8.5 KiB
+++ title = "Orchid - Decentralized VPN" date = 2020-08-27 draft = true tags = ["security","tools","vpn","privacy"] archive = ["bla"] series = ["misc stuff"] featuredImage = "/img/orchid/orchid.gif" +++
Privacy in today's internet
Let's not fool ourselves. The days when the internet was a free place are long gone. The many supposedly free services of the Web 2.0 era cost us our privacy and are financed by our data and online habits. I don't want to complain here now. Germany is definitely not the worst choice when it comes to protecting personal data. After all, the EU is trying to limit the collecting mania of various large corporations.
For a long time I didn't think about that. True to the motto "I have nothing to hide anyway." I didn't think too much about what would happen to my data. Unfortunately, in the last few years it has gotten a lot worse and has taken on creepy proportions. Advertising is ubiquitous. In the past I always liked to see advertising and always found it great to be pointed out to one or the other interesting product. Unfortunately that is long over.
I don't want to make a general judgment here either. There are always two sides to it, and we as consumers and customers definitely have an influence on the situation. The thing is: if we want everything for free, companies like Google, email providers and social networks have to think about ways to work profitably despite free services.
It also appears that the ad based model is more attractive to most corporations. At least it has been the case so far that you only have a choice with a few providers. Perhaps one or the other would like to pay a few euros for a service and enjoy an ad-free experience in return.
My personal setup
Part of my strategy is to use paid services where it makes sense. E.g. I use HEY for my email. I also have a YouTube Premium subscription because I use YouTube a lot, so you can save a lot of advertising for comparatively little money.
In addition, I use Pi Hole as a DNS server, i.e. all internet traffic goes through the Pi Hole server. Pi Hole does a wonderful job of removing ads.
My browser is Brave. In my opinion, Brave handled a lot of privacy issues very well. I also think that the approach that you earn BAT tokens for displaying ads is a good way. So you can decide for yourself whether and how much advertising you want to see.
In addition, I also use a VPN service from time to time. So far I had used the service provider IPVanish. As my subscription to this service expired a few weeks ago, I started looking for alternatives. I came across the Orchid network.
What is orchid
Orchid is essentially a decentralized VPN marketplace. With their own crypto currency and smart contracts based on the Ethereum blockchain, the transactions between users and VPN providers are processed decentrally. The entire marketplace is peer-to-peer, i.e. there is no central administration.
You can set up a secure VPN connection with one click of the Orchid app, the rest runs in the background. Connections from several hops, as some people know from the Tor network, are also possible. Here, every jump is basically an additional VPN connection.
The OXT currency is used to process payments, called nanopayments, between VPN users and providers. At the same time, the providers must hold OXT shares in order to participate in the network.
Billing is based on the bandwidth used. According to this article an OXT corresponds to a data volume of around 10 GB.
Orchid can be used by anyone, without registration and without personal data. There is no term and no contracts. All you need is a wallet that is charged with OXT and you can get started. Orchid offers an app for iOS, Android and macOS. A Windows app should follow soon.
Set up an account
There are 2 options for setting up an account.
- You can buy an Orchid account in the app. You will get an account that is already charged with OXT and you can start immediately.
- You can create an account yourself
The Orchid website shows you exactly how to set up an account on your own. Sufficient OXT credits must be available to set up the account. At the moment 65 OXT are necessary for this, which corresponds to about 25 € at the current rate (08/28/2020).
There are different ways to buy the OXT Credits. You can simply buy the credits from a provider like Coinbase.
Since you have to verify yourself with almost every provider, this process is not exactly anonymous at first. But it doesn't have to be. The providers from whom you can buy crypto currencies manage the customers' inventories in internal accounts. If you now send coins to a wallet address from there, you can see the transaction on the blockchain, but there is no way to find out who originally bought the coins (unless the provider is hacked).
Use the Orchid app
If you have an account, the setup is very easy. You just add a hop and save your account.
One hop is always a VPN connection. As you can see in the picture above, a hop does not have to be an Orchid account. You can also store any OpenVPN or WireGuard configuration here. You can set up several hops and thus increase the anonymization. But you also have to be aware that multiple hops with Orchid accounts also lead to higher OXT consumption.
Once you have set up your hops, you actually only have to press the Connect button:
How anonymous is it all?
If you assume a single hop, you are about as anonymous as with a conventional VPN provider, i.e. the VPN provider knows the following things:
which ISP you are using what your IP address is which websites you visit
In addition, the payment from the Ethereum address of your Orchid account to the Ethereum address of the VPN provider can be viewed on the blockchain. The VPN provider still does not know who owns the Ethereum address. However, your ISP only knows about your connection to the VPN provider and cannot find out which websites you are visiting. The websites visited also know less about you, your origin and your ISP are e.g. no longer available for the websites.
Working with multiple hops
Those who value their privacy very much can also work with several hops. If there are several hops via Orchid accounts, it makes sense to use different accounts. As a result, there is no really useful information for any provider. Only the last provider in the chain knows what content is accessed, what the original IP address is and which Internet provider you are using, on the other hand, only the first provider knows.
You don't have to work with accounts that you created yourself. The Orchid app doesn’t care who the account belongs to and offers you the option of simply passing on or sharing accounts. Several people can use one account at the same time.
Disadvantages of multiple hops
As nice as multiple hops are for privacy, there are downsides too. The more hops the connection makes, the higher the latency. This also has a negative impact on the speed. Another factor is OXT consumption. 4 hops = 4x as high consumption of credits.
TL; DR
Orchid is a flexible and affordable solution that ensures security and privacy. By billing via crypto currency according to data volume, you really only pay for what you actually use. The tokens do not expire either. Once bought, it doesn't matter whether you use up the OXT tokens in 4 weeks or 4 years.
The account creation is kept very simple. Users who have never dealt with blockchain and Ethereum were also thought of, as you can simply buy ready-made accounts.
Orchid is decentralized and no personal data is required to use the service. This means you don't have to put your trust in a single provider in the hope that they won't write any logs or pass on user data.
The app is really very easy to use, you don't actually have to deal with technical details.
I would find the possibility to work with advanced settings interesting. In the white paper there is a paragraph on the subject of node selection based on metadata such as geolocation, price, latency, etc. I would find it interesting for the app to have a little influence here. You don't always have the same requirements.
That's it for now 😎.