Calls: Send in your ideas. Deadline April 1st, 2023.

NGI0 Entrust

Trustworthiness and data sovereignty

This page contains a concise overview of projects funded by NLnet foundation that belong to NGI0 Entrust (see the thematic index). There is more information available on each of the projects listed on this page - all you need to do is click on the title or the link at the bottom of the section on each project to read more. If a description on this page is a bit technical and terse, don't despair — the dedicated page will have a more user-friendly description that should be intelligible for 'normal' people as well. If you cannot find a specific project you are looking for, please check the alphabetic index or just search for it (or search for a specific keyword).

Apicula — Open source tools for working with Gowin FPGAs

Only a few years ago, you could only program FPGAs with the proprietary tools provided by the vendors, locking you into that ecosystem and its features and bugs. But open source FPGA tools have been making great strides, and there are now mature open source synthesis and PnR tools, namely Yosys and Nextpnr. However, only Lattice FPGAs are currently well supported, still de facto locking you into a single vendor. There are a few other projects, such as Apicula, that target other FPGAs, but none of them are feature complete and of production quality. The goal here is to take Apicula to the next level, where it goes from an experimental flow for FOSS enthusiasts to a production ready tool, finally and truly breaking FPGA vendor lock-in.

>> Read more about Apicula

Automating mobile app interception with Frida — Mobile app network introspection for security research

Inspecting mobile app network traffic is a key part of security & privacy research, which helps protect everybody who uses modern mobile devices. It's also an indispensable debugging tool for app developers & QA teams. However, this technique has faced growing challenges from increasing OS restrictions and individual app countermeasures like certificate pinning, such that inspection now often requires advanced reverse-engineering knowledge and significant time-consuming manual setup. In this project, new tools will be built using Frida (a dynamic instrumentation framework) and integrated with HTTP Toolkit (a network debugging tool) to enable one-click targeted interception, making inspecting traffic from mobile apps on a user's own iOS & Android devices accessible to technical users without specialist expertise.

>> Read more about Automating mobile app interception with Frida

Perspectives: Making Models — Generate software from open models for human interaction patterns

The Perspectives project provides a distributed runtime that allows people to collaboratively run a model that supports them in some form of co-operation. This can be as simple as playing a game of chess or as extensive as coordinating parent's cars to transport a junior sports team to away matches. To completely model the latter is the main thrust of this work, as supported by NLnet and NGI Zero Entrust. The automatic screens generated by the runtime, based on the model, will be customised to provide a pleasant user experience. On the one hand the end result will be a usable little app, run within the InPlace end user program (that itself runs in the browser as a WebApp). On the other hand, it will provide a reasonably extensive model that showcases a realistic application of the Perspectives Modelling language. This development will also be a driving force that will make the distributed runtime better and the modelling language stronger.

Perspectives is built on a figure-ground reversal of the structure underlying much of today's internet. Data is not concentrated in a few heaps of similar-looking cases (commonly called databases) but instead on the devices of the people that are its source, subject and users. It is conceived of such that functionality builds upon other functionality, creating a network effect not in terms of numbers of users but in terms of functionality. The more of that, the better, stronger and more useful it becomes. The current project will deliver the first end user functionality that goes beyond maintaining the system environment itself (such as developing models, hooking up to communication services, etc).

>> Read more about Perspectives: Making Models

Arcan-A12 — Explorative p2p protocol for fast and secure remote desktops

Protocols such as VNC, X11 and SSH have long been fundamental components for accessing user facing software or desktop computing as a whole over a network connection, with millions of daily users ranging from simple households to businesses and critical infrastructure. The development of these protocols and their respective tools has unfortunately stagnated, drifting towards proprietary extensions and otherwise dragging behind developments in compression technology, while leaving qualities such as accessibility and usability in a rough state. A12 is a project within the Arcan umbrella (models for future desktop computing) that aims to change this, leaning on decades of experience in system graphics. A12 consolidates the use cases of these - and related - protocols, adding stronger privacy protections against side channel analysis, use of modern compression techniques, providing higher visual quality and lower latency with simplified key management and service discovery.

>> Read more about Arcan-A12

Atomic Tables — Self-hostable tabular structured data solution

Atomic Tables is a new extension to the open source Atomic Data ecosystem, which aims to make the web more interoperable. In Atomic Tables, users can easily create their own data models using a tables interface, which people know and love from tools like Excel, Notion and Airtable. Having a self-hostable alternative to the existing SAAS offerings helps users retain control over their own data. What makes this project unique, is that the data models created in Atomic Tables are retrievable by a URL and can easily be re-used on other machines. This keeps costs of transforming or mapping data at an absolute minimum. Maintaining a standardized data model suddenly becomes trivial, instead of costing countless of man hours. Additionally, the software is not just designed to be a clean, intuitive end-user facing application, but also a powerful developer API that brings incredible performance and flexibility, making it highly usable as a database in other applications.

>> Read more about Atomic Tables

BB3-CM4 — CM4 compatible MCU board

Chip shortages are causing production problems throughout the industry. A way of getting out of the production trap is to get project boards more modular. Popular open hardware projects like the EEZ BB3 T&M (Test & Measurement) device currently depend on specific scarce microcontroller boards, and prospective users face impossible delays and constantly rising prices. This project will relieve some of the tension by delivering special "MCU" boards that are compatible in form factor to widely used MCUs. That way projects gain much more room for fulfilling production needs - allowing them to use alternative pin compatible main modules (like the ULX4M FPGA) without redesign, delivering more flexibility. One additional advantage of this approach is that production of module and base board does not need to be at the same time or by the same company. Hardware upgrades and the right to repair become possible and just involve changing a module, without having to throw out the complete system. Along with the "MCU" module the project delivers a new back plane board for the BB3 T&M device - fully compatible with current design, so existing users can upgrade or replace parts.

>> Read more about BB3-CM4

Balthazar Casing — Open hardware laptop

Balthazar is a project that aims to create an advanced, open-hardware laptop that is affordable and accessible to everyone, while also being well-designed and ergonomic. The laptop will feature a range of hardware and software features designed to protect users' data and prevent third-party intrusion. It will also include physical safety features such as a hot-swappable CPU and hard-wired switches, as well as the ability for users to add external modules based on various instruction sets and systems on the module, as well as spare keyboards. The project's goals include empowering users to take control of their own data, making computing more sustainable through the use of modular components, and creating an educational platform and advanced computing device that is accessible to users of all income levels.

>> Read more about Balthazar Casing

Bonfire federated groups — Create, join and manage federated groups across instances

Bonfire is an extensible open source federated community platform, that empowers groups to easily configure their spaces from the ground up, according to a variety of needs and visions.

Bonfire envisions a web of independent but interconnected social networks (using a wide definition, since we consider the social components of activities in the economic, educational, and political spheres as well) - able to speak and transfer information among each other, according to their own boundaries and preferences.

The scope of this project is to give users the tools to create, join and manage federated groups across instances, with their own set of rules and customisable governance. Federated groups on Bonfire will lever the flexible foundation we've recently released: circles and boundaries. Using those building blocks we will ensure that groups have the possibility to define a fine grained set of roles and permissions, with the possibility for each group to define a multitude of roles that fit with how they want to manage membership and participation, and distribute power and responsibility.

>> Read more about Bonfire federated groups

Canaille — Zero-knowledge opinionated OpenID Connect (OIDC) server.

Canaille is a zero-knowledge opinionated identity server. Canaille aims to lower the barrier to entry for identity management, by providing a simple lightweight interoperable software focused on accessibility for end-users, administrators and contributors. It provides user and group management for small and medium sized organizations. It has authorization management and Single Sign-On features based on the OpenID Connect standard.

>> Read more about Canaille

Charon — Privacy-enabling account management and SSO solution

The overall goal of the Charon project is to build a privacy-enabling account management and SSO solution. For end-users, Charon will allow aggregating multiple existing authenticators (Facebook, Google, etc.) in one place and managing different (and potentially multiple) identities exposed to apps. Apps will not have to worry about user management. And admins of communities using those apps will be able to manage all users in one place, with tools to address abuse.

>> Read more about Charon

Coloquinte — High performance placement of cells inside digital electronic circuitry

A core component of the ASIC design toolchain is the placement tool, which must decide where to place the components of the chip so that it can be manufactured and meet the performance target. To build chips reliably, improve performance and improve power consumption, the placement tool must interact with other complex tools (routing, timing, gate sizing, ...). This requires a complex integration, and even necessary to target newer technology nodes. Our goal is to provide high-quality placement algorithms with an easy-to-use interface, so it is easy to use in multiple situations and toolchains.

Coloquinte started as a component of the Coriolis toolchain. Since then, it has been made into a library for inclusion in other tools and multiple languages. Current developments target the integration with timing tools (for better chip performance) and routing tools (for power consumption, performance and compilation stability).

>> Read more about Coloquinte

CryptPad Blueprints — Server-side encrypted collaborative editor

CryptPad is an end-to-end encrypted collaboration suite that has been under active development for 8 years, and is currently used by hundreds of thousands of people. Its feature set has grown from a simple editor to a full-blown suite with multiple apps, drive, teams, etc. The next generation of CryptPad should be even better - with stronger security guarantees ("perfect forward secrecy", post-quantum crypto), offline-first collaborative editing, and user-driven workflows like password resets. This project will take the first steps in this direction. We document the ways in which cryptography is used on the platform, review the state of the art in applied cryptography and then evaluate the right match with available technologies. Finally we will use these foundations to move forward to a new architecture for CryptPad that will allow for future developments, improved usability, and tighter security.

>> Read more about CryptPad Blueprints

DAVx⁵ — Share Contacts, Calendars, Tasks, Notes & Journals

DAVx⁵ is a two-way sync tool for Android that gives people the power of choice where to store their data, instead of being locked-in to big tech. It uses the open protocols CalDAV, CardDAV and WebDAV to sync your Contacts, Calendars, Tasks, Notes and Journals across all your devices. It also offers access to your online files and is seamlessly integrated into the Android mobile operating system.

To get a step forward in technology we want to introduce Push functionality, so that the app does no longer have to poll the server for changes at given intervals. Instead the server should directly inform the client whenever there are changes in a users resource. People would then receive these changes in almost real-time on all their mobile devices instead of having to wait for the next sync schedule. This project is about making a new standard for WebDAV Push, implementing it on a common server as a sample and as well on the client side (DAVx⁵). Besides Google FCM we also want to use UnifiedPush as Push backend, so that this can be used even on devices that do not use any Google services. Bringing this standard to life will greatly empower the already widely available WebDAV/CalDAV/CardDAV ecosystem in general.

>> Read more about DAVx⁵

EDeA — Repeatable, automated measurement data capture

EDeA is a set of tools and a web portal which makes it easier for people to share and collaborate on Open Hardware sub-circuits. The scope of this project is to further improve on the collaboration aspect of the portal and to build the EDeA Measurement Server. The EDeA Measurement Server is a tool for automated scientific data capture (not only) for sub-circuits and a library which enables test & measurement as code. This makes it possible to analyze, reason about and share open hardware in a repeatable and consistent manner.

>> Read more about EDeA

EEZ Studio — Open source tooling for measurement and test equipment

EEZ Studio is a free and open source cross-platform low-code visual tool that brings the functionality of legacy solutions for effective control of test and measurement devices. Modern user interface, modular design, debugger, drag&drop flowchart programming will enable easy collection of measurement data as well as automation of test procedures in different environments from classrooms, workshops, laboratories to production lines.

EEZ Studio also offers a development environment for efficient creation of GUIs for embedded systems that use touchscreens. Unlike similar solutions, EEZ Studio enables not only drag&drop programming, debugging and GUI simulator, but also the creation of complex business logic for interaction with the user and with underlying hardware functionality.

>> Read more about EEZ Studio

EventFahrplan — Conference schedule app with strong offline capabilities

EventFahrplan is a privacy-friendly app for attending conferences and events running on Android devices. The development of the project happens continuously by staying up-to-date with new technologies and Android versions, adding useful features and fixing bugs. Current challenges are the migration to Compose UI, architectural refactoring, Kotlin coroutines, accessibility improvements, translation management, behavior changes with Android 13, interface changes to address large devices - and many other topics. This project helps to sustain the development of the app and to work on a selection of these topics.

>> Read more about EventFahrplan

FABulous Demo SoC — SoC with open source FPGA based on FABulous

Until recently, integrated circuits have largely been treated as blackboxes in the realm of trustworthy hardware. FPGAs, devices that can be programmed by the user to implement arbitrary logic functionality, help to open up this realm. But even with open source software stacks such as Yosys and nextpnr compiling for them, FPGAs themselves are still proprietary silicon. Using the FABulous framework and a wide range of other open IP, we are building a FPGA SoC (combination of a FPGA programmable logic fabric and a Linux-capable RISC-V CPU) that is both itself open source and built with open tools, and also supports the open FPGA toolchain. to develop it. Simplicity is a key design decision throughout, so we can use our work to explain how modern computing systems work without the complexity of commercial platforms.

>> Read more about FABulous Demo SoC

Federated software forges with Gitea — Add ActivityPub based federation to Gitea

Gitea is a self hosted software forge where developers can work together on software projects and users can report bugs or request features. It is very popular with over 100 millions pulls on the Docker Hub. As of Gitea version 1.17, when a project is hosted on a Gitea instance, every developer is expected to create an account on that instance in order to participate. Compared to email, it is as if it was necessary to create an account on to send a message to someone with an email address and another on to send a message to someone with an email address. But in 2022 there are two: the W3C ActivityPub protocol published in 2017 and forgefed, an emerging standard (since 2019) to describe activities happening on software forges. They can be used by Gitea instances to communicate with each other and create a federation of forges continuously communicating with one another instead of a constellation of isolated silos. A federated Gitea will enable software developers to work on the same project even when they use different Gitea instances. There will be bridges between isolated Gitea instances that software projects can use to synchronize in real time.

>> Read more about Federated software forges with Gitea

ForgeFed — Federating software forges with ActivityPub

The platforms that software developers use for hosting and collaborating on their projects, known as software forges, are centralized systems. And some of the most popular forge websites run proprietary software and controlled by a single company. The values, methods, policies and interfaces of the tools we use with our software projects often don't align with our values and needs, but despite having coding skills, we're powerless to change the situation. ForgeFed aims to put the power back into the hands of the Free Software community, and to allow for systems that are truly trustworthy and support inclusion, freedom, participation, censorship resistance and alignment with needs, by turning software forges into a decentralized network. ForgeFed is a protocol and vocabulary for federation of servers and services related to the Software Development Lifecycle, and an attempt to implement federation into existing free-software forges. ForgeFed has been based on the ActivityPub protocol, which is widely adopted on the Fediverse, and is augmenting it with Object Capabilities, an essential component for distributed secure flexible authorization of collaborative resource access.

>> Read more about ForgeFed

Funkwhale — ActivityPub-driven audio streaming and sharing

Funkwhale is a federated platform that provides tools for managing, publishing, and sharing audio content using the ActivityPub protocol. In this project, we aim to expand our use of ActivityPub and extend our integration with other ActivityPub-powered platforms. We also plan to improve our product offerings by redesigning our flagship web app, adding support for more content types in our API, creating new features that integrate with MusicBrainz, and making our Android offering feature-complete.

>> Read more about Funkwhale

GNS Migration and Zone Management — Registrar tools for adoption of GNU Name System

The GNU Name System is in the final stages of standardization. Consequently, calls for migration and large-scale testing as well as interest in running GNS registrars are increasing. In order to address this development this project aims to facilitate the management of GNS zones by administrators and to provide users with means to resolve real-world names.

To ease adoption, a framework for GNS registrars will be developed for zone management. The registrar framework will allow GNS zone administrators to provide a web-interface for subdomain registration by other users.The services may also be provided for a fee similar to how DNS domain registrars operate to cover running costs. The framework is envisioned to support integration of privacy-friendly payments with GNU Taler (

To demonstrate the capabilities of GNS with respect to DNS migration, we plan to run multiple GNS zones ourselves which contain the zone information from real-world DNS top-level domains.A selection of existing top-level domains for which open data exists will be hosted and served through GNS in order to facilitate the daily use of the name system. We are are planning to integrate at least three DNS zones and publish them (regularly) in GNS for users to resolve.

>> Read more about GNS Migration and Zone Management

Taler for local currencies. — Free software banking backend for local currencies

This project is about extending LibEuFin to make it suitable as a core banking system to implementing local or regional currencies in combination with the GNU Taler payment system. The innovation comes from employing FLOSS technology, and having a centrally managed and yet privacy-preserving payment system. Our focus will be on creating interfaces to allow regional currency administrators to control the platform, including account creation, controlling money supply, analyzing transactions, and setting of relevant policies. Additionally, we will support onboarding of customers, including offering them a way to trade fiat currency (e.g. EUR) for the local currency or vice versa (if permitted by the currency conversion policies of the platform). We will work with cities and regions that have deployed regional currencies (or are planning to do so) to better understand their needs and adapt our plans according to their use-cases.

>> Read more about Taler for local currencies.

Verilog-AMS in Gnucap — Mixed-signal modelling and simulation with Verilog-AMS

Verilog-AMS is a standardised modelling language widely used in analog and mixed-signal design, but without an open reference implementation. The language supports high-level behavioural descriptions as well as structural descriptions of systems and components. This Project will make substantial progress towards a Gnucap based free/libre Verilog-AMS implementation. Gnucap is a modular mixed-signal circuit simulator, and has been released under a copyleft license with the intent to avoid patent issues. Gnucap provides partial support for structural Verilog and encompasses an analog modelling language that has influenced the Verilog standards. We will enhance data structures and algorithms in Gnucap, and improve Verilog support on the simulator level. We will implement a Verilog-AMS behavioural model generator targetting Gnucap with the intent to support simulators with similar architecture later on.

>> Read more about Verilog-AMS in Gnucap

GoToSocial — Lightweight ActivityPub social network server

GoToSocial is an ActivityPub social network server, powered by Golang. It complements existing ActivityPub implementations by providing a lightweight, customizable entryway into decentralized social media hosting. GoToSocial places a high value on ease of deployment and maintenance; this means low system requirements, minimal external dependencies, and clear documentation. GoToSocial empowers self-hosting newcomers to deploy small, personalized instances, from which they connect to others across the Fediverse, using low-powered equipment lying around at home. With GoToSocial, you can follow people and have followers, you make posts which people can favourite and reply to and share, and you scroll through posts from people you follow using a timeline. You can write long posts or short posts, or just post images, it's up to you. You can also, of course, block people or otherwise limit interactions that you don't want by posting just to your friends.

>> Read more about GoToSocial

Haphaestus — Lightweight JavaScript-free browser engine written in Haskell

In the pursuit of turning a document publishing system into an application delivery platform modern web browsers have become incredibly complex. Thus frustrating efforts to adapt and modify browsers to people's individual needs, including privacy and accessibility needs. Haphaestus aims to illustrate the potential of a more private JavaScript-free web to provide an optimal experience for any conceivable device, by building upon the dev's previous auditory web browser to prototype one that can conveniently navigate most (but the most popular) sites using a TV remote.

Haphaestus will strive to deliver a working independent web browser requiring minimal TV remote button presses, as well as reusable software components for laying out, rendering, & paginating richtext documents written in a range of alphabets.

>> Read more about Haphaestus

IC workspace — Open Source IC Design Management Tool

IC workspace is a design management tool that address the complexity of working with scattered design domains that span analog, digital, EDA tools, flows and process development kits (PDKs). In the process of designing a chip, multiple people need an common organized structure to work on design capturing schematics, generator, custom layout, high level digital design combined with test benches in various domain specific formats. Each tool in the open source domain has it own file structure. IC workspace is an open source framework with tools that individual designers and teams use to organize design files in a local workspace. IC workspace integrates interface to source code version control systems, the various tools in the design flow and organizes the files in a workspace with an unified component structure with dependency attributes. IC workspace sets common language and methodologies for both analog and digital – frontend/backend designer to maximize productivity within the open source chip design ecosystem of tools, PDK’s and people.

>> Read more about IC workspace

Threat intelligence sharing — Privacy-Preserving Sharing of Threat Intelligence in Trusted Adversarial Environments

Iris P2P is a peer to peer system for sharing security detections and threat intelligence with trusted models resilient to manipulation attacks Most P2P systems are designed for file sharing, storage, chat, etc. but they are not prepared to share security detections, threat intelligence data and alerts. The security world needs better ways to automatically share intelligence data with trusted organizations and peers. This sharing is better decentralized so no single organization has control or can censor, sell or modify the data. Especially due to privacy concerns of what is done with your data. Iris is the first global P2P system that is designed to solve this problem. It implements: automatic sharing of threat intelligence data when you are attacked, controlling the spread in the P2P to spread slowly, alerting the network of a new attacker. Controlling the spread in the P2P to be fast, asking peers about the reputation of other peers, and defining ‘organizations’ in the P2P network using the DHT and private/public keys. Organizations can publish their keys in conventional communication systems to attest ownership (social media, etc.) All communication is encrypted with private/public keys. You can control the privacy of your data by defining to which organizations and peers you want to share your data. You can also control the transfer of data with epidemic algorithms. All data is evaluated according to the trust in the other peers. Defining trust of each peer in the network with a new protocol (Fides) which computes the trust in each peer by balancing the direct interactions with peers and reputation of peers according to the rest of the peers. Fides implements a mathematical model to guarantee that no adversarial peer can lie to manipulate the reputation and the trust.

>> Read more about Threat intelligence sharing

JShelter Manifest V3 — Make JShelter compatible with Manifest V3

JShelter is a freely licensed anti-malware Web browser extension that informs and protects people's freedom and privacy through people's regular use of the Web. These programs often go unnoticed, but run on a user's system -- whenever the Web server says to run them. They are typically served to the user as minified JavaScript, and few provide the corresponding human readable source code, or a free license allowing users to lawfully inspect and modify the program. By definition, these programs infringe user freedom. This Free Software Foundation project started in 2020 and is continuously developing. It is currently used by thousands of users around the world as the project gears up to continue protecting users from potential threats from JavaScript, such as fingerprinting and tracking and data collection while migrating to Google's Manifest V3. Manifest V3 will restrict the capabilities of Web extensions -- especially those that are designed to monitor, modify, and compute alongside the conversation your browser has with the Web sites you visit. Because of that, Manifest V3 is a detrimental step back for Internet privacy. With the help of NLNet, JShelter will work to upgrade its functionalities and continue to protect user privacy on the Web, which is even more important after this transition.

>> Read more about JShelter Manifest V3

Kbin — ActivityPub based link sharing and microblogging

Kbin is a decentralized content aggregator and microblogging platform running on the Fediverse network. It can communicate with many other ActivityPub services, including Mastodon, Lemmy, Pleroma, Peertube. The initiative aims to promote a free and open internet. The platform is divided into thematic categories called magazines. By default, any user can create their own magazine and automatically become its owner. Then they receive a number of administrative tools that will help them personalize and moderate the magazine, including appointing moderators from among other users. Content from the Fediverse is also cataloged based on groups or tags. A registered user can follow magazines, other users or domains and create his own personalized homepage. There is also the option to block unwanted topics.

Content can be posted on the main page - external links and more relevant articles or on microblog section - aggregating short posts. All content can be additionally categorized and labeled. Great possibilities to search for interesting topics and people easily is something that distinguishes Kbin. Platform is equally suitable for a small personal instance for friends and family, a school or university community, company platform or a general instance with thousands of active users.

>> Read more about Kbin

KiKit — Tooling for automation of production of PCB designed in KiCAD

The EDA suite KiCAD is a widespread libre solution for designing electronics. KiKit is a Python library, KiCAD plugin, and a CLI tool to automate several tasks in a standard KiCAD workflow. The main goal of KiKit is to make the step from finishing a PCB design to having a physical PCB as easy as possible, as fast as possible, and as error-proof as possible. It achieves that via automation of manufacturing data preparation. The automated processes are reliable, repeatable, and require zero designer input. Thus, they are error-proof. KiKit allows you to perform sanity checks of the PCBs, build panels according to the description and generate manufacturing data (gerbers, assembly files, BOMs, stencils), PCB documentation, and more. All this can be fully automated and, e.g., integrated into continuous-integration pipelines. Not only KiKit provides ready-to-use pipelines for the most common scenarios, but it can also serve as a framework for building custom PCB post-processing setups.

>> Read more about KiKit

Lemmy — Add private communities to Lemmy federated link aggregator

Lemmy is an open-source, easily self-hostable link aggregator that you can use to share, discover and discuss interesting new ideas - and discuss them with the world. Lemmy is a good decentralized alternative to widely used proprietary services like Reddit. It is designed to work in the Fediverse by virtue of its implementation of the W3C ActivityPub standard, and communicate natively with other ActivityPub services such as Mastodon, Funkwhale and Peertube. User registered on one server from one of these services should be able to effortlessly subscribe to communities on any other server, where they can have discussions with users registered elsewhere.

In this project, the team will deliver many noteworthy upgrades ranging from a more stable API, to group federation, two-factor authentication and improved moderation. In addition the project will work on the new native client Jerboa (for the Android OS). Also for the nostalgically inclined, the project is working on a new frontend inspired by traditional web forums like phpBB.

>> Read more about Lemmy

Libre-SOC HPC — Work on High Performance Compute capabilities for Libre-SOC

LibreSOC has made significant progress in the development of Digitally-Sovereign VLSI designs. This project will continue to further that initial research to create High Performance Compute capabilities for ultimate use in end-user products such as smartphones, desktops, laptops and Industrial Embedded PCs is clearly important. We therefore aim to further the IEEE754 Pipelines, associated Formal Correctness Proofs, and continue implementing unit tests, Simulator, Processor Core implementing Power ISA and Draft SVP64, as well as documentation. In order to engage with developers and solicit feedback we wlll present the progress and outcomes at relevant technical conferences.

>> Read more about Libre-SOC HPC

Libre-SOC OpenPOWER ISA WG — Steward ISA extension proposals through OpenPOWER External RFC Process

The Libre-SOC project has developed Draft SVP64 (a Vector Extension for the Power ISA), containing around a hundred new Draft instructions that dramatically improves the Supercomputing-class Power ISA. It also produced a Simulator, thousands of unit tests and over 350 pages of documentation. What we could not do however was submit a Specification to the OpenPOWER ISA Working Group - because the ISA WG was still in the process of being ratified. That has now been done, and we need to begin the formal process of writing up "Requests For Change" and submitting them. The end result will be an extremely powerful Vector ISA suitable for use in Digitally-Sovereign end-user products.

>> Read more about Libre-SOC OpenPOWER ISA WG

IndieHosters — System for Cross-domain Identity Management (SCIM)

Most organizations have a digital work environment that is composed of many applications. With a Single Sign-on (SSO) system they get a unified login and logout experience, but there is a catch. Traditional SSO protocols like OpenID Connect do not support syncing user profiles across applications. For instance, users are deleted in the SSO, but not in the applications. Hence, SSO implementations are not GDPR compliant by default, and organizations have to develop custom process to circumvent violations. SCIM is a standard developed within the Internet Engineering Task Force designed to solve exactly that. The project is to develop a SCIM client for Keycloak and a SCIM service provider for Nextcloud, RocketChat, Matrix and Stackspin.

>> Read more about IndieHosters

LibreCellular — FOSS technology stack for 4G networks

The LibreCellular project makes it easier to create 4G cellular networks with open source software and low cost software-defined radio (SDR) hardware. Achieving this via validated hardware and software configurations that are subjected to rigorous end-to-end testing via a continuous integration (CI) platform, supported by tooling and documentation for repeatable deployment.

This NLnet funded work will build on previous efforts and enable the integration of a more advanced core network, together with support for Voice-over-LTE (VoLTE). In support of which the existing CI hardware platform will also be extended and tests developed to provide VoLTE coverage. Finally, a previously developed medium power RF amplifier will be further developed to create a complete RF front-end, and a deployment manual will be created which covers topics such as antenna selection, spectrum licensing and EMF assessments.

>> Read more about LibreCellular

Liminix — Nix-based OS for domestic WiFi routers, access points etc

Today you can reflash your broadband router with Linux (e.g. DD-WRT, OpenWRT, Tomato or variants) to provide unparalleled flexibility to do things that the manufacturer system was not capable of. However, managing this flexibility by hand is challenging, especially when keeping custom configuration in sync across devices or through version upgrades.

Liminix aims to provide an OpenWrt-style embedded Linux distribution based on the Nix language for congruent configuration management, and the Nix package system. On top of this we plan to implement seamless management of configuration and secrets across a network of Liminix devices, and robust dependency-based service/process management so that a device can respond usefully when hardware or network connectivity changes.

>> Read more about Liminix

LunaPnR Phase 2 — A versatile and fast new open-source place and route tool

Making a custom chip (ASIC) requires a vast arsenal of tools, to do synthesis, simulation, parasitic extraction and schematic entry. . LunaPnR aims to add a robust open-source automated place & route tool to the equation. Luna targets ASIC processes larger than 100nm, in which it can perform place & route, do clock-tree synthesis and timing verification. This allows to design e.g. mixed-signal (analogue + digital) chips used in sensors and IOT devices. LunaPnR integrates well with existing open-source tools, such as YosysHQ's Yosys (a logic synthesis tool) and KLayout (a manual ASIC layout tool), but also with commercial tools via industry standard file formats (LEF, DEF and GDS). A fully open toolchain allows for a complete chain-of-trust between the chip designer and the chip manufacturer, from digital design to GDS2 and back (via wafer inspection).

In this new project LunaPnR will implement and test detail routing algorithms, enhancing the quality of the parasitic extraction for use with the OpenSTA static timing analyzer, speed up the graphical user interface (so it can render very large design efficiently), implement and test the power structure/special net/padring placer & router, and integrate Logic Equivalence Check (LEC).

>> Read more about LunaPnR Phase 2

Makatea — An x86, 64-bit Virtual Machine Monitor for the seL4, verified microkernel

The security of any software system depends on its underlying Operating System (OS). However, even compartmentalization focused OSes such as Qubes, which are "reasonably secure" depend on large trusted computing bases (e.g. hypervisors) with hundreds of thousands of lines of code. seL4 is an open-source, formally-verified microkernel that has matured and been maintained for over a decade. seL4's small size (10,000 Lines of Code) and formal verification make it an appealing base to implement a hardened, open-source, x86 64-bit Virtual Machine Monitor (VMM) on. Makatea is a new hypervisor written from the ground up, capable of paravirtualisation, Hardware-Assisted Virtualisation and device emulation. Makatea also will allow to run software originally written for other platforms wherever seL4 can be made to run - and do so in a very controlled environment.

>> Read more about Makatea

MapComplete — Thematics OpenStreetMap-viewer and editor.

OpenStreetMap is a libre and free online database of geodata which can be edited by everyone and is used by millions of people. However, contributing can be challenging or intimidating to non-technical users. MapComplete is a webapp whose goal is to make it trivial to see and update information on OpenStreetMap. This is achieved by showing only features related to a single topic of interest on the map - from playgrounds, public toilets and bicycle rental places to charging stations and public tap water spots.

MapComplete contains many thematic maps, each built for a certain community of users and use cases. By focusing on a single topic, contributors are not distracted by objects not relevant to them. Furthermore, this allows to show (and ask for) attributes that are highly specialized (e.g. a widget that determines tree species based on pictures) but also to reuse common attributes and elements (such as showing and adding opening hours or pictures). Within this project, performance will be improved and a user interface to create a new topical map will be built, which will allow for more people to contribute on more topics.

>> Read more about MapComplete

Marginalia Search — A fresh take on search

Marginalia Search is an experimental Internet search engine for the independent web designed and optimized to run on cheap consumer hardware. The overarching goal of the development effort is to bring the project into a more mature state; to improve search quality and range, reduce the amount of manual operations, and to produce and offer portable data in order to bolster adjacent efforts in the search and discovery space.

>> Read more about Marginalia Search

Modular — Reusable decentralised meta-search engine is a search engine dedicated to online press. It can work from your computer being shaped as browser WebExtension and gives you back the control of your information sources allowing to choose (and pin-point) the newspapers to search in. Sources can be contributed by users, covering any domain where it's the chronological order that matters : press (TV, radios…), scientific press, online agendas…

Using is free, avoid ads and does not trigger the tracking mechanisms of online newspapers when discovering the results. With the new developments within this project, will break out of web browsers to become available server-side and for mobile users. Also, contributions for your favorite sources will finally be possible "all by mouse" and without computer science specific knowledge (traditional method via CSS selectors still being available).

>> Read more about Modular

MobileAtlas — Taking roaming measurements to the next levelMobileAtlas

MobileAtlas is an international measurement platform for cellular networks that takes roaming measurements to the next level. Although mobile cellular networks have become a major Internet access technology, mobile data traffic is surging, and data roaming has become widely used, well-established measurement platforms (e.g., RIPE Atlas) are not well-suited for measurements in the mobile network ecosystem. This includes measurements of metered connections and consideration of roaming status and zero-rating offers.

MobileAtlas implements the promising approach to geographically decouple SIM card and modem, which boosts the scalability and flexibility of the measurement platform. It offers versatile capabilities and a controlled environment that makes a good foundation for accurate and fine-grained measurements. In the current phase we focus on increasing the coverage of the measurement platform and improving the support for emerging technologies (e.g. eSIM, IPv6, VoLTE, and 5G).

>> Read more about MobileAtlas

Modos — Open-hardware high-refresh-rate electrophoretic display controller

Modos is building an libre, open source and open hardware ecosystem of low-cost, affordable electronic devices that use an E Ink display and are driven by the first open-hardware high-refresh-rate electrophoretic display controller of our own design. Having such a controller will enable the creation of new devices and applications designed around the advantages of this dynamic medium: easier on the eyes, less power consumption, readable in direct sunlight, and persistence.

In this project, the team will incrementally improve upon the existing (working) prototypes and establish a Pilot Program . The team provides community support, and makes sure you contribute to the development of the open hardware ecosystem.

>> Read more about Modos

Naja — EDA tool focused on post logic synthesis

Naja is an EDA (Electronic Design Automation) project aiming at offering open source data structures and APIs for the development of post logic synthesis EDA algorithms such as: netlist simplification (constant and dead logic propagation), logic replication, netlist partitioning, ASIC and FPGA place and route, …

In most EDA flows, data exchange is done by using standard netlist formats (Verilog, LEF/DEF, EDIF, …) which were not designed to represent data structures content with high fidelity. To address this problem, Naja relies on Cap'n Proto open source interchange format.

Naja also emphasizes EDA applications parallelization (targeting in particular cloud computing) by providing a robust object identification mechanism allowing to partition and merge data across the network.

>> Read more about Naja

NaxRiscv core improvements — Open hardware out-order Risc-V CPU

This project aim at extending the scope of the NaxRiscv project (a free and open-source out-of-order multi-issue RISC-V CPU, using innovative hardware description technics and optimized for FPGA deployment) by getting the CPU to run Debian in a stable manner and documenting the whole process used to build the required binaries/rootfs, implementing memory coherency, multicore support and a L2 cache to enhance the performances, and finally, optimizing and synthesizing the CPU for ASIC using the free and open-source tooling to pave the way for some future NaxRiscv based silicon chips.

>> Read more about NaxRiscv core improvements

Nitrokey 3 — PIV/FIPS 201-3 and extended hardware support for Trussed/Nitrokey

The project summary for this project is not yet available. Please come back soon!

>> Read more about Nitrokey 3

Nominatim as a library — Self-hostable address/location retrieval for OpenStreetMap

Nominatim is an open-source geographic search engine (geocoder). It makes use of the data from OpenStreetMap to built up a database and API that allows to search for any place on earth and lookup addresses for any given geographic location. The conventional wisdom is that geocoding is such a computationally heavy task that it can only be done through a webservice. So far, Nominatim has been following this convention. While it is easy to install your own instance, it is still expected to be run as a service. However, if you care about privacy, then location data is not something you would want to regularly send to an external geocoding provider because it allows to create detailed movement profiles. We need the possibility to do geocoding directly on the device. The goal of this project is to transform Nominatim's code base so that it cannot be only be used as a web service but also as a local application or as a library inside another application. In the first phase, the PHP code of the search frontend will be ported to Python, which is much better suited for such a multi-use task. In the second phase, we explore if the rather heavy-weight PostgreSQL database can be transformed into an SQLite database to even further simplify using Nominatim as a library.

>> Read more about Nominatim as a library

Nyxt Webextensions — Independent implementation of WebExtensions

Nyxt is a web browser that seeks to empower knowledge workers with access to better browsing tools. The Internet is the single largest corpus of human knowledge available. Effective tools to navigate, browse, and index it are important for research/work/empowerment. Nyxt provides these tools. A different take on the "browser", Nyxt is a power-browser, designed from the ground-up for work.

What was until now missing from Nyxt, and from other third party browsers, is support for common WebExtensions (such as NoScript, ad blockers, etc). In this project we'll extend Nyxt's capabilities to support WebExtensions which will allow users to customise their browsing experience and better protect themselves from abuse. Additionally, our work will pave the way for other libre WebKitGTK+ to support WebExtensions, and thus, increase adoption.

>> Read more about Nyxt Webextensions

Ordie — Designing a SoC for Betrusted

The field of open silicon is still in its infancy, and while the story on digital logic generation is good, analogue is still a work in progress, and full system integration is only just beginning. The Ordie project will characterize available analogue and digital blocks, integrate them, and create simulation and test software to validate them both pre- and post-production. In this way, the Ordie project will create open, fully-verified silicon chips where every aspect of the part is inspectable down to the raw GDS files. These parts will be usable in some aspects of projects such as Betrusted, where they may be used to replace some of the proprietary silicon with open variants. Along the way it will develop a circuit that enumerates over USB, be able to address various debug structures using existing Wishbone USB and Spibone debugging, and develop a buck regulator, useful for powering on-die structures.The on-chip blocks will be documented using reference systems such as lxsocdoc.

>> Read more about Ordie

Peertube plugin livechat — Integrated chat for Peertube live streams

The Peertube project aims to offer a free, decentralized, and sovereign alternative to video-on-demand platforms. Since its 3.0.0 version it is possible to live stream. However, the Peertube team has chosen not to integrate a chat system, but rather to offer the necessary tools so that it is possible to integrate this functionality via plugins. It is in this context that the "Peertube Livechat" plugin was launched in 2021. This project - already installed on nearly 250 Peertube instances - has grown with time, and already provides a serious alternative to existing proprietary systems. However, there are still some steps to be done to offer the same level of service as these commercial platforms: manage the decentralization allowed by Peertube at the chat level, possibility of automatic moderation, streamer/viewer interaction tools, improve and complete the translations of the software, improve its documentation, think about the numerous requests of the community, and so on.

>> Read more about Peertube plugin livechat

PeerTube - Remote Transcoding — Remote Transcoding for distributed video sharing network

PeerTube is a free-libre and federated alternative to centralized video platforms such as YouTube, Twitch or Vimeo. It empowers content creators (institutions, video-makers and live streamers, communities, etc.) to self host their own collective video-platform without being isolated in the wide web. The technical choices behind PeerTube (ActivityPub Federation, peer-to-peer broadcasting) keep the source of this sugestion (the technical and financial bar to self & collective hosting: you no longer need Google's server farm and Amazon's money to host your own PeerTube servers (an instance) and synchronize it with other servers to share video catalogs!

There is still one technical bottleneck: video transcoding. This step is essential for a smooth video broadcasting experience. Transcoding happens at every video upload or during live-streams, and consumes a lot of CPU power. Instances hosting lots of content creators or live streamers tend to rapidly need to upgrade the CPU power of their server, to avoid a bottleneck that only happens episodically. Allowing transcoding work to happen remotely could solve a number of important logistical problems in a more efficient, resilient, affordable and eco-friendly manner.

>> Read more about PeerTube - Remote Transcoding

Pixelfed — Open source, federated photo sharing platform using ActivityPub

Pixelfed is a free and ethical photo sharing platform, powered by ActivityPub federation. The primary scope of this project is to build a federated Groups feature which will enable people to create communities across Pixelfed instances and other fediverse software. Pixelfed Groups will support text, photo and video posts on a separate Group-only timeline feed, as well as support a powerful role based membership system where admins can easily control who can join and the other actions they can perform.

>> Read more about Pixelfed

pretalx — Open source tooling for events and conferences

When attending events like conferences, visitors are often subjected to privacy-invading proprietary apps by organisers. With printed programmes typically no longer made available, visitors are put on the spot: either they install some unknown app and allow themselves to be tracked, or they don't know which sessions to attend. Pretalx is an open source project for events and conferences. It provides a Call for Proposals interface, tools for review (including fully double-blinded ones), scheduling, speaker communication, and attendee feedback. pretalx has a variety of plugins and can be self-hosted. This gives conference organisers, speakers and attendees complete control over the data they share. This project will completely redo the writable API of pretalx, making it a strong privacy-friendly option for any event being organised.

Pretalx is one of the leading open source tools capable of handling the full organisation of events from Call for Proposals to user feedback, and is used by many large open source events already (MozFest, FOSDEM, Pycon, NSEC, etc).

>> Read more about pretalx

RAIJIN — Open Hardware brain meeasurements with near-infrared spectroscopy

Low-cost electroencephalographic (EEG) systems have been available for over a decade, such as the open hardware OpenBCI ecosystem. While EEG has been democratized to varying degrees, blood-oxygen-level-dependent (BOLD) methodologies are constrained to medical and niche realms. While magnetic resonance imaging is impractical for a hobbyist, functional near-infrared spectroscopy (fNIRS) may offer a more practical alternative. Similarly, non-visual and non-auditory feedback from a brain-computer interface (BCI) may be streamlined with a tactile or haptic device. Transcranial temporal interference stimulation (TTIS) can be directed and integrated with the existing ecosystem. The Rank-Adjusted Infrared Juxtaposed Interferential Neuromodulation (RAIJIN) marks three components that would significantly improve tools for citizen-scientists. Given recent low-cost projects, it may be possible to bring low-cost fNIRS, non-invasive deep brain stimulation, and tactile response into the OpenBCI ecosystem. Tactile and TTIS enable closed-loop computer-brain interference (CBI). By integrating BCI and CBI, the RAIJIN system will enable mobile, low-cost, BOLD-capable, closed loop, and non-invasive brain-to-brain interface (BBI).

>> Read more about RAIJIN

Radio-Meshnet — Self-sustained Community and Emergency Radio Networking

The project summary for this project is not yet available. Please come back soon!

>> Read more about Radio-Meshnet

pcb-rnd, sch-rnd — Open source EDA suite

Ringdove EDA is a modular, portable Electronics Design Automation toolkit mainly targeting the Printed Circuit Board design workflow. The two flagship projects in Ringdove are sch-rnd (schematics capture) and pcb-rnd (printed circuit board editing). Because of the modular layout of the code and the active management of dependencies, both projects are highly portable, both in time (old, present and future systems) and in workflows (interactive graphical design or interactive command line usage or headless automated processing). Ringdove also strives to support file formats of other EDA software, especially for loading proprietary formats, making existing/legacy hardware designs more accessible to the Open Source community.

>> Read more about pcb-rnd, sch-rnd

Rotonda Secure Extensions — Implement BGPSec in Rust and integrate into Rotonda

Rotonda is a modular routing project that brings BGP observability and easy BGP provisioning to networks. Its aim is to improve the safety and security of the inter-domain routing system. In this particular effort we will build two features that will help us further the goal of security and safety.

First, we will implement BGPsec as a first-class citizen in Rotonda. BGPsec is a standardised protocol for securing routes in the inter-domain routing system. As far as we know Rotonda will be the first open source routing software that supports BGPsec out-of-the-box.

Second, we will implement a run-time configurable plug-in system for Rotonda, that will not only increase its modularity and extensibility, but also its usability.

>> Read more about Rotonda Secure Extensions

SDCC — Small Device C Compiler compiler for 8-bit microcontrollers

The Small Device C Compiler (SDCC) is free and open source software for 8-bit microcontrollers. While such 8-bit microcontrollers might seem like outdated technology (most of the popular chips sold today use 32 bit or 64 bit solutions), the fact that there are less transistors to fire up with every cycle means there are quite a few basic use cases where 8-bit systems might very well remain the most energy-efficient option despite . SDCC is competing head to head with various proprietary compilers - such as Keil, IAR, Comsic, Raisonance. The tasks in this project will significantly boosts the capabilities of SDCC and allow developers a more mature tool to design for e.g. eco-friendliness. The project will deliver various improvements in SDCC, in order to make it more complete and competitive in terms of features and workflow.

>> Read more about SDCC

#Seppo! — Portable ActivityPub implementation

Posting and liking self reliantly and still have a life. #Seppo! empowers you to publish short texts and images to the internet as easily as using an online service but retain full agency and responsibility. What you publish is solely subject to public law. No 3rd parties hold a stake, nobody else imposes any rules on you. This is because you publish on your own property. Which is possible because housekeeping is no more than the known follow/unfollow/block/unblock content moderation of your own single account. You do that by yourself. There are no scripting engines or databases, no technical updates required. You can focus solely on the message to deliver. You build an online presence on your own digital property, robust for decades if you decide so. #Seppo! is built on mature web standards (e.g. ActivityPub), a european technology stack, inspectable plain-text storage, is security aware and decentralised. It is made for but not limited to off-the-shelf static webspace as offered by numerous vendors all over the EU. #Seppo! targets individuals and small organisations joining the #Fediverse with max. 10k followers, optionally cross-posting to the closed platforms.

>> Read more about #Seppo!

Silicon verification — Non-destructive, in-situ inspection of physical chips

The global nature of supply chains presents an existential question for the trustworthiness of hardware: how do I know the chips in my device are genuine and pristine? Trusted domestic fabs only solve a facet of the problem: after a silicon wafer leaves the fab, it criss-crosses the globe multiple times as it is packaged, tested, and assembled into an end user product, presenting a huge attack surface for post-fab substitutions and alterations. The "Silicon Verification" project lays foundations for high resolution end-user, direct, and non-destructive optical inspection of chips. Our research aims to create a set of techniques for hardware packages that fill the analogous role of "digital signature verification" for software packages: a ubiquitous method to establish trust in a package, after it has been delivered to the user.

>> Read more about Silicon verification

Solid Application Interoperability — Interoperable Data sharing flows and discovery for Solid

Solid Application Interoperability specification details how Agents in the Solid ecosystem can read, write, and manage data stored in a Solid pod using disparate Applications, either individually or in collaboration with other Agents. Solid is a specification that lets people store their data securely in decentralized data stores called Pods. Pods are like secure personal web servers for data. When data is stored in someone's Pod, they control which people and applications can access it. Solid Application Interoperability provides clear way to create intuitive data boundaries and higher level patterns to manage access to that data following the principle of least privilege.

The focus of this project is on three parts: i18n for the Authorization Agent, data sharing flows and verifying WebID of social peers.

>> Read more about Solid Application Interoperability

Solid Usable App Tools Project — Improve developer experience for W3C Solid

The Solid project is one of the best known efforts promising to bring individual data ownership to the people of Europe and the world. While Solid has many use cases, a common example is an alternative to Facebook, Instagram, and Twitter where a user can own their own social media data. But, Solid's current specification, implementations, and developer tools are not yet able to support a full-fledged social media alternative. This project will aide the ongoing specification and developer tool development for Solid by filling in the gaps that are currently preventing a "home-run" app from being created on Solid.

Particular areas of concern for this project are: Authentication for Mobile Apps and Bots, Real-Time Notifications, and Easier Devtools (which caters also for developer that lack much prior knowledge of linked data). In addition, the project will produce a tutorial series to make developing apps on Solid as easy as learning how to use more mainstream technologies like React.

>> Read more about Solid Usable App Tools Project

Stalwart Mail Server — Robust full featured mail infrastructure in Rust

Self-hosting an e-mail server is notoriously difficult. While privacy is a top concern for many individuals and businesses, the complexities of self-hosting a mail server often outweigh the benefits, leading many to choose to sacrifice some privacy and pay a third-party provider to manage their email instead. One of the key challenges of self-hosting an email server is the outdated and complex nature of most available open-source mail server software.

Stalwart Mail Server is an open-source email server written in Rust that aims to help modernize, democratize, and promote decentralization of email. The server offers a robust and privacy-focused solution that is easy for individuals and businesses to set up and maintain on their own.

Stalwart Mail Server consists of three components: a JMAP server, an IMAP4 server with support for ManageSieve as well as many extensions, and an SMTP server with support for DMARC, DKIM, ARC, and SPF. The server does not require any external software or databases to run and can easily scale to multiple servers thanks to its native Raft support.

Furthermore, the use of Rust in Stalwart Mail Server allows it to offer improved performance, safety, and concurrency compared to other solutions, making it a versatile and robust choice for those looking to self-host their own email server.

>> Read more about Stalwart Mail Server

TOS;DR OTA backend — Integrate Terms of Service;Didn't Read with Open Terms Archive

Open Terms Archive is a digital common that produces (since 2020) datasets of the evolution of contractual documents (Terms of Service, Privacy Policy…) over time, enabling analysis and comparison. It aims at shifting the power balance from big tech actors towards researchers, end users and regulators. The “Terms of Service; Didn't Read” (ToS;DR) project enables (since 2011) crowd-reading and rating of these same contractual documents. These documents are obtained from the web with a dedicated engine that stores them in a private database and suffers from lack of maintenance.

The goal of the effort is to replace the historical ToS;DR crawler with the public Open Terms Archive datasets, thus increasing the reliability and auditability of the source data, since the annotations will be based on public datasets produced by replicable instances instead of being based on a one-off database used only by ToS;DR itself. This will also enable establishing a common data format for annotating documents.

>> Read more about TOS;DR OTA backend

GNU Taler wallet app for iOS — Mobile GNU Taler payments for portable Apple devices

GNU Taler (Taxable Anonymous Libre Electronic Reserves) is a privacy-preserving electronic instant payment system that is fully free software. It uses electronic coins stored in wallets on customer’s device. Coins are like cash. Users can use Taler to pay in existing currencies (i.e. EUR, USD, BTC), or use it to for instance create new regional currencies. The Taler wallet is currently available as a browser-based WebExtension and as Android app, but not yet as iOS app. This project will develop a user-friendly and accessible iOS wallet app for the GNU Taler payment system. With the iOS Taler wallet app, users will be able to make payments with their iPhone -- similar to how they would use proprietary payments systems like Apple Pay.

>> Read more about GNU Taler wallet app for iOS

Tracking weasel — Detect privacy violations in mobile apps

Privacy and data protection are fundamental rights and already well protected by legal frameworks in the EU. Yet, tracking—often without consent—is ubiquitous and often unavoidable. While tech-savvy users can defend themselves against that to a certain degree with tools like tracking blockers, we want to attack the problem at its root to make the web safe for everyone, regardless of expertise. With this project, we want to build infrastructure to detect privacy violations in apps on Android and iOS and crowdsource complaints against this behaviour with the data protection authorities. The result will be a web app where users can select an app from the app stores, which we will then download and run in an emulator or on an actual device. We will analyse the apps’ network traffic and detect privacy violations not just based on server connections but the actual data being transmitted. We will also check any consent dialogs. The website will then show a report to the user and, depending on the results, give them the option to generate a complaint under the GDPR and ePrivacy Directive, complete with the collected evidence from the analysis in the form of screenshots and traffic dumps.

>> Read more about Tracking weasel

DeltaChat/WebXDC — Portable private apps that can be shared in e.g. chat

Webxdc is a fresh and still evolving effort to explore "private apps", essentially 'portable' web apps through which users can interact in any number of ways outside of the traditional client-server paradigm, e.g. over E2EE chat. These mini-apps offer interesting interaction patterns -- without any dependency on centralised infrastructure, additional logins etc. It grew from Delta Chat, a highly innovative solution that uses secure email-based communication technology for social networking, protected with OpenPGP/Autocrypt.

The project will further develop the concept of Webxdc apps, and make it for instance possible for users to make data portable (which is currently not possible due to missing security controls for that).

>> Read more about DeltaChat/WebXDC

XR Fragments — Discover, reference, navigate and query 3D online content

After the hype of early (and proprietary) virtual reality technologies like Second Life cooled down, there is recently a renewed push towards the "3D" web which uses virtual reality technologies (also marketed under new brand names like "Metaverse"). While many technological building blocks are meanwhile available, seamlessly surfing the 3D web however seems quite far away still for a simple reason - browsers exit fullscreen/WebXR mode when switching web addresses, essentially removing the immersive experience when navigating. While such a limitation comes from obvious security considerations, it also pushes VR/AR-Headset owners into walled gardens for a more pleasant experience.

eglTF is developing a simple public protocol for networked 3D webrings to discover, reference, navigate and query 3D online content (read-only). This allows to enable immersive 3D navigation, liberate 3D content from being locked away inside games / walled gardens and to query objects inside a 3D asset files, without the need of serverside backends.

>> Read more about XR Fragments

mCaptcha — Privacy-friendly Proof of Work (PoW) based CAPTCHA system

Existing CAPTCHA systems expect visitors to identify objects to prevent spam, which makes the web inaccessible to persons with cognitive, auditory, and visual special needs. They log Internet Protocol (IP) addresses and use tracking technologies, like cookies, to track and profile their users across the internet. IP logging and cookie-based tracking are privacy-invasive, inaccurate, and impossible to use with anonymizing technologies like Tor and VPNs. Censors can abuse the opaque nature of these systems to prevent certain groups from accessing certain types of information. Independent testing for bias is not possible since the documentation doesn't exist for their methods and algorithms.

mCaptcha is an attempt at creating a self-hosted alternative to reCAPTCHA and hCaptcha with a focus on privacy, transparency, user experience, and accessibility. mCaptcha’s Proof of Work (PoW) mechanism uses strong cryptographic principles that guarantee idempotency and transparency. mCaptcha doesn’t log IP addresses and doesn’t require tracking user activity across the internet. Censors can’t use mCaptcha to deny access to information without detection. Also, the PoW mechanism requires minimal user interaction to solve the CAPTCHA, which will significantly improve the accessibility of the web.

>> Read more about mCaptcha

vdirsyncer — Synchronise calendars and contacts

In this digital age, we all have digital address books with the phones and addresses of our loved ones, friends, and those with whom we work. We keep calendars with meetings we need to attend and places we are expected to be. And we need to keep this information synchronised across devices, shared with others, but only with those whom we choose to collaborate. Vdirsyncer synchronises address books and calendars between webcal, caldav, and local vdir collections. This empowers users to manage their own data, synchronise with servers of their choice, as well as interact with their data offline in their own devices. Vdirsyncer has proven itself a useful tool, but suffers from some early design issues which are impossible to fix without rewriting it. Within this project, the rewrite will become a reality. Additionally, the codebase will be structured to be easily usable by other projects and developers.

>> Read more about vdirsyncer