NewNode VPN: Internet Access In Shutdowns And Disruptions

From TCU Wiki
  • Date: Thursday, December 8
  • Time: 10am to 11am EST / 3pm - 4pm UTC (What time is it in my city?)
  • Who: Arina Shalunova, Project Manager at NewNode & Marina Feygelman, Executive Director at NewNode
  • Location: Zoom

RSVP: https://digitalrights.formstack.com/forms/vpnvillage2022_6

NewNode VPN: Internet Access In Shutdowns And Disruptions (Presentation)

Presentation Slides

There is a lot of talk about VPNs to fight censorship and using VPNs for security, but there’s a missing piece: what do you do when the internet isn’t there? Internet shutdowns generally happen at the times when up-to-date information is most important.

NewNode VPN helps users reach information even during internet shutdowns, using peer-to-peer and device-to-device connections. In this session, you will learn how the NewNode VPN works and what other NewNode-protocol products are available to support users in an internet shutdown or disruption. Individuals affected by internet shutdowns or who work with affected groups are encouraged to join this session.

Bios:

  • Arina Shalunova joined NewNode in 2020. She is interested in digital rights, access, and community education.
  • Marina Feygelman is the executive director of NewNode, leading it from an idea to a deployed protocol with millions of users across three products. A molecular biologist by training, Marina has spent the last five years fighting and exposing internet censorship.

Notes & Resources

Internet shutdowns are a major tool of control for repressive governments. They are becoming a standard response to any kind of political issue.

2020: 159 shutdowns in 29 countries

Shutdowns however are not implemented perfectly and there are some weaknesses in them.

NewNode VPN is a peer-to-peer VPN solution and is available on iOS and Android.

  • NewNode VPN connects a user to a P2P server instead of connecting to a proxy like a traditional VPN.
  • The basis of the NewNode VPN is the NewNode protocol.
  • It’s an adaptable and uses whatever kinds of connections that are available. It will default to internet, but will also use local radio (wi-fi, bluetooth) connections for direct device-to-device connections.
  • Success of the tool depends on the number of connections. The more devices connected, the bigger the network.

In a shutdown, NewNode VPN can route around network blocks.

  • A 90% shutdown is still considered a shutdown, but that means there are still gaps in the shutdown.
  • Establishes shared connectivity; if one device can access a resource, it can be available to others on the network.

NewNode VPN Technical Details

  • Network consists of “peers”
  • Each phone running NewNode VPN is also a “peer”
  • DHT is used for peer discovery, like BitTorrent
  • Data comms between peers is with HTTPS over LEDBAT (dialect of HTTP)

NewNode Protocol Flow

  • Protocol will default to stronger connections first. So 4G and internet prior to using radio.
  • Data is stored locally for roughly a week.

Benefits of P2P Technology

  • Routes around shutdowns
  • Finds cracks in censorship
  • “Delay tolerant”
  • No proxy server so:
    • Nothing to block by IP or URL
    • No single location for snooping

NewNode Suite of Products

  • NewNode: Messenger on Android with iOS coming out this month.
  • NewNode VPN: mobile VPN on Android, iOS. Provides access to resources during shutdown
  • NewNode Kit: SDK for developers that want to incorporate NewNode P2P connections in-app.
    • Used by RFE, The Navalny App, Meduza, The True Story

Known Issues

  • Battery Life
    • Local radio connections consume more battery than cellular and wi-fi connections.
  • Android-to-iOS direct wireless connectivity can be unstable.

Technology Limitations

  • NewNode gets slower with fewer physical connections
  • NewNode is focused on censorship-resilience, not anonymity.
    • You can use it with other methods that provide anonymity, but the application and protocol do not provide that on their own.

Iran Use Case

  • Usage spiked in Iran during September protests, starting the 20th of September, along with increased downloads.

Shutdowns were not constant, but geographically focused and at different times.

The NewNode team has been working on P2P tech for over twenty years.

  • Worked on BitTorrent, FireChat, NewNode
    • FireChat was almost all public, not offering private, secured messaging for users.

Challenges to using P2P Technology in a Shutdown

  • The issue is not having these apps installed prior to an internet shutdown.

Decentralization

  • Essential property of the NewNode VPN is that it is decentralized.
  • The team needs help responding to questions around the security of decentralized networks.
  • There are short-term gains from centralization if you can spend money on servers, but it is less democratic.

You can run a NewNode VPN in solidarity with those facing censorship.

Q&A

What is the minimum amount of “peers” do you need to make this work?

  • The answer depends on the context of the question. If you have a media app, then it is worth it to incorporate it.
  • If you are using the NewNode messenger, then you need to have individuals to communicate with.
  • There is already an existing network.
    • They all use the same networks. So all of the NewNode messenger, VPN and SDK users have a potential connection.
  • You need at least one geographically located peer.
  • You can only do so much due to speed of connections etc. depending on the number of folks in your local proximity.
  • In practice, users have mentioned that the density of nodes is sufficient so that it has allowed users to access the internet in shutdowns.
  • Shutdowns are rarely full. It’s about 60 - 80% network incapacity.

Are chats on NewNode mobile messenger encrypted?

  • NewNode messenger chats are encrypted using the Signal encryption protocol between sender and recipient and use another layer of encryption (UTPlight) between hops on peers.

Is the vpn also based on the network created by peers or the basic one?

Is it possible to implement this on a raspberry or simply run it on a dedicated computer?

  • Not sure about the raspberry pi, but they would want to make that available. There is a desktop implementation, but it requires too much technical experience.

Was newnode affected by the App Store blocks in Iran?

  • To a degree. If an appstore is blocked, the apps won’t be made available.
  • There are alternative distribution platforms.
  • Distribution is a sensitive topic.

What languages are newnode messenger and vpn available in?

  • They have localization into several languages: Russian, Ukrainian, German, French, Farsi and a couple of more.
  • The interface is very simple for the VPN.
  • The messenger is able to support different scripts and keyboards.

Looking at your website (it's beautiful), it's not evident if there is documentation or guides available. I think digital security trainers or advocates working on/in internet shutdown places would definitely promote NewNode if there's robust documentation, and if it's available in different languages.

  • Creation of documentation is in progress.

Your FAQ mentions that you can be anonymous. But you previously mentioned that the app does not provide anonymity.

  • In the messenger you are anonymous, but with the VPN, you can leak your IP.

The used device itself doesn't share ID information?

  • The phone will share some information when it broadcast, and there is no way to avoid that.
  • There is a conflict with security and communication.

I'm then wondering if using a burner phone number can be enough to ensure user anonymity?

  • Yes, that would help

Really cool tech! And extremely necessary. I imagine it could be useful in places like Cuba where small parts of the population have DSL connections, and which the internet is really expensive.

  • There are users in Cuba through VOA, so there is a network there.