I was brainstorming for quick and simple solutions for anonymizing customers to the PirateISP, a small start-up company that wish to provide a safe darknet, and anonymize the users when they surf about at the vanilla intertubes.
~~~~~ 8< ~~~~~ 8< ~~~~~
Idea #0: All customers gets addresses via DHCP in a LAN network (10.0.0.0/8). When they connect to anywhere at the ordinary internet, their connection goes through a large NAT-pool. For each outgoing connection, a random IP and port is selected for the user from the pools set of IP addresses. It is an extremely crude and lotech-method to protect the users from the data retention directive, FRA and IPRED, as the ISP probably is not required to keep track of every single connection that users has had in the last 6-24 months. This crude “security feature” relies on that such detailed surveillance of all customers is illegal, and that no information about the customers thus can be stored. All users share the same IPs and collectively uses them together. Of course it also means that the users never has any IP addresses of their own, and that they can not host their own servers.
The solution is extremely simple, and requires only that one configures a NAT pool and routing in some default cisco router. It needs some testing though, for example if all protocols are happy about being forced through a NAT.
What needs to be done? Check if it works well with all the mostly used protocols, and how well it works with the cisco routers. Would the users be happy with this type of setup?
~~~~~ 8< ~~~~~ 8< ~~~~~
Idea #1: OpenVPN-cluster with RADIUS. People can log in at some website at the ISP and get certificates for their OpenVPN tunnel. For windows users, a small C#-program could be programmed to install everything automatically. For linux- and *bsd-people the scripts can be generated automatically at the website and come together with a small tutorial.
When the user registers at the PirateISP website to create their VPN account, a certificate is also created and stored in the RADIUS server. When the user connects to openvpncluster.pirateisp.net (or whatever) the domain resolves to a random OpenVPN server within the cluster. When the OpenVPN server tries to verify the clients certificiate, it communicates with the central RADIUS server. Thus, cryptography is distributed and authentication is centralized. This probably scales well.
I have not explored Idea #1 and have no idea if it would work, but I guess it would. Maybe it is too difficult for the random user though :/?
What needs to be done? Check how well OpenVPN handles RADIUS, check if it is possible to easily integrate RADIUS with a web page (so that users can create accounts easily), build that C#-application so that it does not require any knowledge for the common user to use it, and research if it actually works. This will take a few weeks.
One idea is to have the OpenVPN servers in Iceland, in order to avoid the swedish laws. But, perhaps that idea is just an impossible and far out wish?
~~~~~ 8< ~~~~~ 8< ~~~~~
Idea #2: Combine #0 and #1 so that users that wish to have their own IPs can have them.
~~~~~ 8< ~~~~~ 8< ~~~~~
The OpenVPN solution probably would work good for replicating the Relakks/IPREDATOR business model (except being more secure), while the NAT solution is the simplest one for just anonymizing users that are directly connected to the ISP via cable.
Of course, it might work just as well to simply just refuse to give up any information about the customers when the authorities asks. This type of civil disobedience-solution for security is currently used by PirateISP. If the pirate party enters the parliament, the operators of the ISP will become quite difficult to prosecute because of the constitutional protection for parliamentarians. Pure and simple civil disobedience would then most likely be the best solution.