It’d mainly be for older PCs (winXP and earlier along with the Mac and maybe linux equivalents). The idea is to setup a raspberry pi as a middleman so that “retro PCs” can securely connect to a network without having to worry about the numerous security holes that now exist. The raspberry pi would block anything that isn’t coming through the VPN. Additionally, I’m wanting to set it up so that people who don’t have the space or money for a “retro PC” can connect via virtual machine running older operating systems.

The reason why I’m wanting to exclude newer operating systems from connecting directly (though if I feel they’re secure enough then I might allow newer ones as well) is partially because older PCs and web browsers would likely struggle with displaying modern web 2.0 sites. If newer PCs are allowed to join the network with modern browsers, then you run the risk of compromising the idea of having a network that attempts to operates off web 1.0/early web 2.0 design.

Another factor is that while newer PCs might be immune to most, if not all, of the security holes associated with older OSes, a clever hacker might be able to use a newer PC as a carrier (similar to how a person with a viral immunity to a virus can still spread it). Alternatively, a user who thinks they “know what they’re doing” could potentially end up creating a bridge between the intranet and the wider internet. I doubt the network would ever get large enough for that to be a real risk, but I want to try to be proactive about it since the majority of the systems connecting would already be heavily compromised due to age and lack of security updates.

One thing I’m struggling with is figuring out how to ensure connecting clients are running on certain OSes or hardware using “off the shelf parts”, if that’s even possible to begin with. I might be able to use a web landing page that exploits security holes to check the OS/hardware and probe for connections to the external web. However, I’m not super familiar with hacking or programming systems like this, which is why I’m having to resort to using “off the shelf parts” so to speak.

Regardless, I’ve been trying to put together a list of software, hardware and cloud services (I’m planning to host a node or two via a service like AWS if it looks like it’d be possible to do without opening it to the external web) that I’d need to make it happen.

Edit: an additional detail is that I’m hoping that the age of the hardware/software will mean that I can use cheap and outdated hardware to run the system. The idea behind the bandwidth cap is 50% cost, 50% trying to reinforce the idea that you’re not supposed to be making super modern, flashy sites. Additionally, the bandwidth cap would only apply from the node to the user, while webservers, game servers, etc would have a higher cap (maybe eventually uncapped) between nodes to avoid congestion. Basically:

User <-1.5mbit/s-> node <- ???mbit/s -> server

Or

Server <- ???mbit/s -> node <- ???mbit/s -> server

Or

user <- 1.5mbit/s -> node <- 1.5mbit/s -> user

Why 1.5mbit/s? That’s the speed of a T-1 line (it was originally going to be dial-up for that sweet, sweet BEEEEEEEDONKIDONK KSHHHHHHHHHHHHHHH until I realized how much of a headache dealing with analog-digital-analog would be)