Calls: Send in your ideas. Deadline February 1st, 2023.

NGI0 Entrust

Trustworthiness and data sovereignty

This page contains a concise overview of projects funded by NLnet foundation that belong to NGI0 Entrust (see the thematic index). There is more information available on each of the projects listed on this page - all you need to do is click on the title or the link at the bottom of the section on each project to read more. If a description on this page is a bit technical and terse, don't despair — the dedicated page will have a more user-friendly description that should be intelligible for 'normal' people as well. If you cannot find a specific project you are looking for, please check the alphabetic index or just search for it (or search for a specific keyword).

Apicula — Open source tools for working with Gowin FPGAs

Only a few years ago, you could only program FPGAs with the proprietary tools provided by the vendors, locking you into that ecosystem and its features and bugs. But open source FPGA tools have been making great strides, and there are now mature open source synthesis and PnR tools, namely Yosys and Nextpnr. However, only Lattice FPGAs are currently well supported, still de facto locking you into a single vendor. There are a few other projects, such as Apicula, that target other FPGAs, but none of them are feature complete and of production quality. The goal here is to take Apicula to the next level, where it goes from an experimental flow for FOSS enthusiasts to a production ready tool, finally and truly breaking FPGA vendor lock-in.

>> Read more about Apicula

Arcan-A12 — Explorative p2p protocol for fast and secure remote desktops

Protocols such as VNC, X11 and SSH have long been fundamental components for accessing user facing software or desktop computing as a whole over a network connection, with millions of daily users ranging from simple households to businesses and critical infrastructure. The development of these protocols and their respective tools has unfortunately stagnated, drifting towards proprietary extensions and otherwise dragging behind developments in compression technology, while leaving qualities such as accessibility and usability in a rough state. A12 is a project within the Arcan umbrella (models for future desktop computing) that aims to change this, leaning on decades of experience in system graphics. A12 consolidates the use cases of these - and related - protocols, adding stronger privacy protections against side channel analysis, use of modern compression techniques, providing higher visual quality and lower latency with simplified key management and service discovery.

>> Read more about Arcan-A12

Atomic Tables — Self-hostable tabular structured data solution

Atomic Tables is a new extension to the open source Atomic Data ecosystem, which aims to make the web more interoperable. In Atomic Tables, users can easily create their own data models using a tables interface, which people know and love from tools like Excel, Notion and Airtable. Having a self-hostable alternative to the existing SAAS offerings helps users retain control over their own data. What makes this project unique, is that the data models created in Atomic Tables are retrievable by a URL and can easily be re-used on other machines. This keeps costs of transforming or mapping data at an absolute minimum. Maintaining a standardized data model suddenly becomes trivial, instead of costing countless of man hours. Additionally, the software is not just designed to be a clean, intuitive end-user facing application, but also a powerful developer API that brings incredible performance and flexibility, making it highly usable as a database in other applications.

>> Read more about Atomic Tables

BB3-CM4 — CM4 compatible MCU board

Chip shortages are causing production problems throughout the industry. A way of getting out of the production trap is to get project boards more modular. Popular open hardware projects like the EEZ BB3 T&M (Test & Measurement) device currently depend on specific scarce microcontroller boards, and prospective users face impossible delays and constantly rising prices. This project will relieve some of the tension by delivering special "MCU" boards that are compatible in form factor to widely used MCUs. That way projects gain much more room for fulfilling production needs - allowing them to use alternative pin compatible main modules (like the ULX4M FPGA) without redesign, delivering more flexibility. One additional advantage of this approach is that production of module and base board does not need to be at the same time or by the same company. Hardware upgrades and the right to repair become possible and just involve changing a module, without having to throw out the complete system. Along with the "MCU" module the project delivers a new back plane board for the BB3 T&M device - fully compatible with current design, so existing users can upgrade or replace parts.

>> Read more about BB3-CM4

Bonfire federated groups — Create, join and manage federated groups across instances

Bonfire is an extensible open source federated community platform, that empowers groups to easily configure their spaces from the ground up, according to a variety of needs and visions.

Bonfire envisions a web of independent but interconnected social networks (using a wide definition, since we consider the social components of activities in the economic, educational, and political spheres as well) - able to speak and transfer information among each other, according to their own boundaries and preferences.

The scope of this project is to give users the tools to create, join and manage federated groups across instances, with their own set of rules and customisable governance. Federated groups on Bonfire will lever the flexible foundation we've recently released: circles and boundaries. Using those building blocks we will ensure that groups have the possibility to define a fine grained set of roles and permissions, with the possibility for each group to define a multitude of roles that fit with how they want to manage membership and participation, and distribute power and responsibility.

>> Read more about Bonfire federated groups

Canaille — Zero-knowledge opinionated OpenID Connect (OIDC) server.

Canaille is a zero-knowledge opinionated identity server. Canaille aims to lower the barrier to entry for identity management, by providing a simple lightweight interoperable software focused on accessibility for end-users, administrators and contributors. It provides user and group management for small and medium sized organizations. It has authorization management and Single Sign-On features based on the OpenID Connect standard.

>> Read more about Canaille

Charon — Privacy-enabling account management and SSO solution

The overall goal of the Charon project is to build a privacy-enabling account management and SSO solution. For end-users, Charon will allow aggregating multiple existing authenticators (Facebook, Google, etc.) in one place and managing different (and potentially multiple) identities exposed to apps. Apps will not have to worry about user management. And admins of communities using those apps will be able to manage all users in one place, with tools to address abuse.

>> Read more about Charon

Coloquinte — High performance placement of cells inside digital electronic circuitry

A core component of the ASIC design toolchain is the placement tool, which must decide where to place the components of the chip so that it can be manufactured and meet the performance target. To build chips reliably, improve performance and improve power consumption, the placement tool must interact with other complex tools (routing, timing, gate sizing, ...). This requires a complex integration, and even necessary to target newer technology nodes. Our goal is to provide high-quality placement algorithms with an easy-to-use interface, so it is easy to use in multiple situations and toolchains.

Coloquinte started as a component of the Coriolis toolchain. Since then, it has been made into a library for inclusion in other tools and multiple languages. Current developments target the integration with timing tools (for better chip performance) and routing tools (for power consumption, performance and compilation stability).

>> Read more about Coloquinte

CryptPad Blueprints — Server-side encrypted collaborative editor

CryptPad is an end-to-end encrypted collaboration suite that has been under active development for 8 years, and is currently used by hundreds of thousands of people. Its feature set has grown from a simple editor to a full-blown suite with multiple apps, drive, teams, etc. The next generation of CryptPad should be even better - with stronger security guarantees ("perfect forward secrecy", post-quantum crypto), offline-first collaborative editing, and user-driven workflows like password resets. This project will take the first steps in this direction. We document the ways in which cryptography is used on the platform, review the state of the art in applied cryptography and then evaluate the right match with available technologies. Finally we will use these foundations to move forward to a new architecture for CryptPad that will allow for future developments, improved usability, and tighter security.

>> Read more about CryptPad Blueprints

EEZ Studio — Open source tooling for measurement and test equipment

EEZ Studio is a free and open source cross-platform low-code visual tool that brings the functionality of legacy solutions for effective control of test and measurement devices. Modern user interface, modular design, debugger, drag&drop flowchart programming will enable easy collection of measurement data as well as automation of test procedures in different environments from classrooms, workshops, laboratories to production lines.

EEZ Studio also offers a development environment for efficient creation of GUIs for embedded systems that use touchscreens. Unlike similar solutions, EEZ Studio enables not only drag&drop programming, debugging and GUI simulator, but also the creation of complex business logic for interaction with the user and with underlying hardware functionality.

>> Read more about EEZ Studio

EventFahrplan — Conference schedule app with strong offline capabilities

EventFahrplan is a privacy-friendly app for attending conferences and events running on Android devices. The development of the project happens continuously by staying up-to-date with new technologies and Android versions, adding useful features and fixing bugs. Current challenges are the migration to Compose UI, architectural refactoring, Kotlin coroutines, accessibility improvements, translation management, behavior changes with Android 13, interface changes to address large devices - and many other topics. This project helps to sustain the development of the app and to work on a selection of these topics.

>> Read more about EventFahrplan

Federated software forges with Gitea — Add ActivityPub based federation to Gitea

Gitea is a self hosted software forge where developers can work together on software projects and users can report bugs or request features. It is very popular with over 100 millions pulls on the Docker Hub. As of Gitea version 1.17, when a project is hosted on a Gitea instance, every developer is expected to create an account on that instance in order to participate. Compared to email, it is as if it was necessary to create an account on gmail.com to send a message to someone with an @gmail.com email address and another on yahoo.fr to send a message to someone with an @yahoo.fr email address. But in 2022 there are two: the W3C ActivityPub protocol published in 2017 and forgefed, an emerging standard (since 2019) to describe activities happening on software forges. They can be used by Gitea instances to communicate with each other and create a federation of forges continuously communicating with one another instead of a constellation of isolated silos. A federated Gitea will enable software developers to work on the same project even when they use different Gitea instances. There will be bridges between isolated Gitea instances that software projects can use to synchronize in real time.

>> Read more about Federated software forges with Gitea

GNS Migration and Zone Management — Registrar tools for adoption of GNU Name System

The GNU Name System is in the final stages of standardization. Consequently, calls for migration and large-scale testing as well as interest in running GNS registrars are increasing. In order to address this development this project aims to facilitate the management of GNS zones by administrators and to provide users with means to resolve real-world names.

To ease adoption, a framework for GNS registrars will be developed for zone management. The registrar framework will allow GNS zone administrators to provide a web-interface for subdomain registration by other users.The services may also be provided for a fee similar to how DNS domain registrars operate to cover running costs. The framework is envisioned to support integration of privacy-friendly payments with GNU Taler (https://www.taler.net).

To demonstrate the capabilities of GNS with respect to DNS migration, we plan to run multiple GNS zones ourselves which contain the zone information from real-world DNS top-level domains.A selection of existing top-level domains for which open data exists will be hosted and served through GNS in order to facilitate the daily use of the name system. We are are planning to integrate at least three DNS zones and publish them (regularly) in GNS for users to resolve.

>> Read more about GNS Migration and Zone Management

Taler for local currencies. — Free software banking backend for local currencies

This project is about extending LibEuFin to make it suitable as a core banking system to implementing local or regional currencies in combination with the GNU Taler payment system. The innovation comes from employing FLOSS technology, and having a centrally managed and yet privacy-preserving payment system. Our focus will be on creating interfaces to allow regional currency administrators to control the platform, including account creation, controlling money supply, analyzing transactions, and setting of relevant policies. Additionally, we will support onboarding of customers, including offering them a way to trade fiat currency (e.g. EUR) for the local currency or vice versa (if permitted by the currency conversion policies of the platform). We will work with cities and regions that have deployed regional currencies (or are planning to do so) to better understand their needs and adapt our plans according to their use-cases.

>> Read more about Taler for local currencies.

VerilogAMS in Gnucap — Template-driven VerilogA-to-Spice model translation

Verilog-AMS is a standardised modelling language widely used in analog and mixed-signal design, but without an open reference implementation. The language supports high-level behavioural descriptions as well as structural descriptions of systems and components. This Project will make substantial progress towards a Gnucap based free/libre Verilog-AMS implementation. Gnucap is a modular mixed-signal circuit simulator, and has been released under a copyleft license with the intent to avoid patent issues. Gnucap provides partial support for structural Verilog and encompasses an analog modelling language that has influenced the Verilog standards. We will enhance data structures and algorithms in Gnucap, and improve Verilog support on the simulator level. We will implement a Verilog-AMS behavioural model generator targetting Gnucap with the intent to support simulators with similar architecture later on.

>> Read more about VerilogAMS in Gnucap

GoToSocial — Lightweight ActivityPub social network server

GoToSocial is an ActivityPub social network server, powered by Golang. It complements existing ActivityPub implementations by providing a lightweight, customizable entryway into decentralized social media hosting. GoToSocial places a high value on ease of deployment and maintenance; this means low system requirements, minimal external dependencies, and clear documentation. GoToSocial empowers self-hosting newcomers to deploy small, personalized instances, from which they connect to others across the Fediverse, using low-powered equipment lying around at home. With GoToSocial, you can follow people and have followers, you make posts which people can favourite and reply to and share, and you scroll through posts from people you follow using a timeline. You can write long posts or short posts, or just post images, it's up to you. You can also, of course, block people or otherwise limit interactions that you don't want by posting just to your friends.

>> Read more about GoToSocial

Haphaestus — Lightweight JavaScript-free browser engine written in Haskell

In the pursuit of turning a document publishing system into an application delivery platform modern web browsers have become incredibly complex. Thus frustrating efforts to adapt and modify browsers to people's individual needs, including privacy and accessibility needs. Haphaestus aims to illustrate the potential of a more private JavaScript-free web to provide an optimal experience for any conceivable device, by building upon the dev's previous auditory web browser to prototype one that can conveniently navigate most (but the most popular) sites using a TV remote.

Haphaestus will strive to deliver a working independent web browser requiring minimal TV remote button presses, as well as reusable software components for laying out, rendering, & paginating richtext documents written in a range of alphabets.

>> Read more about Haphaestus

IC workspace — Open Source IC Design Management Tool

IC workspace is a design management tool that address the complexity of working with scattered design domains that span analog, digital, EDA tools, flows and process development kits (PDKs). In the process of designing a chip, multiple people need an common organized structure to work on design capturing schematics, generator, custom layout, high level digital design combined with test benches in various domain specific formats. Each tool in the open source domain has it own file structure. IC workspace is an open source framework with tools that individual designers and teams use to organize design files in a local workspace. IC workspace integrates interface to source code version control systems, the various tools in the design flow and organizes the files in a workspace with an unified component structure with dependency attributes. IC workspace sets common language and methodologies for both analog and digital – frontend/backend designer to maximize productivity within the open source chip design ecosystem of tools, PDK’s and people.

>> Read more about IC workspace

Threat intelligence sharing — Privacy-Preserving Sharing of Threat Intelligence in Trusted Adversarial Environments

Iris P2P is a peer to peer system for sharing security detections and threat intelligence with trusted models resilient to manipulation attacks Most P2P systems are designed for file sharing, storage, chat, etc. but they are not prepared to share security detections, threat intelligence data and alerts. The security world needs better ways to automatically share intelligence data with trusted organizations and peers. This sharing is better decentralized so no single organization has control or can censor, sell or modify the data. Especially due to privacy concerns of what is done with your data. Iris is the first global P2P system that is designed to solve this problem. It implements: automatic sharing of threat intelligence data when you are attacked, controlling the spread in the P2P to spread slowly, alerting the network of a new attacker. Controlling the spread in the P2P to be fast, asking peers about the reputation of other peers, and defining ‘organizations’ in the P2P network using the DHT and private/public keys. Organizations can publish their keys in conventional communication systems to attest ownership (social media, etc.) All communication is encrypted with private/public keys. You can control the privacy of your data by defining to which organizations and peers you want to share your data. You can also control the transfer of data with epidemic algorithms. All data is evaluated according to the trust in the other peers. Defining trust of each peer in the network with a new protocol (Fides) which computes the trust in each peer by balancing the direct interactions with peers and reputation of peers according to the rest of the peers. Fides implements a mathematical model to guarantee that no adversarial peer can lie to manipulate the reputation and the trust.

>> Read more about Threat intelligence sharing

JShelter Manifest V3 — Make JShelter compatible with Manifest V3

JShelter is a freely licensed anti-malware Web browser extension that informs and protects people's freedom and privacy through people's regular use of the Web. These programs often go unnoticed, but run on a user's system -- whenever the Web server says to run them. They are typically served to the user as minified JavaScript, and few provide the corresponding human readable source code, or a free license allowing users to lawfully inspect and modify the program. By definition, these programs infringe user freedom. This Free Software Foundation project started in 2020 and is continuously developing. It is currently used by thousands of users around the world as the project gears up to continue protecting users from potential threats from JavaScript, such as fingerprinting and tracking and data collection while migrating to Google's Manifest V3. Manifest V3 will restrict the capabilities of Web extensions -- especially those that are designed to monitor, modify, and compute alongside the conversation your browser has with the Web sites you visit. Because of that, Manifest V3 is a detrimental step back for Internet privacy. With the help of NLNet, JShelter will work to upgrade its functionalities and continue to protect user privacy on the Web, which is even more important after this transition.

>> Read more about JShelter Manifest V3

KiKit — Tooling for automation of production of PCB designed in KiCAD

The EDA suite KiCAD is a widespread libre solution for designing electronics. KiKit is a Python library, KiCAD plugin, and a CLI tool to automate several tasks in a standard KiCAD workflow. The main goal of KiKit is to make the step from finishing a PCB design to having a physical PCB as easy as possible, as fast as possible, and as error-proof as possible. It achieves that via automation of manufacturing data preparation. The automated processes are reliable, repeatable, and require zero designer input. Thus, they are error-proof. KiKit allows you to perform sanity checks of the PCBs, build panels according to the description and generate manufacturing data (gerbers, assembly files, BOMs, stencils), PCB documentation, and more. All this can be fully automated and, e.g., integrated into continuous-integration pipelines. Not only KiKit provides ready-to-use pipelines for the most common scenarios, but it can also serve as a framework for building custom PCB post-processing setups.

>> Read more about KiKit

Lemmy — Add private communities to Lemmy federated link aggregator

Lemmy is an open-source, easily self-hostable link aggregator that you can use to share, discover and discuss interesting new ideas - and discuss them with the world. Lemmy is a good decentralized alternative to widely used proprietary services like Reddit. It is designed to work in the Fediverse by virtue of its implementation of the W3C ActivityPub standard, and communicate natively with other ActivityPub services such as Mastodon, Funkwhale and Peertube. User registered on one server from one of these services should be able to effortlessly subscribe to communities on any other server, where they can have discussions with users registered elsewhere.

In this project, the team will deliver many noteworthy upgrades ranging from a more stable API, to group federation, two-factor authentication and improved moderation. In addition the project will work on the new native client Jerboa (for the Android OS). Also for the nostalgically inclined, the project is working on a new frontend inspired by traditional web forums like phpBB.

>> Read more about Lemmy

Libre-SOC HPC — Work on High Performance Compute capabilities for Libre-SOC

LibreSOC has made significant progress in the development of Digitally-Sovereign VLSI designs. This project will continue to further that initial research to create High Performance Compute capabilities for ultimate use in end-user products such as smartphones, desktops, laptops and Industrial Embedded PCs is clearly important. We therefore aim to further the IEEE754 Pipelines, associated Formal Correctness Proofs, and continue implementing unit tests, Simulator, Processor Core implementing Power ISA and Draft SVP64, as well as documentation. In order to engage with developers and solicit feedback we wlll present the progress and outcomes at relevant technical conferences.

>> Read more about Libre-SOC HPC

Libre-SOC OpenPOWER ISA WG — Steward ISA extension proposals through OpenPOWER External RFC Process

The Libre-SOC project has developed Draft SVP64 (a Vector Extension for the Power ISA), containing around a hundred new Draft instructions that dramatically improves the Supercomputing-class Power ISA. It also produced a Simulator, thousands of unit tests and over 350 pages of documentation. What we could not do however was submit a Specification to the OpenPOWER ISA Working Group - because the ISA WG was still in the process of being ratified. That has now been done, and we need to begin the formal process of writing up "Requests For Change" and submitting them. The end result will be an extremely powerful Vector ISA suitable for use in Digitally-Sovereign end-user products.

>> Read more about Libre-SOC OpenPOWER ISA WG

IndieHosters — System for Cross-domain Identity Management (SCIM)

Most organizations have a digital work environment that is composed of many applications. With a Single Sign-on (SSO) system they get a unified login and logout experience, but there is a catch. Traditional SSO protocols like OpenID Connect do not support syncing user profiles across applications. For instance, users are deleted in the SSO, but not in the applications. Hence, SSO implementations are not GDPR compliant by default, and organizations have to develop custom process to circumvent violations. SCIM is a standard developed within the Internet Engineering Task Force designed to solve exactly that. The project is to develop a SCIM client for Keycloak and a SCIM service provider for Nextcloud, RocketChat, Matrix and Stackspin.

>> Read more about IndieHosters

MapComplete — Thematics OpenStreetMap-viewer and editor.

OpenStreetMap is a libre and free online database of geodata which can be edited by everyone and is used by millions of people. However, contributing can be challenging or intimidating to non-technical users. MapComplete is a webapp whose goal is to make it trivial to see and update information on OpenStreetMap. This is achieved by showing only features related to a single topic of interest on the map - from playgrounds, public toilets and bicycle rental places to charging stations and public tap water spots.

MapComplete contains many thematic maps, each built for a certain community of users and use cases. By focusing on a single topic, contributors are not distracted by objects not relevant to them. Furthermore, this allows to show (and ask for) attributes that are highly specialized (e.g. a widget that determines tree species based on pictures) but also to reuse common attributes and elements (such as showing and adding opening hours or pictures). Within this project, performance will be improved and a user interface to create a new topical map will be built, which will allow for more people to contribute on more topics.

>> Read more about MapComplete

Modos — Open-hardware high-refresh-rate electrophoretic display controller

Modos is building an libre, open source and open hardware ecosystem of low-cost, affordable electronic devices that use an E Ink display and are driven by the first open-hardware high-refresh-rate electrophoretic display controller of our own design. Having such a controller will enable the creation of new devices and applications designed around the advantages of this dynamic medium: easier on the eyes, less power consumption, readable in direct sunlight, and persistence.

In this project, the team will incrementally improve upon the existing (working) prototypes and establish a Pilot Program . The team provides community support, and makes sure you contribute to the development of the open hardware ecosystem.

>> Read more about Modos

Naja — EDA tool focused on post logic synthesis

Naja is an EDA (Electronic Design Automation) project aiming at offering open source data structures and APIs for the development of post logic synthesis EDA algorithms such as: netlist simplification (constant and dead logic propagation), logic replication, netlist partitioning, ASIC and FPGA place and route, …

In most EDA flows, data exchange is done by using standard netlist formats (Verilog, LEF/DEF, EDIF, …) which were not designed to represent data structures content with high fidelity. To address this problem, Naja relies on Cap'n Proto open source interchange format.

Naja also emphasizes EDA applications parallelization (targeting in particular cloud computing) by providing a robust object identification mechanism allowing to partition and merge data across the network.

>> Read more about Naja

NaxRiscv core improvements — Open hardware out-order Risc-V CPU

This project aim at extending the scope of the NaxRiscv project (a free and open-source out-of-order multi-issue RISC-V CPU, using innovative hardware description technics and optimized for FPGA deployment) by getting the CPU to run Debian in a stable manner and documenting the whole process used to build the required binaries/rootfs, implementing memory coherency, multicore support and a L2 cache to enhance the performances, and finally, optimizing and synthesizing the CPU for ASIC using the free and open-source tooling to pave the way for some future NaxRiscv based silicon chips.

>> Read more about NaxRiscv core improvements

Nominatim as a library — Self-hostable address/location retrieval for OpenStreetMap

Nominatim is an open-source geographic search engine (geocoder). It makes use of the data from OpenStreetMap to built up a database and API that allows to search for any place on earth and lookup addresses for any given geographic location. The conventional wisdom is that geocoding is such a computationally heavy task that it can only be done through a webservice. So far, Nominatim has been following this convention. While it is easy to install your own instance, it is still expected to be run as a service. However, if you care about privacy, then location data is not something you would want to regularly send to an external geocoding provider because it allows to create detailed movement profiles. We need the possibility to do geocoding directly on the device. The goal of this project is to transform Nominatim's code base so that it cannot be only be used as a web service but also as a local application or as a library inside another application. In the first phase, the PHP code of the search frontend will be ported to Python, which is much better suited for such a multi-use task. In the second phase, we explore if the rather heavy-weight PostgreSQL database can be transformed into an SQLite database to even further simplify using Nominatim as a library.

>> Read more about Nominatim as a library

Nyxt Webextensions — Independent implementation of WebExtensions

Nyxt is a web browser that seeks to empower knowledge workers with access to better browsing tools. The Internet is the single largest corpus of human knowledge available. Effective tools to navigate, browse, and index it are important for research/work/empowerment. Nyxt provides these tools. A different take on the "browser", Nyxt is a power-browser, designed from the ground-up for work.

What was until now missing from Nyxt, and from other third party browsers, is support for common WebExtensions (such as NoScript, ad blockers, etc). In this project we'll extend Nyxt's capabilities to support WebExtensions which will allow users to customise their browsing experience and better protect themselves from abuse. Additionally, our work will pave the way for other libre WebKitGTK+ to support WebExtensions, and thus, increase adoption.

>> Read more about Nyxt Webextensions

Ordie — Designing a SoC for Betrusted

The field of open silicon is still in its infancy, and while the story on digital logic generation is good, analogue is still a work in progress, and full system integration is only just beginning. The Ordie project will characterize available analogue and digital blocks, integrate them, and create simulation and test software to validate them both pre- and post-production. In this way, the Ordie project will create open, fully-verified silicon chips where every aspect of the part is inspectable down to the raw GDS files. These parts will be usable in some aspects of projects such as Betrusted, where they may be used to replace some of the proprietary silicon with open variants. Along the way it will develop a circuit that enumerates over USB, be able to address various debug structures using existing Wishbone USB and Spibone debugging, and develop a buck regulator, useful for powering on-die structures.The on-chip blocks will be documented using reference systems such as lxsocdoc.

>> Read more about Ordie

Peertube plugin livechat — Integrated chat for Peertube live streams

The Peertube project aims to offer a free, decentralized, and sovereign alternative to video-on-demand platforms. Since its 3.0.0 version it is possible to live stream. However, the Peertube team has chosen not to integrate a chat system, but rather to offer the necessary tools so that it is possible to integrate this functionality via plugins. It is in this context that the "Peertube Livechat" plugin was launched in 2021. This project - already installed on nearly 250 Peertube instances - has grown with time, and already provides a serious alternative to existing proprietary systems. However, there are still some steps to be done to offer the same level of service as these commercial platforms: manage the decentralization allowed by Peertube at the chat level, possibility of automatic moderation, streamer/viewer interaction tools, improve and complete the translations of the software, improve its documentation, think about the numerous requests of the community, and so on.

>> Read more about Peertube plugin livechat

PeerTube - Remote Transcoding — Remote Transcoding for distributed video sharing network

PeerTube is a free-libre and federated alternative to centralized video platforms such as YouTube, Twitch or Vimeo. It empowers content creators (institutions, video-makers and live streamers, communities, etc.) to self host their own collective video-platform without being isolated in the wide web. The technical choices behind PeerTube (ActivityPub Federation, peer-to-peer broadcasting) keep the source of this sugestion (the technical and financial bar to self & collective hosting: you no longer need Google's server farm and Amazon's money to host your own PeerTube servers (an instance) and synchronize it with other servers to share video catalogs!

There is still one technical bottleneck: video transcoding. This step is essential for a smooth video broadcasting experience. Transcoding happens at every video upload or during live-streams, and consumes a lot of CPU power. Instances hosting lots of content creators or live streamers tend to rapidly need to upgrade the CPU power of their server, to avoid a bottleneck that only happens episodically. Allowing transcoding work to happen remotely could solve a number of important logistical problems in a more efficient, resilient, affordable and eco-friendly manner.

>> Read more about PeerTube - Remote Transcoding

Radio-Meshnet — Self-sustained Community and Emergency Radio Networking

The project summary for this project is not yet available. Please come back soon!

>> Read more about Radio-Meshnet

SDCC — Small Device C Compiler compiler for 8-bit microcontrollers

The Small Device C Compiler (SDCC) is free and open source software for 8-bit microcontrollers. While such 8-bit microcontrollers might seem like outdated technology (most of the popular chips sold today use 32 bit or 64 bit solutions), the fact that there are less transistors to fire up with every cycle means there are quite a few basic use cases where 8-bit systems might very well remain the most energy-efficient option despite . SDCC is competing head to head with various proprietary compilers - such as Keil, IAR, Comsic, Raisonance. The tasks in this project will significantly boosts the capabilities of SDCC and allow developers a more mature tool to design for e.g. eco-friendliness. The project will deliver various improvements in SDCC, in order to make it more complete and competitive in terms of features and workflow.

>> Read more about SDCC

#Seppo! — Portable ActivityPub implementation

Posting and liking self reliantly and still have a life. #Seppo! empowers you to publish short texts and images to the internet as easily as using an online service but retain full agency and responsibility. What you publish is solely subject to public law. No 3rd parties hold a stake, nobody else imposes any rules on you. This is because you publish on your own property. Which is possible because housekeeping is no more than the known follow/unfollow/block/unblock content moderation of your own single account. You do that by yourself. There are no scripting engines or databases, no technical updates required. You can focus solely on the message to deliver. You build an online presence on your own digital property, robust for decades if you decide so. #Seppo! is built on mature web standards (e.g. ActivityPub), a european technology stack, inspectable plain-text storage, is security aware and decentralised. It is made for but not limited to off-the-shelf static webspace as offered by numerous vendors all over the EU. #Seppo! targets individuals and small organisations joining the #Fediverse with max. 10k followers, optionally cross-posting to the closed platforms.

>> Read more about #Seppo!

Silicon verification — Non-destructive, in-situ inspection of physical chips

The global nature of supply chains presents an existential question for the trustworthiness of hardware: how do I know the chips in my device are genuine and pristine? Trusted domestic fabs only solve a facet of the problem: after a silicon wafer leaves the fab, it criss-crosses the globe multiple times as it is packaged, tested, and assembled into an end user product, presenting a huge attack surface for post-fab substitutions and alterations. The "Silicon Verification" project lays foundations for high resolution end-user, direct, and non-destructive optical inspection of chips. Our research aims to create a set of techniques for hardware packages that fill the analogous role of "digital signature verification" for software packages: a ubiquitous method to establish trust in a package, after it has been delivered to the user.

>> Read more about Silicon verification

Solid Usable App Tools Project — Improve developer experience for W3C Solid

The Solid project is one of the best known efforts promising to bring individual data ownership to the people of Europe and the world. While Solid has many use cases, a common example is an alternative to Facebook, Instagram, and Twitter where a user can own their own social media data. But, Solid's current specification, implementations, and developer tools are not yet able to support a full-fledged social media alternative. This project will aide the ongoing specification and developer tool development for Solid by filling in the gaps that are currently preventing a "home-run" app from being created on Solid.

Particular areas of concern for this project are: Authentication for Mobile Apps and Bots, Real-Time Notifications, and Easier Devtools (which caters also for developer that lack much prior knowledge of linked data). In addition, the project will produce a tutorial series to make developing apps on Solid as easy as learning how to use more mainstream technologies like React.

>> Read more about Solid Usable App Tools Project

TOS;DR OTA backend — Integrate Terms of Service;Didn't Read with Open Terms Archive

Open Terms Archive is a digital common that produces (since 2020) datasets of the evolution of contractual documents (Terms of Service, Privacy Policy…) over time, enabling analysis and comparison. It aims at shifting the power balance from big tech actors towards researchers, end users and regulators. The “Terms of Service; Didn't Read” (ToS;DR) project enables (since 2011) crowd-reading and rating of these same contractual documents. These documents are obtained from the web with a dedicated engine that stores them in a private database and suffers from lack of maintenance.

The goal of the effort is to replace the historical ToS;DR crawler with the public Open Terms Archive datasets, thus increasing the reliability and auditability of the source data, since the annotations will be based on public datasets produced by replicable instances instead of being based on a one-off database used only by ToS;DR itself. This will also enable establishing a common data format for annotating documents.

>> Read more about TOS;DR OTA backend

Tracking weasel — Detect privacy violations in mobile apps

Privacy and data protection are fundamental rights and already well protected by legal frameworks in the EU. Yet, tracking—often without consent—is ubiquitous and often unavoidable. While tech-savvy users can defend themselves against that to a certain degree with tools like tracking blockers, we want to attack the problem at its root to make the web safe for everyone, regardless of expertise. With this project, we want to build infrastructure to detect privacy violations in apps on Android and iOS and crowdsource complaints against this behaviour with the data protection authorities. The result will be a web app where users can select an app from the app stores, which we will then download and run in an emulator or on an actual device. We will analyse the apps’ network traffic and detect privacy violations not just based on server connections but the actual data being transmitted. We will also check any consent dialogs. The website will then show a report to the user and, depending on the results, give them the option to generate a complaint under the GDPR and ePrivacy Directive, complete with the collected evidence from the analysis in the form of screenshots and traffic dumps.

>> Read more about Tracking weasel

mCaptcha — Privacy-friendly Proof of Work (PoW) based CAPTCHA system

Existing CAPTCHA systems expect visitors to identify objects to prevent spam, which makes the web inaccessible to persons with cognitive, auditory, and visual special needs. They log Internet Protocol (IP) addresses and use tracking technologies, like cookies, to track and profile their users across the internet. IP logging and cookie-based tracking are privacy-invasive, inaccurate, and impossible to use with anonymizing technologies like Tor and VPNs. Censors can abuse the opaque nature of these systems to prevent certain groups from accessing certain types of information. Independent testing for bias is not possible since the documentation doesn't exist for their methods and algorithms.

mCaptcha is an attempt at creating a self-hosted alternative to reCAPTCHA and hCaptcha with a focus on privacy, transparency, user experience, and accessibility. mCaptcha’s Proof of Work (PoW) mechanism uses strong cryptographic principles that guarantee idempotency and transparency. mCaptcha doesn’t log IP addresses and doesn’t require tracking user activity across the internet. Censors can’t use mCaptcha to deny access to information without detection. Also, the PoW mechanism requires minimal user interaction to solve the CAPTCHA, which will significantly improve the accessibility of the web.

>> Read more about mCaptcha