Bitcoin VPN Eliminates Confidence in Privacy – Bitcoin Magazine
This is an opinion editorial by Moustafa Amin, a technology leader with more than 20 years of professional experience across large organizations, service providers and telephone companies.
Bitcoin is undoubtedly the world’s newest form of money. Governed by no central authority and controlled by no one, it represents the economic salvation that the world is looking for. In my opinion, Bitcoin freedom can be extended to escape the eavesdroppers who work relentlessly day and night to intercept, monitor or even control our online activities.
Traditional VPN
Today, if two endpoints want to talk privately with each other, they usually have to do so via a trusted third-party intermediary. As an example, consider what happens if two endpoints want to set up a virtual private network (VPN) tunnel between them to conduct a private conversation over the public Internet. They must first be able to find out about each other. This is the discovery part.
If the two endpoints can somehow find each other, they may still not be able to communicate directly – for example, if they have private IP addresses or are hidden behind broadband routers or gateways. This is the data communication section.
Additionally, if more than one device wants to share the same VPN channel to talk to each other, additional information must be exchanged between all VPN points.
The first two parts of this process involve the use of a third party to facilitate discovery and communication. For example, the two endpoints must purchase a service from a VPN service provider and specify that they want to communicate. The service provider acts as a trusted intermediary for the two parties.
(Graphics/Moustafa Amin)
Challenges
This third party must not only be trusted, but must also be trustworthy. If it’s compromised, privacy is gone. It must also always be online. If this third party were to go out of business, the two endpoints would not be able to communicate with each other.
A pressing problem present in this centralized VPN model is the need to distribute a shared key to the communicating devices that they use to encrypt and decrypt the traffic between them. This key exchange usually happens over a separate channel – an out-of-band channel (think: email, phone, text message, etc.). This apparently lacks the desired privacy-prohibiting interception or illegal interception of the shared key.
Also, it is not uncommon in some countries to restrict known VPN ports. It happened to me when I opted for an annual subscription to a well-known VPN service. I found that my VPN client could not connect to any VPN server worldwide. I opened a case with the supplier and luckily they understood the situation and refunded my money.
In addition, some banks or other traditional financial systems (credit cards or payment processors) may refuse or limit payments if one attempts to subscribe to known global VPN services.
Now the question becomes: How do we allow two or more devices to communicate with each other without the use of third-party intermediaries, thus avoiding all these problems? To answer this, I am happy to introduce Bitcoin VPN.
What is Bitcoin VPN and how does it work?
Bitcoin VPN is a solution that leverages the Bitcoin network (Layer 1) or Lightning Network (Layer 2) to allow two or more parties to discover each other and be able to communicate privately over the public internet.
As with traditional VPN, a Bitcoin VPN client must access the web portal of the desired VPN service. This client could be a telecommuter who needs to connect to and access corporate headquarters, or a regular VPN user who wants to access the internet from another location to bypass content restrictions, for example.
Upon selecting the VPN service, the client will be presented with a Lightning invoice or simply a wallet address along with a corresponding transaction amount that needs to be sent. In the case of a telecommuter, the transaction amount should be minimal (no business will bill its employees to connect to the network). For a regular VPN service, the transaction may be an hourly bill.
In all cases, the client sends the transaction to the presented Bitcoin address.
Once received, the VPN server responds by sending back to the client a transaction and sends the server’s public key as a plaintext embedded in the transaction metadata.
As everything is publicly stored on the Bitcoin ledger and to avoid possible eavesdropping, the client encrypts the following data using the received public server key:
- The client’s public IP address.
- The client’s public key.
- Other options that will be required for the VPN connection (port number, etc.).
The client sends another transaction to the server, inserting the encrypted message from the previous step into the transaction metadata.
The server decrypts the encrypted message using its private key.
Equipped with all the necessary information for the VPN, the server then creates the necessary VPN tunnel to the client (public IP address: port number) and pairs using the client’s public key for the VPN encryption. Note how this differs from a traditional VPN where the client is usually the initiator of the tunnel.
Three-way handshake and VPN tunnel establishment (graphical/Moustafa Amin)
For anyone who would argue that the same can be achieved with other cryptocurrencies, my goal with Bitcoin VPN is to avoid the centralized nature and subsequent challenges of traditional VPNs by leveraging the true and most decentralized ledger out there (Bitcoin). Just put aside your desire to control and/or make money by uselessly injecting your subordinate altcoin into the conversation.
Finally, it is clear that Bitcoin, with its unique decentralized architecture, offers limitless possibilities other than its apparent financial capabilities.
This is a guest post by Moustafa Amin. Opinions expressed are entirely their own and do not necessarily reflect the opinions of BTC Inc. or Bitcoin Magazine.
