In a recent collaboration, the HardenedBSD Foundation has partnered with Protectli, a manufacturer of open-source firewall appliances, to develop a censorship- and surveillance-resistant mesh network. This project, supported by a donation of four FW4B devices from Protectli, aims to create a more private and secure internet experience for users.
The mesh network will be built upon HardenedBSD, a security-focused operating system derived from FreeBSD, and will utilise Protectli's FW4B devices as the foundational hardware. The project aims to leverage the strengths of both organisations to create a robust and secure network infrastructure.
One of the key features of this mesh network will be its resistance to censorship and surveillance. This will be achieved through several measures, including:
- Removal of packet capture tools: The special version of HardenedBSD used in the project will have tools like
libpcap
,tcpdump
, and BPF removed. This ensures that network operators cannot capture or store user data, increasing privacy and making it impossible to comply with data retention laws. - Encrypted inter-node communication: Connections between mesh nodes will be secured using robust encryption protocols like IPsec, WireGuard, or OpenVPN. This prevents eavesdropping on data transmitted within the network.
- Tor routing for internet access: All outbound internet traffic will be routed through the Tor network, adding an extra layer of anonymity and making it difficult to track user activity.
- Vetting of node operators: To maintain the integrity and security of the network, both node and Supernode operators will undergo a vetting process.
- Public Tor relay operation: Supernode operators will be required to run public Tor relays to contribute to the network's bandwidth and offset the impact of user traffic.
The HardenedBSD Foundation and Protectli are working towards a proof-of-concept implementation, with a projected timeline of January to February 2025. They are also collaborating with Aymeric Wibo, a Google Summer of Code contributor who is porting BATMAN-adv, a mesh networking protocol, to FreeBSD. This work will be integrated into a dedicated branch within HardenedBSD.
This partnership between HardenedBSD and Protectli could lead to a safer and more private internet, giving people greater control over their data and online activity. The use of a hardened operating system, combined with a focus on encryption and anonymity, aims to make this mesh network a viable option for those seeking to escape censorship and surveillance.
Related Read: