March 11, 2026
Brows furrow, forks fly
Show HN: s@: decentralized social networking over static sites
DIY ‘friends‑only’ social sparks static‑vs‑crypto slapfight
TLDR: s@ proposes a DIY, friends‑only social network stored on your own website with no servers, using encryption and your domain as identity. Commenters are split: some call it overcomplicated and point to Webmention, Nostr, or even Git‑based hacks, while others praise the privacy‑first, influencer‑free vibe — a tug‑of‑war over simplicity vs control
Meet s@: a build‑it‑yourself social network that lives on your own website, stores your posts as encrypted files, and refuses to play the influencer game by only showing posts between mutual followers. No central servers, just your page and your friends’ browsers. The dev says it’s simple; the crowd says, “define simple.”
The hottest take came fast: one commenter called it “very not static,” arguing that all the crypto and signing means you’re basically running an app, not a plain web page. Old‑school indie web fans waved the Webmention flag, saying you don’t need heavy encryption to talk across blogs. Others tossed in alternatives like org‑social and the delightfully chaotic “why not use git for social networking” idea — because nothing says friendship like merging pull requests.
Skeptics brought the memes: one reader joked they needed a chart of rising eyebrows as they read “encrypted JSON on static sites,” while another sighed that the signed‑message vibes feel like Nostr and wished that scene would finally go mainstream. Still, there’s genuine intrigue: a private, “for your circle only” network where identity is just your domain and everything runs in the browser sounds refreshingly drama‑free — until you try explaining key rotation to your group chat.
Bottom line: s@ is pushing a privacy‑first, friends‑only vision — and the community is split between “cool experiment,” “over‑engineered,” and “couldn’t git just do this”
Key Points
- •s@ is a decentralized social networking protocol running over user-hosted static sites, with no servers or relays.
- •Identity is the user’s domain, authenticated via HTTPS/TLS; discovery occurs at /satellite/satproto.json containing protocol version and public key.
- •All data is stored as encrypted JSON; posts are encrypted with a symmetric content key (XChaCha20-Poly1305) and shared via per-follower sealed boxes using libsodium.
- •A self key (keys/_self.json) stores the content key and publishing secrets in a sealed box for account recovery; private key stays in browser localStorage.
- •Key rotation on unfollow re-encrypts posts and updates follower key envelopes; a GitHub Pages-based sample demonstrates hosting, though the protocol is hosting-agnostic.