Mycoria is an open and secure overlay network that connects all participants

Original Article ↗ Hacker News Discussion ↗

Project scope & goals

  • Described as an open, secure layer‑3 mesh overlay focused on interconnecting participants, not on generic “browse the whole Internet anonymously” use.
  • Emphasis on resilience (working even when the public Internet is degraded) and simplicity of setup; currently an MVP proven at small scale.

Primary use cases

  • Accessing home servers or NAS from anywhere without public IPs.
  • Replacing or simplifying traditional corporate VPNs for remote teams.
  • Building semi-private/darknet-style services with eventual stronger privacy.
  • Not aimed at consumer “watch Netflix from another country” use; that still needs classic VPN/Tor or potential future exit nodes.

Comparison to VPNs, Tailscale, WireGuard, ZeroTier, etc.

  • Functionally similar to a VPN in the textbook sense (virtual private network), but:
    • Global mesh rather than separate per-organization LANs.
    • Automatic routing and peer discovery instead of static peer lists (e.g., WireGuard alone).
  • Compared to Tailscale/ZeroTier:
    • Similar “global tailnet” feel, but Mycoria is a cooperative mesh with no central policy server.
    • Can be used as a drop‑in for some use cases, but still early.
  • Different from consumer VPN services, which are essentially secure proxies.

Relationship to Yggdrasil, cjdns, Reticulum, etc.

  • Inspired by Yggdrasil/cjdns hashed-key‑to‑IP idea and distance-based routing.
  • Commenters see it as closer to Yggdrasil/Reticulum-style overlay than to simple tunneling tools or tinc.
  • Some suggest contributing to existing projects; author positions Mycoria as a separate, fun, experimental effort.

Security model & privacy

  • “Secure by default”: built‑in firewall denies all inbound access unless services and “friends” are explicitly configured.
  • Multicast disabled; no automatic broad exposure of services.
  • Everything is authenticated via cryptographic IDs, which improves spoofing resistance but implies limited anonymity.
  • No onion routing; less privacy than Tor, more focus on scalability. Prior work (SPN) targeted strong privacy instead.

Routing, addressing & DNS

  • Router IDs are IPv6 addresses derived from public-key fingerprints, sometimes brute‑forced to include geo‑prefixes (country/state).
  • Geo‑marked prefixes help scalable routing; raises concerns about policy/geoblocking and location leakage. Planned “private” non‑geo, non‑routable addresses to mitigate this.
  • Routing takes geographical buckets and latency into account; transport is custom (not raw WireGuard) to support source routing.
  • DNS is local: each node maintains its own mapping. Access uses special URLs that bind names to specific Mycoria addresses on demand, reducing centralized DNS poisoning risk.

Adoption, incentives & legal/abuse concerns

  • No built‑in economic incentive layer yet; currently a hobby/side project, with future reuse in other projects.
  • Some worry about running infrastructure that may route illegal content (e.g., CP), similar to Tor‑style liability fears.
  • Debate over the ethics of anonymity vs. abuse, and the likelihood of state/ISP pressure based on geo‑aware prefixes or traffic.