I looked at this, and the idea seems very interesting being tied into a per application “firewall” which I think actually works more like per application routing, or even better per domain. This would actually be a big convenience to send some traffic that doesn’t like you being in one location to another vs a VPN. However, I can’t actually see how it would be better than a VPN necessarily.

  • First - it seems like it could not really work for SSL without MITM it at the browser level? Or it at least has to be DNS based (and still the HTTPS based DNS would thwart this) and therefore not really per domain right?

  • Second, what are they charging for here? It sounds like it’s access to TOR, though they claim it’s only TOR Like, I fail to see why anyone would provide them an exit node or transit node for free when they’re charging end users for access.

  • Presumably the reason people use VPNs rather than TOR is a mix of issues, but the main one I remember is performance. TOR is slow. I don’t see how this would be faster. The privacy one is that you’ve got the exit node issue which is the same as the VPN exit node (i.e. there are side channels to get identity, and you’re still having someone else seeing all exit info - in this case a random person rather than a company, we can decide which is more trustworthy, but I don’t think it’s an obvious win).

    • Saik0@lemmy.saik0.com
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Seems that it’s automatic split tunneling by application/stream. And with multiple out nodes. So basically split tunnel + tor? Still requires that you trust the app itself, the exit nodes, every node along the way, etc…

        • Saik0@lemmy.saik0.com
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Yeah, I’m not onboard… I’d rather vet a single company (vpn provider) and keep track of their goings-on rather than trust that a system with many actors are trustworthy with no incentive to be. A VPN provider that claims to not track logs… but gets found out that it does… dies. There’s a direct incentive here.

          This system? There’s no way that the money you pay for this SPN service is making it to all the exit/traversal nodes. There’s nothing that would stop any given node from being malicious… forget just basic vetting of each node would be a massive cost alone. We can trust encryption… but we already do that with https and other protocol level stuff too. At that point I might as well just trust my ISP if I have to infer trust into each node like this.

          I get tor… I get it’s uses… I don’t get how this is adding all that much more to the topic from a security perspective if it’s only “tor-like” (not using tor nodes). Tor still has it’s own issues as well.