Frequently Asked Questions

No. GuardianMesh is infrastructure: guardian relay nodes, directory API, and map/web surfaces. Client apps connect to it.

api.guardianmesh.ca is the canonical directory and telemetry API host.

Use wss://g1.guardianmesh.ca/ws, wss://g2.guardianmesh.ca/ws, and wss://g3.guardianmesh.ca/ws.

Ratchet is the primary client app, available as an Android APK and Windows installer. It provides multi-transport, end-to-end encrypted messaging with BLE mesh, store-and-forward, and offline-first operation.

A developer SDK is currently in development and undergoing internal testing. It will provide building blocks for GuardianMesh-compatible applications — covering crypto, identity, transport, routing, storage, and more. Details will be published when the SDK is ready for public release.

Yes. Sessions are established via X3DH (Extended Triple Diffie-Hellman) and each message is encrypted with the Double Ratchet, providing forward secrecy per message. Group conversations use MLS (RFC 9420) with TreeKEM. No relay, guardian, or intermediary can read message content.

Multiple layers of protection: onion routing wraps bundles in layered encryption with constant-size padding (512 B–64 KB) so no relay knows both sender and recipient. Cover traffic generates constant-rate dummy packets (512 bytes every 2 seconds). Message mixing adds random delays (100–2000 ms) and shuffles batches. Traffic obfuscation via obfs4 (packet scrambling) and meek (CDN tunneling) makes protocol traffic look like normal HTTPS.

Seven transport types plus gateway adapters: WebSocket relay (primary), WebRTC direct peer-to-peer, BLE mesh (Bluetooth Low Energy with multi-hop forwarding), Tor (SOCKS5 proxy with circuit management), LAN discovery (mDNS Zeroconf), satellite gateway, and sneakernet (QR code and file transfer for fully offline scenarios). The adaptive transport scorer automatically selects the best available path.

Devices form a Bluetooth Low Energy mesh network. Messages relay through up to 3 hops by default, with automatic fragmentation to fit BLE packet sizes. If a peer is offline, up to 500 messages are queued locally and delivered automatically when the peer reconnects. Identity is verified via Ed25519 challenge-response with a 30-second challenge expiry. Connections are rate-limited (20 sends/peer/sec, 10 mesh forwards/sec) with a maximum of 7 concurrent BLE connections.

Yes. BLE mesh provides device-to-device communication without internet — messages hop between nearby Bluetooth devices. Sneakernet allows transferring bundles via QR code (HMAC-SHA256 verified) or USB/SD card file export. Satellite and radio (HF/VHF) gateways provide connectivity in remote areas without terrestrial infrastructure.

Guardians earn credits by hosting relay nodes and forwarding messages. Each relay generates an Ed25519-signed receipt proving delivery. Credit weights vary by priority: emergency (100), high (25), normal (5), low (2), bulk (1), with a 2× multiplier for federation boundary crossings. The company purchases these credits from guardians: after a 20% platform fee, the remaining pool is split 50% equally among all guardians and 50% proportional to relay credits. Payout methods are crypto or manual.

Use the website-first Install Wizard for V1 single-host installs, then use Run a Node for advanced manual flows.

Yes, with persisted guardian key and pending bundle store configured. Identity remains stable and pending bundles survive restart.