community/crowdsourced voodoo exitnodes - discussion

[Guest]

This is awesome.

But for this to be really ground breaking and useful, Voodoo nodes need to be crowd sourced, not run by CS. And they also need to change repeatedly and not be fixed for the whole session of the user, to prevent easy fingerprinting and pinpointing users' IP addresses (I assume multiple people can connect to one Voodoo at the same time or else this is useless).

Background:
Voodoos see the Source IP addresses of users, but NOT the plaintext data. Never see plaintext data since they'll always be encrypted either to or from the Core OpenVPN server.

Cores see the plaintext data (assuming no other Encryption is in place), but NOT the Source IP address (they see the Voodoo IP).

So, what these requirements I listed prevent is putting all of the user's apples in one basket (data and IP in the hands of CS staff), and of course, this will add plausible deniability for CS and distance them from some headache; and at the same time ensure that users guarantee that whoever has the data doesn't have their IP, and whoever knows their IP (the Voodoo) can't see their data (since there encrypted to and from the Core OpenVPN server).

So again, ease make Voodoo nodes a crowd efforts. Otherwise I can't see how this is any different that traditional OpenVPN setup.

[Guest]

I don't think we're trying to create a hyperboria meshnet - but I like the idea of crowd-sourcing - sort of. Trust is critical - and the VPS endpoints (or jumps or whatever) are the weakest link which is why they need to be disposable. All data is encrypted before it reaches any CS server - and the tokens already prevent anyone at CS from knowing who's connecting. However - they are routing the traffic - the routed traffic has metadata a - b - c.

Only those watching the entire internet would be able to see the correlations... and it's trivial for them now. Voodoo - I think - obscures the metadata - but the more VPS nodes avail the better - especially if we were distributed. But if it's being routed then you wouldn't be able to jump through the stateless - DNS mesh of the WWW via deepdns. We also need to trust the endpoints and expect them to the be targeted so they can be shut off. i think. i dunno if i know what i'm talking about though. I agree we should try to share resources and crowdfund if possible but critical difference between tor and cjdns - tor assume everyone is bad - cjdns assumes everything is good. Tor is global - cjdns might have a presence in some cities but it's limited by how far a wifi signal can go. I like voodoo because it's novel and obscure - but someone needs to monitor and protect all the servers...

[Guest]

sorry i misread part of your post you're right about the ip addresses but none of the endpoints are going to make sense to anyone outside watching and anyone inside won't know what or where the final destination is - but its different than an ordinary opvn setup - even a multi-hopped setup - or tor itself. deepdns