HN Gopher Feed (2017-10-28) - page 1 of 10 ___________________________________________________________________
Orchid: a new surveillance-free layer on top of the existing
Internet
43 points by apsec112
http://orchidprotocol.com___________________________________________________________________
halite - 6 minutes ago
When are they doing ICO!?
anotheryou - 1 hours ago
buzzwords I see. what does it do?
jv22222 - 1 hours ago
From the FAQ:The Orchid protocol uses an overlay network built
upon the existing Internet, which is driven by a peer-to-peer
tokenized bandwidth exchange.The orchid protocol is an open-
source overlay network that runs on top of the Internet. Its
fully decentralized, because rather than traffic being routed
through central authorities?your ISP or your VPN?it?s instead
routed randomly through a network of bandwidth contributors who
sign up to share their surplus bandwidth and activate their
Internet-connected device as a ?node.?Users that want to access
an uncensored Internet (bandwidth consumers) pay the bandwidth
contributors in Orchid tokens through a peer-to-peer exchange.
Because neither the traffic nor the payments can be monitored by
central authorities, both contributors and consumers of bandwidth
enjoy a fully anonymous, surveillance-free experience.Also of
note:Who are the founders?Stephen Bell: Steve started companies
in Europe, the U.S., and China before founding Trilogy VC China,
where he spent 10 years backing Chinese seed stage startups.Brian
J. Fox: Brian is an entrepreneur and open-source advocate, the
first employee of the Free Software Foundation, and the author of
the GNU Bash shell.Jay Freeman: Jay is a software engineer and
the developer of the Cydia software distribution platform used on
millions of jailbroken iOS devices.Gustav Simonsson: Gustav is an
engineer and developer who helped launch Ethereum in 2015,
working with core protocols, clients, and security auditing.Dr.
Steven Waterhouse: Steven is an experienced investor and
entrepreneur, having co-founded RPX Corp, led cryptocurrency
projects at Fortress and Pantera Capital, and the Honeycomb
product at Sun Microsystems.[Edit] I _think_ they are trying to
create something like Etherium but for decentralized internet.
diaperIITB - moments ago
How is the route decided? If it uses a centralized server for that,
then wouldn't it be easy to block that.
qeternity - 1 hours ago
They call it a protocol but this is very much a startup/ICO, having
raised nearly $5m in seed. Not that there is anything wrong with
this, it seems like a very cool project. But it does seem to be
very intentionally presenting itself as something that is closer to
a not-for-profit a la Tor.
saurik - 34 minutes ago
It is maybe worth noting that we had actually looked into whether
we could be registered as a non-profit and still raise money by
these means to build out our implementation and market it to the
world, and that was simply not possible :/. We are, however, all
deeply committed to open source, and are working on how to best
ensure that this is enforced in the company's charter (such that
even if there are any future changes, there will never be any
fear).All of our work is to be released under the AGPL3; and,
while we have filed for a patent, we will be licensing the patent
to the world in a manner similar to how Mozilla manages their
patent portfolio. Brian Fox, who is in charge of making sure we
have a successful and inclusive open source project, was the
original developer of the bash shell, was for a while the
maintainer of GNU emacs, and was the first employee of the Free
Software Foundation (as Richard Stallman was a volunteer), and so
is keenly aware of how important it is for technology to be
available to everyone.
saurik - 43 minutes ago
Hello! My name is Jay Freeman (saurik), and I was both deeply
involved in the design of Orchid's protocol as well as in charge of
the initial implementation of the networking and routing logic, and
am happy to try to answer any questions people might have about
what we are working on!
modeless - 3 minutes ago
The FAQ says you can break through the Great Firewall of China. I
believe that you can in some limited way now by flying under the
radar, but I absolutely do not believe you could maintain that
ability if this became widely used and targeted specifically by
the authorities. What would you do if they started really
cracking down on Orchid?
em3rgent0rdr - 1 minutes ago
Whitepaper abstract says you use "A blockchain-based stochastic
payment mechanism with transaction costs on the order of a
packet". But how is such a blockchain transaction scalable to
the entire internet when considering that it does a transaction
for every packet?
someguydave - 36 minutes ago
How do you solve the problem of penetrating NATs and firewalls
without relying on a central coordination server?
saurik - 13 minutes ago
If I understand your question correctly, and you are looking at
"how do we do hole punching and NAT traversal without a way to
get your canonical external IP address", in addition to
techniques that don't require that kind of functionality (such
as modern routers with UPnP port forwarding support), other
nodes on the network can run something analogous to ICE servers
(we have yet to decide if it should literally be STUN or if we
need to integrate it into the security model), so all you will
need is the address and public key of another node (which you
will need anyway in order to connect to the network).
woodandsteel - 32 minutes ago
Is this anonymous like tor or i2p? if so, how do you do it?
saurik - 2 minutes ago
That is a very broad question that I keep looking back to and
thinking "I'll answer other questions and get back to this one
;P", but I'm thinking maybe I should simply refer you to the
almost 50-page whitepaper on our website. I am here to answer
any questions you might still have (and I totally believe you
will, as that whitepaper is a
draft)!https://orchidprotocol.com/whitepaper.pdf
xwvvvvwx - 40 minutes ago
This is a funded startup.How do they intend to make money?
kirillseva - 34 minutes ago
ICO
saurik - 21 minutes ago
Not exactly, though I can appreciate why it might seem like
that at first glance; we are selling a "utility token". This
distinction is interesting and important as we are not selling
a token to raise money to do development, instead having taken
on seed investors to help us get the right team of developers
and advisors to do this initial build out. The sale of tokens
will be made after we have this network fully working and
launched, meaning that we are really targeting a group of
people you might call "customers" who will buy bandwidth tokens
(as opposed to "investors", which is the target market of an
ICO).
HelloNurse - 23 minutes ago
Sustainability isn't even the greatest concern: where there are
customers (people who pay for access to the network) there is a
database of customers (in order to allow authentication) that has
to be kept out of the grasp of government agencies.
saurik - 16 minutes ago
Actually, that's the great part about what we are doing: it is
all built on Ethereum, so there is no centralized database, and
the users are generally pseudonymous! OK, you might then say
"isn't that just a decentralized database?", but in addition to
a form of "probabilistic micropayments" that ends up shrouding
most of the participants, we are also working on integrating
other techniques to make the payments fully anonymous (and have
brought on a team of advisors which includes a professor of
cryptography who specializes in this area).
woodandsteel - 34 minutes ago
The FAQ says"Bandwidth contributors simply install Orchid and
activate their Internet connected device as a node - either as a
relay or proxy - and then they set permissions like sites they want
to blacklist or whitelist, and they earn tokens into their Orchid
wallet for sharing their bandwidth."So hopefully the blacklisting
will eliminate the problem of nasty content that plagues anonymous
networks like Tor.
zzalpha - 31 minutes ago
How so? If it's under individual control, you'll just end up
with sub-networks where people will agree to distribute that type
of content.You cannot pair anonymity and security with
censorship. They are fundamentally incompatible. So either
accept that nasty content will be out there, or acknowledge that
you don't actually want perfect anonymity and security.
saurik - 4 minutes ago
FWIW, if you look at Tor, Facebook now runs a hidden service
that allows people to access Facebook's website. This is
essentially the same thing as someone having provided a number
of exit nodes that will only route to Facebook. The problem,
though, is that this requires the client and maybe even the
website to be modified to use the .onion URLs for all accesses
back to the site (at least, any absolute URL on the site back
to the site will cause a problem). I will personally contend
that it is worth it to allow Facebook to do this, or to allow
anyone to do this for any website, in order to get more people
using the network for everything, as the more users you can get
using the service to do normal traffic the more easily you can
hide everyone.This is particularly noticeable given that in
some countries, such as the United States where I live, simply
accessing the Tor website to download Tor will end up flagging
you for further monitoring. If Tor had only as many users and
exit nodes as it does right now, but additionally had, for
example, a billion people in China accessing Wikipedia through
exit nodes that refused to go anywhere but Wikipedia, that
makes a world of difference. As it stands, people are actually
actively discouraged and even shamed for using Tor to access
random websites or ones that use a lot of bandwidth, as that
means that they are using (or even "abusing") a limited amount
of donated bandwidth that somehow needs to be reserved for
those who "really need it" (and thereby, will be targeted just
for that).https://motherboard.vice.com/en_us/article/d73yd7
/how-the-ns...
saurik - 30 minutes ago
That is absolutely our intention! While users who run nodes can
choose to forward content to anywhere on the Internet, we want to
provide people a feeling of control over the usage of their
bandwidth, as we believe that (along with being paid to forward
traffic!) will increase the number of people who are willing to
provide bandwidth to the service. Being able to say "I am only
willing to help users get to Wikipedia, or the New York Times" is
something that we think is very important to being able to have
enough people using the service to provide the levels of security
needed for everyone on the network.
throwawaysml - 25 minutes ago
For that purpose I would think optional whitelisting would make
more sense. Instead of spyware lists you subscribe to in uBlock
Origin, you would subscribe to a vetted, whitelist of known to be
generally acceptable Orchid content.Others might want to have
empty filter list to be a complete transit/peer.Therefore I don't
think there's much room for users who want to blacklist but are
not rather looking for a whitelist.The blacklist will grow and
grow, while the whitelist size will be pretty stable.That said, I
haven't used it, so the implemented blacklist approach might
already support the above cases and be sufficient.
saurik - 19 minutes ago
FWIW, as the person who has been doing the initial
implementation, I can tell you that we currently only have a
whitelist. I can appreciate why the person who was editing the
FAQ for the website put in the world "blacklist" as it makes
the sentence flow really well, but I agree with you about the
issues (and there are also problems doing the distributed
hashtable search to find nodes that don't have some property
rather than ones that do have some property). I will poke about
this to see if I can get it changed ASAP!
kirillseva - 16 minutes ago
If you're only using a "stable whitelist" of websites on the
internet then you're not the target audience
zzalpha - 33 minutes ago
How is this different from Freenet or Tor?
saurik - 28 minutes ago
Freenet builds its own domain of content where people post
websites that are hosted in a distributed fashion by the
platform. What we are working on with this initial implementation
is a fully-decentralized tunneling service to access existing
content posted on the internet (so if you were to compare it to
an existing technology, you might look at Tor, or the "out-
proxies" from I2P).
zzalpha - 23 minutes ago
So what are the benefits over Tor?
HelloNurse - 5 minutes ago
It seems intended to be more anonymous and decentralized than
Tor, and safer thanks to the strength of numbers, but their
whitepaper is diseharteningly incomplete and disingenuous,
particularly about problems that are shared with Tor.For
example:"The distribution of Entry Nodes is a difficult
topic. If oppressive governments are able to access this
list, they will block user?s abilities to access the list."Or
simply, you know, go after whoever runs entry nodes. Or run
their own entry nodes and, even if they can't compromise the
network, trace the evil cypherpunks who want to use
encryption.Unfortunately, some practical and political
problems cannot be solved with improved cryptography.
natch - 31 minutes ago
Very interesting. Visited Noisebridge a while back and there was a
post on the door telling visitors what to do when the FBI visits to
ask about the TOR exit node. I wonder how this tool avoids the exit
node problem.Also, from the FAQ:>Can't NSA just hack into this
too?>No. Because of its fully decentralized approach, distributed
architecture, and the size of the global network, Orchid cannot be
easily hacked by any single government or entity.That's not really
a satisfactory answer. First, it doesn't answer the question. The
question was not "can NSA easily hack into this." And I don't think
the NSA is necessarily deterred by something being not easy. The
bar needs to be higher than not easy, even if "not easy" is a
polite understatement. Also relying on the size of the network
means there is a bootstrapping problem, right? Hopefully they will
get there.This doesn't mean the system is bad... I'm just saying
the FAQ answer is bad.On the positive side, given the cred of some
of the people involved (saurik!) I am optimistic this may well have
a shot at working.
saurik - 26 minutes ago
Ugh. FWIW: we agree. That FAQ answer was rewritten, and it failed
to go on the website.Here is the updated text that was written a
couple nights ago by one of the people who helped design the
protocol with me after being confused by the answer on the
website.> Yes. Our initial release targets China as the
adversary, which is a more tractable problem. We may implment
full Chaumian mixes in the future (which are immune to
metadata/traffic analysis), but they are unlikely to be complete
for our first public release.
dharma1 - 23 minutes ago
the project seems very cool. related:
https://medium.com/@stevewaterhouse/how-token-sales-can-be-a...
jampekka - 9 minutes ago
So the business plan is to become the oligarchs of the new network?
g_simonsson - moments ago
Hopefully not! Ideally token allocations are fair and do not skew
ownership towards any individual or entity while still providing
good incentives (we're still working on figuring out what good
allocations look like)