76 comments

[ 0.21 ms ] story [ 405 ms ] thread
How does this compare to Mullvad who also use randomized account numbers? Beyond that, whether account number activity is logged is a matter of trust.
Mullvad can unilaterally correlate ingress and egress traffic for their users – this is not to say that they do, but they have the capabilities of doing so.

If implemented correctly (and that's a big if!), a nested tunnel approach can make that much harder and require global passive or active traffic observation capabilities (for timing observation, possibly with active timing modifications, of specific flows), or collusion of at least two different entities.

Exactly right. Will be open sourcing the client so people can ensure that this is implemented correctly.
In your case, what measures do you take to prevent correlation across the relay and your service? Who manages the relay?
>How is Obscura’s design different from Tor?

>We have immense respect for the Tor project (please donate to the foundation if you can), but its slow speed and frequent network-wide DDoS attacks make it infeasible for everyday use.

>Obscura has most of the benefits of connecting via Tor but is optimized for everyday use by being much faster and more reliable.

Curious about the details on this.

Tor suffered an extended DDoS for a period of almost a year: https://status.torproject.org/issues/2022-06-09-network-ddos...

Whilst the DDoS was ongoing, Tor was quite slow.

Who do you think is truly at the top of these efforts? Like, what is the motivation? How is there not more money to be made on a purely quantitative basis from regular clearnet dwellers?
What I meant is, how is Obscura faster and more reliable than Tor?
If the Obscura network started getting DDoSed, I'm sure Obscura would also become quite slow.

The infosec hobbyist in me believes the many-months-long massive DDoS attack against tor infrastructure was exploiting a vulnerability in tor to perform (timing attacks, or related traffic correlation attacks) against and unmask hidden services or hidden service users, or maybe even exit node users. How realistic is this to someone that understands the tor network more in-depth than I do?

Because it's so noisy and expensive, I can't believe they'd keep it up this long if it wasn't extremely effective, whatever the purpose and actor.

I'm not sure we would know about the Carnegie Melon research if it weren't for the researchers trying to give a talk about at Black Hat 2014. https://threatpost.com/tor-sniffs-out-attacks-trying-to-dean...

Or 2015 at MIT - https://www.bitdefender.com/blog/hotforsecurity/de-anonymiza...

Or 2019-2021+ - https://nusenu.medium.com/is-kax17-performing-de-anonymizati...

Or 2022 - https://infocondb.org/con/def-con/def-con-30/deanonymization...

Best attempt at an explanation of how it works that I’ve seen so far:

> My understanding is it's CONNECT-IP / MASQUE where the encrypted & HTTP encapsulated IP request is sent to Obscura and the details of the request are forwarded to what they're calling a "Blind Relay" which only knows Obsucra's IP. 2-hop onion routing with pre-defined routes. No Tor consensus. Very simple. https://datatracker.ietf.org/doc/draft-ietf-masque-connect-i...

- bitgould from https://stacker.news/items/268728/r/031ef7d322

Impossible to say without seeing the source code though.

So essentially the same thing as iCloud Private Relay, then? Does it also use blind signatures for authentication to the first relay?
Nope, AFAIK iCloud Private Relay only relays TCP/UDP traffic. Obscura will tunnel all IP traffic.
Practically speaking – what else is there?
So the same as protons Secure core.
Looks nice, but it's barely the first VPN or proxy service trying to make itself oblivious of the traffic it serves (plausible or not).

There's Google One VPN (which uses blind signatures for access tokens) as well as iCloud Private Relay (which leverages nested encrypted channels terminated by a different entity than the one that receives user-side traffic, as well as blind signatures for authentication if I remember correctly).

That said, it's definitely nice to have alternatives, but as with all VPN services, I'd be cautious – the proposition of "perfectly anonymous network access" attracts a lot of attention, not all of it beneficial to the product/project.

IVPN, Perfect Privacy, Mullvad all use blind tokens as well I believe.

There's also another company/product that has Port in the name I think, PortMonitor or... it's on the tip of my tongue. Anyway they have a paid version of the product that is essentially a series of servers (their own and user-donated servers) that tries to re-create the onion routing protocol, but with VPNs and blind tokens.

Edit: Postmaster with the Safing Privacy Network (SPN) https://safing.io/spn/

PerfectPrivacy was always my go to, as they have been raided multiple times and law enforcement ne er got something out of them. But jesus, their connectivity is soooo bad these days, the latency and packet loss on most of their servers is unbearable.
I agree with everything you said.

It's sad. I really wish they'd improve speed, latency, and packet loss. If they did then I would go back in a heartbeat.

> barely the first VPN or proxy service trying to make itself oblivious of the traffic it serves

That's an understatement. The earliest example that comes to mind is from over a quarter of a century ago: https://en.wikipedia.org/wiki/Zero_Knowledge_Systems ZKS even predated Tor as one of the (if not the) first Onion Routing/Pipenet implementations outside the Navy's program. At the time, ZKS earned a lot of mindshare in the tech industry, but unfortunately they were a tad early to the commercial VPN party.

> Pay anonymously with Bitcoin. Or use Lightning for instant payments and lower fees.

Bitcoin is not anonymous. This makes me doubt of all their privacy claims

If they wanted to accept crypto, would there be anything stopping them from using Monero at least, instead? I wonder why they would ignore the major actually anonymous token.
because its compromised by a Bitcoin maxi

they’ve been slowing progress down for 10 years straight now

but don’t worry you’ve been able to pay bitcoin invoices with monero and everything else for nearly as long too, just use a mixer and set the destination asset and address to the one on the invoice

As a casual Monero user, who's the Bitcoin maxi you're speaking of? Fluffypony? Seth? I remember reading about someone on the Monero core team who started working for a large Bitcoin company but don't remember who it was or what the issue was.
OP’s project has a bitcoin maxi on it, which is why bitcoin/ln is accepted despite its privacy challenges

Monero’s cross contribution has been good, wasnt talking about them. Not sure off the top of my head anymore.

Oh thanks for the clarification.

I was curious why XMR isn't available.

Some countries like India make owning monero illegal so it's not an option for everyone. How they're going to prove it is another story of course. But it is what it is.

They also ban most sat phones by the way.

> Some countries like India make owning monero illegal so it's not an option for everyone.

Owning cryptocurrency is not illegal in India. There is no ban on any cryptocurrencies in India. There is a hefty tax deduction at source on any transactions. Cryptocurrencies are not recognized as legal tender in India, which is the case in many other countries.

Is Obscura operating out of India?

If not, what's your point?

Mullvad lets you pay with monero- or cash in an envelope.
It seems they're a Bitcoin core developer, I'm sure they're aware of the issues and asterisks.
The blockchain is transparent and immutable, but additional layers like the Lightning Network can provide a range of additional privacy.

As others have mentioned, swapping between chains is also an option.

Yeah, if they don’t accept XMR it’s a huge red flag. Hard pass
Looks interesting, as others have pointed out this seems very similar to iCloud Private Relay. Curious who is providing the blind relays for Obscura, I didn’t see the info on the website.
I was thinking about doing something like this recently. I would be interested to know more about how Obscura does multi-hop. Does it use other VPN providers - if not, who are the other hops?

It's probably worth mentioning that such a setup does not provide you with the same level of privacy as Tor, especially if all hops are within Five Eyes countries.

Sigh. As someone who is making a company in the privacy space, I hate when privacy products make huge claims like this. Another big offender is proton mail.

They may not be able to track your stuff as it is today, but one single FISA order demanding they push a update out to just to a few specific IP addresses and it will be all the same.

All things you download and install to your device can screw you if they have any functional way to update or have any serverside includes. (like a analytics JS tracker that can be changed to a JS logger)

We run into this a bit with https://redact.dev , but for people who want to be sure the login information they provide is safe. At the end of the day, you are always at the mercy of the courts AND the founders not doing evil things.

Heres a quick meme to better explain: https://i.imgur.com/Vnerxcb.png

Are there examples of such warrants being issued? This was, more or less, the subject of the big showdown between Apple and the FBI some years ago. The FBI maybe could have won legally but decided to back down. If such warrants were being issued, they eventually would be made public in the resulting criminal prosecutions.
Unless they end up in secretive federal courts, and target a company that doesn't have the deep pockets and media attention of Apple. Then you'd likely hear about it years after your privacy is violated.
You can make that claim about any software. Why would you assume their installers can't be verified publicly? Are they using unsigned installers? Perhaps your OS also is pushing signed updates with an implant based on your IP, much more convenient than fighting with vpn providers for just traffic.

The only claim they made is about the vpn service itself. If FISA orders it, the NSA will break into your house and plant cameras to watch your monitor lol. That's a strawman argument. You shouldn't argue against an claim they didn't make about update security, but even then can't you just use your own wireguard client? You don't have to use theirs right?

Disclaimer: I'm making Obscura

True. This is why all client side source code will be released and reproducible builds offered on platforms that support it.

If you don't know what code you're running, yeah you're screwed either way.

> reproducible builds

Nixpkgs please! It's the most successful reproducibility experiment I know of.

Absolutely!

Fun fact: all of the current website's infra is NixOS-based

Fun fact #2: I overhauled Bitcoin Core's reproducible build system to use Guix (a Nix-inspired functional package manager)

You could have no auto-update functionality, and that would go a long way. But then, you are severely crippling your product by doing that. Releasing clientside sourcecode doesnt mean much if the NSA forces you to give everyone else a different binary and sourcode than your target. It means nothing.

Look- the point is, you will go down a endless rabbithole of trying to appease everyone with "bulletproof" security. And the more you go, the more functionality and usefulness you will give up.

The best solution is to be realistic and not make defacto claims. Even things like TOR, which have been open source and audited from day one have had serious issues, and I am sure many TOR developers parroted the "you cant be tracked using us" only to have exploits and code issues pop up multiple times.

NSA is not the world. They don’t have to comply with NSA, just don’t have US as jurisdiction.
Its where the author/founder lives. So, yes its applies pretty much exactly.
NSA doesn't typically hack and persist to watch the devices of US citizens.
Your meme is just a meme. It Chechnya, North Korea and UAE - sure, it applies. But not in first world countries. Massive lawsuits would ensue.
You may enjoy reading about "national security letters", Lavabit, and FISA warrants.
Without releasing source code and a transparent client build process this kind of claim is just kind of ...useless? If anything tells me they can't see my data and the client isn't completely in the open then I have 0 shred of confidence that they're trustworthy.
I feel old. I've been advising people to get a trusted VPN and use that tunnel to purchase a second trusted (unrelated) VPN and double tunnel, with at least the first VPN being outside of your country. The first sees your payment details (if you gave them one) and IP but can only see traffic to the second vpn. The second sees your traffic but can only see the first VPN's IP and hopefully they let you pay anonymously there as well.

Of course, with my way and Obscura, you should use a leak-proof setup that doesn't rely on you OS/device being nice (looking at MS and Apple there).

What's your method for "double tunneling" as, on Windows at least, you can't run two VPN providers at the same time as far as I've seen. I'd love to know if that were possible. I've seen mention of a tool that allows groups of trusted individuals to use each other's VPN connections to create a tunnel, but that's with each computer running a different VPN service.
Use a VM, route all traffic and link out to another VM that does the second VPN.

Good thing about that too is it avoids leaks, as long as you set your adapters right.

I've tried this before but couldn't get it to work. What are the VM settings required? Do you need an external card that can do passthru or whatever it's called like you do for wardriving?
Like I said, don't even use windows for the vpn. Route windows through a local box (could be an RPI), that does the VPN and leak protection.
Why not just use tor? If you want you can also buy a VPN with tor and use it to connect to tor later. It just sounds better than chained VPNs in every way.
Probably because half of the websites will block you, but are fine with VPNs
Slow, hostile exits, lots of sites block exits, can't easily pick geography of an exit. The Obscura site alo lists similar reason in the faq.
How about everyone puts their monthly $5 into a VPS to run a Tor node to make the network faster rather than constantly pay for snake oil?
Honest question, and when police rides your home because someone used your node for some illegal activity, how everyone will defend itself?
Will more nodes make the network faster? I thought the architecture of how onion routing function is what made it slow.
A more accurate claim would be "VPN that can't track your activity unless we cooperate with the third-party relay provider".

I couldn't find any info on the page about who provides the relays, but that seems like the hardest problem to solve. The relays are taking on all the risk, after all - if someone does something illegal the exit relay will be where the authorities go first.

>Don’t trust — verify. We’ll be open-sourcing all of our client code so you can look at the source code and verify that we’re doing what we say.

I like that they plan to open source the client and do not mention any plans to open source their server software. Being able to audit more of their claims runs the risk of spoiling the mystique — you can’t run a VPN without a little bit of a sexy pinky promise.

The hard part is I don’t think there’s a way if they open sourced the server we can verify that what they’re actually running what is in the public repo.
/me was pleasantly surprised to scroll my RSS feed and see that someone posted :-)

I'm the maker of Obscura.

Happy to answer questions folks have. Also, what thinkmassive dug up is accurate: https://news.ycombinator.com/item?id=37711006

Update: Just fixed the Matrix->Discord bridge, apologies if it didn't work for you before.

Will you offer an anonymous payment method?
I use Mullvad vpn and pay using monero, so this was the first question in my mind. If you look at Mullvad's privacy policy, they made clear that paying with card obligates them legally to store personal information about the customer. Obscura in their FAQ says the payment method is Bitcoin, and Bitcoin can be traced to an exchange unless it was mined.
Bitcoin or any cryptocurrency can be converted to monero, which can then be used to pay (or converted back to BTC to pay) via any number of shady coin conversion services.

Bitcoin can also be anonymized via coinjoin like samurai or Wasabi, although Wasabi is not recommended: https://medium.com/oxt-research/a-statement-on-two-discovere...

In fact, if you're truly trying to be as as anonymous as possible with privacy redundancy, coinjoining before converting to XMR is your best course of action.

If creator of service claims you can pay anonymously with crypto and doesn’t offer XMR, they are not being earnest and intellectually honest, because we know they know XMR is the only legit actually anon crypto. Why would anyone use this service when they can use Mullvad or IVPN and pay via XMR directly?