Mullvad can unilaterally correlate ingress and egress traffic for their users – this is not to say that they do, but they have the capabilities of doing so.
If implemented correctly (and that's a big if!), a nested tunnel approach can make that much harder and require global passive or active traffic observation capabilities (for timing observation, possibly with active timing modifications, of specific flows), or collusion of at least two different entities.
>We have immense respect for the Tor project (please donate to the foundation if you can), but its slow speed and frequent network-wide DDoS attacks make it infeasible for everyday use.
>Obscura has most of the benefits of connecting via Tor but is optimized for everyday use by being much faster and more reliable.
Who do you think is truly at the top of these efforts? Like, what is the motivation? How is there not more money to be made on a purely quantitative basis from regular clearnet dwellers?
If the Obscura network started getting DDoSed, I'm sure Obscura would also become quite slow.
The infosec hobbyist in me believes the many-months-long massive DDoS attack against tor infrastructure was exploiting a vulnerability in tor to perform (timing attacks, or related traffic correlation attacks) against and unmask hidden services or hidden service users, or maybe even exit node users. How realistic is this to someone that understands the tor network more in-depth than I do?
Because it's so noisy and expensive, I can't believe they'd keep it up this long if it wasn't extremely effective, whatever the purpose and actor.
Best attempt at an explanation of how it works that I’ve seen so far:
> My understanding is it's CONNECT-IP / MASQUE where the encrypted & HTTP encapsulated IP request is sent to Obscura and the details of the request are forwarded to what they're calling a "Blind Relay" which only knows Obsucra's IP.
2-hop onion routing with pre-defined routes. No Tor consensus. Very simple.
https://datatracker.ietf.org/doc/draft-ietf-masque-connect-i...
Looks nice, but it's barely the first VPN or proxy service trying to make itself oblivious of the traffic it serves (plausible or not).
There's Google One VPN (which uses blind signatures for access tokens) as well as iCloud Private Relay (which leverages nested encrypted channels terminated by a different entity than the one that receives user-side traffic, as well as blind signatures for authentication if I remember correctly).
That said, it's definitely nice to have alternatives, but as with all VPN services, I'd be cautious – the proposition of "perfectly anonymous network access" attracts a lot of attention, not all of it beneficial to the product/project.
IVPN, Perfect Privacy, Mullvad all use blind tokens as well I believe.
There's also another company/product that has Port in the name I think, PortMonitor or... it's on the tip of my tongue. Anyway they have a paid version of the product that is essentially a series of servers (their own and user-donated servers) that tries to re-create the onion routing protocol, but with VPNs and blind tokens.
PerfectPrivacy was always my go to, as they have been raided multiple times and law enforcement ne er got something out of them. But jesus, their connectivity is soooo bad these days, the latency and packet loss on most of their servers is unbearable.
> barely the first VPN or proxy service trying to make itself oblivious of the traffic it serves
That's an understatement. The earliest example that comes to mind is from over a quarter of a century ago: https://en.wikipedia.org/wiki/Zero_Knowledge_Systems ZKS even predated Tor as one of the (if not the) first Onion Routing/Pipenet implementations outside the Navy's program. At the time, ZKS earned a lot of mindshare in the tech industry, but unfortunately they were a tad early to the commercial VPN party.
If they wanted to accept crypto, would there be anything stopping them from using Monero at least, instead? I wonder why they would ignore the major actually anonymous token.
they’ve been slowing progress down for 10 years straight now
but don’t worry you’ve been able to pay bitcoin invoices with monero and everything else for nearly as long too, just use a mixer and set the destination asset and address to the one on the invoice
As a casual Monero user, who's the Bitcoin maxi you're speaking of? Fluffypony? Seth? I remember reading about someone on the Monero core team who started working for a large Bitcoin company but don't remember who it was or what the issue was.
Some countries like India make owning monero illegal so it's not an option for everyone. How they're going to prove it is another story of course. But it is what it is.
> Some countries like India make owning monero illegal so it's not an option for everyone.
Owning cryptocurrency is not illegal in India. There is no ban on any cryptocurrencies in India. There is a hefty tax deduction at source on any transactions. Cryptocurrencies are not recognized as legal tender in India, which is the case in many other countries.
Looks interesting, as others have pointed out this seems very similar to iCloud Private Relay. Curious who is providing the blind relays for Obscura, I didn’t see the info on the website.
I was thinking about doing something like this recently. I would be interested to know more about how Obscura does multi-hop. Does it use other VPN providers - if not, who are the other hops?
It's probably worth mentioning that such a setup does not provide you with the same level of privacy as Tor, especially if all hops are within Five Eyes countries.
Sigh. As someone who is making a company in the privacy space, I hate when privacy products make huge claims like this. Another big offender is proton mail.
They may not be able to track your stuff as it is today, but one single FISA order demanding they push a update out to just to a few specific IP addresses and it will be all the same.
All things you download and install to your device can screw you if they have any functional way to update or have any serverside includes. (like a analytics JS tracker that can be changed to a JS logger)
We run into this a bit with https://redact.dev , but for people who want to be sure the login information they provide is safe.
At the end of the day, you are always at the mercy of the courts AND the founders not doing evil things.
Are there examples of such warrants being issued? This was, more or less, the subject of the big showdown between Apple and the FBI some years ago. The FBI maybe could have won legally but decided to back down. If such warrants were being issued, they eventually would be made public in the resulting criminal prosecutions.
Of course there’s warrants and FISA warrants issued for Google data. The question is whether they’ve issued a warrant to send a bugged autoupdate, which your link has nothing to do with.
Unless they end up in secretive federal courts, and target a company that doesn't have the deep pockets and media attention of Apple. Then you'd likely hear about it years after your privacy is violated.
You can make that claim about any software. Why would you assume their installers can't be verified publicly? Are they using unsigned installers? Perhaps your OS also is pushing signed updates with an implant based on your IP, much more convenient than fighting with vpn providers for just traffic.
The only claim they made is about the vpn service itself. If FISA orders it, the NSA will break into your house and plant cameras to watch your monitor lol. That's a strawman argument. You shouldn't argue against an claim they didn't make about update security, but even then can't you just use your own wireguard client? You don't have to use theirs right?
You could have no auto-update functionality, and that would go a long way. But then, you are severely crippling your product by doing that. Releasing clientside sourcecode doesnt mean much if the NSA forces you to give everyone else a different binary and sourcode than your target. It means nothing.
Look- the point is, you will go down a endless rabbithole of trying to appease everyone with "bulletproof" security. And the more you go, the more functionality and usefulness you will give up.
The best solution is to be realistic and not make defacto claims. Even things like TOR, which have been open source and audited from day one have had serious issues, and I am sure many TOR developers parroted the "you cant be tracked using us" only to have exploits and code issues pop up multiple times.
Without releasing source code and a transparent client build process this kind of claim is just kind of ...useless? If anything tells me they can't see my data and the client isn't completely in the open then I have 0 shred of confidence that they're trustworthy.
I feel old. I've been advising people to get a trusted VPN and use that tunnel to purchase a second trusted (unrelated) VPN and double tunnel, with at least the first VPN being outside of your country. The first sees your payment details (if you gave them one) and IP but can only see traffic to the second vpn. The second sees your traffic but can only see the first VPN's IP and hopefully they let you pay anonymously there as well.
Of course, with my way and Obscura, you should use a leak-proof setup that doesn't rely on you OS/device being nice (looking at MS and Apple there).
What's your method for "double tunneling" as, on Windows at least, you can't run two VPN providers at the same time as far as I've seen. I'd love to know if that were possible. I've seen mention of a tool that allows groups of trusted individuals to use each other's VPN connections to create a tunnel, but that's with each computer running a different VPN service.
I've tried this before but couldn't get it to work. What are the VM settings required? Do you need an external card that can do passthru or whatever it's called like you do for wardriving?
Why not just use tor? If you want you can also buy a VPN with tor and use it to connect to tor later. It just sounds better than chained VPNs in every way.
A more accurate claim would be "VPN that can't track your activity unless we cooperate with the third-party relay provider".
I couldn't find any info on the page about who provides the relays, but that seems like the hardest problem to solve. The relays are taking on all the risk, after all - if someone does something illegal the exit relay will be where the authorities go first.
>Don’t trust — verify. We’ll be open-sourcing all of our client code so you can look at the source code and verify that we’re doing what we say.
I like that they plan to open source the client and do not mention any plans to open source their server software. Being able to audit more of their claims runs the risk of spoiling the mystique — you can’t run a VPN without a little bit of a sexy pinky promise.
The hard part is I don’t think there’s a way if they open sourced the server we can verify that what they’re actually running what is in the public repo.
I use Mullvad vpn and pay using monero, so this was the first question in my mind. If you look at Mullvad's privacy policy, they made clear that paying with card obligates them legally to store personal information about the customer. Obscura in their FAQ says the payment method is Bitcoin, and Bitcoin can be traced to an exchange unless it was mined.
Bitcoin or any cryptocurrency can be converted to monero, which can then be used to pay (or converted back to BTC to pay) via any number of shady coin conversion services.
In fact, if you're truly trying to be as as anonymous as possible with privacy redundancy, coinjoining before converting to XMR is your best course of action.
If creator of service claims you can pay anonymously with crypto and doesn’t offer XMR, they are not being earnest and intellectually honest, because we know they know XMR is the only legit actually anon crypto. Why would anyone use this service when they can use Mullvad or IVPN and pay via XMR directly?
76 comments
[ 0.21 ms ] story [ 405 ms ] threadIf implemented correctly (and that's a big if!), a nested tunnel approach can make that much harder and require global passive or active traffic observation capabilities (for timing observation, possibly with active timing modifications, of specific flows), or collusion of at least two different entities.
>We have immense respect for the Tor project (please donate to the foundation if you can), but its slow speed and frequent network-wide DDoS attacks make it infeasible for everyday use.
>Obscura has most of the benefits of connecting via Tor but is optimized for everyday use by being much faster and more reliable.
Curious about the details on this.
Whilst the DDoS was ongoing, Tor was quite slow.
The infosec hobbyist in me believes the many-months-long massive DDoS attack against tor infrastructure was exploiting a vulnerability in tor to perform (timing attacks, or related traffic correlation attacks) against and unmask hidden services or hidden service users, or maybe even exit node users. How realistic is this to someone that understands the tor network more in-depth than I do?
Because it's so noisy and expensive, I can't believe they'd keep it up this long if it wasn't extremely effective, whatever the purpose and actor.
I'm not sure we would know about the Carnegie Melon research if it weren't for the researchers trying to give a talk about at Black Hat 2014. https://threatpost.com/tor-sniffs-out-attacks-trying-to-dean...
Or 2015 at MIT - https://www.bitdefender.com/blog/hotforsecurity/de-anonymiza...
Or 2019-2021+ - https://nusenu.medium.com/is-kax17-performing-de-anonymizati...
Or 2022 - https://infocondb.org/con/def-con/def-con-30/deanonymization...
> My understanding is it's CONNECT-IP / MASQUE where the encrypted & HTTP encapsulated IP request is sent to Obscura and the details of the request are forwarded to what they're calling a "Blind Relay" which only knows Obsucra's IP. 2-hop onion routing with pre-defined routes. No Tor consensus. Very simple. https://datatracker.ietf.org/doc/draft-ietf-masque-connect-i...
- bitgould from https://stacker.news/items/268728/r/031ef7d322
Impossible to say without seeing the source code though.
There's Google One VPN (which uses blind signatures for access tokens) as well as iCloud Private Relay (which leverages nested encrypted channels terminated by a different entity than the one that receives user-side traffic, as well as blind signatures for authentication if I remember correctly).
That said, it's definitely nice to have alternatives, but as with all VPN services, I'd be cautious – the proposition of "perfectly anonymous network access" attracts a lot of attention, not all of it beneficial to the product/project.
There's also another company/product that has Port in the name I think, PortMonitor or... it's on the tip of my tongue. Anyway they have a paid version of the product that is essentially a series of servers (their own and user-donated servers) that tries to re-create the onion routing protocol, but with VPNs and blind tokens.
Edit: Postmaster with the Safing Privacy Network (SPN) https://safing.io/spn/
It's sad. I really wish they'd improve speed, latency, and packet loss. If they did then I would go back in a heartbeat.
That's an understatement. The earliest example that comes to mind is from over a quarter of a century ago: https://en.wikipedia.org/wiki/Zero_Knowledge_Systems ZKS even predated Tor as one of the (if not the) first Onion Routing/Pipenet implementations outside the Navy's program. At the time, ZKS earned a lot of mindshare in the tech industry, but unfortunately they were a tad early to the commercial VPN party.
Yeah: https://datatracker.ietf.org/doc/draft-ietf-privacypass-rate...
Bitcoin is not anonymous. This makes me doubt of all their privacy claims
they’ve been slowing progress down for 10 years straight now
but don’t worry you’ve been able to pay bitcoin invoices with monero and everything else for nearly as long too, just use a mixer and set the destination asset and address to the one on the invoice
Monero’s cross contribution has been good, wasnt talking about them. Not sure off the top of my head anymore.
I was curious why XMR isn't available.
They also ban most sat phones by the way.
Owning cryptocurrency is not illegal in India. There is no ban on any cryptocurrencies in India. There is a hefty tax deduction at source on any transactions. Cryptocurrencies are not recognized as legal tender in India, which is the case in many other countries.
If not, what's your point?
As others have mentioned, swapping between chains is also an option.
It's probably worth mentioning that such a setup does not provide you with the same level of privacy as Tor, especially if all hops are within Five Eyes countries.
They may not be able to track your stuff as it is today, but one single FISA order demanding they push a update out to just to a few specific IP addresses and it will be all the same.
All things you download and install to your device can screw you if they have any functional way to update or have any serverside includes. (like a analytics JS tracker that can be changed to a JS logger)
We run into this a bit with https://redact.dev , but for people who want to be sure the login information they provide is safe. At the end of the day, you are always at the mercy of the courts AND the founders not doing evil things.
Heres a quick meme to better explain: https://i.imgur.com/Vnerxcb.png
[0]https://transparencyreport.google.com/user-data/us-national-...
The only claim they made is about the vpn service itself. If FISA orders it, the NSA will break into your house and plant cameras to watch your monitor lol. That's a strawman argument. You shouldn't argue against an claim they didn't make about update security, but even then can't you just use your own wireguard client? You don't have to use theirs right?
True. This is why all client side source code will be released and reproducible builds offered on platforms that support it.
If you don't know what code you're running, yeah you're screwed either way.
Nixpkgs please! It's the most successful reproducibility experiment I know of.
Fun fact: all of the current website's infra is NixOS-based
Fun fact #2: I overhauled Bitcoin Core's reproducible build system to use Guix (a Nix-inspired functional package manager)
All the nix deployment tools had too much magic and broke, but nixos-rebuild always works and it's part of Nix!
Disko was great for bootstrapping servers: https://github.com/nix-community/disko
Look- the point is, you will go down a endless rabbithole of trying to appease everyone with "bulletproof" security. And the more you go, the more functionality and usefulness you will give up.
The best solution is to be realistic and not make defacto claims. Even things like TOR, which have been open source and audited from day one have had serious issues, and I am sure many TOR developers parroted the "you cant be tracked using us" only to have exploits and code issues pop up multiple times.
Of course, with my way and Obscura, you should use a leak-proof setup that doesn't rely on you OS/device being nice (looking at MS and Apple there).
Good thing about that too is it avoids leaks, as long as you set your adapters right.
I couldn't find any info on the page about who provides the relays, but that seems like the hardest problem to solve. The relays are taking on all the risk, after all - if someone does something illegal the exit relay will be where the authorities go first.
I like that they plan to open source the client and do not mention any plans to open source their server software. Being able to audit more of their claims runs the risk of spoiling the mystique — you can’t run a VPN without a little bit of a sexy pinky promise.
I'm the maker of Obscura.
Happy to answer questions folks have. Also, what thinkmassive dug up is accurate: https://news.ycombinator.com/item?id=37711006
Update: Just fixed the Matrix->Discord bridge, apologies if it didn't work for you before.
Bitcoin can also be anonymized via coinjoin like samurai or Wasabi, although Wasabi is not recommended: https://medium.com/oxt-research/a-statement-on-two-discovere...
In fact, if you're truly trying to be as as anonymous as possible with privacy redundancy, coinjoining before converting to XMR is your best course of action.