I looked at this, and the idea seems very interesting being tied into a per application “firewall” which I think actually works more like per application routing, or even better per domain. This would actually be a big convenience to send some traffic that doesn’t like you being in one location to another vs a VPN. However, I can’t actually see how it would be better than a VPN necessarily.
-
First - it seems like it could not really work for SSL without MITM it at the browser level? Or it at least has to be DNS based (and still the HTTPS based DNS would thwart this) and therefore not really per domain right?
-
Second, what are they charging for here? It sounds like it’s access to TOR, though they claim it’s only TOR Like, I fail to see why anyone would provide them an exit node or transit node for free when they’re charging end users for access.
-
Presumably the reason people use VPNs rather than TOR is a mix of issues, but the main one I remember is performance. TOR is slow. I don’t see how this would be faster. The privacy one is that you’ve got the exit node issue which is the same as the VPN exit node (i.e. there are side channels to get identity, and you’re still having someone else seeing all exit info - in this case a random person rather than a company, we can decide which is more trustworthy, but I don’t think it’s an obvious win).
I just wish the article explained things a bit better; the way it reads, the writer doesn’t really know what a Virtual Private Network is in the first place, or what split tunnelling is. And yet the article is on the website of the company providing the service. It doesn’t really inspire confidence.
Did they just describe Tor? Because it sounds an awful lot like they described Tor, but with a subscription! Perhaps they offer to run their own high speed Tor network for an access fee, which is atrocious because it’s still one provider knowing everything. Tor works because it’s so diverse, and the (theoretical) chances of having all three nodes run by the same operator is very slim
Basically a startup founded by rich guys (investing 200,000 euros) getting some state grants trying to sell crypto-friendly VPN (see the white paper). SPN stands for “Safing Privacy Network” (Safing being the company brand). Nothing new nor nice + marketing lies (VPN not being open-sourced nor easy…).
How is it different from split tunneling?
Seems that it’s automatic split tunneling by application/stream. And with multiple out nodes. So basically split tunnel + tor? Still requires that you trust the app itself, the exit nodes, every node along the way, etc…
Sounds dangerous
Yeah, I’m not onboard… I’d rather vet a single company (vpn provider) and keep track of their goings-on rather than trust that a system with many actors are trustworthy with no incentive to be. A VPN provider that claims to not track logs… but gets found out that it does… dies. There’s a direct incentive here.
This system? There’s no way that the money you pay for this SPN service is making it to all the exit/traversal nodes. There’s nothing that would stop any given node from being malicious… forget just basic vetting of each node would be a massive cost alone. We can trust encryption… but we already do that with https and other protocol level stuff too. At that point I might as well just trust my ISP if I have to infer trust into each node like this.
I get tor… I get it’s uses… I don’t get how this is adding all that much more to the topic from a security perspective if it’s only “tor-like” (not using tor nodes). Tor still has it’s own issues as well.