# Privacy-Model *** ### Privacy Architecture ``` ┌─────────────────────────────────────────────────────────────────────┐ │ NØNOS PRIVACY LAYERS │ └─────────────────────────────────────────────────────────────────────┘ ┌─────────────────────────────────────────────────────────────┐ │ Layer 4: Application Privacy │ │ • Tracker blocking • Fingerprint protection • Cookie mgmt │ └─────────────────────────────────────────────────────────────┘ │ ┌─────────────────────────────────────────────────────────────┐ │ Layer 3: Identity Privacy │ │ • ZK Identity proofs • Ephemeral pseudonyms • Key rotation │ └─────────────────────────────────────────────────────────────┘ │ ┌─────────────────────────────────────────────────────────────┐ │ Layer 2: Content Privacy. │ │ • Cache mixing • AES-GCM encryption • Unlinkable requests │ └─────────────────────────────────────────────────────────────┘ │ ┌─────────────────────────────────────────────────────────────┐ │ Layer 1: Network Privacy (via Anyone Network) │ │ • Onion routing • Multi-hop relay • IP masking │ │ (Handled by separate Anyone Network, not NONOS nodes) │ └─────────────────────────────────────────────────────────────┘ ``` *** ### Zero-Knowledge Identity #### What It Does ? ZK Identity allows you to prove membership in a group without revealing which member you are. #### How It Works ``` ┌──────────────────────────────────────────────────────────────────────┐ │ ZK IDENTITY SYSTEM │ └──────────────────────────────────────────────────────────────────────┘ Identity Creation Identity Proof ───────────────── ────────────── ┌─────────────┐ ┌─────────────┐ │ Secret │ │ Secret │ │ (private) │ │ (private) │ └──────┬──────┘ └──────┬──────┘ │ │ ▼ ▼ ┌─────────────┐ ┌─────────────┐ │ Poseidon │ │ Poseidon │ │ Hash │ │ Hash │ └──────┬──────┘ └──────┬──────┘ │ │ ▼ ▼ ┌─────────────┐ ┌─────────────┐ │ Commitment │ ◄── Same Value ──► │ Proof I'm │ │ (public) │ │ in Merkle │ └──────┬──────┘ │ Tree │ │ └──────┬──────┘ ▼ │ ┌─────────────┐ │ │ Merkle │ │ │ Tree │ ◄─────────────────────────── │ (on-chain) │ └─────────────┘ Result: Prove you're a valid member without revealing WHICH member ``` *** #### Technical Details | Component | Implementation | Purpose | | ----------------- | -------------- | --------------------------- | | **Hash Function** | Poseidon | ZK-friendly hash | | **Tree Type** | Sparse Merkle | Efficient membership proofs | | **Tree Depth** | 20 levels | Supports 2²⁰ identities | | **Proof Size** | \~256 bytes | Compact verification | *** #### Privacy Properties * **Anonymity**: Cannot link proof to specific identity * **Unlinkability**: Multiple proofs cannot be connected * **Non-repudiation**: Valid proofs prove membership * **Revocability**: Identities can be removed from tree *** ### Cache Mixing #### Problem: Cache Timing Attacks Without protection, caching reveals browsing patterns: ``` UNPROTECTED CACHE: Request "site-A.com/page" → Cache MISS → Attacker knows: "New visit" Request "site-A.com/page" → Cache HIT → Attacker knows: "Repeated visit" Pattern emerges: User visits site-A daily at 9am ``` #### Solution: Encrypted, Mixed Caching ``` ┌──────────────────────────────────────────────────────────────────────┐ │ CACHE MIXING │ └──────────────────────────────────────────────────────────────────────┘ Your Request Other Users' Requests │ │ ▼ ▼ ┌─────────────────────────────────────────────────────────┐ │ MIXING POOL │ │ │ │ Request A ──┐ │ │ Request B ──┼──► Shuffle + Encrypt ──► Cache Store │ │ Request C ──┘ │ │ │ └─────────────────────────────────────────────────────────┘ │ ▼ ┌─────────────────────────────────────────────────────────┐ │ ENCRYPTED CACHE │ │ │ │ AES-GCM(key₁, data₁) AES-GCM(key₂, data₂) ... │ │ │ │ • Each entry encrypted with unique key │ │ • Keys derived from content + randomness │ │ • No plaintext metadata │ │ │ └─────────────────────────────────────────────────────────┘ Result: Observer cannot determine: - Which cached content you accessed - When you accessed it - How often you access it ``` *** #### Technical Implementation ```rust // Cache key derivation cache_key = HKDF( content_hash, // What's being cached random_nonce, // Prevents pre-computation "nonos-cache" // Domain separation ); // Cache entry encrypted_data = AES-GCM( key = cache_key, nonce = random_12_bytes, plaintext = content, aad = timestamp // Prevents replay ); ``` *** ### Tracking Protection #### Blocked Trackers NØNOS blocks tracking at multiple levels: | Level | Protection | Examples Blocked | | ----------- | ------------------ | ----------------------------------------- | | **Network** | DNS-level blocking | Analytics domains, ad networks | | **HTTP** | Header stripping | Referrer, cookies, fingerprinting headers | | **Script** | Pattern matching | Tracking pixels, beacon scripts | | **Storage** | Isolation | Cross-site cookies, localStorage | *** #### Fingerprint Protection Browser fingerprinting techniques blocked: ``` ┌────────────────────────────────────────────────────────────────────┐ │ FINGERPRINT PROTECTION │ ├────────────────────┬───────────────────────────────────────────────┤ │ Canvas │ Randomized rendering output │ │ WebGL │ Standardized vendor/renderer strings │ │ Audio │ Noise injection in audio context │ │ Screen │ Reported standard resolution │ │ Fonts │ Generic font enumeration │ │ User-Agent │ Normalized, rotating user agent │ │ Timezone │ Configurable (default: UTC) │ │ Language │ Configurable (default: en-US) │ │ Hardware │ Generic CPU/memory reporting │ └────────────────────┴───────────────────────────────────────────────┘ ``` *** ### Network Privacy > **Important**: Traffic routing (onion/multi-hop routing) is handled by **Anyone Network**, a separate project. NONOS nodes provide cryptographic privacy services for the browser, NOT traffic routing. #### How Network Privacy Works The NØNOS browser achieves network privacy through integration with Anyone Network: ``` ┌──────────────────────────────────────────────────────────────────────┐ │ NETWORK PRIVACY ARCHITECTURE │ └──────────────────────────────────────────────────────────────────────┘ ┌──────────────────────────────────────────────────────────────────┐ │ NOXONE BROWSER │ │ └─► NONOS Daemon (ZK identity, cache mixing, tracker blocking) │ └──────────────────────────────────────────────────────────────────┘ │ ▼ ┌──────────────────────────────────────────────────────────────────┐ │ ANYONE NETWORK (separate project) │ │ └─► Onion routing, multi-hop relay, IP masking │ └──────────────────────────────────────────────────────────────────┘ │ ▼ ┌──────────────────────────────────────────────────────────────────┐ │ DESTINATION │ └──────────────────────────────────────────────────────────────────┘ ``` *** #### Encryption Layers | Layer | Protocol | Purpose | | ------------- | ------------------ | ---------------------------------- | | **Transport** | Noise (XX pattern) | P2P link encryption (NONOS) | | **Routing** | Onion encryption | Multi-hop privacy (Anyone Network) | | **Content** | AES-GCM | Cache encryption (NONOS) | *** ### Threat Model #### What NØNOS protects against | Threat | Protection Level | How | | -------------------------- | ---------------- | ----------------------------------------- | | **Website tracking** | Strong | Tracker blocking, fingerprint protection | | **Cross-site linking** | Strong | ZK identity, cache mixing | | **Browser fingerprinting** | Strong | Fingerprint protection, normalized values | | **Cache timing attacks** | Strong | Encrypted cache with mixing | | **Identity correlation** | Strong | ZK proofs, ephemeral pseudonyms | | **ISP surveillance** | Strong | Via Anyone Network integration | #### What NONOS Does NOT Protect Against | Threat | Limitation | Recommendation | | --------------------------- | ----------------------------------- | --------------------------------- | | **Traffic routing** | NONOS doesn't route traffic | Use Anyone Network for IP privacy | | **Compromised device** | Cannot protect local data | Secure your device | | **User error** | Logging into accounts de-anonymizes | Separate identities | | **Advanced timing attacks** | Requires additional protection | Use Anyone Network | *** ### Privacy Configuration #### Default Settings (Recommended) ```toml [privacy] # NONOS Privacy Services zk_identity = true cache_mixing = true tracker_blocking = true fingerprint_protection = true # Data retention local_history = false cache_duration_hours = 24 # Note: Traffic routing is configured in Anyone Network settings ``` *** #### Performance Mode ```toml [privacy] # Balanced privacy/performance zk_identity = true cache_mixing = false # Disable for faster caching tracker_blocking = true fingerprint_protection = true ``` *** ### Comparison to Other Solutions | Feature | NØNOS | Tor | VPN | Regular Browser | | ------------------------ | ----- | ---- | ---- | --------------- | | **No central authority** | ✓ | ✓ | ✗ | ✗ | | **ZK identity proofs** | ✓ | ✗ | ✗ | ✗ | | **Tracker blocking** | ✓ | ✗ | ✗ | Partial | | **Cache privacy** | ✓ | ✗ | ✗ | ✗ | | **Economic incentives** | ✓ | ✗ | ✗ | ✗ | | **Performance** | Good | Slow | Fast | Fast | *** > **Learn More**: See Cryptographic Primitives for implementation details.