Winston Privacy Device - Which Technology?

KOM

Thanks for the clarification.

I looked at your website and a couple of things came to mind:

The "No VPNs used (faster and more reliable)" strikes me as incorrect, or at least deceptive. There is no way that throughput via public mesh network can rival direct PTP VPNs. This was already pointed out by JeGr. Also, a mesh introduces multiple points of delay or failure as opposed to a direct VPN link. I imagine that you have a method to route around dead nodes, but still.
"90,000+ tracking and maleware sites blocked" - Maleware? So no running Grindr?

I like that you support the EFF.

Your recommended installation path requires a second router and double-NAT config, which isn't optimal and adds more cost for non-tech people who likely don't have spare parts laying around.

"If you don't trust your ISP, why trust your VPN company?"

By that same token, why trust YOU? All we have are the same assurances that you won't collect and monetize user data, just like the VPNs tell us.

Your website makes some claims that have no backing explanations. For example Incognito mode and adblock fail at privacy, because reasons. What reasons? Says who?? I don't expect a deep in the weeds whitepaper when your target market are the Facebook crowd, but still something is better than nothing.

What level of user control is there? Is there an interface that allow you to control various aspects of Winston, such as enabling or disabling certain features, or adding exemptions or exceptions?

Considering your target market of non-tech people, this unit must be bulletproof. What happens when a unit fails? What happens if the filesystem barfs? What happens if a firmware update turns Winston into Deadston?

What chipset are the NICs based on? Realtek don't have a great reputation around here.

Lastly, I don't like the name Winston. It seems too stuffy and somehow patronizing. However, that's just me and I realize I am way too late to that party.

Anyway, I support what you're trying to do and my observations weren't meant to shit on Winston. You have to expect more scrutiny on a network tech forum than on NBC News, that's for sure. We're a cynical bunch who have lived through endless "Your perfect security solution is here at last!" hypefests over the years.

WinstonPrivacy

Hi @KOM,

The "No VPNs used (faster and more reliable)" strikes me as incorrect, or at least deceptive. There is no way that throughput via public mesh network can rival direct PTP VPNs. This was already pointed out by JeGr. Also, a mesh introduces multiple points of delay or failure as opposed to a direct VPN link. I imagine that you have a method to route around dead nodes, but still.

Right now, I am getting 149Mbps from the the privacy mesh network. However, when we say "faster", what we're referring to is the fact that our network is optimized around low latency (better for many small requests) as opposed to pure download speed (better for large downloads), in that this delivers a superior browsing experience. 40ms latency per call is typical (overhead from encryption and routing) but this is offset by a dramatic reduction in # of requests made (~70% on our last benchmark across the Quantcast Top 500), reduction in browser load as well as a reduced load on upstream bandwidth.

Meshes absolutely incur multiple points of failure. This was a major area we had to devote our attention to. We route around failed nodes pretty quickly. Slow/sluggish nodes are a different matter and we're working on that in our upcoming v2 firmware.

Your recommended installation path requires a second router and double-NAT config, which isn't optimal and adds more cost for non-tech people who likely don't have spare parts laying around.

Yes, that's a pain. We didn't want to compete with wifi routers, because there are a lot of great manufacturers (most notably, Netgear). We have considered going downstream to incorporate the cable modem, but those talks are on hold right now as we're in discussions with two service providers about bundling 5G directly on Winston (yes, this would change the business model a lot... it would effectively turn us into a private ISP).

By that same token, why trust YOU? All we have are the same assurances that you won't collect and monetize user data, just like the VPNs tell us.

You shouldn't! We designed the network to be zero-knowledge, in the same vein as Telegram... traffic does not route through our servers, nor do we break encryption. We can't see the traffic flowing through them. The boxes don't send data back to us. No slimy tricks either.

For example Incognito mode and adblock fail at privacy, because reasons.

https://www.youtube.com/watch?v=dBKsfRYV6ZI

The ad block privacy leaks are well known. There's an excellent expose on ABP in the German press which can be found readily enough. In the ad industry, it's widely known that the blocking companies can be paid to get your properties whitelisted.

Considering your target market of non-tech people, this unit must be bulletproof. What happens when a unit fails? What happens if the filesystem barfs? What happens if a firmware update turns Winston into Deadston?

We offer a one year warranty on units.

What chipset are the NICs based on?

http://wiki.espressobin.net/tiki-index.php?page=Topaz+Switch

Lastly, I don't like the name Winston. It seems too stuffy and somehow patronizing. However, that's just me and I realize I am way too late to that party.

Winston is named after Winston Smith, the protagonist in George Orwell's 1984.

We're a cynical bunch who have lived through endless "Your perfect security solution is here at last!" hypefests over the years.

I like that. The harder you push us, the better we'll get.

KOM

@WinstonPrivacy

Another thing. Considering how most people do not have an unlimited Internet plan, how does being part of the mesh add to your monthly baandwidth totals? I see that you separate signal from data, but depending on how chatty the network is, bits can quickly add up to bytes to megs etc etc. Are there any bandwidth controls at all? Is there any way to reserve bandwidth for yourself so that it isn't gobbled up by the mesh?

WinstonPrivacy

@KOM

Actually, it seems that most people do have unlimited internet at this point but we certainly have some users who don't. The majority of traffic in most homes consists of streaming video, which routes around the p2p network. It is almost always served via CDNs and our p2p is optimized for small web requests anyway, so this gives a much better experience.

The current version limits shared bandwidth to 30% of upload speed, though in practice, that's used in bursts, not a constant. The next version of our routing protocol will adjust this dynamically, and (likely) we'll allow users to set manual limits if they choose.

One open issue we have right now is that Rokus are spamming their servers when we block their logs. This is causing an undesirable increase in bandwidth usage. We haven't gotten to the bottom of it yet but we will.

JeGr

@WinstonPrivacy
Hi Rich,

thanks for adressing a few of the issues. I'm happy to see tech talk instead of marketing and a few thinks make sense.

I'm with you on the VPN part. Trust, subpoenas, shady privacy etc. that's why in another thread we were already discussing those points at length. It seems the perception (and advertising) is such, that VPNs are super-good as "they hide you on tze interwebz(!)" That this is marketing BS - yes I'm with you on that one - as are a lot of others here.

"There's ______ for that"

I wouldn't have picked fingerprinting. Because as it stands - you need an extension for it. So nothing new, yes, but that way it runs on the router and all clients are protected. Nice idea!

But as you point out

"that really reads like a small-scale TOR-rebuild."

Well yes, kind of. It's Tor for normal people.

So why not use TOR and communicate it? Why use something new?

Privacy has to be simple and convenient or most people won't bother.

Yes! It does! But you didn't answer the question below - why did the techniques you adapted or built again (AFAIR) need another go? Why not implement e.g. TOR as your routing/vpn/mesh solution? Would strike as a nice idea, as you'd have access to other TOR nodes in an instant. With your new mesh I'm in fear of: "Huh, are there even enough customers later, that you actually DO have a critical mass to route/mesh with to gain the privacy you say?"

So anyway, I hope I didn't bore you reading this. My aim is to be fully transparent with our business model and intentions,

Not in the least. But I'm still curious about the rebuild/use of technologies and why you decided to do "your own thing" instead of use/build upon things already there so everyone can participate.

Problem with most startups/kickstarters/devices like that is that the project itself is damn great and ambitious. And then sales are not in the range one predicted, tech problems, etc. etc. - you know that yourself. If I see 160 supporters/backers on KS, I'm thinking: Huh, ~300-400 devices in the wild then. With that small scale it strikes as a challenge to have a big enough base layer for mesh VPN / TOR-style networking. And when looking at a geo-scale I'm worried - are enough of those people in my range so I get a speedy connection or are they all long distance with bad connections so my link is being throtteled by them?

I'm not against other solutions protecting customers. I'm just a bit vary of high expectations you call. :)

jimp

Reimplementing TOR is also likely to be a questionable tactic from a legal standpoint if not a bandwidth consumption one. If Customer A performs illegal activity over this mesh which exits Customer B's device, and LEOs track it to Customer B, what happens? It may not be traceable back to Customer A, but who knows what they would decide to do with Customer B.

With TOR, the end user has to make a conscious decision to become an exit node, along with whatever potential legal liability that may bring in the future. With this, it's baked in, and with it targeting lower-knowedge end users, customers may not fully realize what they are getting themselves into.

KOM

Funny you should mention that. After running a Tor exit node for the past couple of years, I shut mine down permanently last weekend after getting fed up with the constant ToS violation emails from my VPS host and having to respond to a never-ending series of support agents, each more clueless than the last.

They would cut off my access and then force me to do this ridiculous dance with their support, where they provide me with no data whatsoever about who complained and then demand to know what action I will take to prevent these in the future. I would then explain that I run a Tor exit node and that they haven't given me anything to work with so there is nothing I can do. After several hours, they restore my access - only to have them yank it again a few days later with the same issue and a new clueless support agent who doesn't even have the sense to check the customer's history. Repeat ad nauseum for years.

I finally gave up. Thanks for the t-shirt though.

Back to Winston, he did say that only small packets are routed through their network while data went direct so that may or may not affect who gets blamed for criminal activity.

johnpoz

And what ISPs are these low tech targeted users of yours on - most if not all of them have antishare AUP in place..

Here this is comcast's wording
"use or run dedicated, stand-alone equipment or servers from the Premises that provide networkcontent or any other services to anyone outside of your Premises local area network"

cox
"ou may not resell the Service or otherwise make the Service available for use to persons outside your dwelling (for example, through an open wireless home network)."

AT&T
" For example, you agree that the Service is not to be used to trunk or facilitate public internet access ("hotspots") or any other public use of the Service, or for any high-volume purpose. All aspects of the Service, except that portion provided by third party providers, is copyrighted and property of AT&T."

Pretty much residential ISP in the US is going to have a sim wording in their AUP.. Let alone all the other stuff that falls into the AUP that might be done but traffic your routing through their connection. Which they would be responsible for.

WinstonPrivacy

@JeGr

So why not use TOR and communicate it? Why use something new?

Great question. When we were first researching the market opportunity, we surveyed and interviewed over 1,000 potential buyers. We learned that few had ever used Tor and those who did typically stopped using it, citing performance or other inconveniences.

Further research indicated that the prevailing privacy model was built around the use case of spies or hiding criminal activity, much like a chain (ie: break one link, and the whole thing falls apart). What we discovered was that a new "consumer model" of privacy had emerged. This model is more like death-by-a-thousand-cuts, in which one incrementally gives up a huge amount of data about themselves every time they go online.

The privacy violators exploit this laziness on the part of the user, so our insight was that we wanted to turn that around as a kind of Jiu Jitsu. Our thinking is that if we can lower the bar and allow for effective privacy tools to exist with the common everyday browsers and apps that people are accustomed to using, then it would benefit a larger audience.

why did the techniques you adapted or built again (AFAIR) need another go? Why not implement e.g. TOR as your routing/vpn/mesh solution?

Tor is slow and overkill for people who have nothing to hide. Winston is not optimized to shield criminal activity, it is optimized for speed and convenience.

With your new mesh I'm in fear of: "Huh, are there even enough customers later, that you actually DO have a critical mass to route/mesh with to gain the privacy you say?"

That's based on the misunderstanding that IP address alone is sufficient to track users. It is an important source of information entropy which trackers exploit and so we should block it. But IMO it is not the most important one. In any case, as few as 30 nodes in a geographic region provides strong protection here because it invalidates the assumption that a single IP represents at most a related cluster of people.

WinstonPrivacy

@johnpoz

most if not all of them have antishare AUP in place..

My understanding is that ISPs do that because of file sharing and freeloading. Traffic injection is a powerful security benefit and they do recognize that.

Case in point, we're actually in discussions with two major ISPs now about resale partnerships. I would not want to mislead anyone and suggest that ISPs care so much about their users' privacy based on principle, but offering a free market solution to the small percentage of customers who care enough to take advantage of it is a strong response to the Federal pressure these ISPs are under right now.

WinstonPrivacy

@KOM said in Winston Privacy Device - Which Technology?:

Back to Winston, he did say that only small packets are routed through their network while data went direct so that may or may not affect who gets blamed for criminal activity.

Correct. Large data transfers continue to take place over local transports, not p2p. If customers are worried about this aspect, we do allow them to switch off p2p routing and make use of the other privacy protections only (which are not weak, by any means).

I am curious if anyone has suggestions that are not as "all-or-nothing" as this. For instance, we have been talking about the possibility of allowing users to specify sharing policies (and shipping with thoughtful default ones), such as streaming, pornography, illegal content and other blocklists.

Another highly requested feature is to allow users to set up their own private named networks that they can share with friends and family only.

Still another is the ability to dial down the amount of traffic sent out on the network and take advantage of traffic shaping (one research study I've read indicated that as little as 3% false traffic is sufficient to hinder IoT device identification).

I appreciate the thoughtful discussion!

johnpoz

There is what you think the AUP says and what they care about, and what it says... And what the ISP can do to their users - like just freaking kill their service when they see 1 users overall usage jump up because they are routing other traffic over their connection.

Or some other "privicacy device" does something against users ISP AUP and the ISP cracks the whip on the user, etc..

Once you have the OK from the isp to do what your doing, then you can hawk you boxes to those users... But until then... Its sure could be a huge disaster for a lot of users..

And targeting "non tech" users makes it worse if you ask me... Atleast if the person is technical they understand what they are doing - and what it means, etc. like running a tor exit node... Billy bob facebook user is not going to run a tor exit node out of the blue... But grandma could for sure buy your box and plug it in it seems ;) Or atleast that is your goal?

WinstonPrivacy

@johnpoz

We are in active discussions with two ISPs. There is strong interest in reseller partnerships and my personal experience has been that they want to be perceived as being any more anti-privacy than is already the case.

We have been using the device internally for about 17 months and have had quite a few field units out there since September (8 months) with zero reported issues from ISPs. That should perhaps be expected, given that it's impossible to discern the source of specific traffic.

johnpoz

@WinstonPrivacy said in Winston Privacy Device - Which Technology?:

few field units out there since September

There is a huge difference between a few in the field and 1,000 if not 10's of Ks of them on a ISP network that figures it out and gets freaking pissed ;)

You want to hawk your "security" box to the masses that don't understand it that is fine - route their traffic to your network..

But meshing these things and routing billy's traffic over karen's connection is BAD JUJU just waiting to hit the fan if you ask me.. Especially first time kevin moves any sort of kiddy you know what about thinking he is "safe" behind your security device..

given that it's impossible to discern the source of specific traffic.

Any ISP can for sure tell that billy is going to alot of crazy places for a home of 2 people ;) And can for sure tell something is up and take a closer look when lets say 1000 of their users usage just went up by 30% and is just all over the place vs just karen's typical streaming netflix usage..

So how is you state

As an example, let's say your iSP wants to record your internet activity (most do)

But then you say you have ISP that are saying it going to be ok to put these boxes on their network - which will prevent them from tracking their own users..