It's the server that tells the app where to connect. Block that one address and the whole app goes dark. So we moved it onto Solana.
People argue about VPN encryption like it's the thing that gets you blocked. It isn't. Modern tunnels, WireGuard, AmneziaWG, are fast and hard to read on the wire. The encryption is rarely where a VPN dies.
It dies at the control plane: the server that hands the app its list of where to connect. Censors learned this years ago. You don't need to break the tunnel. You just block the one endpoint that serves the list, and every client goes dark at once.
That endpoint is the single point of failure sitting inside almost every VPN on the market.
It plays out the same way in every country that decides to block a VPN:
Providers fight back with mirror domains and fresh IPs, and the censor blocks those too. It's a game the side with the firewall usually wins, because there's always a finite list of addresses to take down.
Akca Cascade removes the single address. Instead of asking one API for the server list, the client reads it from a Solana account, encrypted, signed by us, sitting on mainnet.
The app reads that account over public RPC: the same infrastructure that powers wallets, DeFi and NFTs. There are well over a hundred public Solana nodes. Block ninety of them and the rest still answer.
To take the list down, a censor would have to block public access to Solana itself, the chain a country's own traders, builders and payments depend on. That's a different order of decision than blocking one VPN's domain.
To block the VPN, you'd have to block the chain.
On-chain doesn't mean trust-the-chain. The server list is signed before it's published, and the client verifies that signature on-device before it connects to anything. A tampered account fails the check and gets ignored.
So Cascade gives you two properties at once: the list is reachable from anywhere Solana is reachable, and it's only trusted if it carries our signature. Availability without handing over authenticity.
Cascade is only about distribution, how the list reaches the app. Once you have it, your traffic rides the same WireGuard and AmneziaWG tunnel as before. Same speed, same obfuscation, same no-logs servers.
And the old API doesn't disappear. It stays in place as automatic fallback. When it's reachable, the app uses it; when it isn't, the app reads the chain. The user just connects.
A VPN is the obvious first use, but the problem is bigger than one product. Any tool that depends on a central server to bootstrap can be cut off at that server. Messaging apps, relays, dApps with a single config endpoint, same single point, same failure.
Putting the bootstrap data on a chain that's already too economically important to block is a general answer. Cascade is how we apply it to private networking. It's the same instinct behind the rest of the stack: assume the rules will change, and build so the network keeps working when they do.
It ships inside AkcaVPN, no-logs, no account, WireGuard + AmneziaWG, with the server list read straight off the chain and the API kept as fallback. Rolling out the same day on iOS, macOS and Windows.
See it on akcavpn.com/cascade, or read more about x402 and the rest of the network.