Hi, following this topic, I’m curious to know, would SPN be recommended instead of using a VPN?
We haven’t tested Safing Privacy Network, but they have been around for a while and I think the team behind the product is trustworthy. Some of them are members of this forum.
I don’t see how SPN could be worse than a VPN in any situation, assuming you trust Safing as much as you do Proton/IVPN/Mullvad. Whether SPN is better than a VPN, I can’t voice an opinion on that one way or the other.
4 Likes
Wouldn’t this achieve similar results of Qubes, but easier and without switching OS?
This is basically compartmentalization on each connection that your computer is making no?
The only catch is the price then?
Could you elaborate? What’s that?
What does multiplay relay mean? Something like Orchid VPN?
Gotcha.
I must point out that a generic multiparty relay isn’t necessarily a limitation of a protocol (SPN in this case) but of the implementation (that is, Portmaster, the client, which runs SPN could implement multiparty relay).
In case of MASQUE (Apple’s Private Relay over Akamai & Cloudflare), the protocol itself has inherent guarantees (like Tor’s Onion routing / I2P’s Garlic routing), so may be you’re looking for a multiparty relay of a specific kind?
I am curious because there’s even more ways to “multiparty relay”. In my toy app, for example, DNS can be relayed already (pretty easily over more than one party). Relaying TCP & UDP that I’m working on (WireGuard relayed over another WireGuard; specifically, Proton over Amnezia) has turned out to be an enormous pain (on top being fragile), and so I was mulling whether I should spend more time pushing that over the line…
1 Like
I think this is what is generally always implied by the term “multi-party relay,” as opposed to simply connecting to a VPN via another VPN or something. I think Safing can do this separation, although I’m not sure how many nodes on their network are actually run by third-parties, so in practice it may not be utilized fully.
1 Like
Safing uses onion routing already, so on a protocol level it does provide this separation between hops. I think many if not most nodes are run by Safing alone though, so there are still other ways they could correlate traffic. My understanding is that this is where community nodes come into play.
Safing asked Privacy Guides to run a community node at one point, but we declined to do so.
3 Likes
The Tor network does solve this problem already by routing traffic through random unaffiliated nodes, so I’m not sure I understand what you are referring to here.
You misunderstand MASQUE & Tor.
There’s nothing stopping “You” from sending encrypted (exit) traffic (or unencrypted, for that matter) in both those scenarios.
With Tor, one can choose to configure it to stick to a specific set of nodes (presumably the trustworthy ones), though it isn’t recommended.
1 Like
I gotta say I was using (paying) Safings SPN pretty much from the beginning and there was a lots of cases where it didn’t work well. Some sites just didn’t load, some blocked the connection and it was way too slow when waking up my computer sometimes requiring to restart the SPN. Also while I love the software there were almost no improvements over the years. I wanted to still use their firewall solution but it doesn’t work well with a VPN so quite recently I have “ditched” the solution altogether.
If you are interested, I suggest to try it, but currently it doesn’t add much and sometimes its plain inconvenient. I heard though there will be a big change/feature comming, so we’ll see. Until then, standard firewall + VPN it is. (Btw some VPNs can do more than one hops - like ProtonVPN Secure Core or how its called).
3 Likes
Well, with the recent acquisition by IVPN, the team is theoretically going to be growing and hopefully development will speed up as well.
1 Like
do you know any vpn that offers different vpn server for each website like SPN does ? , afaik only expressvpn added this a few months ago , but having proprietary clients is one of many reasons i don’t like them and would prefer a privacy respecting alternative
1 Like
I have read their blogs and guides related to SPN vs VPN, but I am not sure how changing connected VPN servers for each connection (actually, each website or origin?) like SPN does offers privacy and security advantages over a regular VPN.
It may be that by changing the destination server for each website, one can hope to create the appearance of multiple online identities, but the VPN service recommended by PG has so many connectees on each server that it may be enough.
On the other hand, depending on the number of connectees and connection paths of the servers that the SPN connects to, wouldn’t this add a new data point for tracking/surveillance?
1 Like
Ah, so it was announced. There will likely be a vpn integration in portmaster.
I would say that most common threat models are ok with a single or double VPN hops. In the worst case you can have a system wide VPN with one browser excluded, and in that browser you can have a VPN addon for other server if there is some activity you don’t want to be associated with your usuals.
I think that SPN would be mostly useful for highly exposed people.
VPN integration has been on the coming features to be done in 2024 since i started using them over the summer. I’m not sure if the time frame has changed or not now though.
1 Like
It basically solves this problem: Basic 101 Networking question
What do you do when a banking website doesn’t load and you have many other tabs opened? Or reddit is blocking you because you use a VPN? If you disconnect, I learned that all other tabs will probably see your real IP.
The way I’m doing it right now, is leave the tab that doesn’t load for last. When only that one remains, I disconnect my VPN.
I could also use the solution by Jonah,
but I’d need to download a 4th browser and I don’t think I want to do that.
SPN seems like a great solution, but this
threw me off. Anyone else that uses it can share their experience?
I wonder if SPN’s strengths are its advanced split tunneling and flexible multi-hop capabilities, and with IVPN’s acquisition of Safing, I have a feeling those will eventually be implemented in IVPN as well.
As a concept, SPNs seem to be the evolution of a VPN.
@Rasta were you using SPN? If so, is your experience similar to whoami4?
Similar but not quite as bad I don’t think. I’ve only been using it for a little over a month now and while I have had some hiccoughs, it hasn’t been terrible. You can run it in parallel with a vpn that is split tunneling for apps that you want to come out in specific locations, and it has mostly worked fine for me.
The few issues I’ve had I’m not sure if they’re portmaster, the SPN, or my network itself. I moved around the time I set this up and so haven’t had a known good network to test on. Usually when I’m having issues though it’s effecting the VPN and the apps sent through SPN that aren’t routed through the VPN, so it could be a conflict, the network, or something else.
One thing to remember though is that the dev team has been essentially three people from what I understand, and now with IVPN coming in, if they don’t mess things up, it should get much better going forward.
Personally I’m hoping their Android app that’s in beta right now can be turned into essentially RethinkDNS but with SPN built in. And for general UI improvements on their desktop app. Oh, and the VPN support that I’m doubting will show up this year like it’s mentioned at this point…
1 Like