Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
jgiraldo29 6 days ago

Hello! Thank you for your question.

To start with, yes. Originally the project was going to be decentralized to exactly stop that from happening, but as time went on I realized how it quickly became overcomplicated. So it was either implementing a P2P model or going the centralized route.

Now, to the second point. This network is not aiming to be Tor. Tor is global, it has a basis in fog. This does not operate in the case of someone that needs complete anonymity from each other. It operated instead under the principle of inherent trust. This means, the project was designed so that with and only with trusted people the nodes can be released. So the whole security model for the nodes is not like Tor which is based on mathematical probabilities. Instead it is based in the social quality of trust.

So for example, imagine a journalist in country x. They need to contact their outlet in a foreign country, without their activity being monitored by the country's ISP.

Using a VPN? Can be risky, VPNs are by itself a highway, that is completely traceable even if encrypted because again, it is a highway.

Maybe Tor? Tor can give a higher level of security, but the public nature of tor can mark it as suspicious. There are global databases with the common Tor addresses, a lot of websites have well developed anti-Tor measures, so country x can also exactly know this. The government wouldn't know what they are doing, but it would undoubtedly raise suspicions.

So it works this way. The journalist, and other 5 people set up GiralNet. Three can set up the nodes in different locations/places(even foreign countries. They then register to the central authority running in another server. So the journalist wants to browse a topic, the proxy then builds a three hop circuit. The journey of the browser is randomized thanks to it, and their traffic is encrypted like the onion network does it.

This can help because it avoids flagging as it will appear from a "normal" ip address. No single node can also link their IP address to their browsing activity as the exit node doesn't know who they are, and the local ISP doesn't know where it is going.

The final, is accountance. The biggest security failure point here is, social trust itself. IF one of the nodes is run by, well a malicious actor, it can compromise the network. This becomes less of a technical and more of a, knowing who to trust kind of thing.

Basically, that's why I designed it that way.