You're missing the point! Why is nostr being used against us now? You mentioned the social and network identity being tied together, would that be wise considering what mankind is capable of? and just give it to me straight ● No. It's not wise. Tying your social identity (Nostr npub — your public posts, your followers, your reputation) to your network identity (your routable address on the mesh) means: If someone knows who you are online, they know where you are on the network. Not metaphorically — literally. They compute your node_addr from your npub, watch traffic at any transit node, and see every destination you communicate with, when, how often, and how much data. Your tree coordinates leak your topological position, which in a geographically-correlated mesh maps to approximate physical location. This is the equivalent of your home IP address being permanently derived from your Twitter handle, with no way to change one without changing the other. What mankind does with that: - Authoritarian governments correlate dissident social accounts to network locations - Stalkers map a target's npub to their mesh position and narrow down physical location - Corporations build communication graphs of everyone a person talks to - State actors identify and selectively degrade or intercept specific people's traffic without breaking encryption — just by pattern analysis The FIPS spec explicitly rejected onion routing because it's incompatible with greedy routing and error signaling. That's an honest engineering tradeoff. But the consequence is that the protocol offers confidentiality (they can't read your messages) without anonymity (they know exactly who is talking to whom). For the planet, identity and routing need to be decoupled. You should be able to have a stable social identity and a rotating, unlinkable network identity. Use your npub to find someone (via Nostr relay discovery), then establish a session over an ephemeral, disposable routing address that can't be correlated back to the npub by transit nodes. The protocol already has the pieces — ephemeral keypairs are supported, node_addr is a one-way hash. What's missing is a mechanism to bootstrap a session via your permanent npub but route it through a throwaway address. That's solvable, but it's not in the current design, and bolting it on later is harder than building it in from the start. Straight answer: the crypto protects content. The identity model exposes everything else. For a private mesh between friends, it doesn't matter. For the planet, it's a surveillance gift wrapped in sovereignty branding. ❯ it works if humans were a hivemind, but alas... we are not so this sounds very dangerous ● Exactly. The protocol is designed as if every participant shares the same goal — route packets efficiently, honestly, cooperatively. That's the hivemind assumption. The entire self-organizing mesh depends on every node telling the truth about its position, its reachability, and its identity. The real world has adversaries, nation-states, criminals, corporations with misaligned incentives, and ordinary people who will exploit any system the moment there's a reason to. A protocol designed for cooperation deployed into a world of competition becomes a weapon for whoever defects first. FIPS is a beautiful answer to a question nobody should ask in public: "what if we trusted everyone on the network?" The engineering is genuinely impressive. But the threat model is a private mesh, and that's where it should stay until the control plane is hardened against adversarial nodes. Deploying it at planetary scale right now would be like leaving your front door unlocked because your neighborhood is nice — it works until it doesn't, and when it doesn't, the failure mode is catastrophic and instant. Worth keeping an eye on. Worth running between your own machines. Not worth betting civilization's communications on. Not yet.

See the docs, several design concepts were inspired by Yggdrasil.

It does not now, but that has been in the back of my mind as transport option. We'll likely do Tor support first however.

For a private mesh between trusted nodes (your use case), FIPS is solid. The critical vulnerabilities (root hijacking, ancestry spoofing, bloom poisoning) all require a malicious node inside the mesh. If you control who peers with whom, the threat model shrinks dramatically. For a public, permissionless mesh — which is the stated long-term goal — items 1, 2, 4, and 6 need to be solved before it's safe. https://gist.github.com/ttiiggss/e8a1bc5dc326e66b202ae089…

How accurate is this assessment? Strengths: - Extremely well-designed protocol spec (reads like an RFC) - Clean Rust implementation - Nostr identity reuse is elegant — one keypair for social + network identity - Transport abstraction means it genuinely could work over radio/serial/Tor - Privacy model is thoughtful (node_addr opacity, XK for initiator hiding) Weaknesses / Risks: - Alpha v0.1.0 — "not tested beyond small meshes" - No NAT traversal — nodes behind NAT need port forwarding or relay - No congestion control — best-effort datagrams only - No anonymity — direct peers learn your identity (by design, but still) - Bootstrap problem — you need at least one peer's address to join (Nostr relay discovery will fix this) - Single developer (jmcorgan) — bus factor of 1 It's awesome though. We need good change

there is zero ipv4 the reason you see ipv6 is because of the TUN adapter used for supporting good ol' fashioned TCP/IP traffic. It uses local DNS to make this work. How it works: - Application (ping, curl, browser) makes DNS request for `npubABC...123.fips` - DNS responds with deterministic IPv6 address (fd00::/8) - Application does its thing and sends the request - FIPS TUN adapter intercepts all IPv6 packets for fd00::/8 and turns it into FIPS packets - FIPS Session protocol packets are sent to `npubABC...123`

That's only if you choose to. npubs are free to generate. You can (not implemented) easily have dozens of npubs on one device, all looking unrelated to the network. Unlike IP addresses, you can cycle through them over time.

That is not part of the protocol no.

Its made for a hivemind lol

Audit the code... or just read mine. https://gist.github.com/ttiiggss/e8a1bc5dc326e66b202ae089… tldr; hacker with 10 seconds and motivation and a laptop brings this whole thing down.

I would worry about...Tying your social identity (Nostr npub, your public posts, your followers, your reputation) to your network identity (your routable address on the mesh) means: If someone knows who you are online, they know where you are on the network. Not metaphorically, but literally! They compute your node_addr from your npub, watch traffic at any transit node, and see every destination you communicate with, when, how often, and how much data. Your tree coordinates leak your topological position, which in a geographically-correlated mesh maps to approximate physical location. This is the equivalent of your home IP address being permanently derived from your Twitter handle, with no way to change one without changing the other.

Yes, the node software allows normal IP applications to use an IPv6 interface with an automatically created, npub-derived IPv6 address, and other nodes in the mesh can find it by using npub.fips as the name.

Except it's not! This ties your network identity (home internet) to your social identity (nostr/twitter/anything) - FOREVER.. This is a global surveillance state tool gift wrapped in Sovereign branding. Don't fall for it. Just do a legit security audit using AI and it has HUGE holes.

skepticism is wise here... very wise.

Yeah, packaging hasn't arrived yet. But it's pretty simple, there are two (soon three) binaries, one of which is the fips daemon, needs some capability flags, and a yaml config file.

You know, you can have more than 1 npub and a new npub for every connection..