I’ve been analyzing the current state of "secure" messaging, and my recent tests with Signal have highlighted some persistent vulnerabilities inherent to any stack relying on standard TCP/IP.
-
I’ve been analyzing the current state of "secure" messaging, and my recent tests with Signal have highlighted some persistent vulnerabilities inherent to any stack relying on standard TCP/IP. Even with strong encryption, metadata leakage at the ISP/CDN level and the reliance on kernel-level interfaces like TUN/TAP remain significant privacy bottlenecks.
I’m curious to discuss the feasibility of a user-space only stack built in Rust that completely decouples identity, addressing, and transport to mitigate these leaks. My current architectural hypothesis involves an identity layer using hardware-backed Zero-Knowledge Proofs—via TEE or zkVM—to handle authentication without persistent identifiers or central registries. For addressing and routing, I'm thinking of a minimal RINA overlay where Distributed IPC Facilities (DIF) allow us to route between processes rather than nodes, effectively moving away from traditional IP-based addressing. This would all be wrapped in a "blind" transport, such as Ockam or shadowsocks-rust, to make the traffic indistinguishable from generic noise to any external observer.
I’m still weighing the practical hurdles, especially how to best bridge RINA's recursive logic with a user-space transport like Ockam without requiring root privileges. I'm open to suggestions on alternative technologies or implementations that might achieve this same level of isolation. If anyone has thoughts on the practical hurdles or existing foundations that could be leveraged here, I’d really value your perspective. Definitely feels like there's a lot to dig into.
#Rust #Rustlang #Infosec #Cryptography #Networking #Privacy #DistributedSystems #RINA #ZKP
-
I’ve been analyzing the current state of "secure" messaging, and my recent tests with Signal have highlighted some persistent vulnerabilities inherent to any stack relying on standard TCP/IP. Even with strong encryption, metadata leakage at the ISP/CDN level and the reliance on kernel-level interfaces like TUN/TAP remain significant privacy bottlenecks.
I’m curious to discuss the feasibility of a user-space only stack built in Rust that completely decouples identity, addressing, and transport to mitigate these leaks. My current architectural hypothesis involves an identity layer using hardware-backed Zero-Knowledge Proofs—via TEE or zkVM—to handle authentication without persistent identifiers or central registries. For addressing and routing, I'm thinking of a minimal RINA overlay where Distributed IPC Facilities (DIF) allow us to route between processes rather than nodes, effectively moving away from traditional IP-based addressing. This would all be wrapped in a "blind" transport, such as Ockam or shadowsocks-rust, to make the traffic indistinguishable from generic noise to any external observer.
I’m still weighing the practical hurdles, especially how to best bridge RINA's recursive logic with a user-space transport like Ockam without requiring root privileges. I'm open to suggestions on alternative technologies or implementations that might achieve this same level of isolation. If anyone has thoughts on the practical hurdles or existing foundations that could be leveraged here, I’d really value your perspective. Definitely feels like there's a lot to dig into.
#Rust #Rustlang #Infosec #Cryptography #Networking #Privacy #DistributedSystems #RINA #ZKP
@Harpocrates what's wrong with TCP/IP for privacy? AFAIK most Comms today are behind NAT so at most people can know your city or neighbourhood, but not the contents of the messages right?
-
@Harpocrates what's wrong with TCP/IP for privacy? AFAIK most Comms today are behind NAT so at most people can know your city or neighbourhood, but not the contents of the messages right?
@diegovsky That's a very fair point, and it’s the heart of the "privacy vs. security" debate. The issue with the standard TCP/IP stack isn't about what you are saying—encryption like TLS or AES handles that part—it’s about the massive amount of noise you make while saying it.
Even when you are tucked behind a NAT and your IP looks like just another house in a crowded neighborhood, your digital footprint remains incredibly loud. An ISP or a network node doesn't need to read your messages to figure out exactly what you are doing. They look at the metadata: the packet sizes, the precise timing between them, and the frequency of the bursts. This creates a "behavioral fingerprint." For instance, a skilled analyst can easily distinguish a Signal call from a Netflix stream, or even guess which language you are speaking by analyzing the Variable Bit Rate (VBR) patterns of the audio codec, all without ever decrypting a single bit of your text.
The fundamental flaw in TCP/IP is that it permanently couples your identity to your physical location via the IP address. As long as we are routing data between physical "nodes," we are leaving a breadcrumb trail. Moving toward a user-space stack built in Rust—especially using something like RINA—is about breaking that link. We stop addressing data to a specific computer in a specific city and start addressing it to a logical "process." By decoupling the transport from the identity, your traffic effectively becomes indistinguishable from generic background noise to any outside observer. In 2026, strong encryption is just the baseline; the real frontier is making the communication itself invisible to the structure of the network. -
@diegovsky That's a very fair point, and it’s the heart of the "privacy vs. security" debate. The issue with the standard TCP/IP stack isn't about what you are saying—encryption like TLS or AES handles that part—it’s about the massive amount of noise you make while saying it.
Even when you are tucked behind a NAT and your IP looks like just another house in a crowded neighborhood, your digital footprint remains incredibly loud. An ISP or a network node doesn't need to read your messages to figure out exactly what you are doing. They look at the metadata: the packet sizes, the precise timing between them, and the frequency of the bursts. This creates a "behavioral fingerprint." For instance, a skilled analyst can easily distinguish a Signal call from a Netflix stream, or even guess which language you are speaking by analyzing the Variable Bit Rate (VBR) patterns of the audio codec, all without ever decrypting a single bit of your text.
The fundamental flaw in TCP/IP is that it permanently couples your identity to your physical location via the IP address. As long as we are routing data between physical "nodes," we are leaving a breadcrumb trail. Moving toward a user-space stack built in Rust—especially using something like RINA—is about breaking that link. We stop addressing data to a specific computer in a specific city and start addressing it to a logical "process." By decoupling the transport from the identity, your traffic effectively becomes indistinguishable from generic background noise to any outside observer. In 2026, strong encryption is just the baseline; the real frontier is making the communication itself invisible to the structure of the network.@Harpocrates @diegovsky I'm kinda interested, but from different perspective. How to make such protocol stack lightweight enough to fit into embedded system, so their activity at premises cannot be subject to analysis of rouge parties? What you describe is a lot of layers with a lot of code - fine for IM on Android, but less for a device running on 300kB of total RAM.
-
@diegovsky That's a very fair point, and it’s the heart of the "privacy vs. security" debate. The issue with the standard TCP/IP stack isn't about what you are saying—encryption like TLS or AES handles that part—it’s about the massive amount of noise you make while saying it.
Even when you are tucked behind a NAT and your IP looks like just another house in a crowded neighborhood, your digital footprint remains incredibly loud. An ISP or a network node doesn't need to read your messages to figure out exactly what you are doing. They look at the metadata: the packet sizes, the precise timing between them, and the frequency of the bursts. This creates a "behavioral fingerprint." For instance, a skilled analyst can easily distinguish a Signal call from a Netflix stream, or even guess which language you are speaking by analyzing the Variable Bit Rate (VBR) patterns of the audio codec, all without ever decrypting a single bit of your text.
The fundamental flaw in TCP/IP is that it permanently couples your identity to your physical location via the IP address. As long as we are routing data between physical "nodes," we are leaving a breadcrumb trail. Moving toward a user-space stack built in Rust—especially using something like RINA—is about breaking that link. We stop addressing data to a specific computer in a specific city and start addressing it to a logical "process." By decoupling the transport from the identity, your traffic effectively becomes indistinguishable from generic background noise to any outside observer. In 2026, strong encryption is just the baseline; the real frontier is making the communication itself invisible to the structure of the network.@Harpocrates
I think there was (once?) an attempt to build truly distributed and anonymous network, but the protocol was rather niche, with somewhat unfortunate name choice "tox" (colliding with much more well-known Python tool). I guess lora-mesh approaches could be also considered, but due to the low bandwidth and even lower density - not really successful (for now).
All TCP/IP based communication can be simply filtered out, on many (even country) levels, even if fully encrypted. -
@diegovsky That's a very fair point, and it’s the heart of the "privacy vs. security" debate. The issue with the standard TCP/IP stack isn't about what you are saying—encryption like TLS or AES handles that part—it’s about the massive amount of noise you make while saying it.
Even when you are tucked behind a NAT and your IP looks like just another house in a crowded neighborhood, your digital footprint remains incredibly loud. An ISP or a network node doesn't need to read your messages to figure out exactly what you are doing. They look at the metadata: the packet sizes, the precise timing between them, and the frequency of the bursts. This creates a "behavioral fingerprint." For instance, a skilled analyst can easily distinguish a Signal call from a Netflix stream, or even guess which language you are speaking by analyzing the Variable Bit Rate (VBR) patterns of the audio codec, all without ever decrypting a single bit of your text.
The fundamental flaw in TCP/IP is that it permanently couples your identity to your physical location via the IP address. As long as we are routing data between physical "nodes," we are leaving a breadcrumb trail. Moving toward a user-space stack built in Rust—especially using something like RINA—is about breaking that link. We stop addressing data to a specific computer in a specific city and start addressing it to a logical "process." By decoupling the transport from the identity, your traffic effectively becomes indistinguishable from generic background noise to any outside observer. In 2026, strong encryption is just the baseline; the real frontier is making the communication itself invisible to the structure of the network.@Harpocrates I don't mean to offend but is this written by AI?
-
@Harpocrates @diegovsky I'm kinda interested, but from different perspective. How to make such protocol stack lightweight enough to fit into embedded system, so their activity at premises cannot be subject to analysis of rouge parties? What you describe is a lot of layers with a lot of code - fine for IM on Android, but less for a device running on 300kB of total RAM.
@michalfita @diegovsky actually with some alchemy i think is possible to use just 300Kb (theoretically and doing some math) working with pre-allocation working without fancy side items and do some ancient rituals compiling everything.
-
@Harpocrates I don't mean to offend but is this written by AI?
@diegovsky im honest yes and no. I got some prob writing so I put what I write into a sort of local llm corrector just to let other understand
-
@Harpocrates
I think there was (once?) an attempt to build truly distributed and anonymous network, but the protocol was rather niche, with somewhat unfortunate name choice "tox" (colliding with much more well-known Python tool). I guess lora-mesh approaches could be also considered, but due to the low bandwidth and even lower density - not really successful (for now).
All TCP/IP based communication can be simply filtered out, on many (even country) levels, even if fully encrypted.@kkrolczyk True, but traditional TCP/IP is riddled with structural leaks. My stack theory uses Shadowsocks-Rust for total obfuscation (entropy vs encryption) and RINA to decouple identity from the location. It's not just about hiding; it's about replacing a vulnerable 70s architecture with hardware-backed Zero-Knowledge privacy
-
@kkrolczyk True, but traditional TCP/IP is riddled with structural leaks. My stack theory uses Shadowsocks-Rust for total obfuscation (entropy vs encryption) and RINA to decouple identity from the location. It's not just about hiding; it's about replacing a vulnerable 70s architecture with hardware-backed Zero-Knowledge privacy
@Harpocrates but you'd be still constrained by the infrastructure in general, plain ol' wires (well, or fiberglass). I guess one could apply various techniques, "steganography"-like, to masquerade your traffic to resemble something else, at the cost of overhead. 1/2
-
@Harpocrates but you'd be still constrained by the infrastructure in general, plain ol' wires (well, or fiberglass). I guess one could apply various techniques, "steganography"-like, to masquerade your traffic to resemble something else, at the cost of overhead. 1/2
@Harpocrates While I keep my fingers crossed for you (and will watch closely), I have some doubts. Without fully open hardware, and full chain of trust, I think it's hard to build "unblockable", anonymous and private network; aside from all possible "negative" implications, misuse of such net. 2/2
-
@Harpocrates While I keep my fingers crossed for you (and will watch closely), I have some doubts. Without fully open hardware, and full chain of trust, I think it's hard to build "unblockable", anonymous and private network; aside from all possible "negative" implications, misuse of such net. 2/2
@kkrolczyk it worth a try
keep you posted! -
I’ve been analyzing the current state of "secure" messaging, and my recent tests with Signal have highlighted some persistent vulnerabilities inherent to any stack relying on standard TCP/IP. Even with strong encryption, metadata leakage at the ISP/CDN level and the reliance on kernel-level interfaces like TUN/TAP remain significant privacy bottlenecks.
I’m curious to discuss the feasibility of a user-space only stack built in Rust that completely decouples identity, addressing, and transport to mitigate these leaks. My current architectural hypothesis involves an identity layer using hardware-backed Zero-Knowledge Proofs—via TEE or zkVM—to handle authentication without persistent identifiers or central registries. For addressing and routing, I'm thinking of a minimal RINA overlay where Distributed IPC Facilities (DIF) allow us to route between processes rather than nodes, effectively moving away from traditional IP-based addressing. This would all be wrapped in a "blind" transport, such as Ockam or shadowsocks-rust, to make the traffic indistinguishable from generic noise to any external observer.
I’m still weighing the practical hurdles, especially how to best bridge RINA's recursive logic with a user-space transport like Ockam without requiring root privileges. I'm open to suggestions on alternative technologies or implementations that might achieve this same level of isolation. If anyone has thoughts on the practical hurdles or existing foundations that could be leveraged here, I’d really value your perspective. Definitely feels like there's a lot to dig into.
#Rust #Rustlang #Infosec #Cryptography #Networking #Privacy #DistributedSystems #RINA #ZKP
@Harpocrates Just making sure you know about https://ouroboros.rocks/, I would say the spiritual successor to RINA
Some architectural ideas are more refined there, and I did write an (unfinished) Rust wrapper around the C prototype
-
@Harpocrates Just making sure you know about https://ouroboros.rocks/, I would say the spiritual successor to RINA
Some architectural ideas are more refined there, and I did write an (unfinished) Rust wrapper around the C prototype
@minimoysmagician thnx a lot. Useful for my research!
-
@minimoysmagician thnx a lot. Useful for my research!
@Harpocrates If you have any questions, ask away! Here or you can also join our matrix channel
-
@Harpocrates If you have any questions, ask away! Here or you can also join our matrix channel
@minimoysmagician Thanks for the invite! As soon as I refill the coffee machine I'll join the community — got some deadlines driving me crazy right now. Looking forward to digging into this with you.
-
I’ve been analyzing the current state of "secure" messaging, and my recent tests with Signal have highlighted some persistent vulnerabilities inherent to any stack relying on standard TCP/IP. Even with strong encryption, metadata leakage at the ISP/CDN level and the reliance on kernel-level interfaces like TUN/TAP remain significant privacy bottlenecks.
I’m curious to discuss the feasibility of a user-space only stack built in Rust that completely decouples identity, addressing, and transport to mitigate these leaks. My current architectural hypothesis involves an identity layer using hardware-backed Zero-Knowledge Proofs—via TEE or zkVM—to handle authentication without persistent identifiers or central registries. For addressing and routing, I'm thinking of a minimal RINA overlay where Distributed IPC Facilities (DIF) allow us to route between processes rather than nodes, effectively moving away from traditional IP-based addressing. This would all be wrapped in a "blind" transport, such as Ockam or shadowsocks-rust, to make the traffic indistinguishable from generic noise to any external observer.
I’m still weighing the practical hurdles, especially how to best bridge RINA's recursive logic with a user-space transport like Ockam without requiring root privileges. I'm open to suggestions on alternative technologies or implementations that might achieve this same level of isolation. If anyone has thoughts on the practical hurdles or existing foundations that could be leveraged here, I’d really value your perspective. Definitely feels like there's a lot to dig into.
#Rust #Rustlang #Infosec #Cryptography #Networking #Privacy #DistributedSystems #RINA #ZKP
@Harpocrates your architectural hypothesis around identity and routing is genuinely fascinating—would love to see a prototype of this user-space stack take shape.
-
@Harpocrates your architectural hypothesis around identity and routing is genuinely fascinating—would love to see a prototype of this user-space stack take shape.
@newsgroup Thanks — the prototype is already taking shape. The core architectural decision was to treat the Shadowsocks node as a blind relay inside which RINA flows run via Ouroboros user-space IPC, with Ockam handling E2E channel authentication above it. No root, no TUN/TAP, no kernel interfaces.
The interesting property that emerges: no single node in the path ever knows simultaneously who is talking, to whom, and what they're saying. That's not achievable with any IP-based stack regardless of encryption.
Code going on Gitea this week. Happy to continue the conversation in a less public channel if you want to dig into the specifics — the practical hurdles around OuroboRs FFI bridging are worth a longer discussion.
-
R relay@relay.publicsquare.global shared this topic
