NewNode
| File:NewNode icon.png | |
| Original author(s) | Stanislav Shalunov |
|---|---|
| Developer(s) | Clostra |
| Stable release | 1.9.2
/ March 19, 2020[1] |
| Repository | github |
| Written in | C JavaScript Swift |
| Engine | |
| Platform | Web platform |
| Type | Virtual Private Network |
| License | GNU General Public License |
| Website | www |
Search NewNode on Amazon.
NewNode is censorship-resilient VPN and distributed content delivery network (CDN) for mobile devices founded by Stanislav Shalunov and Greg Hazel. It is able to overcome internet censorship or shutdowns[2]. A piece of content needs only to be downloaded once and then it will be automatically distributed to other subscribers for this content. NewNode can be used as a library by app developers to give their users access to content available on the network. As of 2020, NewNode has over 50000 users, and it is partnered with Voice of America, Radio Free Europe and Middle East Broadcasting Network.
NewNode provides connectivity to content due to network failure or total internet censorship, while minimizing the bandwidth costs. In traditional VPN solutions or systems like Tor, connectivity relies on the use of proxy servers. NewNode instead connects the client to other devices in the NewNode network, using them as a decentralized content delivery network similar to BitTorrent. Content becomes available as soon as it has been downloaded to one device, making certain types of network blackouts (national internet) ineffectiveand reducing the bandwidth costs. NewNode avoids the use of proxies, greatly reducing the bandwidth costs and making it impossible to deny access by attacking the finding and attacking the proxies.
Basic usage[edit]
NewNode is available as an open source app for Android and iOS smartphones, MacOS and Linux. When the user requests web objects such as pages, images and others, the app attempts to retrieve it from peers in the NewNode network. Unlike conventional VPNs, content that is personalized to the user, such as webmail, cannot be delivered through NewNode. As of August 2020, the smartphone app is minimalistic but available for Android 10 (API level 29), iOS, MacOS and Linux.
NewNode SDK is licensed commercially by Clostra and enables developers of other apps to deliver content using the NewNode content delivery network. It makes the apps resilient to network failures and blocks. Furthermore, decentralized delivery reduces the cost to content publishers.
Technical description[edit]
At its base, NewNode is a peer-to-peer decentralized content delivery network[3]. The system consists of injectors, peers and peers that become injector proxies.[4] Injectors are a trusted service that runs in the cloud, while each user is a peer by default. A peer that establishes a connection to an injector becomes an injector proxy. Each injector possesses a private injector key while each peer has a hardcoded copy of all injector public keys.
Peers use the BitTorrent distributed hash table (DHT) to find injectors, injector proxies, and other peers interested in the same or similar content. Bootstrapping into the network and peer finding is performed using the existing BitTorrent Distributed Hash Table. This DHT has, as of 2020, over 200M nodes, making it highly available and resilient.
There are two types of content: static content such as public images and dynamic (personalized) content such as webmail and social media. In the simplest case, retrieving static web URLs, each peer attempts to locate the content by searching for its hash on the DHT. If the content is not available, the peer makes a direct connection, retrieves the contents and announces it to the DHT similarly to BitTorrent. Dynamic content is not currently delivered.
The injectors are used to initially obtain content from a web origin and to place it into the peer-to-peer network. Peers who receive a piece of content, validate the content by comparing its hash to values stored by the injectors in the DHT. In the case injectors are inaccessible, the network can continue to deliver the content, but the content will not be signed by an injector.
Peers use Low Extra Delay Background Transport (LEDBAT) in uTP framing to connect to one another, as well as to injector proxies and injectors. The peer-to-peer and device-to-device connections are called transport connections and run the peer protocol. The peer protocol is essentially HTTP over LEDBAT, with an some additional headers and verbs. In addition, the HTTP exchange is protected by a layer of transport encryption, to make surveillance and blocking harder. Range requests are used to get parts of the file. The content is authenticated using a Merkle tree, the root of which is signed by the injector.
Technical analysis[edit]
NewNode is built as a CDN, designed to cope and work around a variety of disruptions: targeted blocks, attacks on peers, and network congestion. Unlike proxy servers in traditional VPNs, NewNode can maintain content delivery if the injectors (or proxy nodes in traditional VPN) are not available to the peers.
A limitation of the system is on delivery of dynamic (i.e. personalized) content, such as webmail or social media pages. Due to limitations of HTTPS / TLS, current CDNs achieve this by signing their content with the private key of the publisher. Decentralized CDNs could like NewNode could in principle carry private content, but it would require new security protocols beyond TLS.
For peer-to-peer communication the system is designed for payload and protocol obfuscation, not authentication and data integrity verification. Thus the protocol does not offer protection against active adversaries. An attacking party can connect to the peers, while blocking their direct communication, and run a MITM attack. This is substantially more expensive for the attacker than passive observation, as it requires, at minimum, equipment that can identify the relevant streams despite their lack of outward features and implements the NewNode Transport Encryption protocol, as described in this section.
Development roadmap[edit]
- support for older versions of Android
- user obfuscation
- support for private content delivery
| Version | Release Date | Changes |
|---|---|---|
| 1.9.2 | 2020-08-21 | improved stall detection, other |
| 1.0.1 | 2017-02-20 | initial version |
See also[edit]
| Email clients | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Secure communication |
| ||||||||||||||
| Disk encryption (Comparison) | |||||||||||||||
| Anonymity | |||||||||||||||
| File systems (List) | |||||||||||||||
| Service providers | |||||||||||||||
| Educational | |||||||||||||||
| Related topics | |||||||||||||||
Internet censorship circumvention technologies | |||||||
|---|---|---|---|---|---|---|---|
| Background |
| ||||||
| Principles |
| ||||||
| Anti-censorship software |
| ||||||
| Anonymity |
| ||||||
| Physical circumvention methods | |||||||
| Relevant organizations | |||||||
| Reference | |||||||
References[edit]
- ↑ "Releases – Clostra/NewNode". GitHub.
- ↑ Anna, Byadakova (2020-08-13). "Belarus Is Back Online, With Lessons About Censorship Resistance". CoinDesk. Retrieved 2020-08-24. Unknown parameter
|url-status=ignored (help) - ↑ "How NewNode Works - YouTube". www.youtube.com. Retrieved 2020-08-24.
- ↑ "clostra/newnode". GitHub. Retrieved 2020-08-24.
External links[edit]
Some use of "" in your query was not closed by a matching "".Some use of "" in your query was not closed by a matching "".
This article "NewNode" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:NewNode. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.
