BitzKrieg Overnet Officially Launched
Tuesday, 2008-10-21 15:08, 1224601719 seconds since Unix epoch
With the rise of internet anti-freedom legislation in lots of countries I might just visit, and the ongoing US lobbyist’s pressure to enforce similar laws here in Europe and the Netherlands, I’ve taken drastic steps to counter these threats. The MAFIAA can eat my 2048-bit AES encrypted shorts!
I’ve already been using SSL/TLS and SSH technologies to encrypt my email while it travels back and forth between the Wasda.nl mailservers and my personal machines. With access to enormous amounts of bandwidth, hardware and IP address space in the Wasda.nl network I’ve done something I’m not quite fond of. I broke a part of the internet to ensure my freedom. Instead of encrypting individual links and protocols, I’ve chosen to encrypt the whole lot by forcing all of my web traffic through OpenVPN-powered tunnels. Now I’m sure I can trust the security of my internet connection, wherever I may roam.
The next step is to securely acquire more trusted exit points. My current exit point is at TransIP’s DCG. It’s network is great but I’ve got to behave. I can’t use IRC nor P2P protocols. It’s not that much of a problem, since my home DSL provider still is relatively trustworthy. I’m looking for cheap places to colocate some cheap hardware to widen this overnet’s reach and possibilities. Some more (Debian) people have shown interest in BitzKrieg.net, which makes this whole endeavor maybe even financially feasible.
The setup of BitzKrieg’s overnet is quite simple, actually. With Debian’s outstanding OpenVPN integration secured internet connections are easy as can be. It uses the 172.16/12 address space and Linux routing to create something resembling a network. Fixed IP- and key sets are created for every single client, ranging from laptops to entire 10/8 and 192.168/16 subnets. 172.27.0/24 is reserved for the VPN itself. Members of this network have to know the CA, yours truly, personally in order to be able to connect.
J. Janssen Says:
Damn, fuck those MAFIAA bastards indeed!!!!1111one!!!1
This sounds a bit like an elite TOR rip-off. The only difference, your tunnel will (probably) use a much harder to crack encryption, and a fast connection, something TOR doesn’t offer.
Will home users be able to offer their bandwith to this project? I think for a project like this, a VERY redundant network is a MUST. 10, 20, hell, even 25 exitpoints isn’t enough. The MAFIAA will cease them all.
How come TorrentFreedom isn’t sued/ceased yet? They use OpenVPN.
jorrizza Says:
This is no TOR rip-off, nor does it try to compete with it. It’s a private overnet geared towards maximum security and bypassing ISP datamining projects. The whole idea is to move the internet connection you’re using to a data center to accomplish two things, namely to circumvent the consumer ISPs and to completely obliterate the IP-person relationship in court.
The other great thing is that it creates a VPN between all peers which should keep network traffic, including email, completely obscured from the internet. BitzKrieg already offers email, web and file services by using Wasda.nl’s machines.
TorrentFreedom is exactly what this is, but BitzKrieg is free for me and other peers. TorrentFreedom is actually just two hops away from BitzKrieg, so maybe I might just contact their ISP to get some 1Gb/s boxes of my own. Plus, BitzKrieg grows with other network admins who’ve got some room left on their pipes. It’s basically a bunch of TorrentFreedoms stitched together.
BitzKrieg isn’t and won’t be something end users will ever going to use. As you’ve said, it’s an elite solution.
J.Janssen Says:
Oke, that clears it up. But the question going through my mind, is “why keeping it an elite network”?
Yeah, I know many users fuck up, by sharing top-monitored stuff (think of the Win2K source code a few years ago), which could get your servers raided. Then ask more money, like 50 buks/month, so you keep it elite, and clean, since people are more happy with TorrentFreedom. Those who really _need_ your service will find you anyway.
The thing what I am trying to say, this sounds a bit like an elite snob party, only those sharing their high bandwith connection (datacenter like) will get access to BitsKrieg, and that’s not like you.
And what are the minimum requirements? You say that you don’t want any customer-ISPs in your overnet, so that includes fiber connections. Is anyone with a dedicated server (an a data centre) welcome?
jorrizza Says:
Okay, every network has it’s purpose. If you want total anonymity, use Tor. If you want to use bittorrent without the MAFIAA looking over your shoulder, use TorrentFreedom. If you have total control over your internet connection right up to the large carriers (Cogent and the like) or trusted first-tier hosters and know me personally, join BitzKrieg and share your network’s services with others like you.
Because BitzKrieg isn’t just a heavily encrypted link to the internet, but also enables connections between peers, this can’t just be compared to something end users would use. It enables network admins to interconnect their personal secured networks with each other to make the whole bunch more usable. Because BitzKrieg grants access across the VPN these admins are opening up their private networks and machines to other participants. To keep unwanted visitors out a good chain of trust is needed. To ensure that, the CA, me, will only hand out keys to people he knows personally. This keeps the chain of trust manageable and tightly secured. So the minimal requirements would be that you know me and you’ve got no consumer ISP in between you and the big international carriers that shape the actual internet backbone.
I also dislike the idea of a closed overnet, but it seems the only solution until we overthrow the corrupt governments. I’ve also set this up because I can, it gives a bit of a even-the-NSA-can’t-get-me-now feeling when I’m sharing pr0n, err, files with my peers.
J.Janssen Says:
I like this idea. Two questions:
1) This sounds like an elite intranet, known by its privacy protection. If you want to get the max out of it, you`ll need some connections with important people/servers, so that you won`t use the “internet” that much, since the internet is “0wn3d” by the NSA, like you are saying, an idea that I personally do believe. How many people will contribute? It will be nice if servers like the NLUUG, Debian, and so, will join, so you have everything you need on your servers (maybe even TPB, eh? [yeah, I know that's very unrealistic]).
2) The admins, peers, will have a great responsibility for other’s people uses. In reply #4 you told us that only people you personally know, can join. So, either you will have to take the responsibility, or leave it up to the peers. You know them, but not all of them will know each other. When someone leeches the spied-on stuff (again, Win2K source code), another person will have to bear the consequences for that person’s use of BitzKrieg. How are you thinking about this issue?
Personally I might consider getting myself a dedicated server, especially for BitzKrieg, as it sounds as a “must join”.
My personal view on it: The internet was designed by DARPA, sort of. Then, years later, everybody has at least one internet connection (developing country’s not counted in). We all think the internet is free, we all think the internet gives us privacy and anonimity. Well, think again. We all use Google. Google might even know more about us than our friends do. This is a huge area of interest to the NSA, CIA, or even a secret service from which nobody knows its existence. Maybe Google is even founded by engineers of the NSA, who knows. I do not believe in anonimity on the net. We have to redesign the internet, to a more complex, secure, and anonymous form. Encryption is a must use, and a layout like TOR would be nice, especially with the more-and-more fast connections we are getting.
However, this is very unrealistic. The NSA, CIA, whatever, want to have control, so they will stop this development. But not only they don’t want this. The MAFIAA don’t want this as well, as well as other parties (think of Google). They want something like this: http://tinyurl.com/jrrzz.
We have to get active, let them hear our protest, thoughts, and rants about this subject. More than 99 percent of the people accept that the government is taking our rights, freedom. Don’t think about stopping this, just DO it! Stop the government taking our freedom, stop Bush from signing draconian laws, stop the facists!
jorrizza Says:
I’ll answer your questions as simply as possible.
1)
This network is about connecting people and their hardware, not entire Debian or NLUUG sized organizations. If they have the inclination to set up an overnet they’re perfectly capable of doing so. Since they haven’t got anything to hide it just doesn’t make sense. The internet isn’t owned by anyone, the risk of being spied upon is just so much larger when using standard consumer level internet connections. A country can ask individual ISPs to monitor some traffic, but big carriers simply can’t because there’s simply no hardware capable of monitoring these international backbones for individual connections. Anyway, the number of people will probably stick around five or six or so, using a few dozen machines.
2)
Yes, every member is held accountable for the traffic that exits his exit point. Not only by BitzKrieg, but maybe even more by the ISP. If I start firing up an army of IRC bots my entire network will be taken down, so yeah, I need to be careful. People who are playing around with networking technologies usually know how to secure their connections using iptables (pf in your case) and NAT routing and the like. Every exit point can define it’s own rules about what traffic can flow through freely. This is in no way automated (yet) so it’s basically just a matter of “adherence or else”. The interconnection of exit points is still in development. Now only client load balancing is used.
If any more questions arise, feel free to ask. I’ll be attending T-Dose this Saturday, I’m sure we’ll be able to discuss some details about BitzKrieg and redesigning the internet.