November 17 2022 GM
Glitter Meetup is the weekly town hall of the Internet Freedom community at the IFF Square on the IFF Mattermost, at 9am EDT / 1pm UTC. Do you need an invite? Learn how to get one here.
Date: Thursday, November 19th
Time: 9am EST / 2pm UTC
Who: Amir Gharabaghi and Reza Nasab
Where: On IFF Mattermost Square Channel.
- Don't have an account to the IFF Mattermost? you can request one following the directions here.
Becoming Your Community’s VPN Provider with WEPN
WEPN offers hardware and software that allow you to become a VPN provider for yourself, friends and family. Becoming your own VPN provider with WEPN addresses the challenge of establishing mutual trust between VPN providers and users, and also limits costs because you utilize your own unused home internet bandwidth and electricity to run the VPN server.
Join us to learn how WEPN works and what user needs it was created to address; discuss the current censorship and access situation in Iran and how WEPN is currently being deployed to support users in Iran; and learn how you can use WEPN to support individuals in Iran and other heavily censored regions.
Bio: Amir Gharabaghi is Technical Program Manager and hardware architect at WEPN. Reza Nasab is the Program Officer and software architect at WEPN. Both have officially been working on WEPN since 2017.
Can you give us all an overview of what WEPN is?
- @amircybersec is the hardware and program manager for WEPN, and @reza does the hardware and project managements
- WEPN is a platform: hardware and software that allow running various internet freedom servers at your home.
- Our hardware is based on raspberry pi, but we enhance it with LCD/LED ring, buttons, and other fun stuff.
Building off of this, can you elaborate more on the overlap that WEPN has with traditional VPNs and also how it is unique?
- WEPN enables communities of hosts/providers (living outside censored regions) to support a group of trusted users in Iran or other censorship infested countries. As opposed to server based solutions, hosting a home pod does not require a monthly recurring fee, just a one-time initial setup cost.
- Running a server at home is tricky. So in the past years, and beyond the core servers, we have also built many recovery aspects to the system. We also pride ourselves in UX improvements we have done in collaboration with Okthanks.
- Our goal is to enable the diaspora community at-large to support their trusted contacts in Iran (similar to efforts at Outline/Jigsaw but hosted on stand-alone devices at-home), rather than building a centralized solution.
Do you work with Venezuela?
- It does work in Venezuela, so YES! anywhere there is interest we can jump in to help
Services like Outline also allow you to run your own VPN service, but without running your own server. What are the pros and cons of running a server at home?
- Outline happened to come out as we were working on this idea too! amazing work, and really well done
- We are very similar to Outline: a "server" in free world, and clients behind censorship based on shadowsocks, and we recommend Outline clients
- Our main difference is since Outline runs on actual servers, IP ranges are easy for the bad folks to filter
- It appears that Iran censorship is targeting datacenter IP addresses more aggressively for blocking potential VPN servers. Since WEPN pods are on residential home IP addresses they are less likely to get targeted
- Our devices are at home, so have residential IP addresses. harder to filter or block the entire IP ranges of residential ISPs
- Another advantage of home IP is that it can change from time to time (dynamic allocation) which works in our advantage
How many users can you add without slowing down your own connection hugely?
- From computing resources, say around 10 concurrent users. But the host/provider connection speed is also important
- If the provider has slow internet connection (ADSL for example), bandwidth can be a bottleneck.
- In the case of Iran, since incoming internet speed is not too fast anyways, the end users don't usually experience a slow down.
- Also, Iranian regime throttles down internet speed in many cases as a censorship mechanism (usually to prevent uploading of newsworthy content/video)
Are there other regions where you are seeing WEPN use expanded?
- There is interest, and we have had users in China, multiple regions in Africa, and hope to also connect with the Russian diaspora as well.
- Currently we are focusing our efforts on Iran due to the recent events. Iran has one of the worst censorship machines out there along with China, so our solution can handle so many scenarios.
What circumvention technologies does WEPN integrate to make the platform censorship resistant, particularly looking at Iran?
- We started with OpenVPN+SSL, then we added shadowsocks.
- During the last year, we have added support for Wireguard and Tor
- We are also working on supporting shadowsocks pluggable transport-type plugins (v2ray, Cloak, etc)
What is the best way for developers to get in touch with you to collaborate?
- Email: firstname.lastname@example.org
- Mattermost: @reza
- Pull requests in our repo: https://source.we-pn.com
- Events in iran are making us focused more on there, but as I said before it also makes our product very capable for all sorts of scenarios
- And to reiterate: we look at WEPN as a platform. developers might have cool software that can run on them. it is relatively easy, and getting even easier, to bring your work as an option to our platform
- We are also looking at making things more modular, so you can get a dedicated "tile" in our app for example to configure your service you have developed or brought on so many opportunities.
So we have talked a bit about what WEPN is and how it works, but can you give us a basic walk through of how a provider would go about setting up a WEPN device and making it available to others?
- We made a video explaining the on-boarding process. Basically, all they need to do is to plugin the device, download the app, and scan QR code on the device.
- After device is registered/commissioned, they can easily add friends through the app and share access keys via email or chat apps with them.
- There are no additional costs. Just the initial cost of obtaining the device.
- If the provider is tech-savvy and they already own a Raspberry Pi, they can use that instead of purchasing a device. We made the hardware specifically to enhance user experience without requiring technical knowledge.
- In other words, the additional hardware elements are added to enhance user experience and not critical to the main operation of the core service from a technical standpoint.
- In order to reduce adoption cost, we are also considering the option of letting users who already have an extra Raspberry Pi buy the device without the Raspberry Pi at a lower price point and assemble the Pi themselves...more like a kit.
- This approach would however require a little bit of assembly work.
How are users usually connected with providers?
- One of our goals was to use existing trust connection of the real world
- Some people would be hesitant to trust random VPN services they had gotten. and some gov'ts like Iran poisoned the local markets of VPNs by also injecting their own whitelabels or WEPN, you share the access link to people you already know and trust: family, close friends, activists you have worked with before.
- We are working on Tor as an outgoing route so if you are not a fan of their traffic being like yours ... you can do that! our Pods also run as Tor bridges
And is the aim for the service to remain based around these established trusted relationships? Or are there any thoughts around how individual providers might be able to expand support to more users that may not be first-hand relations?
- 90% of our focus now is the existing small circle of trust. it adds coverage where traditional VPNs can be not as effective.
- 10% is on creative ways to be useful to everyone: IP fronting, Tor bridges, etc. But that's secondary at the moment
Can you tell us more about your work following censorship events in Iran? And what have been some of the key takeaways?
- We constantly collect feedback from our providers and their users and perform on-the ground field interviews to gain better understanding of implemented censorship tactics. We recently published a report on some of our findings. WEPN Pods also collect certain usage metrics while protecting our user’s privacy. We aim to enhance these metrics to better capture key insights as we move forward.
- The state of censorship is constantly changing and the government deploys different tactics every day. Some of the things they do are experimental I would say and are observed sparingly on some networks. It's a very fragmented, chaotic and complex system IMHO.
- It is a good time to also pitch the iran censorship channel here.