Author here - thanks for the post!
A little more background info for my fellow HN people:
I've spent that last 8 years building privacy technology at Safing as Co-Founder/CTO. The biggest technological achievement there was undoubtedly the SPN (previously called Port17/Gate17): A privacy network (ie. a layer-5 proxy), fitting in the niche between VPNs and Tor. Impossible to misconfigure, good speeds and way superior privacy to VPNs using onion encryption and decoupled authentication/authorization. Funnily enough, this (decoupled auth) is what was later implemented by Apple Private Relay and Google One VPN.
SPN worked great for the most part, but scaling was hard. With the decision to make it a layer-5 proxy for decreased metadata and improved privacy, this meant that also traffic and congestion control had to be re-implemented - no easy feat, and still causing issues.
Meanwhile, I have followed and read a lot about cjdns and Yggdrasil over the past few years and was intrigued by their ideas how to do networking.
After some interesting talks in November 2023, I was at the point where I just wanted to know how far I would get - with all the experience and knowledge I had up to that point - implementing a scalable layer-3 mesh network, that still allowed for some privacy and full security. I spent most evenings of a couple months building it and was surprised how well it went.
Sadly, after a decent MVP and a first friend using it in small scale production, I did not have the time to work on it further.
But I am currently starting a new project, where I will make good use of it, so it will see quite some more development in the coming years!
So, Mycoria works, at least on small scale for now, but is more or less MVP.
Thanks for reading, I hope you have fun poking around and trying it out!
I am also happy to answer any questions you have here!
Hi Dhaavi, Mycoria looks very promising and it reminded me of the early days of peer-to-peer system with Napster and Gnutella [1].
Any specific reason why you didn't use the standard based segment routing for source routing support, that can be adopted at layer 3 instead of custom layer 4 transport [2]?
For security analysis did you use BAN logic and ProVerif tool for verification [3], [4]?
[1] Gnutella:
https://en.wikipedia.org/wiki/Gnutella
[2] Segment routing:
https://en.wikipedia.org/wiki/Segment_routing
[3] Burrows–Abadi–Needham (BAN) logic:
https://en.wikipedia.org/wiki/Burrows%E2%80%93Abadi%E2%80%93...
[4] ProVerif:
Thanks!
I wasn't really aware segment routing, tbh. However, I do think with where Mycoria is going, the additional control to change things as needed will be required.
I have used VerifPal https://verifpal.com/ for security analysis before, but not yet with Mycoria.
"services: - name: my-service # This is your service url: 'http://my-service.myco/' # For service listening on 0.0.0.0:80 friends: true
friends: - name: alice # This is your laptop ip: fd1f:2cd5:6feb:7aa7:d674:1b3c:c82c:dfc"
May I suggest r/friend/peer. This is not motivated by pedantry. Relational semantics that are not closed over by the domain of user-agent (in the broadest sense) should not be used in the infrastructure layer. My laptop's server is a user-agent of mine as is the instance running on my phone; they are peers.
Applications built on top of this substrate will be (generally) concerned with social relationships of users and 'friend' et al. will be of use in those layers.
Hi Dhaavi, this looks like a great project and your vision for it is excellent.
But the consistent theme I see with similar solutions is that they ignore the commercial aspect of such solutions. I don't know if you have mass adaption in mind, but the more people use it, I would presume the privacy and anonymity properties would improve? If so, then have you considered introducing participation incentives (financial or not)? That seems to be the critical problem in this space that needs solving, standardized anonymous payment for infrastructure service providers in the network.
Currently, this is just a fun project for me. I have technical ideas, but I don't have growths plans or the like - and it is nice that it does not have to.
Yes, I would expect the privacy would increase by some degree with more users, but I don't know by how much.
Although I will be using the technology in future projects, so Mycoria will benefit from that.
I apologize, wasn't clear from the documentation: router's IPv6-like address is a fingerprint of the public key, but does it also encode geo-prefix and distance (I mean, it's hypothetically doable, I'm curious what's the approach if it is)? or the router's address has no metadata encoded, and only end-user addresses are encoded this way?
Mycoria brute forces a public key/IP pair until it matches the desired geo-prefix.
I am a little confused how the geo encoded addresses and private addresses work. It seems like the network will be overwhelmed with keeping track of switch labels?
Switch labels are effectively interface IDs on the servers, there is no data to be stored.
Geo encoding simply improves routing to unknown routers, kind of as a baseline structure to the whole network.
I've only read your landing page, so I don't fully understand the technical part yet.
Can you do a comparison with I2P?
Great technical achievement. What is, for you, the sweet spot between VPN and TOR? What's the tradeoff there?
If you want Tor for your _whole_ existing system, not just the browser, good luck.
If you want actually good privacy with a VPN, also good luck with that. (There are very few good companies doing the best they can here, but they are still limited technologically.)
SPN can be seen as my attempt to solve both of these issues.
So, what are the tradeoffs? In some ways it’s better than both VPNs and Tor — but in what ways it’s worse?
Well, it is in the middle: Not as fast as a VPN, not as private as Tor.
Impressive design! Are you assuming bandwidth is free and abundant?
Mycoria routers, proxies, Tor exit nodes, and VPNs are difficult to run. There needs to be an global incentive, economy, or private community usually. Our Delft University students wrote "The fifteen year struggle of decentralizing privacy-enhancing technology" a decade ago. Scaling to many millions or billions is unsolved.
Have you talked to any lawyer or law professor about your MVP? "Being welcome" has known drawbacks when you operate a central DNS service.
Thanks! Well, every participant has to cover their own server/bandwidth cost. So, from my perspective, yes, bandwidth is free and abundant. Although I hope that Mycoria can/will perform well in lower bandwidth areas.
Interesting. Can you link that paper/article?
The DNS is not central. Everyone maintains their own local mapping. When accessing a website on mycoria, you open a URL like this that first creates the mapping and then forwards you to it: http://router.myco/open/speedtest.de.myco/fd13:6239:a07a:eb4...
> Can you link that paper/article?
I'm not who you asked, but this appears to be the article:
Love the inspiration from Yggdrasil with the hashed key -> IP concept. How do you enforce the geographical part? And what do you use from transport? WireGuard?
Geographical: No enforcement, but if you choose the wrong country, packets will have issues reaching you, because routing is "bucketed" into layers of regions. Routers only hold the bext x routes to each bucket.
Transport is custom in order to support source routing, but I use the WireGuard library for setting up the interface and such.
(I have experience with cryptography in network protocols from Safing/SPN - the cryptography of which was audited without fault. Also, I am _very_ cautious and keep to standards as close as possible.)
Cities with significant internet POPs would be better than countries. 1. You control the list of locations (so Singapore not Brunei.) 2. People can easily choose from a list of cities. 3. Latency tests could make it a non-issue. 4. Local connections in semi-isolated areas (think antarctic or islands in the south pacific) can be identified by people with a config.
Maybe there's a way to offset this risk by testing the speed of connections?
How does peer discovery work? Where do the region buckets live?
So basically Mycoria IP addresses/keys leak information about your geographical location?
Just like the Internet we currently have, albeit less accurate, but more stable.
See https://github.com/mycoria/mycoria/blob/master/m/geo_marker....
In the future, non-routable private addresses will solve that for users that require it.
Portmaster and the SPN were great, back when we used Windows! We just wish there were that sort of stuff for macOS - sure Private Relay exists, but it only works in a few first-party apps like Safari, and you never know if it's working or not, and can't force traffic to only be through it.
I love these sort of things generally from a technical perspective (I kinda have these fun day-dreams of a cadre of cool nerds and geeks setting up their own commune-networks against all odds in some distant future where they just have basic infrastructure etc)...
But ultimately I always feel uneasy and reluctant to get involved in general decentralized type things as I feel like I'll just be facilitating people sharing/distributing kiddie porn.
At least with Tailscale things are "private", but with this it feels like I would be part of the wider network. Will I be using my nodes to help route CP traffic?
You must abolish all privacy from the internet, and even then, you wouldn't be able to stop CP to happen.
Good luck, Mr. Big Brother!
Does my computer get involved when person A sends something illicit to person B? As a normal user on the internet, no. That's between them, and the law only deals with them. With certain decentralised anonymous systems, the answer is different. Now there are legal liability issues, at least.
"Gracious madam, I that do bring the news made not the match."
Tyranny is more of an actual and grave danger. And tyrants tend to be abusers too anyway.
Anything you build will eventually be used for something illegal.
The Internet should never have been invented, then, right? Same with letters, Facebook, cars, guns, knifes, farming, ...
The dilemna is not about technology or not but about anonymity or not. Anonymity offers some protection against authoritarianism but also encourages some bad tendencies (no fear of consequences).
This is very cool @dhaavi! Can definitely see where you've taken lessons learned from cjdns and yggdrassil.
I hate to nitpick but this project looks promising enough - and the new project you mentioned interesting enough - that I feel the need to. From your FAQ:
> First, there is some structure to the router IPs. While there are special purpose prefixes, most IPs will be in a geo-marked prefix. Every country (+ States in the US) has their own prefix within Mycoria. This means that on the global level, Mycoria routers in the same country share the same prefix. These prefixes are also (tendentially) similar to nearby countries.
Second, within a country prefix, Mycoria uses address-distance routing. This means that packets are sent in the direction of the "address-nearest" other router known. While this is not the most efficient way to route packets, it does work quite well with some additional steps - especially if confined to a smaller geographic region, as Mycoria is doing.
My commentary: One of the unfortunate lessons we learned from the IPv4 internet and management of IANA IPs by the different RIRs (and the subsequent tagging of IPv4 blocks with geographic information) is that layer-8 folks love the idea of layering policy on top of geographic tags. (E.g.: Maxmind says your address is in Pakistan, and according to Pakistani law content offered by another address is verboten, ergo you are blocked.)
Geographic awareness built in to network prefixes may be used against your users in ways that you'd prefer to avoid. Or perhaps it's an acceptable tradeoff for you - it's easy to envision scenarios where 'the juice is worth the squeeze' and users derive enough benefit from geo-aware prefixes to accept the drawbacks. If it's the former, I'd recommend investigating moving from geo-aware prefixes ("I'm within X miles of other people in this jurisdiction") to latency-aware prefixes ("I'm within X ms of other people within this prefix").
(Steelmanning my own recommendation - it's possible that anyone trying to implement layer 8 policies on top of geographical-aware prefixes will just willfuly misinterpret latency-aware prefixes as being close enough to them, which would mean a lot of wasted effort for nothing).
Anyway, just my two cents. Again, very cool project, looking forward to seeing what you build on top of it!
Thanks for taking the time for this feedback.
This is what I hope to solve with the private addresses: These are not geo-marked and not routable. Eg. they are randomly generated and cannot be attributed to a geographic location (easily).
Ah nice! Glad to see you've already thought of this. Any sense of what % of addresses you would hope to be private vs geo-marked? (Asking because it's easy to mark all private addresses as being "bad" if they're in the minority, but once they reach a tipping point that becomes infeasible - at least we've seen this with addresses tagged as belonging to VPN providers).
If you have a decent amount of private addresses in the mix (1) such that blocking them would 'break' the mycoria experience(2) then it sounds like you've got a decent solution here - geo-aware prefixes for convenience and private addresses for when you'd prefer the anonymity.
1) I freely confess to not knowing what percentage a good mix would be. 20%? 5%? In practice, going back to the VPN example for IPv4, it's "a high enough percentage of important users complaining that their VPN connections are broken for a long enough time". Depending on the jurisdiction that can be 1% (well off / well connected people in a jurisdiction complaining to the right people that in turn overwhelm management with their complaints) to >20% (not necessarily well off or well connected users, but a critical mass that instead overwhelms ISP help desks with complaints).
2) Assumption: mycoria / the app you're building on top of it becomes so important that breaking it completely is a non-starter for the average ISP.
This looks really interesting and great job on the docs! I need to give it a shot but the first question that comes to mind is if mycoria exposes the full node in the network, requiring the use of a firewall to restrict access to ports, etc? Asking because this is something that is required in yggdrasil: https://yggdrasil-network.github.io/faq.html#will-my-machine...
Mycoria is secure by default and requires pretty much no configuration to set up.
No-one can access your device by default. You have to actively allow them via the "services" section in the config.
How does this compare to Veilid (https://veilid.com/)?
Veilid is new to me, will have to read about it first. Thanks the pointer!
I might be totally missing something here, but does Mycoria attempt to prevent network participants from learning the public-Internet IP address corresponding to a Mycoria router ID?
The "iana" field in the configuration kind of suggests that this is not a goal, and this system is basically Tailscale but with IPv6 and a global namespace. But if this is the case, I don't really understand the emphasis on "routing", since pretty much every Internet host can reach pretty much every other Internet host directly using NAT traversal techniques (like BitTorrent does).
If you are trying to hide public-Internet IP addresses (like Tor hidden services do), the routing scheme still doesn't make a ton of sense to me, because presumably you wouldn't want to leak data by picking routes with a deterministic or latency-dependent strategy.
(How) does this deal with DNS poisoning like the GFW ?( https://dl.acm.org/doi/10.1145/2994620.2994636 )
The DNS is not central. Everyone maintains their own local mapping.
When accessing a website on mycoria, you open a ULR like this that first creates the mapping and then forwards you to it: http://router.myco/open/speedtest.de.myco/fd13:6239:a07a:eb4...
not saying you shouldn't build things, but maybe your efforts would be more useful if you were contributing to already existing networks like i2p
Not just i2p - there are established, existing projects nearly identical.
Most of these have fallen on their faces because they can't get sufficient adoption rates, and a big part of that is because they refuse to acknowledge that 90%+ of the desktop computer market isn't running Linux or BSD.
Some of them include a half-assed attempt at a Windows client and few if any support MacOS despite it having something like 20-30% of the desktop market
Very interesting. I really enjoyed reading how you handled scalable routing with geo-localised prefixes and with the distance between addresses for packets within the same country code.
Thanks!
What is the average latency of this? I was running a game server on I2P for fun (since I was getting ~100ms ping vs 600ms on Tor) but I'm curious if this can do better
It's quite fast. Especially if you host a server near you and connect to it.
There are so many projects like this but how many have had an outside audit of their code? Yay, it's got encryption and stuff! But how well has it been implemented?
Looks interesting.
What I understood: it is basically overlaying privacy and net neutrality on the internet.
I am therefore restricted to communicating with other users of mycoria and can't access "the whole Internet" via mycoria.
Am I correct?
What isn't clear for end users, IMO:
- What's the primary use case it was built for? Are there applications using it for chatting / exchanging data / whatever?
- what's the difference to similar projects like, say, yggdrasil?
- what's the difference to using a VPN?
Yes, the primary focus is connectivity within the network.
You can use it for pretty much anything you would use a VPN for, but it is much easier to configure and secure by default with a built-in firewall. Only services you actively expose are reachable by others - by default nothing on your device can be accessed by others.
In the future, it will also provide some amount of privacy on the network.
I think the biggest user-facing difference is the ease of configuration (ie. none) - if Mycoria had proper installers.
All nodes on Mycoria end up in one huge network. The PN in VPN is for "private network", so I couldn't say this can do anything that a regular VPN can do.
Any node on the network can find my node via mDNS discovery and access any services which I expose. Services need to be secured in the same way I'd do on the public Internet, and not in the same way I do on a trusted private network between a few trusted nodes.
That said, I do believe this is useful in a lot of scenarios where a VPN might be too much work to set up. While one does need to ensure that all services do authentication, the encryption part is valuable, and this does ease exposing services from non-routable nodes with no consistent public IP.
Mycoria is secure by default: It has an integrated firewall that only allows access from explicitly defined addresses, or, optionally from anyone in the network.
Also, multicast is completely disabled on Mycoria.
> You can use it for pretty much anything you would use a VPN for, but it is much easier to configure
Ease of configuration is very much also a feature of the finest VPN software I've ever used, Wireguard.
Wireguard is absolutely great for its use case!
Mycoria aims to interconnect participants. Eg. you and your friend all have their home server. Everyone wants to connect to their own server, but also to the server of their friends. All of this is super easy with Mycoria. Let a new friend install Mycoria, add them to your friends in the config and give them a URL for accessing. Voila!
Also, Mycoria is an automatic mesh network, I think Wireguard requires a fixed set of peers you configure.
I use Tailscale and just invite friends to connect to my various servers from the web interface.
> Wireguard requires a fixed set of peers you configure
Not really. One can add as many peers (though there's a artificial limit to just how many, I think) at runtime. It isn't fixed. Products like Tailscale couldn't be built otherwise.
I understand what you mean. Yes, the technology can do that. I was thinking about the WireGuard as a software in itself.
You certainly can add an remove peers from your Wireguard network on the fly. Granted, this is something you have to do yourself, not something Wireguard has automatic tooling for, so I guess that's a difference :)
Isn't it a bit different?
A VPN is used to create (the illusion of) privacy when accessing anything on the internet.
But I can't access anything that's not connected to mycoria with it, can I? If I were to access something like Netflix, would I need something like a mycoria reverse proxy server for Netflix?
The services that are marketed as being VPN providers are actually selling a very restricted form of VPN where they create for you a very small VPN between you and some other node in their fleet and then you route your traffic through that node.
It would be more correct to call such a provider a secure (two-way) proxy service (and in the past people did), but for some reason they went with VPN and that stuck.
Mycoria is basically the textbook definition of a VPN.
> A VPN is used to create (the illusion of) privacy when accessing anything on the internet.
Not really. Some more recent "VPN" products position themselves that way, but traditionally a VPN has been a way to have something that behaves like a private LAN between computers that are not physically connected to each other (hence the name).
I would say that for most laypersons, VPN is used for two things: accessing your remote work resources and accessing content banned in your country.
As was patiently explained to me, Mycoria relies to quite an extent on the network effect: you can only use it if other nodes are using it, using it by yourself does not make sense. So the informed layperson's perspective is relevant here. That's why I insist on "dumbing it down" :D
To fit a layperson's understanding maybe the term VPLAN or VPWAN would work? Except I'm not sure laypeople really know what a WAN is. I think more people know LAN but then there could be confusion with VLANs.
Names are hard.
Personally this Mycoria reminds me more of a global tailnet I.e tailscale's VPN
And I guess as an extension, at least currently, Mycoria is an option for building "darknet services" except the privacy aspects aren't quite there yet compared to tor?
I think your definition of VPN is a very recent consumer misappropriation.
VPN = Virtual Private Network. It’s (historically) a way of tunneling segregated / encrypted traffic over another network - generally to allow access to another private network or similar. That’s exactly what this is.
Protocol wise, consumer VPN is using traditional VPN protocols, but it’s effectively being used as secure proxy.
Yes, Mycoria is primarily about connections between network participants, eg. access your server at home without public IP, or a hybrid/fully remote team with a couple servers here and there.
In an open mesh network, you still want privacy from the other network participants.
Mycoria might have exit nodes similar to Tailscale in the future, but it won't be a fan-out multi-exit system like SPN, for example.
So 2 use-cases within grasp:
Firms could replace their VPNs for remote work with mycoria and have better security and control.
I could also set this up for my home network and access my (for example) NAS securely.
For the use-case "I want to access a publicly available page anonymously", we still need a VPN / TOR.
Yes, that is a good distinction!
To be sure I understand, in that first usecases where a company is replacing their VPN with Mycoria, would access controls/restricting access to devices is all firewall based? That technically there's a network path to all the other devices on Mycoria just limited by firewall rules?
What comes to mind to me analogously (more from my experiences than anything) is like a global tailnet that leans on firewalls to segment things?
A cross between tor and a vpn is quite appropriate too
Yes, this is correct.
Mycoria has in integrated firewall for this, just in case that information got lost somewhere.
This also means that devices of the company will help other devices of the company to reach their destination, adding to resilience in outages and emergencies.
You can of course build bridges between these networks. This definitely something that is planned.
Impressive. I like ZeroTier, would you consider Mycoria a dropin replacement?
Probably - depending on your use case. Mycoria is still more or less MVP though.
Is this like tailscale?
It has a lot of similarities and you can use it as a replacement for the core features.
Any example of something Tailscale can do that Mycoria can't, and the reverse? Just to get a better understanding of the differences :-).
Tailscale is P2P network with optional relays, Mycoria is a mesh network.
Tailscale has central policies. Mycoria is more like a collective where you can offer services to everyone else within the network.
but does mycoria work with NATs?
> No spooking: Everthing is authenticated
This does generally mean no anonymity (and limited privacy)…
If nobody knows who you are, you are still anonymous, even if there is an ID.
With private addresses (in the future) this will also be solved, as Mycoria will be able to temporary addresses / IDs.
It'd help if you could clarify what "everything is authenticated" really means, I can't find it on the website. Do you just mean the fact that things are bound to the cryptographic ID in the address?
Should it say "No spoofing" rather than "No spooking"?
Have you seen Reticulum[0] yet? How much overlap does the Mycoria networking layer have with it?
I think I have seen it, but that was a while ago.
Will read through it later! Thanks!
also, how does this compare to something like https://ethswarm.org ?
I'll have to read up on that.
But to be honest, the web3 / blockchain vibes are an instant turn off.
(Let's see how the votes turn out for this comment. ;) )
Note: If you _need_ a blockchain in your VPN, I would say https://nym.com/ is the most trustworthy of them out there at the moment.
Blockchain- the tech still waiting for its use case :)
Evading government capital controls and taxation has proven to be a pretty solid use case, even if frowned upon by some.
And buying drugs. I suppose you could count that as a capital control.
USD and fiat still reigns #1 for that in the world.
> Note: If you _need_ a blockchain in your VPN, I would say nym.com is the most trustworthy of them out there at the moment.
There's a wholespace of what's known as "dVPNs". I like the concept behind saurik et al's https://orchid.com/vpn; it was specifically marketed as a Tor replacement (with built-in micropayments): https://news.ycombinator.com/item?id=15576457
I'm not that experienced in VPNs and other distributed services. Can I use this to access my self-hosted servers at home and access them from the outside; without having a VPN or a reverse-proxy? Or, "explain like I'm 5" version, can I use this to host my Minecraft server at home and play with my friend?
> Every Mycoria Router has an ID. For example:
> fd1f:2cf7:903:b50b:e4cb:5c4c:270e:360c
> This does not merely look like an IPv6 address, it is one. But it's also more than that: These addresses are generated by first creating a public/private key pair and then hashing the public key. This means, this IPv6 address is also the fingerprint of the public key of the router
> This way you can distribute both the Mycoria address of a router and its public key with a single data point: An IPv6 address.
What?
* Then how does a computer figure out how to ping that?
* You say it's distributing both the address and the public key with a single data point, but you're hashing it. So, you can restore the public key from the IP if you already know the public key, does everyone store every public key that's currently in use? Are there central stores somewhere that are eventually consistent?
This is a simplified conclusion. The IPv6 address is the fingerprint of the public key. They actual keys are exchanged over the network before any real traffic is sent.
There is not central store. This is done on the fly.
It wasn't a conclusion it was a guess
Thanks!
is this something like libp2p, but comes bundled with some tools to be a standalone thing?
a rationale/comparison section on the front page would be nice.
Interesting, did not expect that question.
I would have thought libp2p is library enough to not be comparable. Am I wrong?
Mycoria is a ready-to-run software.
that's correct. libp2p is designed as an agnostic library that could be used in projects similar to Mycoria. it offers the building blocks to build a p2p network. as a side-note, I've tried to use libp2p in the past, but ended up writing transports, NAT traversal, and fundamental structs for my p2p network from scratch, ditching libp2p.
IMHO, libp2p has the worst API and project structure I've ever seen in an open source project. The project almost feels like sabotage. For example, I once asked whether there is an example of using libp2p to send one file from an endpoint to another one. Someone answered a year later and explained that there was no such functionality. They were really surprised someone might want to use libp2p to send a file from A to B.
I eventually figured out how to do it but decided not to use the library. However, there is still a real need for an easy to use p2p library for Go that can do some NAT traversal. It's a real pity that the developer of github.com/perlin-network/noise stopped working on it.
Did you eventually made your work available somewhere?
How does this compare to tinc?
Seems more like a Yggdrasil or Reticulum type of project than a tinc or Wireguard.
reticulum.network
Does it do onion routing like Tor? Does it protect from traffic correlation or timing attacks?
Nope. I did that with the last network I built: https://safing.io/spn/
Mycoria focuses a more on scalability, but still has some privacy focus.
This reminds me of my old university days where we would setup a Minecraft server and make it accessible through Hamachi (which has enshitified and therefore never really took off beyond those simple use cases).
Semi-public authorized access networking really is the future of a more private but more distributed Internet in the age of state sponsored hackers and IoT DDoS bot farms.
Yet another one. How is it different from Yggdrasil and Reticulum?