What is a VPN?
VPN stands for Virtual Private Network, a common approach for bypassing network restrictions or establishing connectivity between different locations. To do so, a VPN has two critical components: 1) a virtualised network interface; 2) a communication protocol. The working principle is very easy. The virtualised network interface will “hijack” your data that is supposed to be sent via the real network interface to the external network, then it will instead forward that data through a connection established by the communication protocol to a proxy server. Then, this proxy server will send the data on your behalf. The security of the VPN solely relies on the design of the communication protocol, and the privacy of the VPN solely relies on the proxy server.
Why VPN can not VPNs guarantee privacy and security now?
The communication protocol of VPNs is indeed evolving over time, from the early IPsec to OpenVPN and now the most popular WireGuard protocol. The evolution is mainly driven by use cases. In the early stage, VPN is only used by corporations to bring local networks at different locations to a single large intranet. Therefore, IPsec is commonly found on enterprise routers with a command-line interface for configuration. Then, OpenVPN was created in 2001 based on Transport Layer Security, the foundation of the current HTTPS used by almost all websites, to allow portability on regular operating systems. This enabled easy access for employees to the enterprise intranet. Following this trend, WireGuard was created in 2015 to allow both server-to-server style setup and user-to-intranet use cases. WireGuard has since become mainstream among all VPN service providers offering with claimed tweaks and enhancements.
So, what is the problem? First and foremost, a regular client-to-server architecture requires the proxy server to be publicly accessible over the Internet. This means it could be easily located on the blacklist in government censorship. It also means a hacker could break in at any time. But most importantly, this proxy server could identify the user and log all their activities. Don’t believe so? Just read the terms of service. The phase “no log policy” is hardly ever followed through.
The second problem is the communication protocol itself. All the above protocols use conventional asymmetric encryption with DH-curve, which is a “paper protection” in front of Shor’s algorithm with a quantum computer. So it is not future-proof.
So how does VeilNet solve the problem?
VeilNet does not follow the client-to-server architecture; instead, you have Rift and Portal in VeilNet. Rift is close to a “client”, but when you connect, you are connected with a network created by other Rifts and Portals, the VeilNet. The Portals are like Rift, but have the capability to forward data within VeilNet to regular IP networks.
In VeilNet, all Rifts and Portals are not publicly accessible over the Internet. To create a connection, the WebRTC protocol is used to create a logical Peer-to-Peer direct link, but physically, both ends of this link are tied to the public gateway from the Internet Service Provider (ISP) of both sides. With the ISP gateway serving hundreds or thousands of users all at once, it is impossible to know each other’s real identities. Additionally, this means VeilNet Rifts or Portals could not be blocked because, from the ISP’s perspective, this link is simply a regular connection towards the Internet and indistinguishable from traffic of video games or Zoom. If the ISP or government chooses to block the gateway, then all other users will lose their Internet access. Ops…
This unique serverless approach also eliminated the possibility for tracking users’ activities because Rifts and Portals are identified by a randomly generated ID on boot, and a randomly allocated VeilNet IP for the virtualised network interface. With users’ activities scattered between multiple Portals (Yes, a Rift could be connected to as many Portals as possible), logging users’ activities is simply an impossible task. Did I mention the data could be sent through via multiple hops of P2P links as well? ๐
On top of this already groundbreaking implementation, your data is also secured with Kyber KEM and Dilithium DSA, two Post-Quantum Cryptography standards labelled as NIST FIPS 203 & 204. So not only can they not find you or block you, even under some “magical circumstances” you are located, which is impossible, they will not be able to see your data even with a quantum computer having billions of physical Qubits…
