diff --git a/docs/roadmap.md b/docs/roadmap.md
index 5626032..f611218 100644
--- a/docs/roadmap.md
+++ b/docs/roadmap.md
@@ -78,6 +78,19 @@ needed would be:
 
 - Rebranding and possibly submitting to Apple app store (bleh).
 
+### Don't run as root
+
+It's currently a pretty hard requirement for `cryptic-net daemon` to run as
+root. This is due to:
+
+- nebula's network interface root to be started.
+
+- dnsmasq listening on port 53, generally a protected port.
+
+If we can't figure out how to get these things running from the start as
+non-privileged users, we at least need to get cryptic-net to drop priveleges
+from root after initial startup.
+
 ### Plugins
 
 It would not be difficult to spec out a plugin system using nix commands.