Ceno, browse the web without internet access

▲ Ceno, browse the web without internet access(ceno.app)

63 points by mohsen1 7 hours ago | 19 comments

▲ mrbluecoat 7 minutes ago | parent | next [-]

Bad title.

Better executive summary: "A browser that lets you bypass censorship via BitTorrent-based residential proxies and Ceno-owned proxies"

▲ DoctorOW an hour ago | parent | prev | next [-]

> What's the difference between using the Tor and Ceno browsers?

> Unlike Tor Browser, Ceno Browser is not a tool for anonymity, which is Tor's primary purpose. In the Tor network, network traffic is encrypted and routed through a network of relays run by volunteers, and appears to originate from the IP address of an exit node. Tor is an excellent option for privacy from Internet surveillance and website operators. If it works in your network environment, we recommend it, provided that you've also read their support documentation.

> Ceno's primary distinction from a VPN is that it does attempt to route all of your website requests through the decentralized network. When a website is available without restriction, Ceno will simply connect to it like a normal web browser. Also, Ceno users cache and share content with each other. This reduces the strain on censorship circumvention nodes and improves deliverability.

source: https://ceno.app/en/faq.html

▲ olalonde an hour ago | parent | prev | next [-]

Isn't this essentially a "free" proxy where the install base also act as exit nodes? It's a common pattern among "free" VPN services and kinda risky.

▲ keyle 4 hours ago | parent | prev | next [-]

     In Public mode, Ceno will look into the BitTorrent network to see if another Ceno user has recently shared the requested page. If the service can identify the requested page, it will retrieve that page from another user's device. If the content is not available, Ceno will contact several Injectors to request that website and have it delivered to you.

     In Personal mode, you will only contact the Injectors to have that website fetched and delivered to you. The search will not connect to the BitTorrent network and will not attempt to locate the content on other users' devices.

    To ensure that your Ceno client can always contact an Injector, we have also created Bridges. If the Injectors are blocked on your network, the Ceno app will look for available Bridges, who will forward your request to the Injectors. The Ceno network currently features around 6,000 Bridges. Their number is always growing.

So on the one side it's some kind of shared cache of website resources, and on the other some kind of distributed tor-like edge network?

Quite clever! I wonder if it works well though, and if there is a risk of content injection by adversaries.

▲ Springtime 40 minutes ago | parent | prev | next [-]

I think the relevant use case for this are places like Russia (one is even quoted in the testimonials) where I've seen concern about the country isolating itself from the outside internet, due to the various regional tests actually trialling this.

I've seen such users ask about ways to prepare storing outside data in the event it becomes permanent. Some have suggested mesh networks, others downloading Wikipedia and torrenting things.

So it seems that this is useful where internet is still available but is restricted at say the ISP level. It seems to be a browser that when a page is unavailable it checks for Ceno torrents of the page from other users and serves that instead.

▲ voidUpdate 4 hours ago | parent | prev | next [-]

Am I reading this right? You do still need internet access, to actually retrieve the page from someone else. Also I'm not sure how this will reduce data costs. Do providers charge different amounts for getting data from different servers? The same amount of data is still going into your device, it's just coming from somewhere else than usual

▲

mlnj 4 hours ago | parent [-]

It seems to be a way to circumvent censorship.

▲

voidUpdate 3 hours ago | parent [-]

They probably want to tone down their marketing claims then, since it doesn't let you browse the web without internet access. It lets you browse webpages that would be blocked in your area

▲

behehebd 2 hours ago | parent | next [-]

I thought this was going to be some kind of wifi or bluetooth mesh

	▲	voidUpdate 2 hours ago \| parent [-]
		Me too, or some kind of offline caching system that automatically downloads your commonly visited websites or something

▲

johnisgood 3 hours ago | parent | prev | next [-]

I agree. "Cut off" and "without internet access" != censored. They should have worded it better. The title is the worst.

▲

mexicocitinluez an hour ago | parent | prev [-]

I had the exact same thought and it wasn't until navigating to their FAQ did it become apparent what they were actually selling.

"Browse the web without internet access" is either purposely misleading or written by someone who doesn't understand the tech they're marketing.

▲

mohsen1 38 minutes ago | parent [-]

in Iran there's a funny situation where you're connected but not to the internet. if that makes sense.

	▲	voidUpdate 31 minutes ago \| parent [-]
		Are you still able to access Iranian servers, or is all traffic blocked? I'd class "The servers in Iran" as still a part of the internet

▲ mohsen1 an hour ago | parent | prev | next [-]

This is a life saver in Iran right now. Maybe only 0.01% have access to internet using Starlink

▲ lxgr an hour ago | parent | prev | next [-]

“Browse the web with partially censored Internet access” would be more honest, it seems.

▲ gr__or 2 hours ago | parent | prev | next [-]

thinking out loud: it'd be great if web servers could sign their responses+timestamp, so you could guarantee getting the right content even through such intermediaries

	▲	0x62 an hour ago \| parent [-]
		This already exists in a limited form as Signed HTTP Exchanges. It's intended primarily for caching and serving content from CDNs, but associating with the origin host. https://www.ietf.org/archive/id/draft-yasskin-http-origin-si...

▲ karel-3d 4 hours ago | parent | prev [-]

How is Ceno making sure someone is not poisoning the cache?

edit: I try to read the paper and it's just referencing some RFC, which is not making me smart at all.

Again, how am I sure that when I am reading something from the cache, it's really serving what the site was serving somewhere else, and the person saving it there didn't modify it? Is it signed by the original page SSL cert?

edit2: ahh the "injector server", which is run by Ceno, retrieves the page and signs it. So you are moving the trust to Ceno and the central Ceno server actually does the browsing...? So the injectors can just see all the traffic? But that's inevitable I guess, someone needs to see the traffic