zrok is an open source sharing solution built on OpenZiti, the zero trust networking platform. Available as SaaS or self-hosted. Whereas technologies like WireGuard might provide secure access to a network, OpenZiti takes this one step further and connects applications securely.
Zero Trust Podcast
This podcast is a good introduction:
Michael’s long-term vision is interesting (located near the end of the podcast):
I have a lot of unpopular opinions… Yes, I have an unpopular opinion. My unpopular opinion is I think we’re going to look back at some point in the future - let’s call it 10 years, 15 years - and this whole model of content and things being shared, or things being hosted by somebody else for the sake of convenience, streaming, whatever you want to call it, will flip back around. I think we’re going to move back to a world where I can own a piece of content and curate it and manage it myself. I feel like it’s sort of a fundamental human thing to want to collect things, and curate collections, and build collections… And I think the world we live in right now, where everything is sort of streaming doesn’t really support that very well. I mean, it’s very common you might fall in love with some TV show and all of a sudden it’s just gone. I think we’re gonna move back to a place at some point where the – I don’t know how that will look technically, or how that’ll work socially, but I think we’ll move back to a place where you can sort of say “I own this thing.” And I think that’s an unpopular opinion.
Yeah. I mean, personally, I kind of wish there was a – if you’re familiar with Bandcamp… I walk this walk. I have huge collections of media that I curate, and I own. I still buy CDs, and I still buy a lot of music from Bandcamp, because I like to download it and own a copy of it. I kind of wish there was something like Bandcamp, but for movies. I don’t actually care about owning a BluRay, but I’d love to own the highest possible quality copy of like my favorite film, and be able to legally download a good copy of it. That would be fantastic. I’d be a huge customer or something like that.
zrok setup
zrok is an application that allows you to get started quickly:
yay zrok (Arch Linux)
zrok invite
This will open up a website. Register your account and then click
This will give you a command to run on your computer. After this, your computer will show up:
To share a web application:
In this case I want to share the SIOT application running on a computer there:
zrok share public ceres:8200
And then the site can be viewed at a public URL.
To share a directory:
zrok share public --backend-mode web .
And then view the files.
It is interesting that zrok uses Caddy – I wonder if that is running at zrok.io or on my computer?
Point to Point secure shares/tunnels
The above examples are all public shares, but you can easily do private shares as well.
If you run zrok at remote computers, you can create a secure point-to-point tunnel where both endpoints are behind firewalls:
This is similar to what Tailscale does for WireGuard. Tailscale facilitates the connection, but the actual VPN connection is point-to-point – it does not flow through Tailscale’s network.
Overall, this looks like a very useful toolkit to work with secure networking at a very granular level. Perhaps we can even use this in IoT systems to bridge SIOT instances behind firewalled networks and form more of a mesh topology.