I’ve been analyzing the current state of "secure" messaging, and my recent tests with Signal have highlighted some persistent vulnerabilities inherent to any stack relying on standard TCP/IP.
-
@Harpocrates
I think there was (once?) an attempt to build truly distributed and anonymous network, but the protocol was rather niche, with somewhat unfortunate name choice "tox" (colliding with much more well-known Python tool). I guess lora-mesh approaches could be also considered, but due to the low bandwidth and even lower density - not really successful (for now).
All TCP/IP based communication can be simply filtered out, on many (even country) levels, even if fully encrypted.@kkrolczyk True, but traditional TCP/IP is riddled with structural leaks. My stack theory uses Shadowsocks-Rust for total obfuscation (entropy vs encryption) and RINA to decouple identity from the location. It's not just about hiding; it's about replacing a vulnerable 70s architecture with hardware-backed Zero-Knowledge privacy
-
@kkrolczyk True, but traditional TCP/IP is riddled with structural leaks. My stack theory uses Shadowsocks-Rust for total obfuscation (entropy vs encryption) and RINA to decouple identity from the location. It's not just about hiding; it's about replacing a vulnerable 70s architecture with hardware-backed Zero-Knowledge privacy
@Harpocrates but you'd be still constrained by the infrastructure in general, plain ol' wires (well, or fiberglass). I guess one could apply various techniques, "steganography"-like, to masquerade your traffic to resemble something else, at the cost of overhead. 1/2
-
@Harpocrates but you'd be still constrained by the infrastructure in general, plain ol' wires (well, or fiberglass). I guess one could apply various techniques, "steganography"-like, to masquerade your traffic to resemble something else, at the cost of overhead. 1/2
@Harpocrates While I keep my fingers crossed for you (and will watch closely), I have some doubts. Without fully open hardware, and full chain of trust, I think it's hard to build "unblockable", anonymous and private network; aside from all possible "negative" implications, misuse of such net. 2/2
-
@Harpocrates While I keep my fingers crossed for you (and will watch closely), I have some doubts. Without fully open hardware, and full chain of trust, I think it's hard to build "unblockable", anonymous and private network; aside from all possible "negative" implications, misuse of such net. 2/2
@kkrolczyk it worth a try
keep you posted! -
I’ve been analyzing the current state of "secure" messaging, and my recent tests with Signal have highlighted some persistent vulnerabilities inherent to any stack relying on standard TCP/IP. Even with strong encryption, metadata leakage at the ISP/CDN level and the reliance on kernel-level interfaces like TUN/TAP remain significant privacy bottlenecks.
I’m curious to discuss the feasibility of a user-space only stack built in Rust that completely decouples identity, addressing, and transport to mitigate these leaks. My current architectural hypothesis involves an identity layer using hardware-backed Zero-Knowledge Proofs—via TEE or zkVM—to handle authentication without persistent identifiers or central registries. For addressing and routing, I'm thinking of a minimal RINA overlay where Distributed IPC Facilities (DIF) allow us to route between processes rather than nodes, effectively moving away from traditional IP-based addressing. This would all be wrapped in a "blind" transport, such as Ockam or shadowsocks-rust, to make the traffic indistinguishable from generic noise to any external observer.
I’m still weighing the practical hurdles, especially how to best bridge RINA's recursive logic with a user-space transport like Ockam without requiring root privileges. I'm open to suggestions on alternative technologies or implementations that might achieve this same level of isolation. If anyone has thoughts on the practical hurdles or existing foundations that could be leveraged here, I’d really value your perspective. Definitely feels like there's a lot to dig into.
#Rust #Rustlang #Infosec #Cryptography #Networking #Privacy #DistributedSystems #RINA #ZKP
@Harpocrates Just making sure you know about https://ouroboros.rocks/, I would say the spiritual successor to RINA
Some architectural ideas are more refined there, and I did write an (unfinished) Rust wrapper around the C prototype
-
@Harpocrates Just making sure you know about https://ouroboros.rocks/, I would say the spiritual successor to RINA
Some architectural ideas are more refined there, and I did write an (unfinished) Rust wrapper around the C prototype
@minimoysmagician thnx a lot. Useful for my research!
-
@minimoysmagician thnx a lot. Useful for my research!
@Harpocrates If you have any questions, ask away! Here or you can also join our matrix channel
-
@Harpocrates If you have any questions, ask away! Here or you can also join our matrix channel
@minimoysmagician Thanks for the invite! As soon as I refill the coffee machine I'll join the community — got some deadlines driving me crazy right now. Looking forward to digging into this with you.
-
I’ve been analyzing the current state of "secure" messaging, and my recent tests with Signal have highlighted some persistent vulnerabilities inherent to any stack relying on standard TCP/IP. Even with strong encryption, metadata leakage at the ISP/CDN level and the reliance on kernel-level interfaces like TUN/TAP remain significant privacy bottlenecks.
I’m curious to discuss the feasibility of a user-space only stack built in Rust that completely decouples identity, addressing, and transport to mitigate these leaks. My current architectural hypothesis involves an identity layer using hardware-backed Zero-Knowledge Proofs—via TEE or zkVM—to handle authentication without persistent identifiers or central registries. For addressing and routing, I'm thinking of a minimal RINA overlay where Distributed IPC Facilities (DIF) allow us to route between processes rather than nodes, effectively moving away from traditional IP-based addressing. This would all be wrapped in a "blind" transport, such as Ockam or shadowsocks-rust, to make the traffic indistinguishable from generic noise to any external observer.
I’m still weighing the practical hurdles, especially how to best bridge RINA's recursive logic with a user-space transport like Ockam without requiring root privileges. I'm open to suggestions on alternative technologies or implementations that might achieve this same level of isolation. If anyone has thoughts on the practical hurdles or existing foundations that could be leveraged here, I’d really value your perspective. Definitely feels like there's a lot to dig into.
#Rust #Rustlang #Infosec #Cryptography #Networking #Privacy #DistributedSystems #RINA #ZKP
@Harpocrates your architectural hypothesis around identity and routing is genuinely fascinating—would love to see a prototype of this user-space stack take shape.
-
@Harpocrates your architectural hypothesis around identity and routing is genuinely fascinating—would love to see a prototype of this user-space stack take shape.
@newsgroup Thanks — the prototype is already taking shape. The core architectural decision was to treat the Shadowsocks node as a blind relay inside which RINA flows run via Ouroboros user-space IPC, with Ockam handling E2E channel authentication above it. No root, no TUN/TAP, no kernel interfaces.
The interesting property that emerges: no single node in the path ever knows simultaneously who is talking, to whom, and what they're saying. That's not achievable with any IP-based stack regardless of encryption.
Code going on Gitea this week. Happy to continue the conversation in a less public channel if you want to dig into the specifics — the practical hurdles around OuroboRs FFI bridging are worth a longer discussion.
-
R relay@relay.publicsquare.global shared this topic
