Send in your ideas. Deadline December 1, 2024

45 Projects Receiving New NGI Zero Grants

Fourty-five free and open source projects have been selected to receive NGI Zero grants in the February round. Each of these projects offer a unique contribution to an open, resilient, human-centered internet and a more open information society. We want to thank the 45 teams and individuals for their efforts to build the Next Generation Internet for us all. All grants fall under NGI0 Core, a programme aimed at improving the open internet architecture.

The teams will receive financial support in the form of small and medium grants and support services to improve the quality and maturity of the projects. Practical support includes security and accessibility audits, help with licensing compliance and mentoring. The projects cover nine of the ten layers of the NGI technology stack, from trustworthy open hardware to services and applications which provide autonomy for end-users.

NGI Zero funding

NGI Zero is a joint not-for-profit effort by a coalition of organisations supporting the development of technology commons as building blocks for the Next Generation Internet. Currently two NGI Zero funding programmes, NGI0 Core and NGI0 Commons Fund are open for applications. If you have a good idea that contributes to technologies which are beneficial to our societies you can submit a proposal. The next deadline is October 1st 2024.

Meet the new projects

(you can click or tap on the project name to fold out additional information)

Trustworthy hardware and manufacturing

  • Collection of Verified multi-platform Gatewares — Comprehensive repository of open source gateware designs

    The "Verified Multi-Platform Gatewares" project will create a comprehensive repository of gateware designs that are compatible with various FPGA development environments and boards. The goal is to reduce the barriers to FPGA development by providing designs that are rigorously tested and maintained for compatibility. The project will host these open source designs on a dedicated website, ensuring they work seamlessly across multiple toolchains and boards. The collection will range from beginner to advanced designs, serving as educational resources and benchmarking tools, continually updated to prevent bitrot.

    For more details see: https://nlnet.nl/project/Gateware-Repository

  • Flashkeeper — Write Protection on SOIC-8 flash chips without soldering

    Firmware security projects such as Heads assume the firmware itself to be protected against tampering. Outside of proprietary solutions Boot Guard, partial write protection (WP) of the SPI flash chip (recently implemented by 3mdeb) is one solution. However, WP requires grounding the chip's WP pin, something that currently requires users to solder to the chip. As many users find this difficult, this has limited "retrofit" adoption of WP.

    This project is developing Flashkeeper, a device that can be permanently installed on a common SOIC-8 flash chip. It attaches to the chip with a peel-and-stick layer and spring-loaded contacts or low-profile solder-down flex cable, interfacing with the SPI flash pins for easy write protection and external reprogramming (unbricking). For users concerned with physical attacks on their systems, for whom easy access to SPI flash pins may be seen as a risk, a variant including a microcontroller (MCU) is also being developed, allowing authenticated external reprogramming and WP control, and independently verifying the SPI flash image against a user-controlled signature each boot.

    For more details see: https://nlnet.nl/project/Flashkeeper

  • foaHandler — Reverse engineer the OpenAccess file format

    Commercial CAE programs still dominate the community that designs electronic circuits. One of the most widely used file format here uses the OpenAccess API controlled by Si2. Unfortunately, this API is available only for members of the OpenAccess coalition. The project "foaHandler" aims at creating open-source programs for reading and writing OpenAccess files. Their internal data structure will be investigated by reverse engineering the file content of schematics, component symbols and layouts. Then, routines will be created that make it easy to import and export OpenAccess files in open-source programs like circuit simulators, layout programs etc. Example files and documentation will be published, too. This makes the data exchange between free and commercial EDA applications possible.

    For more details see: https://nlnet.nl/project/foaHandler

  • FPGA-ISP-UVC-USB2 — Open hardware FPGA-based USB webcam

    The USB UVC project is designed to create an innovative and adaptable webcam that easily connects to any laptop, providing high-quality video without the need for special drivers. Unlike ordinary USB webcams that often come with proprietary software and limited functionality, this project aims to deliver a flexible, open-source solution that can be tailored and improved by anyone. The webcam will offer superior video quality with features like automatic brightness adjustment, color correction, and real-time video compression, making it ideal for video calls, streaming, and other visual applications. By focusing on open-source principles, this project ensures that the technology is accessible, modifiable, and transparent, allowing for continuous community-driven enhancements.

    This project stands out because it is not locked into proprietary ecosystems, offering users greater control and flexibility over their hardware. It can work with a wide range of computer models, providing a versatile tool for both personal and professional use. Additionally, the open-source nature of the project means that it can be continuously improved and customized by developers around the world, fostering innovation and collaboration.

    For more details see: https://nlnet.nl/project/FPGA-ISP-UVC-USB2

  • MEGA65 Phone Modular MVP — OSHW mobile device with form-factor of hand-held game consoles

    The previous MEGAphone project laid the groundwork for creating personal communications devices that are secure through simplicity. This project extends that work by making the hardware modular, at some cost of minimum size, so that it becomes much more feasible for small communities to produce and maintain their own units, even in the face of supply chain challenges and other contributors to the "digital winter", i.e., the situation where open innovation becomes more difficult due to number of factors. This will also make it easier to include diverse resilient communications options, whether RF, optical or acoustic, so that peer-to-peer communications networks can be sustained even in environments that are hostile to freedom of communications. For this reason energy sovereignty will also be part of the design, so that even if all civil infrastructure is denied, that basic communications and computing functions can be sustained, with a single device whose security can be much more easily reasoned about.

    For more details see: https://nlnet.nl/project/MEGA65-MVP

  • nextpnr for GW-5 — Add support to nextpnr for Gowin GW-5 FPGA family

    This project focuses on enhancing the open-source FPGA design toolchain (specifically nextpnr and Apicula), to support the Gowin GW-5 series of FPGAs. This initiative involves creating detailed documentation and developing tools to understand and utilize these FPGAs effectively. By extending nextpnr and Apicula to generate valid bitstreams for the GW-5 series, the project aims to make advanced FPGA technology more accessible and usable for designers and engineers around the world.

    For more details see: https://nlnet.nl/project/nextpnr-GW-5

  • VexiiRiscv — Next generation of the VexRiscv in-order FPGA softcore

    VexiiRiscv (Vex2Risc5) is a hardware project which aim at providing an free/open-source RISC-V in-order CPU which could scale from a simple microcontroller up to a multi-issue/debian capable cluster. While the project already surpasses VexRiscv in multiple domains (performances, 64 bits, debian), it still needs work and testing to reach feature parity (tightly coupled RAM, JTAG debug, optimization, ...), aswell to extend its scope (lightweight FPU, vector unit, ...). This grant would aim at filling those gaps aswell as improving its documentation.

    For more details see: https://nlnet.nl/project/VexiiRiscv

Network infrastructure incl. routing, P2P and VPN

  • Movedata — Privacy-preserving, energy efficient data replication and verification

    MOVEDATA is an efficient and privacy-preserving tool to distribute large blocks of data, such as the contents of a whole storage device (or a device image), with zero knowledge of the structure or meaning of the data to enhance the privacy aspect, and using multicast and other technologies for efficiency, both in terms of network bandwidth and of energy usage. Ease of use is also of particular concern, providing different interfaces adapted to different use cases.

    For more details see: https://nlnet.nl/project/MoveData

  • NixBox — Nix integration with netbox

    NixBox is a modern approach to network deployments, it combines the configuration management powers of nix with the documentation capabilities provided by NetBox. It focuses on testability, reliability and automation while making your network documentation your configuration. Our goals are to reduce downtime and improve network visibility. Utilizing virtual machine tests we can ensure that your deployment will actually work before you ship it to production.

    For more details see: https://nlnet.nl/project/NixBox

  • OpenHarbors — Dynamic Tunneling of WPA over IP/L2TP

    OpenHarbors wants to establish a novel approach for secure communication over an untrusted Wifi network - and beyond: Dynamic tunneling of WPA over IP/L2TP. Why? Because current, secure solutions are not satisfactory: They are either hard to set up, require extra software in advance or are not applicable on an open wireless community mesh network like Freifunk.

    OpenHarbors will utilize and implement WPA Enterprise with an extra twist: Instead of providing an encryption channel only between your mobile device and the direct WLAN access point you will be able to securely dial-out at any location on the internet you trust and choose and are granted access to. Without the hassle of installing and setting up an extra VPN software on your phone. Without the need of a trusted WLAN access point operator model or closed source firmware, in contrast to current approaches with Passpoint/Hotspot 2.0/eduroam/WBA OpenRoaming and similar - which all are conceptually not applicable on open wireless community mesh networks.

    For more details see: https://nlnet.nl/project/OpenHarbors

  • Toward a Fully-Verified SCION Router — Formal verification of the reference open source SCION Router

    SCION is a next-generation Internet architecture that addresses many of the security vulnerabilities of today’s Internet. Its clean-slate design provides, among other properties, route control, failure isolation, and multi-path communication. This project will demonstrate the feasibility of verifying the core component of the SCION inter-domain routing architecture - the SCION router. Prior work has proved that the SCION data plane protocols are secure. The focus of this project is on verifying that SCION’s open-source router is memory-safe and implements those protocols correctly and, thus, provides the intended security and correctness guarantees.

    For more details see: https://nlnet.nl/project/Verified-SCION-router

Software engineering, protocols, interoperability, cryptography, algorithms, proofs

  • Diesel — Safe and performant query builder and ORM written in Rust

    Diesel is a safe and performant query builder and ORM written in Rust. It aims to eliminate security issues like SQL injections by providing a type safe domain specific language to express your SQL query as Rust code. This enables checking the query at compile time to turn insecure or otherwise invalid SQL queries into compile time errors. As part of this project we want to extend Diesel to provide built-in support for `WINDOW` functions, to enable the usage of secure and type safe queries in more places.

    For more details see: https://nlnet.nl/project/Diesel

  • lib1305 — Microlibrary for Poly1305 hashing

    In modern network protocols, every packet is authenticated using a message-authentication code (MAC). Any data modified by an attacker is immediately caught and rejected by the MAC. The most popular MAC algorithms are Poly1305, normally used with the ChaCha20 cipher as part of ChaCha20-Poly1305, and GMAC, normally used with the AES cipher as part of AES-GCM. Many applications, such as WireGuard, require specifically Poly1305. This project will develop and release a new software library, lib1305, for Poly1305. The library will provide comprehensive and well-optimized software exploiting the 64-bit assembly instructions of Intel CPUs to provide top speeds for those CPUs, while meeting the security constraint of not leaking secret information through timing.

    For more details see: https://nlnet.nl/project/lib1305

  • libvips — Add animated PNG and enhanced JPEG XL support to libvips

    libvips is an image processing meta-library, whose development the European Commission funded back in the 1990s. Applications can outsource the heavy lifting of handling a variety of image types to this library. The library has meanwhile grown very popular with web developers around the world; the node binding, for example, is downloaded more than 5 million times a week at the time of writing.

    In addition to scrutinizing the security of the library, this project will implement two key improvements to libvips: animated PNG support, and enhanced JXL support. The former capability (the addition of animated PNG support) can be gained from another NGI Zero project, libspng. libvips uses libspng for PNG read and write, so by extending libvips to use these new libspng features, they will become available to a large developer community very quickly.

    Second, libvips has had preliminary support for the JXL format since libjxl v0.4. Since then, the libjxl API has evolved considerably and the libvips connector needs updating, especially in the areas of large image support and HDR, both increasingly important with the steady improvement of smartphone cameras.

    For more details see: https://nlnet.nl/project/libvips

  • MailBox renewal — Performance upgrade of MailBox mail modules

    Email is still the workhorse of the internet, and behind the screens some of the heavy lifting is by applications like the Mailbox modules. Under the hood, this software is processing billions of emails every day at some of the largest players in the industry.

    The project will deliver a major update of the code after two decades. This is not only long overdue, but actually offers interesting opportunities to take into account new email related RFCs, investigate new possibilities for code optimisation as well as tackling new threats like SMTP smuggling.

    As a bonus, the project will work on a standalone tool to be able to once more properly forward emails in the SPF/DMARC era - a very welcome capability, the lack of which is currently causing a lot of headache and lost email for users.

    For more details see: https://nlnet.nl/project/MailBox

  • PTT — Unikernel Mailing list server in OCAML

    Email is still one of the main channel of communication.Setting up and maintaining something as simple as a reliable mailing list in-house is significantly more complex than it ought to be. Out of convenience, many organisations and communities outsource running their maiilng lists service to third-party agents. However, this not only creates an unnecessary dependency but also reduces confidentiality, which can be a critical aspect.

    This project has the ambition to win back the means of communication, developing a new mailing list application service that is easier to maintain securely (through unikernels using MirageOS), and is efficient in terms of resource usage. The service should integrate into existing infrastructures seamlessly.

    For more details see: https://nlnet.nl/project/PTT

  • Support for OpenPGP v6 in rPGP — Implement draft-ietf-openpgp-crypto-refresh in rPGP

    rPGP is a high-quality implementation of OpenPGP in pure Rust (OpenPGP is a standard for encryption, digital signatures and key management). rPGP is used in production in different contexts, among them the popular "Delta Chat" decentralized and secure messenger that is used by hundreds of thousands of users, worldwide. The OpenPGP standard has recently been revised to reflect current best cryptographic practices. The revision of the standard defines "OpenPGP version 6" and is currently being finalized  for publication as RFC 9580. This project will implement the new formats and features of OpenPGP v6 for rPGP. This will bring the new features of OpenPGP v6 to users of rPGP, and ensures future interoperability with all other modern OpenPGP implementations.

    For more details see: https://nlnet.nl/project/rPGP-cryptorefresh

  • Tracing and rebuilding packages — Improved metadata/provenance for build artifacts

    For many end users the smallest unit of software is the "package": a collection of programs and configuration files bundled in a single file, typically shipped as a single archive. Examples are "util-linux", "glibc", "bash", "ffmpeg" and so on.

    Open source distributions install packages using their package management systems. The package management system writes the contents of a package to disk when the package is installed or updated and removes the contents if the package is removed. The packages themselves contain metadata maintained by the distribution maintainers. This information includes the name of the package, project URL, description, dependency information and license information, etc.

    This granularity can be too coarse. For example, the license information is aggregated at the package level. If there are separate files that are under different licenses, then this will not always be clear from the license information at the package level.

    This project will make it more easy to understand by looking at what goes into each individual binary in a package, and assign metadata to the individual binaries instead of to a package. It will do so by tracing the build of a package and recording which files are actually used. By building packages in a minimal (container) environment, capturing the build trace, processing the build trace to see exactly what goes into which binary it becomes much easier to zoom in and answer specific questions such as "what license does this binary have" or "which binaries use vulnerable file X" and combining it with efforts like VulnerableCode and PurlDB.

    For more details see: https://nlnet.nl/project/BuildTracing

  • UnifiedPush — Decentralized and open-source push notification protocol

    Push notifications are essential to the modern mobile experience, as they enable applications to communicate with users in real time, even when not in active use. Major mobile operating systems provide a centralized service that they control, but depending on a centralized push notification system controlled by one company raises issues of privacy and independence. UnifiedPush is a decentralized and open-source push notification protocol. It is a set of specifications and libraries that allow the user to choose how push notifications are delivered. It is compatible with WebPush, the standard for web applications.

    For more details see: https://nlnet.nl/project/UnifiedPush

Operating Systems, firmware and virtualisation

  • Arcan-A12 Directory — Server side scripting API for Arcan's directory server

    A12 is an explorative p2p protocol for fast and secure remote application interactions. Current desktop protocols are locked inside the constraints of their origins, and most of these have significant security and privacy issues. As a result, we've come to depend heavily on web frontends as the universal desktop application corset - which in return has caused a massive complication and overloading of the browser.

    A12 establish a secure and interconnected network of personal compute devices, includes peer-to-peer channels and cryptography components. This project add a directory server that can be used as a trusted 3rd party rendezvous to establish such channels. It will expand the scripting API towards writing assistive 'apps' that can complement or split the workload handled on client devices; provide state synchronization and indexing/search between dynamic mesh networks created by linking directory servers together; dynamically launch and attach controlled sources.

    For more details see: https://nlnet.nl/project/Arcan-A12-directory

  • Arcan-A12 Tools — A12 clients for different platforms and devices such as drawing tablets

    The interaction patterns with our compute devices have switched from "one device - multiple users" over to "one user - multiple devices" and this new reality requires shift in how user personal data is shared and synchronised between their devices.

    A12 is a network protocol designed to establish a secure and highly interconnected network of personal compute devices that has been developed as part of a larger Arcan umbrella project. The protocol includes peer-to-peer channels and cryptography components.

    This follow-up project sets out to implement lightweight applications that will be capable of networking over A12 protocol to enable remote control, sensor and screen sharing, file sharing, notification sharing and enable other personal data flows. The end goal is convenience of having interconnected devices without sacrificing privacy and performance.

    For more details see: https://nlnet.nl/project/Arcan-A12-tools

  • BIDS — Identify known open source elements present in binaries

    Embedded device firmware is assembled from many FOSS package dependencies. Knowing which dependencies have been used is essential for security and licence compliance. However this is a complex task for native ELF binaries built from languages such as C/C++ that do not have package managers for metadata and simpler conventions for bytecode like Java or Python. The BIDS (Binary Identification of Dependencies with Search) project will build a tool (in Python) to analyse ELF binaries and find dependencies contained and built in these binaries. The BIDS project will deliver tooling to analyse ELF binaries and extract key features and store these for indexing, tooing to index these binary features in a search engine using inverted indexing, and a query tool and library to process large binaries to query this inverted index. The latter will return results as lists of ranked FOSS packages and files found to be present in the analysed binary. The data and tools will also be packaged to allow for further integration and reuse by other FOSS tools and analysis pipelines.

    For more details see: https://nlnet.nl/project/BIDS

  • postmarketOS daemons — Add modern service daemons to postmarketOS

    postmarketOS keeps smartphones useful after they don't receive updates anymore: the original operating system gets replaced with an up-to-date lightweight open source software stack based on Alpine Linux. This project will add initial systemd support to postmarketOS, as well as making Pipewire the default audio server in postmarketOS. It will help switch the wifi backend to iwd by default, and design and prototype an immutable version of postmarketOS with an efficient A/B OTA mechanism with binary delta updates, and automatic rollback on failed updates.

    For more details see: https://nlnet.nl/project/postmarketOS-daemons

  • Redox OS Unix-style Signals — Add Unix-style signal handling to Redox Operating System

    The project summary for this project is not yet available. Please come back soon!

    For more details see: https://nlnet.nl/project/RedoxOS-Signals

  • TrenchBoot as Anti Evil Maid - UEFI boot mode support — Add UEFI to the Qubes integration of Trenchboot with AEM

    The project summary for this project is not yet available. Please come back soon!

    For more details see: https://nlnet.nl/project/TrenchBoot-AEM-UEFI

  • tslib — Better configuration and callibration of touchscreen devices

    tslib is somewhat older but widely used software for configuring the touchscreen of (mainly) embedded Linux devices including printers, mobile phones, etc. This nimble project concerns a bundle of improvements in terms of calibration, some accessibility research (to see if people with e.g. a tremor can be better served), and addressing a backlog of feature requests. In addition the project will use the help of NGI Zero to apply additional security scrutiny.

    For more details see: https://nlnet.nl/project/tslib

  • Wayland input method support — Better specification for Wayland input methods

    As Linux distributions switch to Wayland, some functionality is still incomplete. One of them is being able to input non-Latin scripts. It is a necessity for a large portion of the world, yet it's not standardized across Wayland environments. The same text input functionality is needed for typing on mobile Linux, which, considering how many people use smartphones rather than laptops, might be even more important for Linux adoption. This project wants to bridge that gap, by continuing the effort of standardizing input-method protocols started for Phosh in Squeekboard, gtk, and wlroots.

    For more details see: https://nlnet.nl/project/WaylandInput

Measurement, monitoring, analysis and abuse handling

  • Back2Source next — Better matching of binaries with source code

    Sometimes, the released binaries of an open source package do not match its source code. Or the source code does not match the code in a version control repository. There are many reasons for this discrepancy, but in all cases, this is a potential serious issue as the binary cannot be trusted. Additional (or different) code in the binary could be malware or a vector for unknown software vulnerabilities, or create FOSS license compliance issues.

    "Back to source" creates analysis pipelines in ScanCode.io to systematically map and cross-reference the binaries of a FOSS package to its source code and source repository and report discrepancies. We call this the deployment to development analysis (d2d) to map deployed code (binaries) to the development code (the sources) and we enable applying this "trust but verify" approach to all the binaries.

    For more details see: https://nlnet.nl/project/Back2source-next

  • Enhance the vulnerability database — Enhance the VulnerableCode vulnerability database

    Using Components with Known Vulnerabilities" is one of the OWASP Top 10 Most Critical Web Application Security Risks. Identifying such vulnerable components is currently hindered by data structure and tools that are (1) designed primarily for commercial/proprietary software components and (2) too dependent on the National Vulnerability Database (funded by the US CISA and Dept. of Commerce). With the explosion of Free and Open Source Software (FOSS) usage, we need a new approach in order to efficiently identify security vulnerabilities in FOSS components that are the basis of every modern software system and applications. And that approach should be based on open data and FOSS tools.

    This project delivers unique FOSS tools to aggregate software component vulnerability data from multiple sources, privileging upstream data directly from project maintainers. VulnerableCode organizes that data with a de-facto industry standard Package URL identifier (Package URL or PURL) enabling efficient and straightforward automation for the search for FOSS component security vulnerabilities. The benefits are to contribute to the improved security of software applications with open tools and data available freely to everyone and to lessen the dependence on a single foreign governmental data source, or a few foreign commercial data providers.

    In the new context of the upcoming Cyber Resilience Act (CRA), the access to an open, free and curated FOSS package vulnerability data source is now an imperative. And the organization of vulnerability data by Package URL or PURL identifiers in VulnerableCode enables easy frictionless integration with Software Composition Analysis (SCA) code analysis tool chains, direct enrichment of SBOMs (Software Bill of Materials) to find if SBOM-listed packages have known vulnerabilities, and creation of VEX (Vulnerability Exploitability Exchange) document to communicate the impact of known vulnerabilities

    For more details see: https://nlnet.nl/project/VulnerableCode-enhancements

  • LANShield — Constrain local network access for mobile devices

    LANShield is a tool that will give users control over which apps and programs are allowed to access devices in the local network. This is done to defend against malicious apps that may try to scan the user's local network and subsequently leak sensitive information. For instance, when an app tries to access the local network for the first time, the user is asked whether this app should be allowed to access local devices. The project will also investigate models and protocols to safely enable an app to communicate with local devices, with the idea that apps can use this protocol to access local devices without requiring explicit user permission. The project will also investigate how to integrate this defence into Android.

    For more details see: https://nlnet.nl/project/LocalShield

  • OWASP dep-scan — Security and risk audit tool

    OWASP dep-scan is a next-generation Software Composition Analysis (SCA) tool based on known vulnerabilities, advisories, and license limitations for applications, container images, and Linux virtual machines. Powered by abc - AppThreat atom, OWASP blint, and CycloneDX Generator (cdxgen) - dep-scan performs a range of advanced code hierarchy and lifecycle analysis (for example, reachability analysis) to improve precision and reduce false positives, thus helping developers and AppSec people focus on supply chain vulnerabilities and risks that needs real attention.

    Dep-scan is purpose-built to be integrated in CI, Vulnerability Management platforms, and air-gapped environments. Dep-scan can perform all the analysis offline, with no code or SBOM leaving your environment. The tool supports generating reports in CycloneDX VDR, OASIS CSAF VEX, HTML, PDF, and Markdown formats.

    For more details see: https://nlnet.nl/project/OWASP-dep-scan

Middleware and identity

  • Client Proof-of-Work in TLS — Mitigation against DoS amplification on the TLS handshake

    The computationally expensive nature of asymmetric crypto in TLS makes it vulnerable to denial-of-service attacks. We propose an extension to TLS that mitigates this attack vector, shifting the advantage from the attacker to the defender. The project will deliver a draft spec, mergeable patches for leading TLS libraries, and a measurement report explaining the results.

    For more details see: https://nlnet.nl/project/TLS-Client-PoW

Data and AI

  • LabPlot — Scientific and engineering data analysis and visualisation

    LabPlot is a free, open source and cross-platform data visualisation and analysis software. It focuses on ease of use and performance. It provides high quality data visualisation and plotting capabilities, as well as reliable and easy data analysis, without requiring any programming skills from the user. Data import and export to and from a variety of formats is supported. LabPlot also allows calculations to be performed in various open source computer algebra systems and languages via an interactive notebook interface.

    In this project the team will work on extending the current feature set of the application to reach a wider audience. This includes scripting capabilities (in Python only in the initial implementation) to script and automate repetitive data visualisation and analysis workflows and to allow control of LabPlot from external applications via a public interface. The second feature that will be worked on is the ability to apply analysis functions such as FFT, smoothing, etc. to live/streaming data (data imported into LabPlot and modified externally). And thirdly, statistical analysis including common hypothesis tests, correlations, regressions and data panning.

    For more details see: https://nlnet.nl/project/LabPlot

Services + Applications (e.g. email, instant messaging, video chat, collaboration)

  • bluetuith — Bluetooth connection/device manager for the terminal

    bluetuith is a lightweight Text User Interface (TUI) based Bluetooth manager for the terminal, which allows users to manage a multitude of different Bluetooth based functions, like pairing, connection, file transfers, handling audio playback and networking and so on seamlessly via an easy-to-use interface. The project aims to extend support to as many other platforms as possible, to achieve multiplatform support, and provide users with a familiar interface to control Bluetooth across different platforms. The project also aims to solve the issue of communication and user-friendliness of platform specific Bluetooth stacks, by creating daemons/services native to that platform, and lightly wrapping native APIs and exposing a standard set of APIs that will allow any client to be built cross-platform and to connect and control Bluetooth (Classic especially) in a much more efficient and uniform manner.

    For more details see: https://nlnet.nl/project/bluetuith

  • Draupnir — Moderation bot for Matrix servers

    Draupnir is a comprehensive moderation bot for room moderators using Matrix (the open source decentralized instant messaging protocol). Draupnir assists room moderators in managing their community and provides continuous protection from spam and harmful content. This is done by utilising sharable and interoperable policy lists that allow different communities to work together to combat new threats. Draupnir also provides a plugin system that can adapt Draupnir to the different needs of every community. Our ongoing efforts to further modularise Draupnir's code base in the interests of maintainability should provide groundwork for future Trust & Safety related projects in the Matrix ecosystem.

    For more details see: https://nlnet.nl/project/Draupnir

  • Gancio — Shared agenda for local communities that supports Activity Pub

    Gancio is a shared agenda for local communities, and was the first one to support Activity Pub. Gancio focuses on cross-cutting collaboration through its decentralized instances that allow to connect communities. This enabling users to easily discover and engage in events in their neighborhood, as well as elsewhere - while avoiding attention-based business models and intrusive advertisements.

    The focus of this project are a numberof new features such as implementing HTTP Signatures, moderation and onion routing, as well as improving compatibility with other Fediverse event tools. In addition, the team seeks to establish a common agreed upon event format to make the interaction with such tools more streamlined.

    For more details see: https://nlnet.nl/project/Gancio

  • Miru — Multi-track video editing and real-time AR effects

    Miru is a new set of modular, extensible Web platform tools and components for still image and multi-track video editing and state-of-the-art, real-time AR. Using WebGL, WebAssembly, and open source, mobile-optimized machine learning models, Miru will give people on the social web the tools to edit images and apply interactive effects to recorded video without compromising on privacy and transparency. Miru aims to provide intuitive and user-friendly UIs which developers can easily integrate into their Web apps regardless of the frontend frameworks they use.

    For more details see: https://nlnet.nl/project/Miru

  • Openfire IPv6 support — Add IPv6 support to the Openfire XMPP server

    Openfire is an open-source, mature, cross-platform, real-time collaboration server based on the XMPP protocol. Originating around the turn of the century, IPv6 was not explicitly supported when it was originally created. As shown by anecdotal evidence, some IPv6 functionality already ‘works’ in Openfire. This, however, is accidental, and not by design. This project intends to add explicit IPv6 support to Openfire.

    For more details see: https://nlnet.nl/project/Openfire-IPv6

Vertical use cases, Search, Community

  • COCOLIGHT — Lightweight version of Communecter

    COmmunecter is an open source social and societal platform. COCOLIGHT is an low tech light weight client able to connects to any COmmunecter server, allowing both read and contribution modes. Easy to Install, fully Activity Pub compliant, federating organizations, events, projects and open badges. It allows to create networks of many COPI instances interconnected together and exchanging information and data.

    For more details see: https://nlnet.nl/project/Communecter

  • OpenCarLink — Security tooling for vehicle ODB2 ports

    The project summary for this project is not yet available. Please come back soon!

    For more details see: https://nlnet.nl/project/OpenCarLink

Still hungry for more projects? Check out the overview of all our current and recent projects...


NGI0 programmes are made possible with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology.

Logo NGI Zero: letterlogo shaped like a tag
Logo European Commission