Security
Is traffic routed through MASQ Node encrypted?
ABSOLUTELY - all traffic inbound and outbound is encrypted and other nodes in the network cannot neither inspect the contents, nor identify the route of the data through the network.
This is arguably what stands out most about the MASQ Network technology when compared to other VPN, dVPN solutions (many are simply end-to-end client-server tunnels) or even Tor.
MASQ Node routes requests through a number of peers in hops but has the following dynamics for underlying network security:
All HTTPS consuming traffic is already encrypted normally through the way modern Internet protocol operates.
Uniquely in MASQ Network, the consuming traffic is encrypted by the TLS handshake between the browser and the server – all the CORES packages are encrypted with the keypairs your Node is using for Network traffic.
The request payload is encrypted for the exit node ONLY and the response payloads are encrypted for the consuming origin ONLY.
Only a node directly connected to you (your immediate neighbor) will know your IP address. The only other identifier that could be known on the network is your Node's public key. Therefore, MASQ Node won't link any of the following together beyond your neighbors:
IP address
Consuming wallet
Earning Wallet
Node descriptor
Important to note: Consuming wallet is never part of any Gossip record
Unless you use the same wallet for both Consuming and Earning, no party but you will be able to directly associate your consuming wallet with your Node public key.
As the network grows and becomes available there will be a time when outside forces will want to intercept or prevent the network from being utilized in the way it was intended. To create another barrier to prevent malicious intent, data packages will be wrapped in a mask – this is referred to as ‘clandestine routing'
The first mask will be basic encryption methods used today – these masks will provide an extra layer of security similar to typical HTTPS traffic.
As development of more in-depth features for the network continues the goal is to create clandestine routes. Each CORES package will be wrapped in a layer of obscurity that will resemble different types of traffic.
Normally, traffic patterns viewed over time can be distinguishable. By masking packages in random traffic patterns, it deters typical packet sniffing and traffic analysis methods, and prevents the blocking of requests.
This entire layer will wrap around CORES packages and its various components before being handed off to other nodes
When a live public MASQ Network is built, MASQ tokens can be earned through routing requests across the network.
As of Jan 2020 the Network is in Test phase with Alpha testers, so all accounting is done on the Ropsten Test Network with SHRD tokens.
MASQ Node operates for each user with two wallets specified:
Consuming Wallet – used to pay for services used by the user on the Network
Earning Wallet – used to store the payments for requests provided to other users on the Network
Users can specify an earning wallet address in the Node software to direct your earnings.
Much like ‘balancing the booksʼ in accounting, the Node software makes use of an inbuilt Accountant Module. This module keeps track of payables (consuming traffic) and receivables (serving traffic) and will action payments when certain thresholds are reached.
The amounts are currently not exact as it is still in testing phase.
The Accountant Module scans the neighborhood every hour, and debts are to be paid each 24 hours.
This is cleverly designed by the Developers.
The Accountant Module also keeps track of the balances of consuming wallets that are connected to you and your neighborhood. If debts are not paid after certain thresholds, then that node will be banned from consuming traffic on the network.
Also, if a Node neighbor is trying to run Node without a consuming wallet specified or a wallet that does not have ETH or MASQ (in test-net it detects ROP & SHRD), then they will also be banned. In most cases, Node simply wonʼt start on your machine if the wallets are not configured correctly.