Decentralized Community Communication

Dhawal Ranka

Technical Research Paper · Distributed Systems / P2P · 2025

Decentralized
Community
Communication

A peer-to-peer architecture for privacy-preserving, censorship-resistant social platforms

This paper proposes a fully distributed, peer-to-peer architecture for real-time community communication as a direct alternative to centralized platforms like Discord. The core idea is straightforward: every computer running the application becomes part of the network itself, eliminating the need for any company-owned server to store, route, or mediate communication. The paper examines how mesh networking, distributed state synchronization, end-to-end encrypted voice, and zero-friction onboarding can be combined into a product that ordinary people genuinely want to use.

AuthorDhawal Ranka

ClassificationDistributed Systems / P2P

StatusConceptual / Pre-Implementation

Version1.0, 2025

01 / Problem Statement

The Problem with Centralization

Discord launched in 2015 and within a few years became the default gathering place for communities on the internet. Over 500 million registered accounts, hundreds of thousands of active servers, a product that did something genuinely hard well. It made real-time community communication feel effortless. For gamers, developers, artists, educators and study groups, Discord became the town square of the modern internet.

The problem is not that Discord is a bad product. The problem is what its architecture requires of its users. Every message you send, every voice conversation you have, every community you build, every file you share lives on servers owned and operated by a single private company. That company can read your data, and their privacy policy makes clear they collect a great deal of it. They can remove your community without warning. They can terminate accounts based on policy interpretations that shift over time. They can be compelled by any government with jurisdiction to hand over user information. None of this is unusual or surprising. It is simply what centralization looks like in practice.

Over the past few years Discord has faced criticism on all of these fronts. Communities have been removed overnight. Researchers and journalists have documented how behavioral data flows through the platform. The platform has faced legal scrutiny across multiple countries over how it handles user data, particularly for minors. These failures are not the result of bad intentions. They are predictable consequences of building a social platform on centralized infrastructure and then scaling it to hundreds of millions of people who have no real alternative.

Why People Accept These Tradeoffs Anyway

If the privacy and censorship risks are real and documented, why does the platform continue to grow? The honest answer is that the tradeoffs have always felt worth it. Discord is genuinely easy to use. Setting up a server takes two minutes. Inviting friends takes one click. Voice quality is excellent. The app is polished and fast. Nobody has ever built a decentralized alternative that felt as good to actually use, so people keep accepting the privacy costs because the experience available elsewhere is noticeably worse.

That is the real gap this paper addresses. Not "can we build something more private than Discord" — that bar is easy to clear. The actual question is whether we can build something more private and more resilient that people genuinely want to use. Something that respects user data without feeling like a command-line tool from 2008.

Failure Mode	Description	Severity
Data Collection	User behavior, message metadata, and social graphs stored, retained indefinitely, and potentially subpoenaed or sold.	Critical
Censorship	Servers, accounts, and messages removed at the platform's discretion. Policy changes applied retroactively with limited recourse.	Critical
Single Point of Failure	When Discord goes down, every community on the planet goes down with it simultaneously. This has happened multiple times.	High
Vendor Lock-in	No meaningful data export. Communities cannot migrate their history, members, or structure to any other platform.	High
Monetization Pressure	User behavioral data becomes a commercial asset. Advertising partnerships create fundamentally misaligned incentives.	High
Policy Drift	Terms of service rewritten unilaterally. Communities built over years can become policy violations without any warning.	Medium

A platform that can be compelled to hand over your data, delete your community, or simply shut you down has not given you a community. It has rented you one, on terms it can change at any time.

Building a more privacy-conscious Discord that still stores everything on company-owned servers does not solve the structural problem. It only delays it. The solution requires a different foundational assumption about where data lives and who controls access to it.

02 / Core Idea

Users as Infrastructure

The idea at the center of this paper is simple. Every computer that runs the application becomes part of the network that is the application. There are no company-owned servers storing messages. There are no central machines routing voice traffic. The network is made entirely of the devices people are already running.

This is not a new concept in computing, but it has never been applied to consumer social software in a form that worked well enough for ordinary people to actually adopt it. What this paper proposes is combining the architectural approach that has made peer-to-peer networks like BitTorrent extraordinarily resilient with the product design philosophy that has made apps like Discord, Notion, and Linear genuinely enjoyable to use.

The AirTag Analogy

The best way to understand what this network looks like in practice is to think about how Apple AirTags work. When an AirTag gets separated from its owner, it does not call home to an Apple data center to report its location. It broadcasts a Bluetooth signal. Any iPhone that happens to be nearby, belonging to any Apple user anywhere in the world, silently detects that signal and sends an anonymous, encrypted location report back to the tag owner through Apple's network.

No single iPhone is "the server" in this transaction. Every iPhone is the network. The network is distributed across hundreds of millions of devices, and it works not because Apple maintains expensive dedicated infrastructure to power it, but because every participating device contributes a small slice of its capability to the whole. Apple's role shrinks to maintaining a small relay layer, and the actual work happens at the edges, on people's own devices.

Now apply that same thinking to community communication. When you turn on your computer and open the application, your machine announces to the network that you are online. It reaches a handful of peers it already knows, and those peers pass the word along to the peers they know. Within seconds, everyone in your communities knows you are online, without a single packet of your personal data passing through infrastructure you do not control.

DISCORD TODAY
  [Your PC] ──────► [Discord Data Center] ◄────── [Friend's PC]
                           │
                    stores your data
                    controls your access
                    can ban your community
                    goes down, you go down

PROPOSED ARCHITECTURE
  [Your PC] ─────────────────────────────── [Friend's PC]
       │                                          │
       └── [User C] ──── [User D] ──── [User E] ──┘
                │                          │
            [User F] ─────────────── [User G]

Every node stores, routes, and serves.
More users online means a stronger, faster, more resilient network.

Why This Flips the Scaling Equation

One of the least intuitive properties of this architecture is what happens as the user base grows. On a centralized platform, growth is a problem to be managed. More users means more servers, more bandwidth costs, more infrastructure to maintain. Discord spent hundreds of millions on infrastructure as it scaled, and that cost has to be paid by someone, which is ultimately why centralized platforms need heavy monetization or significant investor subsidies to survive.

In a peer-to-peer network, growth is a feature rather than a liability. Every new user who joins brings their own bandwidth, their own storage, and their own connectivity. The network does not get slower under load. It gets faster and more resilient. There is no infrastructure bill to pay because the users are the infrastructure. This is not a financing trick. It is a genuinely different relationship between the platform and the people who use it.

03 / Network Architecture

How the Network Actually Works

Understanding how a decentralized communication network operates requires thinking through three distinct problems: how peers find each other in the first place, how information spreads once they are connected, and how the system keeps working when individual nodes go offline. Each of these has well-understood solutions drawn from decades of peer-to-peer research and production deployment.

The Three Layers

Layer 1 — Global Peer Discovery via DHT

The first layer is a Distributed Hash Table, or DHT. This is the same technology powering BitTorrent, and it has been running reliably at global scale for over two decades. A DHT is a decentralized lookup system: you can ask it "who is participating in community X?" and it returns a list of peer addresses, with no central server involved in the lookup.

Each peer in the network is responsible for storing information about a small slice of the total key space. When you want to find peers for a specific community, your node computes the community's hash and routes a query through the DHT, hopping from peer to peer until it finds nodes that have stored the relevant peer list. Finding any piece of information in a million-node network takes fewer than 20 hops. The Kademlia algorithm used by BitTorrent has been formally proven to be both correct and efficient, and it is the recommended basis for this system.

Layer 2 — Community Overlay Network

Once your node has found some community peers via the DHT, it forms direct connections with them. Those peers introduce you to other peers in the community, and gradually your node builds up a partial mesh: directly connected to a subset of community members, each of whom is connected to their own subset. You do not need a connection to everyone, just enough paths to reach everyone through a small number of hops.

The community overlay is where messages, presence updates, and community state changes propagate. When any peer produces new information, it fans out through the overlay using a gossip protocol until every online member has received it. The overlay is also self-healing: when a connected peer goes offline, messages route through other paths, and if needed, the DHT finds new peers to replace the lost connection.

Layer 3 — Direct Connections for Voice and DMs

For situations where two specific peers need to communicate directly — a voice call, a direct message, a file transfer — the network establishes an encrypted connection between them using WebRTC. This is the same protocol that powers browser-based video calling. It handles the difficult work of punching through NAT and firewalls automatically. Once the connection is established, data flows directly between the two machines with no intermediary involved at any point.

04 / Protocol Design

Peer Discovery, Gossip and Routing

These three mechanisms form the invisible foundation of the network. Getting them right determines whether the system feels fast and reliable or sluggish and unreliable. Each has a well-understood solution, and the work required is integration rather than invention.

How Peers Find Each Other

A new node joining the network faces a bootstrapping problem: it needs at least one other peer to talk to before it can find any peers at all. This is solved through a layered approach that prioritizes the fastest and simplest options first.

Method	How It Works	When It Applies
Local Network (mDNS)	Broadcasts a discovery packet on the local subnet. Finds peers on the same WiFi network within milliseconds, no internet required.	First priority. Works offline entirely for local networks.
DHT Lookup	Routes a query through the global DHT to find peers registered for a specific community. Fully decentralized once the network has density.	Primary global method once the network is self-sustaining.
Seed Nodes	A small list of always-on minimal nodes baked into the app binary. They only answer "who else is online?" and immediately step aside. Not servers in any meaningful sense.	Cold start fallback. Becomes unnecessary as DHT density grows.
Invite Link Peers	Invite links contain a short list of peer addresses from the person who generated them. Instant bootstrap into a specific community.	Any time someone joins via an invite link, which is the most common new-user path.

The Gossip Protocol

Once peers are connected, information needs to propagate reliably across the community without any coordinator directing the process. When a node receives new information — a message, a presence update, a ban list change — it forwards that information to a random subset of its connected peers. Those peers do the same. The information fans out exponentially until every online member has a copy.

The name comes from how rumors spread in real social networks, which is not a coincidence. The math behind gossip protocols shows that information reaches every node in a network of N peers within roughly log(N) rounds of forwarding. For a community of 10,000 members, complete propagation takes about 13 rounds of gossip, which at typical network latencies translates to well under a second.

  t = 0ms    You send a message
                 │
  t = 5ms    Your node forwards to 6 random peers
                 │
         ┌───────┼───────┐
        A      B      C      D      E      F        │       │       │       │       │       │
  t = 10ms  each peer forwards to 6 more random peers
        │       │
  G H I J K L   M N O P Q R   ...continuing

  t = 30ms   All 1000 online members have received the message.
             Duplicates dropped silently using message IDs.

  No coordinator. No central router. Peers talking to peers.

Bandwidth efficiency is maintained through two mechanisms. Every message carries a unique ID, and nodes track which IDs they have already forwarded, refusing to forward the same message twice. Nodes also use push-pull gossip: rather than forwarding entire messages, they can forward just the message IDs they have seen and let the receiving peer request only the ones it is missing. This cuts redundant traffic significantly in dense networks.

Routing and Self-Healing

Because messages are propagated through the community overlay rather than routed along a specific path, there is no single route that can fail to prevent delivery. If several of your connected peers go offline simultaneously, the message finds alternate routes through other connected nodes. The network heals around failures automatically and continuously. Fault tolerance is not something engineered on top of the system — it emerges naturally from the gossip approach.

05 / Voice Communication

Voice Channels Without Servers

Voice is the hardest component of this system to get right, and also the most important one to get right. Discord's voice quality is genuinely excellent, and any alternative that delivers noticeably worse audio will struggle to win users regardless of its privacy properties. The good news is that the tooling available for peer-to-peer voice in 2025 is very mature.

WebRTC Was Designed for This

WebRTC is the protocol standard powering browser-based video calling. It is used by Google Meet, Whereby, Clubhouse, and dozens of other products serving hundreds of millions of users. What makes it particularly well suited here is that WebRTC was designed from the ground up for direct peer-to-peer media exchange. When two peers establish a WebRTC connection, audio flows directly between their devices over a DTLS-SRTP encrypted channel. No company server receives or processes the audio stream. The peer-to-peer nature of WebRTC is the intended design, not a workaround.

The NAT Problem

The biggest obstacle to direct P2P connections is Network Address Translation, or NAT. Most home internet connections involve a router that sits between your computer and the public internet, assigning your machine a private IP address that is not directly reachable from outside your network. This makes it difficult for two peers to connect directly, because neither knows the other's true public address or port.

WebRTC solves this through a process called ICE, Interactive Connectivity Establishment. Each peer contacts a STUN server, which is a lightweight service that tells the peer what its public IP and port look like from outside its NAT. The two peers exchange this information through a signaling channel and attempt a direct connection. This works for the vast majority of home networks.

For the roughly 15% of users behind stricter NAT configurations — corporate firewalls, carrier-grade NAT — a TURN server acts as a fallback relay. Critically, the TURN server cannot read the content because DTLS-SRTP encryption is end-to-end between the two peers. The relay sees only encrypted bytes passing through. Running a small fleet of TURN servers for fallback cases is the minimal infrastructure footprint this platform genuinely requires, and the cost is low because TURN only handles a fraction of connections.

Scenario	Connection Type	Coverage	Privacy
Standard home NAT	Direct P2P via STUN	~85% of users	Full E2E encryption, no relay
Symmetric NAT or strict firewall	Relayed via TURN	~15% of users	Encrypted in transit, relay cannot decrypt
Same local network	Direct LAN connection	Same WiFi	Never hits the internet at all

Scaling Voice for Large Channels

A full mesh voice connection works well for small groups. With five people in a voice channel, each person sends audio to the other four and receives from all four. Bandwidth scales quadratically: with ten people, each is sending and receiving nine streams. This becomes impractical above roughly eight participants.

For larger voice channels, the system uses a Selective Forwarding Unit pattern. One peer in the channel — elected automatically based on connection stability and upload bandwidth — acts as a relay hub. Every participant sends audio to this peer, which redistributes it to everyone else. This cuts bandwidth requirements for all other participants from proportional-to-group-size down to a constant cost.

The elected relay changes dynamically. If it disconnects, the remaining participants detect this within a couple of seconds and elect a new relay from among themselves. Users experience a brief reconnection moment at most. Even in relay configuration, audio is end-to-end encrypted: the relay forwards encrypted packets and cannot decrypt them.

SMALL CHANNEL (under 8 participants) — direct P2P mesh
  [A] ◄────────────────────► [B]
   │  ╲                    ╱  │
   │    ╲                ╱    │
   ↓     ╲              ╱     ↓
  [C] ◄────────────────────► [D]
            ╲            ╱
              [E] ◄────► [F]

  Direct connections. Minimal latency. No relay.

LARGE CHANNEL (9 or more participants) — auto-elected relay
  [A] ───┐
  [B] ───┤                     ┌─── [G]
  [C] ───┼──► [Relay Peer] ◄───┼─── [H]
  [D] ───┤     auto-elected    └─── [I]
  [E] ───┤     rotates on
  [F] ───┘     disconnect

  Audio encrypted E2E. Relay cannot read content.

06 / Identity and Security

No Accounts. No Passwords. No Database.

Traditional platforms authenticate users against a centralized database of usernames and hashed passwords. This database is a liability. When it gets breached, which the history of internet security suggests is a matter of when rather than if, every user's credentials are potentially compromised at once. The proposed system eliminates this attack surface entirely by replacing account-based identity with cryptographic key pairs.

How Identity Is Generated

On first launch, the application silently generates an Ed25519 key pair. This takes milliseconds and requires no network connection. The private key is stored in the device's secure enclave — the operating system's protected cryptographic storage, the same place that holds biometric data and payment credentials. It never leaves the device and is never transmitted anywhere. The public key becomes the user's permanent identity on the network.

Every message the user sends is signed with their private key. Every peer that receives the message verifies the signature using the public key. This verification is cryptographically guaranteed: only someone who possesses the private key could have produced a valid signature. There is no central authentication server involved. Trust is established mathematically, without any intermediary.

  FIRST LAUNCH (invisible, under 100ms)

  App generates:
    private key  →  stored in system keychain, never leaves device
    public key   →  your identity, shared openly with peers

  Your identity on the network:
    ed25519:7f3a9c2b1e8d4f6a0b3c9d2e5f8a1b4c...

  When you send a message:
    { message + timestamp + your_pubkey }
    └── signed with your private key
       └── signature travels with the message
          └── every receiving peer verifies before accepting
             └── forgery is computationally infeasible

  When you join a community:
    community owner signs { your_pubkey + role + timestamp }
    └── signed credential travels with you
       └── any peer verifies your membership without asking a server

Community Ownership

A community is created by generating a community key pair. The creator holds the private key, making them the cryptographic owner. The community's public key is its permanent identifier: encoded in every invite link, stored by every member, used to verify the authenticity of community settings and moderation actions.

When the community owner makes changes — adding a channel, promoting a member, updating settings — those changes are signed with the community private key. Every peer that receives the change verifies it was made by the legitimate owner without querying any server. Fake community updates are rejected by every peer because the signature does not match.

This has an important implication for resilience. The community does not live on the owner's computer. Every member stores a copy of the community's state locally. If the owner goes offline for a month, the community keeps running on copies held by other members. The owner's private key is only needed when making authoritative configuration changes. Day-to-day operation requires no involvement from the owner at all.

End-to-End Encryption

Messages are encrypted using the Double Ratchet Algorithm, the same protocol that makes Signal conversations secure. The Double Ratchet provides two critical properties. Forward secrecy means that if an attacker compromises your encryption keys today, they cannot use those keys to decrypt messages sent in the past, because each message uses a freshly derived key that is discarded immediately after use. Break-in recovery means that if keys are somehow compromised, future messages automatically re-establish security through a new key exchange. The conversation does not stay compromised indefinitely.

Voice is encrypted via DTLS-SRTP, which WebRTC uses by default. Encryption happens before audio leaves the sender's device, and decryption happens only when it arrives at the recipient. Any relay node or network device between them sees only encrypted bytes and cannot recover the audio content.

07 / State Synchronization

Keeping State in Sync

One of the subtler problems in a decentralized communication system is keeping all peers synchronized on shared state. On Discord this is simple: one database, always authoritative. If two users send messages at exactly the same moment, the server picks an order and everyone sees the same thing.

In a peer-to-peer system, there is no single authoritative database. Different peers might have different views of the world at any given instant, depending on what messages have reached them so far. The system needs a principled way to reconcile differences and converge on a consistent shared state without any coordinator.

What a CRDT Is

A Conflict-free Replicated Data Type is a data structure with a mathematical guarantee: any two replicas can be merged into a consistent result regardless of the order in which updates were applied. You do not need to agree on a canonical order of operations. You apply all the operations, and the CRDT's merge function guarantees that every peer who has seen the same set of operations arrives at the same state.

The simplest example is a set that only supports additions, called a G-Set. If two peers add elements concurrently, merging their states is trivial: the merged set contains the union of all elements. More sophisticated CRDTs handle counters, ordered lists, rich text, and key-value maps, all with the same convergence guarantee. The math behind this is well-established and the implementations are production-tested.

  Peer A (London):                    Peer B (New York):
  ┌──────────────────────┐            ┌──────────────────────┐
  │ #general:            │            │ #general:            │
  │   msg:001  "hey"     │            │   msg:001  "hey"     │
  │   msg:002  "sup"     │            │   msg:003  "hello!"  │  ← B wrote
  └──────────────────────┘            └──────────────────────┘
           │                                   │
           └────────────── gossip sync ────────┘
                              │
                              ▼
  Both peers converge:
  ┌───────────────────────────────────────┐
  │   msg:001  "hey"                      │
  │   msg:002  "sup"                      │
  │   msg:003  "hello!"                   │  ordered by logical timestamp
  └───────────────────────────────────────┘

  No server arbitrated this. Math guaranteed convergence.

What Gets Stored as CRDT State

Essentially everything in a community is represented as CRDT state: message history in each channel, the list of channels, the membership roster, role assignments, community settings, and user presence. When a new member joins, their node syncs current CRDT state from nearby peers and immediately has a consistent view of everything that has happened. When an offline member reconnects, their node syncs changes that occurred during their absence and merges them with any local changes made offline.

That last property, offline operation, is worth emphasizing. Because every peer holds a local copy of CRDT state, you can continue using the application without any internet connection. Messages written while offline are stored locally. When you reconnect, they propagate to the rest of the community and merge correctly with everything that happened in your absence. No messages are lost and no state is corrupted. The convergence guarantee holds across arbitrarily long disconnections.

08 / User Experience

The User Experience Problem

Everything described so far is the easy part. DHTs, gossip protocols, CRDTs, WebRTC NAT traversal — these are all solved problems with mature open source implementations available today. The genuinely hard problem is making a product built on all of this that ordinary people find as natural and pleasant to use as Discord.

This is the reason no previous attempt at a decentralized communication platform has found mainstream adoption. Tox, Retroshare, Jami, Briar — all of them made the engineering work to some degree. None of them solved the experience problem. They exposed network complexity to users. They required manual configuration. They felt like tools built by engineers for engineers, because that is exactly what they were.

The philosophy here is different. The engineering complexity must be completely invisible. A user who downloads this application should never encounter the words "DHT," "NAT traversal," or "CRDT." They should never forward a port, configure a firewall, or understand anything about how the network operates. They open the app, pick a name, click a link, and are in a community. Everything else happens in the background without their knowledge or involvement.

The Silent Boot Sequence

  Application opens
  │
  ├── 1. Generate Ed25519 keypair (first launch only, 40ms)
  │       └── Store private key in OS secure keychain
  │
  ├── 2. Broadcast mDNS discovery on local network
  │       └── Instant peer discovery if any known peers on same WiFi
  │
  ├── 3. Contact STUN server to determine NAT type
  │       └── Decide whether direct P2P or TURN relay is needed
  │
  ├── 4. Register presence in DHT
  │       └── Other peers can now discover this node
  │
  ├── 5. Sync communities
  │       └── CRDT merge of state changes since last session
  │
  └── 6. Begin listening for incoming connections

  Total time on typical broadband: under 1 second
What the user sees: a loading indicator, briefly.

Onboarding in Three Screens

The entire onboarding flow has a hard limit of three screens. Any complexity that cannot fit inside three screens gets hidden behind a settings menu that most users will never open.

Screen	What the User Does	What Happens in the Background
1 / Identity	Type a display name. Pick an avatar color.	Keypair generated and stored. Local profile written. Node registered in DHT.
2 / Join or Create	Paste an invite link, or click "Start a Community."	Invite link decoded. Bootstrap peers contacted. Community state sync begins.
3 / You're In	Land in the community and start chatting.	Full CRDT state synced. Channel history loaded. Voice channels available. Presence announced.

The Invite Link

Discord's invite link is one of the most effective viral growth mechanisms in consumer software history. One click and you are in a new community. The proposed platform replicates this experience exactly, but the link encodes different information underneath.

mesh://join?c=7f3a9c2b&peers=185.12.44.1,94.23.11.8&r=relay.app.io
                    │                    │                     │
                    │                    │                     └── TURN relay fallback
                    │                    └── Bootstrap peer IPs from invite sender
                    └── Community public key (short form)

  User experience after clicking:
    App installs (first time) or opens (returning)
    Community key and bootstrap peers decoded from link
    Connects to listed peers
    Community state syncs in background
    User lands in the community, already connected

  From the user's perspective: click link, you're in.

Three Layers of Interface Depth

The design uses progressive disclosure. Complexity exists but is hidden until someone goes looking for it. The vast majority of users will only ever see the first layer.

Surface Layer (90% of users, all the time)

Community list on the left, icons only with no labels
Channel list, clean text with no decoration
Chat area with messages, reactions, and file attachments
Voice channels with join, leave, mute, and deafen controls
A subtle connection indicator (a green dot when healthy)
No exposed settings. Everything simply works.

Power Layer (accessible but not visible by default)

Community settings, roles, and permission configuration
Member list with moderation and ban tools
Voice codec selection and quality controls
Invite link generation and revocation
Optional IP relay mode for users who want to hide their address
Connection diagnostics for troubleshooting edge cases

09 / Technology Stack

Recommended Technology Stack

Every component recommended here is open source, in active development, and has demonstrated reliability at production scale. The engineering effort required is integration work, not protocol research. Nothing needs to be invented from scratch.

Application Shell

Tauri 2.0

Rust-based desktop framework. Uses the system's native WebView instead of bundling a full Chromium instance like Electron. Results in binaries roughly ten times smaller and significantly lower memory usage. Provides full access to OS APIs including the secure keychain for private key storage.

User Interface

React + Framer Motion

Component-based UI with physics-based animation primitives. Framer Motion enables the fluid, spring-based transitions that make interfaces feel alive rather than mechanical. Well-understood ecosystem, massive component library, best-in-class animation tooling for desktop applications.

P2P Networking

libp2p

The networking library powering IPFS and Filecoin. Handles Kademlia DHT, peer discovery via mDNS and DHT, connection multiplexing, stream encryption, and NAT traversal. Essentially solves the entire P2P plumbing layer so the product team can focus on application-level concerns.

Voice and Real-time

WebRTC + mediasoup

WebRTC for all peer-to-peer audio with built-in DTLS-SRTP encryption. mediasoup as the SFU implementation for large voice channels requiring a relay peer. Both are deployed in production at scale by companies including Cloudflare and Daily.co.

State Synchronization

Yjs

A mature, high-performance CRDT implementation. Handles all shared community state: message history, channel structure, membership, roles, and presence. Supports offline-first operation, efficient binary encoding for network transmission, and real-time sync with awareness of which peers have seen which updates.

Cryptography

libsodium + Double Ratchet

Ed25519 keypairs for identity and message signing. X25519 for key exchange. ChaCha20-Poly1305 for authenticated encryption. Double Ratchet algorithm for forward-secret message encryption. libsodium is the most widely audited cryptographic library available and has been in production for over a decade.

NAT Traversal Fallback

Coturn

Open source STUN and TURN server. Runs on minimal VPS infrastructure. Handles the roughly 15% of connections that cannot establish direct P2P due to strict NAT. Does not decrypt content — it relays encrypted packets for peers that cannot reach each other directly.

Local Storage

SQLite via Rusqlite

Embedded database for local message cache, peer address book, community metadata, and media. Zero-configuration, no separate process, works entirely offline. Rusqlite bindings provide safe, idiomatic access from Tauri's Rust backend with no runtime overhead.

The Minimal Server Footprint

In the spirit of honesty: this platform is not 100% serverless on day one. A small amount of infrastructure is genuinely required, and it is worth being specific about what it does and why it exists.

Component	Purpose	Cost Estimate	Privacy Impact	Can It Go Away?
Bootstrap Seed Nodes	Help new nodes find their first peers before the DHT is self-sustaining	~$20/month	Sees connection requests only, no message content	Yes, once network has sufficient density
TURN Relay Servers	Fallback for the ~15% of users behind strict NAT	~$50/month at small scale	Sees encrypted bytes only, cannot decrypt	Partially — power users can self-host
App Update Server	Distribute signed application updates to users	GitHub Releases (free)	Knows you downloaded an update, nothing else	No, but it is irrelevant to privacy

None of these components store messages, community data, voice audio, or user personal information. They are infrastructure glue, not data silos. Each can be self-hosted by technically sophisticated users or communities who want zero dependence on the application developer's infrastructure.

10 / Hard Problems

Hard Problems and Honest Mitigations

This paper would be misleading if it presented the proposed architecture as solving every problem cleanly. Several genuine engineering challenges exist and deserve honest treatment rather than hand-waving. Each one is solvable, but none of them are trivial, and building this product requires understanding where the difficult work actually lives.

Challenge	Why It Is Hard	Mitigation	Severity
IP Address Exposure	Connecting to a community means sharing your IP address with community members. A bad actor could log IPs or target users directly.	Optional relay mode where users route through a volunteer peer to hide their real IP. Users can run their own relay nodes. Onion routing integration is a longer-term option.	High
Community State When Owner Is Offline	The community private key is held by the owner. When they are offline, no one can make authoritative configuration changes.	Day-to-day operation does not require the owner. The community runs on CRDT state held by all members. Admin changes simply require the owner to come online, which is acceptable for configuration tasks.	High
Moderation at Scale	Centralized platforms delete messages and ban users across all clients instantly. In a P2P system, a banned user's data may already be cached by peers who have not yet received the ban signal.	Ban lists signed by the community key propagate via gossip. Peers that receive a ban retroactively suppress the banned user's messages in their local view. Not instantaneous, but effective within seconds for online peers.	High
History Sync for New Members	A new user joining an active community needs to sync potentially a large volume of historical message data from peers.	Yjs supports incremental sync and compression. New members sync from the nearest peer with the most complete history. Messages older than a configurable threshold are archived and requested on demand rather than synced automatically.	Medium
Large File Sharing	Sending a large video file over the gossip protocol would generate enormous redundant bandwidth usage across the community overlay.	Files are chunked and distributed via a BitTorrent-style protocol. The message contains a hash and metadata. Interested peers download directly from the sender or from other peers who already have the file cached.	Medium
Voice Quality Variability	User devices vary wildly in upload speed, CPU, and network stability compared to Discord's consistent data center connections.	Adaptive bitrate codec selection via Opus, which supports 6kbps to 510kbps. Per-connection jitter buffer tuning. Graceful quality degradation rather than disconnection when bandwidth is constrained.	Medium
Cold Start for Small Communities	A community with only two members and both offline has no state available for a third person trying to join via invite link.	Community state can optionally be anchored to a seed node that stores the most recent snapshot and serves it to new joiners. The seed node never receives encryption keys and cannot read message content.	Medium

11 / Prior Art

What Has Been Tried Before

The history of decentralized communication software is a long record of technically competent products that failed to find mainstream adoption. Understanding why they failed is more useful than cataloguing their features.

Platform	Architecture	Voice	UX Quality	Status
Discord	Fully centralized	Yes, excellent	Excellent	500M+ users, dominant
Matrix / Element	Federated (servers talk to servers)	Yes, adequate	Adequate	Active, strong niche adoption
Tox	Fully P2P, DHT-based	Yes	Poor	Largely stagnant
Jami (formerly Ring)	P2P with DHT discovery	Yes	Poor	Active, very niche
Session	Decentralized node network	No	Adequate	Growing among privacy-focused users
Retroshare	Friend-to-friend P2P	Yes	Poor	Niche, mostly stagnant
Briar	P2P, Tor-routed	No	Functional	Active, security and journalism focused
This Proposal	Full P2P mesh with gossip	Yes, WebRTC	Target: Discord-level	Pre-implementation

Why Tox and Jami Failed at UX

Exposed network concepts directly to users. Tox IDs are 76-character hex strings. Jami's account system requires understanding what a SIP account is.
No community or channel metaphor. Both are fundamentally contact-list applications. Discord users think in servers and channels, not contact lists.
Visually dated and inconsistent design that communicated "developer tool" rather than "consumer product."
Painful initial setup requiring manual configuration steps that Discord never asks anyone to perform.
No viral growth mechanism. No invite links. Growth required manually exchanging complex IDs through external channels.

What This Approach Does Differently

All P2P and cryptographic complexity is invisible. Users pick a name and join a community. That is the complete mental model required of them.
Full community metaphor with servers, channels, roles, and permissions. The user's existing Discord mental model transfers directly.
Design is treated as a first-class engineering concern from day one, not an afterthought applied after technical completion.
Three-screen onboarding with a hard cap. No configuration required before the user can be in a community and chatting.
Click-to-join invite links as the primary growth mechanism, working identically to Discord's from the user's perspective.

A Note on Matrix

Matrix deserves separate treatment because it is the most technically serious prior attempt at decentralized communication. Matrix's federated architecture means anyone can run a Matrix homeserver, and homeservers talk to each other to form a network. This is meaningfully better than centralized Discord. But it still requires someone to run a server, which means there is still a point of control and a point of failure. A Matrix server can be taken down, legally compelled to hand over logs, or simply shut down when someone stops paying the hosting bill.

The proposed architecture goes further: no server required at all, just users. Additionally, Matrix's primary client Element has improved substantially but still falls short of Discord in terms of raw polish and ease of use. The bar to clear is Discord's UX, not Element's.

12 / Build Roadmap

Build Roadmap

The proposed implementation is structured in phases, each of which delivers a working and testable product. No phase requires the completion of a later phase to provide value. This matters because it means early testing with real users can begin within a few months, and the architecture can be validated against real usage before committing to the full build.

Phase 012 to 3 months

Foundation — Identity, P2P, Text

Build the Tauri application shell. Implement Ed25519 identity generation with secure keychain storage. Integrate libp2p for peer discovery via local mDNS and DHT. Build basic text messaging over encrypted P2P channels. Implement the minimum viable community and channel data model using Yjs for state sync. Build the onboarding flow and a functional channel UI.

Target outcome: two users on separate machines on different networks can find each other, form a community, and exchange messages without any central server involved at any point.

Phase 021 to 2 months

Voice — WebRTC Integration

Integrate WebRTC for voice channels. Implement STUN-based NAT probing and automatic TURN fallback. Build push-to-talk and voice activity detection. Add per-user audio controls and visual speaking indicators. Implement the SFU election protocol for groups above eight participants, with automatic re-election when the current relay disconnects.

Target outcome: voice calls work reliably across different network configurations, including corporate firewalls and carrier-grade NAT, without any manual configuration by the user.

Phase 031 to 2 months

Communities — Full Feature Set

Implement full community creation with cryptographic ownership. Build invite link generation and decoding. Add role and permission system with cryptographic signatures. Implement ban lists and moderation tools. Build message history sync for new members joining existing communities. Add file sharing via chunked P2P transfer with BitTorrent-style peer redistribution. Add emoji reactions and basic rich text formatting.

Target outcome: functional parity with Discord's core community features, without any servers involved in storing or routing community data.

Phase 041 month

Polish — Design and Onboarding

Full design system implementation with the hyper-minimal aesthetic. Framer Motion transitions and micro-interactions throughout the interface. Finalize the three-screen onboarding flow with a hard cap on steps. Build the connection health indicator. Implement auto-update pipeline via Tauri's built-in updater. Code signing and notarization for macOS and Windows. Closed beta distribution to test users.

Target outcome: a new user can download the application and be actively chatting in a community within 60 seconds, with zero manual configuration required at any point.

Phase 05Ongoing

Scale and Ecosystem

Mobile clients for iOS and Android. Optional IP relay mode for users who want to hide their address. Community discovery layer so users can find public communities to join. Plugin and extension API for community customization. Screen sharing via WebRTC data channels. DHT seeding program to reduce dependence on bootstrap seed nodes as the network matures. Accessibility improvements and localization into additional languages.

13 / Conclusion

A Private Internet, Shaped Like Discord

Every technical component described in this paper exists today, is open source, and has been proven to work at scale in real production environments. The DHT algorithms proposed for peer discovery are the same ones that have routed billions of BitTorrent connections for over two decades. The WebRTC voice protocols are embedded in every modern web browser and used daily by hundreds of millions of people. The CRDT data structures handling distributed state consistency are used in collaborative tools serving millions of users. The cryptographic primitives providing end-to-end privacy are the ones protecting Signal conversations globally.

The challenge in building this is not engineering research. Nobody needs to invent a new protocol or prove a new theorem. The challenge is product design and integration: taking all these mature, well-understood components and assembling them into something that ordinary people find as natural to use as Discord, without any of the privacy compromises Discord requires of its users.

That is the gap in the market. Tox proved P2P communication works. Jami proved DHT-based discovery works. Matrix proved that a meaningful portion of the population wants an alternative to centralized platforms. None of them proved you can do all of this and deliver a product that a non-technical user finds genuinely enjoyable. That proof of concept has not been built yet, which is what makes it worth building now.

The internet was designed to be decentralized. A network of peers, routing around failures, with no single point of control. Somewhere between 1995 and 2015, the social layer of the internet forgot this. The platform proposed in this paper is a return to that original design, built to the product standards of 2025, for people who should never need to understand any of it.

The timing is favorable in a way it was not five years ago. Public trust in centralized platforms has declined as data breach after data breach, ban after ban, and policy change after policy change have made the costs of centralization concrete rather than theoretical. The audience for a genuinely private, genuinely resilient community platform exists and is growing.

What that audience has been waiting for is something that does not ask users to care about the underlying technology in order to benefit from it. A platform whose privacy properties are a consequence of its architecture, not a feature the user has to consciously enable. Something unstoppable that happens to feel like the apps people already love.

That is what this paper proposes to build.

Dimension	Discord	This Platform
Data Ownership	Discord's servers, their control	Your device, your control
Censorship Resistance	None. TOS violations remove communities instantly.	Structural. There is nothing to take down.
Government Compliance Risk	High. Subpoenas compel data handover.	Near-zero. No central data store to subpoena.
Platform Downtime	Their outages become everyone's problem	Failures are isolated to affected peers only
Infrastructure Cost	Hundreds of millions in annual spend	Near-zero, absorbed by the user base
Scalability Model	More users require more servers	More users strengthen the network
Data Portability	Effectively none	Complete. Users hold their own data.
Setup Friction	Near-zero	Target: near-zero, no exceptions

DecentralizedCommunityCommunication