olivered
Freshly Joined Member
So I noticed on the features you discuss your neural routing system which attempts to route traffic through the vpn network internally as close to the desired target as possible,and as stated in the marketing material, 'ideally never leaving the network'. I think it's a great perspective and represents an innovative mindset as an alternative to "cloudflare" like services and the way every other vpn looks at outside content providers.
Perfect Privacy for businesses could be a solution that gives a free, static, permanent wireguard uplink, into a node in the vpn network, with firewall rules so only the business's website traffic can go through the tunnel into the network. Customers would have a direct, secure pipeline to every company that signs up for the service. It could be used for forums that are often under attack also. Because the website is still hosted outside your network, you minimize any legal liability to perfect privacy, and if they come under ddos, all they have to do is get their networking partners to downthrottle all traffic except for that coming on the link carrying the wireguard traffic.
From a cost-to-attack aspect it makes great sense too- most vpn customers are privacy oriented. They are not typically going to be ddos zombies. A dedicated attacker would have to buy a subscription for every single node they want to use, and they'd have to risk that account being deleted for malicious activity on the network. DDOS ceases to be cost effective.
And I was thinking, why not just implement an entire network this way? Buy your own fiber, or, at least, your own dedicated bandwidth node-to-node, and set up your nodes so they use wireguard, not for customers, but for node-to node communication. You now have a private network running at near wire speeds and can dynamically utilize some nodes internally, not as exit or entry nodes, but to route traffic through your network and ensure all customer traffic enters at the node nearest them and exits at the node nearest the desired content.
For a long time, I've looked at many different vpn options to see what their feature set and price was. I've looked at affordable VPS's hoping they also might provide a solution. It's not just the security aspect, it's also traffic shaping. My ISP doesn't care about delivering the bandwidth I paid for, and has downgraded their upstream partners several times trying to increase profits, and so, now everything is on the cheapest(and thus most prone to being messed with) networks, instead of high quality tier one networks like level 2 and hurricane electric. As a result not only are ping times higher than ever before but content often freezes and delivery isn't solid.
A high quality VPN completely rules out any prospect of data shaping, and, if it has a node close to you, in a datacenter that has dedicated bonded bandwidth agreements with your ISP, if you have a hardware accelerating VPN appliance and your VPN has hardware accelerated capabilities, the overhead will be negligible.
My internet might even ironically be faster.
-----------------------------
So, to get to the meat and bones, here's what I'm suggesting.
Perfect Privacy for businesses could be a solution that gives a free, static, permanent wireguard uplink, into a node in the vpn network, with firewall rules so only the business's website traffic can go through the tunnel into the network. Customers would have a direct, secure pipeline to every company that signs up for the service. It could be used for forums that are often under attack also. Because the website is still hosted outside your network, you minimize any legal liability to perfect privacy, and if they come under ddos, all they have to do is get their networking partners to downthrottle all traffic except for that coming on the link carrying the wireguard traffic.
From a cost-to-attack aspect it makes great sense too- most vpn customers are privacy oriented. They are not typically going to be ddos zombies. A dedicated attacker would have to buy a subscription for every single node they want to use, and they'd have to risk that account being deleted for malicious activity on the network. DDOS ceases to be cost effective.
And I was thinking, why not just implement an entire network this way? Buy your own fiber, or, at least, your own dedicated bandwidth node-to-node, and set up your nodes so they use wireguard, not for customers, but for node-to node communication. You now have a private network running at near wire speeds and can dynamically utilize some nodes internally, not as exit or entry nodes, but to route traffic through your network and ensure all customer traffic enters at the node nearest them and exits at the node nearest the desired content.
For a long time, I've looked at many different vpn options to see what their feature set and price was. I've looked at affordable VPS's hoping they also might provide a solution. It's not just the security aspect, it's also traffic shaping. My ISP doesn't care about delivering the bandwidth I paid for, and has downgraded their upstream partners several times trying to increase profits, and so, now everything is on the cheapest(and thus most prone to being messed with) networks, instead of high quality tier one networks like level 2 and hurricane electric. As a result not only are ping times higher than ever before but content often freezes and delivery isn't solid.
A high quality VPN completely rules out any prospect of data shaping, and, if it has a node close to you, in a datacenter that has dedicated bonded bandwidth agreements with your ISP, if you have a hardware accelerating VPN appliance and your VPN has hardware accelerated capabilities, the overhead will be negligible.
My internet might even ironically be faster.
-----------------------------
So, to get to the meat and bones, here's what I'm suggesting.
- create a daemon on every exit, entry, and internal node you run that dynamically communicates with the other nodes to figure out the best routes for data node-to-node, and, for each entry node, share a corresponding globally dynamic routing table that is downloaded by the vpn client and propagated into the consumer's operating system, also making it accessible for linux. Anytime you add a node automatically have it communicate with the other nodes. Configure each exit node to be "responsible" for the subnets data-wise and geographically nearest it, and dynamically insert them into the dynamic routing table to be shared between nodes. Neuro routing is great but it's kind of a temporary solution . Setting up your own tunnels between nodes and routing all of your own traffic is a great way to hide behind seven firewalls but it's a lot like tor.
- Set up an exit node for your vpn traffic in every nation on the face of the earth that doesn't currently have one. Consumer data no longer crosses over any international boundaries unencrypted- it goes through your private channels only. The first Global Access VPN.
- Once you have the routing table mechanic functional, you can begin to add internal nodes that are responsible for private connections to resources on the open network. Go beyond legal and geographical boundaries to insertion within network boundaries. Like your own node that runs inside of the amazon AWS network and is responsible for data to/from the subnets of that network. Not exactly the same thing as a proximity subnet, but amazon's internal data infrastructure is a network unto itself. It's not inner network traffic that gets the most amount of scrutiny and pipelining, it's data that crosses networks.
- Finally, offer a web portal for businesses, forums, websites to set up their own dedicated, firewalled, static wireguard uplink into your network. The idea would be that they run a node inside their network, maybe even on their server directly, which acts as a vpn node unto itself, so that it becomes part of the routing table and is transparently invisible to the website- which continues to be accessed under the ip address associated with the certificates of the service.