With net neutrality repealed, how blockchain-based networking can protect online privacy

VPNs may not offer enough protection.

(The following article from our Chief Architect, Jong Kim, was featured on Network World.)

In today’s digital-everything world where so much of our personal and professional lives are online, most people seem to have less of an expectation of data privacy than ever before. They know that companies (and governments) are mining their data, but after all of serious breaches of trust, it’s no wonder that a majority are now becoming wary of both their data’s security and how it is used.

In fact, a study by Harris and Finn Partners found that Americans are more concerned with data privacy than they are with job creation. That’s a shocking finding, but maybe it shouldn’t come as that big of a surprise. From the Facebook data scandal, to the horrendous number of retail data breaches to the serious security threats that even come with using public WiFi, nothing seems safe. And now with the repeal of net neutrality, even our internet service providers are free to collect and sell our browsing data.

The heightened threat for some groups

Even though few people take measures to secure themselves, so many have really good reasons to consider protection, which means securing online activity is becoming more essential every day. Imagine for journalists wanting to report news in totalitarian states known to monitor online behavior, the threat couldn’t be more pronounced. Even in the U.S. — with reports about the Homeland Security Department’s plan to keep a database of journalists and media influencers — is it that far-fetched to think a pressured ISP who now has the right to collect traffic data wouldn’t turn something over?

This fact is none truer than for those operating blockchain nodes, a group notoriously vigilant about security and anonymity. Even in the networks underlying blockchain, there is so much information up for grabs, that many blockchain thought-leaders have expressed concerns. The security threats are everywhere. Even crypto’s hottest trend, staking, has plenty of security risks, especially related to the exposure of metadata.

These early realizations have started to take hold in the blockchain community, sparking a hastened pace for research about obscuring data down to the application level, a transparent system that publishes smart contract and transaction data. But, regardless if you’re a blockchain developer or just a concerned consumer who wants to stay anonymous, what can you do?

VPNs aren’t always secure

Today, many people know VPNs as a way to protect anonymity online. These services, whether paid or free, route user traffic through an encrypted connection to the VPN provider’s servers to supposedly never reveal a user’s IP address. But, while they’re a well-known privacy solution, they aren’t without their own issues.

A study by TheBestVPN demonstrated that among the top 115 VPNs, 26 collect personally identifiable information including IP addresses, locations, bandwidth data and connection timestamps. In some cases, VPNs, like many of the free options, sell user data. Then there are absolutely ludicrous instances where VPNs have sold customer bandwidth to third parties, like hacking groups, which will turn unsuspecting users into botnets.

Blockchain as a networking alternative

It’s time to start looking to blockchain to create gateways as an alternative to VPNs. Advances in blockchain applications have made it possible to not only protect against cyber threats, but also obfuscate where a connection originates, ultimately keeping user data encrypted.

Setting up your own mini-relay network that can proxy traffic on and off multiple servers globally is an option, and open-source and peer-to-peer networking implementations are ongoing. This would not only allow people to manage everything themselves, but also allow for traffic to be routed through an encrypted connection and exited through a different node. For instance, say you have ten nodes, with one behind a firewall (not publicly facing), and the other nine are acting as relay nodes, bouncing traffic from server to server. If your primary server is in Bulgaria, that configuration will come across as if it were broadcasting from that location.

If you require even more protection, you can obfuscate even further by using multiple servers and having traffic exiting off of multiple nodes, leaving hardly any ability to trace the server location.

It’s similar to using a personal TOR network, but an important distinction is that you control your own nodes. Not to mention, it’ll probably be faster, as TOR networks can be painstakingly slow. Even creating the most complicated obfuscation topologies is a real possibility because of blockchain’s rapidly advancing development, so if leaving zero digital breadcrumbs is essential to your operation, you’re not without hope.

The bottom line is that we don’t have to accept privacy in the digital age as a thing of the past, even if data exposure exists in the smallest window of opportunity. There seems to be this assumption that if you want to be part of the connected world, the consequence is that you must leave a piece of you behind. But as we’ve seen time and time again within the blockchain community, we aren’t about “accepting” or “assuming” anything to be a foregone conclusion or impossibility.