ripsline.com solves this elegantly with our btcpayserver Virtual Private Node implementation.
Discussion
You require an email and payment in either on-chain or lightning Bitcoin. The end user has to ensure that their email isn't linked to their identity or IP (a tall order for most) AND they use a properly non-KYC Bitcoin UTXO to pay for the service.
Even then you have root access to the server and all its traffic. A VPS will always offer a superior trust model as you can compile the software yourself on your computer, sign it, then deploy it on the VPS. What assurances do you have that you're not running malicious LND software? What assurances do you have that you're not logging LND activity and traffic? What assurances can you make that you're not under gag order by a state intelligence agency and can't disclose that you're giving them data?
All these points were considered in the architecture of our implementation. It is evident you spent <5mins checking out the site. Else you would see the issues highlighted above are accounted for.
1. the Flow Chart that is highlighted in the How It Works section of our Buy page: users are encouraged to set up a Dedicated Device prior to Virtual Private Node purchase. *We envision users to setup device level VPN and use email alias for purchase.
2. This implementation is literally run on a VPS... We never have root access to the server, that information is emailed directly from VPS provider to ripsline user's email provided at checkout. Even so, they cannot access the VPS until root password is changed. We merely provision the VPS for end user, they maintain VPS credentials always.
3. You can check custom installer for malicious LND software as the script is FOSS viewable here: https://github.com/ripsline/Virtual-Private-Node
4. The last two points do not make sense because we never have any information other than user's email and domain name (can use fake domain name which is also highlighted on the site).
Yes I spent less than 5 minutes I spent about 1 minute reviewing your page. So you charge $360 a year to provision a VPS for a client, run your open source script, then give the user SSH credentials for the VPS? Is that correct? If so would the user not be better off avoiding the email and middle man all-together and provision their own VPS and run the script themselves? The users adding an identifier in the email and trusting you not to run a modified script at time of install, is that not correct?
What you describe is more private than what I originally surmised, but still leaves deanonymizing attack vectors open or am I wrong?
We purchase the Virtual Private Server at cost for 1 year (~$200). The email provided to us at checkout is used so only you have access to your VPS client portal. After 1 year, you will have to pay the VPS provider ~$200 for the second year and so on.
When you purchase through us, we provide ongoing support and a custom script that makes the installation process easier. In the order credentials file, we encourage users to not trust us but to review the script before they run it themselves... they can even paste it into chatgpt to check for malware.
We never provide SSH credentials to the user, the VPS provider emails those directly to ripsline user.
Users are encouraged to provision their own VPS and run the script themselves. Users who know the value of their time will quickly see that our one-time setup fee, which includes ongoing support, is a far better investment than spending their time figuring it out on their own.
There are no deanonymizing attack vectors if user checkouts with email alias, VPN, and fake domain name. All highlighted on our site: https://ripsline.com
The email alias and VPN become the de-anonymizing attack vectors since they are the weak links in the chain and are accessible through government subpoena but for most are acceptable tradeoffs for the service you're offering. I think you're doing a good service.
Daedalus, you are attacking our business model by saying that VPNs and email alias' are attack vectors. I appreciate your kind words and happy to answer your questions. However, you are creating FUD on our business due to concerns with VPNs? Common.
I also don't understand your point. We can see the IP address (just like every website in the world) of our users. And we know the email used to sign up so we can send order details and support users.
If a government subpoena's us, how would a user be deanonymized? The government would see an IP address that is not theirs and an email hopefully not tied to their personal identity.
Thinking it over I think those can be reasonable tradeoffs and are pretty trust minimized for the client. I commend you on your service sounds like a great product for the right user.
Nice. You realised an idea I had in the past, but thought wonβt work at scale. My idea was to directly sell BTCPay plug in and play physical servers.
thanks. it is something we considered: selling physical hardware w/ BTCPay. However, we feel running BTCPay on a VPS has significant benefits.
Could you name a few? I mean apart from the obvious ones.
You never have to worry about revealing your IP address. Trade-offs are that ripsline Virtual Private Node is pruned, and you have to trust the VPS provider to not breach terms and access the hardware you rent. Our focus is to provide users with a lightning node, Sparrow Wallet is a nice addition for people who seek an on-chain wallet node backend. With expensive home nodes, you will either leak your IP address OR conceil your IP by using TOR and deal with connectivity issues on lightning.
VPS is better for digital nomads.
Got it. Thanks π