The eQualite company has published the release of the CENO 1.4.0 mobile web browser, designed to organize access to information in conditions of censorship, traffic filtering or disconnection of Internet segments from the global network. Firefox for Android (Mozilla Fennec) is used as the basis. The functionality associated with building a decentralized network has been moved to a separate Ouinet library, which can be used to add censorship circumvention tools to arbitrary applications. Project developments are distributed under the MIT license. Ready builds are available on Google Play.
The CENO browser and the Ouinet library allow you to access information in conditions of active blocking of proxy servers, VPNs, gateways and other centralized mechanisms for bypassing traffic filtering, up to the complete shutdown of the Internet in censored areas (with complete blocking, content can be distributed from the cache or local drives) . For data exchange, a P2P network is created, in which users participate in redirecting traffic to external gateways (injectors), which provide access to information bypassing filters.
The project also provides for content caching on the side of each user, maintaining a decentralized cache of popular content. When a user opens a site, the downloaded content is cached on the user's system and becomes available to P2P network members who cannot directly access the resource or gateways to bypass blocking. Each device stores only the data directly requested from that device. Pages in the cache are identified using a hash of the URL, with all additional data associated with the page, such as images, scripts, and styles, grouped and returned together by one identifier.
To gain access to new content, direct access to which is blocked, special proxy gateways (injectors) are used, which are located in external parts of the network that are not subject to censorship. Information between the client and the gateway is encrypted using public key encryption. Digital signatures are used to identify gateways and prevent the introduction of malicious gateways, and the keys of the gateways supported by the project are included in the browser delivery.
To access the gateway in the conditions of its blocking, a chain connection is supported through other users that act as a proxy for forwarding traffic to the gateway (the data is encrypted with the gateway key, which does not allow transit users through whose systems the request is transmitted to break into the traffic or determine the content ). Client systems do not send external requests on behalf of other users, but either return data from the cache, or are used as a link to establish a tunnel to a proxy gateway.
At the same time, CENO does not provide anonymity and information about sent requests is available for analysis on participants' devices (an attacker can obtain information about the data requested or given from the cache to other users, and also determine that the user accessed a specific site by hash). At first, the browser tries to deliver ordinary requests directly, and if a direct request fails, it searches in a distributed cache. If there is no URL in the cache, the information is requested by connecting to a proxy gateway or accessing the gateway through another user. Sensitive data such as cookies are not cached.
For confidential requests, for example, requiring connection to your account in mail and social networks, it is proposed to use a separate private tab, when using which data is requested only directly or through a proxy gateway, but without accessing the cache and without settling in the cache.
Each system in the P2P network is provided with an internal identifier that is used for routing in the P2P network, but is not tied to the user's physical location. The reliability of information transmitted and stored in the cache is ensured through the use of digital signatures (Ed25519). The transmitted traffic is encrypted using TLS. A distributed hash table (DHT) is used to access information about the network structure, participants, and cached content. If necessary, µTP or Tor can be used as a transport in addition to HTTP.
Changes in the new release:
- The ability to access data stored in the local cache of the current system is provided, which allows multiple users on a local network to share previously downloaded content with each other in completely isolated networks that do not have access to the Internet. Data exchange is also possible at the stage before loading the distributed hash table (DHT).
- Added the IP address of one of the hosts to the list of hosts used to connect to the network in case of DNS failures.
- Improved crash debugging capabilities.
- The browser add-on "HTTPS by default" is included in the composition, by default it includes access via the HTTPS protocol.
- The “no Wi-Fi” dialog has been changed to “on mobile data” and is now shown when working through the network of a mobile operator, regardless of the state of Wi-Fi.
- Updated versions of CENO Extension 1.4.2 and Ouinet client 0.18.2.
Source: opennet.ru