This is an opinion editorial from Moustafa Amin, technology leader with more than 20 years of professional experience in large organizations, service providers and telephone companies.
Bitcoin is undoubtedly the newest form of money in the world. Governed by no central authority and controlled by no one, it represents the financial bailout the world is looking for. In my opinion, the freedom of Bitcoin can be extended to escape the spies who work tirelessly day and night to intercept, monitor, or even control our online activities.
traditional VPN
Today, if two endpoints want to talk privately with each other, they typically must do so through a trusted third-party intermediary. As an example, consider what happens if two endpoints want to set up a virtual private network (VPN) tunnel between them to have a private conversation over the public Internet. They must first be able to get to know each other. This is the discovery part.
If the two endpoints can find each other somehow, they still may not be able to communicate directly, for example if they have private IP addresses or are hidden behind routers or broadband gateways. This is the data communication part.
Also, if more than one device wants to share the same VPN channel to communicate with each other, then additional information must be exchanged between all VPN points.
The first two parts of this process involve the use of a third party to facilitate discovery and communication. For example, the two endpoints must purchase a service from a VPN service provider and specify that they want to communicate. The service provider acts as a trusted intermediary for the two parties.
challenges
This third party must not only be trustworthy, but it must also be trustworthy. If it is compromised, then the privacy is gone. You also have to always be online. If this third party were to close, the two ends cannot communicate with each other.
A pressing problem that is present in this centralized VPN model is the need to propagate a shared key to the communicating entities that they use to encrypt and decrypt traffic between them. This key exchange usually happens over a separate channel: an out-of-band channel (think: email, phone, text message, etc.). This apparently lacks the desired privacy that prohibits eavesdropping or illegal interception of the shared key.
Also, it is not uncommon in some countries to restrict known VPN ports. It happened to me when I opted for a yearly subscription to a well-known VPN service. I found that my VPN client was unable to connect to any VPN server in the whole world. I opened a case with the provider and luckily they understood the situation and refunded my money.
Also, some banks or other traditional financial systems (credit cards or payment processors) may deny or restrict payments if one attempts to subscribe to known global VPN services.
Now, the question is: How do we allow two or more entities to communicate with each other without the use of third-party intermediaries, thus avoiding all these problems? To answer this, I am happy to introduce Bitcoin VPN.
What is Bitcoin VPN and how does it work?
Bitcoin VPN is a solution that leverages the Bitcoin Network (Layer 1) or Lightning Network (Layer 2) to allow two or more parties to discover each other and communicate privately over the public Internet.
As with traditional VPN, a Bitcoin VPN client needs to access the web portal of their desired VPN service. This customer could be a telecommuter who needs to stay connected and access their corporate headquarters, or a normal VPN user who wants to access the Internet from another location to bypass some content restriction, for example.
When they opt for the VPN service, the customer will be presented with a Lightning bill or simply a wallet address along with an equivalent transaction amount that needs to be sent. In the case of a telecommuter, the amount of the transaction must be minimal (no company would bill its employees for connecting to its network). For a regular VPN service, the transaction could be an hourly bill.
In all cases, the client sends the transaction to the presented Bitcoin address.
Once received, the VPN server responds by returning a transaction to the client and passes the server’s public key as clear text embedded in the transaction metadata.
Since everything is publicly stored on the Bitcoin ledger and to prevent eavesdropping, the client encrypts the following data using the received server public key:
- Public IP address of the client.
- Client’s public key.
- Other options that would be required for the VPN connection (port number, etc.).
The client sends another transaction to the server, embedding the encrypted message from the previous step in the transaction metadata.
The server decrypts the encrypted message using your private key.
Equipped with all the information required for the VPN, the server then establishes the required VPN tunnel for the client (public IP address: port number) and pairs using the client’s public key for VPN encryption. Note how this differs from a traditional VPN where the client is usually the initiator of the tunnel.
Three-way handshake and VPN tunnel establishment (Graphic/Mustafa Amin)
For anyone who would argue that the same could be achieved with other cryptocurrencies, my goal with Bitcoin VPN is to avoid the centralized nature and subsequent challenges of traditional VPNs by leveraging the most decentralized and real ledger in existence (Bitcoin). Simply set aside your desire to control and/or make money by uselessly injecting your inferior altcoin of choice into the conversation.
Finally, it is evident that Bitcoin, with its unique decentralized architecture, offers limitless opportunities in addition to its apparent financial capabilities.
This is a guest post by Moustafa Amin. The opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc. or Bitcoin Magazine.
.
