Show HN: GiralNet – A Privacy Network for Your Team (Not the World)
For this reason, I decided to build this private network inspired by the Onion router. Unlike other public networks, GiralNet is not for anonymous connections to strangers. It is built for small teams or groups who want privacy but also need a level of trust. It assumes that the people running the nodes in the network are known and verifiable. This provides a way for a group to create their own private and secure network, where the infrastructure is controlled and the people behind the nodes are accountable. The goal is to provide privacy without relying on a large, anonymous public network.
In terms of technical details, it is a SOCKS5 proxy that routes internet traffic through a series of other computers. It does this by wrapping your data in multiple layers of encryption, just like the onion router does it. Each computer in the path unwraps one layer to find the next destination, but never knows the full path. This makes it difficult for any single party to see both where the traffic came from and where it is going.
I will gladly answer any questions you might have, thank you.
Few questions:
With the nodes registration being centralized to a single server, doesn't that make that server the main target for attacks? As if an attacker could get into that, they could add themselves, drop people, etc.
Rather than just using something like a single shared secret, have you considered something like Shamir's Secret Sharing where you need the network consensus / multiple people to make modifications to the list. This would distribute the risk, making the central server less 'tasty'.
With this being targeted towards privacy-conscious / high-risk targets such as journalists, what are your thoughts on the privacy being breached if one person gets co-opted / snatched and the other party/parties being "the bad guys". Is that outside the scope or unreasonable? I was trying to think of how you could avoid that, but all of them get killed by thinking if one of the secrets/parties gets compromised, the network itself is compromised, so no amount of keys, checks, consensus, etc would fix it.
I think that last point _does_ break your model of the network being inherent trust vs zero trust.
To start with, yes. Originally the project was going to be decentralized to exactly stop that from happening, but as time went on I realized how it quickly became overcomplicated. So it was either implementing a P2P model or going the centralized route.
Now, to the second point. This network is not aiming to be Tor. Tor is global, it has a basis in fog. This does not operate in the case of someone that needs complete anonymity from each other. It operated instead under the principle of inherent trust. This means, the project was designed so that with and only with trusted people the nodes can be released. So the whole security model for the nodes is not like Tor which is based on mathematical probabilities. Instead it is based in the social quality of trust.
So for example, imagine a journalist in country x. They need to contact their outlet in a foreign country, without their activity being monitored by the country's ISP.
Using a VPN? Can be risky, VPNs are by itself a highway, that is completely traceable even if encrypted because again, it is a highway.
Maybe Tor? Tor can give a higher level of security, but the public nature of tor can mark it as suspicious. There are global databases with the common Tor addresses, a lot of websites have well developed anti-Tor measures, so country x can also exactly know this. The government wouldn't know what they are doing, but it would undoubtedly raise suspicions.
So it works this way. The journalist, and other 5 people set up GiralNet. Three can set up the nodes in different locations/places(even foreign countries. They then register to the central authority running in another server. So the journalist wants to browse a topic, the proxy then builds a three hop circuit. The journey of the browser is randomized thanks to it, and their traffic is encrypted like the onion network does it.
This can help because it avoids flagging as it will appear from a "normal" ip address. No single node can also link their IP address to their browsing activity as the exit node doesn't know who they are, and the local ISP doesn't know where it is going.
The final, is accountance. The biggest security failure point here is, social trust itself. IF one of the nodes is run by, well a malicious actor, it can compromise the network. This becomes less of a technical and more of a, knowing who to trust kind of thing.
Basically, that's why I designed it that way.