OK, so Orchid <https://www.orchid.com> just launched. It's an open-source P2P VPN network, where users pay providers with OXT, an Etherium currency. In theory, as I understand it, Etherium currencies are ~anonymous by design, even though there's a public blockchain. And with Orchid, I gather that users can ~easily setup multi-hop VPN chains. However, in it's current form at least, it's only available to Android users. And the app is apparently only available from the Google Play Store. So I acquired a Gmail address, and created an Android-x86 9.0 x64 VM. And Google loved me enough to update, and install the Orchid app. But the Orchid app wouldn't run. Maybe it doesn't like VMs, or perhaps the virtual WiFi interface. But even Google was OK enough with all that. Although it did flag the device as iffy. Maybe because it couldn't geo-locate it. So that's what I don't get about Orchid's threat model. It's apparently available only on Android. And only from Google. So arguably Google knows everyone who installs it. Plus their IP addresses, and likely where they are at GPS-level accuracy. Plus whatever's linked from their Gmail account. And worse, no matter what multi-hop VPN someone is using, and no matter how anonymously they've paid for it, Google and other location-aware apps might know exactly where they are. Sure, they could try to restrict access to location data. But I doubt that users can ever reliably block Google access to that. And Google doesn't even need GPS. It can triangulate based on reachable WiFi networks, and achieve near-GPS accuracy. So what good is a VPN, on a device where Google always knows where you are? I gather that Orchid may ~soon be available for iOS users. That would at least force users to trust Apple. Which may be a better bet than trusting Google. But I'm a lot happier trusting Debian and Linux developers. P.S. - Android-x86 9.0 x64 is indeed a great improvement, by the way.