chore(scaffold): initial SilverMetal program scaffold
Cross-platform privacy-hardening program. Two-layer product: - SilverLABS Application Stack (cross-platform spine) - Platform Hardening Profiles (per-OS, tier-honest) Platforms: Linux (Debian/Kicksecure), Android (Pixel/Samsung/Moto/generic), Windows (LTSC IoT), macOS (profile), iOS (MDM profile). Each flavour has both a preflashed hardware SKU path and a self-apply "harden your existing device" path. Includes umbrella docs (README + threat-model, design-principles, platform-matrix, roadmap, trust-model), per-platform and per-stack- component README stubs, .gitignore, LICENSE. Linux v1 ships first; Stack v1 = Browser + VPN + Sync. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
40
stack/vpn/README.md
Normal file
40
stack/vpn/README.md
Normal file
@@ -0,0 +1,40 @@
|
||||
# SilverVPN
|
||||
|
||||
**Status**: v1 (Linux MVP) — planning
|
||||
|
||||
Always-on VPN with no logs, run on SilverLABS infrastructure. Mullvad-style account-number signup (no email, no name).
|
||||
|
||||
## v1 approach
|
||||
|
||||
- **Protocol**: WireGuard. Period. (Battle-tested, tiny attack surface, performant.)
|
||||
- **Account**: random 16-digit account number; no email, no PII
|
||||
- **Payment**: separate channel (SilverDotPay / crypto / payment processor) with no link back to account number
|
||||
- **Exit nodes**: SilverLABS-operated initially; geographically diverse
|
||||
- **Kill-switch**: enforced at firewall layer (nftables on Linux, NetworkExtension content filters on Apple)
|
||||
- **DNS**: encrypted DNS through tunnel; no DNS leaks
|
||||
- **Per-device keys**: each device gets its own WireGuard key; revoke per-device
|
||||
|
||||
## Server-side
|
||||
|
||||
Lives in `SilverLABS/silver-vpn-infra` (separate repo). This repo holds the **client** code only.
|
||||
|
||||
## What we do not do
|
||||
|
||||
- We do not log connection metadata beyond what is operationally required (typically just real-time peer state, not retained)
|
||||
- We do not bundle ad-blocking — that's the browser's job, not the VPN's
|
||||
- We do not bundle tracker-blocking heuristics in the VPN — that risks false positives that break sites
|
||||
- We do not run a "free tier" with a different infrastructure — paid users and free users (if any) get the same server quality
|
||||
|
||||
## Per-platform clients
|
||||
|
||||
- **Linux**: GTK + native daemon (`silvervpn-daemon` running as systemd service)
|
||||
- **Android**: VpnService-based, native UI
|
||||
- **Windows**: WireGuard tunnel service + tray UI (signed)
|
||||
- **macOS**: NetworkExtension, signed and notarised
|
||||
- **iOS**: NetworkExtension via App Store
|
||||
|
||||
## Verification
|
||||
|
||||
- Kill-switch test: disconnect upstream, verify zero packets leak
|
||||
- DNS-leak test: capture DNS during tunnel-up; all queries must traverse the tunnel
|
||||
- Reconnect test: WAN flap, verify reconnect without temporary leak
|
||||
Reference in New Issue
Block a user