Architecture

Anatomy of an un-takedownable network

Follow it top to bottom: many independent doors, one content-addressed app, a mesh of peers, and the chain. Only the bottom two must always run — everything above is replaceable.

Must run — peers & chain
Content-addressed — portable, no host
Removable — central, not load-bearing
01

Doors

— how a person arrives. Any one is seizable; the rest stay open.
DNS + DNSLINK

voiceban.io / .com

A _dnslink TXT record points at the CID. Spread across registrars — seize one, others remain.

ENS

voiceban.eth

An on-chain contenthash → the CID. No registrar, no ICANN.

HANDSHAKE

HNS name

Resolves outside the DNS root entirely — a different naming system.

RAW CID

/ipfs/<cid>

Any gateway, or your own node. Zero naming required at all.

all point to one CID
02

The app

— one content-addressed bundle, pinned by the nodes themselves.

Frontend + Explorer = one IPFS CID

Self-verifying. Loads from any door, any gateway, or your local cache. After first load the PWA runs on-device — there is no host to seize.

/ipfs/bafy…voiceban
discover a node · IPNS
03

The node mesh

— the only thing that must always run. Peers, distributed, no single point.
PEER
validator node
PEER
validator node
PEER
validator node
PEER
full node
read & write the ledger · WSS RPC
04

The chain

— the shared ledger every node agrees on.

Substrate runtime · VBAN

Holds every balance and all social data (posts, profiles, groups, follows). BABE produces a block ~every 6s; GRANDPA finalizes it. Validators bond VBAN to secure it. This — plus the peer mesh above — is the only part that must always run.

The point of the whole stack: everything in the top two layers (domains, gateways, the app bundle) is replaceable or content-addressed — seize any of it and the network reroutes. Only the peer mesh + chain are load-bearing, and those live on independent machines with no single owner. There's no front door to seize.