The problem with Deeper Connect devices

Last year a project by the crypto company Deeper Network was funded on Indiegogo. The campaign was a success, getting over 2 million dollars in total funding for their hardware DPN devices.

This crowdfunding campaign introduced the Deeper Connect product line, and these devices are billed as one time purchase DPN gateways. Essentially, they function similarly to a VPN, but the network is decentralized instead of run by a single company (as in Decentralized Private Network).

There’s one huge catch however; in order to support this one time fee approach, the network shares the bandwidth of everyone who uses it by default. Essentially all of your web traffic will travel through someone else’s Deeper Connect device before reaching the internet. This also means that strangers’ web traffic is coming through your device, and this traffic will look as if it were coming from YOU.

This puts every user of these devices into a similar legal situation to Tor exit nodes; if someone uploads or downloads illegal content on your connection, it will be your house that gets raided by federal agents. If you value your freedom and privacy, this is a big problem.

You can turn bandwidth sharing off, but the fact that it’s enabled by default presents a huge security risk for many of its users who don’t understand the feature, and I’d be wary of trusting a company that operates on this business model, especially if you’re relying on that same company to continue supporting the network.

ㅤ

ㅤ

Source: their website which explains the operation of the network

Their copy claims that their internal logging “proves” that you were not the source of that traffic.

But then I would think the same logs could be used against you if you were involved in illegal activity.

The fundamental problem is, there is no real transparency around these issues.

There is a Reddit sub, but it is run by management, and has little useful content.

Seems most folk are interested in the crypto mining aspect, IMO sketchiest of all.

There’s also another crypto dVPN project called Orchid. I looked into deeper connect to maybe run on my servers to mine the token, but decided against it in the end.I do like the idea of a decentralised VPN, but it needs to be managed correctly to be effective and safe for it’s users.

What’s the difference between this and the Winston that says that it’s better and faster than a VPN?

I wanted to share my recent experience with DeeperNetwork support. Unfortunately, the support I received was far from satisfactory. Specifically, when I inquired about a security issue with Deeper Network devices , the response was rude and did not address all my concerns.

The support team plays a crucial role in retaining customers, and I hope DeeperNetwork considers making improvements for their support personnel.

Not really a VPN issue. How would anyone think it could be decentralized without agreeing to “sharing” data, is it just magic? It seems like “sharing” is the whole point of this type of network (more TOR like than VPN), shouldn’t turning it off just disconnect you from the network? Maybe it wants to be micro transaction based on who is sharing, relay, or just using? Still, no VPN issue to address here… Enjoy.

It is scary to read all of these

Using deeper mini for last couple years In UK and never had any issues. Till yesterday police just been in my house and took two pc uway for examin. Apparently around 3 months ago some unlegal kids stuff was going true my Internet. Even if I had good explanation for it. They still took the log data from deeper mini and two PC’S for checking. So around 12-16 weeks need to wait for my computer to return.

One concern I’d have is that the device is:

probably made in China

quite possibly its hardware or software is subject to Chinese influence (Huawei chips? backdoors in AtomOS? What evidence that those do NOT apply?)

At least one review mentioned connections from China, even though the user had blocked that

Some of the more satisfied reviews I saw mentioned doing business between western countries and China; given the latter’s tendency to want to access or control everything, I have to wonder if it’s secure

One of the rather scattered documents mentioned an assisted remote password reset on request. That’s scary even with someone I’d trust more.

If this were made and supported by a privacy respecting privately owned company using NO Chinese chips or software in a western country that took privacy seriously (some but not all EU countries, Switzerland (maybe), the US for its own citizens (maybe)), and the design was open and the software was open source at least for review (but with some control and considerable review as to updates, so as not to get hacked), then I’d feel a whole lot better that it wasn’t just security against everyone but the ChiCom government.

The crypto currency angle…some of it seems to maybe make sense to make support kind of self-funding; but otherwise, it seems a bit dodgy. Blockchain might be a useful way to negotiate transactions (perhaps including connections, in this case) with some degree of security, integrity, anonymity etc; but I’m not sure to what degree it helps, and the non-repudiation part might be problematic.

All in all, an interesting concept, but with so many devils in the details that it would take a LOT for me to trust any particular implementation, whether this or a couple of similar ones out there. Tor was invented by US government (one of the service academies?) but is open source now; one can suppose that at least the US has some way to partially connect the dots on who is talking to who, even if they might not usually be able to read the traffic. But other than that, it may be ok for those doing things that most places would be legal, but might put them at risk where they are. Being open, it’s at least in principle a plausible judgement call whether it securely meets needs. Performance can be problematic due to too much transfer of large items (video, etc), streaming, and so on; which is also said to be true of of hardware assisted DPNs.

Simpler to check reviews, claims, and ownership for a conventional VPN service, and just pay the subscription. And better performance (at least 50% of no VPN depending on exit location), no risk of being the exit node for someone else’s dicey activities (where the legality in your jurisdiction might even differ from that in theirs), probably a wider selection of entry countries, etc). There are always those who spot and blacklist VPN exit points; that happens to some degree even with Tor, let alone with commercial VPNs, so it would eventually happen with this too, at least to the point of being annoying if not generally a major limitation.

In this world of chaos, we should always remember that if we’re not paying for the service, then we are the price

Their copy claims that their internal logging “proves” that you were not the source of that traffic.

But then I would think the same logs could be used against you if you were involved in illegal activity.

The police would probably quickly discover that you aren’t responsible for the crime that the anonymous suspect committed, logging or not, but not before your home gets broken into and all your electronics are seized for an undefined length of time.

Their website does specify that the logs only record whether or not web activity came from an anonymous source on the network, but they also don’t give proof or details of that claim.

You’re right though, the lack of transparency kinda undermines the whole privacy angle they’re going for and the crypto mining aspect certainly doesn’t inspire confidence.

On their IGG page they claimed Zero Logging. Where did you see the “internal logging” statement?

yea i was confused about that. if im not sharing my downstream bandwidth then…what is it that i am uploading!? surely inorder to be sharing my upstream i need also be sharing my downstream. the internet doesnt just magically poof into existence to my computer. what comes in must come out.

It defeats the purpose of a VPN to allow strangers to connect over your network. Tor works because you aren’t forced to be an exit node, and only people who have the resources, knowledge, and legal protection to volunteer do so.

In this case the DPN is part of a blockchain network. If they wanted to have it be decentralized without compromising users’ security, they would have users pay miners for bandwidth like how some other networks function. At least the miners would understand the risks of sharing bandwidth and could plan accordingly. The reason they won’t do that though is because they want to charge a $300+ premium for a service they aren’t even providing.

true. I’m looking for a VPN service and the idea of owning a hardware device without subscription fees looks attractive to me. But there’re so many questions in my head

That’s pretty scary. That they can just come in your house and take away your PC.

If you do an IP scan on a network that this device is connected to, the manufacturer of the Deeper device is reported as “Tuya Smart Inc.” which is indeed a chinese company.

No idea

guessing, no logging centrally by the org

local logging is claimed to give deniability

He’s talking about the device’s own log files, which show what YOU have been doing, not other people. The other user’s browsing does NOT pass through your machine, in identifiable packets, it’s never going to link you to someone else’s internet usage.

If you want to see what it’s doing, just run all its traffic through a Wireshark setup.

Exactly, it is not a VPN so it would be counterintuitive to think it shared any of the same benefits. Even at it’s most basic a DPN would be with people you trust or throw under the bus.