What is ORC and How Did We Arrive Here?

Em
Dead Canaries
Published in
6 min readMar 29, 2019

--

ORC has a pretty interesting history.

I wanted to explain how the Onion Routed Cloud works from a technical perspective, but I think that might be terribly boring. So, instead I’m going to tell the story of the Onion Routed Cloud, because that won’t put you to sleep and it’s way more fun to write about.

In 2014, I picked up a book called When Google Met WikiLeaks. It’s basically just a transcript of a conversation between Julian Assange and Eric Schmidt. Now, generally speaking, when two (pseudo)intellectual men start debating each other, it’s my cue to leave the room, but in this case I did read the entire book. I don’t really remember most of it anymore, but there was one specific part that stuck.

Assange sort of abstractly describes a hypothetical system where documents can be stored across some number of computers. The files are indexed by a hash (this is called “content-addressable” and it means that every piece of data can be reduced to a single unique number and that number is used as a lookup key). He discusses how this could resist censorship and how such a system could be relevant to WikiLeaks.

About a year later, I found myself participating in a weekend hackathon with some of my friends. Several months before, I had begun working on an implementation of Kademlia, which is a “distributed hash table” (which is a way of storing a simple database across any number of computers). I had started working on this implementation as a learning exercise and while it wasn’t the mature project it is today, it was functional.

So, we started thinking about what we could build with this framework and decided to try to implement this document storage network that Assange spoke about. We called it BYRD (Bring Your Restricted Documents). It was simple: drop a file in the webpage, our logo (a goofy-looking tropical bird) would start “chomping” away — splitting the file into pieces, encrypting them, and storing the pieces across a few different computers. The metadata (the information about where the pieces were, what order they go in, and how to decrypt them) would get stored too and you could put it all back together by plugging in a single key. It was rad!

We lost.

Maybe it was the beers, bugs, and goofy bird logo. Maybe it was the drunken narration on our demo video. Whatever it was, we lost to a tile-matching game (albeit a really good one) and I was pretty sore about it. The project sat on the island of misfit repositories for a couple of months, before I got a call from one of my friends who had worked on it.

I was unemployed at the time. My — let’s call it —“worldview” has a tendency towards disdain of working hard so that someone else can buy a Tesla. And a mansion. And then scream at everyone all the time. My friend knew that I needed work and had been introduced to a few people working on a new startup called Storj Labs. My friend had told them about our hackathon project and it sounded similar to their whitepaper (only we didn’t have or need a blockchain). They wanted to meet me and talk about coming to work with them.

That was how I met the second man I ever loved (the first is Murray Bookchin, just “Google him”). I joined Storj, excited about the opportunity to work full time developing the kind of technology that could enable platforms like BYRD to help journalists and whistle blowers. I knew from the beginning that Storj could never be the project I wanted BYRD to be, but it was an opportunity to further the development of related technology that would be free and open source.

So, we hired some more engineers. Then some more. And before I could say “blockchain”, I was leading a strapping little team of hackers — friends brought from past projects and new friends too. We had some interesting problems to solve. How do you manage an autonomous customer-provider relationship? How do you ensure quality of service when your infrastructure runs in the basements of strangers? How do you protect the privacy of users?

There were conflicting interests between building a decentralized network and sustaining a for-profit business. In many ways, it was these conflicts that ultimately led me, half the founders, and a handful of engineers to walk away. And while it sucked to leave many friends behind, everything we had developed together was still free and open source software. I was determined to keep the project that I always wanted alive.

So, ORC was born out the ashes of a dead Storj pull request and sustained by manic depression. I started making significant changes to the architecture — piggybacking on Tor so that nodes were anonymous and implementing a new reputation system. I managed to convince Zooko to meet up for a chat about integrating Zcash (which we ultimately didn’t do). One of my friends who worked on Storj with me early on pitched in and we did a conference (don’t mind me there, pretending to be a boy).

ORC started to get some support from a few Storj followers and gained a small following in the blockchain space (which is hilarious, because we never have and never will have a blockchain as part of ORC). And for a while, I made some more improvements like adding a web interface and eliminating the dependency on central servers. I got the project to a stable working state and then interest dried up. Nobody cared. I didn’t know how to reach out of the blockchain space and into the communities that I wanted to help. So it stagnated for months.

And months.

Then one day, somehow, I connected with The PostScript Project. Max Thake, the founder, is a family friend of the late Daphne Galizia who is famous for the Panama Papers and her subsequent assassination by car bombing. Max was seeking to use distributed ledger technology (or “DLT” — a parent category of “blockchain”) to help prevent journalists from being killed, like a vigilance control system (or “dead man’s switch”).

Max, his colleague Vincent, and I began discussing how ORC worked and together we ultimately decided to merge our efforts. They started promoting ORC and I got back to working on the software. This was what the project needed: an “in” to the communities I was seeking to defend. We got some press in Malta and were generating a bit of “buzz”, but I was afraid.

I was afraid of killing journalists.

I told Max and Vincent that I couldn’t in good faith encourage ORC to be used until we could have the software undergo a thorough security audit and evaluation by a third party. Easier said than paid for. Security audits are expensive. I know, because I’m a security researcher.

Some time went by; we raised a whopping $350, applied for a grant from the Open Technology Fund, and did a whole lot of waiting. Max, Vincent, and I kept periodically checking in and brainstorming, but we were basically at a halt until $24,000 magically appeared. Lucky for us, it eventually did.

A friend of a friend, John McAleer, the founder of the company behind ANTI, a privacy-oriented social network, generously donated the funds needed to undergo the security audit by Least Authority. Then, weeks later, the Open Technology Fund approved a proposal to fund a security audit by Radically Open Security. Both audits are currently in progress at the time of writing this and we are very excited for the results, remediation of any findings, and subsequent production release of ORC.

Interestingly, today’s version of ORC looks a lot more like BYRD than the Storj code base from which it evolved. Eliminating the complexity of managing customer-provider relationships, cryptocurrency payments to ensure quality of service, and many other design constructs strictly tied to the development of a business allowed us to greatly simplify things and focus our design goals strictly on: anonymity, privacy, and security for our users. Shifting from monetary reward incentives for building the network to a volunteers allowed us to shift focus away from complicated economic models that are often at odds with an altruistic project.

This brings us to now.

In a few clicks or a few commands, you can volunteer your computer to join an anonymous network of other allies storing encrypted file pieces on behalf of our journalists and activists around the world who are at risk. Together we can help make their communication with sources, each other, and ultimately all of us safer. And likewise, in a few clicks journalists can share sensitive information easily, securely, and anonymously then publish that information on a resilient platform that nobody owns and is highly resistant to censorship.

ORC is a project that is several years in the making and we are very excited to say that we are just getting started.

--

--