Me and @[email protected] were discussing practical aspects of hosting a Space Station 13 server. In particular, we were concerned about the risks of running internet services out of our home internet connections. It pretty much advertises the locality you live in and connects any other services/activity at the same IP address to your Hexbear identity. The usual alternative is to buy some server time from someone else with an internet connection but the costs can add up to a lot if everyone is buying server time individually for their services.
Initally, we were discussing buying some server time for our own use to proxy connections to our home network to run our game server but we thought it might be more efficient and helpful for the community to make this available to everyone here who wants to run an internet service.
Basically, the idea is that instead of exposing a service on your home IP address for everyone on the internet to see, you connect to our server and it accepts connections on its own IP address for you and proxies the traffic back to your home network. So, if you want to tell someone how to access your service, all you need to give them is our server's IP address and a port.
Of course, this has little to no effect on people with a grand ability to surveil internet traffic (
) but it would expose a lot less information to other bad actors and make running internet services easier.
There would also need to be trust between the maintainers of this proxying service (who could collect the network information and traffic of the users, for example) and the users (who could use the proxy to forward malicious traffic, for example) so we thought it would be most useful if it were a community project. Maybe some of the risks could be minimized by restrictive firewall rules like not allowing users to send traffic out to the public internet unless it were a response to incoming traffic but maybe that is a feature we want?
Anyway, what does everyone think about this idea? Is it worth exploring and implementing or is it a bad idea? Sorry if I was a bit vague because I'm still thinking about the best way to implement this idea.
It takes a lot of work and commitment to run a service like that let alone for other people. And on top of that you'd only be hiding from the low tier trackers, you really can't hide from the feds online unless youre extremely paranoid and have some next level obfuscation going on. Feds have backdoors in the entire backbone network and have tools that can analyze traffic flows and track them to their source.
If you're just looking to hide from nonfeds then I'd suggest using pretty much any vpn service, possibly also using another proxy to connect to the vpn itself.
Well, one of the simplest versions of this idea is just a server running as a Wireguard peer forwarding traffic to and from other peers from the public internet. Not too complicated to setup and maintain.
Yeah, it's really difficult to hide traffic from people who control the internet infrastructure. The intent is just to hide locations and IP addresses from less resourced attackers.
A consumer VPN wouldn't really solve this issue. I think there might be some left still offering support for forwarding incoming connections (port forwarding) but many have shut down because people were hosting illegal/malicious content. Otherwise, consumer VPNs only forward traffic to you if you started the connection. Not useful for running internet services. And everyone would have to buy their own subscription.
Well if you're running services over the vpn then yeah I would just build your own. Ive been messing with a bunch of different mesh solutions but they all seem to have their quirks so ive gone back to a hub and spoke model.
Theres also a bunch of residential proxy services but those charge by the gigabyte usually and come with their own set of issues. Riseup also runs a vpn service I'm not sure if they have any restrictions on port forwarding or not. Also it requires an invite, but I figure if you set one up it would also be invite based or some kind of SSO with your hexbear account.
Why would I trust you, a random person on the Internet, to be my trusted middlebox
People would have to make a decision based upon whether they prefer advertising their location to the world (and possibly other services at the same address) or trusting a intermediary with their address and traffic. I would prefer some community oversight over this service as well but idk if people are interested in that or this service at all. Maybe it's a bad idea anyway just because of centralizing internet traffic that would have been relatively decentralized.