Protocol Documentation

Technical specification for the decentralized social media protocol

Overview

Deltaverse is built on the principles of user sovereignty, algorithmic transparency, and absolute digital freedom. Our protocol ensures that users own their identity and content, while providing clear, open mechanisms for customizing and understanding how their social feeds operate.

🎯 Core Principles

  • Decentralization: No single point of control or failure
  • User Ownership: Users own their data and identity
  • Interoperability: Seamless communication across instances
  • Privacy-First: Data protection and granular privacy controls
  • Open Source: Transparent, auditable, and community-driven

Architecture

The protocol follows a federated architecture where independent instances (nodes) communicate using a standardized protocol. Each instance maintains its own database and serves its users while federating with other instances.

System Components

👤

Identity Layer

Domain-based identity via profile.json. Supports direct data hosting or delegation to other URLs.

📡

Webfeed Layer

Rolling window feed.json with static chronological archives (feed_N.json).

🔔

Subscription Layer

Ping-based update mechanism for real-time discovery of new content across the network.

🔒

Security Layer

Data protection, signature verification, and content authenticity validation.

Network Topology

Instance A ←→ Instance B
     ↕              ↕
Instance C ←→ Instance D

Each instance:
- Maintains user database
- Stores local content
- Federates with peers
- Validates signatures

Data Structures

profile.json

{
  "handle": "@alice",
  "name": "Alice Barker",
  "bio": "Freedom advocate",
  "delegate": "https://data.example.com/alice/profile.json",
  "feed": "https://data.example.com/alice/feed.json",
  "subscribe": "https://api.example.com/alice/subscribe",
  "publicKey": "ed25519:..."
}

feed.json (Rolling Window)

{
  "version": "1.0",
  "author": "@alice",
  "posts": [
    { "id": 150, "content": "Latest post...", "timestamp": "..." },
    { "id": 149, "content": "Previous post...", "timestamp": "..." }
  ],
  "boosted_posts": [
    "@bob/post/42",
    "@charlie/post/105"
  ],
  "archives": [
    "https://data.example.com/alice/feed_0.json",
    "https://data.example.com/alice/feed_1.json"
  ]
}

feed_N.json (Static Archive)

{
  "id": 0,
  "range": [0, 99],
  "posts": [
    { "id": 0, "content": "The very first post", ... },
    ...
    { "id": 99, "content": "Post number 100", ... }
  ]
}

Federation

Deltaverse uses a simple, efficient ping-based mechanism for federation. Instead of complex protocol negotiations, instances interact through well-defined JSON endpoints and simple notifications.

The Subscription Flow

  1. Discovery: A user's client pulls the profile.json from the target domain.
  2. Subscription: The client sends a subscription request to the subscribe endpoint listed in the profile.
  3. Notification (Ping): When the author updates their feed, their server sends a ping to all registered subscriber endpoints.
  4. Ingestion: Subscribing servers pull the updated feed.json to reflect new content for their users.

📜 Content Rules

  • A profile can delegate its data to any URL
  • Feeds have a maximum of 100 posts per rolling window
  • Archives are static and named predictably for easy mirroring

Security

Cryptographic Foundations

The protocol uses modern cryptographic primitives to ensure security, privacy, and authenticity of all communications.

🔑 Identity Verification

Users are identified by their domain names. The profile.json serves as the source of truth for public keys and data locations.

✍️ Digital Signatures

Posts can be signed using Ed25519 keys to ensure authenticity. Subscribing clients verify these signatures to prevent spoofing.

🛡️ Data Sovereignty

By hosting files on your own domain or choosing your provider, you maintain physical control over your social data.

🔍 Transparency

Every post has a predictable ID and location. Anyone can verify content by fetching the original archive from the author's domain.

Threat Model

Protected Against:
✓ Man-in-the-middle attacks
✓ Content tampering
✓ Identity spoofing
✓ Replay attacks
✓ Unauthorized access

Considerations:
• Instance-level moderation
• Spam and abuse prevention
• DDoS protection
• Privacy metadata leakage