Hi, following this topic, I’m curious to know, would SPN be recommended instead of using a VPN?
We haven’t tested Safing Privacy Network, but they have been around for a while and I think the team behind the product is trustworthy. Some of them are members of this forum.
I don’t see how SPN could be worse than a VPN in any situation, assuming you trust Safing as much as you do Proton/IVPN/Mullvad. Whether SPN is better than a VPN, I can’t voice an opinion on that one way or the other.
It is similar to VPN, so not sure replacing it would be any different as Jonah pointed out.
The benefit is if you want to maintain multiple identities or multiple locations while not wanting to switch networks. I don’t use it, but I’d find it useful if lets say I wanted to watch American Netflix while browsing a Norwegian banking website. Its more granular control.
Now if they implement multiparty relay, they’d have my money immediately.
Wouldn’t this achieve similar results of Qubes, but easier and without switching OS?
This is basically compartmentalization on each connection that your computer is making no?
The only catch is the price then?
Could you elaborate? What’s that?
Nope. Qubes is strict isolation by virtualization. SPN is basic network tunnels based on application. It is supposed to be used for basic IP protection and bypassing geoblocked content, not actually maintaining strict boundaries against network level adversaries.
Its similar to Apple multi party relay where 2 providers handle your traffic together. One handles the first hop, and another entirely different provider handles the 2nd hop. The idea is to prevent first provider from knowing your traffic destination, and the second one from knowing your IP origin. It improves privacy better than a VPN, and is theoretically more secure than tor network (where exit nodes see unencrypted traffic, large orgs control lots of nodes, etc.) if you actually trust the providers to not conspire together and share data.
No current solution is better than tor as of current availability though. Apple MPR is a weak ass version of it. Outside of apple Invisv used to exist, but doesn’t anymore afaik, which is quite sad.
I tried a while back to setup my own MPR, where I controlled the first hop, and cloudflare did the second. But it proved ineffective in improving privacy since me operating the first hop would anyway deanonymize me. The technology problem also looks more complex than I could handle
What does multiplay relay mean? Something like Orchid VPN?
No, its different from decentralized VPN, which is what orchid seems to be. Decentralized VPNs are just tor network again.
An MPR would require changing how packets are sent, maybe something like the QUIC proxy Apple used. Since the idea is the 1st provider cannot see the traffic.
I have also elaborated in edits above. I have a tendency to edit answers a lot for like the first few minutes to adjust it
Gotcha.
I must point out that a generic multiparty relay isn’t necessarily a limitation of a protocol (SPN in this case) but of the implementation (that is, Portmaster, the client, which runs SPN could implement multiparty relay).
In case of MASQUE (Apple’s Private Relay over Akamai & Cloudflare), the protocol itself has inherent guarantees (like Tor’s Onion routing / I2P’s Garlic routing), so may be you’re looking for a multiparty relay of a specific kind?
I am curious because there’s even more ways to “multiparty relay”. In my toy app, for example, DNS can be relayed already (pretty easily over more than one party). Relaying TCP & UDP that I’m working on (WireGuard relayed over another WireGuard; specifically, Proton over Amnezia) has turned out to be an enormous pain (on top being fragile), and so I was mulling whether I should spend more time pushing that over the line…
Yes, that’s exactly the kind I would be looking for. If it is just layering VPN over VPN, then I can already do that by using on device and router level VPN, although an easier solution for that would also be great.
Yeah. You can do Oblivious HTTP, you can do MPR within apps, you can honestly even use gray area residential proxies. But the kind I would want would be guaranteed by protocol.
This would also be a good solution, since VPN over VPN is hard to do without using a separate device on locked down environments like Android.
I think this is what is generally always implied by the term “multi-party relay,” as opposed to simply connecting to a VPN via another VPN or something. I think Safing can do this separation, although I’m not sure how many nodes on their network are actually run by third-parties, so in practice it may not be utilized fully.
So safing has a proper MPR with masking for first hop? I couldn’t find it on their website. Or is it that they can do VPN over VPN? Or is it just routing between 1-2 hops within their own network?
Safing uses onion routing already, so on a protocol level it does provide this separation between hops. I think many if not most nodes are run by Safing alone though, so there are still other ways they could correlate traffic. My understanding is that this is where community nodes come into play.
Safing asked Privacy Guides to run a community node at one point, but we declined to do so.
Ah, so they use the protocol, but not the separation. Community nodes would fail to solve the issue I am imagining because it is again similar to the Tor network. MPR requires strict separation between the entities, and the entities should not be able to conspire together.
Like a swiss provider handles the first hop and a Swedish provider handles the second hop
Any specific reason?
The Tor network does solve this problem already by routing traffic through random unaffiliated nodes, so I’m not sure I understand what you are referring to here.
Tor network is not guaranteed to be separate. Nodes are controlled by larger orgs, shadow organisations, etc. due to high risk and resources needed to run a node. Deanonymization by an entity that controls the network breaks the multi-party part of the network.
This is not an individual opinion, the deficiencies of the Tor network are well known and regularly pointed out by research orgs, projects like GOS, experts like Grugq and Schneier, etc.
An ideal MPR would have proper separation by only allowing specific, verified operators to run specific parts of the hops. Why can’t tor do this? Because it requires scale since onion routing protects neither the origin IP from middle nodes, nor traffic from exit nodes. Thus newer protocols like MASQUE which create proxies like QUIC are needed. Using them will allow anonymity even if an org controls a large part of the network, but only on one side of the hop. Thus it can use large scale operators like VPNs and not depend on unverified nodes.
The situation right now is:
You → Tor Entry Node → Tor Middle Node → Tor Exit node → Unencrypted traffic
Tor Entry Node: Can see origin IP, doesn’t know endpoint, can be run by unverified shadow org
Tor Middle Node: Can see the entry and exit IP, can be run by unverified shadow org
Tor Exit node: Can see unencrypted traffic, can see endpoint, can be run by unverified shadow org
The situation I wish is:
You → MPR Entry Operator → MPR Exit operator → Encrypted Traffic
MPR Entry Operator: Knows origin IP, doesn’t know endpoint, is run by a verified org
MPR Exit Node: Knows Entry Operator IP, knows endpoint but can’t see the encrypted traffic, is run by a verified org
And MPR entry operator can only run entry nodes, while exit operator can only run exit nodes.
The idea again is that verified orgs running specific nodes with protocol guaranteed encrypted traffic is a lot better than unverified random orgs running nodes without any strict separation of which kind of nodes they can run, and which can see unencrypted traffic.
Also Tor makes you stand out like crazy. Random VPN connections less so.
Also can you clarify this? I am very curious here.
You → Tor Entry Node → Tor Middle Node → Tor Exit node → Unencrypted traffic
…
You → MPR Entry Operator → MPR Exit operator → Encrypted traffic
You misunderstand MASQUE & Tor.
There’s nothing stopping “You” from sending encrypted (exit) traffic (or unencrypted, for that matter) in both those scenarios.
The idea again is that verified orgs running specific nodes with protocol guaranteed encrypted traffic
With Tor, one can choose to configure it to stick to a specific set of nodes (presumably the trustworthy ones), though it isn’t recommended.
There’s nothing stopping “You” from sending encrypted (exit) traffic (or unencrypted, for that matter) in both those scenarios.
Its less misunderstanding, more lack of analogies. It is why I preface the arrow diagram with “an ideal MPR”. An ideal MPR would force encrypted traffic. I used MASQUE because that is what Apple uses (which I already called weak ass). Thats why the use of words like “like MASQUE” and not “just use MASQUE”. I am not sure what protocol forces encryption on both hops. That is also not what Tor does.
Its similar to VPNs, which force encrypted tunnels between yourself and the VPN server, irrespective of if you encrypt the traffic or not by wrapping it in a tunnel.
The end part of MPR can be a DNS resolver, which is the entity that would see the actual traffic. The DNS resolver can be both the second hop provider or someone else.
With Tor, one can choose to configure it to stick to a specific set of nodes (presumably the trustworthy ones), though it isn’t recommended
Mono culture of interesting target
I gotta say I was using (paying) Safings SPN pretty much from the beginning and there was a lots of cases where it didn’t work well. Some sites just didn’t load, some blocked the connection and it was way too slow when waking up my computer sometimes requiring to restart the SPN. Also while I love the software there were almost no improvements over the years. I wanted to still use their firewall solution but it doesn’t work well with a VPN so quite recently I have “ditched” the solution altogether.
If you are interested, I suggest to try it, but currently it doesn’t add much and sometimes its plain inconvenient. I heard though there will be a big change/feature comming, so we’ll see. Until then, standard firewall + VPN it is. (Btw some VPNs can do more than one hops - like ProtonVPN Secure Core or how its called).
Well, with the recent acquisition by IVPN, the team is theoretically going to be growing and hopefully development will speed up as well.
do you know any vpn that offers different vpn server for each website like SPN does ? , afaik only expressvpn added this a few months ago , but having proprietary clients is one of many reasons i don’t like them and would prefer a privacy respecting alternative