We consider ourselves privacy extremists and we build highly protected systems that even we cannot look into. Because we are in favor of anonymity as well, we allow users to sign up completely anonymously by going through hidden services and using cryptocurrencies or physical payments.
We separate VPN connection and authentication so that the network never learns about the users’ accounts – staying true to our principle of privacy first.
No information about the user is made available during authentication, keeping Cryptohippie itself in the dark.
Multi-Hop and Multi-Jurisdiction VPN
Our Virtual Private Network bounces your data and communication through hops in at least two jurisdictions.
Cryptohippie is not a single company but an international group of independent companies that cooperate to provide the Cryptohippie Anonymous VPN. Network operations are distributed between Panama and Germany, customer relations are located in the USA and St Kitts & Nevis,and we operate routers and servers in Switzerland, Germany, Netherlands, USA and Canada. Separating these operations between multiple jurisdictions we minimize the chance of being legally coerced into giving out any data authorities might think we have.
Our service includes secure email account (incoming and outgoing mail with the cryptogroup.net domain, 1 GB storage minimum, header scrubbing, encrypted-only mail storage on our servers).
Secure Network Disk
Our service also includes highly secure online storage.
State of the Art Encryption
AES-256 CBC for traffic encryption, SHA-512 for Authentication, RSA-4096 and DHE-4096 for key agreement.
Open Source Client Software
We support open-source community by using open-source clients to run our services.
Available on Linux, Mac OS X, Windows, iOS and Android devices
IPv6 is the new Internet protocol. Our network is dual-stack, which allows to both connect to it with IPv4 and IPv6, and to carry data in both protocols at the same time. Apart from making all of the internet reachable this also prevents leaking of traffic.
Our own DNS server
DNS is a prime target for metadata surveillance, censorship and manipulation. Cryptohippie operates a dedicated DNS infrastructure that does direct resolving and DNSSec verification. Alternatively, clients can use a limited number of public DNS servers – including some that provide DNSCrypt capabilities. Apart from these all DNS traffic is captured by Cryptohippie to prevent traffic leaks.
Our own Public Key Infrastructure
Cryptohippie uses cryptographic certificates to authenticate its infrastructure to the clients. All certificates are generated and signed on a Hardware Security Module operated and stored by Cryptohippie. Our Certificate Authority keys are stored in secure hardware only. At no point do our clients have to trust a third party with authenticating our infrastructure.
Frequent key rotation
All keys that authenticate our infrastructure to our clients are rotated frequently and never stored on persistent storage. This measure makes key leakage and abuse highly unlikely, and it severely limits the window of attack should key leakage ever occur. Cryptohippie takes even unlikely attacks very seriously.
Zero Censorship and Zero Traffic Manipulation
Cryptohippie does not engage in any form of mandated censorship of traffic or destinations, nor do we manipulate the reachability or content of traffic. We do not use deep packet inspection to prevent our clients from sending or receiving specific data, or reach the destinations they chose to communicate with. We are however good neighbors on the internet: Should a destination itself ask Cryptohippie to block them, we will usually comply for a limited time.
Ephemeral only confidentiality and integrity keys.
All cryptographic keys used for the protection of confidentiality or integrity of our clients’ network traffic are ephemeral: They are agreed on by both our network and the client’s computer, are never shared, never stored, and frequently replaced. We use ephemeral Diffie-Hellman (EDH, without static DH parameters) for key agreements.
Public IP addresses are rotated during user sessions to prevent trivial correlation of outgoing connections to a user session.
Public IP addresses are always shared between multiple users and sessions to prevent a direct mapping between users and IP addresses. We do not allow dedicated IP addresses per user because we put privacy first.
Hardened operating systems
Cryptohippie exclusively uses hardened operating systems and configurations: OpenBSD, Hardened Gentoo, Hardened Arch, and our own hardened buildroot.
Dedicated Servers only maintained by Cryptohippie
Anti-Enumeration and Anti-Traffic-Fingerprinting
Traffic generated by a computer carries information that makes it differentiable from user computer’s traffic. Cryptohippie scrubs identifying protocol information from connections, normalizing the traffic to prevent enumeration (counting) of sessions and fingerprinting of computers protected by our network.
Authentication and identification usually go together. Providers want to make sure that only legitimate clients are using their systems and they need to make sure that abuse is limited. This however dramatically reduces the privacy a client can expect. Cryptohippie has chosen to put privacy first. We developed a technology that allows us to verify the legitimacy of sessions while at the same time making it impossible to connect the session with a user. By employing blind signatures and zero-knowledge proofs no information about the user is made available by authentication, keeping Cryptohippie itself in the dark.
The time a packet takes to travel between the user’s computer and a public internet destination is measurable by that destination. This allows for an estimation of where a user is located. Furthermore variations in latency can lead to pin-point identification of the user’s Internet Service Provider. Cryptohippie takes active measures against latency based tracing by introducing artificial, non-constant latency into all user connections at the entry node. This greatly increases the resilience against latency based tracing.
There are no technical, business or legal requirements for us to keep logs of any kind. In addition we made very sure that no forensic traces of users’ activity are created or stored on persistent media. We strictly stick to our rule – Privacy first!
No traffic limits
Any kind of traffic limit would require us to keep some kind of logs, which we don’t.
Unlimited number of devices simultaneously
Any kind of device limit would require us to monitor and log connections, which we don’t.