Idea: Hexbear community internet proxying service to make running internet services for the community safer and easier
Idea: Hexbear community internet proxying service to make running internet services for the community safer and easier
Me and @WithoutFurtherRelay@hexbear.net were discussing practical aspects of hosting a Space Station 13 server. In particular, we were concerned about the risks of running internet services out of our home internet connections. It pretty much advertises the locality you live in and connects any other services/activity at the same IP address to your Hexbear identity. The usual alternative is to buy some server time from someone else with an internet connection but the costs can add up to a lot if everyone is buying server time individually for their services.
Initally, we were discussing buying some server time for our own use to proxy connections to our home network to run our game server but we thought it might be more efficient and helpful for the community to make this available to everyone here who wants to run an internet service.
Basically, the idea is that instead of exposing a service on your home IP address for everyone on the internet to see, you connect to our server and it accepts connections on its own IP address for you and proxies the traffic back to your home network. So, if you want to tell someone how to access your service, all you need to give them is our server's IP address and a port.
Of course, this has little to no effect on people with a grand ability to surveil internet traffic () but it would expose a lot less information to other bad actors and make running internet services easier.
There would also need to be trust between the maintainers of this proxying service (who could collect the network information and traffic of the users, for example) and the users (who could use the proxy to forward malicious traffic, for example) so we thought it would be most useful if it were a community project. Maybe some of the risks could be minimized by restrictive firewall rules like not allowing users to send traffic out to the public internet unless it were a response to incoming traffic but maybe that is a feature we want?
Anyway, what does everyone think about this idea? Is it worth exploring and implementing or is it a bad idea? Sorry if I was a bit vague because I'm still thinking about the best way to implement this idea.