nthLink

The Power of nthLink

Safe and reliable access to the Internet is a powerful accelerator for people in authoritarian regions to realize their democratic aspirations. It is instrumental for at-risk populations to receive unbiased news, research issues, express political views, expose government misconducts, and communicate with other users without fear of persecution. The nthLink mobile application enables everyday users in censored regions to gain safer and unfettered access to the Internet.

Censorship Circumvention

Authoritarian governments use sophisticated Internet blocking and monitoring technologies to control the free flow of information. nthLink is built on the Jigsaw Outline and Shadowsocks technologies, which are proven to be effective in circumventing even the strictest Internet censorship systems.

With traffic masking, strong encryption, trusted DNS lookup, and automated IP switching, nthLink is a powerful tool for safer access to the unfettered Internet.

Self-recovery

If some or all server addresses are blocked, nthLink’s blocking recovery algorithm recalculates new access point addresses in real time based on the user’s location, device, time, and other information. No pre-allocated server addresses are stored on the client side, thus allowing users to reconnect to the nthLink network even if the users have not used the nthLink mobile app for an extended period.

Simplicity

Once installed, the nthLink mobile app does not require additional setup or registration. The user can connect his/her entire device to the nthLink VPN/Shadowsocks network with the push of a button. With nthLink’s automatic network discovery and blocking recovery, the mobile clients can reliably connect to the nthLink network at any time.

Privacy

nthLink client apps do not store sensitive or personal information on user devices. User information is never transmitted to nthLink servers, and nthLink servers never log traffic patterns that can be used to track personally identifiable information. The client IP addresses are hashed in the server security logs to identify only the country where the traffic is originated. The key is to maintain minimal user and traffic data, necessary to ensure reliable service to the users and provide transparency to partners and sponsors. If we do not have it, no one can steal it.

Security

nthLink utilizes the strongest industrially available encryption to keep user communications private and prevents censors from performing content/packet inspection.

Encryption Standards - nthLink encrypts communications between your device and the nthLink Server using the AEAD 256-bit Chacha2020 IETF Poly 1305 cipher. AEAD ciphers offer confidentiality, integrity, and authenticity, and exhibits excellent performance on modern hardware.

Security Audits - Two security audits were conducted on nthLink in 2019 and 2020 by Cure53, an independent digital security organization that review software against the latest security standards.

Excerpts from the audit reports:

“For this assessment, it needs to be noted that a rather strong attacker model was assumed for this project.”

“Carried out in late October and early November 2020, this project focused on the nthLink VPN App for Android, iOS, and in addition for Windows, and their respective security and privacy posture for end-users.”

“Cure53 has completed the fix verification following the penetration test and source code audit in late November 2020. The Cure53 team managed to verify all fixes that have been made available by the nthLink team. This means that all relevant and in-scope findings that Cure53 identified in the NTH-02 penetration test and source code audit are now successfully fixed and the fixes successfully addressed the reported vulnerabilities.”

You may request the audit reports as well as threat models by contacting the nthLink support team.

Third-Party Codes - nthLink uses third-part libraries.

Jigsaw's Outline client
CocoaLumberjack
badvpn
c-ares
libev-mingw
libev
mbedtls
newtonsoft
outline-go-tun2socks
pcre
sentry-android
sentry-cocoa
shadowsocks-libev
sodium
tap-windows6

Transparency

Government Requests for User Data - nthLink complies with government request for data only when compelled by an order of an U.S. court in accordance with applicable law and our terms of service. We carefully review each request received for legal sufficiency and we may reject or require greater specificity on requests that appear overly broad or vague. nthLink does not recognize any request by foreign government. We will publish relevant information annually, subject to certain limitations. As of now, nthLink has not received any government request for user data.

Usage Restrictions - nthLink prohibit users from distributing or downloading copyright infringed materials, child pornography, or other illegal contents in accordance to US laws through the nthLink network. nthLink may receive complaints from content owners, law enforcement agencies, or other sources, and we may block connections to/from certain IP addresses that are involved in the such illegal activities.

Open Source

nthLink is committed to the open source principle and will make the nthLink codebase available to the members of the Human Rights and Internet Freedom communities through trusted channels and to the general public. The nthLink client is released under the “3-Clause BSD License” (a.k.a. New BSD License). License terms of the “3-Clause BSD License” can be found on https://opensource.org/licenses/BSD-3-Clause. Please contact the nthLink support team to request access to the nthLink source code.