GIP-98: Should GnosisDAO invest in HOPR to kickstart development of GnosisVPN?

GIP: 98
title: Should GnosisDAO invest in HOPR to kickstart development of GnosisVPN?
author: Sebastian Bürgel on behalf of HOPR Association
status: Draft
type: Funding
created: 2024-04-02
duration: 12 months
funding: $1.5m + 500 GNO

Abstract

To strengthen Gnosis’ positioning as a leader in resilient web3 infrastructure, GnosisDAO would invest into HOPR to foster Gnosis’ focus on privacy. HOPR would then build Gnosis VPN, a truly private and decentralized VPN on top of the HOPR mixnet. To increase Gnosis DAO’s oversight, this effort will be split into two: this proposal and a follow up proposal for further development after initial work has been presented within 9 months.

Within the framework of this first proposal, HOPR would build a set of VPN (virtual private network) libraries for privately relaying HTTP calls and responses and a proof of concept Gnosis VPN browser extension. Working over the HOPR mixnet, this first extension will give users fully metadata-private access to a set of predefined Gnosis Dapps from their web browsers. In particular, this will allow users to interact with a full suite of crypto services without revealing their IP address or geolocation to the respective web servers.

These libraries and proof of concept browser extension would be supported with an investment of $1.5m to form the basis for GnosisVPN, a fully decentralized VPN service tailored to web3 users. The scaling and UX work needed to bridge these two versions would be the subject of a future proposal, contingent on the successful completion of the deliverables in this proposal.

In addition to the product development, GnosisDAO will receive HOPR tokens at a 30% discount on the 90-day $HOPR TWAP, ending on the day the proposal passes for their $1.5m investment.

The State of Web3 Privacy

Despite broad consensus that privacy is a fundamental component of a functional and scalable web3, privacy is still an underexplored area of development compared to other core web3 values such as decentralization.

The most prominent privacy-adjacent developments in web3 today focus on zero-knowledge. Indeed, GnosisDAO has funded significant work in this area. This is important work, but much zero knowledge research is focused on trustlessness rather than privacy, and even where privacy is the focus, it is often overlooked that on-chain privacy is just one component of web3 privacy. Off-chain privacy is as, if not moreso, important. There’s little point in engaging in complicated cryptography to unlink your on-chain history, only to expose your activity through website metadata. On-chain and off-chain privacy need to be developed in tandem.

Off-chain privacy solutions do exist, of course. The VPN market is large and booming, currently estimated at $45b globally a year, and predicted to rise to $350b a year by 2032. An estimated 31% of internet users (1.5 billion people) use a VPN, with 41% of those (680m) using one every day. Gnosis would benefit greatly from tapping into this market.

But current VPNs have unacceptable trust assumptions, requiring users to trust a single centralized server which sees every user connection and associated metadata. To be safe and private, web3 users need a web3 VPN.

GnosisVPN

GnosisVPN would be a VPN on top of the HOPR mixnet. A series of entry and exit nodes would allow the local client to send and receive arbitrary data while obscuring user metadata, most significantly their IP address. This will provide far superior trust assumptions for users than regular VPNs or alternative mixnets such as Tor.

Specifically:

• Unlike standard VPNs, Gnosis VPN will be a decentralized service where users connect their entry node to any of a set of decentralized exit nodes. Different exit nodes can be used for different requests, so there is no centralized point to link user data. Unlike VPNs, exit nodes would not see the user’s true IP address or other data (only that of the previous node in the route).

• Unlike Tor, HOPR’s relay protocol needs only one honest mix-node on a relay route. Even if all the rest of the nodes collude, privacy still cannot be broken.

First Phase Development

Building a full VPN service is a hard problem. Although HOPR has successfully solved the problem of metadata-private RPC calls, a typical user’s online interactions will touch many different protocols and systems, including HTTP, DNS, and UDP-based services such as streaming apps.

There is also the problem of latency and throughput. Modern ad-heavy websites are not optimized for low bandwidth, and mixnets are susceptible to overload either through inadvertent overuse or deliberate denial of service attacks.

For these reasons the first phase of development would focus on relaying HTTP requests only, and use a whitelisted set of Gnosis dapp domains such as app.safe.global, swap.cow.fi, gnosisscan.io, etc to minimize throughput and mitigate the risks of overloading. This first version will already allow Gnosis users to interact privately with a full range of crypto and web3 services.

Project Deliverables

This project would focus on technical development of a set of libraries for private HTTP relaying (pHTTP) and a proof-of-concept browser extension, to be delivered within a timeframe of 9 months. Future work, including improvements, scaling, support for different transport protocols, business development, marketing, etc., would be addressed in a future proposal contingent on success.

Deliverable 1.1 pHTTP technical design

• pHTTP technical design of protocol and components

Deliverable 1.2 JS client library

• Implementation of pHTTP protocol in JS SDK

Deliverable 1.3 Implementation of exit and entry components

• Implementation of entry node which connect pHTTP client with exit node
• Implementation of exit node which performs HTTP requests and sends responses to entry node

Deliverable 1.4 pHTTP web-browser extension (PoC)

• Implementation of web-browser extension which routes HTTP requests via pHTTP
• Single browser target
• Whitelisted set of supported web apps
• Limited documentation, configuration and UI

Deliverable 1.5 Performance improvements in HOPRd to enable pHTTP

• General availability of performance improvements in HOPRd within new releases
• Improved mixer throughput from currently 2 packets/s to 20 packets/s

Project Timeline

The proposed start of this first phase of the project is from the moment the proposal is voted upon and executed. The project will run for 9 months. Development will be fully Free and Open Source, and progress reports will be provided to GnosisDAO on a quarterly basis.

If the project is successful, a second proposal will be made to fund work to build the full version of GnosisVPN over a duration of 24 months. To improve accountability and oversight of Gnosis DAO that second phase will be subject to a separate proposal and voting process.

About HOPR

HOPR is a Swiss-based project building privacy infrastructure for web3. The HOPR network is a mixnet which uses proof-of-relay to incentivize relay nodes using the HOPR token.

HOPR has been active since 2020 and launched its HOPR token in February 2021. HOPR’s mixnet is fully functional, and currently has over 400 active relaying nodes. Of these, fewer than 5% are run by the HOPR team.

HOPR has a longstanding relationship with Gnosis. The HOPR network is incentivized using the HOPR token on Gnosis Chain. HOPR’s staking and node management tools are built on top of Safe.

To date, HOPR has focused on data transport issues narrowly related to crypto infrastructure and transactions. In 2022, HOPR conducted research in collaboration with Gnosis to highlight potential privacy issues related to validator sniping on Gnosis Beacon Chain.

HOPR’s recent focus has been on building RPC-over-HOPR, a fully private service to connect users to RPC providers, without those providers being able to see their personal metadata.

These are important problems to have solved, but of course interacting with web3 services involves significantly more data transfer than just transactions themselves. Simply interacting with websites exposes a significant amount of identifiable and linkable metadata, most notably your IP address.

To solve this problem, HOPR intends to expand its scope from private crypto transactions to providing privacy for all web3 data transfer. This will require a significant but achievable increase in the throughput of the HOPR network, both globally and at the node-level.

Funding and Team

HOPR is requesting $1.5m to fund this project. 100% of this will go to fund developer salaries. In exchange, GnosisDAO will receive HOPR tokens at a 30% discount, based on the 90-day TWAP ending on the day of this proposal being voted upon.

HOPR has a streamlined, purely tech-focused team consisting of 9 full time engineers who work exclusively on HOPR. All team members and their work can be found in the respective repositories of the following GitHub organizations:

• HOPR Association · GitHub
• RPCh · GitHub

In addition, to strengthen the link between the Gnosis and HOPR infrastructure ecosystems, 500 GNO will be made available to HOPR nodes running at the time this proposal is published on the Gnosis DAO forum. Each node will be eligible to receive 1 GNO to run a Gnosis Beacon Chain validator. Node runners will receive their GNO by submitting their validator and HOPR node addresses to an online anonymous form. The HOPR network currently has over 500 active nodes, of which <10% are run by team members.

Thanks for the well detailed proposal, Sebastian! I believe a web3 VPN is crucial, and Hopr’s technology seems like the perfect fit for us, both culturally and professionally. Moreover, the opportunity to have 500 active nodes on the Gnosis Chain is priceless.

I fully support this proposal!

I’ve been following the work done in HOPR and in my opinion this is a great project to support from the DAO since it aligns with the values that we have at gnosis. I’ll support this propoposal

I see great advantages for both parties with this proposal. On the one hand, the Gnosis ecosystem will be expanded by a fundamentally important service and, on the other hand, the partnership between HOPR and Gnosis will be further strengthened.

I also see the advantage that HOPR node runners now have an even smaller barrier to run a Gnosis node, which in turn is good for both projects.

I fully support the proposal!

I love both project and it is good proposal. Privacy for Web3.

Are there any ideas on how this can be economical? I mean HOPR node runners certainly want to earn something and the VPN user probably has to pay for it. What will the whole process look like?

Could you elaborate a little bit more on the team working on the project, a break-down of seniority levels and roles would be appreciated.

How GNO holders would benefit from this proposal?

Hey. Rich from HOPR governance here. The goal of this first phase is really technical development of the proof of concept, with business and product development coming once viability has been demonstrated.

But we have already been thinking about these questions. One option is a quota based model, which HOPR already uses for its RPCh service (https://rpch.net). But there are certainly others, with various trade offs across different axes such as latency, (relative) centralization, and ease of use.

Certainly, though, the model would be that VPN users pay for the service, and infrastructure providers such as the HOPR node runners are rewarded for facilitating it.

Could you elaborate a little bit more on the team working on the project, a break-down of seniority levels and roles would be appreciated.

Hi, most of the HOPR team is very senior and working for many years in the respective space. The implementation is lead by Tino Breddin, HOPR’s CTO who is working in the IT industry since over a decade. Most of the pHTTP implementatation is then carried out by Ronny Esterluss and Michal Jadach who are both also working since over a decade as full stack developers. Under the hood, the HOPR mixnet is improved as outlined above by our senior team of applied cryptographers NumberFour8, Teebor-Choka, fullstack engineer jeandemeusy, devops engineer ausias-armesto, smart contract / fullstack engineer QYuQianchen and testing - you can find relevant contributions in GitHub in detail here:

How GNO holders would benefit from this proposal?

Firstly this would bring utilization to the HOPR network and Gnosis Chain (because HOPR settles its payment channels on Gnosis Chain). Then we seek to integrate Gnosis ecosystem applications as the first and most native apps within Gnosis VPN - e.g. already the proof of concept version will work on some Gnosis services that are useful to GNO holders. In addition, another product that is in active use in the wider crypto ecosystem would foster a recognition of Gnosis as a leading web3 product ecosystem as outlined in the Gnosis 3.0 announcement.

thank you @SCBuergel for the extensive overview on the team, really appreciated!

I have cast my vote against this proposal for the following reasons:

Engagements of this nature should be strategically justified. From my perspective, it appears we are allocating 1.5 million to a product that is not necessary for our operations and is minimally functional.

• Despite HOPR’s long-term presence in the industry, the product has yet to demonstrate significant functionality.
• Upon reviewing LinkedIn, it’s evident that a majority of the team, including the primary founder and designer of the protocol, have departed from the company.
• Binance was an initial financier of this venture. My concern lies with the possibility that Binance possesses a substantial quantity of HOPR tokens, which they may dispose of to avoid regulatory issues.
• Why not consider utilizing Privacy made simple - NymVPN? It offers technology that is 90% akin to HOPR mixnet and is proven to be effective—eliminating the need for a 1.5 million investment. Furthermore, this alternative enjoys the endorsement of Snowden, providing an additional advantage. An investment of 100K in a partnership with NYM could yield comparable outcomes.
• The founder has made references to RPCh. An examination of the relevant updates reveals code associated with this enhancement. In my view, 1.5 million is an excessive amount for such an update.

I strongly urge everybody to reconsider their opinion and look upon this rationally.

Don’t forget that competition is always an important point through which projects grow. Gnosis and HOPR have been working together for a while and this partnership would strengthen the whole thing and both parties would benefit.
With NYM, on the other hand, it would be a one-sided partnership, bearing in mind that HOPR utilizes Gnosis for payments.

I don’t agree with your speculative point about Binance, the same could happen with NYM (or any other project).

Thank you for your reply

I am of the opinion that the allocation of 1.5 million is excessively generous. Our financial support surpasses that provided by Binance. The benefits we derive from this investment are disproportionately small. Furthermore, there are additional aspects I have raised concerns about; it would be beneficial if the OP could offer further clarification.

Hi - Harry from Nym here. Some of our users that are also on Gnosis told me about this. Of course, we’d be happy for Gnosis users to use NymVPN. We could build a dapp in gnosis that would allow to pay for the NymVPN using Gnosis - we already are working on supporting quite a few cryptocurrency payment options, so we’d be happy to add DAI and so on. It’s pretty easy to add so we wouldn’t need to request funds to do so.

It is odd that as soon as we launch a VPN for testing using our quite well-working mixnet infrastructure that HOPR decides to copy us - as usual - and then go ask for money for their own VPN. We have expressed concerns about the HOPR architecture for a long time:

Why we don’t support Gnosis for payments out the box is because of user privacy. We don’t use Gnosis Chain as our primary chain because we are Rust and WebAssembly based chain that needs the Web Assembly and validator support to use privacy-enhancing anonymous credentials to de-link the payment from usage of the NymVPN (see here https://nymvpn.com). . I would worry if any decentralized VPN was using Gnosis without sufficient privacy for payments, and so far, we seem to be the only ones doing that.

We would hope any decision could be made on the basis of technical merit. We aren’t against competition, but we do want people to realize why Nym made the decision to use Rust/WebAssembly and Cosmos for our primary chain and why we chose our particular technical architecture. The mixnet has worked well for years via Nym Connect via SOCKS5 (like Tor), and we’d encourage people from the Gnosis community our new NymVPN out - it opens for beta testing quite soon, but the code is already working and live in Github.

I find it really amusing how much effort you put into badmouthing the competition, if only that energy would go into something good

Anyway, I hope someone from the HOPR team answers all your concerns. But I think we should stay on topic here and discuss the original proposal.

Unlike other code that would require lots of development, the Nym mixnet works today without a million+ grant from anyone. Thus, the effort of Nym has made a working mixnet and we already have the code working for a VPN-like usage over a mixnet.

We take privacy seriously and wanted to make sure that people knew why we made our technical choices that are quite different from HOPR (or Elixxir or others) - I do not think payment over DAI is by default privacy preserving, unless you have shielded transactions on Gnosis already working similar to how Aztec works. Also, it would be relatively easy for us to add DAI and Gnosis chain support with our existing privacy tech. We thought the larger Gnosis community would be interested in this information even if you are not for whatever reason.

It seems we have started off on the wrong foot.
My primary issue lies with the logistical inconsistencies presented. A funding sum of 1.5 million dollars appears excessively high for the proposed purpose.
While I understand your argument regarding competition, I propose a reformation of the proposal to highlight its altruistic intentions more clearly.
Despite this, due to the current logitsical discrepancies, my stance remains a vote against the proposal.
Edit: I see no proof of “bad mouthing”. Am only expressing my opinion on the matter.

klemenza, I believe that comment was solely pointed at Harry, as he has a history of such behavior. By all means, let’s continue with a healthy conversation. The Gnosis / HOPR partnership will continue to flourish well beyond this proposal because of integrity and aligned values. I am looking forward to the journey ahead.

Engagements of this nature should be strategically justified.

I completely agree with you on this central point and gladly take the opportunity to make the strategic alignment between Gnosis and HOPR clearer here.

From my perspective, it appears we are allocating 1.5 million to a product that is not necessary for our operations

Gnosis DAO is not primarily focussing on operations but on growth of the Gnosis ecosystem. I recommend this excellent blog and forum post by the Gnosis founders on that topic.

Despite HOPR’s long-term presence in the industry, the product has yet to demonstrate significant functionality.

That is not correct, you can try out RPCh.net - which relays Ethereum RPC calls via HOPR nodes - today. Please let me know if you run into any issues. Here are many examples of RPCh working well for people.

Upon reviewing LinkedIn, it’s evident that a majority of the team, including the primary founder and designer of the protocol, have departed from the company.

This is also incorrect. As is not atypical for startups and market cycles, HOPR has indeed downscaled and some people left, but I as primary founder as well as all senior developers are still on board (see GitHub links that I shared above). Apart from me there are currently 9 full time engineers developing HOPR, all of whom will be available to work on Gnosis VPN & HOPR should this proposal pass.

Binance was an initial financier of this venture. My concern lies with the possibility that Binance possesses a substantial quantity of HOPR tokens, which they may dispose of to avoid regulatory issues.

There are many holders of the HOPR token. All of them could sell, yes, that is a risk with any publicly traded token. We are happy to have received support from Binance (just as Nym did) but indeed we are looking forward to a tech world that is not just VC dominated but instead built on ecosystem collaboration and support. We have already begun this transition and want to pursue it going forward - hence leaning towards Gnosis chain as a self-proclaimed DAO chain.

Why not consider utilizing Privacy made simple - NymVPN 2?

Nym has decided to combine all solutions into one solution which is neither the approach of HOPR nor Gnosis. Nym is driving development of an L1 blockchain, a mixnet and a VPN product as one central player. The Gnosis ecosystem is made of independent projects (such as Gnosis Chain, Safe, CowSwap, Karpatkey, Gnosis Pay and many more) focused on discrete parts of the tech stack. That’s not Nym’s approach and that is fine but that is a major difference. Gnosis has not made a decision to move out of the EVM into the Cosmos world.

The founder has made references to RPCh. An examination of the relevant updates reveals code associated with this enhancement. In my view, 1.5 million is an excessive amount for such an update.

This proposal is not about RPCh but to generalize the initial work that we have and are still actively pursuing in the direction of RPCh for the much more general use case of VPNs. Yes, that work has already started but the completion of it is a very long process that is supported through the proposal that I posted here.

It is odd that as soon as we launch a VPN for testing using our quite well-working mixnet infrastructure that HOPR decides to copy us - as usual - and then go ask for money for their own VPN.

NymVPN does not seem to have launched, it cannot be downloaded and used as of this moment, the initial ongoing prototyping work does not seem to be completed. In addition, I refer to my answer above on strategic alignment with Gnosis and diversity of the technology stack.

We have expressed concerns about the HOPR architecture for a long time:

As we explained at the time, those concerns were based on a misunderstanding of how HOPR works, a misunderstanding which has only deepened as HOPR’s design has been further developed and improved. We tried to reach out via various avenues to explain and correct this, but were repeatedly ignored (and indeed blocked). It seemed reasonable to assume you aren’t actually interested in discussing this.

At HOPR we believe the web3 is a place for collaboration and mutually beneficial partnerships, that’s the spirit of this proposal. We want to deepen our support for Gnosis Chain - and the wider Ethereum ecosystem - to bring privacy to existing users.

I would worry if any decentralized VPN was using Gnosis without sufficient privacy for payments, and so far, we seem to be the only ones doing that.

Nym chose to combine a payment layer and anonymous messaging into one system. As outlined above, while we understand that approach it’s not the approach that HOPR has taken and not the approach that Gnosis has taken.

we do want people to realize why Nym made the decision to use Rust/WebAssembly and Cosmos for our primary chain and why we chose our particular technical architecture.

Again we understand your choice of building on Cosmos here but that’s not our design choice or Gnosis’. However, the EVM certainly does have shortcomings that I do not get tired pointing out.
Thus we wholeheartedly support Nym in bringing not just on-chain privacy but also WebAssembly to Gnosis Chain, and endorse any such efforts.