Currently, Earendil is in its earliest stages of development.
The following is an aspirational README describing the goals of the project. Very few features are done at the moment.
Earendil is a decentralized, censorship-resistant communication network. It allows any two nodes connected to Earendil to communicate freely, even against powerful state-level attackers.
At first sight, Earendil seems similar to existing peer-to-peer onion routing networks like I2P or mixnets like Nym. But it has several distinguishing features:

Robust ban resistance

Earendil resists both type-I censorship (filtering content or users within the network, or filter resistance) and type-II censorship (blocking access to Earendil entirely, or ban resistance). Strong ban resistance is rare in other projects. Even when present, it's generally limited to special-case defenses (e.g. Tor obfuscated bridges) against nation-state firewalls like the Great Firewall of China.
On the other hand, Earendil is designed to work even if the GFW were deployed worldwide. It makes no assumptions as to most of the network existing in the "free world". This is possible because:
  • Earendil traffic is, by default, difficult to distinguish from "normal" network traffic. Furthermore, the protocol used for any particular node-to-node link can be switched out, using a "pluggable transport" architecture similar to those used for Tor bridges, for particular severe network environments (e.g. networks that only allow plaintext HTTP and man-in-the-middle all HTTPS traffic)
  • Earendil routes traffic using a unique "friend-to-friend" routing system that does not reveal information about the entire network to every node, making it difficult for even powerful attackers to compile a list of Earendil nodes useful for surveillance or censorship.

Confederal, non-egalitarian topology

Earendil embraces a confederal rather than classical peer-to-peer architecture. This means that we use a client-server (or "client-relay") distinction for its scalability and usability benefits: users who do not choose so do not have to contribute infrastructure to the network.
But unlike federated protocols like Matrix, we retain strong decentralization through user sovereignty and choice:
  • Clients can switch relays seamlessly, and anyone can run a relays. There's a free and competitive marketplace for relays.
  • Clients do not have to share relays in common to communicate. Relays generate no network effects that lock in their clients.
  • Clients end-to-end encrypt all messages among themselves.

Decentralized, sybil-resistant incentives

Earendil optionally allows every node to set a price that their peers must pay to consume its resources, through cryptocurrency micropayments. This is only possible due to an integration with Astramel, a light-client-centric, privacy-protecting payment channel network built on the Mel blockchain.
Micropayments elegantly solve sybil-resistance (preventing bad nodes from flooding the network), incentives for honest nodes, and DoS resistance. Nodes behaving badly will not be paid by their peers, while honest nodes are incentivized to compete in a free market to provide the best service to their clients. Bad actors attempting to spam Earendil must pay the network accordingly.
This has important advantages over other incentive/sybil-resistance mechanisms, which is explained further in this blog post.

Tunable anonymity/performance tradeoff

Unlike networks like Tor or Nym, Earendil is not intended purely as a privacy-protecting tool. Users are able to freely trade off anonymity against performance. By selecting different route-selection algorithms and mixnet delay distributions, Earendil can be used as any of the following:
  • A ngrok -like NAT-traversal tool with strong ban-resistant network, useful for things like VPNs and phone calls
  • A Tor-like low-latency onion routing network, useful for lower-security darknet websites and the like
  • A Nym-like or even slower high-latency mix network, useful for highly anonymous communication
The best part is that to some extent, the anonymity sets of these use cases overlap, so even the low-latency traffic achieve greater anonymity than possible in a purely low-latency network.
Last modified 2mo ago