Dune private social space

Private social for the people you trust

Private social, on your devices.

Messages, posts, photos, and shared canvases live on the devices in your space. Tailscale gives those devices a private network so they can reach each other directly — end-to-end encrypted, with no central server holding the content.

See how it works Compare apps
peer-to-peer · end-to-end encrypted · open source
A space, peer to peer content lives on devices
Private VPN Tailscale

secure reachability for approved devices

Phone Family
Laptop Studio
Phone Club
Home peer Always on
No content server in the middle

Why this matters

Social software, sized for your trust.

Built for the people you actually know — somewhere to share messages, posts, photos, and canvases without handing any of it to a platform.

Small by design.

Spaces are made for the people you actually know — families, studios, clubs, teams, close friends — not follower graphs or public reach.

Your data stays with you.

Messages, posts, media, and canvas state live on the devices you've approved — phones, laptops, and an optional always-on home peer. There is no Dune content server.

Private by network design.

Tailscale gives approved devices a WireGuard-based private network. Dune uses that as the secure path between peers — before any application-level encryption.

More than chat.

One private place for conversations, lightweight feeds, photo galleries, and shared canvases — plus the peers, devices, and event log that hold it all together.

How it works

Three steps to a private space of your own.

The setup is intentionally small: create a space and a peer identity, add the devices you trust, then let those devices exchange signed and encrypted updates directly.

1

Create a space.

A space is a shared home for the people who belong there — a family, studio, club, project, or close set of friends. You bootstrap it with a peer identity backed by a 24-word recovery phrase.

2

Approve the devices.

Each phone, laptop, or always-on home peer authorizes onto your peer identity through a signed invite, and joins the space's private Tailscale network so it can reach the others.

3

Sync peer to peer.

Every change is a signed event. Messages are encrypted to each recipient device; posts are signed and visible to the space. Devices gossip updates directly — no relay server in between.

How Dune compares

Choose based on who owns the space.

Some apps are best for encrypted one-to-one messaging. Some are best for large communities or super-app services. Dune is built for a small space of trusted peers who want social tools — chat, posts, media, canvas — without handing that content to a platform.

Dune Signal WhatsApp Discord Messenger
Architecture Peer-to-peer app protocol over Tailscale Hosted service with end-to-end encrypted messages Hosted service with end-to-end encrypted messages Hosted community service; end-to-end encrypted audio/video Meta-hosted service with end-to-end encrypted personal chats
Data storage Participant devices in your space Local device history; optional encrypted backups Local device history; optional encrypted backups Discord's servers Meta secure storage plus local devices
Authentication method Recovery phrase Phone number Phone number Email + username Meta account
Discoverability Invite only Phone number lookup Phone number lookup Username or server search Meta social graph
Service dependency Your Tailscale network; no Dune content service Signal service for delivery WhatsApp service for delivery and backups Discord service hosts communities Meta service for accounts and delivery
Open source Yes, SDK and app code Yes No No No

Dune runs on Tailscale's private network — there's no Dune service layer between you and the people you trust. Other sources: Signal privacy, Signal backups, WhatsApp backups, Discord audio/video encryption, and Messenger.

Use Dune

One protocol. A growing list of clients.

The Dune app is the flagship today — Flutter, multi-platform, built directly on Dune Core. More first-party clients are on the roadmap, and the protocol is open, so anyone can ship their own.

Active flagship · Codename Gemini

The Dune app.

Spaces, peers, devices, conversations, posts, media galleries, and shared canvases — every feature lives on your network, not on a server.

  • iOS
  • Android
  • macOS
  • Linux
  • Windows
  • Web
Visit Dune
On the roadmap

More clients.

Web, headless peer, and command-line clients are next on the build list.

Open SDK

Build your own.

The protocol is public. Use Dune Core as the foundation for a third-party client, bot, or peer.

See the SDK

Dune Core

The open-source Dart SDK and protocol shared by every Dune client — identity, signed events, encrypted storage, and peer networking in one package.

Package dune_core
Status pre-1.0
Language Dart
Source on GitHub See the SDK

Under the hood

For when you want the protocol-level picture.

Dune Core is the open-source Dart SDK and protocol that powers Dune. Five ideas hold it together: peers, devices, signed events, local projections, and peer-to-peer sync.

1

Peers are people or agents.

A peer is an Ed25519 identity derived from a BIP39 recovery phrase — cryptographic, not an account on a Dune server.

2

Devices are approved nodes.

Each device has its own Ed25519 signing key, X25519 encryption key, and Tailscale node ID — bound 1:1, so a revoked device can't rejoin as a fresh one.

3

Events are the source of truth.

Every change is a signed, hash-linked event in that device's chain. The log is the durable record; everything else is rebuilt from it.

4

Projections make apps fast.

Each device materializes the event log into local encrypted SQLite, so screens render from indexed storage rather than replaying the protocol.

5

Sync is peer to peer.

Approved devices exchange events directly over the private Tailscale network with hybrid push-pull. Messages are encrypted end-to-end with XChaCha20-Poly1305; media is content-addressed by SHA-256 and fetched lazily.

The SDK

A resource-oriented Dart API.

Apps stay close to product intent. Configure storage, start the runtime, then talk to Dune.spaces, Dune.peers, Dune.devices, Dune.conversations, Dune.messages, Dune.posts, and Dune.canvas — no reaching into tables or wire formats.

The same SDK powers Flutter clients, command-line tools, headless bots, and long-running home peers.

Signatures
Ed25519
Key agreement
X25519
Message AEAD
XChaCha20-Poly1305
KDF + hash
HKDF-SHA-256
example · dune_quickstart.dart 
// Boot the runtime against host-provided storage.
Dune.configure(
  secretStore: platformSecretStore,
  directoryConfig: platformDirectories,
);
await Dune.start();
await Dune.network.connect();

// Bring a peer identity online.
final phrase = await Dune.peers.createRecoveryPhrase();

final peerKey = await Dune.peers.create(
  recoveryPhrase: phrase,
  name: 'Jessica',
  deviceName: 'MacBook',
);

// Send to a trusted peer.
await Dune.messages.sendText(
  'Hello from Dune',
  recipients: [peerKey],
);

final recent = await
  Dune.messages.query().latest(limit: 50).get();

Package surfaces

Library Audience Purpose
dune_core.dart App developers Stable resource APIs: Dune.spaces, Dune.peers, Dune.devices, Dune.conversations, Dune.messages, Dune.posts, Dune.canvas, Dune.media, Dune.search.
dune_core_protocol.dart Protocol tooling Event models, Dune Canonical JSON v1 helpers, and DTOs for advanced consumers and non-Dart implementations.
dune_core_testing.dart App and SDK tests Supported peer harnesses and deterministic testing helpers for realistic multi-peer scenarios.
Protocol spec Engineering guide Storage policy Security review

The point

Social software can be smaller, quieter, and owned by the people in it.

Dune is in a pre-1.0 launch phase. The app-facing API is intended to be usable by real clients today; the protocol, test vectors, and package boundaries are still being hardened before a stable 1.0 contract.

View on GitHub Back to top