
Orchid: a new surveillance-free layer on top of the existing Internet - apsec112
http://orchidprotocol.com
======
saurik
Hello! My name is Jay Freeman (saurik), and I was both deeply involved in the
design of Orchid's protocol as well as in charge of the initial implementation
of the networking and routing logic, and am happy to try to answer any
questions people might have about what we are working on!

(edit:) g_simonsson, who now has an account on Hacker News and has joined this
thread, is Gustav Simonsson, another developer working on this project in
charge of our smart contracts and payment logic. He was one of the core
developers who worked on Ethereum, specifically focussing on blockchain
security.

~~~
Ao7bei3s
1\. Based on the paper, it seems ORCHID by itself (without bandwidth burning.
not sure if this is trivial to get right. is there tooling?) is as vulnerable
to traffic correlation attacks as one might expect. Are there any other known
weaknesses? I would expect a "limitations" section in red letters on the front
page, instead of the nebulous and likely wrong "the NSA can't hack it either"
claim.

2\. Given that todays secure overlay networks generally offer extremely bad
performance in the Mbit region compared to using the underlay where 10G
uplinks are becoming widespread for servers, and the extra hops increase
latency, do you think secure overlays will ever be near enough to underlay
speed to become widely used? Do you have experience how well ORCHID scales up?
And out?

[edit: Don't mean to sound too harsh. I am very glad you're doing work in this
area.]

~~~
saurik
1) First off, as a fast apology and as mentioned lower in this thread, that
FAQ answer about the NSA was rewritten two nights ago and failed to end up on
the website; the updated answers have now been pushed (to say "Yes", actually,
as the first sentence, instead of "No" with a qualification that essentially
changes the answer to "well, yes").

That said, you are absolutely correct, and my colleague and long-time friend
David Salamon (the person who has been the lead author of the whitepaper)
wants that to be very clear. We _are_ implementing bandwidth burning (and are
even discussing some interesting extensions of this scheme involving both
Turing-complete-w/-limited-execution-time programmable bandwidth burning as
well as a form of global bandwidth burning), so whether you call that a "known
weakness" for all of Orchid or not is slightly confusing ;P.

When we have actual software that someone could possibly use I am going to be
pretty adamant that there are good disclosures in the UI with respect to the
security tradeoffs, and for right now the whitepaper goes into extreme lengths
to qualify what is or is not possible, in our current understanding, with and
without bandwidth burning in place. (We are also looking into taking aspects
of the algorithm and building it out with a proof assistant to have even
greater assurances.)

2) One place where Orchid will hopefully shine (in the future tense, as this
part is decidedly not yet implemented) is that we are working to allow
multiple routes to/from the destination exit node using a scheme similar to
MPTCP, which solves a lot of the bottleneck issues you normally find running
through an overlay network.

~~~
tribler
please note that we at Delft University of Technology have been working on a
similar bandwidth-as-a-currency system since August 2007.

BBC New article from 2007:
[http://news.bbc.co.uk/2/hi/technology/6971904.stm](http://news.bbc.co.uk/2/hi/technology/6971904.stm)
Running decentral market code and tech portfolio:
[https://github.com/Tribler/tribler/wiki](https://github.com/Tribler/tribler/wiki)

Notes after reading your whitepaper, latency and complexity matter. We copied
the Tor packet layout and deployed a simple NAT puncture method to avoid
difficulties. Your proposed approach looks like many years of work.

------
qeternity
They call it a protocol but this is very much a startup/ICO, having raised
nearly $5m in seed. Not that there is anything wrong with this, it seems like
a very cool project. But it does seem to be very intentionally presenting
itself as something that is closer to a not-for-profit a la Tor.

~~~
saurik
It is maybe worth noting that we had actually looked into whether we could be
registered as a non-profit and still raise money by these means to build out
our implementation and market it to the world, and that was simply not
possible :/. We are, however, all deeply committed to open source, and are
working on how to best ensure that this is enforced in the company's charter
(such that even if there are any future changes, there will never be any
fear).

All of our work is to be released under the AGPL3; and, while we have filed
for a patent, we will be licensing the patent to the world in a manner similar
to how Mozilla manages their patent portfolio. Brian Fox, who is in charge of
making sure we have a successful and inclusive open source project, was the
original developer of the bash shell, was for a while the maintainer of GNU
emacs, and was the first employee of the Free Software Foundation (as Richard
Stallman was a volunteer), and so is keenly aware of how important it is for
technology to be available to everyone.

~~~
awakeasleep
This is.. very exciting & excellent :)

------
natch
Very interesting. Visited Noisebridge a while back and there was a post on the
door telling visitors what to do when the FBI visits to ask about the TOR exit
node. I wonder how this tool avoids the exit node problem.

Also, from the FAQ:

>Can't NSA just hack into this too?

>No. Because of its fully decentralized approach, distributed architecture,
and the size of the global network, Orchid cannot be easily hacked by any
single government or entity.

That's not really a satisfactory answer. First, it doesn't answer the
question. The question was not "can NSA easily hack into this." And I don't
think the NSA is necessarily deterred by something being not easy. The bar
needs to be higher than not easy, even if "not easy" is a polite
understatement. Also relying on the size of the network means there is a
bootstrapping problem, right? Hopefully they will get there.

This doesn't mean the system is bad... I'm just saying the FAQ answer is bad.

On the positive side, given the cred of some of the people involved (saurik!)
I am optimistic this may well have a shot at working.

~~~
saurik
Ugh. FWIW: we agree. That FAQ answer was rewritten, and it failed to go on the
website.

Here is the updated text that was written a couple nights ago by one of the
people who helped design the protocol with me after being confused by the
answer on the website.

> Yes. Our initial release targets China as the adversary, which is a more
> tractable problem. We may implment full Chaumian mixes in the future (which
> are immune to metadata/traffic analysis), but they are unlikely to be
> complete for our first public release.

~~~
matt4077
Would you consider changing "China" to something like "Chinese government"?
Or, if I'm understanding it correctly, maybe something like "Our initial
release operates with a threat model of an authoritarian government's internet
censorship, such as those seen in China, Turkey, or Russia."

~~~
saurik
I agree with this edit and have made a similar change, pushed it to our
server, and are poking others for review. Thank you for your feedback: that is
a much clearer answer (as otherwise it sounds like China is hacking into
places as opposed to "we mean their firewall").

------
kodablah
I understand the plan is to be open source, but can someone help me understand
why it's not developed in the open? I mean, you can tell people you're not
accepting external input at this stage, but why not let people watch it being
developed? I can't think of any reason that doesn't make me think that the
goal may be openness/transparency but not the practice. Or did I miss the link
to the repo?

~~~
yyzhero
There is no code. This is a cash grab. The author politely states they needed
review of white paper concepts, so no they are not sure it will even be worth
writing. The idealology of decentralization also reforms the patent system, so
this project will fall like other over hyped icos, will get normalized on
listing. Probably a huge discount for "seed".

~~~
saurik
Yet... there has been no monetizaton mechanism described that doesn't involve
us releasing code, as we have been very clear that we refuse to do a token
sale until such time as we have a fully working system. So, I am not sure how
your theory works out here, but it will be interesting to see if you comment
back here once we release code for you to actually run.

As for why we want whitepaper feedback: that is because we believe in peer
review of design.

------
confounded
Why were venture capitalists interested in funding this?

What do they get out of it?

How and when do you intend to ‘exit’?

(Apologies for the skeptical tone, I think this seems like a cool idea.)

~~~
g_simonsson
Good question, especially since we made it clear to them that we have no
business model and no plans to ever have one.

There is a fixed number of Orchid Tokens that are used for payments within the
network of relayed traffic (source nodes pay relay and exit nodes).

The only way for anyone to gain financially is for these tokens to appreciate
in value, which is tied to the utility of the network.

So there's no exit, rather it's a continuous token incentive for all
stakeholders similar to the Ethereum network which was funded by selling the
promise of future tokens.

~~~
QAPereo
_The only way for anyone to gain financially is for these tokens to appreciate
in value..._

Sounds like a security.

------
bmc7505
> This would be a disruptive inconvienance [sic] for Chinese business people,
> deeply effecting [sic] commerce, as well as quality of life for the average
> Chinese citizen.

This sentence has two typos. It should be changed to:

> This would be a disruptive inconvenience for Chinese business people, deeply
> affecting commerce, as well as quality of life for the average Chinese
> citizen.

But TBH, stating that the lack of WebRTC or VPS web hosting would, "deeply
affect the quality of life for the average Chinese citizen," seems like
hyperbole. Maybe:

> This would be a disruptive inconvenience for Chinese business people, deeply
> affecting commerce and web access for millions of Chinese citizens.

~~~
saurik
You caught this answer right before it was updated with a much longer answer
that I had written a couple days ago (and which fixes at least one of those
typos). Would you mind reviewing it to see if you still think it is a stretch?

------
paradite
> we believe will force anyone trying to block our traffic to end up blocking
> large areas of the internet--such as every server being hosted on Amazon Web
> Services--which would cause a serious problem for Chinese business people,
> deeply affecting commerce, as well as quality of life for the average
> Chinese citizen.

Not really. China has several replacement solutions for AWS. Ali Cloud, Baidu
Cloud, etc.

It would just mean blocking a few more websites hosted on AWS and used by
Chinese people, GitHub maybe? Then again, it is easy to build a GitHub clone
within China with the decentralized (irony much?) git protocol.

~~~
saurik
We believe, as do many people as far as I have seen, that if a country like
China could block the entire world of Internet, they would. Regardless: I
consider it my mission to make them have to seriously consider doing just
that, and if I read a news report saying "in a shocking turn of events, China
has decided to cut off all access to the Western Internet in an attempt to
shut down Orchid", I will consider myself to have won that round, not lost ;P.

~~~
paradite
> I will consider myself to have won that round, not lost ;P.

If fame and victory are what your company is going after, instead of taking
care of your potential users, then I am sorry that you won't have my support.

Btw, thank you for creating cydia if you were the author.

~~~
saurik
To "win" here means "win a battle on the road to an Internet free of
surveillance". I (personally) firmly believe that if China were to do that,
that the people would not stand for it; any form of "half solution" or
"compromise position" where the Chinese govnerment can block just enough to
remove access to material that bothers them while only minority
inconveniencing users, is a world in which this form of freedom is actually
less likely, as people are willing to tolerate a sad lot before try finally
snap back :/.

It is also worth noting that if they went that far, at least some of the other
Western countries that are currently willing to tolerate their seemingly-
limited control over the Internet would no longer feel comfortable standing
idly by and might have to start making resolutions against them. Again:
forcing that chess move from them would, in my (personal) book, be a strong
win in this fight.

FWIW, you seem to be taking a very short-term definition of "taking care of
your potential users" that I have sometimes seen in attempts to make excuses
for Apple over the past decade of my work on Cydia (such as when I have stated
that one of my "win conditions" for Cydia Impactor is for Apple to remove
entirely the Free Developer profile system), and I (personally: I do not speak
for anyone else on my team when I say this) do not feel the loss of your
support on this particular day (though maintain hope that in a few years you
will thank us as you have now me for Cydia).

~~~
paradite
I think you might have misunderstood what I mean by "taking care of your
potential users". It is not a short-term definition. On the contrary, I want a
long-term solution, where users trust the platform that your company provides,
trust that your company will be there for the users when Chinese government
bans your software, instead of celebrating the ban as a success and call it a
day (like what Google did).

To celebrate the banning of your platform would be what I call a short-term
solution, because in the long run, it is merely a temporary attempt at solving
the problem, that people will eventually forget when a long-term solution
prevails. Chinese people, from all spectrum of political views alike, do not
thank Google for exiting China, because it does not solve their problem. The
act merely throws the problem into limbo state awaiting for other people to
solve.

Also, I think you mixed up "support" and "gratitude". I thank you for creating
Cydia as well as attempting to solve this problem with surveillance and
censorship, as always. However, I disagree with your approach and therefore
will not support this platform unless I can see that you have something bigger
in mind beyond "celebrating being banned".

~~~
saurik
What you are asking for--somehow being immune to China deciding to ban the
_entire Internet_ \--is an apology for China's behavior and fundamentally,
plain and simple.

After all, what is the alternative? In the case of Google, the other option
you seem to think is reasonable is for them to censor themselves... but that
_is_ a loss... that is in fact the _primary loss condition_.

That said, was Google leaving China the same kind of win for the Internet as
what I am even talking about? No, because Google is but one company. My win
condition is "China is forced to block some incredibly large percentage of the
entire Western Internet", not "they block us" or "they block a few websites".

Google gave up long before I would say they won: their next step should have
been to start doing exactly what we are now doing, shipping it as part of
Google Chrome, and figuring out ways to distribute copies of the software in
China.

There is a big difference between "celebrating being banned" and "celebrating
your opponent being forced to make the difficult decision between salting
their own earth to keep you from invading or accepting defeat".

This is all particularly the case given that my argument is rather consistent
here that that won't happen: that China can't do that, as that is just too
drastic of a move and it will cost them the support of businesses, citizens,
and governments.

As for your final paragraph, every single decision made about Cydia was made
within this moral framework... one which you do not support. You either should
not be thanking me for what I did while working on it if you fundamentally
refuse to support my methods and goals.

Honestly: it sounds like you would have preferred a world where I built a
centralized Cydia and allowed Apple's censors access to the catalog... that
completely misses the point of Cydia, so I don't know what you possibly
wanted. With this attitude I not only don't feel the need to have you support
Orchid, I would like to hand you back your false gratitude for Cydia :(.

------
woodandsteel
The FAQ says

"Bandwidth contributors simply install Orchid and activate their Internet
connected device as a node - either as a relay or proxy - and then they set
permissions like sites they want to blacklist or whitelist, and they earn
tokens into their Orchid wallet for sharing their bandwidth."

So hopefully the blacklisting will eliminate the problem of nasty content that
plagues anonymous networks like Tor.

~~~
throwawaysml
For that purpose I would think optional whitelisting would make more sense.
Instead of spyware lists you subscribe to in uBlock Origin, you would
subscribe to a vetted, whitelist of known to be generally acceptable Orchid
content.

Others might want to have empty filter list to be a complete transit/peer.

Therefore I don't think there's much room for users who want to blacklist but
are not rather looking for a whitelist.

The blacklist will grow and grow, while the whitelist size will be pretty
stable.

That said, I haven't used it, so the implemented blacklist approach might
already support the above cases and be sufficient.

~~~
kirillseva
If you're only using a "stable whitelist" of websites on the internet then
you're not the target audience

~~~
throwawaysml
I know what you mean, but for this to be more widely used than Tor there is a
need for me to know that nodes I operate only process stuff that won't be
identified by 3rd party to sue me into a jail or financial ruin.

When I say whitelist, I do assume prefixes in the DHT (or whatever design
they're using) can be used, as otherwise the whitelist may also grow too big
to be practical. If however it will gain the concept of domains or such (which
is also kinda a prefix), a whitelist will also be more practical.

Tor exit nodes are not operated by many in various places where they
would/could because of concerns of the exit node addresses being enough to
legally ruin operators' lives, even though technically it's a pure transit.
Nobody sues the county because someone committed vehicular manslaughter on
their public road. But because laws are skewed against the Internet right now,
all someone needs is an exit node IP to make you regret.

If, and there's little to analyze/go by right now public, nodes and everyone
is totally oblivious to what packets are transmitted; and if also the packets
stored on nodes' disks are encrypted/sealed, then one could assume a
filterless system to be practical.

This is all speculation, based on the little info there is. I really hope the
team has come up with better designs that obliviate the concerns surrounding
Tor, and ideally also not suffer from Freenet like slowness.

EDIT: Of course, once you have a filter, you will need to deal with the
responsibility like Youtube does. If you do not know what's on disk or passing
through, which is the ideal technically, then it would be best for the
Internet and free communication. So, I'm not sure if a filter is a good idea,
if that means you get subpoena'd and held liable for enabling one too many
whitelist subscriptions.

------
Sniffnoy
Regarding the alternative approaches section (which I'm assuming when complete
will include an actual comparison to these alternative approaches?), another
alternative approach you might want to mention is that improved mixnet
approach that people were talking about last year, that once set up is
supposed to be faster than Tor, or maybe mixnets in general since they seem to
have a long history.

Edit: Riffle, that's what it was called:
[https://en.wikipedia.org/wiki/Riffle_(anonymity_network)](https://en.wikipedia.org/wiki/Riffle_\(anonymity_network\))

------
keyboardhitter
Thank you very much for taking time to thoroughly answer questions. that
combined with whitepaper and faq has left a very good impression to me, both
socially and technologically. Best of luck to your team!

------
noddy1
The liquidity offered by the token model means that early VC/hedgefund backers
often get heavily discounted tokens in the presale, and can then turn round a
month or two later and dump a portion of their tokens on public investors for
a sweet profit or to mitigate their own risk.

Polychain did this with 0x project:
[https://www.reddit.com/r/0xProject/comments/6w3zv0/0x_being_...](https://www.reddit.com/r/0xProject/comments/6w3zv0/0x_being_dumped_by_polychain_capital/)

The effect was attenuated in this case by the success of the project, however
in lower performing ICO's like Kik's Kin, where the market price is 50% of
public sale price or less, big early investors dunking on public token sale
participants feels pretty wrong.

In addition to this, VCs are also often playing a role in promoting public
sales shortly after their own pre-sale investments, without disclosing their
own discount or terms of obtaining tokens. Its kinda like telling people to
buy a bunch of stock at $10 when you bought all yours last week for $5 and
you're keen to dump a portion of them for $15.

[https://medium.com/@rzurrer/raiden-fundamental-
infrastrucutr...](https://medium.com/@rzurrer/raiden-fundamental-
infrastrucutre-led-by-a-great-team-96c725fba9de)

It may be legal, you may think it's their right, and to be fair there is risk
involved in being an early backer in a potentially failed project, however it
is something to think about.

------
throw2016
This is needed but there should be more insight into the current surveillance
problem and how Orchid solves it. This seems to be focused on China.

Because surveillance is a potentially serious problem, it should not be used
cynically to market some new product that just adds another layer but doesn't
really solve the problem.

For the average person its not China or Russia but their own state that is a
bigger problem as they have power over them and can interfere with activism,
journalism, dissent etc. The intensive profiling by Google, Facebook and
others is another problem.

Was the Internet designed to be anonymous? Governments control access and can
stomp down at will. ISPs and telcos know who you are, server and vpn providers
know who you are, Facebook and Google have a lot of data on you. Only the very
committed and technically adept can perhaps attempt any sort of anonymity.

Something like Musk's satellites with some basic free access may perhaps be
the first of many steps to some kind of anonymity.

------
ve55
There's a lot of projects that sound exactly like this. What they all have in
common is that they all use an Ethereum (ERC20/22) token and all have very
large amounts of money flowing into them, from private investors, companies,
ICOs, etc.

It would be nice to see more projects take routes that projects like tor take,
where the founders do not accept millions of dollars of money before they even
have a working and complete protocol.

Ethereum has some amazing potential and technology behind it but I lost
interest in this the second I saw they had already raised $5M and haven't even
done their ICO yet. Their FAQ section seems woefully incomplete given this
amount of money.

~~~
ddevault
Check out cjdns for a less stupid, less blockchain BS take on fixing the
internet.

[https://github.com/cjdelisle/cjdns](https://github.com/cjdelisle/cjdns)

~~~
TeMPOraL
One question I still haven't found answer to: what's with the name? What does
it mean / why is it the way it is?

Should it be read as CJ DNS, i.e. something to do with DNS? Or CJD (author's
initials) NS (??? again, name server?)? C (?) J (JavaScript/Node) DNS?

Related, what the hell it is, actually? You say in other comment that it's a
mesh network, they say it's a network, but I see a _program_ to install. How a
program is a network? What does it do?

~~~
roblabla
Tor is a network, and yet you have to install a program to connect to it. You
can think of the cjdns program like a driver that allows you to connect to a
cjdns network.

To answer your question on what it does : cjdns is a routing protocol that
intends to replace the current IP protocol. Like the standard IP protocol, it
needs a way to communicate with another node to function (the default
gateway). From there, you can communicate with the rest of the network. Your
packets will go to the default gateway, who will then redirect it to the
"closest node" recursively, until it reaches its destination.

You can setup cjdns over the current internet (essentially making cjdns an
"overlay network" like tor) using UDP, or through an ethernet link.[1]

CJDNS indeed works in a mesh : anyone can route other people's traffic,
somewhat similarely to tor. The only difference is that you need to manually
configure your "Entry Node" (to lift tor terms). See [0] for the reasoning.

About the name, the creator is Caleb James DeLisle, so I guess CJDNS stands
for Caleb James DeLisle's NameServer ? Doesn't really make much sense but I
don't see how bad a thing it is.

[0]: [https://github.com/cjdelisle/cjdns#2-find-a-
friend](https://github.com/cjdelisle/cjdns#2-find-a-friend) [1]:
[https://github.com/cjdelisle/cjdns/blob/master/doc/configure...](https://github.com/cjdelisle/cjdns/blob/master/doc/configure.md#connection-
interfaces)

~~~
lgierth
Caleb James Delisle's Networking Suite

------
jampekka
So the business plan is to become the oligarchs of the new network?

~~~
g_simonsson
Hopefully not! Ideally token allocations are fair and do not skew ownership
towards any individual or entity while still providing good incentives (we're
still working on figuring out what good allocations look like)

~~~
jampekka
Are there any public details on the Simple Agreement for Future Tokens?

Sorry for nagging, but I'm one of those skeptical of greedy people acting
maximally greedy saving the world as a process waste.

Edit: typo

~~~
g_simonsson
The main reason there's currently not more details around the SAFT and the
token model/allocations is that it would distract from the overall project and
tech, given the current hype of blockchains and tokens.

There's certainly economic incentives for all participants, and what I find
interesting is that since we're open sourcing all the code, anyone can easily
deploy another network with a different token (model).

This puts pressure on us to propose fair token model/allocations else we risk
disruption by forks or simply new Orchid networks.

------
dharma1
the project seems very cool. related:
[https://medium.com/@stevewaterhouse/how-token-sales-can-
be-a...](https://medium.com/@stevewaterhouse/how-token-sales-can-be-an-
instrument-for-social-change-91b6d01792d0)

------
xwvvvvwx
This is a funded startup.

How do they intend to make money?

~~~
HelloNurse
Sustainability isn't even the greatest concern: where there are customers
(people who pay for access to the network) there is a database of customers
(in order to allow authentication) that has to be kept out of the grasp of
government agencies.

~~~
saurik
Actually, that's the great part about what we are doing: it is all built on
Ethereum, so there is no centralized database, and the users are generally
pseudonymous! OK, you might then say "isn't that just a decentralized
database?", but in addition to a form of "probabilistic micropayments" that
ends up shrouding most of the participants, we are also working on integrating
other techniques to make the payments fully anonymous (and have brought on a
team of advisors which includes a professor of cryptography who specializes in
this area).

------
RoboTeddy
What's the weakest point in the design so far?

~~~
saurik
The answer you aren't looking for is probably something like "traffic
cloaking" or "connection bootstrap", but my personal answer to that question
is "so you sit down at a computer and download our software. you have a wallet
full of cash and credit cards... now what?".

------
storge
Is there any thought given to the response to a node operator who is
detected/proven to be operating the node for surveillance or compromise? What
would the response be? Will tokens not be sold to such a node operator?

~~~
saurik
The goal of our network is to make it so that the network is protected as much
as possible from users running compromised nodes. If you are a single node,
you should not be able to do anything against the network. As the number of
nodes you are in the system increases, the probability you will be able to
pull of various forms of attacks against users of the network also increases.
We are working on documenting these security tradeoffs in detail in our
whitepaper (and any attempt I make to describe them here will be less accurate
and thereby dangerous ;P).

However, it is worth noting at a super-super high level that we are hoping to
get a large number of nodes running the network and we have parts of our
system that involve proof of work in a way similar to a cryptocurrency
blockchain like Bitcoin. If a node in the Bitcoin network is operating for the
purpose of compromise, it need not be banned from mining blocks: the network
is designed in a way to make it so that such a node would not be able to pull
off the kinds of attacks that people care about unless it owns a significant
percentage of the resources being applied to securing the network. Our network
has similar properties.

~~~
storge
"We are working on documenting these security tradeoffs in detail in our
whitepaper (and any attempt I make to describe them here will be less accurate
and thereby dangerous ;P)."

Maybe a whitelist of nodes themselves? (mostly in jest there)

I suppose an agency with funding who can endlessly sockpuppet could gain a
substantial portion of network nodes, but if they're unable to censor more
than per-random-packet, a surveillance goal seems more likely. While this may
not meet conventional definition of 'censorship', I wonder of the chilling
effect. I suppose any such move toward a censorship-free network should expect
surveillance. c'est la vie.

Thank you for taking time to answer my question.

------
woodandsteel
This sounds like a great project. I have some thoughts on how to communicate
about it when it is ready to go.

With the general public, you might start with some things they are unhappy
about with the present internet, and for each of them explain how things would
be better for them if they used Orchid.

For the more techy minded, you could do a list of similar things like tor or
IPFS, and for each of them explain how Orchid is similar or different, and
what are your reasons for deciding to make it that way.

~~~
woodandsteel
A further thought. You should focus on comparing it with Tor, like maybe
making it the first one to compare with, since it is both similar and well-
known. And then maybe add on other ones.

Another thought: compare early on with Ethereum and IPFS. Yeah, they are
really different things, but as soon as you say web decentralization, people
who are not techies but read about such things will think of them, so you need
to explain early on how this is different so they get pointed in the right
direction.

------
dmitrygr
Ok, I wasted a few hours reading the whitepaper. It was just as idiotic as
you'd expect. Here are a few notes:

It seems like this takes Bitcoin and Ethereum electrical power waste to a
whole new level

    
    
      To produce a medallion, a peer takes a public
      key K , and the most recent Ethereum block hash
      E , then (iteratively or in parallel) locates a
      salt S such that H ( K, E, S ) ≥ N ,  where N
      is some difficulty scaling factor.
    

And with all that "an _anonymous_ " network _does not provide payment
anonymity_ (while amount paid correlated with amount of data sent). So this
will disclose how much data each user put into the network. This is valuable
if you can observe large amounts of data out of the exit nodes (like a
government-scale actor might). This might even allow correlation between data
and users.

    
    
      We will argue that The Orchid Payments
      (section 7.12) fulfill all but the
      anonymity requirement.
    

Yup... not anonymous at all...

    
    
      The pseudo-anonymity of Orchid payments
      is equivalent to what can be achieved in
      regular Ethereum transactions
    
    

But it gets better. While you can use anyone as a relay, you PREPAY them
before they do any work for you. This is claimed to solve the problem of
nonpayment, but nobody mentions the opposite problem: I take your money and do
no work for you. The money cannot be taken back - I own it now. cool.

    
    
      If there is some setup cost to Alice and
      Bob’s relationship ( S Alice , S Bob s.t.
      S Alice > xy, S Bob > xy ), the answer is
      yes.
    

And for fun, it also messes with SSL. Allegedly only "for good", but who'll
notice when this changes?

    
    
      (see the entire section 10 in whitepaper)
    

And then there is the completely not scalable method to prove you will route
as required by the network. For that you need to literally get EVERY node on
the network to sign off on the fact that you can route to them. So the size of
this proof, its computational cost, and the time to complete it will grow as
the network does. Total work done just to provide for network joining grows as
N^2. Oh, and god help you in case of temporary partitions (like has happened
in the internet a number of times when various underwater cables were cut).
For extra fun, nobody mandates you actually _do_ route anything. Only that you
prove you can. I see nothing in there that prevents packets from being
purposefully dropped after collecting payment for "forwarding" them.

    
    
      (see whitepaper section 11.5)
    

Oh, and if you thought this will provide _INTERNET_ access, you are mistaken.
Apparently HTTP w/ DNS only. As per whitepaper, exit nodes can filter based on
domain. I am not even going to mention that running an exit node without a
whitelist is idiotic (one user downloads CP, you go to jail). So everyone must
have a whitelist? And just how big do you figure a typical "whitelist" of safe
domains is? 100GB, 1000GB? Good thing you need to send it as a reply to _Get
Offers_ request.

    
    
      (see whitepaper section 11.9)
    

Blocking this is easy (as the whitepaper concedes) by DPI and blocking
Ethereum. Whitepaper claims "this will be solved later" but offers not even a
handwavy explanation of how this will happen while remaining compatible with
mainline Ethereum clients...

    
    
      (see whitepaper sections 12.3 & 15.3)
    

Of course, besides handwaving on "it will totally be ok"(tm), there are no
real world performance numbers.

    
    
      (see whitepaper section 13.3)
    
    
    
    

But funny most of all, these guys didn't address the simplest attack of all.
Pretend to be an exit node, /dev/null the traffic, pocket the payment.

My guess: the scheme is simply to raise an ICO and laugh their way to the
bank. (as always)

~~~
davidsalamon
(Note I'm David Salamon, one of the white paper authors.)

I agree with your payment analysis. As you point out, we explicitly disclose
that payments need modification before they will be at the level of anonymity
required for Orchid. Anonymous payments for the Ethereum platform are being
worked on right now by very talented teams. As we don't believe we have
anything substantial to add to that conversation, we are deferring to them,
and will simply audit and adopt the methods they design as soon as doing so is
feasible.

> And for fun, it also messes with SSL. Allegedly only "for good", but who'll
> notice when this changes?

This is a fully general argument. Even if we didn't check the validity of
certificates (which many phone apps don't do but should, hence our adding the
feature), couldn't you still claim we might act maliciously in the future
without anyone noticing?

(As you don't point out, our software will be AGPL3 licensed / open source. If
one person notices and says something, everyone will notice. This is the logic
behind trusting Linux, OpenSSL, Tor, etc... Are you aware of a better
solution? I'm skeptical one exists.)

> Total work done just to provide for network joining grows as N^2

No, connection proofs are O(routing_table_size * per_element_proof_length).
Routing table size is O(log(n)) and per-element proof length is the routing
tables of the point-to-point route taken O(log(n)^2), so the proof is
O(log(n)^3) -- likely much less in practice, as the successor and predecessor
nodes are very likely to share _every_ connection that the joining node needs
to make.

This is good feedback, we should explicitly do that calculation in the
whitepaper, added to the TODO list. Thanks!

> Blocking this is easy (as the whitepaper concedes) by DPI and blocking
> Ethereum. Whitepaper claims "this will be solved later" but offers not even
> a handwavy explanation of ohw this will happen while remaining compatible
> with mainline Ethereum clients...

The data which needs to be received is already defined by Ethereum's gossip
protocol, so in theory adding Ethereum proxy support would be trivial. (Just
proxy Ethereum traffic the same as any other traffic.)

We have not specified that, however, because we are worried about the
possibility of a malicious proxy hiding some transactions from a customer.
Once we feel like we have a good handle on how to analyze these kinds of
attacks, and have a solution which mitigates them, we will add a solution to
the whitepaper. This is somewhat outside our core product, and so has suffered
a bit of neglect. It might be as simple as just receiving gossip from multiple
independently chosen Relays, but I'd like to be more sure before making that
the official method.

> Of course, besides handwaving on "it will totally be ok"(tm), there are no
> real world performance numbers.

We felt that publishing real-world performance numbers would be best left
until after there was a real-world system.

> But funny most of all, these guys didn't address the simplest attack of all.
> Pretend to be an exit node, /dev/null the traffic, pocket the payment.

We do in a way. If a proxy behaves this way, Chrome disconnects, resulting in
the attacker not being paid beyond a couple of kilobytes. This is not
profitable, but still annoying. So the attacker causes a widespread nuisance,
spends most of their time waiting for new customers, and suffers the loss of
their CPU to proof-of-work. It's not profitable, but I expect some users will
still do it for the lulz.

> My guess: the scheme is simply to raise an ICO and laugh their way to the
> bank. (as always)

(Note I'm not a cofounder)

I joined in spite of not being able to negotiate myself to anywhere near
cofounder levels of token ownership -- I would probably have made more by
accepting a different job doing mobile A/B testing software company.

I do think some of the cofounders are very much in this for the money, but I
also think every single person on this team hates what's happening on the web
with respect to privacy and censorship. If that changes, I'll probably end up
leaving and working on this separate from them. (Well, or demanding more
money?)

So basically: if I don't quit you can conclude they've either paid me to keep
quiet, or I still like them. Best I've got for you.

> Ok, I wasted a few hours reading the whitepaper. It was just as idiotic as
> you'd expect. Here are a few notes:

Thank you very much for your feedback, sorry you felt it wasn't worth the
time. Maybe next draft? :p

~~~
dmitrygr
> Maybe next draft? :p

Looking forward to it :)

Also, what about the other half of my points? ;)

~~~
davidsalamon
> Also, what about the other half of my points? ;)

Oh, sure, sorry about that. Did you edit the post I replied to? It looks like
I only missed two points:

> But it gets better. While you can use anyone as a relay, you PREPAY them
> before they do any work for you. This is claimed to solve the problem of
> nonpayment, but nobody mentions the opposite problem: I take your money and
> do no work for you. The money cannot be taken back - I own it now. cool.

Relays are sitting there burning their CPU while they wait for a customer to
show up. This is a continual cost, which makes Relay/Proxy operation
unprofitable unless they receive a steady stream of transactions. If they
"take the money and run" they only pocket the initial payment, maybe as much
as a couple kilobytes of bandwidth in tokens. If they "take the money and
stay" they get a stream of payments from the customer. Therefore it's
economically irrational for them to run -- the PoW's cost makes them boundedly
trustworthy if they are economically rational.

(I sort of covered this in the /dev/null attack you proposed, as it's the same
case except /dev/null has the attacker also uploading a bit of useless
traffic. I should have been more explicit.)

> Oh, and if you thought this will provide INTERNET access, you are mistaken.
> Apparently HTTP w/ DNS only. As per whitepaper, exit nodes can filter based
> on domain. I am not even going to mention that running an exit node without
> a whitelist is idiotic (one user downloads CP, you go to jail). So everyone
> must have a whitelist? And just how big do you figure a typical "whitelist"
> of safe domains is? 100GB, 1000GB? Good thing you need to send it as a reply
> to Get Offers request.

Lol, yeah. Whitelists are dumb, but (as we seem to agree) not having them is
dumber. I agree with your analysis. If they do become 100GB, etc we'll add
queries to mitigate the size issue ("hey, do you support xyz.com?"), or any of
the other relatively well studied solutions here (have I finally found a use
for bloom filters? Unlikely.)

More broadly on the whitelist issue, my hope is that paying Proxies will
result in actual "Orchid Proxy ISPs" springing up, which will have empty
whitelists, actual legal protection as ISPs, etc. That's the beauty of real
money being involved. Whitelists are there as a stop-gap while the market is
being built.

------
flotillo
Why promote it now when you have nothing to release? Without any actual
software to use and test, this just comes across as the usual overhyped ICO
vaporware.

------
zzalpha
How is this different from Freenet or Tor?

~~~
saurik
(edit: When I wrote this answer, the person I was responding to had not yet
added "or Tor".)

Freenet builds its own domain of content where people post websites that are
hosted in a distributed fashion by the platform. What we are working on with
this initial implementation is a fully-decentralized tunneling service to
access existing content posted on the internet (so if you were to compare it
to an existing technology, you might look at Tor, or the "out-proxies" from
I2P).

~~~
zzalpha
So what are the benefits over Tor?

~~~
HelloNurse
It seems _intended_ to be more anonymous and decentralized than Tor, and safer
thanks to the strength of numbers, but their whitepaper is diseharteningly
incomplete and disingenuous, particularly about problems that are shared with
Tor.

For example:

"The distribution of Entry Nodes is a difficult topic. If oppressive
governments are able to access this list, they will block user’s abilities to
access the list."

Or simply, you know, go after whoever runs entry nodes. Or run their own entry
nodes and, even if they can't compromise the network, trace the evil
cypherpunks who want to use encryption.

Unfortunately, some practical and political problems cannot be solved with
improved cryptography.

~~~
g_simonsson
Certainly incomplete as it is still a draft, though I'd contest
"dishearteningly". Also, why do you find it disingenuous? We're not shying
away from what entry nodes and bootstrap of user clients is one of the hardest
problems to solve.

------
diaperIITB
How is the route decided? If it uses a centralized server for that, then
wouldn't it be easy to block that.

~~~
saurik
We definitely do not have any centralized servers. The currently-specified
mechanism to determine routes is that they are decided by connecting to a
distributed peer-to-peer network that is modeled in many ways after a
distributed hash table, at which point you do lookups of random keys in the
hash space, which results in a randomized scalable lookup. There are
mechanisms in play (and which I assume are already described in our in-
progress whitepaper) to protect against eclipse attacks, sybil attacks, and
some other miscellaneous attacks on the routing infrastructure. That said,
this is also some ongoing work, and we are actively engaging with and being
reviewed by people both in academia and in the field with respect to our
techniques.

------
woodandsteel
This sounds like a good idea. One problem with things like tor and i2p is you
want to have tons of traffic so as to hide things from the various spies, but
it is hard to get enough people to support nodes. Add a token and perhaps that
problem will be solved.

~~~
tlrobinson
A token seems to solve the supply side (relay and exit nodes) but what about
the demand side? Why would anyone who doesn't care about subverting censorship
or surveillance pay for this?

~~~
g_simonsson
Because people currently pay for VPNs, and Orchid effectively provides some of
the features of VPNs, with the added benefit that there is no central VPN
provider who logs your (meta) data and sells it for profit.

And as Orchid is a P2P market place with no middlemen or fees, it should find
a market equilibrium that is more efficient than VPNs, with a lower price per
data relayed.

~~~
woodandsteel
>people currently pay for VPNs, and Orchid effectively provides some of the
features of VPNs, with the added benefit that there is no central VPN provider
who logs your (meta) data and sells it for profit.

When you roll Orchid for use, I think this should be stated prominently on the
web page as a way of selling it. Something like "If you are like millions of
people, you use a vpn. But vpns have some problems" and so on.

------
ubertaco
It seems like it's like Tor, except instead of just paying my ISP, I also now
get to pay more money to use this new POC protocol with a subset of Tor's
features. Am I missing something?

------
axonic
In 5 years, how might this be changing our lives? What will I think of when I
look back and think "I'm so happy that they created Orchid"?

------
halite
When are they doing ICO!?

------
MentallyRetired
What would convince my mom to use this though?

~~~
saurik
So, I don't know your mother, and can't say what kind of extreme technical
needs she might have as part of her lifestyle or job; but, I guess I will
presume you asked this question from the depressingly stereotypical
perspective of "assuming peoples' mothers are not very technically skilled as
they are older women, how would a mother use it" and answer your question
anyway :(.

So, she might not use the first version, and if she does it might be installed
or otherwise set up by you (so this hinges a lot on how much she trusts you
;P) or another friend of hers. However, we are building a simple user
interface to make the experience of using it friendly and pleasant, and I
guess it is worth adding that we also chose a name that we hope does not turn
non-technical users away ;P.

~~~
tlrobinson
So the reasons she might use it are:

* you install it on her computer

* it has a simple user interface

* it has a non-technical sounding name

Is that correct?

What if you reinterpret "my mother" to be "average internet user, in a country
with average internet freedoms, who doesn't read HN etc"?

~~~
saurik
You could make that same argument about VPNs in general, which happens to be a
25-30 billion dollar industry. While I may or may not have reasons why a
random "average" person might use this service, I find the question
confusing... is the product not capable of being a success if people exist who
don't want to use the service?

This kind of question always comes up for just about every service ever
developed, and as the discussion continues the goalposts tend to shift and the
user gets less and less sophisticated and more and more stubborn until at some
point you demonstrate a user exists for which I can't prove they want it, and
then victory is somehow declared. It is a sport I don't see much interest in
playing.

To flip the question: we are providing a replacement for a service that
already exists which is used by people worldwide and makes up a sizable
market; our replacement is more secure and likely to cost less. Given that
beachhead, you can now ask "who else would want to use this service if only it
were cheaper and more secure?", and have a really fun brainstorming session.

~~~
tlrobinson
If the answer is "the same reasons someone might use a VPN or Tor" that's fair
enough, and a much better answer than "you install it on her computer".

(Though there are a variety of use-cases for VPNs and I doubt Orchid addresses
most of that $25-30B market)

------
Taniwha
Can I set up a relay node now?

~~~
saurik
Sorry, but we have not yet finished writing the code for this (let's just say
it: "my fault" ;P). Even _I_ am currently unable to start and integrate a new
relay into a running network; this should be fixed in the near future and we
will have all of our code available as open source under the AGPL3 license,
and will be working hard to build up an inclusive community around the
project.

------
neom
Who is this being built for?

~~~
g_simonsson
Anyone who wants to access the Internet without being surveilled or censored,
and for anyone who wants to earn tokens by offering their bandwidth for
relaying such traffic.

------
TazeTSchnitzel
It's Tor but with a worse website and more decentralised?

I think the website could be better if it said right at the top what it
actually does and what it offers over competing services.

~~~
r0fls
Are you talking about
[https://www.torproject.org](https://www.torproject.org)? We have different
standards for websites it seems. That looks like it jumped out of the mid 90s
to me.

~~~
TazeTSchnitzel
Tor’s website actually tells you what it does.

And the design is nothing to scoff at. It’s not hip, but it’s functional and
readable.

------
anotheryou
buzzwords I see. what does it do?

~~~
floatboth
Like Tor, but with capitalism.

Financial incentive for running relays.

------
tbodt
As soon as I see "Ethereum" I stop reading.

~~~
macawfish
Call me zealous, but I'm the same way. I'm wary of the potential for monetary
incentives to skew actual demand. I've seen how digital advertising has more
or less destroyed much of the internet. Hopefully decentralization will
prevent monopolies or oligopolies from forming, but I'm not so sure about
that.

At this point, it's hard to say what actual distributions of wealth might look
like if people start using cryptocurrencies in their daily lives, for example
to route traffic over a network. But at the moment, the distributions of
wealth are quite nuts. But if there is an overall "unfair" atmosphere in the
crypto-economy, it's could make depending on this system of routing kinda suck
in the long term, especially if peoples actual livelihoods are under the
pressure of massive ad gaps. People "sell out" when they're perceiving some
stress.

If we go 'all-in' on this kind of system, it might actually end up creating
the same kinds of de-facto power imbalances we see today with conventional
social media.

I'm not anti-cryptocurrency either. I actually own a little bit of
cryptocurrency. I'm curious about its potential to dissolve existing dominance
relationships non-violently. That said, I don't see it as an end. Moreso, I
see it as a potential conduit of healthy, non-violent economic chaos.

I also recognize that this strange new alien could be "out of the frying pan
and into the fire".

~~~
storge
I read your comment and I picture a sort of information balkanization via
endless whack-a-mole of privacy tech and organizational surveillance.

It may just be how it will ever be.

~~~
macawfish
Information is the real resource.

------
risho
I saw this, realized I had never heard of it, and knew right away it had to be
a blockchain. It all falls into place. Moving on.

