(1) In Proto-, Old, and Middle Orth, a small bag or basket, netlike in its construction.
(2) In early Praxic Orth, a gridlike network of lines or fine wires on an optical device.
(3) In later Praxic and New Orth, two or more syntactic devices that are able to communicate with one another.
(1) When not capitalized, a reticule formed by the interconnection of two or more smaller reticules.
(2) When capitalized, the largest reticulum, joining together the preponderance of all reticules in the world. Sometimes abbreviated to Ret.

—THE DICTIONARY, 4th edition, A.R. 3000

Anathem, by Neal Stephenson

Reticule is a decentralized communication system, on top of which messaging applications can be built. It protects users from spam, harassment, and walled garden captivity.

Decentralized messaging

Since Reticule is decentralized, there’s no user database, no table containing every user’s name, hashed password, and privacy settings. Instead, Reticule uses Ed25519 public key cryptography to establish and maintain user identities. A new user creates a 32-byte secret key from random data, which is then used to generate the corresponding public key. A user’s unique identifier is this public key, not a handle or email address.

(See Arcsign for a proof-of-concept application of Ed25519 signatures.)

Similarly, instead of checking passwords, authentication relies on digital signatures. A typical social networking service requires you to sign in for various user-privileged operations:

Users need to know who sent a particular message. For messages in a self-contained messaging service, you know who the sender is because the service tells you. The service knows because the user signed in with the correct password.

In Reticule, all messages are digitally signed. Messages that lack valid signatures or are otherwise malformed are silently dropped. Since messages can’t be forged (to appear as though sent by someone else), there’s no need for an outside party to verify the sender or otherwise intermediate.

Messages you’ve received are stored locally on a machine you control. You don’t need to sign into a website to see them. Similarly, account settings such as which events elicit notifications are up to the client application.

Public profile information, possibly including any of full name, credentials, contact details, headshot, or catchphrase (or anything else), is distributed on hypercards. Every hypercard lists the public key of the identity to which it refers, and bears a digital signature verifiable by that same key. Again, no trusted third party is required for verification.


The various social networking services handle "friend" relationships in different ways. Aside from the key question of whether friendship is necessarily symmetrical or not, friendship has various behaviors, even within a single service. On Twitter, following another user has all of these effects:

To summarize, this fact is shared with others as follows:

Reticule offers a much more granular approach. Although sometimes you’re proud of your taste in musicians (or infosec thought leaders) and wish to announce it to the world, in many other cases this is overkill. Activists are better off keeping their social network graphs to themselves instead of making it trivial for surveillance agencies to trace them. Targets of harassment should be sharing as little information as possible beyond their circles of friends. A political or corporate staffperson might want to keep tabs on an opponent without leaving any footprint at all.

In Reticule, you can anonymously download a message feed (e.g. over Tor) and view only those you care about, based on whatever rules you wish, which are kept private, local to your client. (If you want to publicly endorse your favorite users, you can do so with hypercards.)


Reticule is, by default, pseudonymous: Since every message requires a signature, the minimum effort is to generate one keypair and use it for all messages. Other users may not know who (or what) user 24d6f895e0876fdfc07f246d163c232349d3d4f3dcb5e5878df7b4766ede48b7 is, but they’ll know which messages are from it and which aren’t. Usually, even pseudonymous users will want to attach a human-readable display name. However, sometimes even less identity is called for, in communities that prefer to be anonymous.

There are two approaches to anonymity in Reticule. One option is to sign every message with a different key, which is thrown away immediately. This gives you deep anonymity — there’s no way to know upfront whether the sender is even trying to be anonymous, or is just someone you don’t know yet. Another option is branded anonymity: A single keypair is generated, and then the secret key is published. This allows anyone to post messages using that identity. In this sense, messages are anonymous because you don’t know who actually sent them, but you know for a fact that they’re anonymous (because the secret key is public), and you know which Anonymous identity is in use.

The recommended default for most users is to ignore anonymous messages. (Trust me on this one.)


It would be naive and negligent, in this decade, to design a system that connects arbitrary sets of humans without accounting for their capacity and eagerness to harm each other. From spammed ads to personal attacks, we have numerous ways to aggravate and distress other users and compromise their enjoyment of the system.


Spam messages come in various forms. While commercial advertisements are the most innocuous, they are often also the most abundant. While lacking the technological or psychological risk of malware and death threats, unsolicited ads are annoying nonetheless, at best wasting our time and attention, and at worst reminding us that our informational border security is weak — if an encyclopedia salesman can make his way into your living room, so can a burglar.

Spam also includes money fraud campaigns such as 419 scams. They’re financially damaging to their victims, and irritating to those who know better. The same pattern applies to malware.

Email spam has been an issue for decades. It’s manageable now thanks to good filters, but that mainly helps end users — the message was routed to your spam folder instead of your inbox, but blocking it at the source is rare. The fundamental problem is that email messages are unauthenticated, so you can’t block a specific sender. You can block spam accounts on social networks, but this is opt-out after the fact.

Reticule messages are all digitally signed. With the recommended default of ignoring messages from unrecognized senders, spam will never be seen. If the effectiveness rate of spam drops to zero, it won’t be sent, either.


So what messages do you see? Those from people you know.

The first way Reticule users get will connected is in person. Mostly this will involve smartphones, though any programmable device will work. The most straightforward method is exchanging QR codes. This requires only a camera, and doesn’t leak any data (or even metadata) over radio signals. (The Android app Barcode Scanner already does this to import and export contact records.) More ornery users might use ethernet-equipped laptops.

Long-distance friends might exchange keys by reading them over the phone (if they’re advanced users), or using PGP-signed email (if they’re arcane masters). The less technologically adept will tend to rely on network effects created by the wizards. If Alice knows Bob, and Bob knows Chris, then Alice knows that Chris is not some random stranger, and vice versa. Bob can generate a hypercard stating that he vouches for Chris' identity, signed with Bob’s secret key — an ad hoc credential — and send it to Alice. Alternatively, Chris' employer might provide Chris with an official credential stating "Chris is an engineer at Acme, Inc." (signed by Acme), and provide her a copy that she can send to whomever she wishes, whenever she likes.

These credentials, and the credibility they establish, are known as cred. Cred determines whose messages are seen by whom, and with what priority. An invitation to go dancing might be worth interrupting hack night; details about Acme’s new, thinner anvil (available in rose gold!) can probably wait.