Thread

All these points were considered in the architecture of our implementation. It is evident you spent <5mins checking out the site. Else you would see the issues highlighted above are accounted for. 1. the Flow Chart that is highlighted in the How It Works section of our Buy page: users are encouraged to set up a Dedicated Device prior to Virtual Private Node purchase. *We envision users to setup device level VPN and use email alias for purchase. 2. This implementation is literally run on a VPS... We never have root access to the server, that information is emailed directly from VPS provider to ripsline user's email provided at checkout. Even so, they cannot access the VPS until root password is changed. We merely provision the VPS for end user, they maintain VPS credentials always. 3. You can check custom installer for malicious LND software as the script is FOSS viewable here: https://github.com/ripsline/Virtual-Private-Node 4. The last two points do not make sense because we never have any information other than user's email and domain name (can use fake domain name which is also highlighted on the site).

Yes I spent less than 5 minutes I spent about 1 minute reviewing your page. So you charge $360 a year to provision a VPS for a client, run your open source script, then give the user SSH credentials for the VPS? Is that correct? If so would the user not be better off avoiding the email and middle man all-together and provision their own VPS and run the script themselves? The users adding an identifier in the email and trusting you not to run a modified script at time of install, is that not correct? What you describe is more private than what I originally surmised, but still leaves deanonymizing attack vectors open or am I wrong?

Thinking it over I think those can be reasonable tradeoffs and are pretty trust minimized for the client. I commend you on your service sounds like a great product for the right user.