People that needs computers for providing VPN solutions to random people, wish to give away shell accounts to random/unknown users for free or wish to route some sort of network traffic through AIXP can be given computers for doing this. Generally, as long as you provide a service to some sort of darknet, you can have a free computer (or virtual machine).

However, a computer that is only used to give one guy a shell account for IRC or whatever will be removed from the network. This will happen one week from now. Copy your files and wipe your hard drives.

But how does one obtain a computer in such a way that no one knows who owns it?

The first method is the obvious one. One simply enters the corporate building at night and installs it somewhere, and makes sure that it has WLAN access (possibly requires that you crack the WLAN).

The second method is to simply buy one. In Sweden it is possible to buy anonymous credit cards at Seven Eleven and Pressbyrån. It is then very simple to just go to a VPS-hosting website and order a virtual machine under a false name (using TOR ofc.)

Setting up an OpenVPN server in a virtual machine in Hong Kong or somewhere else is then not too difficult. If you want absolute anonymity you could instead ssh (or telnet?) to it via I2P.

This wiki article at cryptoanarchy.org has more information about how to buy an anonymous VPS.

~~~~~ 8< ~~~~~ 8< ~~~~~

Idea #0: All customers gets addresses via DHCP in a LAN network (10.0.0.0/8). When they connect to anywhere at the ordinary internet, their connection goes through a large NAT-pool. For each outgoing connection, a random IP and port is selected for the user from the pools set of IP addresses. It is an extremely crude and lotech-method to protect the users from the data retention directive, FRA and IPRED, as the ISP probably is not required to keep track of every single connection that users has had in the last 6-24 months. This crude “security feature” relies on that such detailed surveillance of all customers is illegal, and that no information about the customers thus can be stored. All users share the same IPs and collectively uses them together. Of course it also means that the users never has any IP addresses of their own, and that they can not host their own servers.

The solution is extremely simple, and requires only that one configures a NAT pool and routing in some default cisco router. It needs some testing though, for example if all protocols are happy about being forced through a NAT.

What needs to be done? Check if it works well with all the mostly used protocols, and how well it works with the cisco routers. Would the users be happy with this type of setup?

~~~~~ 8< ~~~~~ 8< ~~~~~

Idea #1: OpenVPN-cluster with RADIUS. People can log in at some website at the ISP and get certificates for their OpenVPN tunnel. For windows users, a small C#-program could be programmed to install everything automatically. For linux- and *bsd-people the scripts can be generated automatically at the website and come together with a small tutorial.

When the user registers at the PirateISP website to create their VPN account, a certificate is also created and stored in the RADIUS server. When the user connects to openvpncluster.pirateisp.net (or whatever) the domain resolves to a random OpenVPN server within the cluster. When the OpenVPN server tries to verify the clients certificiate, it communicates with the central RADIUS server. Thus, cryptography is distributed and authentication is centralized. This probably scales well.

I have not explored Idea #1 and have no idea if it would work, but I guess it would. Maybe it is too difficult for the random user though :/?

What needs to be done? Check how well OpenVPN handles RADIUS, check if it is possible to easily integrate RADIUS with a web page (so that users can create accounts easily), build that C#-application so that it does not require any knowledge for the common user to use it, and research if it actually works. This will take a few weeks.

One idea is to have the OpenVPN servers in Iceland, in order to avoid the swedish laws. But, perhaps that idea is just an impossible and far out wish?

~~~~~ 8< ~~~~~ 8< ~~~~~

Idea #2: Combine #0 and #1 so that users that wish to have their own IPs can have them.

~~~~~ 8< ~~~~~ 8< ~~~~~

The OpenVPN solution probably would work good for replicating the Relakks/IPREDATOR business model (except being more secure), while the NAT solution is the simplest one for just anonymizing users that are directly connected to the ISP via cable.

Of course, it might work just as well to simply just refuse to give up any information about the customers when the authorities asks. This type of civil disobedience-solution for security is currently used by PirateISP. If the pirate party enters the parliament, the operators of the ISP will become quite difficult to prosecute because of the constitutional protection for parliamentarians. Pure and simple civil disobedience would then most likely be the best solution.

AIXP is a project somewhat related to Telecomix Crypto Munitions Burau, PirateISP and random darknets.