Neat concept but so many footguns that (imo) it’s not really sustainable to try bootstrapping.

Specifically, I had tried to port the stack to Rust no-std to use on nrf52 LoRA devices to use/abuse the existing MeshCore network to deliver reticulum packets. Turned out to be a nightmare just trying to figure out if my packets were even correctly formed.

I have a buddy working on restoring a set of binoculars that were attached to the Target Bearing Transmitter system for a US sub from the 50s. Last I heard he was able to find someone that actually had parts of the original schematics for it so that he’s able to machine some new pieces.

These things are definitely a labor of love.

AI text is everywhere, but this isn’t it.

My initial stab was a rust port targeting esp32 Heltec V4 (since it has some niceties like tokio) with Reticulum communication over serial, BLE, WiFi and LoRA. The serial interface was sort of working, but frankly debugging using rnsd/nomadnet was infuriating (there’s no tools just to easily see messages over the wire!).

I’ve moved onto a build system that can also target the SEEED Wio Tracker using no_std, but it’s been… messier. AI tooling doesn’t quite have the context length for big migrations like that yet.

Reticulum is not worth getting into, the utilities and general infrastructure just isn’t there yet.

The project was basically a one-man-show for a long time, and has a lot of odd, esoteric decisions that will drive you mad if you’re actually trying to build something with it (eg, configuration files with sparse documentation that are yaml-but-not-really). I don’t mean to belittle the loads of time the original maintainer put into this project, it’s just not really designed to be usable in the general case by other developers.

I spent some time porting the reference Python implementation to no_std rust, but basically had to roll all the basic debugging utilities myself.

How does the company handle the split between your defense and consumer products? Do you see there being conflicting interests here?

It’s interesting that Apple is going down a similar path with hardware filtering location retrieval commands and neighborhood-level blurring on their C1 modems. Really awesome work from that team by making sure they’ve considered privacy as a first party feature for that chip.

How do you guys view the relative value of privacy/security at the network provider layer of the cell stack for the average user/citzen?

Even if Cape doesn’t retain metadata yourselves (eg LTE positioning info), is that data not still retained and repackaged by the tower owners themselves? Eg babel street, venntel, etc. A rotating IMEI every 24 hours might make it marginally more difficult for logical tracking, but there’s still only physically one location the phone can be in without fuzzing at the hardware level.

I should also say - I’ve been following y’all’s work for a while (and considered some of those early forward deployed engineer positions), but I’m struggling to see how this all works as a consumer product. Would be awesome to see an eventual partnership with Apple/Qualcomm to bring this to the hardware level since privacy is a tough nut to crack even at full MVNO.

Each “post” has a CID, which is a cryptographic hash of the data. To “prove” ownership of the post, there’s a witness hash that is sent that can be proved all the way up the tree to the repo root hash, which is signed with the root key.

Neat way of having data say “here’s the data, and if you care to verify it, here’s an MST”.

Far from a slam dunk, but I don’t think we’re as far from net gain as we were 10 years ago.

All of the replies I saw were falling over themselves to praise OP. Not a single one gave an at all human chronically-online comment like “I can’t believe I spent 5 minutes of my life reading this disgusting slop”.

It’s like an echo chamber of the same mannerisms, which must be right in the center of the probability distribution for responses.

Would be interesting to see the first “non-standard” response to see how far out the tails go on the sycophancy-argumentative spectrum. Seems like a pretty narrow distribution rn

The iMessage/ADP/Metadata stuff I think is more of an implementation decision than a meaningful attempt at data collection. Using clear text file names and hashes for dealing with collisions and deduplicating is a reasonable first pass at something like this. Sure, they could probably roll some end-to-end obfuscation for this, but with how big their stack and cloud integrations are, I’m sure that’s non-trivial.

I think its polite to indicate AI agent usage in security related projects like this since they can have huge holes if they're just being vibe coded.

-- Edit: Intended to post this on the board root, sorry.