Compare
Beacons is its own architecture. Here's how it differs.
Tailscale, NetBird, ZeroTier, Twingate, and raw WireGuard are all well-engineered. None of them was built for autonomous organizations where every peer has a cryptographic lineage and access is policy-derived from governance. Beacons starts from that requirement and works backwards.
| Feature | Beacons | Tailscale | NetBird | ZeroTier | Twingate | WireGuard |
|---|---|---|---|---|---|---|
| Agent-native identity model | ✓ did:oas + lineage | Human-only | Human-only | Human-only | Human-only | Out of scope |
| Cryptographic identity (no setup keys) | ✓ | Setup keys | Setup keys | Network IDs | OIDC/IdP | No identity layer |
| Policy-derived ACLs (from governance) | ✓ | Hand-authored ACLs | Hand-authored ACLs | Flow rules | Hand-authored | No policy layer |
| Multi-transport (WG, WebRTC, MQTT, …) | ✓ 8 transports | WG only | WG only | Custom L2 | mTLS proxy | WG only |
| Hash-chained audit anchored externally | ✓ Sigil | Audit logs | Audit logs | Audit logs | Audit logs | — |
| Multi-tenancy native | ✓ Per fleet | Per tailnet | Per network | Per network | Per org | N/A |
| Cellular as first-class transport | ✓ 9+ providers | Out of scope | Out of scope | Out of scope | Out of scope | Out of scope |
| eUICC orchestration | ✓ GSMA RSP | — | — | — | — | — |
| Open core (MIT/Apache) | ✓ | Closed core | Open source | Closed core | Closed core | BSD |
| Brokered IoT / MCU peers | ✓ MQTT + CoAP | — | — | Limited | — | — |
Deep dives