Ever since Bitcoin exploded, “blockchain” is being integrated into just about any kind of software project you can think of. It certainly seems like companies, shareholders, and various blogs are going into a frenzy if they hear the word “blockchain“.
As a recent example of this phenomenon, a British software company decided to add the word “Blockchain” to their business name and saw shares jump by 394 percent in a single day.
The simple change from “On-Line Plc” to “On-Line Blockchain Plc” sent investors into an absolute frenzy – as described in this Bloomberg article.
With all of this hype surrounding the “blockchain” phenomenon, it comes as no surprise that this is now spilling over into the VPN market.
One recent example of this is the “Privatix Blockchain VPN Network“.
Similar to the the Bloomberg story above, Privatix was a free VPN service (see privatix.com) that appears to have recently rebranded itself to adopt “blockchain” into their business model (see privatix.io).
Here are the before and after photos comparing the “Privatix VPN” website to the “Privatix Blockchain VPN Network” website…
As they explain on their “Token sale” page, Privatix.io is the product of a group of Russian and Israeli tech entrepreneurs behind the company “Privatix Token Ltd” which is a “Gibraltar limited company”.
Banned in some countries?
It is also interesting to note the following disclaimer that appears at the bottom of the site:
YOU ARE ONLY ALLOWED TO PURCHASE PRIX TOKENS IF AND BY BUYING PRIX TOKENS YOU COVENANT, REPRESENT, AND WARRANT THAT YOU ARE NEITHER A CITIZEN OR PERMANENT RESIDENT OF THE UNITED STATES OF AMERICA, INCLUDING PUERTO RICO, THE U.S. VIRGIN ISLANDS, AND ANY OTHER POSSESSIONS OF THE UNITED STATES, PEOPLE’S REPUBLIC OF CHINA, SINGAPORE, SOUTH KOREA, OR GIBRALTAR, NOR DO YOU HAVE A PRIMARY RESIDENCE OR DOMICILE IN THESE COUNTRIES.
It is likely there are laws in these countries that prohibit participation in these token sales.
Is this a scam?
Perhaps you are wondering if this is another off-shore crypto-currency “investment” scam masquerading as a privacy solution…
But not to worry, they address your concerns with a few statements on their website.
First, let’s take a look at this “security audit” by a “well-known expert”.
As they explained in a post on Medium, the “well-known expert” who audited Privatix BlockChain VPN Network is BokkyPooBah.
The well-known expert BokkyPooBah can be found on GitHub:
And now turning our attention to the “popular rating agency” that gave them a “STABLE+” rating…
The rating agency is called ICOrating and it specializes in rating “blockchain-based companies planning on an ICO (initial coin offering).” They are also based in Russia.
Only time will tell how stable the “Stable+” rating truly is.
Flashbacks from 2008
This situation looks eerily-similar to the 2008 subprime crisis when mortgage-backed securities (MBS) were collateralized and sold off to people and countries (remember Greece?) as prime investments…
If you recall, major credit rating agencies – that were deemed trustworthy by banks and investors – repackaged garbage debt as AAA because they were getting paid off by the investment banks to do so. Just like with the current blockchain-mania, the MBS-mania was quite the party – until the house of cards finally collapsed.
But now let’s return to the blockchain VPN…
The risks of a decentralized blockchain VPN
Now turning our attention to the Privatix Blockchain “White Paper” which explains the business model:
The main assets in the Privatix Network are “exit nodes owners” (Agents). These Agents host on their internet-connected devices special lightweight software which enables them to sell their internet bandwidth. Privatix will enable the sale of this unused asset (bandwidth) to other network participants and strives to create meaningful value for Agents with no additional costs or any initial investment from their side (installing the free software is quick and easy).
So in other words, the “agents” will provide their internet access to random strangers (“clients”). Obviously, this can lead to a myriad of problems because the agent does not know what the client will be using the intenet access for.
Buying illegal products on the dark net?
Attacking or hacking the servers of a company or government agency?
These are the risks you take when other people use your bandwidth.
But don’t worry, Privatix addresses your concerns on their FAQ page:
How can I be protected as an exit node owner?
Legal protection framework for exit nodes owners is a crucial issue for us. We intend to develop a legal framework to help exit node owners to handle the situations when they are accused of improper activity because someone misused their node (IP address).
The basic concept behind this proposal is that certain responsibilities will be transferred from exit node owners to our company. We will provide to them a document stating that we as a company lease their network for our use and resell it. This document will contain the node IP and hash in blockchain and the user will be able to download it from their dashboard.
Would this “document” from a Gibralter-based “Blockchain VPN Network” save your ass from the authorities in your country when someone does nasty stuff with your internet connection?
Either way, there are risks to both “agents” who are selling bandwidth and also the “clients” who are using bandwidth.
From the client’s perspective, they are using the internet access point of a random stranger. Anytime the client is sending traffic that is weakly or not encrypted, the agent can not only listen to all traffic but he can also manipulate the traffic. Adversaries operating Tor nodes have been found to sniff and manipulate traffic.
It would also be easy for the agent to inject a malicious payload into the client’s computer. This is also exactly what has happened with people operating malicious Tor nodes, where they injected malware into the users’ downloads – see this article.
As a final example highlighting the risks of this business model, we can just take a look at Wikileaks. Their entire project was based off documents they acquired by setting up malicious Tor nodes and intercepting traffic: “The activist siphoned more than a million documents as they traveled across the internet through Tor”.
Such are the risks of a “decentralized” network with random/unknown nodes.
And finally, it should be noted that currently their network is not even usuable. At the time of this writing, the only thing you can do is buy tokens (which supposedly can be used later). After the token sale, they plan to “prepare the company for the next steps as quickly and efficiently as possible” – whatever that means.
Conclusion – I do not recommend investing in tokens or using a “blockchain” VPN network.