Under the Floorboards

When people first encounter HPPR—every packet hashed, every author signed, every group membership explicit—two reactions come up reliably:

  1. “If everything is signed, everyone can be tracked.”
  2. “If it’s fully distributed, bad actors can coordinate freely.”

Both reactions feel like discovering something dangerous. They are not. They are discovering something that was already true.

You Are Already Being Tracked

Every HTTP request you make is logged. The server records your IP, your headers, your timing, your patterns. The ad network correlates this across sites. The platform builds a profile. The CDN sees your traffic. Your ISP sees your DNS queries.

None of this is visible to you. The tracking happens on the server side, in systems you cannot inspect, governed by policies you did not read, changed without notice. The data exists. You just don’t see it.

HPPR makes authorship explicit: a signature in the packet, visible to anyone who reads it. This feels more exposed. It is not. It is more honest.

The HTTP model gives you the comfort of not knowing. The server knows exactly who you are. You know nothing about what the server knows. The asymmetry is the product.

A signed packet is symmetric. You know what you signed. Others know you signed it. The relationship is visible to both sides.

If you want to publish unsigned data, HPPR has Blobs. A Blob is raw bytes with a hash. No author, no coordinate, no metadata beyond length. The protocol does not force signatures on anyone. But when signatures are present, they are in the packet—not hidden in a server log you cannot access.

They Are Already Off the Forums

The concern about distributed systems enabling coordination among bad actors assumes those actors are currently limited by centralised platforms.

They are not. Organised criminals, extremist cells, and state-sponsored groups left the public internet years ago. They use encrypted messengers, private infrastructure, dead drops, and purpose-built networks. They do not coordinate on platforms where a content moderation team might notice.

Public forums catch casual offenders. The determined ones routed around centralised control before HPPR existed. Before the internet existed. The idea that a protocol choice is the barrier between order and chaos gives the protocol too much credit.

What centralised platforms actually control is ordinary people. They decide what you can say, who you can reach, and what you can see. They exercise this control unevenly, opaquely, and at scale. The beneficiary is the platform.

The Feeling

The discomfort people feel when confronted with signed, distributed data is real. It deserves a name: it is the feeling of a comfortable abstraction being removed.

The abstraction is that your data is private because you cannot see who has it. That bad actors are contained because you do not encounter them. That the internet works as described because the description is all you see.

At time of writing—2026—the internet is already deeply compromised. Your browsing history is a commodity. Your identity is inferred from metadata you never chose to share. Your communications traverse infrastructure that records first and asks questions never.

HPPR does not create these problems. It makes some of them visible. Visibility is uncomfortable. It is also the first requirement for doing something about it.

Not Every Model

HPPR does not cleanly fit every application model. It is not trying to.

HTTP started as a way to serve files. Later came CGI, then application servers, then the entire backend industry. The protocol did not prescribe any of this. It provided a request-response structure and got out of the way.

HPPR’s hierarchical coordinate layout—group, app, location—maps naturally onto a filesystem. Packets can be stored as files in directories. But they do not need to be. A repository can back its storage with a relational database, a key-value store, or a purpose-built engine optimised for its workload. The packet format defines what the data looks like, not how it is kept. High-performance servers with specialised storage are as valid as a directory of files.

Orthogonally, HPPR gives you the option of distribution. You can run a single server and treat it like HTTP with better integrity. You can replicate across continents with group membership spanning independent repositories. Both are valid. The protocol does not push you toward either.

Designing distributed systems is difficult regardless of the abstraction underneath. Consistency, availability, partition tolerance—the constraints do not change because the packet format is different. HPPR does not solve distributed systems. It provides primitives: content-addressed packets, embedded signatures, explicit group membership, prefix-matched access control. These are powerful and assume little. What you build with them is your problem.

The feeling that HPPR should prescribe more—should tell you whether to centralise or distribute, should choose your storage engine, should define your replication strategy—is the feeling of a framework being absent. That absence is deliberate.

What Changes

In HPPR, you choose what to sign. An unsigned Blob is anonymous by construction. A signed Seal is attributed by construction. The decision is yours, made per-packet, visible in the packet itself.

Groups are explicit. Membership is a packet you can read. Access rules are prefix matches you can inspect. There is no algorithm deciding what you see. There is no shadow policy governing who can reach you.

The machinery is exposed. That is the point.