I don't get the threat model for Orchid

Discussion in 'privacy technology' started by mirimir, Dec 24, 2019.

  1. mirimir

    mirimir Registered Member

    Oct 1, 2011
    OK, so Orchid <https://www.orchid.com> just launched. It's an open-source P2P VPN network, where users pay providers with OXT, an Etherium currency. In theory, as I understand it, Etherium currencies are ~anonymous by design, even though there's a public blockchain. And with Orchid, I gather that users can ~easily setup multi-hop VPN chains.

    However, in it's current form at least, it's only available to Android users. And the app is apparently only available from the Google Play Store. So I acquired a Gmail address, and created an Android-x86 9.0 x64 VM. And Google loved me enough to update, and install the Orchid app.

    But the Orchid app wouldn't run. Maybe it doesn't like VMs, or perhaps the virtual WiFi interface. But even Google was OK enough with all that. Although it did flag the device as iffy. Maybe because it couldn't geo-locate it.

    So that's what I don't get about Orchid's threat model. It's apparently available only on Android. And only from Google. So arguably Google knows everyone who installs it. Plus their IP addresses, and likely where they are at GPS-level accuracy. Plus whatever's linked from their Gmail account.

    And worse, no matter what multi-hop VPN someone is using, and no matter how anonymously they've paid for it, Google and other location-aware apps might know exactly where they are. Sure, they could try to restrict access to location data. But I doubt that users can ever reliably block Google access to that. And Google doesn't even need GPS. It can triangulate based on reachable WiFi networks, and achieve near-GPS accuracy.

    So what good is a VPN, on a device where Google always knows where you are?

    I gather that Orchid may ~soon be available for iOS users. That would at least force users to trust Apple. Which may be a better bet than trusting Google. But I'm a lot happier trusting Debian and Linux developers.

    P.S. - Android-x86 9.0 x64 is indeed a great improvement, by the way.
  2. reasonablePrivacy

    reasonablePrivacy Registered Member

    Oct 7, 2017
    Member state of European Union
    But somebody may be fine about Google knowing location of device, because all person want to do is anonymously use web browser or other application. Provided you trust application that it don't send location data (i.e. well known open-source apps or just permission to location data), but this app makes some connections to the Internet, it may be enough to anonymize IP address. Application may send some unique ID, but this ID may not be known for Google, so there is a chain of places to gather data from to de-anonymize person.
    I am not an advanced user of Android, but I heard there are ways to spoof Android phone’s location, although there are ways such as SafetyNet API for applications to check whether information provided by OS is trusted.
  3. mirimir

    mirimir Registered Member

    Oct 1, 2011
    Sure. Most VPN services have Android clients.

    But Orchid is claiming much more privacy than VPN services provide.

    And yet they're running on devices that are entirely pwned by Google.
  4. Beyonder

    Beyonder Registered Member

    Aug 26, 2011
    Privacy is subjective. Most people are oblivious/don't care about Google owning their devices.
  5. mirimir

    mirimir Registered Member

    Oct 1, 2011
    I don't doubt that's true.

    But I'm talking mainly about the people who developed Orchid. And one would hope that they're not oblivious.

    It seems pretty clear to me that their privacy claims are overstated. Because any app that accesses location data knows where users are, quite accurately, regardless how solid the VPN stuff is. And that's just too bloody fragile.

    Even if you accept that it's OK for Google to always know where you are.

    In my nested VPN setup, it'd take a VM-to-host breakout for an app in this VM to know its physical location. And that's arguably a lot less likely.
  6. Stefan Froberg

    Stefan Froberg Registered Member

    Jul 30, 2014
    @mirimir you are right.

    It would make more sense if this stuff could be
    run from pure Linux phone that has nothing to do with Google android

    Even semi-open Blackphone 2 would be better option

    Even thought Google's engineers have helped alot with increasing the security
    of Net (encouraging encrypted e-mail use, DNS-over-Https, and others...thanks for that)
    it's still a fact that Google's main business is not privacy...

    That's why I would trust those two above companies more than Google (I try to have as much stuff
    as possible disabled from my Android phone, max app restrictions and only enable location
    and mobile data when I really need them)
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.