Interview with Michał “rysiek” Woźniak (LibResilient) – NGI Assure beneficiary

“LibResilient” Project

Are you intrigued by the challenges of running high-stakes websites and keeping them resilient against traffic spikes and DDoS attacks?

Do you believe there’s a better way to maintain website accessibility without relying on centralized gatekeepers?

If you answer yes, you’re in for an enlightening experience with this new interview, where you’ll meet Michał “rysiek” Woźniak, a techie, information security expert, and digital human rights activist.

Learn the story behind LibResilient, a groundbreaking tool that keeps websites accessible even when their infrastructure is down.

Are you curious to learn more about how LibResilient addresses critical issues like centralization and website brittleness and how it empowers NGOs and small media organizations to maintain their online presence without depending on large Internet companies?

Welcome to the world of LibResilient!

Can you introduce yourself and your project?
I’m Michał “rysiek” Woźniak, a techie, information security expert, and lifelong digital human rights activist.I had worked at OCCRP, one of the investigative journalism outlets that broke the Panama Papers, where I was responsible (among others) for website hosting infrastructure.

The experience of running a high-stakes website that can randomly get a lot of traffic (or a DDoS) led me to think of new ways of keeping websites up, even if their infrastructure might be down. That’s where the idea of LibResilient comes from.

In short, LibResilient is a tool that allows a website to stay up and accessible to returning visitors even if the original site is down for whatever reason, without relying on centralized Internet gatekeepers.

What are the key issues you see with the state of the internet today?
Centralization is my pet peeve.​

Centralization of infrastructure, control, and power makes it difficult—almost impossible in some cases—to run a website or provide an online service aligning oneself with the interests of a few gigantic Internet companies.

Another problem is brittleness. How “modern” websites are built makes them extremely easy to break: a modified third-party script, a font hosted on a third-party server, and a style sheet from a major CDN not loading often take websites down.

Admins and developers give away much control over their websites to random companies – often several of them at a time – for no real gain. It’s enough for one of these companies to have a hiccup for hundreds of thousands of sites to become unusable.

How does your project contribute to correcting some of those issues?
I would say that LibResilient attempts to solve the underlying issues that drive website operators to use centralized services.

It’s almost impossible, financially and technically, for most NGOs and small media organizations to self-host their websites in a way that can withstand a DDoS or a two-orders-of-magnitude traffic spike. So, they find shelter behind centralized DDoS protection services.

But…

What if their returning readers could still see the site, navigate it, and access new content in their browsers without installing anything or changing any settings—even if the organization’s servers are overwhelmed for whatever reason?
What if many such organizations could pool their server resources together easily and host each other’s content without having to trust each other with TLS keys?
This is already possible with LibResilient.

What do you like most about (working on) your project?
I am giddy with excitement about doing something genuinely original that I know can be immensely useful—and, at the same time, might undermine the position of centralized gatekeepers.

Where will you take your project next?
LibResilient is nearing a stable beta stage. I would love to get some organizations to deploy it once it’s there.

How did NGI Assure help you reach your goals for your project?
It was very nice to receive funding; it was a motivating factor and allowed me to work on the project more than I would have otherwise. But as necessary, if not more, was the external nudge of “I promised to do this,” soft deadlines, good feedback from, and excellent contact with, their team about the project.

Do you have advice for people who are considering applying for NGI funding?
Just do it. It takes half an hour and is definitely worth it. And not just in the financial sense!

Do you have any recommendations to improve future NGI programs or the wider NGI initiative?
Not really!

Every step of the way, I was pleasantly surprised with how things were set up (administratively and technologically), how good the feedback was, and how open they were to inevitable course corrections.

Really hard for me to find anything to nitpick on!