Hacker News new | comments | ask | show | jobs | submit login
Orchid: a new surveillance-free layer on top of the existing Internet (orchidprotocol.com)
378 points by apsec112 on Oct 28, 2017 | hide | past | web | favorite | 188 comments

Hello! My name is Jay Freeman (saurik), and I was both deeply involved in the design of Orchid's protocol as well as in charge of the initial implementation of the networking and routing logic, and am happy to try to answer any questions people might have about what we are working on!

(edit:) g_simonsson, who now has an account on Hacker News and has joined this thread, is Gustav Simonsson, another developer working on this project in charge of our smart contracts and payment logic. He was one of the core developers who worked on Ethereum, specifically focussing on blockchain security.

1. Based on the paper, it seems ORCHID by itself (without bandwidth burning. not sure if this is trivial to get right. is there tooling?) is as vulnerable to traffic correlation attacks as one might expect. Are there any other known weaknesses? I would expect a "limitations" section in red letters on the front page, instead of the nebulous and likely wrong "the NSA can't hack it either" claim.

2. Given that todays secure overlay networks generally offer extremely bad performance in the Mbit region compared to using the underlay where 10G uplinks are becoming widespread for servers, and the extra hops increase latency, do you think secure overlays will ever be near enough to underlay speed to become widely used? Do you have experience how well ORCHID scales up? And out?

[edit: Don't mean to sound too harsh. I am very glad you're doing work in this area.]

1) First off, as a fast apology and as mentioned lower in this thread, that FAQ answer about the NSA was rewritten two nights ago and failed to end up on the website; the updated answers have now been pushed (to say "Yes", actually, as the first sentence, instead of "No" with a qualification that essentially changes the answer to "well, yes").

That said, you are absolutely correct, and my colleague and long-time friend David Salamon (the person who has been the lead author of the whitepaper) wants that to be very clear. We are implementing bandwidth burning (and are even discussing some interesting extensions of this scheme involving both Turing-complete-w/-limited-execution-time programmable bandwidth burning as well as a form of global bandwidth burning), so whether you call that a "known weakness" for all of Orchid or not is slightly confusing ;P.

When we have actual software that someone could possibly use I am going to be pretty adamant that there are good disclosures in the UI with respect to the security tradeoffs, and for right now the whitepaper goes into extreme lengths to qualify what is or is not possible, in our current understanding, with and without bandwidth burning in place. (We are also looking into taking aspects of the algorithm and building it out with a proof assistant to have even greater assurances.)

2) One place where Orchid will hopefully shine (in the future tense, as this part is decidedly not yet implemented) is that we are working to allow multiple routes to/from the destination exit node using a scheme similar to MPTCP, which solves a lot of the bottleneck issues you normally find running through an overlay network.

please note that we at Delft University of Technology have been working on a similar bandwidth-as-a-currency system since August 2007.

BBC New article from 2007: http://news.bbc.co.uk/2/hi/technology/6971904.stm Running decentral market code and tech portfolio: https://github.com/Tribler/tribler/wiki

Notes after reading your whitepaper, latency and complexity matter. We copied the Tor packet layout and deployed a simple NAT puncture method to avoid difficulties. Your proposed approach looks like many years of work.


In general some of the hardest problems / known weaknesses of the protocol at this stage is:

* Client bootstrap - what entry nodes to connect to? (saurik answered this in response to other questions)

* Current software connects to Ethereum nodes using an Ethereum light client, as Ethereum network traffic is not hardened it can easily be fingerprinted and blocked by GFW and others.

* Difficulty of medallion Proof-of-Work, basically it boils down to that if it's easy to join the network as a relay or exit node, then it's easy for a large attacker to join with many nodes. Making it harder for attackers to join / maintain active position in the network also makes it harder / more expensive for regular nodes.

* Payment anonymity. Currently it's as pseudo-anonymous as regular Ethereum transactions. Whitepaper has some discussion on future improvements there.

(2) The main driver here is economics - relay and exit nodes are paid by users for their bandwidth and relay of traffic. This forms an emergent, decentralized market that hopefully will find an equilibrium where there is plenty of overlay/secure bandwidth available at what the market prices it.

So far our models and simulations on this are limited, so we cannot make strong statements on how this will scale in practice. However, if we look at Bitcoin/Ethereum transaction (miner) fees, we see a live example of a working decentralized market that is very responsive and adjusts to supply/demand without any central intervention/control.

The FAQ says you can break through the Great Firewall of China. I believe that you can in some limited way now by flying under the radar, but I absolutely do not believe you could maintain that ability if this became widely used and targeted specifically by the authorities. What would you do if they started really cracking down on Orchid?

We actually received that question from a reporter yesterday, and I wrote an answer (one which is in the new version of the FAQ that hasn't been pushed :/) that I vetted against the other security people working on our protocol, so before I write something one-off, I'll copy/paste that and see if it is sufficient (as I'd prefer to not accidentally make any security claims that we are not prepared to stand by ;P).

> We are working on techniques involving "traffic steganography" that will make the the traffic used by Orchid look like "normal" internet traffic (such as web requests and video calls). There are also existing simpler techniques such as "domain fronting", where you send your traffic to a large company such as Amazon--one which uses a CDN to efficiently route traffic--and cause their CDN to forward your traffic to your servers; this has been used successfully against the Great Firewall of China in the past.

> Of course, we also need to hide the list of destination servers, as otherwise these could be collected by the adversary and blocked outright. Our current solution to this involves cycling through large numbers of random IP addresses on various hosting solutions, which we believe will force anyone trying to block our traffic to end up blocking large areas of the internet--such as every server being hosted on Amazon Web Services--which would cause a serious problem for Chinese businesses and residents.

> For more information on this, see our discussion of Firewall Circumvention Features (Section 12) of our whitepaper.

Whitepaper abstract says you use "A blockchain-based stochastic payment mechanism with transaction costs on the order of a packet". But how is such a blockchain transaction scalable to the entire internet when considering that it does a transaction for every packet? (pretend you're talking to someone who won't read the article).

The actual payment tickets (a small data structured signed by the sender) may be sent every 100 packets - we have yet to configure this. The cool thing is that we could send one ticket per packet, but likely that would be too much CPU overhead (ECDSA verification is bottleneck when verifying a ticket)

Hi, another author from the paper here.

> Whitepaper abstract says you use "A blockchain-based stochastic payment mechanism with transaction costs on the order of a packet". But how is such a blockchain transaction scalable to the entire internet when considering that it does a transaction for every packet? (pretend you're talking to someone who won't read the article).

I'd like to add to Mr. Simonsson's excellent answer that stochastic payments allow you to remove "dust-type" transactions from the blockchain.

Imagine I wanted to send you $0.01 100 million times, for a total of $1 million dollars. Let's also imagine that the transaction fees associated with 100 million blockchain payments are high enough that we'd like to control them. If instead of actually sending you $0.01 each time I send payment, I send you a provably fair lottery ticket with an expected value of $0.01 (for example, a lottery ticket with a 1/10,000 chance of being worth $100), this doesn't change the number of payments I need to send you, or your expected profit, but will decrease the number of transactions which need to be committed to the blockchain by the inverse win-rate (in our example, we'd reduce the number of transactions by a factor of 10,000). This allows the effective transaction costs to be arbitrarily low, down to the order of a packet (as at that point, physically sending you the lottery ticket starts to dominate the transaction costs.)

I'll bite with the simple one - How is this different from Tor?

(IMO this and the 'how do you plan to make money for investors' should be in the FAQ)

There are a number of differences (which one might say would take an entire whitepaper to describe ;P), but as one high-level and in my mind very interesting example, Tor actually is a centralized service where nine directory servers are able to decide the state of the network; we are accepting nothing less than a fully-decentralized system.

I'd really like to see a comparison to TOR. Because honestly, from randomly clicking through the website I don't see why you're better than TOR and why I should use ORCHID.

I cannot (easily) find answers to pretty much every question I have, and sorry, I'm not going to read through a 50 page whitepaper before I decide if it's worth it.

What is it, onion routing? There's some talk of ethereum, so presumably you can get eth for spending traffic? Exit nodes? hidden services? (I'm not going to run an exit node for obvious reasons)

Maybe I'm just tired or stupid but I can't really find anything that isn't marketing blurbs without going through the whitepaper?

"I'm not going to read through a 50 page whitepaper before I decide if it's worth it."

It sounds like this project is probably a little too early stage for you then?

Maybe let people play with it for a couple if years and distill it down a bit. If it still exists maybe try again.

> It sounds like this project is probably a little too early stage for you then? > Maybe let people play with it for a couple if years and distill it down a bit. If it still exists maybe try again.

I don't have a problem reading a whitepaper. But there's approx. 12 billion new etherum startups a day. So I just think a little tl;dr would be nice to know if it's something I care about. Because right now I don't know if I should care early stage.

If only there was a document describing the details of the design that you could read

I mean, I already said I know about the whitepaper. I'm very sorry that I ask for a bit more of a tl;dr of it when there's another new hot blockchain startup. Eh, you know, one of those you see every other day. Why not leave it to them to decide if they want to acknowledge my feedback or not?

I'm not forcing anyone to do anything here.

Yeah, I have the same problem. My solution has been to ask specific questions, saurik is good at answering those.

That isn't very precise.

Tor's nine directory servers are not run by tor itself. One employee runs one of the nine, the rest are different people from around the world, with different affiliations who are not under the control of Tor. You must get a majority of the directory servers to block something from the network, before it will be blocked. Its not any one of the nine that can do it, they need to convince five other people, none of whom they control, to also block before it is actually accepted.

How do you plan on dealing with abuse? Sybil attacks, or bad actors on the network?

How do you solve the problem of penetrating NATs and firewalls without relying on a central coordination server?

If I understand your question correctly, and you are looking at "how do we do hole punching and NAT traversal without a way to get your canonical external IP address", in addition to techniques that don't require that kind of functionality (such as modern routers with UPnP port forwarding support), other nodes on the network can run something analogous to ICE servers (we have yet to decide if it should literally be STUN or if we need to integrate it into the security model), so all you will need is the address and public key of another node (which you will need anyway in order to connect to the network).

>so all you will need is the address and public key of another node (which you will need anyway in order to connect to the network).

But this begs the question. How does the user get the public key and address of a node without connecting to a public directory? How does he know he's connecting to something trustworthy?

Oh, I'm sorry: because I have been living and breathing this for months, it is very easy for me to assume context :(. Once you connect to the network, you are able to judge the size of the network to know you aren't on a fake network (this is a scenario similar to judging the size of the longest chain of Bitcoin blocks) and you are able to verify signatures of routing table entries (which have been built up as the network was formed by nodes verifying reachability properties of other nodes), which itself is more trustworthy due to proof-of-work and "cryptographic puzzles" which are used to make the cost of sybil and eclipse attacks prohibitively high.

Given that context, you really just need the address of any node, not the address of a particularly "trustworthy" node, so you can get one from a friend's client or from a random website. We have discussed some alternatives, such as being able to put out a bounty on an existing peer-to-peer cryptocurrency blockchain (one which would have to not itself be fully blocked for you, of course). We also have been getting interest from some people in academia who have a number of other techniques, which again are mostly viable because of the background that "what if we can provide enough mitigations in the network itself and use what has been learned from blockchains to mean you don't need to find a trustworthy node".

Do you have a reference implementation of using WebRTC as a networking layer?

As far as I've researched, I've not seen anything which would enable reliable NAT traversal which wouldn't also make the network traffic trivially identifiable.

STUN works only for certain types of NAT and requires servers which aren't behind NAT. TURN is an external proxy, so can easily be identified by monitors of the network.

The concept of Orchid seems nice but the actual implementation seems very hand-wavy.

>The concept of Orchid seems nice but the actual implementation seems very hand-wavy.

Yes that was also my conclusion.

Is this anonymous like tor or i2p? if so, how do you do it?

That is a very broad question that I keep looking back to and thinking "I'll answer other questions and get back to this one ;P", but I'm thinking maybe I should simply refer you to the almost 50-page whitepaper on our website. I am here to answer any questions you might still have (and I totally believe you will, as that whitepaper is a draft)!


The whitepaper is way over my head

How about a more specific question. If someone uses Orchid to accesse a website, can the website identify their IP address?

The website will see the IP address of the exit node connecting to it, not the IP address of the user connecting to the network. You can then ask the question "what if the people running the website are also running nodes on this network and are actively attempting to do various forms of information correlation attacks including active experiments on the traffic flow", then I really am going to have a hard time accurately summarizing the whitepaper.

However, I see now that I didn't bother answering your first question, due to the complexity of the second ;P.

> Is this anonymous like tor or i2p?

The answer to this question is "yes", though we are aiming to be even better than those projects (in different ways).

Thank you for your answer.

Hi Jay! Are you guys planning to take advantage/contribute of/to the libp2p project (https://github.com/libp2p)? Looks to me that some of the introduced standards/formats (e.g. multihash, multiaddr) could be adopted. This again would lead to an increased significance of libp2p. Regards, Marc

Using PoW `Medallions' on top of a PoW blockchain to prevent Sybil attacks seems redundant. Why not just require Ether commitments from bandwidth providers? Users can then set a configurable threshold for commitment lengths/amounts according to individual needs.

This is the first I'm hearing of probabilistic payments. Are you aware of any other systems, proposed or operational, using this to pay for bandwidth? It seems like a natural fit.

While not very well described in the whitepaper, the system actually uses token commitments to verify source nodes. Relay and exit nodes verify that the connecting source node has enough token committed (locked up in an Ethereum smart contract) before and after accepting connections / payments.

The only two operational systems I'm aware of using probabilistic payments is blockchain Proof-of-Work, where mining rewards can be viewed as probabilistic (though with annoyingly high variance) and blockchain-based lotteries.

IMO probabilistic payments can replace payment channels in quite a few blockchain-based systems such as https://gridplus.io/ (basically in systems/apps where a service is provided that is (very) granular and continuous (video streaming would be another example))

I've seen your name somewhere before..

Your Wikipedia page shows that you have something to do with Cydia, which is unlikely for me to remember but I guess that's it.

FWIW, my name was pretty prominently in Cydia, so if you ever used it, you saw it a lot ;P.

1. The web page says open source repeatedly. Where's the code repo?

2. What's your privacy policy? What do you log, and what could you log (but swear you aren't)?

3. What's the open source license?

4. What's your code rights assignment document?

5. Does this differ from "Tor, but supported with a cryptocoin to buy exit bandwidth instead of hoping for donations"

6. That's a lot of investors. How long do you expect to have to supply servers and bandwidth before the network reaches self-sufficiency?

7. What are the threat models this addresses?

8. How do you vet new nodes to determine that they are not being controlled by [DC|Beijing|Pyongyang|Ottawa|Moscow|Paris|...]? In particular, if one entity controls more than 50% of the nodes, is it likely that they can trace who is requesting what?

9. Are you planning on making this affordable by civil rights activists in poorer regions of the world? How so?

1) The implementation is not done yet, but the code will be available in the near future (I believe on GitHub, which for people who have met me or seen any of my talks makes me sad, but of course that is where all the cool kids are these days).

2) The network is not a centralized service. Assuming I understand your question (and I probably do not), one may as well ask where the privacy policy is for Bitcoin. When the network launches, there will be nodes run by us, and one could believe they are logging in a way that is different from other nodes. This is something that we are sensitive to, and, if there are any such modifications (and it is not clear that there will be), they will all be available and visible to the public (as even required by our choice of open source license!). Of course, I can make no such claim for nodes run by other people or companies, but that is always the case and we fall back to the underlying security properties of the network.

3) AGPL3

4) This is still being worked on, partially because I think it is incredibly important that we make it extremely clear to anyone who does give us copyright assignment that the code they give us won't one day be forked by some future version of the entity that owns the code to build a closed-source project, and getting that right in a way that it can't ever be changed is legal time we haven't finished allocating.

5) Yes! As one high-level and in my mind very interesting example, Tor actually is a centralized service where nine directory servers are able to decide the state of the network; we are accepting nothing less than a fully-decentralized system.

6) I do not have a particularly precise answer to that question, but the answer I believe in is "not long at all", particularly given that users pay for the bandwidth they are using from other people. Under one argument, we would be self-sufficient instantaneously because any bandwidth being routed through a server we set up to help bootstrap the network would be paid for by a user.

7&8) This is a question that would lead to a very detailed answer, and so I hope I can refer you to our in-progress whitepaper. If you have any further questions, I would be happy to try to get them answered ;P.

9) It is my personal opinion that, as bandwidth is a "wasting good", that it will be extremely cheap to purchase bandwidth. I will refer you to section 7.2 of the whitepaper, "How Much Will a Packet Cost?".

They call it a protocol but this is very much a startup/ICO, having raised nearly $5m in seed. Not that there is anything wrong with this, it seems like a very cool project. But it does seem to be very intentionally presenting itself as something that is closer to a not-for-profit a la Tor.

It is maybe worth noting that we had actually looked into whether we could be registered as a non-profit and still raise money by these means to build out our implementation and market it to the world, and that was simply not possible :/. We are, however, all deeply committed to open source, and are working on how to best ensure that this is enforced in the company's charter (such that even if there are any future changes, there will never be any fear).

All of our work is to be released under the AGPL3; and, while we have filed for a patent, we will be licensing the patent to the world in a manner similar to how Mozilla manages their patent portfolio. Brian Fox, who is in charge of making sure we have a successful and inclusive open source project, was the original developer of the bash shell, was for a while the maintainer of GNU emacs, and was the first employee of the Free Software Foundation (as Richard Stallman was a volunteer), and so is keenly aware of how important it is for technology to be available to everyone.

This is.. very exciting & excellent :)

Very interesting. Visited Noisebridge a while back and there was a post on the door telling visitors what to do when the FBI visits to ask about the TOR exit node. I wonder how this tool avoids the exit node problem.

Also, from the FAQ:

>Can't NSA just hack into this too?

>No. Because of its fully decentralized approach, distributed architecture, and the size of the global network, Orchid cannot be easily hacked by any single government or entity.

That's not really a satisfactory answer. First, it doesn't answer the question. The question was not "can NSA easily hack into this." And I don't think the NSA is necessarily deterred by something being not easy. The bar needs to be higher than not easy, even if "not easy" is a polite understatement. Also relying on the size of the network means there is a bootstrapping problem, right? Hopefully they will get there.

This doesn't mean the system is bad... I'm just saying the FAQ answer is bad.

On the positive side, given the cred of some of the people involved (saurik!) I am optimistic this may well have a shot at working.

Ugh. FWIW: we agree. That FAQ answer was rewritten, and it failed to go on the website.

Here is the updated text that was written a couple nights ago by one of the people who helped design the protocol with me after being confused by the answer on the website.

> Yes. Our initial release targets China as the adversary, which is a more tractable problem. We may implment full Chaumian mixes in the future (which are immune to metadata/traffic analysis), but they are unlikely to be complete for our first public release.

Would you consider changing "China" to something like "Chinese government"? Or, if I'm understanding it correctly, maybe something like "Our initial release operates with a threat model of an authoritarian government's internet censorship, such as those seen in China, Turkey, or Russia."

I agree with this edit and have made a similar change, pushed it to our server, and are poking others for review. Thank you for your feedback: that is a much clearer answer (as otherwise it sounds like China is hacking into places as opposed to "we mean their firewall").

I understand the plan is to be open source, but can someone help me understand why it's not developed in the open? I mean, you can tell people you're not accepting external input at this stage, but why not let people watch it being developed? I can't think of any reason that doesn't make me think that the goal may be openness/transparency but not the practice. Or did I miss the link to the repo?

This is an interesting question; one which I feel for greatly, and one which we have been discussing internally. Not having this detail worked out before going public was probably a mistake of ours, particularly as now we keep getting distracted, but we are rapidly working on addressing the issue as quickly as possible. I am going to give you an answer to this but want to stress that this answer has not been vetted through anyone else and is a look behind the curtain (and I hope you can give us a little benefit of the doubt here, at least based on the track record of some of our developers).

One issue is that we have put a lot of effort into the whitepaper, and we really want people to review the concepts in the whitepaper and give us feedback on that, but I will say that it is highly likely (if not a foregone conclusion) that if we have source code available, code which we know isn't done yet as the whitepaper design has been leading ahead of the implementation in the code, that we are going to have people only downloading the code and giving us feedback on the code... but what we really need is feedback on the design, not the first draft implementation :(.

On the other side of this, our team includes someone from the Free Software Foundation who feels some strong moral pulls towards doing all of the development in the open immediately and yesterday. I have made sure that my code is ready to release on a moment's notice and still feel proud about what is out there (though there is one last super high-level thing in the organization of how the code for the network connects with code for services that I want to fix tonight, and issue that will be much easier to deal with fixing at the git level if I didn't think I'd be breaking anyone's clone).

Thank you very much for the response. I empathize with the noise-vs-signal concerns with premature public feedback. Just wanted to share my thoughts because the first thing I look for in these cases is code. While y'all's credentials are clear, we've just seen so much snake oil in the decentralized tech industry.

There is no code. This is a cash grab. The author politely states they needed review of white paper concepts, so no they are not sure it will even be worth writing. The idealology of decentralization also reforms the patent system, so this project will fall like other over hyped icos, will get normalized on listing. Probably a huge discount for "seed".

Yet... there has been no monetizaton mechanism described that doesn't involve us releasing code, as we have been very clear that we refuse to do a token sale until such time as we have a fully working system. So, I am not sure how your theory works out here, but it will be interesting to see if you comment back here once we release code for you to actually run.

As for why we want whitepaper feedback: that is because we believe in peer review of design.

Why were venture capitalists interested in funding this?

What do they get out of it?

How and when do you intend to ‘exit’?

(Apologies for the skeptical tone, I think this seems like a cool idea.)

Good question, especially since we made it clear to them that we have no business model and no plans to ever have one.

There is a fixed number of Orchid Tokens that are used for payments within the network of relayed traffic (source nodes pay relay and exit nodes).

The only way for anyone to gain financially is for these tokens to appreciate in value, which is tied to the utility of the network.

So there's no exit, rather it's a continuous token incentive for all stakeholders similar to the Ethereum network which was funded by selling the promise of future tokens.

The only way for anyone to gain financially is for these tokens to appreciate in value...

Sounds like a security.

Opening the Chinese market? As it stands the GFW implements a rather strong protectionist barrier. I've long suspected that to be it's main purpose.

Very good question that I'm curious about as well. The cynic inside me could think of some nefarious reasons, but I can also imagine some legitimate ones, such as taking a cut of the eth made in bandwidth transactions, and opening up markets for other services that were previously impenetrable, such as China.

> This would be a disruptive inconvienance [sic] for Chinese business people, deeply effecting [sic] commerce, as well as quality of life for the average Chinese citizen.

This sentence has two typos. It should be changed to:

> This would be a disruptive inconvenience for Chinese business people, deeply affecting commerce, as well as quality of life for the average Chinese citizen.

But TBH, stating that the lack of WebRTC or VPS web hosting would, "deeply affect the quality of life for the average Chinese citizen," seems like hyperbole. Maybe:

> This would be a disruptive inconvenience for Chinese business people, deeply affecting commerce and web access for millions of Chinese citizens.

You caught this answer right before it was updated with a much longer answer that I had written a couple days ago (and which fixes at least one of those typos). Would you mind reviewing it to see if you still think it is a stretch?

> we believe will force anyone trying to block our traffic to end up blocking large areas of the internet--such as every server being hosted on Amazon Web Services--which would cause a serious problem for Chinese business people, deeply affecting commerce, as well as quality of life for the average Chinese citizen.

Not really. China has several replacement solutions for AWS. Ali Cloud, Baidu Cloud, etc.

It would just mean blocking a few more websites hosted on AWS and used by Chinese people, GitHub maybe? Then again, it is easy to build a GitHub clone within China with the decentralized (irony much?) git protocol.

We believe, as do many people as far as I have seen, that if a country like China could block the entire world of Internet, they would. Regardless: I consider it my mission to make them have to seriously consider doing just that, and if I read a news report saying "in a shocking turn of events, China has decided to cut off all access to the Western Internet in an attempt to shut down Orchid", I will consider myself to have won that round, not lost ;P.

> We believe, as do many people as far as I have seen, that if a country like China could block the entire world of Internet, they would.

I don't feel this is a correct belief. China is a secular nation state, not a religious cult. They don't block parts of internet out of ideology, but for political and economical reasons. Cutting off the Internet, even if within realm of possibility for them, doesn't make economical or political sense.

> I will consider myself to have won that round, not lost ;P.

If fame and victory are what your company is going after, instead of taking care of your potential users, then I am sorry that you won't have my support.

Btw, thank you for creating cydia if you were the author.

To "win" here means "win a battle on the road to an Internet free of surveillance". I (personally) firmly believe that if China were to do that, that the people would not stand for it; any form of "half solution" or "compromise position" where the Chinese govnerment can block just enough to remove access to material that bothers them while only minority inconveniencing users, is a world in which this form of freedom is actually less likely, as people are willing to tolerate a sad lot before try finally snap back :/.

It is also worth noting that if they went that far, at least some of the other Western countries that are currently willing to tolerate their seemingly-limited control over the Internet would no longer feel comfortable standing idly by and might have to start making resolutions against them. Again: forcing that chess move from them would, in my (personal) book, be a strong win in this fight.

FWIW, you seem to be taking a very short-term definition of "taking care of your potential users" that I have sometimes seen in attempts to make excuses for Apple over the past decade of my work on Cydia (such as when I have stated that one of my "win conditions" for Cydia Impactor is for Apple to remove entirely the Free Developer profile system), and I (personally: I do not speak for anyone else on my team when I say this) do not feel the loss of your support on this particular day (though maintain hope that in a few years you will thank us as you have now me for Cydia).

I think you might have misunderstood what I mean by "taking care of your potential users". It is not a short-term definition. On the contrary, I want a long-term solution, where users trust the platform that your company provides, trust that your company will be there for the users when Chinese government bans your software, instead of celebrating the ban as a success and call it a day (like what Google did).

To celebrate the banning of your platform would be what I call a short-term solution, because in the long run, it is merely a temporary attempt at solving the problem, that people will eventually forget when a long-term solution prevails. Chinese people, from all spectrum of political views alike, do not thank Google for exiting China, because it does not solve their problem. The act merely throws the problem into limbo state awaiting for other people to solve.

Also, I think you mixed up "support" and "gratitude". I thank you for creating Cydia as well as attempting to solve this problem with surveillance and censorship, as always. However, I disagree with your approach and therefore will not support this platform unless I can see that you have something bigger in mind beyond "celebrating being banned".

What you are asking for--somehow being immune to China deciding to ban the entire Internet--is an apology for China's behavior and fundamentally, plain and simple.

After all, what is the alternative? In the case of Google, the other option you seem to think is reasonable is for them to censor themselves... but that is a loss... that is in fact the primary loss condition.

That said, was Google leaving China the same kind of win for the Internet as what I am even talking about? No, because Google is but one company. My win condition is "China is forced to block some incredibly large percentage of the entire Western Internet", not "they block us" or "they block a few websites".

Google gave up long before I would say they won: their next step should have been to start doing exactly what we are now doing, shipping it as part of Google Chrome, and figuring out ways to distribute copies of the software in China.

There is a big difference between "celebrating being banned" and "celebrating your opponent being forced to make the difficult decision between salting their own earth to keep you from invading or accepting defeat".

This is all particularly the case given that my argument is rather consistent here that that won't happen: that China can't do that, as that is just too drastic of a move and it will cost them the support of businesses, citizens, and governments.

As for your final paragraph, every single decision made about Cydia was made within this moral framework... one which you do not support. You either should not be thanking me for what I did while working on it if you fundamentally refuse to support my methods and goals.

Honestly: it sounds like you would have preferred a world where I built a centralized Cydia and allowed Apple's censors access to the catalog... that completely misses the point of Cydia, so I don't know what you possibly wanted. With this attitude I not only don't feel the need to have you support Orchid, I would like to hand you back your false gratitude for Cydia :(.

So most people in China seem to have come to the conclusion that the status quo of having filtered access to the internet of the Western world is preferable to actively fighting the regime that implements these filters (which comes with significant risk, obviously). You want to try make this compromise impossible, so that these people, bereft of their preferred choice, "snap back" at their government. After all, this is obviously the better alternative to the decision those stupid obedient Chinese people made, and one that wouldn't even affect your personal well-being much apart from some potential economical turmoil.

I'm glad that it is ridiculously unlikely you "win".

The FAQ says

"Bandwidth contributors simply install Orchid and activate their Internet connected device as a node - either as a relay or proxy - and then they set permissions like sites they want to blacklist or whitelist, and they earn tokens into their Orchid wallet for sharing their bandwidth."

So hopefully the blacklisting will eliminate the problem of nasty content that plagues anonymous networks like Tor.

That is absolutely our intention! While users who run nodes can choose to forward content to anywhere on the Internet, we want to provide people a feeling of control over the usage of their bandwidth, as we believe that (along with being paid to forward traffic!) will increase the number of people who are willing to provide bandwidth to the service. Being able to say "I am only willing to help users get to Wikipedia, or the New York Times" is something that we think is very important to being able to have enough people using the service to provide the levels of security needed for everyone on the network.

> While users who run nodes can choose to forward content to anywhere on the Internet, we want to provide people a feeling of control ...

Are you concerned that,

1. If node operators have the power to control content, they will be held responsible for the content by authorities? For example, consider a node operator in mainland China who allows access to criticism of President Xi.

2. Unpopular content will be censored by node operators just like it is now by more centralized powers?

As these are more answers of opinion rather than factual questions about the network, I'm going to add a massive disclaimer here that "opinions may differ about what is or is not concerning".

1) No, because I would personally advise people in China do not whitelist sites whose purpose is to access such content. It is not even clear to me that people in China would want to run an exit node at all. There are billions of people in the world in countries other than China that can run exit nodes for that content so people in China will be able to access it without fear, and without anyone in China taking on that level of liability.

2) No, but with the great benefit that because everyone is using the same network, even if somehow (and I do not think this will be the case) there are only a small number of nodes willing to access that content (and one would expect that, in the eventual limit, this number should not be smaller than the number of Tor exit nodes that currently exist; though again: I think it will be much larger), then they will be cloaked within the content everyone else is accessing.

Essentially, it doesn't work to say "people who need access to a secure messaging service should use a secure protocol and everyone else can use Snapchat", and it also doesn't work to say "people who need to access criticism of President Xi can use Tor and everyone else can use the regular Internet". I want a billion people who are also doing things that would be considered insane on Tor--like browsing Netflix!--to be using this service, and to pull that off we need lots of exit nodes, which in turn means incentivized traffic and whitelists.

Put another way: I don't care if there are only 0.0001% of nodes that let you access criticism of President Xi if that is 0.0001% of some insanely large number and the result is "at least as many nodes as Tor", as that itself solves the #1 problem using Tor: that even accessing the Tor website already marks you as someone who is suspicious (as it is here in the United States and the surveillance programs we see).


Thanks, and thanks for taking the time to thoughtfully answer so many questions here.

There are only two options. One is all or nothing like tor: if you become a node you have to pass through everything. The other option is node operators can decide what they pass through.

With the tor model you get very few nodes, because most potential operators are afraid of being arrested and/or object to a lot of content. You don't get remotely as many nodes as you need to make the internet free and more safe.

With selection, you get many more nodes and, as saurik points out below, you still will have a few for material that some governments censor. So it seems to me a model with selection is the way to go.

For that purpose I would think optional whitelisting would make more sense. Instead of spyware lists you subscribe to in uBlock Origin, you would subscribe to a vetted, whitelist of known to be generally acceptable Orchid content.

Others might want to have empty filter list to be a complete transit/peer.

Therefore I don't think there's much room for users who want to blacklist but are not rather looking for a whitelist.

The blacklist will grow and grow, while the whitelist size will be pretty stable.

That said, I haven't used it, so the implemented blacklist approach might already support the above cases and be sufficient.

FWIW, as the person who has been doing the initial implementation, I can tell you that we currently only have a whitelist. I can appreciate why the person who was editing the FAQ for the website put in the world "blacklist" as it makes the sentence flow really well, but I agree with you about the issues (and there are also problems doing the distributed hashtable search to find nodes that don't have some property rather than ones that do have some property). I will poke about this to see if I can get it changed ASAP!

If you're only using a "stable whitelist" of websites on the internet then you're not the target audience

I know what you mean, but for this to be more widely used than Tor there is a need for me to know that nodes I operate only process stuff that won't be identified by 3rd party to sue me into a jail or financial ruin.

When I say whitelist, I do assume prefixes in the DHT (or whatever design they're using) can be used, as otherwise the whitelist may also grow too big to be practical. If however it will gain the concept of domains or such (which is also kinda a prefix), a whitelist will also be more practical.

Tor exit nodes are not operated by many in various places where they would/could because of concerns of the exit node addresses being enough to legally ruin operators' lives, even though technically it's a pure transit. Nobody sues the county because someone committed vehicular manslaughter on their public road. But because laws are skewed against the Internet right now, all someone needs is an exit node IP to make you regret.

If, and there's little to analyze/go by right now public, nodes and everyone is totally oblivious to what packets are transmitted; and if also the packets stored on nodes' disks are encrypted/sealed, then one could assume a filterless system to be practical.

This is all speculation, based on the little info there is. I really hope the team has come up with better designs that obliviate the concerns surrounding Tor, and ideally also not suffer from Freenet like slowness.

EDIT: Of course, once you have a filter, you will need to deal with the responsibility like Youtube does. If you do not know what's on disk or passing through, which is the ideal technically, then it would be best for the Internet and free communication. So, I'm not sure if a filter is a good idea, if that means you get subpoena'd and held liable for enabling one too many whitelist subscriptions.

I may be wrong, but my impression is they have more than one target audience. They want to hit the whole public, but also smaller groups who are having problems like government internet censorship.

That makes sense, the priority is whitelists, not blacklists.

How so? If it's under individual control, you'll just end up with sub-networks where people will agree to distribute that type of content.

You cannot pair anonymity and security with censorship. They are fundamentally incompatible. So either accept that nasty content will be out there, or acknowledge that you don't actually want perfect anonymity and security.

FWIW, if you look at Tor, Facebook now runs a hidden service that allows people to access Facebook's website. This is essentially the same thing as someone having provided a number of exit nodes that will only route to Facebook. The problem, though, is that this requires the client and maybe even the website to be modified to use the .onion URLs for all accesses back to the site (at least, any absolute URL on the site back to the site will cause a problem). I will personally contend that it is worth it to allow Facebook to do this, or to allow anyone to do this for any website, in order to get more people using the network for everything, as the more users you can get using the service to do normal traffic the more easily you can hide everyone.

This is particularly noticeable given that in some countries, such as the United States where I live, simply accessing the Tor website to download Tor will end up flagging you for further monitoring. If Tor had only as many users and exit nodes as it does right now, but additionally had, for example, a billion people in China accessing Wikipedia through exit nodes that refused to go anywhere but Wikipedia, that makes a world of difference. As it stands, people are actually actively discouraged and even shamed for using Tor to access random websites or ones that use a lot of bandwidth, as that means that they are using (or even "abusing") a limited amount of donated bandwidth that somehow needs to be reserved for those who "really need it" (and thereby, will be targeted just for that).


Thank you very much for taking time to thoroughly answer questions. that combined with whitepaper and faq has left a very good impression to me, both socially and technologically. Best of luck to your team!

The liquidity offered by the token model means that early VC/hedgefund backers often get heavily discounted tokens in the presale, and can then turn round a month or two later and dump a portion of their tokens on public investors for a sweet profit or to mitigate their own risk.

Polychain did this with 0x project: https://www.reddit.com/r/0xProject/comments/6w3zv0/0x_being_...

The effect was attenuated in this case by the success of the project, however in lower performing ICO's like Kik's Kin, where the market price is 50% of public sale price or less, big early investors dunking on public token sale participants feels pretty wrong.

In addition to this, VCs are also often playing a role in promoting public sales shortly after their own pre-sale investments, without disclosing their own discount or terms of obtaining tokens. Its kinda like telling people to buy a bunch of stock at $10 when you bought all yours last week for $5 and you're keen to dump a portion of them for $15.


It may be legal, you may think it's their right, and to be fair there is risk involved in being an early backer in a potentially failed project, however it is something to think about.

This is needed but there should be more insight into the current surveillance problem and how Orchid solves it. This seems to be focused on China.

Because surveillance is a potentially serious problem, it should not be used cynically to market some new product that just adds another layer but doesn't really solve the problem.

For the average person its not China or Russia but their own state that is a bigger problem as they have power over them and can interfere with activism, journalism, dissent etc. The intensive profiling by Google, Facebook and others is another problem.

Was the Internet designed to be anonymous? Governments control access and can stomp down at will. ISPs and telcos know who you are, server and vpn providers know who you are, Facebook and Google have a lot of data on you. Only the very committed and technically adept can perhaps attempt any sort of anonymity.

Something like Musk's satellites with some basic free access may perhaps be the first of many steps to some kind of anonymity.

There's a lot of projects that sound exactly like this. What they all have in common is that they all use an Ethereum (ERC20/22) token and all have very large amounts of money flowing into them, from private investors, companies, ICOs, etc.

It would be nice to see more projects take routes that projects like tor take, where the founders do not accept millions of dollars of money before they even have a working and complete protocol.

Ethereum has some amazing potential and technology behind it but I lost interest in this the second I saw they had already raised $5M and haven't even done their ICO yet. Their FAQ section seems woefully incomplete given this amount of money.

What's wrong with raising money? Is it more ethical to build systems while living of one's savings?

One of the reasons why there's is a lot of Ethereum-based projects currently raising a lot of money is because token-based systems avoid relying on the traditional financial system for payments and value transfers. If your app is using traditional payments it can be shut down by your payment provider.

Blockchain-based tokens allow users to be in control of their own funds and not have their payments tracked or tied to their identity. I'd say that's a pretty big win.

Moreover ERC20-based tokens allows for engineering of incentives in a way that is far more efficient than company shares. It can accelerate network effects in a way that was simply not possible before blockchain technology.

Raising money to fund work is not the issue in my view. But raising money from venture capital firms has implications that I find hard to reconcile with the stated goals of this particular project.

Venture capital funds many projects in the hope that a tiny share of them will pay for all the others and a profit on top of it. So for this project to meet the expectations of its owners it would have to be extremely lucrative way beyond funding the work put into it.

Is that really the right structure to fund a foundational protocol with non-commercial goals that are potentially in conflict with very powerful interests?

Even worse: VC still expect even the "failed" projects to maximize their return. They don't fund things pro bono, and they will force every project to make decisions that put investor returns before sanity and basic human decency.

Yes. But I think what we don't know is what the agreements really look like in this case. I don't know what a SAFT (Simple Agreement for Future Tokens) is. So maybe this investment is structured differently than regular venture capital deals.

That's fair, and as this is one of the first SAFTs (link below) sold to SV VCs, there's quite a bit of new ground in the thinking and incentives.

Basically, the deal is that our investors bought the right to future Orchid Tokens, which is a new token used for payments within the Orchid Network. Since it's a utility token it's value should be driven by the utility of the network - the size, health and of course user count of the network.

Since there is a huge market for VPNs which overlaps with the utility of Orchid in terms of enabling access where there is censorship, if Orchid can grab a small part of this market then the utility of the network would drive the price of the token.

Whether this is the right model remains to be seen, and like any project there could be a conflict of interest if investors push for features that are not aligned with the project vision.

The difference is that, unlike traditional startups that are in control of their IP and the deployment of their software, once the Orchid Network is deployed, no one controls it but the users who run nodes. They choose what software to run for their source, relay and exit nodes, and no one can force them to upgrade to some new version. This is similar to other decentralized networks such as Bitcoin and Ethereum.

In practice the developers and teams behind decentralized networks do hold some power of software upgrades from their reputation and control of github repos, etc. But if push comes to show and for example we try to add payment fees or adds or other types of monetization, then users are very likely to simply reject such upgrades or even outright fork client software (thus effectively forking the network once such clients are deployed).

It is my hope that this is a structure that allows for both raising money from VCs and still end up with a truly decentralized network. We'd love to get feedback on this and understand what we can do to ensure that the network remains controlled by it's users and not (too much) influenced by any specific group.


There's nothing wrong with raising money. One reason open source projects without large corporate sponsors haven't succeeded in attaining mass consumer adoption is that they haven't had effective compensation and incentivization mechanisms. With cryptocurrency/ERC20-based-tokens, now they do.

The best thing about the project is that the tokens will be valued by use from the beginning and not with an ICO.

Could you name the other projects that you think are better? Given the interest in this article I’m sure others would be interested as well.

The money raised is a total turnoff. How can this be an independent effort with all that big-name backing?

Since you brought up TOR and money, I would say one advantage this project has is that since payments are sent with packets, that will provide an stronger incentive for transmitters other than just for goodness of humanity.

This should be on the top. They did not even put a lot effort in their current presentation but already are millions "in dept".

As novel as the idea sounds, i doubt this is it this time but lets hope for the best.

Exactly. I ditched one of these save-the-world projects recently because they did little but talk about fundraising and how to distribute their buttload of tokens to each other.

I agree with your point . But there is a company out there called Althea-mesh,http://altheamesh.com. They have not raised a dime, however they have proof of concept products. Their next move is building commercial products.

Check out cjdns for a less stupid, less blockchain BS take on fixing the internet.


One question I still haven't found answer to: what's with the name? What does it mean / why is it the way it is?

Should it be read as CJ DNS, i.e. something to do with DNS? Or CJD (author's initials) NS (??? again, name server?)? C (?) J (JavaScript/Node) DNS?

Related, what the hell it is, actually? You say in other comment that it's a mesh network, they say it's a network, but I see a program to install. How a program is a network? What does it do?

Tor is a network, and yet you have to install a program to connect to it. You can think of the cjdns program like a driver that allows you to connect to a cjdns network.

To answer your question on what it does : cjdns is a routing protocol that intends to replace the current IP protocol. Like the standard IP protocol, it needs a way to communicate with another node to function (the default gateway). From there, you can communicate with the rest of the network. Your packets will go to the default gateway, who will then redirect it to the "closest node" recursively, until it reaches its destination.

You can setup cjdns over the current internet (essentially making cjdns an "overlay network" like tor) using UDP, or through an ethernet link.[1]

CJDNS indeed works in a mesh : anyone can route other people's traffic, somewhat similarely to tor. The only difference is that you need to manually configure your "Entry Node" (to lift tor terms). See [0] for the reasoning.

About the name, the creator is Caleb James DeLisle, so I guess CJDNS stands for Caleb James DeLisle's NameServer ? Doesn't really make much sense but I don't see how bad a thing it is.

[0]: https://github.com/cjdelisle/cjdns#2-find-a-friend [1]: https://github.com/cjdelisle/cjdns/blob/master/doc/configure...

Caleb James Delisle's Networking Suite

"One question I still haven't found the answer to: what's with the name?"

"Where did the name cjdns come from?

Cjdns was based on a codebase which was originally intended to handle name resolution (DNS) and so it was a combination of 'cjd' and 'dns'. The project changed direction early on and currently is still lacking DNS resolution but the name stuck. Make up your own acronym for it if you like."

Source: https://github.com/SlashRoot/cjdns

What is it? The author has said it is meant to be a single binary: a router. The router accepts "customized" IPv6 addresses, e.g., each address contains a public key fingerprint. The packets are also custom, each containing a full route to the destination, which might be reminiscent of the bang path in UUCP. The nodejs stuff is just a prototype method of getting data from the router.

I remember watching a video of him explaining this at a cafe a number of years ago. Not sure if that was the first "public announcement". In that video he mentions a concern over censorship via DNS. And then he states that at a certain point he realized routing was easier to do than DNS.


He uses NaCl. As for the name "cjdns" and why he started out experimenting with DNS, my guess was always that the original experimentation he did with NaCl was probably related to encrypting and forwarding DNS packets (or perhaps custom "name system" packets), since encrypting DNS packets was the "PoC" for NaCl.

Lead author is CJD. cjdns == cjd network suite

Is cjdns more of same address-centric hosting? If y, would not NDN content-addressing be the more smarter internet fix?

http://youtu.be/opKJsVTcofg#t=164 Ask the network for what you want. Not say 'who' you wanna talk to, but say 'what' you want.

Smarter for what exactly? content-addressing is great if what you are looking for is pieces of content, it's not if you want to talk to services.


Here's the tl;dr: a practical encrypted mesh network that can work over the traditional internet protocol (IP) or over real-world links and radio antennas.

Since the parent was deleted and I couldn't comment by the time I finished typing, here's the non-tl;dr:

The main advantage is non-hierarchical routing. Your ip address is in fact the fingerprint of your public key, which is used to encrypt all traffic.

Because of this the address allocation works a lot different and there's no need for a central authority. The lack of a central authority is usually a problem if you ever tried to merge two large internal networks you might have run into the issue that both networks have used for something. This isn't possible in cjdns because you can just generate as many key pairs as you want, which would map to one out of 2^120 possible addresses which are very unlikely to collide. Merging two networks is just a matter of configuring one or more peers and the networks are able to see each other (this is so easy, it might happen by accident).

The main difference to other projects is that you don't need to write code to support it. If your application supports unicast ipv6, your application is able to run on top of cjdns.

That sounds like a good way to get very inefficient routing.

Supposed I have keypair A at a friend and keypair B for me, how is cjdns going to find the fastest route between me and my friend?

Tbh, this doesn't look like something that could scale to Tbps Bandwidths... It seems a lot of processing is required to properly route the packet to the next hop and that happens independently of whether the next hop is even remotely an ideal one.

Atleast, as far as I can tell from this page.

There are some issues with cjdns with pure DHT on small footprint devices with poor connectivity. The author is hence currently introducing experimental supernodes, which are stable fat nodes with large memory which can build routes quickly.

Two questions about mesh networks:

1. at some point there will be an expensive hop across the ocean, or between cities, that will likely only be built once, then shared. Won't whoever owns that hop have similar centralized control of any non-local traffic, similar to an isp?

2. how meshy should mesh networks be? On one extreme, every computer can be directly connected to every other computer in the world. On the other, every computer can be connected to just one neighbor, and requests are routed through many hops. What is the prevailing wisdom on the optimal amount of peers nodes should have on average in a mesh network?

While the project is interesting, what is up with running it off nodejs!?

What? It's written in C.

The build system is written in nodejs -- it turned out way faster than both CMake and classic Makefiles.

Projects like bitcoinereum will try to make ICOs more reasonable. You don't preprogram how much the founders get. It's less susceptible to abuse. It's the bitcoin blockchain implemented on ethereum and lets anyone mine by competing with transactions.

So the business plan is to become the oligarchs of the new network?

Hopefully not! Ideally token allocations are fair and do not skew ownership towards any individual or entity while still providing good incentives (we're still working on figuring out what good allocations look like)

Are there any public details on the Simple Agreement for Future Tokens?

Sorry for nagging, but I'm one of those skeptical of greedy people acting maximally greedy saving the world as a process waste.

Edit: typo

The main reason there's currently not more details around the SAFT and the token model/allocations is that it would distract from the overall project and tech, given the current hype of blockchains and tokens.

There's certainly economic incentives for all participants, and what I find interesting is that since we're open sourcing all the code, anyone can easily deploy another network with a different token (model).

This puts pressure on us to propose fair token model/allocations else we risk disruption by forks or simply new Orchid networks.

Regarding the alternative approaches section (which I'm assuming when complete will include an actual comparison to these alternative approaches?), another alternative approach you might want to mention is that improved mixnet approach that people were talking about last year, that once set up is supposed to be faster than Tor, or maybe mixnets in general since they seem to have a long history.

Edit: Riffle, that's what it was called: https://en.wikipedia.org/wiki/Riffle_(anonymity_network)

This is a funded startup.

How do they intend to make money?

Sustainability isn't even the greatest concern: where there are customers (people who pay for access to the network) there is a database of customers (in order to allow authentication) that has to be kept out of the grasp of government agencies.

Actually, that's the great part about what we are doing: it is all built on Ethereum, so there is no centralized database, and the users are generally pseudonymous! OK, you might then say "isn't that just a decentralized database?", but in addition to a form of "probabilistic micropayments" that ends up shrouding most of the participants, we are also working on integrating other techniques to make the payments fully anonymous (and have brought on a team of advisors which includes a professor of cryptography who specializes in this area).


Not exactly, though I can appreciate why it might seem like that at first glance; we are selling a "utility token". This distinction is interesting and important as we are not selling a token to raise money to do development, instead having taken on seed investors to help us get the right team of developers and advisors to do this initial build out. The sale of tokens will be made after we have this network fully working and launched, meaning that we are really targeting a group of people you might call "customers" who will buy bandwidth tokens (as opposed to "investors", which is the target market of an ICO).

“This distinction is interesting and important...”

...and will be at the eventual inquest I’m sure.


What's the weakest point in the design so far?

The answer you aren't looking for is probably something like "traffic cloaking" or "connection bootstrap", but my personal answer to that question is "so you sit down at a computer and download our software. you have a wallet full of cash and credit cards... now what?".

Is there any thought given to the response to a node operator who is detected/proven to be operating the node for surveillance or compromise? What would the response be? Will tokens not be sold to such a node operator?

The goal of our network is to make it so that the network is protected as much as possible from users running compromised nodes. If you are a single node, you should not be able to do anything against the network. As the number of nodes you are in the system increases, the probability you will be able to pull of various forms of attacks against users of the network also increases. We are working on documenting these security tradeoffs in detail in our whitepaper (and any attempt I make to describe them here will be less accurate and thereby dangerous ;P).

However, it is worth noting at a super-super high level that we are hoping to get a large number of nodes running the network and we have parts of our system that involve proof of work in a way similar to a cryptocurrency blockchain like Bitcoin. If a node in the Bitcoin network is operating for the purpose of compromise, it need not be banned from mining blocks: the network is designed in a way to make it so that such a node would not be able to pull off the kinds of attacks that people care about unless it owns a significant percentage of the resources being applied to securing the network. Our network has similar properties.

"We are working on documenting these security tradeoffs in detail in our whitepaper (and any attempt I make to describe them here will be less accurate and thereby dangerous ;P)."

Maybe a whitelist of nodes themselves? (mostly in jest there)

I suppose an agency with funding who can endlessly sockpuppet could gain a substantial portion of network nodes, but if they're unable to censor more than per-random-packet, a surveillance goal seems more likely. While this may not meet conventional definition of 'censorship', I wonder of the chilling effect. I suppose any such move toward a censorship-free network should expect surveillance. c'est la vie.

Thank you for taking time to answer my question.

This sounds like a great project. I have some thoughts on how to communicate about it when it is ready to go.

With the general public, you might start with some things they are unhappy about with the present internet, and for each of them explain how things would be better for them if they used Orchid.

For the more techy minded, you could do a list of similar things like tor or IPFS, and for each of them explain how Orchid is similar or different, and what are your reasons for deciding to make it that way.

A further thought. You should focus on comparing it with Tor, like maybe making it the first one to compare with, since it is both similar and well-known. And then maybe add on other ones.

Another thought: compare early on with Ethereum and IPFS. Yeah, they are really different things, but as soon as you say web decentralization, people who are not techies but read about such things will think of them, so you need to explain early on how this is different so they get pointed in the right direction.

Ok, I wasted a few hours reading the whitepaper. It was just as idiotic as you'd expect. Here are a few notes:

It seems like this takes Bitcoin and Ethereum electrical power waste to a whole new level

  To produce a medallion, a peer takes a public
  key K , and the most recent Ethereum block hash
  E , then (iteratively or in parallel) locates a
  salt S such that H ( K, E, S ) ≥ N ,  where N
  is some difficulty scaling factor.
And with all that "an anonymous" network does not provide payment anonymity (while amount paid correlated with amount of data sent). So this will disclose how much data each user put into the network. This is valuable if you can observe large amounts of data out of the exit nodes (like a government-scale actor might). This might even allow correlation between data and users.

  We will argue that The Orchid Payments
  (section 7.12) fulfill all but the
  anonymity requirement.
Yup... not anonymous at all...

  The pseudo-anonymity of Orchid payments
  is equivalent to what can be achieved in
  regular Ethereum transactions

But it gets better. While you can use anyone as a relay, you PREPAY them before they do any work for you. This is claimed to solve the problem of nonpayment, but nobody mentions the opposite problem: I take your money and do no work for you. The money cannot be taken back - I own it now. cool.

  If there is some setup cost to Alice and
  Bob’s relationship ( S Alice , S Bob s.t.
  S Alice > xy, S Bob > xy ), the answer is
And for fun, it also messes with SSL. Allegedly only "for good", but who'll notice when this changes?

  (see the entire section 10 in whitepaper)
And then there is the completely not scalable method to prove you will route as required by the network. For that you need to literally get EVERY node on the network to sign off on the fact that you can route to them. So the size of this proof, its computational cost, and the time to complete it will grow as the network does. Total work done just to provide for network joining grows as N^2. Oh, and god help you in case of temporary partitions (like has happened in the internet a number of times when various underwater cables were cut). For extra fun, nobody mandates you actually do route anything. Only that you prove you can. I see nothing in there that prevents packets from being purposefully dropped after collecting payment for "forwarding" them.

  (see whitepaper section 11.5)
Oh, and if you thought this will provide INTERNET access, you are mistaken. Apparently HTTP w/ DNS only. As per whitepaper, exit nodes can filter based on domain. I am not even going to mention that running an exit node without a whitelist is idiotic (one user downloads CP, you go to jail). So everyone must have a whitelist? And just how big do you figure a typical "whitelist" of safe domains is? 100GB, 1000GB? Good thing you need to send it as a reply to Get Offers request.

  (see whitepaper section 11.9)
Blocking this is easy (as the whitepaper concedes) by DPI and blocking Ethereum. Whitepaper claims "this will be solved later" but offers not even a handwavy explanation of how this will happen while remaining compatible with mainline Ethereum clients...

  (see whitepaper sections 12.3 & 15.3)
Of course, besides handwaving on "it will totally be ok"(tm), there are no real world performance numbers.

  (see whitepaper section 13.3)

But funny most of all, these guys didn't address the simplest attack of all. Pretend to be an exit node, /dev/null the traffic, pocket the payment.

My guess: the scheme is simply to raise an ICO and laugh their way to the bank. (as always)

(Note I'm David Salamon, one of the white paper authors.)

I agree with your payment analysis. As you point out, we explicitly disclose that payments need modification before they will be at the level of anonymity required for Orchid. Anonymous payments for the Ethereum platform are being worked on right now by very talented teams. As we don't believe we have anything substantial to add to that conversation, we are deferring to them, and will simply audit and adopt the methods they design as soon as doing so is feasible.

> And for fun, it also messes with SSL. Allegedly only "for good", but who'll notice when this changes?

This is a fully general argument. Even if we didn't check the validity of certificates (which many phone apps don't do but should, hence our adding the feature), couldn't you still claim we might act maliciously in the future without anyone noticing?

(As you don't point out, our software will be AGPL3 licensed / open source. If one person notices and says something, everyone will notice. This is the logic behind trusting Linux, OpenSSL, Tor, etc... Are you aware of a better solution? I'm skeptical one exists.)

> Total work done just to provide for network joining grows as N^2

No, connection proofs are O(routing_table_size * per_element_proof_length). Routing table size is O(log(n)) and per-element proof length is the routing tables of the point-to-point route taken O(log(n)^2), so the proof is O(log(n)^3) -- likely much less in practice, as the successor and predecessor nodes are very likely to share every connection that the joining node needs to make.

This is good feedback, we should explicitly do that calculation in the whitepaper, added to the TODO list. Thanks!

> Blocking this is easy (as the whitepaper concedes) by DPI and blocking Ethereum. Whitepaper claims "this will be solved later" but offers not even a handwavy explanation of ohw this will happen while remaining compatible with mainline Ethereum clients...

The data which needs to be received is already defined by Ethereum's gossip protocol, so in theory adding Ethereum proxy support would be trivial. (Just proxy Ethereum traffic the same as any other traffic.)

We have not specified that, however, because we are worried about the possibility of a malicious proxy hiding some transactions from a customer. Once we feel like we have a good handle on how to analyze these kinds of attacks, and have a solution which mitigates them, we will add a solution to the whitepaper. This is somewhat outside our core product, and so has suffered a bit of neglect. It might be as simple as just receiving gossip from multiple independently chosen Relays, but I'd like to be more sure before making that the official method.

> Of course, besides handwaving on "it will totally be ok"(tm), there are no real world performance numbers.

We felt that publishing real-world performance numbers would be best left until after there was a real-world system.

> But funny most of all, these guys didn't address the simplest attack of all. Pretend to be an exit node, /dev/null the traffic, pocket the payment.

We do in a way. If a proxy behaves this way, Chrome disconnects, resulting in the attacker not being paid beyond a couple of kilobytes. This is not profitable, but still annoying. So the attacker causes a widespread nuisance, spends most of their time waiting for new customers, and suffers the loss of their CPU to proof-of-work. It's not profitable, but I expect some users will still do it for the lulz.

> My guess: the scheme is simply to raise an ICO and laugh their way to the bank. (as always)

(Note I'm not a cofounder)

I joined in spite of not being able to negotiate myself to anywhere near cofounder levels of token ownership -- I would probably have made more by accepting a different job doing mobile A/B testing software company.

I do think some of the cofounders are very much in this for the money, but I also think every single person on this team hates what's happening on the web with respect to privacy and censorship. If that changes, I'll probably end up leaving and working on this separate from them. (Well, or demanding more money?)

So basically: if I don't quit you can conclude they've either paid me to keep quiet, or I still like them. Best I've got for you.

> Ok, I wasted a few hours reading the whitepaper. It was just as idiotic as you'd expect. Here are a few notes:

Thank you very much for your feedback, sorry you felt it wasn't worth the time. Maybe next draft? :p

> Maybe next draft? :p

Looking forward to it :)

Also, what about the other half of my points? ;)

> Also, what about the other half of my points? ;)

Oh, sure, sorry about that. Did you edit the post I replied to? It looks like I only missed two points:

> But it gets better. While you can use anyone as a relay, you PREPAY them before they do any work for you. This is claimed to solve the problem of nonpayment, but nobody mentions the opposite problem: I take your money and do no work for you. The money cannot be taken back - I own it now. cool.

Relays are sitting there burning their CPU while they wait for a customer to show up. This is a continual cost, which makes Relay/Proxy operation unprofitable unless they receive a steady stream of transactions. If they "take the money and run" they only pocket the initial payment, maybe as much as a couple kilobytes of bandwidth in tokens. If they "take the money and stay" they get a stream of payments from the customer. Therefore it's economically irrational for them to run -- the PoW's cost makes them boundedly trustworthy if they are economically rational.

(I sort of covered this in the /dev/null attack you proposed, as it's the same case except /dev/null has the attacker also uploading a bit of useless traffic. I should have been more explicit.)

> Oh, and if you thought this will provide INTERNET access, you are mistaken. Apparently HTTP w/ DNS only. As per whitepaper, exit nodes can filter based on domain. I am not even going to mention that running an exit node without a whitelist is idiotic (one user downloads CP, you go to jail). So everyone must have a whitelist? And just how big do you figure a typical "whitelist" of safe domains is? 100GB, 1000GB? Good thing you need to send it as a reply to Get Offers request.

Lol, yeah. Whitelists are dumb, but (as we seem to agree) not having them is dumber. I agree with your analysis. If they do become 100GB, etc we'll add queries to mitigate the size issue ("hey, do you support xyz.com?"), or any of the other relatively well studied solutions here (have I finally found a use for bloom filters? Unlikely.)

More broadly on the whitelist issue, my hope is that paying Proxies will result in actual "Orchid Proxy ISPs" springing up, which will have empty whitelists, actual legal protection as ISPs, etc. That's the beauty of real money being involved. Whitelists are there as a stop-gap while the market is being built.

Why promote it now when you have nothing to release? Without any actual software to use and test, this just comes across as the usual overhyped ICO vaporware.

How is this different from Freenet or Tor?

(edit: When I wrote this answer, the person I was responding to had not yet added "or Tor".)

Freenet builds its own domain of content where people post websites that are hosted in a distributed fashion by the platform. What we are working on with this initial implementation is a fully-decentralized tunneling service to access existing content posted on the internet (so if you were to compare it to an existing technology, you might look at Tor, or the "out-proxies" from I2P).

So what are the benefits over Tor?

It seems intended to be more anonymous and decentralized than Tor, and safer thanks to the strength of numbers, but their whitepaper is diseharteningly incomplete and disingenuous, particularly about problems that are shared with Tor.

For example:

"The distribution of Entry Nodes is a difficult topic. If oppressive governments are able to access this list, they will block user’s abilities to access the list."

Or simply, you know, go after whoever runs entry nodes. Or run their own entry nodes and, even if they can't compromise the network, trace the evil cypherpunks who want to use encryption.

Unfortunately, some practical and political problems cannot be solved with improved cryptography.

Certainly incomplete as it is still a draft, though I'd contest "dishearteningly". Also, why do you find it disingenuous? We're not shying away from what entry nodes and bootstrap of user clients is one of the hardest problems to solve.

There are a number of differences (which one might say would take an entire whitepaper to describe ;P), but as one high-level and in my mind very interesting example, Tor actually is a centralized service where nine directory servers are able to decide the state of the network; we are accepting nothing less than a fully-decentralized system.

Is this a darknet or a way of accessing the clearnet or both?

Given your question's wording the answer is, at this time and as currently described, "a way of accessing the clearnet", with no already-existing features for hidden services.

That sounds like you are thinking of maybe adding hidden services in the future, am I reading you correctly?

There is active discussion of this, which means I am not prepared to say it won't happen or that it can't happen, but I am also not prepared to guarantee it will happen (as then you will ask when ;P).

But given that it is open source, if you decide not to, someone else still could.

Differences from Tor include, from what I understand, it is fully decentralized, there are tokens to incentivize people to run nodes, and node operators can choose to use a whitelist.

Also, at least for now, it is not a darknet, it is only for connecting the clearnet.

How is the route decided? If it uses a centralized server for that, then wouldn't it be easy to block that.

We definitely do not have any centralized servers. The currently-specified mechanism to determine routes is that they are decided by connecting to a distributed peer-to-peer network that is modeled in many ways after a distributed hash table, at which point you do lookups of random keys in the hash space, which results in a randomized scalable lookup. There are mechanisms in play (and which I assume are already described in our in-progress whitepaper) to protect against eclipse attacks, sybil attacks, and some other miscellaneous attacks on the routing infrastructure. That said, this is also some ongoing work, and we are actively engaging with and being reviewed by people both in academia and in the field with respect to our techniques.

This sounds like a good idea. One problem with things like tor and i2p is you want to have tons of traffic so as to hide things from the various spies, but it is hard to get enough people to support nodes. Add a token and perhaps that problem will be solved.

A token seems to solve the supply side (relay and exit nodes) but what about the demand side? Why would anyone who doesn't care about subverting censorship or surveillance pay for this?

Because people currently pay for VPNs, and Orchid effectively provides some of the features of VPNs, with the added benefit that there is no central VPN provider who logs your (meta) data and sells it for profit.

And as Orchid is a P2P market place with no middlemen or fees, it should find a market equilibrium that is more efficient than VPNs, with a lower price per data relayed.

>people currently pay for VPNs, and Orchid effectively provides some of the features of VPNs, with the added benefit that there is no central VPN provider who logs your (meta) data and sells it for profit.

When you roll Orchid for use, I think this should be stated prominently on the web page as a way of selling it. Something like "If you are like millions of people, you use a vpn. But vpns have some problems" and so on.

Does Orchid somehow prevent malicious exit nodes from inspecting/manipulating traffic? (requiring traffic be encrypted?)

I'd consider that to be worse than the risk of a semi-trustworthy VPN provider keeping logs, depending on your threat model.

It seems like it's like Tor, except instead of just paying my ISP, I also now get to pay more money to use this new POC protocol with a subset of Tor's features. Am I missing something?

In 5 years, how might this be changing our lives? What will I think of when I look back and think "I'm so happy that they created Orchid"?

When are they doing ICO!?

What would convince my mom to use this though?

So, I don't know your mother, and can't say what kind of extreme technical needs she might have as part of her lifestyle or job; but, I guess I will presume you asked this question from the depressingly stereotypical perspective of "assuming peoples' mothers are not very technically skilled as they are older women, how would a mother use it" and answer your question anyway :(.

So, she might not use the first version, and if she does it might be installed or otherwise set up by you (so this hinges a lot on how much she trusts you ;P) or another friend of hers. However, we are building a simple user interface to make the experience of using it friendly and pleasant, and I guess it is worth adding that we also chose a name that we hope does not turn non-technical users away ;P.

So the reasons she might use it are:

* you install it on her computer

* it has a simple user interface

* it has a non-technical sounding name

Is that correct?

What if you reinterpret "my mother" to be "average internet user, in a country with average internet freedoms, who doesn't read HN etc"?

You could make that same argument about VPNs in general, which happens to be a 25-30 billion dollar industry. While I may or may not have reasons why a random "average" person might use this service, I find the question confusing... is the product not capable of being a success if people exist who don't want to use the service?

This kind of question always comes up for just about every service ever developed, and as the discussion continues the goalposts tend to shift and the user gets less and less sophisticated and more and more stubborn until at some point you demonstrate a user exists for which I can't prove they want it, and then victory is somehow declared. It is a sport I don't see much interest in playing.

To flip the question: we are providing a replacement for a service that already exists which is used by people worldwide and makes up a sizable market; our replacement is more secure and likely to cost less. Given that beachhead, you can now ask "who else would want to use this service if only it were cheaper and more secure?", and have a really fun brainstorming session.

If the answer is "the same reasons someone might use a VPN or Tor" that's fair enough, and a much better answer than "you install it on her computer".

(Though there are a variety of use-cases for VPNs and I doubt Orchid addresses most of that $25-30B market)

I'll bite: such users are more likely to want to run an Orchid relay or exit node, with default settings, than actually use Orchid to access the Internet (source node).

Internet users who may be less technical and may not care about surveillance or Internet freedom would still be interested when they hear "hey if you install this app you get a few $ (worth of tokens) per month just for sharing your bandwidth"

Ok, so we have two groups of people who could do it

People who are concerned about surveillance or internet freedom. The latter includes people who are in a country that is censoring the internet.

People who want to earn a little money.

That's good. The more different types of people who are motivated to adopt something, the more widely it will be adopted.

Can I set up a relay node now?

Sorry, but we have not yet finished writing the code for this (let's just say it: "my fault" ;P). Even I am currently unable to start and integrate a new relay into a running network; this should be fixed in the near future and we will have all of our code available as open source under the AGPL3 license, and will be working hard to build up an inclusive community around the project.

Who is this being built for?

Anyone who wants to access the Internet without being surveilled or censored, and for anyone who wants to earn tokens by offering their bandwidth for relaying such traffic.

It's Tor but with a worse website and more decentralised?

I think the website could be better if it said right at the top what it actually does and what it offers over competing services.

Are you talking about https://www.torproject.org? We have different standards for websites it seems. That looks like it jumped out of the mid 90s to me.

Tor’s website actually tells you what it does.

And the design is nothing to scoff at. It’s not hip, but it’s functional and readable.

brings over the point tho, which the above one doesnt

(Otherwise i fully agree, but the orchid one also looks like a badly implemented modern default theme)

Hey man, Tor has been up for over a decade, but this isn't even in beta.

buzzwords I see. what does it do?

From the FAQ:

The Orchid protocol uses an overlay network built upon the existing Internet, which is driven by a peer-to-peer tokenized bandwidth exchange.

The orchid protocol is an open-source overlay network that runs on top of the Internet. Its fully decentralized, because rather than traffic being routed through central authorities—your ISP or your VPN—it’s instead routed randomly through a network of bandwidth contributors who sign up to share their surplus bandwidth and activate their Internet-connected device as a “node.”

Users that want to access an uncensored Internet (bandwidth consumers) pay the bandwidth contributors in Orchid tokens through a peer-to-peer exchange. Because neither the traffic nor the payments can be monitored by central authorities, both contributors and consumers of bandwidth enjoy a fully anonymous, surveillance-free experience.

Also of note:

Who are the founders?

Stephen Bell: Steve started companies in Europe, the U.S., and China before founding Trilogy VC China, where he spent 10 years backing Chinese seed stage startups.

Brian J. Fox: Brian is an entrepreneur and open-source advocate, the first employee of the Free Software Foundation, and the author of the GNU Bash shell.

Jay Freeman: Jay is a software engineer and the developer of the Cydia software distribution platform used on millions of jailbroken iOS devices.

Gustav Simonsson: Gustav is an engineer and developer who helped launch Ethereum in 2015, working with core protocols, clients, and security auditing.

Dr. Steven Waterhouse: Steven is an experienced investor and entrepreneur, having co-founded RPX Corp, led cryptocurrency projects at Fortress and Pantera Capital, and the Honeycomb product at Sun Microsystems.

[Edit] I _think_ they are trying to create something like Etherium but for decentralized internet.

Like Tor, but with capitalism.

Financial incentive for running relays.

As soon as I see "Ethereum" I stop reading.

Could you please not post unsubstantive comments here?

I didn't see that comment as unsubstantive. Although it was definitely brief, it was potent enough to prompt me to respond in a more drawn out way. Part of the reason I love to read hacker news is to get a read on peoples basic sentiments about tech.

Call me zealous, but I'm the same way. I'm wary of the potential for monetary incentives to skew actual demand. I've seen how digital advertising has more or less destroyed much of the internet. Hopefully decentralization will prevent monopolies or oligopolies from forming, but I'm not so sure about that.

At this point, it's hard to say what actual distributions of wealth might look like if people start using cryptocurrencies in their daily lives, for example to route traffic over a network. But at the moment, the distributions of wealth are quite nuts. But if there is an overall "unfair" atmosphere in the crypto-economy, it's could make depending on this system of routing kinda suck in the long term, especially if peoples actual livelihoods are under the pressure of massive ad gaps. People "sell out" when they're perceiving some stress.

If we go 'all-in' on this kind of system, it might actually end up creating the same kinds of de-facto power imbalances we see today with conventional social media.

I'm not anti-cryptocurrency either. I actually own a little bit of cryptocurrency. I'm curious about its potential to dissolve existing dominance relationships non-violently. That said, I don't see it as an end. Moreso, I see it as a potential conduit of healthy, non-violent economic chaos.

I also recognize that this strange new alien could be "out of the frying pan and into the fire".

The main design goal of cryptocurrency protocols and the like is immutability, so that the protocol operates according to formal specs and not according to the whims of economic stakeholders.

This is why the Finnish central bank's paper on Bitcoin called it a 'monopoly without a monopolist'.

I think the immutability of these kinds of protocols is certainly an improvement over the total control that economic stakeholders have in a centralized server-client architecture, with respect to power distribution.

I read your comment and I picture a sort of information balkanization via endless whack-a-mole of privacy tech and organizational surveillance.

It may just be how it will ever be.

Information is the real resource.

Why? Do you understand Ethereum? I'd like to understand it better

At this point it is either a magic buzzword to get investors throwing money at you or actually a smart thought of putting cryptographical proof into something. Usually its the first tho.

I saw this, realized I had never heard of it, and knew right away it had to be a blockchain. It all falls into place. Moving on.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact