Thread

🛡️
Article header

SEC-07: The Network Stack

We need a better internet, and that's exactly what we are exploring in the upcoming SEC-07 cohort.

Published:

The internet is amazing. Or at least, the promise of the internet is amazing: anyone, anywhere, can publish anything and reach the world. No gatekeepers. No borders. Just packets flowing freely between peers.

But that's not the internet we have.

What we have is geoblocking, deplatforming, and censorship. Closed systems masquerading as open ones. Infrastructure that was originally built for resilience is now optimized for control.

In February 2025, LaLiga ordered Spanish ISPs to block Cloudflare IP addresses to stop pirate streams of football matches. GitHub went dark. So did ChatGPT, Instagram, Bluesky, X, and some 3,300 other websites. Millions of Spanish users couldn't reach half the internet because one court order hit one infrastructure provider.

They were trying to stop football streams. They accidentally broke the internet. This is just one example of many.

Cloudflare went down again on 5th December - third major outage in three months, affecting 28% of Cloudflare's traffic. X, Zoom, Canva, banks, and many others went down. One company sits in front of 20% of the web, and when it hiccups, the internet chokes.

We need a better internet, and that's exactly what we are exploring in the upcoming SEC-07 cohort. We want to spend the better part of April exploring how we could re-imagine the network stack to be more robust, more resilient, and more resistant to control.

As of today, the internet's architecture is a series of permission layers. DNS translates names into addresses, but ICANN controls the root, and your domain can be seized with a court order. IP addresses route your traffic, but they can be blocked, tracked, and geolocated by any ISP in the chain. Certificate Authorities vouch for encrypted connections, but a handful of companies decide who's "trusted," and they can revoke it overnight.

This isn’t a theoretical threat, as various headlines of the last couple of months clearly show: The UK's Online Safety Act requires age verification to access social media. Australia banned under-16s from platforms entirely, no parental consent exceptions. The EU's proposed Chat Control would mandate scanning all encrypted messages - Signal, Threema, and Proton said they'd leave Europe rather than comply. Brazil blocked X nationwide for two months and fined users $9,000/day for using VPNs to bypass it. The US Supreme Court unanimously upheld the TikTok ban, affecting 170 million users. India had 84 internet shutdowns in 2024, second only to Myanmar's military junta. Kashmir went 552 days without internet. In Myanmar, you can get  six months' jail for having a VPN installed.

The question of who controls internet speech isn't new. John Joink drew this cartoon in 2011, during the SOPA/PIPA debates. The mechanisms of control were already in place. What's changed is the scale and the brazenness - governments across the political spectrum, from democracies to dictatorships, now exercise this control openly and in lockstep.

We now have the tools to fix this, and SEC-07 is dedicated to exploring them - routing discovery through pubkeys instead of registrars, building connectivity without exposing addresses, establishing trust through cryptographic proof instead of corporate authority.

The goal is to explore questions such as: How can we make ICANN and IANA irrelevant, DNS optional, and Certificate Authorities unnecessary?

We're joined by the Tollgate team for SEC-07. Tollgate is one of the projects that came out of Sovereign Engineering - alongside noDNS, FIPs, Paygress, and others built during SEC-05. They've been deep in the network stack. They know where the bodies are buried.

SEC-07 runs March 30 - April 17, 2026. Three weeks. Focused work. In Madeira. See all upcoming cohorts.

SEC-07 applications are now open.

If you're building the plumbing for the self-sovereign internet, we want to hear from you. Greybeards and veterans of the network stack, those who watched the open internet's promise fade, we especially want to hear from you, your expertise is needed. If you know someone like that, send them our way.

Great weather. Ocean as far as the eye can see. No shortage of hard problems to solve.

More: sovereignengineering.io | No Solutions Podcast

Replies (10)

Wow, ambitious! As much of a challenge as it is to try to get people off of centralized surveillance tech onto platforms like Nostr, going after DNS and ICANN feels like the "final boss". My first thought is, there has to be some kind of friction or anti-spam mechanism introduced... Stuff like Cloudflare exists because there's basically zero cost to spam the internet with DNS requests. Can a "proof of work" or something similar be embedded into the deepest levels of the network stack? Or is that the wrong solution?
↩ replying to Globe99
Yes PoW and public keys as identifiers rather than just MAC addresses & IP addresses are some of the things that make us think it's possible 😀
↩ replying to c03rad0r
I mean... Would that require a whole new backbone network? Like, you're going to have to have that operating in central fiber optic hubs, etc...
↩ replying to Globe99
The hardware is shaped like a tree for efficiency reasons - it's uneconomical for you to have a dedicated cable to each of your counterparties on the internet. The logical tree that we was to distribute IP addresses from IANA also exists for efficiency reasons - imposing logical structure on a network means that we can navigate it without maintaining a graph of the entire network. The challenge is to build scalable networks without relying on an authority to impose logical structure. I suspect the unstructured networks will start off as sub networks that grow larger over time if it makes sense to operate them. Fortunately @TollGate enables us to transfer the cost of infrastructure to it's users, so I'm hopeful that sustainable businesses can be built around expanding un-structured networks.
This is incredibly important work — and honestly, long overdue. The open, resilient internet we were promised has been hollowed out by layers of control, brittle infrastructure, and gatekeepers we never voted for. Seeing real efforts to rethink the network stack from first principles gives me hope. I genuinely believe we need this, and I’d love to contribute in any way I can. The problems you’re tackling aren’t just technical — they’re foundational to digital freedom. If there’s an opportunity to help push this vision forward, I want to be part of it.
Ok... I'll give a try to attend, but no promise. I do believe everybody major problem is if the ISPs (or by governmental decision) decide to ban the "bridge" function in the supplied routers. If the "bridging" is allowed, we can do whatever the fuck we want. VPNs, Pi-Hole, or even a dedicated Raspberry Pi running OpenWRT and a "monero paid" VPS in a non-censored country, running Mullvad. But yes... It is an hassle and everyone should get free and private internet easier. I'll try to attend. 👍 Keep up 💪
🛡️
I can't physically go there at the moment, unfortunately, but I did build/vibed a solution to the ICANN problem along with the certificate problem. At the moment I'm refactoring it, cleaning it, improving the UX, built ita supporting tool, and adding more connecting and self healing functionality for its discovery within its network, as well as implementing it in user-facing products for actual user-use and to apply market pressure to have it supported/implemented by top products. Its called DNN, Decentralized Naming Network:
DNN
 (I'd update the repo with the code once I reach a point where it seems good for others to run it, and have more repos up for the user facing products as well when they're ready too) I'm hoping I can show a quick demo of the magic by Monday, but not sure. I was also thinking of tackling the IANA problem, but it seems like the great man behind TollGate is looking into it (I'm hoping his research bears fruit and moves forward with it, because that one is a headache x3).