Financial transaction

Bitcoin VPN Kills Trust for Privacy CryptoBlog

This is an opinion editorial by Moustafa Amin, a technology leader with more than 20 years of professional experience in large organizations, service providers and telephone companies.

Bitcoin is undoubtedly the newest form of currency in the world. Governed by no central authority and controlled by no one, it represents the financial bailout the world seeks. In my opinion, the freedom of Bitcoin can be extended to evade eavesdropping who work tirelessly day and night to intercept, monitor or even control our online activities.

Traditional VPN

Today, if two terminals want to talk to each other privately, they usually have to do so through a trusted third-party intermediary. For example, consider what happens if two endpoints want to set up a virtual private network (VPN) tunnel between them to conduct a private conversation over the public Internet. They must first be able to discover each other. This is the discovery part.

If the two endpoints can somehow find each other, they may still not be able to communicate directly, for example if they have private IP addresses or are hidden behind routers or broadband gateways. This is the data communication part.

Additionally, if multiple devices wish to share the same VPN channel to talk to each other, additional information must be exchanged between all VPN points.

The first two parts of this process involve using a third party to facilitate discovery and communication. For example, the two terminals must purchase a service from a VPN service provider and specify that they wish to communicate. The service provider acts as a trusted intermediary for both parties.

(Graphic/Mustafa Amin)


This third party must not only be trustworthy, but must also be reliable. If it’s compromised, the privacy is gone. It must also be always online. If this third party were to cease its activities, the two terminals would no longer be able to communicate with each other.

A pressing issue present in this centralized VPN model is the need to propagate a shared key to the communicating entities which they use to encrypt and decrypt the traffic between them. This key exchange usually happens on a separate channel – an out-of-band channel (think: email, phone, text, etc.). This apparently lacks eavesdropping or illegal interception of the shared key.

Additionally, it is not uncommon in some countries to restrict known VPN ports. This happened to me when I opted for an annual subscription to a well-known VPN service. I found that my VPN client could not connect to any VPN server in the world. I opened a file with the supplier and luckily they understood the situation and reimbursed me.

Additionally, some banks or other traditional financial systems (credit cards or payment processors) may refuse or restrict payments if one attempts to subscribe to known global VPN services.

Now the question becomes: how do you allow two or more entities to communicate with each other without resorting to third-party intermediaries, thus avoiding all these problems? To answer this, I am happy to introduce you to Bitcoin VPN.

What is Bitcoin VPN and how does it work?

Bitcoin VPN is a solution that leverages the Bitcoin Network (Layer 1) or the Lightning Network (Layer 2) to allow two or more parties to discover each other and be able to communicate privately over the public Internet.

As with traditional VPN, a Bitcoin VPN client must access the web portal of the desired VPN service. This customer can be a telecommuter who needs to be connected and reach his headquarters, or a normal VPN user who wants to access the Internet from another location to bypass certain content restrictions, for example.

When opting for the VPN service, the customer is presented with a Lightning bill or just a wallet address along with an equivalent transaction amount that needs to be sent. In the case of a teleworker, the amount of the transaction should be minimal (no company would charge its employees to connect to its network). For a typical VPN service, the transaction might be an hourly bill.

Either way, the client sends the transaction to the Bitcoin address presented.

Once received, the VPN server responds by sending a transaction back to the client and passes the server’s public key as clear text embedded in the transaction’s metadata.

As everything is stored publicly on the Bitcoin ledger and to prevent eavesdropping, the client encrypts the following data using the server’s public key received:

  • Client’s public IP address.
  • Customer’s public key.
  • Other options that would be needed for the VPN connection (port number, etc.).

The client sends another transaction to the server, embedding the encrypted message from the previous step in the transaction metadata.

The server decrypts the encrypted message using its private key.

Equipped with all the information required for the VPN, the server then establishes the required VPN tunnel to the client (public IP address: port number) and peers using the client’s public key for VPN encryption. Note how this differs from a traditional VPN where the client is usually the tunnel initiator.

A Bitcoin VPN allows two or more parties to discover each other and be able to communicate privately over the public internet without trust.

Three-way handshake and VPN tunnel establishment (Graphic/Moustapha Amin)

For anyone who would argue that the same could be achieved with other cryptocurrencies, my goal with Bitcoin VPN is to avoid the centralized nature and subsequent challenges of traditional VPNs by leveraging the real and most decentralized ledger ( Bitcoin). Simply set aside your desire to control and/or make money by unnecessarily injecting your inferior altcoin of choice into the conversation.

Finally, it is evident that Bitcoin, with its unique decentralized architecture, offers limitless opportunities other than its apparent financial capabilities.

This is a guest post by Moustafa Amin. The opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc. or Bitcoin Magazine.