Show HN: s@: decentralized social networking over static sites
remywang
164 points
63 comments
March 12, 2026
Related Discussions
Found 5 related stories in 48.5ms across 3,471 title embeddings via pgvector HNSW
- Show HN: I built a message board where you pay to be the homepage SayThatSh · 13 pts · March 17, 2026 · 59% similar
- Show HN: I built a frontpage for personal blogs ramkarthikk · 696 pts · April 03, 2026 · 58% similar
- Show HN: Open-source distributed quantum compute network cadillion · 11 pts · April 02, 2026 · 57% similar
- Show HN: I built a P2P network where AI agents publish formally verified science FranciscoAngulo · 35 pts · March 19, 2026 · 56% similar
- Show HN: Heartbeat – A simple public page for your real-world and online status ipster_io · 12 pts · March 30, 2026 · 56% similar
Discussion Highlights (20 comments)
superkuh
satproto's implementation involves complex cryptographic signing and that makes it very not static. One needs to run a program of some sort to use satproto. The only static part is that the json that's operated upon. This is not true of indieweb's web mention: https://indieweb.org/Webmention It just uses HTTP POST (like pingback/trackback/etc, except it has a second step verifying the page sending the webmention actually has a link to a URL on the website). You can them them with a browser or cURL or some complex backend script. Receiving them is as easy as logging POSTs to a specific URL endpoint or even using someone else's community backend your site interfaces with via javascript (ie, https://webmention.io/ - not static since it uses JS). Or anything in between. Totally decentralized and very simple. I implemented a simple nginx POST logging format in the config to receive on my static site. And HTML forms on my static site can send. http://superkuh.com/blog/2019-12-11-3.html
dharmatech
See also org social: https://github.com/tanrax/org-social
est
Seems a bit complicated. Why not use git for social networking ;) https://github.com/est/gitweets
Retr0id
I wish I could share a graph of my eyebrow height over time as I read through this part: > sAT Protocol (s@) is a decentralized social networking protocol based on static sites. Each user owns a static website storing all their data in encrypted JSON stores.
vexnull
Interesting approach. The static-site constraint is clever for self-sovereignty but I wonder how feed aggregation scales once you follow more than a handful of people - you're polling N sites with no push mechanism. Nostr solved the discovery/aggregation problem with relays but introduced its own tradeoffs (relay trust, spam). This sits at the opposite end - zero infrastructure dependencies but O(N) polling. Feels like there's a middle ground waiting to be found.
koolala
Signed JSON reminds me of Nostr. I wish Nostr was somehow more mainstream.
_pdp_
Long ago there was this thing called foaf https://en.wikipedia.org/wiki/FOAF and also https://en.wikipedia.org/wiki/Pingback ... it was the closest I've seen to completely decentralised social media.
extraduder_ire
Seems like a missed opportunity to not put a /satellite/satproto.json file on that site.
evbogue
This obviously needs some iteration on the protocol design as other commenters have mentioned, but I'd still be up for partnering up over here at https://anproto.com/
neilv
> By convention, the client looks under /satellite/ by default. If that path is already taken, place a satproto_root.json file at the domain root containing { "sat_root": "my-custom-repo" } — the client checks this first. Would a `/.well-known/` be helpful here? https://en.wikipedia.org/wiki/Well-known_URI
flaxxer
Nostr https://nostr.com/
givemeethekeys
This needs a YouTube demo video.
MattCruikshank
Amazing. I'm building almost the exact same thing. I'll share mine when it's mature enough. :D
kennywinker
This suffers from the same problem that so so so many alternative social, federated, self-hosted ideas suffer from. Matrix, keybase, pgp, etc. It’s too dependant on encryption. Yes, it’s a cool technical feat that stuff can be in the open but also private - but: 1. I want to be able to follow my freinds if my phone dies and i have to get a new one. 2. I am very technical, and idk exactly what a X25519 keypair is. I would like for people to come up with more stuff like this that is designed for small communities but not for very secure communication. Like I want something where it’s secured by a username and password, that i give to a server i am registered with - and that server handles the encryption business. If the server rotates keys, that’s for the admin to figure out and exchange keys with sibling servers. Idk I’m just making up specifics but this is the kind of ethos i think is needed to make things that can be successful with non-technical people in a way that can unseat big tech. In case i sound too critical - this is cool. It just isn’t something i can use with family and friends to replace facebook or even email.
lovvtide
Funny to see people mention nostr https://satellite.earth/ (Satellite nostr client) https://nsite.run/ (literally static sites on nostr)
theamk
> The private key is stored in the browser’s localStorage. Woah.. when will those people learn? _Any_ browser storage is unreliable. Anything goes wrong with your web experience? Clear browser settings. Make new profile. Re-install browser. The browser's localStorage is not a replacement for filesystem. It cannot be backed up, it is super volatile, and it should _never_ be used for anything important. It's one of those "worst of both world" cases, where malware can access it with no problem, while legitimate backup programs are locked out. (And yes, the post mentions "new device" flow, but how many people would (1) remember to export their private key and (2) won't lose it with their device? I bet in practice people will use the network until the first time localStorage is lost, and then they will get annoyed that their feeds are lost forever, and will likely leave the network for good)
Goofy_Coyote
Very interesting idea, love the simplicity. Question about this: “Threads are positioned in the timeline by the original post’s created_at; replies within a thread are sorted by their own created_at ascending.” Does this mean, I, as the person replying to the post can manipulate my reply time to say, 3 minutes before person X’s reply? If so, I can imagine a few adversarial ways of (ab)using this. I understand this is more for friend groups, just curious if my understanding is correct.
wordglyph
have you considered Replace X25519 with a post quantum cryptography key encapsulation mechanism like kyber or saber?
brunoborges
OctoTown: https://octotown.github.io/
Uptrenda
The client fetches the pub key off the server which is decentralized? There's no part in the protocol that authenticates whether or not a pub key is legit. If its replaced by an attacker and someone subsequently goes to fetch a key they can read those messages. I mean, pub key infrastructure is meant to solve that. With SSL and such... that's why you its a federated chain of certificates with providers vouching that names = pub keys. This is a very common problem. There is potential to possibly make this more decentralized with smart card technology. Like imagine a smart phone with access to pub keys in the hardware tied to an account cryptographically. Then you can say something like phone number = subscriber = pub key. Encrypted messaging apps seem to bootstrap off of ownership for numbers in the mobile system (mobile system security is very bad so there are dragons here.) The other apps like pidgin with OTR plugins they have unique phrases that help with the issue. When you start looking at decentralized pub key infrastructure tied to human-meaningful names you start to run into zookos triangle: https://en.wikipedia.org/wiki/Zooko%27s_triangle human-meaningful, decentralized, secure -- pick two