If you're looking to increase your understanding of VPNs this is the rip for you.
Viktor Vecscei is the COO of IVPN, a VPN provider that aims to help individuals around the world route around censorship on the internet while maintaining their privacy. In this rip Viktor and Marty discuss how VPNs work, how they compare to Tor, the landscape of the VPN industry, how to identify if a VPN provider isn't trustworthy, the importance of Wireguard, how paying in bitcoin over the Lightning network can help you maintain privacy, and why Viktor is excited about Chaumian mints on bitcoin. If you're looking to increase your understanding of VPNs this is the rip for you.
0:00 Intro, boostagrams, sponsors
6:10 - VPN convention
10:42 - VPNs explained
16:23 - VPN traps
19:23 - TOR
23:10 - Running your own VPN
26:30 - Vetting VPN services
35:23 - Wireguard
39:28 - Paying for a VPN privately
42:09 - LN privacy and Monero
45:33 - Fedimint
53:14 - Viktor's story, don't be a coomer
1:05:55 - Attacks on IVPN
1:07:59 - How the current internet makes VPNs necessary
1:12:22 - Expanding IVPN
1:17:34 - State attack vectors on VPNs
1:22:50 - Final thoughts
1:26:02 - Plugs
Marty: [00:00:00] Victor
. Hi. How's your week been?
Viktor: Pretty busy. What are you in town for again? Yeah, I'm in town for a conference, uh, meeting of, uh, VPN related people, VPN providers, uh, people that, uh, develop technologies, protocols and uh, we got together just to get acquainted a little bit, work together on stuff. And, uh, yeah, and I had some like nights, nights out as well.
away from the family, a little bit of a chance to go wide, so, . Yeah. But now I'm very rested and ready to go. So
Marty: just had one interruption with a disgruntled married
Viktor: couple last night. Yeah. I woke up at like 3:00 AM and they were like breaking up stuff like that, shooting, uh, like curse words at each other and like, just, uh, yeah, it's, I don't think that they're together anymore, but I don't know.
Maybe I'll check on them. I go back to my hotel . Yeah. Just knock up.
Marty: Hey guys, I heard some [00:01:00] problems last night. I just wanna talk you through this. Yeah. Some
Viktor: mediation. Yes. That would be nice. Not gonna happen. There's
Marty: nothing worse. Uh, not that it's happened to me, but I can't imagine anything worse than getting into a blowout fight on a trip with your wife in a hotel room there.
You're just forced to stay
Viktor: in the hotel room. Yeah. I don't know how to, I mean, I, I've heard some like, uh, walk-in shouting on the corridor as well, so, uh, I'm, I'm not sure how to pull it off. , uh, yeah, I, I was just thinking there are like, I don't know, 200 rooms in this hotel, so why the one next to me? But it's what it is.
Marty: It's just the way it is. And so free freaks that are unaware. Victor is the COO of IV p n. That's right. Very happy to have you guys as a sponsor on Rabbit Hole Recap. Likewise. And so, what, you know, we, you came to the Commons yesterday, we hung out for about an hour and a half, just getting to know each other better and hear about the week.
What, what's a VPN con, uh, conference like? It seems like you [00:02:00] guys are on the cutting edge of privacy and protecting individuals from either corporations or governments that wanna surveil on them. I have to imagine it's a pretty heavy
Viktor: conference. Yeah. Uh, I have to add, so like we, we were the VPN company there that's most focused on privacy, uh, and security.
There was a lot of, uh, entities who care more about the censorship, circum part. Mm-hmm. , uh, which means they work with, uh, people in, uh, Iran providing access to millions of people. And there is some tension between access and privacy. So for example, uh, at this conference with people from, from Google, for example, uh, because they have a VPN product that, uh, that, that focuses on this, but they don't care about the privacy aspect.
And there was some conversations about this, like, I mean, if you, if you are, uh, in Iran, your first thing that you are concerned about is getting access. And that's fine. But there are a lot of, um, , [00:03:00] untrustworthy, abusive entities. The, uh, Iranian government might be running a VPN telling you that like, okay, use this, it's free, it's great, it's working.
And then they surveilled the traffic inside the tunnel. So, uh, it's a little bit tricky. So yeah, I was, I was here mainly to provide that balance. I was the guy who was always like standing up at every session saying like, no, don't, don't track the data. Don't share data. Uh, some VPN providers don't care about this that much.
So, yeah.
Marty: Yeah. And I guess that gets into the question, can you have like pure end of day censorship resistance without privacy at the end of the day? Because yes, the accessibility may be there, but like you said, if the Iranian governments running the VPN service, and yes, you may have access to these services online, but they can see what you're doing and then go find you in meat space and shut you up.
Is that all
Viktor: for not, that's right. And there was a guy, uh, who's a Iranian, I think he's not living there, but he's working very closely with a lot of activists over [00:04:00] there. And he was like, making a point not, not being like hyperbolic like, guys, children are dying because, you know, uh, because people, um, tunnel that traffic through untrust 40 entities.
And that's, uh, yeah, that's fucking scary. But yeah, so our focus PS focus is mainly on the mass surveillance. So we have some of us technologies, but uh, yeah, we don't, we don't, uh, target these areas. We, we, this is, this is a big, big problem to solve. Uh, we care more about the, uh, about the privacy and sovereignty aspects, so, yeah.
Marty: Yeah. And so I guess for the freaks out there who may be new to VPNs, they may use one, but they just know the marketing. Like, Hey, you're gonna get privacy. You're not gonna be surveilled. You're gonna have access to sites you might otherwise not have access to. What. , how would you describe what a VPN provider, let's just use IV p n as the example, like what in plain words do you guys [00:05:00] actually do from an infrastructure perspective?
Viktor: Yeah. Uh, so yeah, in very plain short terms, um, what a VPN does is it encrypts the traffic between your device and the VPN server. And, um, that gives you protection against anyone who's between these two points. And that's important. So like, like, uh, your ISPs between that, someone who's operating the wifi, you are connecting to the airport, uh, hotel.
Uh, that's, that's between that. So they are not able to see, uh, what's going on with your, with your internet connection. That's, that's good. But this comes with, uh, couple of caveats because, uh, then. When your traffic leaves the VPN server, then it becomes unencrypted. So it's not like, you know, everything that you do will be not visible to anyone.
And when you use Google and Facebook, uh, it is gonna get, uh, you know, [00:06:00] obfuscated or you know, it's not gonna help you with your, uh, I don't know, uh, uh, chain chain analysis, stuff like that. So it's just like VPN is not a, like a one button solution to all the privacy needs you have is just one tool in the, in the toolbox.
Yeah. One
Marty: tool in your belt. But it's a very powerful tool. It's, uh, gives me peace of mind when I turn on the vpn. I know, I mean, we've had to use VPN here in the Commons cuz there's a firewall up because some of the disgusting creatures down at UNJ Capital where we're pirating stuff, they shouldn't have been pirating.
So for time I wasn't able to get on my BTC pay server, but we fixed that problem. But yeah, I mean, VPNs are very important tool. In the tool belt, like, I mean, we don't have to get deep into Bitcoin yet. We'll definitely dive into Bitcoin. But sticking to like the VPN landscape, what, [00:07:00] what does that look like?
You mentioned like Google's running a vpn, uh, yesterday we were talking about like express VPN and um, internet access, private internet access and yeah. What's your opinion on the competitive landscape of the VPN world?
Viktor: Uh, well, it's a, uh, pretty shady industry. So, uh, there's a lot of actors that are clearly dishonest or you can make an educated guests and, uh, judge that they are dishonest.
But like, yeah, there are like hundreds of P companies. Part of my job is to know them and see what they do and like, like understand, uh, their game. Uh, yeah. And the biggest ones, uh, express Nords, uh, Pia. So they, they are like, hun, they're reckoning hundreds of millions. Or like Xbox, VPN was sold for like a billion dollars.
That's, uh, that shows like the, the, the extent, uh, and the size of this industry, [00:08:00] uh, and the biggest players they use, um, methods. They, they're on their website, they're on their services. They're on, they're on their, their marketing most importantly, in a way that's really not friendly to privacy and, uh, lot of times dishonest.
And, uh, this is how they grow to this size. So if you have a VPN company that has, um, enough money and they promise e everything to the users, it's gonna protect you from everything. It's, it is gonna give you anonymity. That's the biggest pet. People of mine really get fucking angry talking about that. But a lot of VPN companies promise anonymity.
Uh, and that's just not true. So that's puts their users, uh, at risk because they expect that it's gonna be like a one button solution. So that's the, that's one of the biggest issues with the, with the big companies. And the second one is the principles. So like these companies that at, after a certain size, they just reckon so much money, they are definitely gonna put profits before principles, which means that, um, when they have to make choices and trade offs [00:09:00] between privacy and growth, they are going to go with the growth.
So, like, um, giving a lot of money to Google, for example, you might have different, um, views on that. I'm, I'm pretty, uh, hardcore in this regard. I, I, we are not advertising on Google, on Facebook. We don't wanna give money to this whole surveillance based ads operation. That's an ethical choice. We've, uh, like, uh, Todd Hobart, so the, the, the biggest companies, uh, they do a lot of stuff like, uh, they have trackers on the websites, trackers in their apps, and everything is.
Is, uh, it's, it's, it's a marketing operation, a big juggernaut that has, doesn't really, uh, make the kind of choices that you would be, uh, uh, you would expect from a company running a privacy tool. At least, you know, that's my, uh, my personal view. So the way we run IV p n and some, there are smart VPNs out there, let's say four or five that have similar views.
Uh, they were here at this conference, uh, we talked about this a little bit, and we might try to do something [00:10:00] together to educate users a little bit better, uh, because there's, there's a long, like, let's say laundry list of things that you can check for VPN company and, um, the biggest companies fail at, at like check.
So yeah. What
Marty: are some of the catch up that users can fall into if they enter into, they use a certain V P N that's marketing. something like privacy and it'll protect you from surveillance, and they get this false sense of security, decide to use the vpn. What are some of the, the sort of slipups mm-hmm.
that those customers wind up making because they think the VPN's actually protecting them when it
Viktor: isn't? Yeah. I think the biggest one is, is expecting that they're going to protect you from the services that you use. So, uh, yeah, Google is a, is a clear example, or, or like any kind of messaging, Facebook Messenger, WhatsApp, uh, WhatsApp.
That's probably not a good example because [00:11:00] that's encrypted, but, so, um, like whatever you do on a website and you put, use your personal information there and you, you, so you can be identified, uh, by an entity, like an app or website, uh, through other means. So vpn, when you go to website, uh, the biggest, um, um, benefit of the VPN is, uh, is your IP address getting.
Uh, obfuscated. So they will see the IP address of the, of the VPN server, so they won't be able to use that data, uh, which is an IP address is like a personal identifiable information. Um, and, um, they can use that data to create a profile of you and then check what you've been doing and maybe track you across site as well.
Uh, but if you use a VPN, that's, that's going to obfuscate it. But there are many other ways to track you. So, um, they might use, uh, some sort of a, uh, device fingerprinting where they check [00:12:00] what type of device you use, your screen size. Um, they might use, um, um, tracking cookies. And so there are many other ways to track.
You build a profile of you if you pay, they will have your payment information and they can correlate off, off of that. So, uh, it's very easy to think that, uh, that after you use a vpn, everything you do is just completely. Uh, anonymous. Yeah. And going back to the anonymity thing, um, so VPNs won't make you anonymous.
That's just not, that's just not possible. There's so many ways that you can leak your information. Um, and, um, and the vpn, so like, we can go into the threat models a little bit and like what, uh, what actually the VPN companies can protect you from and what, what are their threats, um, to attack their users.
But that's maybe little bit going into the weeds. Um, but if you want anonymity and you, you do stuff that's really important to correlate your identity from your activities, tourism is a better eruption for you. [00:13:00] And that's why a lot of companies, uh, who want to give, um, anonymity to their users, um, they, they, they build in tour.
Uh, if, if you are, you know, in Bitcoin and you use the services, hardware, wallets, um, and mixing services, they, they rely on tour, uh, for this reason. Which also have some, uh, drawbacks, but that's, uh, yeah, that's, that's, yeah. Tour
Marty: can tour. Can we trust
Viktor: tour? Uh, I can make that choice for you. Just like with a vpn, it's hard.
I mean, um, uh, it depends on what you use it for. Um, but, uh, yeah, there are many attack vectors and there are, there are many, many risks there. So, um, for, yeah, , it's hard. I mean, um, it has some, let's say red flags generally, like the whole, uh, US government funding Yeah. U US government funding that, that's usually not okay.
But like, I mean, uh, I can, I can argue I'm not, you know, [00:14:00] defending the whole concept, but you can argue that it's, it's been, um, also built as far as I know, and I've read the, like, the history, uh, for, um, for, um, you know, CIA folks, you know, to, to use mm-hmm. and if they trust it, In a sense that rely on it. Um, the, the technology itself, uh, that means that the basic underlying principles are intact in terms of like the government surveillance.
Um, I mean, yeah, so like, so just to very, very, um, quickly just to run down of how it works. So you have three hops, um, and, uh, the entry node, uh, does not know where your traffic is going. So they don't see the, the traffic exiting the door, um, network and the exit node doesn't know who you are because they don't see the IP address.
Uh, and there is a guard node in, in between. So, you know, the concept is good. Uh, it's open source, um, and then you can, you know, anyone can [00:15:00] poke holes in it and, and they do so conceptual it works. The problem is that like if you, uh, control enough of nodes specifically exit. , uh, and entry nodes, then you can correlate with different, uh, attacks.
Timing attacks and different ways correlate the traffic go, going in and coming out. And, uh, and it's possible. And so I, I mean, can you trust it? I think you can trust the underlying technology. Um, and it depends on your threat model and who, what you're concerned about, who can potentially surveil your traffic.
And what's the worst case that can happen? Uh, if you're concerned about US government and you do some stuff that is really, uh, sensitive in this regard, I probably wouldn't use store. But there are not many great, great options out there. There are people working on these problems there. I, uh, I two P, which I haven't used, I, I don't know much about, but I know it's existence.
Some people use it. Um, uh, and there's some new stuff going, um, like coming out. But, uh, [00:16:00] yeah, so VPNs are, are not solving that problem. But, uh, VPNs are more, uh, dependable. , um, more, more reliable. Speed is better, but then you have to trust one centralized entity. So with Tor, you don't have to do that. Um, but with the, with the VPNs, all the traffic that you tunnel through that service, uh, it's, yeah.
So the VPN provider can do anything with it, essentially. They can see anything. Uh, they can, they can, uh, build profiles. They can sell the traffic. They can, they can sell it to data brokers and some VPN companies do. So that's why it's, the trust is very important in VPN as well.
Marty: Yeah. There's trade offs with everything.
Couple comments here, like going back to tour. Maybe one thing that highlights that it may be working and useful is the fact that it's being DDoS attacked, so it's being attacked by a government entity. Maybe it's because it's working. Yes. And they don't want it to work anymore. Yeah. And then back to VPNs, [00:17:00] the, the difference between tour, which gives you some pretty.
Ideal privacy if it actually works, which you can make the argument that it certainly does since it's being attacked. VPNs are different in that you hide in a crowd that the VPN provider provides you that, that forum to hide in a crowd, correct?
Viktor: That's right, that's right. So like the, that effect of, uh, connecting to VPN server, ideally, there are many other users there, 50 plus hundred plus.
And that gives you this so-called crowding effect that you sh you share the ip, you share the traffic, go into that server. So whoever is trying to do this, um, these, uh, correlation attacks against the VPN server. So, uh, the way this works is the, um, on the, the data centers where the VPN servers are, uh, if there's a compromise there, um, and they work together with an advers.
Um, they can [00:18:00] try and, uh, correlate the packets coming in and exiting the server. So they, they see the ips and they see the traffic exiting. Uh, but they, they cannot tell you exactly what I, what I, I'm as a person. Are you using IV p n uh, sending into that? That's encrypted. So the data center won't see that.
Um, but, uh, there are some ways to, uh, to uh, uh, do a text to, uh, de that traffic so that that kind of crowding effect, uh, blending in the crowd. That's, that's how it works and that's why it works. And that's why it's generally not. So there's some advice go, uh, out there, which is fair in some regards that run your own vpn, you can run your own V P N.
It's quite straightforward. Now, there are ways to do that. So Google's, one of the Google's projects is, is actually, it's called the outline. And, um, and they, they, they work on this. They, they provide an opportunity for people to run their own V P N for their communities and then, and their families. And, uh, you know, for this anti censorship stuff, that's good.
Um, but it has these risks [00:19:00] that, you know, you set up your own VPN or Digital Ocean or some other, uh, other provider, uh, and you use it yourself or maybe two or three people using it. Uh, it's pretty easy to, um, you know, connect it, all that traffic to, uh, your, your identity. So that's why it started. If you care about privacy, uh, then it's probably, and you are concerned about some of these aspects that you, you can be surveilled.
Uh, it's probably not a good idea to run your own VP and it's gonna, it's gonna protect you from, uh, so encrypt your traffic, it's gonna provide some security benefits, but it, but for privacy it's not, it's, it's not a good solution. Is that only if you depend
Marty: on a third party cloud provider? Like how hard is it to spin up your own VPN with your own hardware?
Viktor: Um, not so hard, but the problem is that if, if you are, if you run your own server and that gets attacked, uh, so that's, I mean, or gets seized or something like that, then you know shit outta law. Yeah. So, um, essentially what you are, um, outsourcing with [00:20:00] that, uh, to a VPN product like I VPN is to, you know, um, you trust them with the, uh, information, um, security aspects that is not gonna get compromised, not gonna get hacked.
Uh, and then you also get the, the, uh, crowding effect. So that's, that's why it's generally better for privacy. Yeah.
Marty: And going back to our discussion yesterday when you were in the comments, you're saying when you, an individual is basically doing their shopping for VPN service, there's some heuristics, particularly around pricing that can give a user signals as to whether a VPN is actually working on their behalf or using them as some sort of data mule to sell to data broker.
Viktor: Yeah. So when you are evaluating VPNs, there's a lot to look for. Um, and I have, uh, I, I have a long list in my mind, but like one thing that's immediately red flag for me is the, you have to consider their business [00:21:00] model, how they make money. Most of the free VPNs, uh, that's, we can start there. That's, uh, usually a red flag.
There are some services that have like paid tiers and free tiers and um, um, and they can be trustworthy. Um, there, there are a couple, but not many. Uh, but if, if, if the, if, if you use a free vpn, they have to make some money somehow. So they, the most likely scenario is that they, that they say traffic, um, in, in, in some way.
Uh, it can be used for many, uh, many purposes. And the other thing is if the VPN is very cheap, so you can get some VPNs for like lifetime deals and stuff like that for, um, 60 bucks. I mean, just generally lifetime, how do you, how do you service someone, you know, for the next, uh, 40 years, 50 years, whatever?
Uh, it's just not sustainable. And so if you, if you see a VPN that's like costing like, um, for three, three years, um, 60 bucks or 50 bucks under, under [00:22:00] $2, generally, you know, there's costs, a lot of costs associated with running the service, just the bandwidth, running the servers, and, uh, just keeping the operations going.
So if it's very, very cheap under two bucks per month, that's, that's probably, uh, you can make, uh, guess that they are, they have to make some, some extra, extra revenue in your traffic, so that's not really good.
Marty: What are some of the other HU heuristics that people should be aware of when they're shopping around
Viktor: for VPNs?
Yeah, some of them, uh, are easy to check. Some of them not so much if you don't have the, uh, background or you don't know, uh, much about the underlying technology. Uh, yeah. The first one for me is, uh, definitely the, how they communicate what they promise. So stuff like, uh, a lot of big vp uh, VPNs, like go with promising anonymity, perfect privacy.
That's just like, I mean, what's, I don't even get it, but, um, they [00:23:00] promise, um, yeah, and stuff like saying like military grid encryption, uh, which is just like marketing buzzword. There's such thing doesn't exist. Uh, so how they communicate. That's, that's definitely one. Um, and, um, yeah, some important stuff to look for, whether they have open.
Uh, apps at least. Um, that's, that's, that's, that's a clear distinction between VPNs that I trust and, uh, don't, that they, they don't have open sourcing, uh, open sourced apps. There's no, um, scrutiny to what's happening on the, on the app side. Um, yeah, audits, uh, that's, that, that's a tricky one for like an average user, let's say, because it's hard to, uh, know what kind of audits to trust.
A lot of, uh, Bush at VPN services have their, like, we are audited, we have no logs, uh, audits, and they are audited by auditors that have, you know, no idea what, uh, what they're looking for. And, uh, so audits are tricky. Uh, the scope matters. Who's doing the audit matters. [00:24:00] and yeah, audits are just, uh, like, uh, steps in time.
So let's say I do a knowledge audit asking auditors to look into our systems or infrastructure and they say, okay, we find new evidence that, that, that, that, that you're logging and the next day I can just change, change the code. I can just change the configuration of servers and I can start logging immediately.
So that's why this is so, security audits are there to improve the systems. It's a signal for you, you know, that that's, that you can reasonably, uh, trust, um, a service. But uh, but it's not like a stamp of approval that you can just, okay, so they're immediately good. Um, um, well let's stick on
Marty: audits for a second cuz that's like one thing.
Okay. I mean, in Bitcoin with coin joint implementations with coordinators Yep. The coordinators are saying, Hey, we're not logging. And you just essentially have to trust that they're not logging sim. Similar things with lock explorers. say, Hey, we're not gonna log [00:25:00] your traffic when you're pinging the explorer for a particular address.
Yep. Um, that's a big question, like how do you give an end user confidence that logging isn't happening? You can never have perfect confidence, cuz you can never really know. But what is, like, what is it like, like , like how do you actually like, not log? What's the process that goes in there?
Viktor: So the question is like, how, how do we prove that?
Or how do we, how do you prove,
Marty: or first how, like when traffic comes through, like how do you not log that? Like it feels like it has to be logged, at least ephemerally for a certain period of time. Do you delete data? Do you simply not store it?
Viktor: Yeah, not store it. I mean, there's the, the, so if, if, um, yeah, I, I have.
Colleagues who could explain this much better than I do, like the actual technical implementation. But the, the, the basic concept is like when, so on the servers, uh, you have [00:26:00] the function for this to create the logs, and it just goes to know. So like, I mean, it just goes through void. Uh, so, so I mean, you can, going into the, I don't know, the, the, the physics and the method metaphysical aspects.
So I mean, there, there is a point in time where that information exists in our systems. Mm-hmm. , but it's, but it's, it's immediately gone. So, yeah. So only, um, and the way to, and that's, that's touching, could be touching on, uh, another trust aspect is the, is the privacy policy of the, of the VPN provider. So if you check the privacy policy of the VPN provider,
Um, you have a couple of different ways that, uh, providers approach it. One is that it's a very convoluted leges, you know, like these very, very long explanations and like, nobody reads, sorry, that nobody reads. Exactly. And when and when you attempt to read it, you just get, you know, just like get a headache in like two minutes.
Uh, and in those usually, not always, but usually there's all these exceptions and all these, like [00:27:00] in the event of, and like, and they, they, they try to, you know, um, make it so that they don't have to use, you know, some liability for all the stuff. Um, and if you dig deeper, there's usually, like in some cases with certain third parties, we, we shared the information to improve the service and for marketing purpose.
And that's, that's the stuff that like you will find in some of the big, big players. And if you care about privacy and you want a service that actually respects that, then you just immediately just, just go away. Um, what's, yeah. And the, the better VPNs a couple of out there, us as well. Uh, we have a very clear, concise privacy policy that is actually like the question and answers.
If, like, if I, if I were talking to you when you were asking me all these questions, we just like, uh, spread it out very clearly and for us, we explain that we, we only log one thing, um, which is, uh, one user, uh, [00:28:00] how many, uh, connections they have initiated. And we have a temporary log of this, no identifying information, just a number one device, two device, three device, four device.
And if all the connections are closed, then we discard it. So we cannot give it, you know, re uh, retroactively go, going back in time. We cannot give that information. Yeah. And of course, yeah, I mean you need to lock some stuff in the sense that like, for example, we have server, um, Um, information, uh, graphs and like connection informations, and we need to understand the aggregated information of what's happening on the server.
So, for example, to, we have a server that has a one gigabit bandwidth cap. And, you know, if, if we see that the aggregated bandwidth on that server is getting close, then we have some alerts and we have to, you know, increase the bandwidth, install new servers. So you can argue that, that these are logs, you know, of course.
Um, but the logs, the most important [00:29:00] question is, is this, is, is these logs are ones that concerns the user concerns, that data concerns their personal, personally identified with information. And yeah, for that we don't, we don't love anything. So, yeah. Yeah.
Marty: And you said one of the heuristics, the important thing to look at is are, is your VPN service leveraging open source software?
Are they building their apps in an open source fashion? And then, . One thing that we touched on yesterday that we should probably dive into is wire guard, which Yeah. Hit the scene in 2017. Yeah. And provided this open source sort of architecture for VPN services. What has wire guard meant to the VPN industry?
Viktor: Yes, wire guard before wire guard, uh, the main protocol was open vpn, which is a, like a very old, convoluted, uh, slow, uh, protocol. Um, and wire guard essentially. Uh, Jason who's, uh, um, [00:30:00] build like, um, that protocol, uh, his idea, he, he's seen that there is a need for, for, for new, new approach for this. So the, the main properties, and the main why it's really good is because it's, uh, it's very fast and the code base is very short, so it's easy to audit, uh, and, um, it just, um, the whole focus is of, of what it solves is, is very narrow.
So for that reason, it's very easy to build, build on it. And uh, when it came out, um, a couple of companies, uh, like started building on using it right away. So the first ones, uh, there was one smaller VPN company, but Mova definitely was the first, uh, was deployed on the servers and we were the first to, um, to bake it into our apps.
So that's, that was a, like a pretty nice achievement for IV p n uh, got, we got some press for that and, uh, some, uh, yeah, that was a, that was a great project for [00:31:00] us. Um, yeah, but, but wire guard has, uh, a couple of issues which I cannot explain in like detail, but, um, it's not built for privacy generally, so you have to solve a couple of issues, uh, like around, uh, key rotation.
Um, and how so if you just deploy it right away into your VPN service, uh, it's gonna, it's, it's going to, not going to provide so-called, uh, perfect forward secrecy. So, uh, things, uh, when, um, so the key rotation part is important because, uh, that generates new key pairs, uh, in, uh, given timeframes. Uh, and that, uh, essentially discards the, uh, connection and the, and the information between who's the client, um, and the service.
So, like you, you essentially create, uh, new persona, something like that. That's the, that's the easiest way to explain it. So [00:32:00] you had to solve all these, all these problems, and a lot of providers didn't jump on the chance to implement it because they, they thought that they can solve it. And, um, and they were afraid that like wire guard is not audited enough and stuff like that, but the forward singing providers like jumped on that, uh, pretty early on.
And now you will see it in for, for most providers. Yeah. And the other thing is, um, some providers, which I personally don't like, uh, what they've done is taken the wider protocol and it's open source. Anyone can build on it, which is, which is great. Uh, but what I've done is like, uh, built their, built their protocol on top of the wire guard's, uh, code base and added some stuff like to make it faster or make it work better for, uh, citizenship ormen, this is fine.
And they've given it another name and now they use it like, okay, so we have the lightweight protocol, we have this and this. I mean, it just, um, I mean just use the thing , it's bad. Open source. [00:33:00] Yeah. . Yeah. Something like that. So, uh, so yeah, that's, that's the, but yeah. But wire guard is great. Uh, it's definitely, uh, Uh, it was like a, let's say, revolutionary step, um, in the industry.
And, um, and yeah, that's, that's the default protocol for us now. And, uh, yeah, it's, it's great. Yeah.
Marty: And so let's dive into actually using a VPN in the most private way possible. And we can start with payments for the vpn. Like you were discussing yesterday that you're disgusted by how many Ivp n clients still use PayPal to pay for the service.
obviously you guys have implemented, uh, Bitcoin lightning payments narrow as well. Um, and you have credit card payments as well. And so when like a user is actually buying the service, there is some, some privacy leak there, depending on the payment method that you use.
Viktor: That's right. That's right. Yeah. So the most private way, uh, I mean, [00:34:00] uh, the first step is like how much information you give to the service.
Uh, and that's, we don't, we don't ask for email. We don't ask you just press the button. and you generate an account. We don't log your ip, we don't do it. So I mean, uh, there's no way for us to connect, uh, any kind of information about you, uh, at that stage. And then you have to pick a payment method. The most, the best way, I guess, is me handing you a voucher , uh, that I don't see.
So that, that's, uh, if you see me anywhere, uh, now, not, not now, you know, my face. Uh, and I'm, I'm doxed I guess, uh, you can ask for a voucher. Uh, so that's, that's the, that's the best way. But, you know, going down the list, like, uh, cash, uh, we accept cash. You can mail, uh, cash to us in an envelope. We, without no identifiable information.
That's great. Um, of course lightning, using lightning would be better than on chain for Bitcoin. We have, we have Monero. So, uh, [00:35:00] if you pick those methods, then essentially the VPN service, and in this case, I V P N. Uh, we have no way to connect any of this information and anyone who's trying to attack you or attack us, uh, the way you do it's through payments is to, uh, is to subpoena the parent provider.
So critical company parent processor like Braintree, uh, PayPal, um, and they will see that you are using IVP N and they can and they will come to us. Okay? The good news is that we don't have any kind of informa other information. So if you trust us and you trust that we do everything as we say, um, then uh, then that's good.
But the, but, but the, but the pay payment provider can give away, uh, like when you were signed up. When you signed up. So essentially it, what can give you is, is, um, assurance and, uh, another way to. To mitigate the risk of the payment provider, uh, essentially outing you as the user of a service. [00:36:00] Yeah. That's why it's
Marty: important.
Yeah. And you mentioned Lightning. This is something Matt and I talk about, a rabbit hole recap and something that excites us about more point of sale systems here in the United States implementing lightning payments specifically, is that Lightning certainly has its privacy issues, but that's particularly on the receiving end.
From a sender's perspective, you have pretty, pretty good privacy. And so like paying for IVP over BTC Pay server is an ideally done with Lightning as the sender. Privacy is far superior to on chain privacy with, with the UT Xs app.
Viktor: That's correct. Yeah. And the BTK part, so I, yeah, so if you wanna evaluate the VPN services and um, Wanna see who cares about this stuff and who cares about Bitcoin, for example.
It's very, well, not that easy, but you know, if you, [00:37:00] if you know the b TCP implementation and how that looks like, uh, and, and the service communicates, it's so IVP n and some other services, a few of them, um, except Bitcoin directly without any kind of intermediaries. But most services, the bigger services, um, everyone uses an, uh, intermediary, like, um, BitPay, not sure who else.
Coin. Coin Gate,
Marty: BitPay. Imagine Open Node would be one. Um, yeah,
Viktor: couple others. So, I mean, uh, it is good that they accept Bitcoin. Uh, but, uh, but that's still intermediary that, that will have information about that transaction. So, uh, it's not that good for privacy. So you should use a VPN service that accepts, uh, Directly runs their own server.
Marty: Exactly. Their own BTC pay server. Exactly. And you guys are Bitcoiners, right? Like, cuz you were mentioning yesterday, a lot of those VPN providers that accept Bitcoin but do it via a BitPay or another centralized third party, [00:38:00] or likely just using it as a marketing tool and are probably converting the Bitcoin too.
They're local, local currency immediately.
Viktor: Exactly. So if you, if you have a business and you, um, and you think about the risks, the of, uh, exchange rates, um, then if you want to rakeen the, the fiat and use it immediately, you know, for expenses and all this kind of stuff, it's, it's, it's much riskier to, to hold the hold, hold Bitcoin.
So yeah, you have to, you have to mitigate that risk. And that's the easiest way to do it. Just, uh, yeah, just, uh, just gimme the cash. So, or give it the fiat. I'm not sure about the. Wording. So, yeah, so we, we've been accepting Bitcoin for a long time and we, we are always on the lookout to help adoption. And, um, yeah, the, the, the privacy aspect is definitely what we are, like we are concerned about.
So we are on the lookout to implement [00:39:00] stuff into our website and service, um, to help help winners and, uh, maybe work and support projects in the space. I'm, I spend, um, a good amount of time on this from my, you know, time allocated for work and improving IVP n as well. So, yeah. Are we allowed
Marty: to talk about some of the projects you're excited about that we were mentioning yesterday, or?
Sure,
Viktor: yeah. So Ment is the, is the one that's, that's jumped out for me listening to a couple of podcasts. Um, I think, uh, Matt had an episode on the dispatch about it. And, and some, some other podcasts. So, uh, yes, ment, um, is a, um, is a project that could be really good for, for privacy with Greenspace. So, uh, should I just explain a little bit how it works?
Yeah, we can jump into it. Yeah. So, uh, so ment, um, it's uses, [00:40:00] uh, so-called Chian Emin, um, to, so Bitcoin, um, I mean, yeah, I didn't prepare for this part, so, but, so there is a Federation of Guardians who essentially, um, act as a sort of a community bank. So there is no one entity doing the custody, but it's the, the trust is distributed and within that community bank, um, when the Bitcoin goes in it, um, it's, it gets exchanged for, uh, mints.
It's so many mints. Um, and. Within that, um, who's in that, in that federation as a user? Um, the money exchanging hands between that. It's, it's, it's, it's, um, it's done with these minute coins, uh, and you can spend outside of, of this federation, um, through lightning, essentially. That's the, yeah. And
Marty: so these me mints, like we, we were playing [00:41:00] around with cashier yesterday, stash nut dad app, if you guys wanna try it out.
But it's really cool, like you mint these tokens. You, you want to get into the mint. You basically create an invoice like, Hey, I want a thousand stats worth of e tokens. And one token is equal to one set in this federation setup. It could be differently set up in others, but for this example, one SAT is one e token.
You produce a lightning address, or excuse me, lightning invoice. You pay it and you send the Bitcoin to the mint, converts it to e tokens, and then bam, you're in the mint. We should note that that cat shoe is not federated. It's just centralized mint with one, one operator. But I think it's just a proof of concept to prove what these mints can do.
Um, and then once you have those tokens, the way these mints work, these blinded signatures within the mint, and so when you're sending these tokens inside the mint, the [00:42:00] blinded signature setup makes it so that the operator of the Mint, whether it be uh, one centralized entity or federation of many entities has no idea who's sending what to who.
Viktor: Exactly. Yeah. That's the, that's the part of the concept that I've, I've, I've left out there and, and a very important aspect. So that's what it gives you a, uh, a lot better privacy. So, yeah.
Marty: And then, yeah, I mean, I'm excited about, there's a, it's a very controversial topic in the Bitcoin space, because there is a custody trade off.
You are trusting that the federation, the guardians in the mint aren't. Doing anything like rug pulling you or sneaking inflation into their mints, um, on the back end. But running with the theory that some mens can be trustworthy if you can trust the guardians, and the mint could ideally be a very incredible solution to the privacy problem that exists within Bitcoin, particularly on [00:43:00] chain with the U
Viktor: T X O history.
Exactly. And that's why we are excited about it, and that's why that's what I've identified as an opportunity for us to contribute. Because what, as a VPN service, the biggest thing that we have is trust. Um, I mean, not for everyone, like someone's first hear hearing about us, I'm, I guess I'm just building the trust.
But, uh, for a lot of people known IVP n used ivp n uh, we love users and for them, um, They will trust us. And I think that for, for the FEDERMAN concept, um, that's the biggest question mark for me, whether you will have enough of federations with enough trustworthy guardians, uh, who you can be reasonably sure that they are, you know, not going to collude to rock po.
So, and that's what is going to be the key decider, I think, on this concept, getting validated or not. And if we can contribute to that, we can find other companies, um, other privacy tools or some other [00:44:00] companies in the space, uh, who would want that project to succeed, get together, build federations, one federation, multiple federations, then we can, we can validate this concept.
So you need to, you know, uh, put your, put your way behind that to trust way behind that, I guess, to, to make it work. So yeah, this is also like, uh, I guess it's an open call if you're listening to this and you. You would like to, uh, be part of that as a company, or it can be in individual as well. Of course, there are some criteria, uh, for us and for the other guardians who are interested in this.
We are just putting this together. Uh, of course we, we won't accept anyone, uh, but uh, yeah, we are, we are still looking for people who are interested in this. So to complete that guardian set. Yeah.
Marty: And I was, I was excited to learn that you're already exploring this and want to be a part of a federation because it just naturally makes sense for many reasons.
Two, [00:45:00] most importantly, like VPN provider, if it's trustworthy and if it, it's mission driven and really wants to help individuals, uh, attain censorship resistance and privacy as. Peruse the web, uh, it would make sense. They wanna do the same thing when they're transacting and sending value between each other.
Then on top of that, I think you guys are just perfectly suited for this particular use case cuz they're used to running servers and part of being a guardian is that you need to run a server that has optimal uptime and that's your
Viktor: bread and butter. Definitely. Definitely. And uh, and also like how you, how you, uh, protect the keys and stuff like that.
So we are, we are in that business, so . Yeah, definitely. Um, yeah, so yeah, excited about that. Um, and, um, yeah. But, um, the challenge right now is to find, find, find other guardians. So like we have no, uh, because the, the interesting thing about this, we, we have no clear [00:46:00] way of profiting from this. There's. Profit model, business model.
Um, and, uh, and also it's, it's a risk for us because if we've, if anything goes wrong, you know, our reputation in other areas can be damaged as well. So you have to take that leap and like say, okay, so, uh, we can do some great stuff here and like, let's, let's, let's try and contribute. Um, not many other companies might be, uh, so willing.
Uh, of course there are risks. It's a, it's an unvalidated concept, but, uh, yeah, I really hope that, uh, we'll find, find more partners for that. I do
Marty: as well. I'm really excited about feds. I know it's, again, controversial Bitcoin, but I think the trade offs are worthwhile. And if you can find trustworthy guardians, obviously trust is a spectrum.
You can never have perfect trust, except for the only perfect trust you can ever have is with yourself and your thoughts and your mind . Um, but it's this weird nebulous. area that we find [00:47:00] ourselves in. And I, I guess we can jump into that, like trust, like listeners who are basically saying like, why, why should I purchase a IVP N subscription?
Are these guys legit? Like, why have you decided to dedicate your life to not only the VPN space, but iv IV p n specifically? Like what gets you out of bed every day? Mm-hmm. to, to evangelize what you guys are doing at IV p n.
Viktor: Sure. I mean, there's, um, one, so, but the service, um, so the, our ceo, Nick has started it like, uh, 2009, 2010.
I'm not sure like when, when exactly around that. Yeah, around that. But yeah, so he was working in. Uh, banking, uh, industry as an information secretary, analyst, auditor. And he has seen like the, all the information that the bank banks collect and, you know, he just [00:48:00] freaked out about that. So he was looking at different ways to protect privacy and build tools.
So he was pretty early, uh, in that game. And then the snow thing happened, which like completely, um, made it much more apparent for people that, uh, that, uh, this is not gonna be good. And, uh, you have to use these tools. Uh, yeah. Me, me personally, um, yeah, A couple of things I've, I've, um, I've worked in, um, I've worked for, um, um, websites in the adult industry.
It's interesting that you, I've, I've, I've picked up that you've, uh, touched a lot about the don't, don't watch porn aspect. Mm-hmm. . I, I, I worked in that industry and I've, I get out because of that. Uh, I was, uh, just thinking about the. Um, like the impact on individuals, it got really scary. And also the impact on the, on the, the data collection and the advertising.
So the mo the, [00:49:00] the way that the, um, that the freeborn, um, business model is, is, is built on advertising and the way that it got so supercharged and like, got so prevalent is because a lot of money, uh, were put into building good ad networks with good targeting, collecting information, and the paid sites, dating sites, campsite, um, membership sites, they, they've seen that opportunity to subsidize, you know, the, the free aspect.
And there is a lot of tracking and a lot of, lot of profiling going on there. So I've seen that from the inside and I got really freaked out about that. And for these two reasons I've got out of the industry and I was, I was thinking about what to do with my life. . Um, and uh, and then I found I V P N I was looking for someone like me.
And, um, and, um, yeah, I just started digging into this whole, whole question of why it's important. And you know, this pretty similar, the, the privacy and surveillance literature and [00:50:00] rabbit hole, uh, is very similar to Bitcoin in the aspect that like, if you just go into it and you start seeing everything that's happening, it's just, there's no escape.
It's just like, it just, uh, eats, eats it, your brain. It's just like that doesn't stop you from thinking about it, that you see all, everything that's happening, you connect all the dots and it's just like, this is just fucking insane. I just have to do something to stop this. So,
Marty: yeah. Yeah, yeah. The porn industry is warping your mind in your, your endorphins, in your dopamine Exactly.
And your relationship to women or men, and then it's stealing all your data and selling that on the back end. It's a very acidic industry. Yeah, I agree. Um, no, it's, and it takes a lot to recognize that shit. That you're involved in is bad and to, to step away from it. Yeah. How long did it take you to do that?
Viktor: Yes. I mean, uh, um, so yeah, I'm, I'm from Hungary and, uh, one of the biggest IT businesses in Hungary is [00:51:00] running, uh, a campsite, you know, like the, with the, the camp. Yeah,
Marty: yeah. Uh, Andrew
Viktor: Tate's getting wrapped up. Yeah, yeah, yeah. So I'm, I'm, I'm pretty sure, like, yeah, I know. I, I mean, I don't know his operation, but like I, I've, I've known people running stuff like that in Colombia and other spaces, Philippines just exploiting.
Yeah, let's get into that. I, I can talk about it for a long time, but, um, uh, so yeah, so I, so the biggest IT businesses and, uh, you know, my focus and my ideas were out. I was living on the internet and, um, I wanted to work in an environment like pre predominantly English. Uh, I was like 21, 22, and that was the like clearest way to.
get into the whole, uh, game. Mm-hmm. . So that's why I started there and I spent a couple of years there and, uh, yeah, I've done, I've done, uh, a lot of different stuff. Um, but yeah. But it took a couple of years to get there and the, the risk there, so if you, [00:52:00] if you get into this industry like this, um, then you build your relationships, you build your trust and the, the, the equity, you know, and your expertise and if you wanna get out, that's completely, you know, it's, it's so shielded off from everything else that it's com you, you go back to zero.
Mm-hmm. , you have to rebuild your whole, everything that you do. So that's why it's, it's tricky because it's like captures you a little bit mm-hmm. and you get into this, um, mode where like, okay, so I just need to find and do something else. So it's pretty, pretty risk. , but yeah, it was, yeah, so, so, uh, I've read a study, um, it was like six years ago, seven years ago.
It was pretty fresh and it was done in Sweden on like a large data set, like tens of thousands of, uh, um, uh, teens. Mm-hmm. , uh, in Sweden. They had the option to, you know, get approval for that. Um, and they have surveyed people and looked at different metrics for a couple of years. So it was like a, that was a longevity to the whole, whole thing.
And it came out that like the [00:53:00] teenagers who are um, um, Watching porn regularly, they Yeah. This whole warping effect of what you're saying. So that's, that's scientifically proven now, I guess. I mean, of course, you know, academics and there's always caveats, but, uh, but that, that, that study have proved that there is the relationship to sexuality, relationship to women generally, just the, the trust factor and everything else is just like, it's, it's, it's, it's like of the charts bad.
Yeah. Uh, so it's, and when, when I read that, that, that was the poem, I said, okay, so I cannot, uh, reason against this or deny this for myself, you know, I don't wanna, I don't wanna con contribute to, to this. I'm seeing all these numbers, millions of people using freeborn sites in, I don't know, Bangladesh in India and all, I mean, what the fuck am I doing so I have a soul?
Yeah, exactly. So that, that was no. Yeah. And the, and the other thing is like, I, I was thinking about starting a family and singing hard about like, okay, so I, I might have a daughter, which I have now, uh, and it's just like, and I, okay, I cannot. I cannot do this stuff. I mean, I, [00:54:00] if she's getting older and it's like, okay, so like, da dad, what's your line of work?
And it's like, okay. So, uh, her that is a fireman, he's, that is an accountant, and I'm, you know, I'm pedaling free porn. That's just . That's, that's not something you want to tell your daughter? No, no, definitely not. So, no, but you don't even
Marty: need the studies to recognize that it's warping people's minds. Sure.
I think we're seeing, certainly seeing like effects on the dating culture that exists predominantly here in the United States with all these dating apps. It's, it's like people just flip on the app and they go shopping for who they're gonna, um, do the, uh, the porn sex acton, like Exactly. And it's, it's warping, it's created this very degenerate culture.
And I've admitted on the show too, I was, I watched a lot of porn growing up, but yeah, that's similar to me. I, I had children and was like, ah, I can't be, this is, yeah, they have a mother that I love and this is not. Yeah. This is not, uh, the way to be living your [00:55:00] life, but No, it's, it's got people by the balls, literally
Viktor: Exactly. Exactly.
Marty: Um, but no, it's, I'm very happy to hear that you recognize that you had a soul, got out of it. Now you're contributing to something that is actually a net benefit to society, a massive net benefit, and you're combining two net benefits, which would be giving people censorship resistance and privacy, and then integrating Bitcoin into your stack.
And you were telling me yesterday you didn't really get into Bitcoin until you started working at IV p n, is that correct? That's
Viktor: correct. I mean, I had some friends who are like, uh, uh, playing around with Bitcoin and, uh, yeah, I, I remember at one of these companies that we, we just talked about, one, um, system administrator, uh, never talks, uh, very reserved, uh, you know, the.
Bordering on the genius and insane type of person. He was like, uh, commented and saying [00:56:00] like, uh, I have, uh, mine, like, I don't know, uh, tens of thousands of Dosh coins in 2014, . Uh, I wonder what he's doing right now. Maybe he's, I don't know. Anyways, uh, so yeah, that's what I, I mean, I got, I got exposed to the, the concept and just like looking at Bitcoin and yeah, I've, I've, uh, when, when I started here, um, yeah, I was just like going into Death Rabbit hole as well.
And interestingly, for a couple of years I was, I was really, I was a, say I was fan of the different ICOs and like the Webre concepts, but I was, I was, I was coming from the side where, um, I, I've seen the potential, you know, in, um, in, in, in some projects, um, and I could see why they are starting their, uh, own coins and why that concept is something that is, that could be useful.
But yeah, over the years, just going deeper and deeper and just like seeing, uh, I think this, this has been said, and some people observe, but like, as, as you spend more and more time in this space, you just [00:57:00] get narrow and narrow and narrow and just like, you just realize, I mean, for me, they're just like two projects.
And for ivp n as we talked about, Monero. Uh, yeah. So like, I mean, I, I save in Bitcoin and I spend in, um, in Monero. You, you might disagree with that. That's, that's fine. I mean the, the, um, the Monero part, but you know, I, I've arrived to the conclusion that everything else is just, uh, bullshit or ware or scam in the worst case.
Yeah. Yeah.
Marty: No, I mean, we've had, uh, plenty of Manero debates on this show and online, and I mean, individuals are free to do what they want. I'm not, I'm not gonna try and police anybody, I think. and we are very open with this on Rabbit Hole recap in this show. I mean, it's objectively true that Bitcoin's privacy assurances are subpar at the moment.
That's right. I do think they're getting better over time. They will continue to get better. Um, and I think there's an order of operations to all [00:58:00] of this. Uh, you need the distributed network. You need to get monetary policy, you need adoption and protocol, uh, improvements and second layer solutions are gonna bring much better privacy to Bitcoin over time.
And it is happening. We were mentioning yes, ch em mints, uh, lightning as good sender privacy with tap root, you'll be at a, be able to get better on chain privacy. It's gonna bork some of the, uh, the heuristics that these surveillance companies are using. But yeah, it's, uh, it's inter interesting conversation and yeah, it, it depends on what your use case
Viktor: is.
Yeah, for, for me with Monero is like the, the potential hidden inflation problem is the, what's concerning for me. So that's why I wouldn't, uh, start saving or like holding, uh, large amounts. Uh, but for buying services, it's, it's, it works out great. And, uh, yeah, so that's why, I mean, Bitcoin is [00:59:00] definitely the vehicle.
My, some of my, uh, I don't know, family savings and stuff like that is going, going to into Bitcoin. I wouldn't, I wouldn't, I wouldn't do that with Monero. So. And how does,
Marty: uh, feel free, not to answer this question, but do you guys hold like a Bitcoin treasury at IV p n
Viktor: Yeah, that's the part I don't want, I don't wanna talk about.
Okay. For like, the security reasons. I mean, I'm, I'm not personally, I'm not responsible for that area, and the person who's responsible for that area would rather not talk about it. Yeah. And, and you know, if, if they, I mean, it's. It's their choice. So I don't wanna, I don't wanna make the choice here and we don't have to.
Marty: Okay. All right. We can go should, we can go on to, uh, one question I forgot to ask earlier, but like, what, how do you guys get attacked? Uh,
Viktor: you mean just generally for the VPN n service? Yeah, course. For
Marty: your, do your servers get attacked or are
Viktor: you Yeah, I mean, nothing out of the ordinary. I mean, it's also [01:00:00] hard to like, like disentangle what exactly is happening, who's doing that and stuff like that.
But yeah. But like, um, we get DDoS of course, and various attacks on our login forms and yeah, people trying to get into accounts. But yeah, so the, the good, the good thing is that we are not so big. Uh, so in this respect, not yet ? Not yet. Um, yeah, I mean, we've talked about the marketing and the, and the other parts.
So we have, we are pretty hardcore in like, in, in many respects. We don't do. , um, ads. We don't do YouTube sponsorships for like bullshit influencers and stuff like that, so we are not very likely to get as big as other VPN companies. But that's, that's fine. I would rather to serve the users who respect and understand what we do and like, uh, like work with them for a long time.
Um, but yeah, so, uh, uh, so for that reason we are not really in the crosshairs of like, uh, [01:01:00] uh, bigger, more sophisticated, um, entities let's say. Um, and then the other thing is like about the anti censorship and, and different parts. So we have, um, we have a free campaign for free access in Ukraine and Russia, cuz we have some colleagues in, um, in Ukraine.
And that's like pretty, something that's pretty close to our hearts. We cannot serve other areas that's just like too resource intensive. But for example, our service, and I don't know, probably Russian sensors are, are not listening to. Uh, D ftc, but who knows? It's a global podcast. Okay. . Uh, but yeah, we, we still in, in large parts.
We still work in Russia, but a lot of VPN services are blocked. So there are some advantages of using, uh, VPN service that is like a little bit off the radar and Yeah. Yeah.
Marty: Why is the web gotten to a point where we need VPNs?
Viktor: That's a good question. Yeah. In this, in this conference that I'm, I'm attending, there was [01:02:00] some like, uh, questions about this in like, some out of the box thing, let's say, where like, okay, we, if you were to rebuild the internet, it would definitely like build it a way that you want to take away the surveillance aspect.
Uh, and it would be nice. We, we are one of the few services I think, and this is goes back to the principles before profits, profits before principles, stuff. You know, we say, and Nick's been, our CEO has been very vocal about this. If we get to a point where you don't need a vpn, we'll just close up shop, we'll we'll do something else, reevaluate where else we can create value, build something else.
We don't care. Uh, but we, we are not there yet. And we have these conversations like, okay, so what's gonna happen if in any way legislation or a meteor or something like, just completely, it's like destroys the whole context that why we exist. And yeah, we'll be happy about that because then the, these privacy issues, uh, doesn't happen.
But yeah. Uh, to answer your question, uh, like free, free is a big incentive for people. Uh, and they don't understand the [01:03:00] trade-offs. Just give me the one solution that I can use right now with a good UX and it's free. Uh, and that's where, where we ended up with, uh, Gmail, that was a big thing. I think that's, that's a pivotal thing where they realized that like, okay, so these people really need the free meal service with like one gigabyte.
I don't know. How much was that like the. And that's like, people are like, okay, wow. Uh, they, they didn't understand. So Google understood very well, like the, the value of the data going into that and the trade offs that people are making without knowing it, but they didn't explain it. So like yeah. So anyone was listening and doesn't notice if you use Gmail, it gets, uh, completely scanned, analyzed mind and internally used for surveillance and targeting purposes for all across all Google products.
So yeah. Not a choice. Yeah. We've
Marty: made a concerted effort to de Google ourselves here at Tftc. We were discussing it, uh, not this, but we brought up [01:04:00] proton mail yesterday. Yeah. And that's what we've, the business, our email is run on a proton mail. Yeah. And, um, I'm, I'm trying to de Google Yeah. Myself as much as possible.
It's hard though. Hard, the UX hard is very good.
Viktor: Yeah. And people get hooked on free. And that's, that, that's the point. I mean, but you, you pay with your data, you pay with your profiling information and then that get to a point where, uh, where you get, uh, tagged in a sense that like, so, so what's, what's why it's so valuable is because you get profiled and your attention is very, um, very, um, very valuable, uh, in aggregate and in and in in individual as well.
So like this whole, I have nothing to hide argument against privacy. You know, that may be true, but everything that you do is collected, analyze mind, and, and that's, that's very, very valuable. And then you lose your, um, serenity because [01:05:00] you get targeted with, uh, with ads, with misinformation. . Um, and, uh, you know, and in, in worse cases, uh, depending on where you live and what happens with you, you will get on some lists, you will get, uh, scrutinized.
And, and that's the, that's the threat with the, with the Bitcoin aspect. So as we move along in this, uh, adoption and this whole, um, tensions between the sovereignty and, um, and, and governments trying to control all the information on the money flows and everything else, you know, um, using a vpn you might not help with the Bitcoin privacy problems, but you will help with, with this aspect, the general privacy problems, which can prevent, uh, you know, that information that you are visiting sites related to Bitcoin.
You are. Uh, different services regarding Bitcoin. You, maybe you're mining Bitcoin, so you know, your IP address will be hidden. And so, so that, that's, that helps you with that aspect where you, uh, won't get on those lists, [01:06:00] won't get scrutinized. Um, and yeah, that's why it's, uh, it's important. Maybe it's, I've wed off a little bit from our starting point month.
Yeah, that's a
Marty: good, good point to bring up. But I mean, you mentioned that you're exploring, uh, like CHMI events and stuff like that. We brought up proton mail, obviously have proton mail, proton vpn. Do you guys see your product offering expanding mm-hmm. beyond a VPN
Viktor: service? Yeah, we talked about it. Um, two reasons that why that hasn't happened yet.
So one is that, um, when you use privacy services, uh, there's an argument that can be made, um, that it's not, might be not good to put all your eggs in one basket. . So you're trusting one entity with all your services. Uh, if that service gets hacked or fails or get attacked by government or they just got malicious, get, become malicious for some reason, uh, then you're completely fucked,
[01:07:00] And if you just like, uh, spread it around a little bit, then you are just like partially fucked, I guess. So that's, that's, that's my argument. Uh, and I, we as a business, uh, thing, that's, that's, that's a good argument against, uh, doing this type of thing. Um, and then the, the, the other thing is like we, uh, we have a lot of people, I, I, I personally and like Nick as well, uh, we've, we've used to work in like big organizations, corporate environments, a lot of like layers and a lot of, uh, like, uh, top down control and stuff like that.
A hierarchy. Yeah, hierarchy. We don't, we don't really like that. And our business is running on a very. , everyone has a lot of autonomy. Uh, there's no, you know, nine to five, there's no like, um, lot of project management and like accountability in a sense that like, you have to submit these reports and like, so we, we are pretty, uh, open and free in this regard.
And, uh, after you grow, you know, to a certain size, you cannot really do that. So if you have having a plan of like, getting like capital injection and like big growth and like, let's grow the [01:08:00] company from 15 people to 30, 40, um, 50, that's a whole different ballgame. And it might happen. I'm, I'm not saying it's out of the question, but it's, we are kind of like, uh, mindful of this, uh, like the sustainability, uh, of the business and just like the growth suspects, so, yeah.
Marty: Yeah. And there's, I.
not to bring back the Bitcoin treasury conversation, but it doesn't have to be IVP N specific. But again, if we do believe that Bitcoin adoption is going to continue to increase, which due to the scarce nature of the asset will, will cause the value of Bitcoin to increase, it does present this unique opportunity for companies like IV p n that would like to keep that flat hierarchy and the autonomy and the, the scalability of the team and the ability of the team to do what they want without having to sell their soul to actually do that, like, which is really encouraging prospect where the companies [01:09:00] like IV p n, if the old a Bitcoin treasury have the ability to self-fund themselves in the future off of Bitcoin's price appreciation and actually do things the right way without
Viktor: having to sell out.
Definitely. . Yeah. And like, I mean, uh, and this brings to, to another point, uh, which is the price. So our, our service is, uh, on the more expensive side, let's say. I mean, I think fair, not like, uh, crazy. So I think it's very fair. Yeah. So it's like, um, um, for our pro plan, which is the full plan, it's a hundred bucks per year and longer plans are cheaper.
Um, but it's, when I talk about this and, and get, and people ask about this, uh, we have to point out that like, so we, we don't, uh, small companies don't have different advantages like economics of scale. So ne negotiating, uh, uh, costs on the cost side, you know, the bandwidth costs. So costs. And, um, and we, um, use the money that we get to, well on one end, you know, [01:10:00] to improve the service, of course.
Uh, and, uh, for activism as well, privacy related, anti surveillance activism. Um, but we also. Like do it all this like the, the, the management of our savings, everything else very prudently specifically to provide that stability and, and, and longevity. So like for VPN service, that's, that's very important, uh, that you don't get into a situation where you have to shut down, where when people are on like two or three year plan, uh, plans.
And also you don't get compromised because of that. So, because if you have, if you get into situations, so let's say we have a big recession coming, uh, which we're probably already in it. Yeah. Uh, so yeah, some, uh, a lot of companies will fail. Uh, a lot of companies might sell out. So they, they, they get, um, definitely get, um, offers all the time to monetize the data in other ways.
They get acquisition offers. Uh, entities that I wouldn't trust gets very centralized, which is not good. [01:11:00] So they might end up in, in that situation. And we are running a business in a way that, you know, you know, provides resistance against debt. So if you pay for ivp n you, you support that model. So that's, that's the, again,
Marty: I think it's a very fair price.
A hundred dollars a year, happy to say that is, I'm happy to part with a hundred dollars worth of stats to, to have better censorship resistance and, and privacy as I peruse the web. But you mentioned legislation earlier that's like, she's something probably a very important to topic that I imagine was discussed heavily at the conference you attended this week.
What, I mean, obviously VPNs are a bit of a renegade on the internet, providing people with services that governments don't want them to have. What is the regulatory landscape or the nation state attack landscape on the industry looking like?
Viktor: Yeah, that's, that's, um, that's interesting. I mean, just generally the short [01:12:00] answer is there's no legislation. Mm-hmm. , so there's kind of like a free, free for all. Um, in this sense, I mean, specifically in the us um, the most legislation that's already happening, and, uh, and that's the, the focus that talks about that is more about, uh, like, uh, India.
Yeah. So in, in, in some areas. Yeah. So, so you, um, so in, in, in areas like, um, um, India and, uh, of course China, uh, Iran, Pakistan, and smaller places, it's just like completely, um, there's, there's a spectrum, but on one end of the spectrum, you have the complete ban. You cannot use a vpn. If you use a vpn, that's, that's crime.
You'll be put into jail and stuff like that. There's some legislation where they, where they try to. Like stop the use with like, um, in like smarter ways, which is the Indian, uh, where they, where the, the, the, the data centers that provide VPN service, they have to log so [01:13:00] you can use it, but you know, it's completely takes away the, the, the, the reason for it.
And yeah, in the western parts it's, it's more about, uh, consumer protection. But you know, for, for, you know, for example, if, if, if you talk about the us, um, it's not in the best interest of government entities to stop VPNs. Uh, because a lot of people use v VPN services. That can be, I mean, so generally it's not good for them because it's, it's, it's encrypts the traffic.
Um, but you know, if they run some of the services or they compromise some of the services, then it's give you the assurance to do everything that you think is hidden from them. You know, get that false sense of security and then they can use the data against you. Yeah. So it's a little bit of a. Game tiering going on there.
Yeah. Yeah. We were talking about it
Marty: yesterday with some of the, the Bitcoiners and the Commons, particularly those who have run businesses in the space, and they think it's a crucial, uh, operational security aspect of their businesses. Like being able to [01:14:00] access very sensitive client data should be put behind a company wide VPN that agree that outsider should not be able to get into.
Viktor: Definitely. But yeah, in the US um, I, I know that some senators were raising concerns about the, the vpn, um, like the promising an, um, anonymity and all that kind of stuff. So yeah. And some of the players are trying to put together some like coalitions and stuff like that, that, uh, is completely bullshit what they're doing for different reasons.
But like I see that the big players a little bit concerned about regulation, trying to show that they are self-regulating. Um, that can stop. Like the, we have that in
Marty: Bitcoin too. Particularly Bitcoin mining. The Bitcoin Mining Council. We're self-regulating. We're all using green energy. Okay. Stop it. All right.
I don't like self-regulating.
Viktor: Well, similar council
Marty: though. Self, I don't like self-regulating to appease the government.
Viktor: Exactly, exactly. So just like mostly just [01:15:00] posturing. And if you, if you look deeper, so there's, if you go on that website that they run this with the express node vpn, uh, like they, they list a couple things and if you check the actual, but what they promise that they won't do and what they will do.
And if you check the providers and you go deeper and like 50 minutes, you can find five things that they violate in their own cords and stuff like that. So it's just like completely meaningless. It's all obfuscated bullshit. Yeah, exactly. So I'm not a fan of that either. Neither am I.
Marty: We need good actors like IV p n in the space.
I think you're a good actor. Happy to hear
Viktor: that. You're not a spook, are you? Well, I probably wouldn't be sitting here . Where would you Yeah, I mean, uh, let's say, uh, if I'm a spook, I mean, at some point I would either have to, uh, disappear or it would come out that I'm a spook. That that would be really bad.
Uh, I'm a family man, so , I am too.
Marty: No, it's funny. I [01:16:00] know Matt told me he asked you .
Viktor: Yeah, straight up. I, yeah, I met him in Amsterdam and I was like, okay, hi, I'm, I'm from P and I really like work and all that stuff. And he was like, oh yeah, I like the project. Are you logging? You know, just like straight looking at me, just like, you're not loving, are you?
Are you rock pulling us? And I'm like, okay. No, I, I wouldn't be here otherwise. So yeah,
Marty: no, no. I don't think you're a spook or that you guys are logging. But again, trust is a spectrum. Definitely. You have to meet these people in person and you seem like a great guy, family guy. Interested in Bitcoin. Yeah. On the cutting edge of all the technologies.
Seem to
Viktor: be in it. Yeah. Happy, happy that you, uh, you made that, that assessment from the time that we spent together, so I appreciate it. Yeah. What,
Marty: um, what else should we tell the freaks before we wrap up here? Any final thoughts on IV p n and nature of VPNs? Privacy, censorship of the digital age, like I think obviously the big theme of Rabbit Hole recap in this podcast is that governments have gone [01:17:00] crazy.
Mm-hmm. , they do not care about your privacy. Mm-hmm. , they do not care about you. They want to control you. And in the digital age, particularly on the internet, a lot of that control can be garnered by knowing what websites you're going to, what you're doing, what your IP is, and tools like VPNs, if you can trust them, are a good way to protect against the government's trying to control.
Viktor: Oh, that's right. And just wanna add, I mean, what I usually say is like, stuff that's happening, there was some conversations about this, of course, uh, in, uh, China and some other, other areas. That's a blueprint for, for other countries. They're exporting the technology, they're exporting the rhetoric. They're, they, everything else.
You know, it might not happen in the US in the next two years or three, but they're very successful in, in the complete control and domination of your lives. And, uh, tracking everything and listing and like, like, like asserting those controls through the money flows and through the digital [01:18:00] information.
And, uh, there's a blueprint is out there and like the, if you let these things happen, that is happening right now around us. And, uh, we, and we don't fight against that. We're just gonna slide down on that, on that, um, slippery slope and we'll end up in some sort of, uh, similar dystopia, uh, in our Western democracies.
So, uh, yeah, just be, be vigilant. No,
Marty: I'm very happy you said that. Like that's one thing I really wanna get to you freaks. If you just started listening or have been listening for a while, is that you have power, you have agency, you have the ability to make a decision. Do you let the government simply overpower you and take over control of your life?
Or do you fight back by using tools like a VPN provider like Tour, like Bitcoin, like the lightning network, potentially ch immense to fight back? Or do you sit there and cower and say, oh, they're too powerful. They have too many guns, they have the military, they have all this money. Stop that. Stop that.[01:19:00]
The government's at the, this is the completely convoluted point we found ourselves in human history, where these governments, particularly here in the United States where we were republic, a union of states, the federal government was to have very little power. And they were supposed to represent us. And it has become blatantly obvious in 2023.
If they do not represent us, they do not care about us, and they think they have power over us. At the end of the day, you have power. They're supposed to represent you. And if they're not doing that, you're not able to change. They're encroaching control over your life via the political apparatus. You have to use the tools that live outside of that system that give you that power back.
So well said. Thank you for building I V P N, evangelizing censorship resistance and, and privacy on the web. Appreciate it. Appreciate you. Where can we find out more about IV
Viktor: p n? Yeah. Uh, the, the cleanest way, [01:20:00] uh, is ivp.net is our, uh, is our. Website and yeah, we are acting on social platforms. I would highlight master on, I guess I've checked out No Noser.
Right. It's pronounced many different ways that Okay. That's, that's why I'm tripping off on it, so yeah. But we, we, we are not active there, but, uh, we'll, we'll look into that as well.
Marty: Okay. IV vpnn.net. Don, from an onboarding experience, if you pay over Lightning, you can go from typing iv p n into your browser to having iv p n up and running within five minutes.
That's
Viktor: right.
Marty: It's a pretty seamless onboarding process. Yeah. Victor, thank you for stopping by on your trip.
Viktor: Thank you for this opportunity. Really enjoyed our conversation. So I did as well
Marty: when, uh, a lot of places I wasn't, wasn't expecting, but I'm happy
Viktor: they did. All right. Excellent. All right, that's all we
Marty: got today for Peace of Love.