike centralised cookies and distributed macaroons, any set of entities can revoke a decentralised Doughnut. These parameters are entirely configurable and depend on the Doughnut revocation version in use. This dynamic is in stark contrast to the centralised, server-side oversight seen across the web today.

In summary, by operating over blockchain architecture, Doughnut permissions remain immutable, configurable, and agile. And because permissions are rich with data in comparison to static cookies, including parameters for time and value, more information is accessible for future reference further enhancing the online experience.

Moving Off-Chain

Although Doughnuts are not a blockchain-scaling technology, they facilitate pre-authorisation and storage optimisation, accelerating communication between all technologies — centralised or decentralised. As many in the blockchain ecosystem know, on-chain transactions are sometimes costly and bogged down by congestion. Depending on network use at any given time, fees can be high, and confirmation times slow.

In response to these obstacles, Doughnuts were built to function in an off-chain environment. As a result, significant savings are a natural result in the absence of gas fees and other transaction costs. Further, because transactions can occur off-chain and even offline, network congestion is one less variable to consider.

Source: Crypto Encyclopedia

By storing data off-chain, while maintaining the inherent security of decentralised infrastructure, Doughnuts present an undeniable value proposition. And because Doughnut architecture supports the use of cross-chain contracts and the creation of permissioned networks inside a public blockchain, functionality can be leveraged further. In combination, this superior flexibility and functionality are poised to change the game.

Everyone Likes Doughnuts

Doughnut technology builds on previous privacy-preserving initiatives using patented CENNZnet technology. And while the technology aligns with the principles of internet cookies, it can serve a myriad of functions outside the authorisation of applications. Whether using conventional or decentralized platforms, doughnuts represent an opportunity to bolster user privacy across the web.

So, are doughnuts really better than cookies? We’ll let you be the judge.

--

--

Nicole Upchurch
CENNZnet

Not going to win a Pulitzer, but I don’t completely suck either