Born out of the VPNTunnel Project, the TorrentFreedom ‘manifesto’ is an interesting document, particularly if you’ve ever worried about being tracked, traffic shaped, blocked or censored on the Internet. With a suitably clandestine feel, the manifesto states:
“Today, there is a nexus of Schumpeterian creative destruction to be found at the asymptotic fringe of intellectual property law and networking technology. Everyone says there is an ‘arms race’ between the unwashed filesharing masses and the forces of Big Brother – we like to think of ourselves as the suitcase nuke for the little guys.”
TorrentFreak got in touch with ‘Faust’ of TorrentFreedom to find out what on earth they’re talking about.
TF: Tell us about this ‘creative destruction’ and what inspired you to create TorrentFreedom.
Faust: It’s all but trite to point out nowadays that we’ve undergone a revolution in how human knowledge is created, stored, and shared. And, much as Schumpeter himself had predicted, the creativity unleashed has more than made up for the detritus of old forms of information transmission that now scatter the landscape like broken, forgotten toys. This is as it should be. The backlash from the praxis of stasis threatens to drown the organic reinvigoration that innovation technology has always brought forth – there would be no 95 theses without Gutenburg, remember.
So our inspiration comes from a deeper, historical appreciation for the transformative role of new technologies in human social organization. Nobody knows where creativity, academia, and knowledge creation will evolve as our tools allow for more and deeper interconnection between physically disparate peoples – but we do know that hampering that process isn’t part of making a better world for all beings. We’d like to see people keep sharing, keep learning, keep exploring. . . and they can’t do that if there’s roadblocks and threats of censorship every step of the way. Make it easy and make it work, that’s our approach – then the creative destruction can continue apace.
TF: There are number of evils you appear to tackle head on with this service, such as traffic shaping, packet raping, blocking, censorship etc. I expect lots of Comcast customers will be interested as you specifically mention the ‘Sandvining’ technique they employ. How does your system work and how will it benefit each type of problem?
Faust: Metaphorically, the system is quite simple: think of the difference between sending postcards in the postal mail, versus sending sealed envelopes. A postcard can easily be read by anyone along the way, and if they don’t like what it says (or who it is addressed to), they could just throw it out – oops! A sealed letter isn’t vulnerable like that – the contents aren’t readable whilst in transit. Even more than that, our system protects the address (sender and receiver) on the envelope as well – so nobody can block the message just because they don’t like where it’s headed (or where it’s come from).
At a deeper level, our server farm is based in the Netherlands. Everything passes in and out of these machines, and all IP addresses are associated with them. The activities of our customers – once their sessions decrypt and leave our server farm – are fully and unambiguously decoupled from their RL info (including local/physical IP address). Big Brother isn’t going to show up at their doorstep with a fishing-expedition summons or subpoena. We took it a step further, however – we’ve broken the link between RL info and public IP for our customers inside our systems as well – once an account is set up, it is methodologically impossible for anyone to back-connect a given external TF IP address to a customers’ specific account, ever.
TF: You’re called TorrentFreedom so it’s fairly clear which crowd you’re aiming your product act. What sort of dedicated optimizations can BitTorrent users look forward to when using your service?
Faust: We’ve tested the service extensively with just about every BT client out there. They all work seamlessly. We also don’t penalize our customers for running lots of network traffic over TorrentFreedom – there are no monthly caps, and no drama if someone uses a lot of gigs with us. That’s cool – it’s why we built the system!
OpenVPN, in its rawest form, will work with BT traffic – but getting it to do so consistently and smoothly is nontrivial. We’ve done all that work, so our customers don’t need to become experts in subnet addressing, MTU window sizing, and the 100 other little tweaks one needs to do to really make BT over a VPN sing. We also hand out real, public IP addresses – so no port forwarding garbage, just fast connectivity.
TF: Please give us a brief rundown on how your system works.
Faust: On a technical level, it’s an implementation of the TLS-based OpenVPN project’s codebase (which itself implements various OpenSSL crypto algorithms). Starting from there, we’ve created a Java-based client that handles all the encryption and coordinates OpenVPN’s handshake tasks, to ensure that every packet coming and going from our customers’ PCs is tightly encrypted (including DNS queries, unlike pptp). The really cool stuff comes in the firewall-busting tricks that our client has up its sleeve – there’s very few local network configurations that we can’t tunnel through. . . with no customer tweaking of the software needed. We’ve also implemented a rather clever port 443 wrapper so that, unlike many VPN instantiations, the TorrentFreedom service can’t be blocked unless the entire HTTPS capacity is also shut down – unlikely.
We’ve built most everything with open code, and we’re pushing further in that direction (with perhaps full distribution of the source for our client extensions in the works). “Just trust us” crypto isn’t worth anything – if it’s not open, it’s not reliable. We run 2048 keylength RSA algorithms so, to the local ISP or anyone else “listening in” to our customers’ packets, the data all looks like a stream of secure web traffic, back and forth. This is true for ALL IP traffic coming off a machine, all protocols and all applications. So there’s no need to tweak individual applications to get them to “work” with TorrentFreedom – just set up the client, connect, and everything is encrypted all the time.
TF: There are other well known VPN services that say they are strong on anonymity and hide your IP address, yet all of them will give up your personal details at some point. How is TorrentFreedom going to live up to the claim in the manifesto that BitTorrent users using your service will be “just about as traceable as dusty footprints in a windswept street. You can’t subpoena what doesn’t exist” ?
Faust: Ok this is where the rubber really meets the road. An “anonymizing” service that keeps detailed records of their customers’ activities is just a problem waiting to happen. There’s no point in hiding an IP address only to keep records that connect that IP address to the one that’s used to cover for it! And, reality is that there is no place in the world that isn’t subject to some form of legal jurisdiction – just saying “we won’t turn over records” is silly. When the authorities show up – with court orders or guns – and people start talking about jail time and contempt, those records are going to get coughed up, period. Despite our respect for the company overall, Hushmail’s admission that it provides “secure” email information to certain government authorities demonstrates all too well that even a good team will fold if the pressure gets too high – and if they have information to provide in the first place!
We built the system from day one so that there’s no correlation between an IP+timestamp and a username – this means we can’t hand over logs of “who was on what IP at what time”, and therefore the user can’t be tracked back from their online activity. Our payment system is fully abstracted from the operational environment – billing events are passed to the VPN engine via temporary “tokens” that are one-way-factors – there’s no link between the VPN account and the details of the billing transaction, ever.
We keep a little bit of data on file to make sure we can monitor the performance of the system overall, but we don’t have “server logs” like everyone else does. They don’t exist. So, we can be forced to turn over those logs – but they don’t link back to anything. Not to mention all of our operational VMs run in fully-encrypted partitions, etc. Someone seizing any of our servers has nothing but an expensive doorjam for their troubles. Even someone with full access to every machine we have cannot link people to their past network traffic through TorrentFreedom. It’s structural anonymity, at the most fundamental level.
Now, there’s lots of other VPN services out there and some of them are sorta ok. Most, let’s be honest, are based on pptp – it’s really insecure with several known weaknesses. Plus, it’s closed-source/proprietary, so who knows if it has backdoors or not? The reason people use it is because it’s easy to set up – Windows machines come with it pre-installed. Well, we did the hard work of getting a real VPN implementation (OpenVPN) to work just as easily as pptp – but without the security problems.
Some of the stuff we did is a little complex, behind the scenes, but the end result is a service that’s really easy to set up and use. We’ve got clients for Windows, Macs, and Linux. We don’t limit bandwidth, and we’ve got some very fast servers backing it all up. It’s all done right.
TF: Any final thoughts?
Faust: Using TorrentFreedom for online security is like bringing a machine-gun to a knife fight. . . it might not be ‘fair,’ but the outcome isn’t going to be in question either.
TF: lol ;)
Update: the free invites are gone.
Alternatives: (not free)