Dont want to self promote, just looking for some feedback on a vpn im building and the thoughts and reasoning behind why i’m doing certain things.
Token instead of account username/password (pretty self explanatory) No 3rd party processor for XMR payments and running my own node Shared exits with 2 locations ( no obvious correlation between 1 user = 1 ip) Wireguard Only for smaller attack surface Endpoint flushing when a handshake is over 10 mins old on wg interface so the user’s IP doesnt even live in RAM .onion mirror available which I encourge you to use
I explain other stuff mostly on the FAQ, i encourge everybody to read it please!
There are a few monero vpns on kycnot.me… You should consider listing there when you feel ready.
Curious about your upstream… Are they going to send takedown letters for torrent seeding? Are you ready for users to hack with your exit nodes and get blacklisted?
This is the catch-22: non-kyc (anonymous) proxies get abused/blacklisted and become useless for anonymous browsing.
Working on implementing snort to capture hacking attempts and taking away their access, its very unfair with other users because the IPs would become technically unusable, captcha on every request.
Thanks, i’ll do that. I can’t really control weather they’ll send letters to me or not but what i can do is be honest about it. I do have a warrant canary on the website indicating weather that claim can be made or not without breaking any legal boundaries. No provider is ready for that usecase but it’s something you must accept. If i want to fight it, the no log policy can no longer be made. for me to handle abuse, internal logging is required else how would i tell which connection, which internal IP is sending that given traffic. Even for the provider, all IPs in memory inside wg interface is indistinguishable. the more users we have the more anonymous it becomes. More people = more plausible deniability. The only threat model is if the server provider is required to compell with authorites granting them root access and monitoring connection real time getting them a step closer to fiding the possible endpoint to do more monitoring. Takes a lot of effort.
Are you running on baremetal or a VPS? Cuz thats seriously important. (Also this looks pretty similar to Mullvad)
Vps so far was looking for dedicated options. Service is very cheap, 0.01 xmr for a 3 months sub but im reinvesting every revenue into the service
Is it proprietary or open source?
i was definitely planning to put up a section on the website about certain server-side configurations, however the backend is not meant to be open source. It runs with wireguard so theres not much configuration anyways, wireguard is by default not logging any data + as i mentioned i have a script that runs every 5 minutes checking for inactive handhakes, flushing the endpoint after 10 minutes of inactivity removing the endpoint from memory aswell, never gets on the disk anyways, never lives inside the .conf either its all done by a script.
Ok
