Author here - thanks for the post!<p>A little more background info for my fellow HN people:<p>I've spent that last 8 years building privacy technology at Safing as Co-Founder/CTO. The biggest technological achievement there was undoubtedly the SPN (previously called Port17/Gate17): A privacy network (ie. a layer-5 proxy), fitting in the niche between VPNs and Tor. Impossible to misconfigure, good speeds and way superior privacy to VPNs using onion encryption and decoupled authentication/authorization. Funnily enough, this (decoupled auth) is what was later implemented by Apple Private Relay and Google One VPN.<p>SPN worked great for the most part, but scaling was hard. With the decision to make it a layer-5 proxy for decreased metadata and improved privacy, this meant that also traffic and congestion control had to be re-implemented - no easy feat, and still causing issues.<p>Meanwhile, I have followed and read a lot about cjdns and Yggdrasil over the past few years and was intrigued by their ideas how to do networking.<p>After some interesting talks in November 2023, I was at the point where I just wanted to know how far I would get - with all the experience and knowledge I had up to that point - implementing a scalable layer-3 mesh network, that still allowed for some privacy and full security. I spent most evenings of a couple months building it and was surprised how well it went.<p>Sadly, after a decent MVP and a first friend using it in small scale production, I did not have the time to work on it further.<p>But I am currently starting a new project, where I will make good use of it, so it will see quite some more development in the coming years!<p>So, Mycoria works, at least on small scale for now, but is more or less MVP.<p>Thanks for reading, I hope you have fun poking around and trying it out!<p>I am also happy to answer any questions you have here!
I love these sort of things generally from a technical perspective (I kinda have these fun day-dreams of a cadre of cool nerds and geeks setting up their own commune-networks against all odds in some distant future where they just have basic infrastructure etc)...<p>But ultimately I always feel uneasy and reluctant to get involved in general decentralized type things as I feel like I'll just be facilitating people sharing/distributing kiddie porn.<p>At least with Tailscale things are "private", but with this it feels like I would be part of the wider network. Will I be using my nodes to help route CP traffic?
This is very cool @dhaavi! Can definitely see where you've taken lessons learned from cjdns and yggdrassil.<p>I hate to nitpick but this project looks promising enough - and the new project you mentioned interesting enough - that I feel the need to. From your FAQ:<p>> First, there is some structure to the router IPs. While there are special purpose prefixes, most IPs will be in a geo-marked prefix. Every country (+ States in the US) has their own prefix within Mycoria. This means that on the global level, Mycoria routers in the same country share the same prefix. These prefixes are also (tendentially) similar to nearby countries.<p>Second, within a country prefix, Mycoria uses address-distance routing. This means that packets are sent in the direction of the "address-nearest" other router known. While this is not the most efficient way to route packets, it does work quite well with some additional steps - especially if confined to a smaller geographic region, as Mycoria is doing.<p>My commentary: One of the unfortunate lessons we learned from the IPv4 internet and management of IANA IPs by the different RIRs (and the subsequent tagging of IPv4 blocks with geographic information) is that layer-8 folks love the idea of layering policy on top of geographic tags. (E.g.: Maxmind says your address is in Pakistan, and according to Pakistani law content offered by another address is verboten, ergo you are blocked.)<p>Geographic awareness built in to network prefixes may be used against your users in ways that you'd prefer to avoid. Or perhaps it's an acceptable tradeoff for you - it's easy to envision scenarios where 'the juice is worth the squeeze' and users derive enough benefit from geo-aware prefixes to accept the drawbacks. If it's the former, I'd recommend investigating moving from geo-aware prefixes ("I'm within X miles of other people in this jurisdiction") to latency-aware prefixes ("I'm within X ms of other people within this prefix").<p>(Steelmanning my own recommendation - it's possible that anyone trying to implement layer 8 policies on top of geographical-aware prefixes will just willfuly misinterpret latency-aware prefixes as being close enough to them, which would mean a lot of wasted effort for nothing).<p>Anyway, just my two cents. Again, very cool project, looking forward to seeing what you build on top of it!
This looks really interesting and great job on the docs!
I need to give it a shot but the first question that comes to mind is if mycoria exposes the full node in the network, requiring the use of a firewall to restrict access to ports, etc?
Asking because this is something that is required in yggdrasil: <a href="https://yggdrasil-network.github.io/faq.html#will-my-machine-be-exposed-to-other-users-of-the-network" rel="nofollow">https://yggdrasil-network.github.io/faq.html#will-my-machine...</a>
I might be totally missing something here, but does Mycoria attempt to prevent network participants from learning the public-Internet IP address corresponding to a Mycoria router ID?<p>The "iana" field in the configuration kind of suggests that this is not a goal, and this system is basically Tailscale but with IPv6 and a global namespace. But if this is the case, I don't really understand the emphasis on "routing", since pretty much every Internet host can reach pretty much every other Internet host directly using NAT traversal techniques (like BitTorrent does).<p>If you are trying to hide public-Internet IP addresses (like Tor hidden services do), the routing scheme still doesn't make a ton of sense to me, because presumably you wouldn't want to leak data by picking routes with a deterministic or latency-dependent strategy.
(How) does this deal with DNS poisoning like the GFW ?( <a href="https://dl.acm.org/doi/10.1145/2994620.2994636" rel="nofollow">https://dl.acm.org/doi/10.1145/2994620.2994636</a> )
Very interesting. I really enjoyed reading how you handled scalable routing with geo-localised prefixes and with the distance between addresses for packets within the same country code.
There are so many projects like this but how many have had an outside audit of their code? Yay, it's got encryption and stuff! But how well has it been implemented?
What is the average latency of this? I was running a game server on I2P for fun (since I was getting ~100ms ping vs 600ms on Tor) but I'm curious if this can do better
Looks interesting.<p>What I understood: it is basically overlaying privacy and net neutrality on the internet.<p>I am therefore restricted to communicating with other users of mycoria and can't access "the whole Internet" via mycoria.<p>Am I correct?<p>What isn't clear for end users, IMO:<p>- What's the primary use case it was built for? Are there applications using it for chatting / exchanging data / whatever?<p>- what's the difference to similar projects like, say, yggdrasil?<p>- what's the difference to using a VPN?
Have you seen Reticulum[0] yet? How much overlap does the Mycoria networking layer have with it?<p>[0]: <a href="https://github.com/markqvist/Reticulum">https://github.com/markqvist/Reticulum</a>
I'm not that experienced in VPNs and other distributed services.
Can I use this to access my self-hosted servers at home and access them from the outside; without having a VPN or a reverse-proxy? Or, "explain like I'm 5" version, can I use this to host my Minecraft server at home and play with my friend?
> Every Mycoria Router has an ID. For example:<p>> fd1f:2cf7:903:b50b:e4cb:5c4c:270e:360c<p>> This does not merely look like an IPv6 address, it is one. But it's also more than that: These addresses are generated by first creating a public/private key pair and then hashing the public key. This means, this IPv6 address is also the fingerprint of the public key of the router<p>> This way you can distribute both the Mycoria address of a router and its public key with a single data point: An IPv6 address.<p>What?<p>* Then how does a computer figure out how to ping that?<p>* You say it's distributing both the address and the public key with a single data point, but you're hashing it. So, you can restore the public key from the IP if you already know the public key, does everyone store every public key that's currently in use? Are there central stores somewhere that are eventually consistent?
is this something like libp2p, but comes bundled with some tools to be a standalone thing?<p>a rationale/comparison section on the front page would be nice.
This reminds me of my old university days where we would setup a Minecraft server and make it accessible through Hamachi (which has enshitified and therefore never really took off beyond those simple use cases).<p>Semi-public authorized access networking really is the future of a more private but more distributed Internet in the age of state sponsored hackers and IoT DDoS bot farms.