Network Architecture

Macro Browser's network architecture is built with privacy and security as core principles. The centerpiece of this architecture is a built-in peer-to-peer VPN that provides enhanced privacy without relying on centralized servers.

Architecture Overview

P2P VPN Architecture

The P2P VPN component is a core feature of Macro Browser that provides privacy protection by routing traffic through a decentralized network of peers.

Key Components

1. VPN Controller

Central management component for the VPN functionality:

User Interface Integration: Provides controls for enabling/disabling the VPN
Connection State Management: Tracks and manages the VPN connection state
Configuration Handling: Manages user-defined VPN settings
Diagnostic Tools: Provides troubleshooting and connection quality information
Split Tunneling: Controls which traffic goes through the VPN

2. Peer Discovery

Responsible for finding and connecting to peers in the network:

Bootstrap Process: Initial connection to the peer network
DHT (Distributed Hash Table): Decentralized peer discovery mechanism
NAT Traversal: Techniques for connecting peers behind firewalls/NATs
Peer Verification: Validates peer authenticity and integrity
Peer Metadata: Collects and shares non-identifying peer information

3. Encryption Layer

Ensures all traffic is securely encrypted:

WireGuard Protocol: Modern, high-performance VPN protocol
Key Management: Secure generation and storage of encryption keys
Perfect Forward Secrecy: Ensures past communications remain secure
Crypto Primitives: ChaCha20, Poly1305, Curve25519, BLAKE2s
Handshake Mechanism: Secure connection establishment

4. Routing Engine

Determines the optimal path for network traffic:

Multi-hop Routing: Routes traffic through multiple peers for enhanced privacy
Path Selection Algorithm: Balances privacy, latency, and reliability
Circuit Building: Establishes and maintains relay circuits
Congestion Control: Manages traffic to avoid bottlenecks
Dynamic Rerouting: Adapts to changing network conditions

5. Peer Management

Handles the relationship with other peers in the network:

Peer Ranking: Rates peers based on reliability and performance
Connection Pooling: Maintains a pool of available peer connections
Resource Allocation: Manages bandwidth and processing resources
Blacklisting: Excludes unreliable or malicious peers
Peer Rotation: Periodically changes peers to enhance privacy

6. Crypto Payment System

Facilitates the incentive mechanism for peer participation:

Micropayments: Small payments for bandwidth usage
Payment Channels: Efficient off-chain payment processing
Earning Model: Mechanism for peers to earn by sharing bandwidth
Transparent Pricing: Clear cost structure for network usage
Optional Participation: Users can choose whether to participate

Technical Implementation

Network Stack

WireGuard Integration

The VPN is built on the WireGuard protocol with custom extensions for P2P operation:

// Example of WireGuard configuration
interface WireGuardConfig {
  privateKey: string;          // Local private key
  publicKey: string;           // Local public key
  peers: Array<{
    publicKey: string;         // Peer public key
    allowedIPs: string[];      // IPs routed through this peer
    endpoint?: string;         // Optional fixed endpoint
    keepalive?: number;        // Keepalive interval in seconds
  }>;
  listenPort?: number;         // Local listen port
  interfaceAddress: string[];  // Interface addresses (IPv4/IPv6)
  dns?: string[];              // DNS servers
}

// Example of generating a WireGuard configuration
function generateWireGuardConfig(peers: PeerInfo[]): WireGuardConfig {
  // Generate key pair if not already available
  const keyPair = getOrGenerateKeyPair();

  // Map peers to WireGuard peer format
  const wireGuardPeers = peers.map(peer => ({
    publicKey: peer.publicKey,
    allowedIPs: peer.allowedIPs,
    endpoint: peer.hasStaticEndpoint ? peer.endpoint : undefined,
    keepalive: peer.requiresKeepalive ? 25 : undefined
  }));

  return {
    privateKey: keyPair.privateKey,
    publicKey: keyPair.publicKey,
    peers: wireGuardPeers,
    interfaceAddress: ["10.10.0.2/16", "fd86:ea04:1115::2/64"],
    dns: ["10.10.0.1"]
  };
}

Peer Discovery and Management

// Example of peer discovery implementation
class PeerDiscoveryManager {
  private bootstrapNodes: string[];
  private dht: DistributedHashTable;
  private peerPool: PeerPool;
  private networkConstraints: NetworkConstraints;

  constructor(bootstrapNodes: string[], networkConstraints: NetworkConstraints) {
    this.bootstrapNodes = bootstrapNodes;
    this.networkConstraints = networkConstraints;
    this.dht = new DistributedHashTable();
    this.peerPool = new PeerPool();
  }

  async initialize(): Promise<void> {
    // Connect to bootstrap nodes
    for (const node of this.bootstrapNodes) {
      try {
        await this.dht.connect(node);
      } catch (error) {
        console.error(`Failed to connect to bootstrap node ${node}:`, error);
      }
    }

    // Start peer discovery
    await this.discoverPeers();
  }

  async discoverPeers(): Promise<PeerInfo[]> {
    // Find peers that match our requirements
    const peerCandidates = await this.dht.findPeers({
      minBandwidth: this.networkConstraints.minBandwidth,
      maxLatency: this.networkConstraints.maxLatency,
      regions: this.networkConstraints.preferredRegions,
      minReputationScore: this.networkConstraints.minReputationScore
    });

    // Verify and test peers
    const verifiedPeers = await Promise.all(
      peerCandidates.map(async peer => {
        const isVerified = await this.verifyPeer(peer);
        if (!isVerified) return null;

        const connectionQuality = await this.testPeerConnection(peer);
        if (connectionQuality < this.networkConstraints.minConnectionQuality) return null;

        return {
          ...peer,
          connectionQuality
        };
      })
    );

    // Filter out failed verifications and add to peer pool
    const goodPeers = verifiedPeers.filter(Boolean) as PeerInfo[];
    this.peerPool.addPeers(goodPeers);

    return goodPeers;
  }
}

Data Flow

Connection Establishment

Traffic Routing

Security Considerations

The P2P VPN architecture addresses several security concerns:

Traffic Analysis Resistance: Multi-hop routing prevents any single node from seeing both source and destination
No Central Point of Failure: Decentralized architecture eliminates single points of failure
Encryption: All traffic is encrypted end-to-end
No Logging: No central servers to store connection logs
IP Masking: User's real IP address is hidden from destination websites
Forward Secrecy: Session keys ensure past sessions remain secure if keys are compromised
Malicious Peer Protection: Peer verification and reputation system mitigates malicious peers

Performance Optimization

Several techniques ensure the P2P VPN maintains good performance:

Intelligent Peer Selection: Choose optimal peers based on latency, bandwidth, and reliability
Connection Reuse: Maintain connections to reduce handshake overhead
Adaptive Quality of Service: Prioritize interactive traffic over background transfers
Parallel Connections: Use multiple connections for improved throughput
Local Caching: Cache DNS and other repetitive requests locally
Optimized Protocols: Efficiency-focused protocol design
Bandwidth Management: Control bandwidth usage to avoid congestion

User Configuration Options

Users can customize the VPN behavior:

Connection Mode: Balance between speed and privacy (more relays = more privacy but higher latency)
Trusted Networks: Define networks where VPN activates/deactivates automatically
Split Tunneling: Choose which apps or sites bypass the VPN
Exit Region Preferences: Select preferred regions for exit nodes
Bandwidth Limits: Control bandwidth contribution when acting as a relay

PreviousWeb3 Integration NextData Flow & Security

Last updated 7 months ago

hashtagArchitecture Overview

hashtagP2P VPN Architecture

hashtagKey Components

hashtagTechnical Implementation

hashtagNetwork Stack

hashtagWireGuard Integration

hashtagPeer Discovery and Management

hashtagData Flow

hashtagConnection Establishment

hashtagTraffic Routing

hashtagSecurity Considerations

hashtagPerformance Optimization

hashtagUser Configuration Options