Aral Balkan

Mastodon icon RSS feed icon

Web Numbers

Contacts app on macOS showing ‘Search Web Numbers' in the search bar. One contact (Aral Balkan) is shown and selected. In the detail view, you see Aral’s memoji, name, and organisation name (Small Technology Foundation). In the contact details, Web is https://135.181.44.50 and mobile is +353 (89) 0114242. The note section reads ‘A Web Number is just like a phone number, but for someone’s personal Small Web place. Coming in 2026.’

Are you ready for Web Numbers?

Domains? Where we’re going, we don’t need domains!

IP addresses are about to make a comeback on the web in a big (ok, small) way.

What’s all this, then?

As some of you might know, I’ve been working for the past six years on building a little thing I call the Small Web.

The idea behind the Small Web is to make it as easy as possible to have your own web site at your own domain.

And not just any web site: a personal social web site where other people can follow your public posts from their own domains and where you can talk to other people privately1 via their domains, should you want to.

Notice I keep saying “domain”.

That’s because, until the end of this year, the only way to have a secure web site is to have it accessible via a domain name.

That, however, is changing and the design of the Small Web will be changing along with it.

Let’s Encrypt (IP addresses)

On January 16, 2025, Let’s Encrypt announced Six Day and IP Address Certificate Options in 2025.

This is huge.2

The problem with domains

The commercial domain name system is a perfect example of the type of artificial scarcity capitalism creates and exploits.

Domain names are tiny little rows in a database. They cost next-to-nothing to set up and maintain. There’s absolutely no reason why they couldn’t be a public good, paid for from the public purse.3

And yet you pay (at times extortionate) amounts for them… why?

Because capitalism.

But the monetary cost isn’t the only cost involved. I’d even argue that it’s not the most important cost when it comes to the Small Web:

There is also the time and effort cost.

Bullshit costs time

Beyond shopping around to find a reputable domain registrar, navigating hostile psychological pricing schemes, and other related bullshit, there is the technical knowledge barrier and the actual time it takes to purchase a domain and set up its Domain Name System (DNS) records to point to your server.

For someone with the prerequisite technical knowledge who already has a domain registrar they use, and is comfortable with the process, setting up a new personal site at your own domain is still usually a manual process that takes, at best, multiple minutes.

If we want everyday people who use technology as an everyday thing (e.g., brain surgeons) to use the Small Web, we have to get people up and running with their own Small Web place using a seamless process that takes seconds.

This makes integrating commercial domain registration into the sign-up process a non-starter.4

The state of Small Web development, circa mid 2025

The free (as in freedom) software components that currently make up the work-in-progress Small Web are the following:

  1. Kitten: a Small Web kit (server and platform).
  2. Place: A personal, peer-to-peer, social Small Web place.
  3. Domain: A Small Web hosting solution.

Domain and Place are both being written in Kitten and the relevant component here is Domain.

Until this development, these were the prerequisites for hosting your own Domain instance:

  1. An account with a Virtual Private Server (VPS) host.
  2. An account with DNS host.
  3. A domain name that’s on the Public Suffix List (PSL).

(And 4, optionally, an account with a payment processor if you’re going to be charging for the servers.)

For our instance of Domain, I registered the small-web.org domain and, after some persuasion, was able to get it added to the PSL5, which is managed by Mozilla.

Hacking the commercial domain name system via the Public Suffix List

In case you’re not familiar with the PSL, here’s how it works: when you add a second-level domain (e.g., small-web.org) to the Public Suffix List, browsers treat it as a top-level domain (TLD; e.g., like .org).

Browsers know which domains are on the PSL because they all contain a copy of the list, which they update periodically from Mozilla’s registry.

So domains on the PSL act like TLDs and this was my little hack for simplifying the Small Web place creation process by bypassing commercial second-level domain registration.

With the PSL hack, Domain can set up a Small Web site as a subdomain of small-web.org (using pre-warmed VPS servers) in roughly ten seconds. That’s several of orders of magnitude less time and complexity than you would need were you to add commercial domain name registration to the flow.

But what if we could remove this hack (and the DNS host requirement) altogether? Well, that would further simplify things and make it easier for other people to run Small Web hosts in the future. And, now we can, thanks to the upcoming support of security certificates for IP addresses in Let’s Encrypt.

IP Addresses are the future (of the Small Web)

The Small Web is the opposite of the Big Web. It’s a decentralised6, personal, peer-to-peer Web.

And, starting in 2026, your Small Web place will, by default, be located at an IP address instead of at a domain (You will still be able to point a commercial domain name to it, should you want to, after the fact.)

But wait a second, aren’t IP addresses complex-looking things?

Here’s an IP address, just look at how scary it is:

+353 (89) 011 4242

Oh, no, sorry, that’s a phone number.

You know, those scary things that no one uses. Oh wait, no, what am I saying? We all use them.

How’s that work, then?

That’s right, we just pop them into our address books, next to the person’s name who they belong to, and then use that person’s name when we want to call or – more likely these days – message them.

So here’s an IP address (specifically an IPv4 address):

135.181.44.50

Wait a second, that’s as simple as a phone number…

Not scary at all!

OK, so you might be thinking, “But Aral, that’s an IPv4 address, what about IPv6?”

All right, you got me! Even though we’ll be starting with IPv4 addresses, we will, of course, support IPv6 and, eventually (some day, when it’s the year of IPv6 on the Internet), we will no doubt default to IPv6 addresses. And, yes, I admit IPv6 addresses are quite scary-looking.

Brace yourselves, here’s one now:

2a01:4f9:c010:a943::1

But does it matter that they’re scary?

Not really.

Address books to the rescue

Just like we no longer have to remember someone’s phone number, we won’t have to remember their IP address either. We’ll just put it in our address book, next to the name of the person it belongs to, and use their name to visit their site.

In fact, that’s really all the Domain Name System does for you, but instead of you owning the address book, ICANN does7.

On the Small Web, we will each own our own address book. It doesn’t have to be the same as everyone else’s. In fact, it would be really weird if it was.

So, given that working with IP addresses doesn’t have to be any more complicated than working with phone numbers, we’re left with the scariest thing about IP addresses (or Internet Protocol addresses as their mother calls them if they’re in trouble): the name itself.

So here’s what I propose:

On the Small Web, at least, let’s call them Web Numbers.

Web Numbers

Just like you have a phone number for your phone, you have a web number for your web site.

You store this web number in your address book.8

Easy!

A Domain by any other name…

If Web Numbers are going to be the default for Small Web places, it no longer makes a huge amount of sense to have the Small Web hosting app be called Domain.

So, going forward, Domain will be getting a new name:

Catalyst.9

Along with this name change, and in keeping with the baby cat theme introduced with Kitten, I’ve decided to rename Place (again) to Yarn.

So here, all together, are names of the Small Web projects that I intend to eventually launch with:

  1. Kitten: a Small Web kit (server and platform).
  2. Yarn: A personal, peer-to-peer, social Small Web place.
  3. Catalyst: A Small Web hosting solution.
Minimalist vector illustration logos of a kitten’s head (grey, pink nose and ears, black eyes and whiskers), the same kitten playing with a pink ball of yarn, and the same kitten in front of a hexagon , playing with a pink ball of yarn, with two hearts.

From left to right, the initial draft logos for Kitten, Yarn, and Catalyst.

Also, now that a domain name will no longer be necessary for owning a Small Web place10, the only requirement for setting up your own Catalyst instance to become a Small Web host is to have an account with a VPS host:

  1. An account with a VPS host.
  2. An account with a DNS host.
  3. A domain name that’s on the Public Suffix List.

(And 4, optionally, an account with a payment processor if you’re going to be charging for the servers.)

Timeline

While I was looking forward to launching the first Catalyst (née Domain) instance at small-web.org this year, given that Let’s Encrypt’s timeline for the release of IP address support in TLS certificates is end of 2025, I’m planning to soft launch Yarn and the first Small Web host at small-web.org in 2026.

In the meanwhile, I am not sitting idle.

I’m:

Small Web ❤️ Web Numbers!

I’m hugely excited about this new development and with how the Small Web is progressing.

I knew it would be a long and arduous process getting to this point and who knows if anyone will even care once it’s out there but at least it will exist and, something tells me that that, in and of itself, is important.

In any case, I can finally see the light at the end of the tunnel (here’s hoping it’s not a freight train!)

If you want to support my work, please become a patron of Small Technology Foundation.

💕

Like this? Fund us!

Small Technology Foundation is a tiny, independent not-for-profit.

We exist in part thanks to patronage by people like you. If you share our vision and want to support our work, please become a patron or donate to us today and help us continue to exist.

  1. When I say private, I mean actually private, as in end-to-end encrypted private where you and the person you’re talking to are the only two ends. ↩︎

  2. It’s so huge that I initially wasn’t sure whether to write something about it. After all, folks like Google are diamond sponsors of Let’s Encrypt so a part of me was hesitant about alerting them about what a huge deal this is for the Small Web (given, you know, that they’re Big Web and all). But screw it, work on the feature is progressing well according to forum updates and the feature itself has been published as RFC 8738: Automated Certificate Management Environment (ACME) IP Identifier Validation Extension. If Let’s Encrypt were to pull the feature after this post, it would raise some very interesting questions about whether one of their diamond sponsors exerted pressure on them and, if so, some delicious antitrust-related interest from the EU competition watchdog. So I’m sure it won’t happen. Famous last words? We’ll see! ↩︎

  3. In fact, a non-commercial domain name system called OpenNIC does exist and has existed for the past 25 years but you’ve probably never heard of it. Why? Because capitalism. No browsers support it (they could) and no certificate authority issues security certificates for it (they could). Since you cannot run a secure web site at an OpenNIC domain, it’s – at least for the time being – not a viable solution for the Small Web. This could change tomorrow, if, for instance, the EU mandated that browsers implement OpenNIC support to give people an alternative to commercial domains. (I won’t be holding my breath as they’re currently too busy attempting to destroy your privacy and make us all less secure online to have time for such things.) ↩︎

  4. I’m not just theorising about this, I actually tried it. In 2018, we started a pilot project with the City of Ghent, in Belgium, to explore giving all citizens in the city their own Small Web place (we called it an Indienet place back then). The City had its own domain name, .gent, that was managed by a commercial operator (this was a mistake). Even though we had the full backing of the city, we couldn’t get the commercial operator to care enough about what we were doing to enable us to integrate domain registration at that one TLD in the order of seconds. This was not due to a technical limitation. They just didn’t care. The only thing a corporation cares about is its bottom line. And this is why public goods should be publicly held and not privatised. In the end, although we successfully built a prototype and it was very well received, local elections meant that the conservative party came into power and the budget for our project was nixed. The other valuable lesson I learned there was not to make the existence of the Small Web rely on public money because the political winds are fickle and prone to change. ↩︎

  5. If you have third-level domains owned by different people hosted as subdomains on a second-level domain, it’s crucial that your domain is on the PSL for security reasons (e.g., so people cannot set super cookies that leak information from other sites on the same domain, etc.) ↩︎

  6. Wait a second, isn’t the Web already decentralised? No, it never was. The Web was designed as a client/server system. In such a system, the servers are privileged. They can serve from 1-∞ clients (limited only by their ability to scale). The servers in such a system, when injected with huge swaths of venture capital, grow and coalesce to become the Googles and Facebooks of the centralised web or the Big Web. A decentralised system is one in which there are no such economies of scale to be exploited; a system where each node has equal power. This is what the Small Web is designed to achieve. Imagine a Web where each server is owned and controlled by one person. If this sounds like a peer-to-peer topology, that’s because it is. The Small Web is the peer-to-peer web. In that way, the Small Web is the emergent fourth stage of computing: The first stage was mainframe computers (these were cenrtalised and owned by universities, large corporations, etc.). The second stage – which was coincidentally also the first and last time we had decentralised computing – was the Personal Computer era. In the third stage, we returned to a centralised system with the Big Web. And in the coming fourth stage, we will explore a return to decentralisation with the Small Web. ↩︎

  7. More precisely, ICANN owns the main address book and decides who gets to run the top-level domains (TLDs) you all know and love (like .com, .org, and .wtf). The TLD operators own the address books for the domains under their control (second-level domains). And, if you rent a second-level domain from one of these TLDs, you control the address book for any subdomains (third-level and beyond) you define for as long as you rent the domain. As mentioned in the above footnote, it’s artificial scarcity capitalism working as designed. ↩︎

  8. Hey, you know the “bookmarks” feature every browser has? That would make one helluva an address book for Web Numbers, don’t you think? With address bar completion and everything… Or we could create browser extensions specifically for this purpose. And, who knows, maybe some browsers will eventually even support personal address books as a default feature to make Web Numbers even easier to use. ↩︎

  9. I chose the name, obvious cat pun aside, because the role of a Small Web host is to act as a catalyst to get a person onto the Small Web. It’s not their role to own anything about the Small Web place. That belongs to the person. And they can easily move it elsewhere, either to another Small Web host or even to a little single-board computer they have hooked up to their router at home. ↩︎

  10. Although you can still point a domain name to your Small Web place after you’ve created it, should you want to. The functionality for doing this already exists in Kitten and in every Small Web site/app created using Kitten. ↩︎