Connect to xx Network
The Haven Web application downloads and runs in your browser, from which it connects to community-operated xx Network gateway nodes.
Haven's end-to-end encryption happens in the browser, and metadata protection on xx Network.
Haven clients to not connect to each other
Unlike with Bittorrent or some other networks, xx Network clients do not connect to each other. They don't need to use the same Haven Web application server either.
In this diagram peers A and B may participate in the same space or DM to each other, and yet they may be doing that on different Haven Web servers.
xx Network'x cMixx mixnet mixes all messages and stores them for users for a period of 21 days.
xx Network is a blockchain-based P2P network as far as network validators are concerned. But to each individual Haven user, xx Network is a distributed service with xx Gateway nodes as API endpoints - Haven users don't need to be aware of xx chain.
In the above diagram, person A and person B only need to know one another's Haven codename to exchange messages (and soon files) through xx Network. They don't need to be online at the same time, and they don't need to know each other's IP address.
Connectivity choices
Depending on several factors, many combinations are possible for self-managed server at home or in the cloud, and 3rd party Haven Web server.
This is not an exhaustive list:
| Proxy | Haven Web | xx Network |
|---|---|---|
| - | home, direct | direct |
| - | cloud (own), direct | direct |
| - | 3rdParty, direct | direct |
| Tor (Socks5) | home, direct | indirect |
| Tor (Socks5) | cloud (own), indirect | indirect |
| Tor (Socks5) | 3rdParty, indirect | indirect |
| VPN | home, direct | indirect |
| VPN | cloud (own), indirect | indirect |
| VPN | 3rdParty, indirect | indirect |
Haven users can't run own xx Network gateway server or connect to one particular gateway - that's where trustless metadata stripping and shredding happens.
Some networks may allow you to run own gateways, but xx Network does not. You may use
Access Haven from your browser
Approaches in terms of privacy and security:
- Hosted by trusted third party
- Regular privacy: visit the official xx Network-hosted instance of Haven. This option exposes your client IP to the operator (The xx Foundation).
- High privacy: use a Socks5 proxy to access Haven Web app and xx Network over Tor network or VPN. This option hides your client IP from the server operator, but also your client IP from community-operated xx Network gateways.
- Self-hosted server (at home or in the cloud)
- Enhanced privacy: deploy your own instance of Haven Web app. Your client IP is known to community-operated xx Network gateways, but everything else is encrypted.
- Top privacy: host own instance and access xx Network gateway nodes via Tor Network or VPN. This doesn't identify you to the Haven Web site owner or 3rd parties as a Haven user, and also hides your client IP from community-operated xx Network gateways.
Trusted Haven Web server
The main idea here is to avoid using Haven Web site on a compromised or malicious server.
"Trusted" is a relative term but, assuming the official Haven site is trusted, you may use speakeasy.tech.
Additional examples of a trusted Haven Web server would be a Haven Web server running at friends home.
Self-managed Haven instance
-
Run Haven on own Linux server or VM, cloud-based or own
- Use Haven container on Docker or Podman, or
- Install Haven Web app on Node.js
-
Access Haven over Tor network using Socks5 proxy
- Tor Socks5 proxy
- Arti Socks5 proxy
Haven administrator's guide has information related to deploying and operating own Haven Web server.
If your environment doesn't have a shared Tor or Arti Socks proxy, you may be able to run your own.
To use a Tor Socks5 proxy, install Tor Browser. Then enable and start Tor service.
For Arti, download it, build, and run.
arti proxy
Use your regular browser to connect to Tor or Arti Socks proxy using something like socks5://localhost:9150 (localhost-based proxy) or socks5://proxy.local:9150 (shared or dedicated LAN instance).
Example with Chromium-based browsers:
brave-browser --proxy-server=socks5://proxy.local:9150
If your Haven Web server runs locally or can be trusted, bypassing Socks proxy for that host may load Haven faster. That usually can be changed in your browser's proxy settings.