Me and @WithoutFurtherRelay@hexbear.net were discussing practical aspects of hosting a Space Station 13 server. In particular, we were concerned about the risks of running internet services out of our home internet connections. It pretty much advertises the locality you live in and connects any other services/activity at the same IP address to your Hexbear identity. The usual alternative is to buy some server time from someone else with an internet connection but the costs can add up to a lot if everyone is buying server time individually for their services.
Initally, we were discussing buying some server time for our own use to proxy connections to our home network to run our game server but we thought it might be more efficient and helpful for the community to make this available to everyone here who wants to run an internet service.
Basically, the idea is that instead of exposing a service on your home IP address for everyone on the internet to see, you connect to our server and it accepts connections on its own IP address for you and proxies the traffic back to your home network. So, if you want to tell someone how to access your service, all you need to give them is our server's IP address and a port.
Of course, this has little to no effect on people with a grand ability to surveil internet traffic (
) but it would expose a lot less information to other bad actors and make running internet services easier.
There would also need to be trust between the maintainers of this proxying service (who could collect the network information and traffic of the users, for example) and the users (who could use the proxy to forward malicious traffic, for example) so we thought it would be most useful if it were a community project. Maybe some of the risks could be minimized by restrictive firewall rules like not allowing users to send traffic out to the public internet unless it were a response to incoming traffic but maybe that is a feature we want?
Anyway, what does everyone think about this idea? Is it worth exploring and implementing or is it a bad idea? Sorry if I was a bit vague because I'm still thinking about the best way to implement this idea.
If you were concerned about running a service and not exposing your own IP, you would run a onion service via Tor
Tor isn't good for any traffic beyond casual drug buying and forum posting. Also many of the exit nodes glow
Onion services don't use exit nodes
Feds run guard and relay nodes too. Probably still better than the clearnet though lol
If your goal is to not expose your IP address to anyone, sure. But if the goal is to protect the Hexbear userbase from websites that are IP grabbing, proxy is fine
IPv6 with privacy extensions then. Make the address pool large enough it's not feasible to be correlated to individual traffic based on IP
I thought about it but sadly Tor is only really useful for non-realtime services because of latency. The biggest category of use for this service would probably be video games at this time.
Also, running a Tor client or whatever they call it takes some setup beyond just doing web browsing.
The intent behind this is just to not reveal people's locations and IP addresses to the average wrecker or reactionary if they want to run a Minecraft server or something.
IPv6 with privacy extensions is a much more secure way to handle this, without having to trust a middleman /proxy to keep your information safe while not sacrificing performance.
IPv6 temporary random addresses are great but they don't solve the issue of geolocation based on IP address. In the end, you're still delegated a prefix by your ISP which are allocated consistently enough that addresses within subnets assigned to ISPs can be geolocated like IPv4 addresses. Also there are still many, many hosts on the internet (maybe the majority?) that don't have IPv6 capability, sadly.