from Hacker News

FreePN: Open-source peer-to-peer VPN service

by jtanderson on 10/16/20, 2:58 AM with 129 comments

by woodruffw on 10/16/20, 4:11 AM
This appears to be the main repository for their "VPN" daemon: https://github.com/freepn/fpnd
Some observations:
* It's not actually a virtual private network, at least by the traditional definition. They route HTTP(S) and DNS traffic only; other protocols (presumably) get routed in the clear.
* IPv6 isn't supported at all.
* I might be missing it, but I can't find any cryptographic design documents or a threat model anywhere. A quick repo search doesn't even bring up any cryptographic primitives, which makes me wonder about malicious peers.
It's good to have more competition in this space, so I'd like to be wrong (or eventually wrong, feature-wise) about all of the above. But if I'm right, this is roughly the same as using a SOCKS proxy (and maybe a bit worse, if any other peer can futz with your traffic).
by anderspitman on 10/16/20, 4:17 AM
I have a project I want to do that would involve a lot of YouTube scraping. But they'll throttle you if they detect it. This led me down the rabbit hole into the world of residential proxy services. Some of them[0] advertise up to 40 million IPs. I can't imagine many of the owners of those IPs know what they're being used for.
It would be cool if there was a reputable open source project that would let people share/buy residential proxy usage, but at the end of the day there's no way to guarantee people aren't doing horrible things with your IP.
[0]: https://smartproxy.com/
by FreshFries on 10/16/20, 11:43 AM
For people who are even considering this as a nice service: setup a tor exit node and let it run for a week or so (takes time before it will actually route traffic through your new node) and experience the no more Netflix, captchas left and right and possible issues with your ISP & local law enforcement.
If you for a minute think this / your IP address will not be misused to scrape, grief, DDoS, up & download "questionable content", you are very wrong.
by eightails on 10/16/20, 4:02 AM
They tried to promote the launch of this service on a bunch of linux-related subreddits 6 months ago, and I wasn't much of a fan of the concept or the way they advertised it, in skipping over the p2p nature of the system.
Their answer to the question of 'what happens when a bad actor has their illegal activity routed through my connection' seemed illogical. They claimed that as more people signed up, the proportion of bad actors would decrease [0], which makes no sense to me.
Also, I'm not entirely sure what methods they have taken to stop a bad actor from collecting packets from other users that are routed through the bad actors exit node.
The worst thing IMO is the way it's being presented and marketed. The impression the website gives is that its just like all other VPNs but free, which is very misleading.
[0] https://www.reddit.com/r/Ubuntu/comments/f5y6qg/update_launc...
by api on 10/16/20, 3:18 AM
If its P2P it means it uses other peoples' nodes as your exit node, sort of like Tor but without the onions.
That's risky. What happens to me if someone does something illegal via my connection? How could I prove it wasn't me? Maybe I could win in court by citing my use of something like this, but I really don't want to be dragged into court in the first place even if I end up walking out.
by piracy1 on 10/16/20, 5:29 AM
Wait, so the idea is basically, don't trust ur ISP? Have you tried Craig from Bosnia?
by jmarbach on 10/16/20, 4:03 AM
It looks like this will help protect your privacy when configured properly, however, it may be more difficult to accomplish one of the key values VPN users seek: navigating around censorship walls. Does anyone know if it's possible to specify the location of your exit node in the network?
by rntksi on 10/16/20, 8:36 AM
I think this project is piggybacking on ZeroTier.
ZeroTier is actually quite good. I've used it successfully in/for enterprise-grade services.
by _znkz on 10/16/20, 5:41 AM
This is all very unexpected actually! (No one from FreeVPN made the post here!) We've been doing some early market testing in a few Linux communities on Reddit, but full disclosure, the product is currently in an early-alpha stage (it’s only available on Ubuntu and Gentoo Linux currently, and very much under construction). We have big ambitions for the project, but it is still very early days.
Love hearing the feedback from everyone here — some very valid criticisms from a lot of folks — and on a lot of points that have been brought up here, we actually have plans to address. A few bullet points on where we are as an organization / project:
— the marketing copy isn’t set in stone — I’ve been working on the site a bunch recently & it’s very much in flux (we’ve been posting in a few Linux communities to see what the response looks like) — when we posted a few months ago about the project, in all honesty, it was a demand test to see if this would be something worth pursuing — but we’ve been trying to take the feedback from those posts to heart in our development process — we market ourselves as a VPN, but to be clear we _are_ a dVPN (distributed VPN). The peer-to-peer VPN wording on our site is mostly for the sake of simplicity. I’d point most folks to our project README on GitHub for more in-depth technical details. — right now FreePN is structured as a 1-to-1 peer connection, but we eventually plan to build in multi-tenant peer support as well as optional multi-hop routing (similar to Tor) and selective whitelisting of domains so that as a peer you can elect to categorically block certain types of sites — say torrenting. These blocklists would draw from open-source category site-lists like Fortiguard. — we do currently only route web traffic (+ DNS) — so only traffic on ports 80 and 443 is being routed (optionally port 53) — we don’t currently support IPv6 (though we have plans to add support in the future) — we don’t log traffic (you can see in the repo), and while peers logging traffic is a potential concern, that’s only true if you’re using non-HTTPS connections (we have plans to bake in something similar to HTTPS Everywhere, automatically upgrading connections).
As far as our vision for the product — our goal for FreePN is to eventually become a ‘privacy all-in-one’. We started FreePN because we care deeply about internet privacy — but trying to protect yourself online practically is a very technical and time-consuming endeavor (basically — it’s really hard to protect your privacy online, and we’re trying to make it easy). In terms of features, we’re working on building in ad-blocking as our next major milestone.
I’ll do my best to respond to everyone’s questions and concerns here this evening / in the morning & tomorrow as I’m able!
by zwilliamson on 10/16/20, 5:04 AM
Anyone else getting "NetworkError when attempting to fetch resource. Please refresh and try again." when trying to sign up for email notifications for MacOS?
by illuminati1911 on 10/16/20, 3:28 AM
What's the catch?
by bawolff on 10/16/20, 4:48 AM
Hmm. Dont see any white paper or design docs on their website. Did i miss it.
At a glance sounds like a reinvention of Tor, but less secure.
by parliament32 on 10/16/20, 4:25 PM
But this isn't a VPN, it's just a glorified p2p "residential proxy" service (only forwards HTTP/S traffic and optionally DNS). And when you run this you become an exit node for other people. Scary stuff.
by alvarlagerlof on 10/16/20, 5:35 AM
The comments here make me wonder it this so actually made by some malicious state.
by aero-glide on 10/16/20, 6:04 AM
How does this compare with SoftEther VPN gate? That's decentralized too
by dhaavi on 10/16/20, 6:56 AM
If anyone of the FreePN guys is still lurking around:
What is your business model?
I understand that you don't need servers, because your users supply that part, but who pays for development, support, and all that stuff?