Our Max VPN: Technical Specs
So what is it that makes this product so secure that it rivals Tor? And presumably makes it worth paying hundreds of dollars a year to use? For the technically inclined, or the intellectually curious, we describe on this page some of the many techniques and features used in this ultra-secure network to safeguard both user data integrity and anonymity.
The following diagram may help in visualizing the network
topology. (Countries mentioned are for illustration purposes only.)
This refers to cryptographic algorithms applied to connections between the user's client and the network, as well as to connections between nodes within the network.
- OpenVPN (between your computer and the network): Algorithms based on TLS1.2. DH2048 for key agreement, RSA2048 for authentication, AES256-CTR and AES256-CBC for line encryption and SHA1/SHA256 for integrity protection.
- Inter-Network/Cascades: Connections within our networks are protected node-to-node by IPSec. For IPSec we use mediated key exchange to set keys on the nodes, based on DH2048 and the TLSv1 cyphersuite. RSA and DH key lengths are 2048 bit. For node-to-node tunnels we use AES256-CTR for encryption and SHA512 for integrity protection.
- OpenVPN: OpenVPN v2 in IP-Tunnel mode with relay protection enabled.
- IPSec: GRE protected by IPSec in transport mode with relay protection enabled.
These are heuristic strategies designed to help maximize user anonymity.
- Mixing: Used at both Entry-Termination cascades and inter-cascade connections. We use adaptive mix pools with a size of 100-2000 packets. Delays due to mixing are between 10ms minimum and 1000ms maximum.
- Crowding: We focus clients on as few cascades as possible to increase crowding. Minimum number of client connections to one cascade is 120 connections for entry nodes, 30 for termination nodes.
- Compression: Client-Cascade and Termination-Exit connections use adaptive compression. Optimizes throughput and makes traffic-based stream fingerprinting harder.
- Multiplexing: All traffic goes via single connections, no matter how many are tunneled over them. (Makes connection timing correlation much harder.)
- Integrity protection: All traffic uses integrity protection as well as access policies so that watermarked traffic will be discarded as soon as possible.
These are policies adopted to make it harder to associate user inputs with network outputs. (E.g. to break the correlation between, say, your clicking on a link and the request being sent to the website.) Breaking this association helps to defeat traffic analysis.
- IP Pool: All connections to a cascade are assigned with a new IP from a LILO-biased randomized IPPool.
- Non-unique IP addresses: All IPs are shared between all cascades, making after-the-fact analysis harder.
- Per connection assignment: Public IP addresses are assigned based on decaying table lookups keyed with nonce, source and destination address. IP address pools for public addresses are optimized by load.
- Late assignment: Public IP addresses are assigned on the exit nodes only, and independent from entry node affiliation.
- Jurisdiction-aware routing: Exit node selection takes the jurisdiction of the destination into account. Connections do not exit the network through an exit node in the same jurisdiction.
Separation of Concerns
These strategies are utilized to make the network's operation harder to attack in a business or legal sense.
- Multi-hop connections: Client-Internet connections always travel at least two hops.
- Node jurisdiction: Entry and Termination Nodes are not operated by the same legal entities and are not located in the same jurisdiction.
- IP association: Entry nodes only know the original IP address of the connection but do not have access to the contents or the destination information of the connection.
- Out-of-band authentication: Token-based authentication is used. Tokens are issued by a party not operating any other parts of the network, with no information directly linkable to client identity.
- Session tokens: Each session uses a new set of tokens, so the network cannot correlate sessions.
- Authentication: Authentication is done exclusively at the Termination Nodes, with no information about the original source.
- Traceback protection: Nodes employ traceback protection methods to prevent termination nodes measuring distance and/or path to a client. These include packet sanitation, TTL (time-to-live) fixing and egress delays.
- PKI: The network uses its own independent Public Key Infrastructure. This implies keys cannot be counterfeited by an adversary with access to a captive Certificate Authority.
Don't live your life "electronically naked!" Take action by subscribing today!