When I setup the DNS over Oblivious HTTP service for Waterfox, one of the most important parts of our setup was that each step was controlled by a different entity, which was also recommended by Fastly. In our instance it went Client (Waterfox/us) -> Relay (Fastly) -> Gateway (Cloudflare).
As far as I’m aware, Apple do the same with Cloudflare and Akamai, each controlling one relay.
Unless I’m mistaken, you’re both controlling the client software (closed source) and the first relay?
As far as I can tell, trust is still essentially put into your organisation since you still control two critical parts of the setup. So maybe better than a traditional VPN provider, but still flawed?
Ah, the client is OSS, that’s good, appreciate the effort on reproducibility - I know how tough that is.
In theory I suppose that makes running one of the nodes less of an issue.
Would you guys ever be open to hosting a relay for other parties? I’ve been wanting to deploy OHTTP Proxy for Waterfox but have struggled being able to justify running a node myself and finding two separate parties has been a PITA.
As far as I’m aware, Apple do the same with Cloudflare and Akamai, each controlling one relay.
Unless I’m mistaken, you’re both controlling the client software (closed source) and the first relay? As far as I can tell, trust is still essentially put into your organisation since you still control two critical parts of the setup. So maybe better than a traditional VPN provider, but still flawed?