<timedatetime="21-08-17"class="post-date">Tuesday, August 17 2021</time>
</header>
<hr>
<p>Recently I’ve been thinking about starting a VPN service.
This service has some interesting requirements that I have never seen a VPN service do before, so I’d liKe to put down my thoughts as to what might be sensible for a centralized by encrypted VPN service.</p>
<p>I would license all the code and scripts under the AGPLv3.
This creates an environment where I could allow my company to use this code, and any other company for that matter but no company would be allowed to take it into their own hands and use it without contributing back to the project.</p>
<h2id="e2ee-vpn">E2EE VPN</h2>
<p>I want this service in many ways to copy <ahref="https://protonmail.com">ProtonMail</a>:
end-to-end encrypted (E2EE), and with a focus in data security for the user of the service.</p>
<p>Full encryption, so that even me, the writer and the deployer of the service, cannot view any information about the user: this is the utmost security.
The bad news is that this is very hard to do in a convenient way.
I’ve decided for now that the best thing to do is to target the Linux nerd.
Target the user who is familiar with these advanced security practices, then make them available to the general public as the layers on top of the robust security are refined.</p>
<h2id="why">Why?</h2>
<p>End-to-end encryption is necessary in a country like Canada, where I may be sent a subpoena to provide customer data.
This is the case especially in the <ahref="https://en.wikipedia.org/wiki/Five_Eyes">Five Eyes</a> anglophone group of countries, who essentially spy on each others’ citizens for their allies.
In essence, any data in the hand of one government agency may be shared between the Five, Nine, and 14 Eyes countries.</p>
<h2id="what-we-need">What We Need</h2>
<p>A VPN service needs access to some basic information:</p>
<ol>
<li>Service discontinue time (the amount of time until the customer must renew).</li>
<li>Active connections.</li>
</ol>
<p>The client needs access to some information from the server as well:</p>
<ol>
<li>A list of VPNs able to be connected to (with filters).</li>
<li>For every VPN:
<ol>
<li>IP Address.</li>
<li>Maximum bandwidth.</li>
<li>Number of connected users or connection saturation percentage.</li>
<li>Supported protocols.</li>
</ol>
</li>
</ol>
<p>Can we do this in a end-to-end encrypted fashion?
I’m honestly not sure. But here are my ideas so far as to how <em>some</em> of these functions might work.</p>
<h2id="how-to-do-it">How To Do It</h2>
<h3id="usernames">“Usernames”</h3>
<p>There will be one button to create your account: <em>“Generate username”</em>
The username, or unique identifier for a user will be generated for them by a random generator.
I plan to generate a username from a list of <ahref="https://en.wikipedia.org/wiki/Base64">Base 64</a> characters; it will be a guaranteed length of 16.
This gives a total of: <codeclass="language-plaintext highlighter-rouge">79228162514264337593543950336</code> or <spanclass="katex"><spanclass="katex-mathml"><mathxmlns="http://www.w3.org/1998/Math/MathML"><semantics><mrow><mn>7.9</mn><mo>×</mo><mn>1</mn><msup><mn>0</mn><mn>28</mn></msup></mrow><annotationencoding="application/x-tex">7.9 \times 10^{28}</annotation></semantics></math></span><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.72777em;vertical-align:-0.08333em;"></span><spanclass="mord">7</span><spanclass="mord">.</span><spanclass="mord">9</span><spanclass="mspace"style="margin-right:0.2222222222222222em;"></span><spanclass="mbin">×</span><spanclass="mspace"style="margin-right:0.2222222222222222em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.8141079999999999em;vertical-align:0em;"></span><spanclass="mord">1</span><spanclass="mord"><spanclass="mord">0</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8141079999999999em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mtight"><spanclass="mord mtight">2</span><spanclass="mord mtight">8</span></span></span></span></span></span></span></span></span></span></span></span> posibilities.
This is sufficient for a username.</p>
<p>The other option is to use a standard “username” field that uses a modern hash function like <ahref="https://en.wikipedia.org/wiki/Secure_Hash_Algorithms">SHA512</a> to store it in the database.
This is less secure as it is vulnerable to a brute-force attack of finding users,
but this is also a very easy attack to defend against, i.e. IP banning after 10-ish tries of not finding a username.</p>
<p>A <em>non-unique, universal</em> salt will also be used on each username to make it more secure.
This decreases the possibility of an advanced attacker being able to find usernames in a leaked database.
That said, the fact that it is a fixed salt makes it much more vulnerable to an attack.
Although it would be known only by the server machine, it would still be somewhat of a vulnerability.
The operator may also store the salt in an encrypted password store of their own in case the server is erased, broken into, etc.
It would be fairly easy, if they have access to the active salt, to migrate to a new salt every few days/months, or perhaps every time a server change happens.
In the end, they would need a backup of this salt, otherwise login times would become linear to the number of users as the database checks every user’s salt to see if it matches the hash made with the username input.</p>
<p>So, here’s the overview:
The username will be generated, then stored <em>after</em> being salted and hashed.
The salt will be a fixed or rolling salt across all usernames to avoid linear scaling of searching for a user.
The server will only see the username once, when sending it to the user for them to save for the first time;
there will be no database entry with the original username in it.</p>
<p>This does mean that if the username is lost, the account is lost too. There is no way to recover the account.</p>
<h3id="passwords">“Passwords”</h3>
<p>There are a few options for passwords/secret keys.</p>
<p>I think the best is to treat it similarly to the username is above, except it will <em>not</em> be generated for you.
When a new account is generated, you will be taken to a password reset screen where you will set your password to whatever your want, using your own secure system to handle it.
This is ideal for Linux and tech enthusiasts as they generally already have a password management system setup.</p>
<p>This will also be salted, with its own unique salt, then hashed and stored alongside the username.</p>
<h3id="active-time-remaining">Active Time Remaining</h3>
<p>It is easy and ideal to have a field connected to a user with their expiry date for their account.
When a payment is made, this date will be increased by the number of days, hours and minutes proportional to the payment received.</p>
<p>This is the second biggest threat to the users’ data privacy, as this, by definition, cannot be encrypted as my server needs access to this data to decide whether a user should be allowed to: view a list of VPN nodes available to them or connect to a VPN.
The best I can do in this case is make sure the database and root hard disk are fully encrypted with a password on boot so if asked for data I can simply shut it down.</p>
<p>This is not a fantastic solution, and still has the threat of a service provider snooping in on the database.
The truth is: a service provider has root access to any machine it hosts.
This necessitates that the <em>physical</em> infrastructure hosting the central database server must by physically owned and operated by the VPN operator.
In addition, it means top security root passwords, tamper resistant cases (in the case of a co-hosting or server room environment), sensors to indicate it has been opened or touched.
If you thoughts this was bad, wait until the next part.</p>
<p>In order to stop a user from simply using the entire bandwidth of all my VPN nodes available to them, I need a way to know how many active connections the user has.
This is <em>by far</em> the biggest issue in terms of user privacy.
There are a few options here:</p>
<ol>
<li>Do not have a limit on the number of connections a user may have. This is dangerous from a DDoS (distributed denial of service) perspective.</li>
<li>Have a list of connected users sent to the central server every 15 to 30 seconds. This is fairly efficient, but more privacy invasive.</li>
<li>???</li>
</ol>
</article>
</main>
<hr>
<footer>
This page is mirrored on <ahref="https://beta.tait.tech/2021/08/17/vpns-api/">beta.tait.tech</a>.
<aclass="post-title-link"href="/2021/08/17/vpns-api/">Idea For A VPN Service</a>
</h2>
<timeclass="post-date"datetime="21-08-17">
17 August 2021
</time>
</header>
<divclass="post-excerpt"><p>Recently I’ve been thinking about starting a VPN service.
This service has some interesting requirements that I have never seen a VPN service do before, so I’d liKe to put down my thoughts as to what might be sensible for a centralized by encrypted VPN service.</p>
<?xml version="1.0" encoding="utf-8"?><feedxmlns="http://www.w3.org/2005/Atom"><generatoruri="https://jekyllrb.com/"version="4.1.1">Jekyll</generator><linkhref="http://localhost:4000/feed.xml"rel="self"type="application/atom+xml"/><linkhref="http://localhost:4000/"rel="alternate"type="text/html"/><updated>2021-06-17T15:52:35-06:00</updated><id>http://localhost:4000/feed.xml</id><entry><titletype="html">Pinebook Pro, The Ultimate ARM Laptop</title><linkhref="http://localhost:4000/2021/06/02/pinebook-pro/"rel="alternate"type="text/html"title="Pinebook Pro, The Ultimate ARM Laptop"/><published>2021-06-02T00:00:00-06:00</published><updated>2021-06-02T00:00:00-06:00</updated><id>http://localhost:4000/2021/06/02/pinebook-pro</id><contenttype="html"xml:base="http://localhost:4000/2021/06/02/pinebook-pro/"><p>I recently got my Pinebook Pro.
<?xml version="1.0" encoding="utf-8"?><feedxmlns="http://www.w3.org/2005/Atom"><generatoruri="https://jekyllrb.com/"version="4.1.1">Jekyll</generator><linkhref="http://localhost:4000/feed.xml"rel="self"type="application/atom+xml"/><linkhref="http://localhost:4000/"rel="alternate"type="text/html"/><updated>2021-08-22T22:17:19-06:00</updated><id>http://localhost:4000/feed.xml</id><entry><titletype="html">Idea For A VPN Service</title><linkhref="http://localhost:4000/2021/08/17/vpns-api/"rel="alternate"type="text/html"title="Idea For A VPN Service"/><published>2021-08-17T00:00:00-06:00</published><updated>2021-08-17T00:00:00-06:00</updated><id>http://localhost:4000/2021/08/17/vpns-api</id><contenttype="html"xml:base="http://localhost:4000/2021/08/17/vpns-api/"><p>Recently I’ve been thinking about starting a VPN service.
This service has some interesting requirements that I have never seen a VPN service do before, so I’d liKe to put down my thoughts as to what might be sensible for a centralized by encrypted VPN service.</p>
<p>I would license all the code and scripts under the AGPLv3.
This creates an environment where I could allow my company to use this code, and any other company for that matter but no company would be allowed to take it into their own hands and use it without contributing back to the project.</p>
<p>I want this service in many ways to copy <a href="https://protonmail.com">ProtonMail</a>:
end-to-end encrypted (E2EE), and with a focus in data security for the user of the service.</p>
<p>Full encryption, so that even me, the writer and the deployer of the service, cannot view any information about the user: this is the utmost security.
The bad news is that this is very hard to do in a convenient way.
I’ve decided for now that the best thing to do is to target the Linux nerd.
Target the user who is familiar with these advanced security practices, then make them available to the general public as the layers on top of the robust security are refined.</p>
<h2 id="why">Why?</h2>
<p>End-to-end encryption is necessary in a country like Canada, where I may be sent a subpoena to provide customer data.
This is the case especially in the <a href="https://en.wikipedia.org/wiki/Five_Eyes">Five Eyes</a> anglophone group of countries, who essentially spy on each others’ citizens for their allies.
In essence, any data in the hand of one government agency may be shared between the Five, Nine, and 14 Eyes countries.</p>
<h2 id="what-we-need">What We Need</h2>
<p>A VPN service needs access to some basic information:</p>
<ol>
<li>Service discontinue time (the amount of time until the customer must renew).</li>
<li>Active connections.</li>
</ol>
<p>The client needs access to some information from the server as well:</p>
<ol>
<li>A list of VPNs able to be connected to (with filters).</li>
<li>For every VPN:
<ol>
<li>IP Address.</li>
<li>Maximum bandwidth.</li>
<li>Number of connected users or connection saturation percentage.</li>
<li>Supported protocols.</li>
</ol>
</li>
</ol>
<p>Can we do this in a end-to-end encrypted fashion?
I’m honestly not sure. But here are my ideas so far as to how <em>some</em> of these functions might work.</p>
<h2 id="how-to-do-it">How To Do It</h2>
<p>There will be one button to create your account: <em>“Generate username”</em>
The username, or unique identifier for a user will be generated for them by a random generator.
I plan to generate a username from a list of <a href="https://en.wikipedia.org/wiki/Base64">Base 64</a> characters; it will be a guaranteed length of 16.
<p>The other option is to use a standard “username” field that uses a modern hash function like <a href="https://en.wikipedia.org/wiki/Secure_Hash_Algorithms">SHA512</a> to store it in the database.
This is less secure as it is vulnerable to a brute-force attack of finding users,
but this is also a very easy attack to defend against, i.e. IP banning after 10-ish tries of not finding a username.</p>
<p>A <em>non-unique, universal</em> salt will also be used on each username to make it more secure.
This decreases the possibility of an advanced attacker being able to find usernames in a leaked database.
That said, the fact that it is a fixed salt makes it much more vulnerable to an attack.
Although it would be known only by the server machine, it would still be somewhat of a vulnerability.
The operator may also store the salt in an encrypted password store of their own in case the server is erased, broken into, etc.
It would be fairly easy, if they have access to the active salt, to migrate to a new salt every few days/months, or perhaps every time a server change happens.
In the end, they would need a backup of this salt, otherwise login times would become linear to the number of users as the database checks every user’s salt to see if it matches the hash made with the username input.</p>
<p>So, here’s the overview:
The username will be generated, then stored <em>after</em> being salted and hashed.
The salt will be a fixed or rolling salt across all usernames to avoid linear scaling of searching for a user.
The server will only see the username once, when sending it to the user for them to save for the first time;
there will be no database entry with the original username in it.</p>
<p>This does mean that if the username is lost, the account is lost too. There is no way to recover the account.</p>
<p>There are a few options for passwords/secret keys.</p>
<p>I think the best is to treat it similarly to the username is above, except it will <em>not</em> be generated for you.
When a new account is generated, you will be taken to a password reset screen where you will set your password to whatever your want, using your own secure system to handle it.
This is ideal for Linux and tech enthusiasts as they generally already have a password management system setup.</p>
<p>This will also be salted, with its own unique salt, then hashed and stored alongside the username.</p>
<h3 id="active-time-remaining">Active Time Remaining</h3>
<p>It is easy and ideal to have a field connected to a user with their expiry date for their account.
When a payment is made, this date will be increased by the number of days, hours and minutes proportional to the payment received.</p>
<p>This is the second biggest threat to the users’ data privacy, as this, by definition, cannot be encrypted as my server needs access to this data to decide whether a user should be allowed to: view a list of VPN nodes available to them or connect to a VPN.
The best I can do in this case is make sure the database and root hard disk are fully encrypted with a password on boot so if asked for data I can simply shut it down.</p>
<p>This is not a fantastic solution, and still has the threat of a service provider snooping in on the database.
The truth is: a service provider has root access to any machine it hosts.
This necessitates that the <em>physical</em> infrastructure hosting the central database server must by physically owned and operated by the VPN operator.
In addition, it means top security root passwords, tamper resistant cases (in the case of a co-hosting or server room environment), sensors to indicate it has been opened or touched.
If you thoughts this was bad, wait until the next part.</p>
<p>In order to stop a user from simply using the entire bandwidth of all my VPN nodes available to them, I need a way to know how many active connections the user has.
This is <em>by far</em> the biggest issue in terms of user privacy.
There are a few options here:</p>
<ol>
<li>Do not have a limit on the number of connections a user may have. This is dangerous from a DDoS (distributed denial of service) perspective.</li>
<li>Have a list of connected users sent to the central server every 15 to 30 seconds. This is fairly efficient, but more privacy invasive.</li>
<li>???</li>
</ol></content><author><name></name></author><summarytype="html">Recently I’ve been thinking about starting a VPN service. This service has some interesting requirements that I have never seen a VPN service do before, so I’d liKe to put down my thoughts as to what might be sensible for a centralized by encrypted VPN service.</summary></entry><entry><titletype="html">Pinebook Pro, The Ultimate ARM Laptop</title><linkhref="http://localhost:4000/2021/06/02/pinebook-pro/"rel="alternate"type="text/html"title="Pinebook Pro, The Ultimate ARM Laptop"/><published>2021-06-02T00:00:00-06:00</published><updated>2021-06-02T00:00:00-06:00</updated><id>http://localhost:4000/2021/06/02/pinebook-pro</id><contenttype="html"xml:base="http://localhost:4000/2021/06/02/pinebook-pro/"><p>I recently got my Pinebook Pro.
It was more expensive than I was expecting, coming in at (including shipping and handling) C$335.
I always forget the exchange rate and assume it’s similar to the U.S. dollar, but it never is, haha!
Anyway, this is just my first impressions and what I did to fix a few issues.</p>
@ -864,12 +973,4 @@ I hope that this helps you with getting the general idea of a Minesweeper game.
The completed version of this game is available on my <a href="https://lamegames.tait.tech/">lamegames</a> site.
Let me know what you think!</p>
<p>Happy hacking!</p></content><author><name></name></author><summarytype="html">When I was creating a little Minesweeper game, I got confused at some points. My bomb generation didn’t look quite right, and I for sure didn’t quite get the whole cascading tile reveal thing. With a bit of internet research, I found what I was looking for. I’ll explain it all in one place for my own research purposes.</summary></entry><entry><titletype="html">lamegames.tait.tech</title><linkhref="http://localhost:4000/2020/09/09/lamegames/"rel="alternate"type="text/html"title="lamegames.tait.tech"/><published>2020-09-09T00:00:00-06:00</published><updated>2020-09-09T00:00:00-06:00</updated><id>http://localhost:4000/2020/09/09/lamegames</id><contenttype="html"xml:base="http://localhost:4000/2020/09/09/lamegames/"><p>This is an announcement for a new project of mine:
<p>This is something I’m really excited to work on!</p>
<p>Right now, I’ve just got a rock-paper-scissors game.
A chat function, and a few simple card games to come.</p>
<p>Check out the repository on my <a href="https://github.com/TTWNO/lamegames.io">Github</a>.</p></content><author><name></name></author><summarytype="html">This is an announcement for a new project of mine: lamegames.tait.tech.</summary></entry></feed>
<p>Happy hacking!</p></content><author><name></name></author><summarytype="html">When I was creating a little Minesweeper game, I got confused at some points. My bomb generation didn’t look quite right, and I for sure didn’t quite get the whole cascading tile reveal thing. With a bit of internet research, I found what I was looking for. I’ll explain it all in one place for my own research purposes.</summary></entry></feed>
@ -62,6 +62,29 @@ Guaranteed to be accessible.</p>
<p>Just an idea.</p>
<h2id="3-3d-printing-of-google-mapsopenstreetmaps-data-for-the-visually-impaired">3. 3d printing of Google Maps/OpenStreetMaps data for the visually impaired.</h2>
<p>A larger project, to be sure, but one I think could be of interest.
Imagine being able to download some data from Google or OpenStrretMaps,
then put it into a program and have it generate a 3d map which can be printed.
Unsure what to do, as the braille overlay on top of the streets and important buildings, etc. needs to be of a uniform size (braille cannot be scaled) but the buildings, streets, and parks do need to be scaled in size.</p>
<p>I think for beginning, forget the braille entirely and simply product a map.
This can be done in the STL file format or some intermediary if that is easier.
Roads will have a slight border on the side,
parks will have a diamond texture,
buildings will have slight rectangular borders (slightly wider than the roads),
paths will be a thin line, and the label for the path will need to extend the thin line into a (rounded) rectangle with text on it.</p>
<p>Start with roads.
Get a road, get it to generate the correct shape.
Then add a border around the side.
Then, add 4 more roads and figure out how to intersect them.</p>
<p>If it can be done on a display, it can be done in a file.</p>
<p>Start with that. Wow what a daunting project!</p>
@ -33,3 +33,26 @@ I'm thinking of similar key commands to Orca/NVDA but output is send to the term
Change backend on-the-fly with a page reload. So if a website doesn't work with Webkit, load it in Firefox with a key command.
Just an idea.
## 3. 3d printing of Google Maps/OpenStreetMaps data for the visually impaired.
A larger project, to be sure, but one I think could be of interest.
Imagine being able to download some data from Google or OpenStrretMaps,
then put it into a program and have it generate a 3d map which can be printed.
Unsure what to do, as the braille overlay on top of the streets and important buildings, etc. needs to be of a uniform size (braille cannot be scaled) but the buildings, streets, and parks do need to be scaled in size.
I think for beginning, forget the braille entirely and simply product a map.
This can be done in the STL file format or some intermediary if that is easier.
Roads will have a slight border on the side,
parks will have a diamond texture,
buildings will have slight rectangular borders (slightly wider than the roads),
paths will be a thin line, and the label for the path will need to extend the thin line into a (rounded) rectangle with text on it.
Start with roads.
Get a road, get it to generate the correct shape.
Then add a border around the side.
Then, add 4 more roads and figure out how to intersect them.
If it can be done on a display, it can be done in a file.
Tait Hoyem
3 years ago