a.x61.sh

Looking for feedback on a monero-native vpn i built (shadowrelay.org)
from shadowrelay@lemmy.ml to privacy@lemmy.ml on 02 Feb 17:02
https://lemmy.ml/post/42582630

Dont want to self promote, just looking for some feedback on a vpn im building and the thoughts and reasoning behind why i’m doing certain things.

Token instead of account username/password (pretty self explanatory) No 3rd party processor for XMR payments and running my own node Shared exits with 2 locations ( no obvious correlation between 1 user = 1 ip) Wireguard Only for smaller attack surface Endpoint flushing when a handshake is over 10 mins old on wg interface so the user’s IP doesnt even live in RAM .onion mirror available which I encourge you to use

I explain other stuff mostly on the FAQ, i encourge everybody to read it please!

#privacy

threaded - newest

guymontag@lemmy.ml on 03 Feb 06:03 next collapse

Are you running on baremetal or a VPS? Cuz thats seriously important. (Also this looks pretty similar to Mullvad)

shadowrelay@lemmy.ml on 03 Feb 12:04 collapse

Vps so far was looking for dedicated options. Service is very cheap, 0.01 xmr for a 3 months sub but im reinvesting every revenue into the service

guymontag@lemmy.ml on 05 Feb 02:18 collapse

Ok. Wouldn’t xmr be an issue? Isn’t difficult to get proper private no kyc xmr?

shadowrelay@lemmy.ml on 10 Feb 14:34 next collapse

xmr is by default private. you buy any coins via a CEX where u are kycd, use a non custodial exchange to get monero and from that point on its not traced back to you when you initiate a payment to somebody.

shadowrelay@lemmy.ml on 10 Feb 14:34 collapse

important part being the fact that u get the xmr from a non custodial to your own xmr wallet and then sending transactions from there.

ki9@lemmy.gf4.pw on 03 Feb 07:09 collapse

There are a few monero vpns on kycnot.me… You should consider listing there when you feel ready.

Curious about your upstream… Are they going to send takedown letters for torrent seeding? Are you ready for users to hack with your exit nodes and get blacklisted?

This is the catch-22: non-kyc (anonymous) proxies get abused/blacklisted and become useless for anonymous browsing.

shadowrelay@lemmy.ml on 03 Feb 12:11 next collapse

Thanks, i’ll do that. I can’t really control weather they’ll send letters to me or not but what i can do is be honest about it. I do have a warrant canary on the website indicating weather that claim can be made or not without breaking any legal boundaries. No provider is ready for that usecase but it’s something you must accept. If i want to fight it, the no log policy can no longer be made. for me to handle abuse, internal logging is required else how would i tell which connection, which internal IP is sending that given traffic. Even for the provider, all IPs in memory inside wg interface is indistinguishable. the more users we have the more anonymous it becomes. More people = more plausible deniability. The only threat model is if the server provider is required to compell with authorites granting them root access and monitoring connection real time getting them a step closer to fiding the possible endpoint to do more monitoring. Takes a lot of effort.

shadowrelay@lemmy.ml on 03 Feb 12:20 collapse

Working on implementing snort to capture hacking attempts and taking away their access, its very unfair with other users because the IPs would become technically unusable, captcha on every request.

ki9@lemmy.gf4.pw on 05 Feb 19:04 collapse

Good, that’s probably the best you can do, I’m not an expert. I also meant, do you have a bulletproof upstream or are they going to terminate your service if you sent too many hacks?