As a user of online services, we often face a choice between either our privacy or an easy-to-use personalized online service. This is a choice we shouldn’t have to make. That’s why Qwant is launching the alpha version of its new open source technology called Masq by Qwant. Its goal is to store the user’s personal data locally on the device and use it to offer a personalized experience.
Qwant Maps is the first of our services that integrates Masq by Qwant. Masq by Qwant can be used when you want Qwant Maps to save your home address, your workplace or your favorite restaurant without Qwant or any other third party accessing that information.
To add those favorite places to Qwant Maps, the user can activate Masq and create a local profile.
Interactions between Masq and Qwant Maps
When Masq is first activated from Qwant Maps, a database is created and replicated between Qwant Maps and Masq. The two instances of that database are synced in real time whenever a Masq window and a Maps window are opened at the same time. The synchronization is done through an encrypted and decentralized connection using the WebRTC protocol.
To protect the data stored in that database, Masq generates a 128 bit AES key* which will be sent to Qwant Maps at each Masq activation. That key is used by Qwant Maps to encrypt data stored to the database using the AES-GCM algorithm. Qwant Maps does not save that key which means it will be lost at each Masq deactivation by the user. The database will then be unusable until the next Masq activation to retrieve the encryption key from Masq. The encryption key is of course stored by Qwant Masq which means its storage has to be protected.
Data Encryption in Masq
Data stored by Qwant Masq is encrypted on the user’s device using the AES-GCM algorithm with a 128 bit key called Master Key (MK). The MK is also stored on Masq by Qwant and protected with a different key called Key Encryption Key (KEK). This key is derived from the user password using the key derivation function called PBKDF2. This offers an end-to-end encryption which guarantees that no one including Qwant can access data stored on Masq.
It is then important to note that it will be impossible to generate a new password for the user, the password must not be forgotten.
All communications between Qwant Maps and Masq go through a peer-to-peer WebRTC connection : fr.wikipedia.org/wiki/WebRTC
For two devices to initialize a peer-to-peer connection, they must first exchange some information needed to communicate directly between them. A signalling server is used for that purpose. Both devices connect to that known rendez-vous point and exchange information such as the IP/port through which the other peer will be able to contact them.
NAT and STUN
When one of the peer is behind a NAT, it doesn’t necessarily know through which public IP/port the other peer will be able to contact it. The peer can then send a request to a STUN server (hosted by Qwant in the case of Masq) which will be able to tell the peer the kind of NAT that is used and the public IP/port the NAT mapped to him.
The peer will then be able to send that information to the other peer through the signalling server.
Symmetric NAT and TURN
When a peer is behind a symmetric NAT, the public IP/port mapped to a peer depends not only on the local IP/port of the peer but also on the IP/port of the destination. This means that when a peer A behind a symmetric NAT requests its public IP/port to the STUN server, it will receive the IP/port mapped for a connection between peer A and the STUN. That public IP/port will not be usable by peer B to initiate a connection with peer A. The solution offered by the WebRTC protocol in this case is the usage of a TURN server (hosted by Qwant for Masq) which will act as an encrypted data relay to peer A. Peer A will ask the TURN server for an IP/port that peer A will be able to send peer B as its own. All connections established between that IP/port on the TURN server and peer B will be relayed to peer A.
WebRTC between Qwant Maps and Masq by Qwant
In most cases Masq by Qwant and Qwant Maps will communicate through a WebRTC connection through the local network. They will exchange their local IP through the signaling server to initialize a connection.
In some cases the WebRTC connection through the local network is forbidden, for example in the Safari browser on MacOS. The connection will then have to go through the public network and can need the STUN or TURN servers.
An open-source project
Masq is made up of two open-source components :
- Masq-app : the web application users open to create their local profile and manage their applications.
What is next for Masq by Qwant ?
The alpha version of the product is launched today offering for now only the synchronisation of favorite places on Qwant Maps. We are currently working on improving Masq and integrating it with the other services that Qwant offers. It could for example be integrated to the search engine to improve auto completion, suggestions or even the relevance of search results.
In a future version Masq could offer the peer-to-peer synchronization of a profile between a user’s devices.
This article was written by the Masq Team: Charlotte, Geoffrey, Levent and Sujeeban.
*The size of the AES encryption key is not a definitive choice, we will determine a key size according to the different benchmarks that will be achieved (security/performance compromise). A 128-bit key provides sufficient security today.