TGVPN — A private VPN service for serious people, Make anonymity trustless.

Whether you are a casual torrenter or a serious whistleblower, VPN is a must

Many VPN services will claim they work in cases, anonymity is easy, but the truth is, it is not.

TGVPN uses Tor (or I2P) and Bitcoin to fortify your anonymity and privacy against all odds.

TGVPN disconnects your real identity from your anonymized identity by using bitcoin, protects your real IP address from adversaries using Tor (or I2P).



More of it is explained in detail below.

BTC-based authentication

TGVPN's biggest feature (arguably) is bitcoin-powered authentication and seperation of real-life identity from VPN identity.

To register on TGVPN, all you need is a bitcoin address, and nothing else, no email, nothing, real secrecy.

TGVPN is invulnerable to replay attacks on the VPN.

To authenticate, you need to generate a message from the WebUI, and then sign it with the associated bitcoin address.

Using the bitcoin address and signature, you authenticate to the service, super easy.

This results in seperation of personal identity and makes it harder to deanonymize you if you mix your bitcoins right.

Zero logging, even if death ensues

TGVPN keeps ZERO logs of anything, all logs have been set to /dev/null.

TGVPN has a Tor-based anonymizing layer and isolating system to practically make TGVPN unbreakable.

TGVPN encrypts all information of any users on the server (like bitcoin addresses) to prevent deanonymization even if servers are seized.

This will NOT help if the adversary is active, see above.

Transparency than getting rich

TGVPN's extremely transparent and publishes information about funds and status of servers, openly, including prices, hoster, etc.

TGVPN's admins are .

Everything is public about them, including PGP keys, personal email, etc.



I'm not finished yet!

Warrant canaries, pledges

As a VPN service provider, we pledge that we will immediately shutdown whenever user details are compromised.

Please keep a tight look on this canary, and this canary, as this canary contains information on whether any servers are seized or not.

Price challenge, 2$ only!

TGVPN is dirt cheap, and we have explanations for so, this service is primarily made for helping people, not for getting rich.

Each dollar you invest in this, transparently logged and justified for usage.

Self-hosted infrastructure

TGVPN's infrastructure is all self-hosted.

We self host everything including application servers (no Heroku, really), VPN exits, IRC server, chat server, web frontend (not even hosting).

We don't even use VPSes or dedicated servers or datacenters to host our core infrastructure, all of the infrastructure is based in Zenified's basement.

These servers are anonymous and only talk via Tor and HTTP(S when available).

That means real security for you, you don't have to trust on hosters of TGVPN now, so essentially (because of Tor), not even Zenified's ISP can log about you.



Replay attacks and its effects on security

TGVPN is not vulnerable to replay attacks because its design was made to be invulnerable to replay attacks, messages are disposed once they are authenticated with a signature, signatures are immediately disposed and replaying of the signature won't authenticate.

What are replay attacks?

Replay attacks are possible when an attacker (preferably in control of exits) gets to know about the ciphertext of a incoming user.

If the ciphertext was encrypted to the exit, the attacker may decrypt it and find out the username and password, that's insecure.

Due to OpenVPN's design, when username-password authentication is used — the passwords are received at the exit and then forwarded to TGVPN servers.

If the username and password are known, then an attacker can gain access to user accounts, and unfortunately, most VPNs are vulnerable to this attack.

TGVPN uses bitcoin-based authentication, and until and unless the attacker has the bitcoin address private key, the attacker can not login.

As exits are meant to be disposable and secure even if it is seized, this works exactly against that.

Problem solved!



Custom cryptography.

TGVPN does NOT use OpenVPN's cryptography because it's weak. (EC curves are NIST, none of them are )

Even if we utilize RSA15360 we will need DH parameters of the same size to utilize DHE with appropriate 256-bit security.

Unfortunately, DH parameters are expensive to generate and RSA15360 is very expensive (ciphertext is 80x the plaintext).

So we wrap the OpenVPN packets in a custom-made layer and wrap it over WebSocket, resulting in the packet looking like true HTTP(S) traffic.

Primitives we use: X25519 (Elliptic-curve Diffie-Hellman over Curve25519), XSalsa20, Poly1305.

The blocks are then wrapped over WebSocket then again sent over HTTPS.

This results in 3 layers of encryption and this is practically impossible to break as well by quantum computers given the private keys aren't exposed.

In laymen's terms, each packet you send is encrypted first by OpenVPN then by WrapVPN and then by TLS.

The whole application is open-source, verifiable, auditable, .

Do anything to it under the terms of GPLv3.



Really anonymous!

It's a widely known fact that the adversaries (the adversaries serious people fight against) can easily get in control of the end exits.

Most VPNs secure the communication channel (user —— VPN), but the weakest spot in defence is the exit.

Data brokers and collectors want "who did what", TGVPN prevents people to know 'who' but protecting what is impossible.

For adversaries who can access the server that easily, they can probably gather root access, with root access, the keys required for decrypting 'what' is in plaintext, what keeps them from deanonymizing you? (DHE is not going to help)

Many VPNs claim they are non-logging, (AKA they don't log) but what if it's active? While the VPN is running, most VPNs keep a IP configuration pool (IPs mapped to X.509 Common Names, usually the username), simple tcpdump on the tun0 inteface will reveal what you are doing.

OK, so how do we gather your IP? tcpdump on the incoming interface, it'll show every IP connected to the VPN, and now filter by the IP pool used by OpenVPN, misson complete, usernames mapped to real IP.

It's by design, impossible to prevent. TGVPN doesn't fix the wrong problem, it instead keeps your private information secret and uses bitcoin for authentication, no username, no password, nada.

For anonymizing your Real IP, trustlessly, TGVPN utilizes Tor or I2P, both are anonymizing darknets, it sends the traffic over multiple computers for anonymization.