#### The treasure trove of NGI Zero Michiel Leenaars, [NLnet Foundation](https://nlnet.nl) · **36c3** · Leipzig · 2019-12-30

## Sixty years ago Edsger Dijkstra did his PhD "Communication with an Automatic Computer" at a small math instute in Amsterdam, now called [CWI](https://cwi.nl).

ACM: no other individual has had a larger influence on research in principles of distributed computing. ## Thirty years ago ... Stichting NLnet (where I work) formally became a legal entity (a foundation), in an effort to scale up the adoption of the early internet in Europe - after 7 years of informal operations at [CWI](https://cwi.nl) and the [Netherlands Unix User Group](https://nluug.nl).

... scientists and engineers like [Teus Hagen](/people/TeusHagen), [Ted Lindgreen](/people/TedLindgreen), [Jaap Akkerhuis](/people/JaapAkkerhuis) and many volunteers and counterparts from the European UNIX user groups (like Peter Collinson and Keld Simonsen) together built the grass roots computer networks that grew into the European internet. ## At that time ... the world wide web was still a "vague but interesting" proposal inside CERN to manage information

If you think surfing hypertext is cool, that's because you haven't tried writing it Tim Berners-Lee Unfortunately, an alternative future unfolded From utopia to dystopia in just 29 [30] short years - (Turing Lecture TBL) Photo of Tim Berners-Lee Creative Commons JwsLubbock https://upload.wikimedia.org/wikipedia/commons/d/d6/At_the_Science_Museum_for_the_Web%4030_event%2C_March_2019_23.jpg

Photo of Tim Berners-Lee Creative Commons JwsLubbock https://upload.wikimedia.org/wikipedia/commons/d/d6/At_the_Science_Museum_for_the_Web%4030_event%2C_March_2019_23.jpg

We demonstrated that the Web had failed instead of served humanity, as it was supposed to have done, and failed in many places. The increasing centralization of the Web ended up producing — with no deliberate action of the people who designed the platform — a large-scale emergent phenomenon which is anti-human. I think we can safely assume **"Dijkstra would not have liked this"**

# Slight rewind to 1997 As an outsider in a fast growing industry, NLnet Foundation sold all its operations. And dedicated the proceeds to a healthy and open information society. ## The board of the foundation establishes # a global fund for people with great ideas that can improve the internet # Microgrants that allows independent researchers and developers to work on the internet ("for the internet") in the public interest

(always with open standards, open source and open hardware).

(etcetera)

### ...but obviously spending money with no income ends somewhere As an independent grantmaker NLnet needs fresh 'fuel' to continue its work. ### Pay it forward Luckily doing good sometimes pays off. For instance, the fine people at security company [Radically Open Security](https://radicallyopensecurity.com) have committed to donating 90% of their profits to NLnet - this year 140k, the [single largest donation](/press/20190613-ROS-donation.html) we received ever! We hope more people and organisations follow that example... #### Next Generation Internet initiative A major windfall for us was the start of an initiative from the European Commission called the [Next Generation Internet](https://ngi.eu).

First we performed a study together with Gartner that established the overall vision of NGI, which included a significant consultation.
The three pillar for the vision (published last year) became Resilience, Trustworthiness and Sustainability

Next we were lucky enough to be awarded two subgranting programmes (so called Research and Innovation Actions) that let us do what we love most: **support projects** #### We brought along a number of amazing partners

And some of the spectacular work (currently over 150 projects, and new ones being added every two months!) we are funding with that is what I'm here to present.

## What is on the menu?

Trustworthy hardware and manufacturing
Network infrastructure incl. routing, P2P and VPN
Software engineering, protocols, interoperability, cryptography, algorithms, proofs
Operating Systems, firmware and virtualisation
Measurement, monitoring, analysis and abuse handling
Middleware & identity, including DNS, authorisation, authentication, distribution/deployment, operations, reputation systems
Decentralised solutions, including blockchain/distributed ledger
Data and AI
Services + Applications (e.g. email, instant messaging, video chat, collaboration)
Vertical use cases, search, discovery & community

### Apologies upfront I won't be able to cover all of the projects or even do them proper justice - I believe each project would deserve a talk of its own, but you can find more information about all of the projects at [/discovery](/discovery) and [/PET](/PET). Oh, and I will skip extremely cool projects like WireGuard which I presume you already know.

##### Verifpal From the creator of Noise Explorer comes Verifpal, a new approach to making symbolic formal verification of cryptographic protocols something normal people can realistically undertake. Verifpal is intuitive enough to allow real-world practitioners, students and engineers to make better protocols without sacrificing comprehensive formal verification features.


// SPDX-FileCopyrightText: © 2019-2020 Nadim Kobeissi 
// SPDX-License-Identifier: GPL-3.0-only

attacker[active]                               principal Bob[                  
                                               	knows private psk
principal Alice[]                              	knows public c0
principal Protonmail[]                         	knows public null
principal Microsoft[]                          	generates m2
principal Bob[]                                	generates b
                                               	gb = G^b
principal Alice[                               	gab = ga^b
	knows private psk                          	m1b = AEAD_DEC(psk, em1, null)?
	knows public c0                            	em2 = AEAD_ENC(gab, m2, null)
	knows public null                          ]
	generates a
	generates m1                               Bob -> Protonmail: em2, gb
	ga = G^a                                   Protonmail -> Alice: em2, gb
	em1 = AEAD_ENC(psk, m1, null)
]                                              principal Alice[
                                               	gba = gb^a
Alice -> Protonmail: ga, em1                   	m2a = AEAD_DEC(gba, em2, null)?
                                               ]
principal Protonmail[
	knows private j                            queries[
]                                              	confidentiality? m1
                                               	confidentiality? m2
Protonmail -> Microsoft: j, ga, em1            ]

Microsoft -> Bob: j, ga, em1

ActivityPub is a decentralized social networking protocol based on the ActivityStreams 2.0 data format. ActivityPub is an official W3C recommended standard published by the W3C Social Web Working Group. It provides a client to server API for creating, updating and deleting content, as well as a federated server to server API for delivering notifications and subscribing to content.

#### ActivityPub in NGI Zero PixelFed is an open source ethical photosharing application. Funkwhale is a personal music server. Spritely is a distributed social network. XWiki will be the first ActivityPub-enabled federating wiki. openEngiadina is a platform for creating, publishing and using open local knowledge. Discourse is a modern open source discussion platform. Librecast wants to enable multicast livestreaming. Beeld en Geluid will contribute to PeerTube to support the availability of large-scale public media collections. Forgefed wants to design a protocol on top of ActivityPub to federate software repositories, issue trackers etc. Fediverse.space lets you know where in the Fediverse you want to be.

### Search Searx is a metasearch engine that will soon have the ability to integrate your own private search domains. Mailpile will integrate your private email search into that, and so will Nextcloud. WebXRay will tell you everything about the trackers you would meet, before you click on search results. The Green Web Foundation will make it possible to elevate search results from ecofriendly hosters.

Transparency Toolkit is data collection, archiving, and analytics software for journalists, activists, and human rights researchers. minedive is an experimental P2P privacy conscious distributed search engine embedden in a browser extension OpenFoodFacts will enable personalised search on top of open data about hundreds of thousands of food products with ingredients, allergens, nutrition facts etc. P2P search pioneer YaCy now aims to create document crawling indexing functionality for everyone. NextApps, creators of flexsearch are experimenting with new ranking algorithms in Tantum Search

Minedive

ipfs-search.com is a search engine for directories, documents, videos, music on the Interplanetary Filesystem (IPFS). The DAT Foundation is building an accessible set of tools for creating secure community-run and private file storage on the DAT protocol. Sonar is a project to research and build a toolkit for decentralized search on top of the DAT stack. Next Browser is creating a programmable browser with advanced integrated search, also capable of working with DAT, IPFS and ZeroNet.

### Some cool other stuff Reowolf (from CWI!) wants to finally deprecate the insecure BSD-style socket mechanism. OPAQUE Sphinx implements a password Store that Perfectly Hides from Itself (No Xaggeration) and wants to finally get passwords of the wire by combining it with OPAQUE; Androsphinx is creating a mobile app to go with that. GNU Mes is creating a full source bootstrap for any interested UNIX-like operating system, to not have to depend on any large "binary blob" for bootstrapping a system. Robur develops a robust DHCP server and DNS resolver as a MirageOS unikernel, while DHCPAnon is implementing RFC7844 (DHCP Anonymity Profiles).

### Applications and services ## Sylkserver

Sylkserver is an open source conferencing server that can unite different real-time communication protocols: SIP, XMPP and WebRTC. It has ZRTP encryption, in-session uploads, screen sharing and chat too.

Etesync is an end-to-end encrypted, and privacy respecting sync solution for contacts, calendars and tasks with more data types planned for the future.

CryptPad is a secure and encrypted open-source collaboration platform, that allows people to work together online on documents, spreadsheets and other types of documents. ## Autocrypt Autocrypt is a new specification that significantly simplifies key management for end-to-end-encryption of e-mails. In various projects we support new e-mail programs to support automatic negotiation of encryption capabilities in a non-obtrusive way. ##### Identity Based Encryption + IRMA I Reveal My Attributes make attribute-based credential schemes usable in the real world, allowing users to only disclose a minimum of attributes. And with Identity Based Encryption you can reliably encrypt a message to someone that does not even know she or he needs a cryptographic key. The combination is of course very interesting. #### Mobile operating systems Replicant is a fully free Android distribution running on several devices, a free software mobile operating system putting the emphasis on freedom and privacy/security.

#### Maemo Leste Maemo Leste is a free Debian/Devuan based GNU/Linux hacker distribution for smartphones and tablets.

MEGAphone wants to create a mobile phone simple enough to understand, in order to be rationally **trustworthy**. And fun.

Mobile NixOS aims to get a NixOS system running on mobile devices, e.g. commodity phones.