A little more background info for my fellow HN people:
I've spent that last 8 years building privacy technology at Safing as Co-Founder/CTO. The biggest technological achievement there was undoubtedly the SPN (previously called Port17/Gate17): A privacy network (ie. a layer-5 proxy), fitting in the niche between VPNs and Tor. Impossible to misconfigure, good speeds and way superior privacy to VPNs using onion encryption and decoupled authentication/authorization. Funnily enough, this (decoupled auth) is what was later implemented by Apple Private Relay and Google One VPN.
SPN worked great for the most part, but scaling was hard. With the decision to make it a layer-5 proxy for decreased metadata and improved privacy, this meant that also traffic and congestion control had to be re-implemented - no easy feat, and still causing issues.
Meanwhile, I have followed and read a lot about cjdns and Yggdrasil over the past few years and was intrigued by their ideas how to do networking.
After some interesting talks in November 2023, I was at the point where I just wanted to know how far I would get - with all the experience and knowledge I had up to that point - implementing a scalable layer-3 mesh network, that still allowed for some privacy and full security. I spent most evenings of a couple months building it and was surprised how well it went.
Sadly, after a decent MVP and a first friend using it in small scale production, I did not have the time to work on it further.
But I am currently starting a new project, where I will make good use of it, so it will see quite some more development in the coming years!
So, Mycoria works, at least on small scale for now, but is more or less MVP.
Thanks for reading, I hope you have fun poking around and trying it out!
I am also happy to answer any questions you have here!
Hi Dhaavi, Mycoria looks very promising and it reminded me of the early days of peer-to-peer system with Napster and Gnutella [1].
Any specific reason why you didn't use the standard based segment routing for source routing support, that can be adopted at layer 3 instead of custom layer 4 transport [2]?
For security analysis did you use BAN logic and ProVerif tool for verification [3], [4]?
I wasn't really aware segment routing, tbh. However, I do think with where Mycoria is going, the additional control to change things as needed will be required.
I have used VerifPal https://verifpal.com/ for security analysis before, but not yet with Mycoria.
To me that's the other way around: I would assume any non-WP link to direct me to some corporate blog, half automatically generatrd and full of trackers, whereas I trust WP to give me a broad and relatively neutral point of view with many links to go from there.
Hi Dhaavi, this looks like a great project and your vision for it is excellent.
But the consistent theme I see with similar solutions is that they ignore the commercial aspect of such solutions. I don't know if you have mass adaption in mind, but the more people use it, I would presume the privacy and anonymity properties would improve? If so, then have you considered introducing participation incentives (financial or not)? That seems to be the critical problem in this space that needs solving, standardized anonymous payment for infrastructure service providers in the network.
Currently, this is just a fun project for me. I have technical ideas, but I don't have growths plans or the like - and it is nice that it does not have to.
Yes, I would expect the privacy would increase by some degree with more users, but I don't know by how much.
Although I will be using the technology in future projects, so Mycoria will benefit from that.
I apologize, wasn't clear from the documentation: router's IPv6-like address is a fingerprint of the public key, but does it also encode geo-prefix and distance (I mean, it's hypothetically doable, I'm curious what's the approach if it is)? or the router's address has no metadata encoded, and only end-user addresses are encoded this way?
I am a little confused how the geo encoded addresses and private addresses work. It seems like the network will be overwhelmed with keeping track of switch labels?
If you want Tor for your _whole_ existing system, not just the browser, good luck.
If you want actually good privacy with a VPN, also good luck with that. (There are very few good companies doing the best they can here, but they are still limited technologically.)
SPN can be seen as my attempt to solve both of these issues.
Impressive design!
Are you assuming bandwidth is free and abundant?
Mycoria routers, proxies, Tor exit nodes, and VPNs are difficult to run. There needs to be an global incentive, economy, or private community usually. Our Delft University students wrote "The fifteen year struggle of decentralizing privacy-enhancing technology" a decade ago. Scaling to many millions or billions is unsolved.
Have you talked to any lawyer or law professor about your MVP? "Being welcome" has known drawbacks when you operate a central DNS service.
Thanks! Well, every participant has to cover their own server/bandwidth cost. So, from my perspective, yes, bandwidth is free and abundant. Although I hope that Mycoria can/will perform well in lower bandwidth areas.
Interesting. Can you link that paper/article?
The DNS is not central. Everyone maintains their own local mapping.
When accessing a website on mycoria, you open a URL like this that first creates the mapping and then forwards you to it: http://router.myco/open/speedtest.de.myco/fd13:6239:a07a:eb4...
Love the inspiration from Yggdrasil with the hashed key -> IP concept. How do you enforce the geographical part? And what do you use from transport? WireGuard?
Geographical: No enforcement, but if you choose the wrong country, packets will have issues reaching you, because routing is "bucketed" into layers of regions. Routers only hold the bext x routes to each bucket.
Transport is custom in order to support source routing, but I use the WireGuard library for setting up the interface and such.
(I have experience with cryptography in network protocols from Safing/SPN - the cryptography of which was audited without fault. Also, I am _very_ cautious and keep to standards as close as possible.)
This is very cool @dhaavi! Can definitely see where you've taken lessons learned from cjdns and yggdrassil.
I hate to nitpick but this project looks promising enough - and the new project you mentioned interesting enough - that I feel the need to. From your FAQ:
> First, there is some structure to the router IPs. While there are special purpose prefixes, most IPs will be in a geo-marked prefix. Every country (+ States in the US) has their own prefix within Mycoria. This means that on the global level, Mycoria routers in the same country share the same prefix. These prefixes are also (tendentially) similar to nearby countries.
Second, within a country prefix, Mycoria uses address-distance routing. This means that packets are sent in the direction of the "address-nearest" other router known. While this is not the most efficient way to route packets, it does work quite well with some additional steps - especially if confined to a smaller geographic region, as Mycoria is doing.
My commentary: One of the unfortunate lessons we learned from the IPv4 internet and management of IANA IPs by the different RIRs (and the subsequent tagging of IPv4 blocks with geographic information) is that layer-8 folks love the idea of layering policy on top of geographic tags. (E.g.: Maxmind says your address is in Pakistan, and according to Pakistani law content offered by another address is verboten, ergo you are blocked.)
Geographic awareness built in to network prefixes may be used against your users in ways that you'd prefer to avoid. Or perhaps it's an acceptable tradeoff for you - it's easy to envision scenarios where 'the juice is worth the squeeze' and users derive enough benefit from geo-aware prefixes to accept the drawbacks. If it's the former, I'd recommend investigating moving from geo-aware prefixes ("I'm within X miles of other people in this jurisdiction") to latency-aware prefixes ("I'm within X ms of other people within this prefix").
(Steelmanning my own recommendation - it's possible that anyone trying to implement layer 8 policies on top of geographical-aware prefixes will just willfuly misinterpret latency-aware prefixes as being close enough to them, which would mean a lot of wasted effort for nothing).
Anyway, just my two cents. Again, very cool project, looking forward to seeing what you build on top of it!
This is what I hope to solve with the private addresses: These are not geo-marked and not routable. Eg. they are randomly generated and cannot be attributed to a geographic location (easily).
Ah nice! Glad to see you've already thought of this. Any sense of what % of addresses you would hope to be private vs geo-marked? (Asking because it's easy to mark all private addresses as being "bad" if they're in the minority, but once they reach a tipping point that becomes infeasible - at least we've seen this with addresses tagged as belonging to VPN providers).
If you have a decent amount of private addresses in the mix (1) such that blocking them would 'break' the mycoria experience(2) then it sounds like you've got a decent solution here - geo-aware prefixes for convenience and private addresses for when you'd prefer the anonymity.
1) I freely confess to not knowing what percentage a good mix would be. 20%? 5%? In practice, going back to the VPN example for IPv4, it's "a high enough percentage of important users complaining that their VPN connections are broken for a long enough time". Depending on the jurisdiction that can be 1% (well off / well connected people in a jurisdiction complaining to the right people that in turn overwhelm management with their complaints) to >20% (not necessarily well off or well connected users, but a critical mass that instead overwhelms ISP help desks with complaints).
2) Assumption: mycoria / the app you're building on top of it becomes so important that breaking it completely is a non-starter for the average ISP.
This looks really interesting and great job on the docs!
I need to give it a shot but the first question that comes to mind is if mycoria exposes the full node in the network, requiring the use of a firewall to restrict access to ports, etc?
Asking because this is something that is required in yggdrasil: https://yggdrasil-network.github.io/faq.html#will-my-machine...
I love these sort of things generally from a technical perspective (I kinda have these fun day-dreams of a cadre of cool nerds and geeks setting up their own commune-networks against all odds in some distant future where they just have basic infrastructure etc)...
But ultimately I always feel uneasy and reluctant to get involved in general decentralized type things as I feel like I'll just be facilitating people sharing/distributing kiddie porn.
At least with Tailscale things are "private", but with this it feels like I would be part of the wider network. Will I be using my nodes to help route CP traffic?
The dilemna is not about technology or not but about anonymity or not.
Anonymity offers some protection against authoritarianism but also encourages some bad tendencies (no fear of consequences).
Very interesting. I really enjoyed reading how you handled scalable routing with geo-localised prefixes and with the distance between addresses for packets within the same country code.
What is the average latency of this? I was running a game server on I2P for fun (since I was getting ~100ms ping vs 600ms on Tor) but I'm curious if this can do better
Yes, the primary focus is connectivity within the network.
You can use it for pretty much anything you would use a VPN for, but it is much easier to configure and secure by default with a built-in firewall.
Only services you actively expose are reachable by others - by default nothing on your device can be accessed by others.
In the future, it will also provide some amount of privacy on the network.
I think the biggest user-facing difference is the ease of configuration (ie. none) - if Mycoria had proper installers.
All nodes on Mycoria end up in one huge network. The PN in VPN is for "private network", so I couldn't say this can do anything that a regular VPN can do.
Any node on the network can find my node via mDNS discovery and access any services which I expose. Services need to be secured in the same way I'd do on the public Internet, and not in the same way I do on a trusted private network between a few trusted nodes.
That said, I do believe this is useful in a lot of scenarios where a VPN might be too much work to set up. While one does need to ensure that all services do authentication, the encryption part is valuable, and this does ease exposing services from non-routable nodes with no consistent public IP.
Mycoria is secure by default: It has an integrated firewall that only allows access from explicitly defined addresses, or, optionally from anyone in the network.
Also, multicast is completely disabled on Mycoria.
Mycoria aims to interconnect participants. Eg. you and your friend all have their home server. Everyone wants to connect to their own server, but also to the server of their friends. All of this is super easy with Mycoria. Let a new friend install Mycoria, add them to your friends in the config and give them a URL for accessing. Voila!
Also, Mycoria is an automatic mesh network, I think Wireguard requires a fixed set of peers you configure.
> Wireguard requires a fixed set of peers you configure
Not really. One can add as many peers (though there's a artificial limit to just how many, I think) at runtime. It isn't fixed. Products like Tailscale couldn't be built otherwise.
You certainly can add an remove peers from your Wireguard network on the fly. Granted, this is something you have to do yourself, not something Wireguard has automatic tooling for, so I guess that's a difference :)
A VPN is used to create (the illusion of) privacy when accessing anything on the internet.
But I can't access anything that's not connected to mycoria with it, can I? If I were to access something like Netflix, would I need something like a mycoria reverse proxy server for Netflix?
The services that are marketed as being VPN providers are actually selling a very restricted form of VPN where they create for you a very small VPN between you and some other node in their fleet and then you route your traffic through that node.
It would be more correct to call such a provider a secure (two-way) proxy service (and in the past people did), but for some reason they went with VPN and that stuck.
Mycoria is basically the textbook definition of a VPN.
> A VPN is used to create (the illusion of) privacy when accessing anything on the internet.
Not really. Some more recent "VPN" products position themselves that way, but traditionally a VPN has been a way to have something that behaves like a private LAN between computers that are not physically connected to each other (hence the name).
I would say that for most laypersons, VPN is used for two things: accessing your remote work resources and accessing content banned in your country.
As was patiently explained to me, Mycoria relies to quite an extent on the network effect: you can only use it if other nodes are using it, using it by yourself does not make sense. So the informed layperson's perspective is relevant here. That's why I insist on "dumbing it down" :D
To fit a layperson's understanding maybe the term VPLAN or VPWAN would work? Except I'm not sure laypeople really know what a WAN is. I think more people know LAN but then there could be confusion with VLANs.
Names are hard.
Personally this Mycoria reminds me more of a global tailnet I.e tailscale's VPN
And I guess as an extension, at least currently, Mycoria is an option for building "darknet services" except the privacy aspects aren't quite there yet compared to tor?
Yes, Mycoria is primarily about connections between network participants, eg. access your server at home without public IP, or a hybrid/fully remote team with a couple servers here and there.
In an open mesh network, you still want privacy from the other network participants.
Mycoria might have exit nodes similar to Tailscale in the future, but it won't be a fan-out multi-exit system like SPN, for example.
To be sure I understand, in that first usecases where a company is replacing their VPN with Mycoria, would access controls/restricting access to devices is all firewall based? That technically there's a network path to all the other devices on Mycoria just limited by firewall rules?
What comes to mind to me analogously (more from my experiences than anything) is like a global tailnet that leans on firewalls to segment things?
A cross between tor and a vpn is quite appropriate too
Mycoria has in integrated firewall for this, just in case that information got lost somewhere.
This also means that devices of the company will help other devices of the company to reach their destination, adding to resilience in outages and emergencies.
You can of course build bridges between these networks. This definitely something that is planned.
> This does not merely look like an IPv6 address, it is one. But it's also more than that: These addresses are generated by first creating a public/private key pair and then hashing the public key. This means, this IPv6 address is also the fingerprint of the public key of the router
> This way you can distribute both the Mycoria address of a router and its public key with a single data point: An IPv6 address.
What?
* Then how does a computer figure out how to ping that?
* You say it's distributing both the address and the public key with a single data point, but you're hashing it. So, you can restore the public key from the IP if you already know the public key, does everyone store every public key that's currently in use? Are there central stores somewhere that are eventually consistent?
This is a simplified conclusion. The IPv6 address is the fingerprint of the public key. They actual keys are exchanged over the network before any real traffic is sent.
There is not central store. This is done on the fly.
that's correct. libp2p is designed as an agnostic library that could be used in projects similar to Mycoria. it offers the building blocks to build a p2p network.
as a side-note, I've tried to use libp2p in the past, but ended up writing transports, NAT traversal, and fundamental structs for my p2p network from scratch, ditching libp2p.
IMHO, libp2p has the worst API and project structure I've ever seen in an open source project. The project almost feels like sabotage. For example, I once asked whether there is an example of using libp2p to send one file from an endpoint to another one. Someone answered a year later and explained that there was no such functionality. They were really surprised someone might want to use libp2p to send a file from A to B.
I eventually figured out how to do it but decided not to use the library. However, there is still a real need for an easy to use p2p library for Go that can do some NAT traversal. It's a real pity that the developer of github.com/perlin-network/noise stopped working on it.
A little more background info for my fellow HN people:
I've spent that last 8 years building privacy technology at Safing as Co-Founder/CTO. The biggest technological achievement there was undoubtedly the SPN (previously called Port17/Gate17): A privacy network (ie. a layer-5 proxy), fitting in the niche between VPNs and Tor. Impossible to misconfigure, good speeds and way superior privacy to VPNs using onion encryption and decoupled authentication/authorization. Funnily enough, this (decoupled auth) is what was later implemented by Apple Private Relay and Google One VPN.
SPN worked great for the most part, but scaling was hard. With the decision to make it a layer-5 proxy for decreased metadata and improved privacy, this meant that also traffic and congestion control had to be re-implemented - no easy feat, and still causing issues.
Meanwhile, I have followed and read a lot about cjdns and Yggdrasil over the past few years and was intrigued by their ideas how to do networking.
After some interesting talks in November 2023, I was at the point where I just wanted to know how far I would get - with all the experience and knowledge I had up to that point - implementing a scalable layer-3 mesh network, that still allowed for some privacy and full security. I spent most evenings of a couple months building it and was surprised how well it went.
Sadly, after a decent MVP and a first friend using it in small scale production, I did not have the time to work on it further.
But I am currently starting a new project, where I will make good use of it, so it will see quite some more development in the coming years!
So, Mycoria works, at least on small scale for now, but is more or less MVP.
Thanks for reading, I hope you have fun poking around and trying it out!
I am also happy to answer any questions you have here!
reply