🌐 Spyder Net is Nexxus's federated mesh of Virtual Servers (VS).
Each site is its own sandboxed VM hosting nexxus:// pages.
No DNS roulette · no certificate authority cartel · no http vs https split.
Just one address scheme. One trust root. One mesh.
Traditional websites are files on someone's server, addressed by DNS, secured by a TLS certificate issued by a corporate gatekeeper. A VS is the opposite of all of that.
Spawned inside the Kissmar substrate as an isolated guest. Filesystem, network, memory all sandboxed. A buggy VS can never reach the user's host or another VS.
nx-kissmar::SubstrateConfig::vs()
And much more — WebSocket, peer-to-peer streams, NXL apps, post-quantum-encrypted feeds. Same surface as a website, plus everything HTTP can't do.
nx-net::vs::serve()
Every VS is reachable via nexxus://<handle>. No DNS, no IP, no port.
The Spyder Net mesh resolves the handle to a substrate node. Same scheme for every page,
forever.
nexxus://saus.world
No Let's Encrypt, no DigiCert, no GoDaddy. Each VS publishes a hybrid Ed25519 ⊕ ML-DSA-65 attestation key. Resolution is trustless — you verify the substrate, not a paid-for certificate.
nx-security::attest::verify()
Same job — radically different trust model. Every line that says "yes" on the Web column is also a known attack surface.
| Capability | 🌐 Traditional Web | 🕷️ Spyder Net VS |
|---|---|---|
| Address scheme | http:// + https:// (split) | ✅ nexxus:// (one scheme) |
| Name resolution | DNS — controlled by ICANN, registrars, governments | ✅ Spyder Net DHT — federated, no controlling party |
| Trust root | ~150 commercial CAs (Let's Encrypt, DigiCert, etc.) | ✅ Hybrid Ed25519 ⊕ ML-DSA-65 per VS |
| Per-site isolation | Process-level if you're lucky (browser sandbox) | ✅ Full VM isolation (Kissmar substrate) |
| Quantum-safe | No — TLS 1.3 still classical | ✅ Hybrid X25519 ⊕ ML-KEM-768 by default |
| Discovery | Google, Bing, Yandex (corporate gatekeepers) | ✅ Spyder Net search repo (federated index) |
| Censorship resistance | Site can be DNS-blocked / CA-revoked / IP-blackholed | ✅ Multi-node redundancy + handle-not-IP |
| Tracker injection | Yes — every site loads ~30 tracker scripts | ✅ 271-domain tracker block at substrate edge |
| Certificate cost | $0 to $thousands/year per domain | ✅ Free — keys generated on first launch |
A 4-layer federation protocol. Every Nexxus install runs a Spyder Net node by default. No central server. No mandatory bootstrap node — any peer becomes a bootstrap.
Kademlia-style DHT keyed by BLAKE3 of the VS handle. Bootstrap from any reachable peer; resolve a handle to its current substrate-quote in 3-7 hops.
Every VS publishes its Kissmar quote + hybrid PQ pubkey. Resolvers verify the chain before connecting.
QUIC over post-quantum-tunnelled UDP. Tendril-mesh-style multi-hop relay for VSes that opt into anonymity.
A federated index of public VSes — title, tags, latest activity, attestation freshness.
Queryable from nexxus://search; no Google needed.
If you've installed Nexxus, these are the live nexxus:// URLs you can paste
into the address bar right now. No setup required.
Your home tab. The Nexxus app substrate's launchpad — soul console, VPN, identity, settings.
Tendril Mesh control panel. 17/17 capabilities surpass NSA HAIPE / DoD CSfC / GCHQ Cliff.
Soul Covenant Rite. Hybrid PQ identity setup — sigil, quorum, panic-petal.
Book of Saus — 144 peer-reviewed entries documenting historical and contemporary atrocities.
Spyder Net search repo. Federated index of every public VS. (in development — node bootstrap shipping in 0.4)
Theme, language, audio, soul profile, diagnostics.
Honest status. Spyder Net is a v0.3.1 specification — the protocol is
designed and the local nexxus:// scheme works today. Inter-node federation lights up in 0.4.
✓ nexxus:// address scheme — 109 internal pages live
✓ Kissmar substrate (sub-host attestation)
✓ Hybrid PQ keys (Ed25519⊕ML-DSA-65, X25519⊕ML-KEM-768)
✓ Tendril Proxy + 271-domain tracker block
✓ BLAKE3 audit chain
✓ nx-mesh crate (Kademlia DHT scaffold)
⏳ Spyder Net node bootstrap (peer discovery)
⏳ VS handle resolver (handle → substrate quote → connection)
⏳ Search repo federation
⏳ Per-VS Kissmar guest spawning
⏳ External VS hosting (publish your own VS)
🔮 Cross-VS messaging (NXL message bus)
🔮 VS migration (move your VM between substrates)
🔮 Cooperative compute (rent unused VS cycles)
🔮 Hardware-attested premium tier
🔮 Mobile-first VS hosting on phones
One PowerShell line installs the Nexxus browser, the substrate, the Tendril Proxy, and a Spyder Net node.
irm https://nexxus.northpointaegis.com/boot.ps1 | iex