Caria Giovanni - Harpocrates

I’ve been analyzing the current state of "secure" messaging, and my recent tests with Signal have highlighted some persistent vulnerabilities inherent to any stack relying on standard TCP/IP. Even with strong encryption, metadata leakage at the ISP/CDN level and the reliance on kernel-level interfaces like TUN/TAP remain significant privacy bottlenecks.

I’m curious to discuss the feasibility of a user-space only stack built in Rust that completely decouples identity, addressing, and transport to mitigate these leaks. My current architectural hypothesis involves an identity layer using hardware-backed Zero-Knowledge Proofs—via TEE or zkVM—to handle authentication without persistent identifiers or central registries. For addressing and routing, I'm thinking of a minimal RINA overlay where Distributed IPC Facilities (DIF) allow us to route between processes rather than nodes, effectively moving away from traditional IP-based addressing. This would all be wrapped in a "blind" transport, such as Ockam or shadowsocks-rust, to make the traffic indistinguishable from generic noise to any external observer.

I’m still weighing the practical hurdles, especially how to best bridge RINA's recursive logic with a user-space transport like Ockam without requiring root privileges. I'm open to suggestions on alternative technologies or implementations that might achieve this same level of isolation. If anyone has thoughts on the practical hurdles or existing foundations that could be leveraged here, I’d really value your perspective. Definitely feels like there's a lot to dig into.

#Rust #Rustlang #Infosec #Cryptography #Networking #Privacy #DistributedSystems #RINA #ZKP

Mar 17 at 7:44amWeb
Show threadDiego Assustado14h ago
@Harpocrates what's wrong with TCP/IP for privacy? AFAIK most Comms today are behind NAT so at most people can know your city or neighbourhood, but not the contents of the messages right?
Show threadCaria Giovanni - Harpocrates14h ago

@diegovsky That's a very fair point, and it’s the heart of the "privacy vs. security" debate. The issue with the standard TCP/IP stack isn't about what you are saying—encryption like TLS or AES handles that part—it’s about the massive amount of noise you make while saying it.

Even when you are tucked behind a NAT and your IP looks like just another house in a crowded neighborhood, your digital footprint remains incredibly loud. An ISP or a network node doesn't need to read your messages to figure out exactly what you are doing. They look at the metadata: the packet sizes, the precise timing between them, and the frequency of the bursts. This creates a "behavioral fingerprint." For instance, a skilled analyst can easily distinguish a Signal call from a Netflix stream, or even guess which language you are speaking by analyzing the Variable Bit Rate (VBR) patterns of the audio codec, all without ever decrypting a single bit of your text.
The fundamental flaw in TCP/IP is that it permanently couples your identity to your physical location via the IP address. As long as we are routing data between physical "nodes," we are leaving a breadcrumb trail. Moving toward a user-space stack built in Rust—especially using something like RINA—is about breaking that link. We stop addressing data to a specific computer in a specific city and start addressing it to a logical "process." By decoupling the transport from the identity, your traffic effectively becomes indistinguishable from generic background noise to any outside observer. In 2026, strong encryption is just the baseline; the real frontier is making the communication itself invisible to the structure of the network.

Show threadMichał Fita13h ago
@Harpocrates @diegovsky I'm kinda interested, but from different perspective. How to make such protocol stack lightweight enough to fit into embedded system, so their activity at premises cannot be subject to analysis of rouge parties? What you describe is a lot of layers with a lot of code - fine for IM on Android, but less for a device running on 300kB of total RAM.
Show threadCaria Giovanni - Harpocrates12h ago
@michalfita @diegovsky actually with some alchemy i think is possible to use just 300Kb (theoretically and doing some math) working with pre-allocation working without fancy side items and do some ancient rituals compiling everything.
Show threadkkrolczyk12h ago
@Harpocrates
I think there was (once?) an attempt to build truly distributed and anonymous network, but the protocol was rather niche, with somewhat unfortunate name choice "tox" (colliding with much more well-known Python tool). I guess lora-mesh approaches could be also considered, but due to the low bandwidth and even lower density - not really successful (for now).
All TCP/IP based communication can be simply filtered out, on many (even country) levels, even if fully encrypted.
Show threadCaria Giovanni - Harpocrates12h ago
@kkrolczyk True, but traditional TCP/IP is riddled with structural leaks. My stack theory uses Shadowsocks-Rust for total obfuscation (entropy vs encryption) and RINA to decouple identity from the location. It's not just about hiding; it's about replacing a vulnerable 70s architecture with hardware-backed Zero-Knowledge privacy
Show threadkkrolczyk12h ago
@Harpocrates but you'd be still constrained by the infrastructure in general, plain ol' wires (well, or fiberglass). I guess one could apply various techniques, "steganography"-like, to masquerade your traffic to resemble something else, at the cost of overhead. 1/2
Show threadkkrolczyk12h ago
@Harpocrates While I keep my fingers crossed for you (and will watch closely), I have some doubts. Without fully open hardware, and full chain of trust, I think it's hard to build "unblockable", anonymous and private network; aside from all possible "negative" implications, misuse of such net. 2/2
Show threadCaria Giovanni - Harpocrates12h ago
@kkrolczyk it worth a try :) keep you posted!
Show threadDiego Assustado12h ago
@Harpocrates I don't mean to offend but is this written by AI?
Show threadCaria Giovanni - Harpocrates12h ago
@diegovsky im honest yes and no. I got some prob writing so I put what I write into a sort of local llm corrector just to let other understand