Wednesday, July 3, 2019

Idea: Non-profit, fully auditable, free VPN that pays for infrastructure costs via truly anonymized traffic pattern/trend data.

I've been putting off moving to a VPN service because I'm too lazy to stand up my own and I've only heard bad things about paid services. After all, if your private data becomes important to someone (e.g. govt) then they'll just pay the VPN company enough money to get it anyway.

Been mulling over the idea in my head for a while and I have two questions my experience (cybersec policy/compliance) can't quite confirm:

1) Can you set up an infrastructure like this on a cloud solution that would scale and also be a fairly safe harbor, in the event someone important/powerful doesn't like what we're doing?

2) Can you actually sell anonymous traffic data in such a way that it would pay for the infrastructure (and a little extra for the admins and lawyers we'd probably need to have on staff). Alternatively, could we work with ad networks to provide semi-targeted ads that wouldn't break confidentiality?

Otherwise, I'm fairly confident that we could set up a black-box solution that could be independently verified by a 3rd party audit (e.g. Big 4, Verizon, IBM, etc.) that would prove no human being can actually get to the traffic data before it's completely stripped of any identifiers. Even if the environment is tampered with, it could simply drop any unprocessed logfiles that haven't been stripped and purged.

Would love to hear some thoughts on problems I haven't thought about already, even outside of 1) and 2) above.



No comments:

Post a Comment