SilverLABS/SilverMetal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7d5f9cc2463ac2ff1cfa10ddee05c943e97882d3
SilverMetal/stack/vpn/README.md
SysAdmin 7d5f9cc246 chore(scaffold): initial SilverMetal program scaffold 
Cross-platform privacy-hardening program. Two-layer product:
- SilverLABS Application Stack (cross-platform spine)
- Platform Hardening Profiles (per-OS, tier-honest)

Platforms: Linux (Debian/Kicksecure), Android (Pixel/Samsung/Moto/generic),
Windows (LTSC IoT), macOS (profile), iOS (MDM profile). Each flavour has
both a preflashed hardware SKU path and a self-apply "harden your existing
device" path.

Includes umbrella docs (README + threat-model, design-principles,
platform-matrix, roadmap, trust-model), per-platform and per-stack-
component README stubs, .gitignore, LICENSE.

Linux v1 ships first; Stack v1 = Browser + VPN + Sync.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-25 03:11:48 +01:00

1.8 KiB
Raw Blame History

SilverVPN

Status: v1 (Linux MVP) — planning

Always-on VPN with no logs, run on SilverLABS infrastructure. Mullvad-style account-number signup (no email, no name).

v1 approach

  • Protocol: WireGuard. Period. (Battle-tested, tiny attack surface, performant.)
  • Account: random 16-digit account number; no email, no PII
  • Payment: separate channel (SilverDotPay / crypto / payment processor) with no link back to account number
  • Exit nodes: SilverLABS-operated initially; geographically diverse
  • Kill-switch: enforced at firewall layer (nftables on Linux, NetworkExtension content filters on Apple)
  • DNS: encrypted DNS through tunnel; no DNS leaks
  • Per-device keys: each device gets its own WireGuard key; revoke per-device

Server-side

Lives in SilverLABS/silver-vpn-infra (separate repo). This repo holds the client code only.

What we do not do

  • We do not log connection metadata beyond what is operationally required (typically just real-time peer state, not retained)
  • We do not bundle ad-blocking — that's the browser's job, not the VPN's
  • We do not bundle tracker-blocking heuristics in the VPN — that risks false positives that break sites
  • We do not run a "free tier" with a different infrastructure — paid users and free users (if any) get the same server quality

Per-platform clients

  • Linux: GTK + native daemon (silvervpn-daemon running as systemd service)
  • Android: VpnService-based, native UI
  • Windows: WireGuard tunnel service + tray UI (signed)
  • macOS: NetworkExtension, signed and notarised
  • iOS: NetworkExtension via App Store

Verification

  • Kill-switch test: disconnect upstream, verify zero packets leak
  • DNS-leak test: capture DNS during tunnel-up; all queries must traverse the tunnel
  • Reconnect test: WAN flap, verify reconnect without temporary leak
Reference in New Issue View Git Blame Copy Permalink