Send in your ideas. Deadline October 1, 2024


Projects enhancing privacy and trust of internet and related technologies

This page contains a concise overview of projects funded by NLnet foundation that belong to NGI Zero PET (see the thematic index). There is more information available on each of the projects listed on this page - all you need to do is click on the title or the link at the bottom of the section on each project to read more. If a description on this page is a bit technical and terse, don't despair — the dedicated page will have a more user-friendly description that should be intelligible for 'normal' people as well. If you cannot find a specific project you are looking for, please check the alphabetic index or just search for it (or search for a specific keyword).

Technology has become part of the fabric of our society, but unfortunately the market doesn't automatically provide the honest, reliable and robust technology we as humans expect and deserve. NGI Zero PET? t is an ambitious grant programme led by NLnet as part of the Next Generation Internet initiative, which focuses on privacy and trust enhancing technologies.

The projects within this fund run on pretty much all layers of technology, from the internet protocols that run underneath every packet sent across the wire, the operating system and browser that we run our day-to-day applications and services on, the messaging apps we use to stay in contact with each others, all the way up to the infrastructure we compile software on, the computer chips we use in our devices and even the design and manufacturing of integrated circuits - projects within NGI Zero PET are breaking down barriers in the market and working towards a technology commons.

So brace yourself for a deep dive in technology, and if you have the time — check each and every one of them out. Note that everything should be available under a free and open source license so it is not the type of technology you can look at but not touch — you can study, use, modify and share everything you come across with anyone you want! And if you think your idea fits in such a list, why not propose a project yourself in one of our other calls: we are always looking for new great ideas to support!

Logo NLnet: abstract logo of four people seen from aboveLogo NGI Zero: letterlogo shaped like a tag

Interesting in applying for a grant yourself? Check our active theme funds, such as NGI Zero Core or NGI Zero Commons Fund. Applications to this particular fund are currently closed and no new projects are accepted for now. Donate to help us fund more projects like these.

LibreCellular — Open hardware 4G Mobile Network

Free and open source solutions now exist for every component that is required to create a 4G cellular (LTE) network, all the way from the radio access network (RAN) and core, to services which are used for integrated voice (VoLTE). Creating a fully functional mobile network is the next logical step, but this requires overcoming the final remaining technical hurdles. This project will provide end-to-end integration of a FOSS technology stack for 4G networks, via a validated hardware and software configuration that is subjected to appropriate testing. Together with additional tooling and documentation for repeatable deployment, the project will making it far easier to create a self-contained 4G network than ever before. This is particularly timely given the availability of low cost software-defined radio (SDR) hardware, coupled with the efforts of wireless regulators to provide increased access to spectrum for private and community LTE networks.

>> Read more about LibreCellular

AI-VPN — Local machine-based learned analysis of VPN trafffic

Our security decreases significantly especially when we are outside our offices. Current VPNs encrypt our traffic, but they do not protect our devices from attacks or detect if there is an infection. The AI-VPN project proposes a new solution joining the VPN setup with a local AI-based IPS. The AI-VPN implements a state-of-the-art machine learning based Intrusion Prevention System in the VPN, generating alerts and blocking malicious connections automatically. The user is given a summary of the traffic of the device, showing dectected malicious patterns, privacy leaked data and security alerts, in order to protect and educate the users about their security status and any risks they are exposed to.

>> Read more about AI-VPN

Analog/Mixed-Signal Library — OSHW component library for ASIC design

One of the gaps in the open chip toolchain is a libre-licensed analog/mixed-signal library. Having access to such a library contributes to having a fully open ASIC design infrastructure through which secure and trustworthy open hardware can subsequently be built.

This project is trying to fill that void. The first part of the project consists of enhancing and stabilising the underlying PDKMaster project, and allow it to facilitate programmatic co-generation of circuit and layout with integrated support for circuit simulation. This should make resulting circuits DRC and LVS clean by design. Second part of the bootstrapping effort is then to implement a set of scalable analog/mixed-signal blocks which can be integrated into PDKMaster. The initial set will consist of the following 4 core blocks: a voltage reference, a PLL (phase-locked loop), a low frequency, low accuracy ADC and a low frequency, low accuracy DAC.

The overall focus is on proving the overall suitability of the PDKMaster framework, rather than on the complexity and difficulty of the individual analog/mixed-signal blocks which are to be added. Thanks to proper documentation and examples, users can start expanding the available building blocks by adding their own contributions.

>> Read more about Analog/Mixed-Signal Library

Accessible security — Integration effort of independent security efforts like Qubes, Heads, coreboot, etc

The "Accessible security" project's initiative was sparked by the need for usable security made available to the average citizen. Several projects are contributing a part of this bigger puzzle: QubesOS, coreboot, Heads, me_cleaner, Whonix and others. Yet the average person does not have the sophistication to integrate these software projects. With some effort we can add some missing parts, help the effected projects usability, and facilitate access to cutting-edge developments, currently only usable by developers and more sophisticated users. Bringing these projects together will reduce the amount of expertise and effort required to benefit from these projects.

>> Read more about Accessible security

Alder Lake Desktop — Open firmware for widely used Desktop/Workstation motherboard

Modern firmwares are extremely complex pieces of software code. As such, it is not uncommon for some functionality to be bugged or to not be working as intended. Sometimes firmware updates break things that used to work, too. The first course of action is to request the mainboard manufacturer to resolve it, and typically the support team delivers a binary with a fix. However, when it comes to feature requests in the firmware, the manufacturers refuse to comply. The mainboard owner ends up with a piece of hardware not fulfilling the owner's needs and has to move to a different platform that is hopefully equipped with firmware containing the desired feature. However, this problem can be solved by offering freedom to the board owners. The freedom to modify and adapt the firmware to their own needs, what can be accomplished by open-source firmware.

The goal of the project is to implement open-source firmware support for the MSI PRO Z690-A WIFI DDR4 workstation/desktop platform and open the door to liberty of customization. MSI PRO Z690-A supports the newest 12th generation of Intel Core processors. Furthermore, there will be no dependency on the mainboard manufacturer to provide fixes, because an experienced community could do them for a worldwide benefit.

>> Read more about Alder Lake Desktop

Autocrypt for Thunderbird — Make email encryption extremely simple

Autocrypt is a specification that provides guidance for e-mail clients on how to achieve a seamless user experience. It does so by transparently exchanging keys, almost entirely automating public key management. This reduces the UI to "single click for encryption". The project will create an extension for the Thunderbird e-mail client that brings this experience to its users. The goal is to provide a new extension with a streamlined user experience that requires as little user interaction as possible, without "poweruser" features and performing practical user testing to identify open pain points. The extension will be based on OpenPGP.js, since this can be packaged directly. This will simplify installation and maintenance a great deal.

>> Read more about Autocrypt for Thunderbird

BBBsecureChat — Add E2EE instant messaging to Big Blue Button meetings

BigBlueButton is a video conferencing framework built on open source components. It is being used worldwide for education, events and training, and gained a lot of usage during the Covid-19 pandemic. Whilst audio and video are being handled by scalable components (notably Freeswitch and Kurento), the chat currently integrated in BBB is a single node.js thread for all conferences. This causes performance problems if used heavily in conferences, and lacks features such as E2EE and emoji support. In this project we will be trying to create an alternative chat service component based on mature open source solutions which have a richer feature set and offer end-to-end encryption. Some of the challenges are: respecting privacy in recordings, allowing chats 1:1 and in break-out rooms, automatic exchange of encryption keys, authentication, SingleSignOn and handling file exchange among chat users. We will be testing the enhanced chat with selected BBB users and will offer the result to the BBB developer and user community.

>> Read more about BBBsecureChat

Balthazar — One laptop for the new internet age.

Project's ambition is to design and deliver an innovative and technically advanced open hardware (RISC-V/ISA) based, European made, inexpensive, FOSS laptop as a personal computing device, containing on board all desirable (FOSS compliant) hardware and software features and functionalities needed to prevent any 3rd party intrusion into the system. It adds physical safety features currently not available in the market such as hot-swappable CPU, hardwired switches for e.g. camera and audio devices, and a quickly removable encrypted hard drive and peripherals. A goal of Balthazar is to enable and educate end users to be private, safe and careful with their own data, and that of others. Another goal is to make computing more sustainable and reach eco-friendly footprint, by empowering users to take up their 'right to repair', through a modular laptop that allows components to be easily exchanged and upgraded - up to the CPU itself. The goal is to lead by example and gently lead other hardware manufacturers to become fully open and transparent. And create an educational platform, as well as an advanced computing device where its users (including those with low income ) to feel secure, safe and comfortable using it. For the children of all ages.

>> Read more about Balthazar

Balthazar - One laptop for the new internet age. — A secure fully open hardware laptop

Project's ambition is to design and deliver an innovative and technically advanced open hardware (RISC-V/ISA) based, European made, inexpensive, FOSS laptop as a personal computing device, containing on board all desirable (FOSS compliant) hardware and software features and functionalities needed to prevent any 3rd party intrusion into the system. It adds physical safety features currently not available in the market such as hot-swappable CPU, hardwired switches for e.g. camera and audio devices, and a quickly removable encrypted hard drive and peripherals. A goal of Balthazar is to enable and educate end users to be private, safe and careful with their own data, and that of others. Another goal is to make computing more sustainable and reach eco-friendly footprint, by empowering users to take up their 'right to repair', through a modular laptop that allows components to be easily exchanged and upgraded - up to the CPU itself. The goal is to lead by example and gently lead other hardware manufacturers to become fully open and transparent. And create an educational platform, as well as an advanced computing device where its users (including those with low income ) to feel secure, safe and comfortable using it. For the children of all ages.

>> Read more about Balthazar - One laptop for the new internet age.

Betrusted OS — An embedded OS for cryptographic devices

Betrusted OS will underpin the Betrusted ecosystem, and will enable secure process isolation. It will be written a safe systems language - namely Rust - to ensure various components are free from common programming pitfalls and undefined behavior. Unlike modern operating systems that trade security for speed, the Betrusted OS will prioritize security and isolation over performance. For example, it will be a microkernel that utilizes message passing and services rather than a monolithic kernel with modules. Unlike other deeply-embedded operating systems, it will require an MMU, and support multiple threads per process. This will let us add features such as service integrity and signature verification at an application level.

>> Read more about Betrusted OS

Betrusted software — A minimalist and secure OS for embedded communication devices

The Betrusted software project utilizes the strongly typed Rust programming language to build the first applications and libraries for the open hardware project. Betrusted is pioneering a new class of open hardware communications device, with a grant by NGI Zero. The project will set up a virtual environment for betrusted (e.g. QEMU / RISC-V) in order to develop and test software as close to target as possible and unlock community collaboration and contributions. The second main task in the project is to write a Matrix protocol command line client in order to analyze the memory characteristics in the highly constrained betrusted environment. The additional time is to be allocated to development support for the Bestrusted OS, develop glue layers and verify necessary interfaces for applications, provide unit/integration tests and develop (test) applications for it.

>> Read more about Betrusted software

Betrusted Storage — Plausably deniable encrypted storage

Betrusted aims to be a secure communications device that is suitable for everyday use by non-technical users of diverse backgrounds. We believe users shouldn’t have to be experts in supply chain or cryptography to gain access to our ultimate goal: privacy and security one can count on. Today’s “private key only” secure enclave chips are vulnerable to I/O manipulation. This means there is no essential correlation between what a user is told, and what is actually going on. Betrusted will build a full technology stack, including silicon, device, OS, and UX that is open for inspection and verification. We've passed the first hurdle of creating an FPGA-based device, which we have spun out into a development platform we call Precursor. We are now advancing deeper into the technology stack to improve FPGA, drivers, OS, and UX elements, all driving toward the common goal of making Betrusted a simple, secure, and strong device that aims to advance Internet freedom.

>> Read more about Betrusted Storage

Briar — A secure messaging app with offline capabilities

Briar is a secure messaging app designed for activists, journalists and civil society groups. Instead of using a central server, encrypted messages are synchronized directly between the users' devices, protecting users and their relationships from surveillance. This project will enable users of Briar to delete their private messages. Giving users control of what information their devices retain will allow them to practice defence in depth, managing their exposure if their devices are lost or compromised.

>> Read more about Briar

LibrEDA — An integrated development environment for chip design

Because digital circuits are a core part of today’s society there is a significant value in free and open chips and, equally important, free and open design software that is accessible also to small entities. Not only would this enhance trust through transparency and digital sovereignty through distributed knowledge but it would also be a fertile ground for education, hobbyists and small enterprises. The main goal of this project is to create a new libre-software framework for the physical design of digital integrated circuits. The framework is meant to simplify the development of chip layout tools, i.e. the tools used to convert a gate-level netlist into a fabrication-ready layout. This includes fundamental data structures and algorithms, interface definitions of the design algorithms (e.g. placement, routing or timing analysis), input/output libraries for commonly used file formats as well as documentation and example implementations. Two variants will be pursued in parallel: One with a clear focus on simplicity and education and another with a focus on performance and scalability. Another part of the project is the continuation of the ‘LibreCell’ standard-cell generator and characterization tool.

>> Read more about LibrEDA

Zerocat Chipflasher Flashrom Interface — Hardware to flash alternative/libre firmware to BIOS chips

The Zerocat Chipflasher Project aims to provide a fully user controlled electronic device, that helps users to remove the proprietary BIOS firmware from their laptops. The tool allows them to instead run verifiable and Free Firmware, produced by the Coreboot and Libreboot project. Proprietary BIOS is opaque with regards to functionality, and may contain known and unknown security issues. Also controversial elements like the Intel Management Engine can be deactivated. The project helps to empower everyone to create trustworthy digital hardware on her or his own and has been successfully certified by the Respects-Your-Freedom (RYF) Certification Program, set up by the Free Software Foundation in Boston, USA. The device combines the Do-it-Yourself concept with free-design hardware development, even down to chip level. This is achieved by skipping convenient functionalities which would require chips of a proprietary design and by instead using a free-design microcontroller, only. The flasher’s integration into the grid of related existing free software projects yet is to be improved by an additional interface and an in depth firmware review.

>> Read more about Zerocat Chipflasher Flashrom Interface

Chips4Makers ASICs

Current scaling of micro-electronics is focused on improving power, performance and cost per device but with an exponentially increasing start-up cost related to the increased process complexity. For the design of custom chips currently expensive proprietary electronic design automation (EDA) tools need to be used and hefty license fees are due for blocks implementing specific functions like the CPU, USB etc. All this together makes custom chip development only accessible for high-volume production and proprietary designs. In this project a development version of the libre licensed Libre-SOC system-on-a-chip will be manufactured in a 0.18um process combined with development on the open source tools and open source chip building blocks to make this possible. Development on the free and open source tools will be focused on making them compatible with the selected process and the building block development will be focused on the so-called standard cell library, the IO library and the SRAM compiler. This project fits in the longer term goal of the Chips4Makers project to make low-volume custom chip production possible using mature process technologies and free and open source tool chains and building blocks. Purpose is to get innovation using custom chips within reach of small start-ups, makers and even hobbyists.

>> Read more about Chips4Makers ASICs

Conversations — A secure mobile messaging client

Conversations is an Android client for the federated, provider independent network of instant messaging servers that use the Extensible messaging and Presence Protocol (XMPP). It aims to provide a feature set and a user experience that is on par with other well known messaging services. While Conversations is capable of sending end-to-end encrypted text messages, images, short videos and voice messages it currently lacks the ability to make voice and video calls. This project is about adding A/V call capabilities to Conversations in a manner that is compatible to other XMPP clients. To achieve compatibility Conversations will implement the Jingle protocol extensions including XEP 0353 (Jingle Message Initiation) for a smooth user experience across multiple devices.

>> Read more about Conversations

Libre-SOC, Coriolis2 ASIC Layout Collaboration — Open tooling for ASIC Layout

One of the key issues in a trusted, trustable ASIC is for the toolchain to be libre-licensed, so that there is no possibility for hardware-level spying or backdoor compromises. The Alliance / Coriolis2 ASIC layout toolchain by is one of the leading tools in this area. The Libre-SoC is another project being funded through NGI Zero, and at this moment that project needs to get beyond FPGA-proven status. The challenging next phase is to do an actual ASIC layout. With the System-on-Chip being developed in nmigen (a python-based HDL), Alliance / Coriolis2 also makes sense as it is written in Python as well. The funding will go towards doing an ASIC layout in 180nm.

>> Read more about Libre-SOC, Coriolis2 ASIC Layout Collaboration

CryptPad: Project Dialogue — Secure surveys and polls for Cryptpad

Cryptpad is a real-time collaboration environment that encrypts everything clientside. The project will incorporate structured group interaction other than collaborative editing (e.g. gathering input through forms, polls) is a useful addition to this. This will replacing the current basic implementation of polls (like Doodle), and introduce surveys (like Google Forms). Authors will have exclusive control over the content and format of the polls and surveys, such as which questions are asked and the acceptable format of their answers. They'll also have control over the cryptographic keys which decrypt the submitted results, granting authors control over publishing. In addition, the project will develop an extension of its current notifications system to allow instance administrators to publish translatable messages visible to all their users. We'll use this broadcast system to distribute language-specific surveys and recruit willing users into a series of usability studies which will guide a second round of development for these applications.

>> Read more about CryptPad: Project Dialogue

CryptPad — Real-time collaboration with client-side encryption

Cryptpad is a secure and encrypted open source collaboration platform. The CryptPad teams project will fund the development of a number of group-focused features to Cryptpad. We'll improve our current implementation of encrypted shared folders to display the permissions possessed by team members for different documents. The capacity to remove a member from a group is difficult in an encrypted system, as the knowledge of encryption keys cannot be taken away once given. We'll implement key-rotation protocols, and develop encrypted mailboxes to facilitate the delivery of new keys to authorized members. The same mailbox system will enable the development of notifications, allowing users to request additional permissions for documents, to invite new members to a group or session, or to inform friends that a document has been updated. Teams organize in many ways, and with the technical components available we'll focus on interfaces which support different modes of coordination, whether the team is hierarchical or self-organizing. Overall, we hope to make it so that the most intuitive way to collaborate is also the most secure.

>> Read more about CryptPad

CryptPad for communities — Collaborative web editor with client-side encryption

CryptPad is a secure and encrypted open-source collaboration platform, that allows people to work together online on documents, spreadsheets and other types of documents. The amazing thing is that while the participants can work with these web applications as they would with any normal tool, the server has no way of telling what it is they are working on. Everything is encrypted on the device of the user, before it is sent to the server. The "CryptPad for communities" project will improve the experience of users adopting the platform for community management tasks. We'll spend time solving the issues most commonly reported by our users as obstacles to their broader adoption of the platform as an alternative to proprietary services. Document review is as important to many as collaborative editing, so we'll implement comment workflows that integrate our recently introduced social features into our text editors. Our Kanban and spreadsheet apps will both receive some crucial updates to better facilitate project management tasks without compromising on privacy. We'll develop extra access control features based on users' public keys for documents that require stricter protection than is currently offered. Those hosting their own CryptPad instance will benefit from new functionality for their admin panel as well as detailed documentation to make server management more accessible. Finally, we'll implement extra controls permitting admins to limit access to their instance by requiring invites for registration. Altogether we hope these tools will allow communities more determination when it comes to their data, their processes, and their ability to work together productively.

>> Read more about CryptPad for communities

GNU Guix - Cuirass — Continuous integration system for GNU Guix/Linux + Hurd

GNU Guix is a universal functional package manager and operating system which respects the freedom of computer users. The number of supported packages, almost 15.000 on 5 different architectures, is constantly increasing. With the recent efforts adding support for the GNU Hurd operating system, and the ongoing work to easily provide Guix System images for various boards, the need for a strong continuous integration system is critical.

This project aims to improve Cuirass, the GNU Guix continuous integration software to provide binary substitutes for every package or system image within the shortest time. This way, the user won't have to allocate important time and computation power resources into package building. The plan is to add to Cuirass an efficient offloading and work-balancing mechanism between build machines, an improved web interface allowing to monitor machine loads and other build related metrics. A user account section to setup customized monitoring dashboards and subscribe to build failures notifications will also be developed.

>> Read more about GNU Guix - Cuirass

DCnets — Implementation of Dining Cryptographers Network

The aim of the proposed project is to design and implement an open source library that implements the so-called Dining Cryptographer's network or DCnet (first proposed by David Chaum in 1998). Existing implementations suffer from poor efficiency (e.g. high computation and/or communication cost) or limited security (e.g. when a malicious participant can disrupt the communication). The project will produce cryptographic primitives and protocols that help to bring untraceable communication (e.g. untraceable instant messaging, file transfer, IP telephony) closer to practice. We will implement the most recent advances in cryptographic research (e.g. zero-knowledge proofs) and engineering (e.g. highly optimized arithmetic on elliptic curves and finite fields) into account to maximize both security and efficiency.

>> Read more about DCnets

Dat Private Network — Private storage in DAT

The dat private network is a self-hosted server that is easy to deploy on cloud or home infrastructure. Key features include a web-based control panel for administration by non-developers, as well as on-disk encryption. These no-knowledge storage services will ensure backup and high availability of distributed datasets, while also providing trust that unauthorized third-parties won’t have access to content.

By creating a turnkey backup solution, we’ll be able to address two of our users’ most pressing questions about dat: who serves my data when I’m offline, and how do I archive and secure important files? The idea for this module came from the community, and reflects a dire need in the storage space -- no-knowledge backup and sync across devices. A properly-designed backup service will provide solutions to both of these questions, and will do so in a privacy-preserving way.

This deliverable will put resources into bringing this work to a production-ready state, primarily through development towards updates that make use of the latest performance and security updates from the dat ecosystem, such as NOISE support. We plan to maintain the socio-technical infrastructure through an open working group that creates updates for the network as it matures.

>> Read more about Dat Private Network

Structuring the System Layer with Dataspaces — Implementing a secure and scalable system layer on mobile

The system layer is an essential but often-ignored part of an operating system, mediating between user-facing programs and the kernel. Despite its importance, the concept has only been recently recognised and has not received a great deal of attention. The novel Dataspace Model of concurrency and communication combines a small number of concepts to yield succinct expression of ubiquitous system-layer features such as service naming, presence, discovery and activation; security mechanism and policy; subsystem isolation; and robust handling of partial failure. This project will evaluate the hypothesis that the Dataspace Model provides a suitable theoretical and practical foundation for system layers, since a well-founded system layer is a necessary part of any vision of secure, securable, resilient networked personal computing.

>> Read more about Structuring the System Layer with Dataspaces

Dino — User-friendly and secure instant messaging

Dino is an open-source messaging application. It uses XMPP as an underlying protocol, which allows federated, provider-independent communication and offers a world-wide network of interconnected servers. Dino aims to be secure and privacy-friendly while at the same time offering a good user experience and a modern feature set. This project will add encrypted audio/video calling functionality between two or more parties. The implementation will rely on existing standards to interoperate with other XMPP applications.

>> Read more about Dino

Distributed Private Trust — Decentralised trust and reputation system

The project "Distributed Private Trust" wants to develop a prototype for a trust and reputation system that does not rely on a centralized trusted party and provides users with more privacy than current systems. It uses secure multi-party computation to calculate aggregate ratings without having to reveal individual users ratings to any other party. The project also applies techniques from mechanism design to make the system robust to malicious behaviour of participants, for example by diminishing incentives to submit dishonest ratings.

>> Read more about Distributed Private Trust

EEZ DIB — EEZ DIY Instrument Bus

The aim of the EEZ DIB project is to enable the creating and management of modular open hardware T&M (Test & Measurement) solutions. Born out of frustration that solutions from reputable manufacturers are feature rich but closed in design and with expensive software licenses, an attempt have been made to fill the gap between such solutions and DIY/hobbyists solutions which although often open in design lack structure, documentation and completeness that could ensure further growth, development and support.

The hardware part of the project is EEZ BB3, an open source DIB chassis in a compact format that can accommodate up to 3 peripheral T&M modules which can be monitored locally via touchscreen display with responsive and attractive user interface or remotely via USB or Ethernet using Telnet, MQTT, JS and Node-RED. Additional autonomy and programmability has been achieved by adding support for MicroPython scripting.

The software part of the project is EEZ Studio, a free and open source cross-platform application that has two functions: a) visual editor that simplify and accelerate touchscreen GUI development and b) management of multiple EEZ BB3 and 3rd party T&M devices for the purpose of simple communication and acquisition, search and presentation of measurement data.

>> Read more about EEZ DIB

EGIL SCIM client — System for Cross-domain Identity Management

Managing student information in an effective, secure and GDPR compliant way is crucial for the digitalized school. EGIL is an open source client that facilitates the exchange of student information to external providers of study material or administrative services in a standardized way. It supports attributes based on SCIM (RFC 7642-7644) and extensions, it provides an interface to common directory services and supports federated solutions between a large number of school principals and service providers. This project will improve EGIL's federative capabilities, submit an Internet-Draft on the subject federated accounts provisioning, as well as providing a proof of concept for using SCIM as the standard for exchange of student information. This will eliminate the problems caused by using several different exchange protocols and formats between school principals and service providers.

>> Read more about EGIL SCIM client

Edalize ASIC backend — Create open hardware silicon with a fully free software toolchain

Affordable Open Source ASIC development and custom silicon has been a long-standing goal in the community. This will unlock innovation that has previously only been possible for the largest tech companies, allowing for the creation of deployable, trusted Open Source based hardware.

Step by step, this goal has come closer in the last few years as individuals, companies and academic institutions have filled in the missing pieces. Today we have a fully open source end-to-end flow for building open source ASIC - but the effort of on-boarding existing designs remains high. This project aims to provide an easy way to onboard existing gateware and full designs to an open source ASIC flow by creating a FuseSoC backend that targets this toolchain. This will enable a smoother transition from projects already running on FPGAs to also be targeting ASIC flows. It will also allow easier switching between different open source ASIC flows at the point when there are several alternatives to choose from.

In addition to the backend itself, a reference design containing SERV, the world’s smallest RISC-V CPU, will be run through the flow and committed to actual silicon. This will provide a way to guarantee a working flow and provide a simple but usable reference for everyone else looking to onboard their designs. Enabling and demonstrating this path will allow a fully trustworthy path for the fabrication of system-on-a-chip ICs, with no proprietary or closed tools as part of the flow and hence completely inspectable at all stages. This paves the road for other more complex FuseSoC-based open source silicon projects such as OpenTitan and SweRVolf.

>> Read more about Edalize ASIC backend

Etebase - protocol and encryption enhancements — Redesign EteSync protocol and encryption scheme

Etebase is an open-source and end-to-end encrypted software development kit and backend. Think of it as a tool that developers can use to easily build encrypted applications. Etebase is the new name for the protocol that powers EteSync, an open source, end-to-end encrypted, and privacy respecting sync solution for contacts, calendars, notes, tasks and more across all major platforms.

Many people are well aware of the importance of end-to-end encryption. This is evident by the increasing popularity of end-to-end encrypted messaging applications. However, in today's cloud-based world, there is much more (as important!) information that is just left exposed and unencrypted, without people even realising. Calendar events, tasks, personal notes and location data ("find my phone") are a few such examples. This is why the overarching goal of Etebase is to enable users to end-to-end encrypt all of their data.

While the Etebase protocol served EteSync well, there are a number of improvements that could be made to better support EteSync's current and long-term requirements, as well as enabling other developers to build a variety of encrypted applications.

>> Read more about Etebase - protocol and encryption enhancements

EteSync - iOS application — Encrypted synchronisation for calendars, addressbook, etc

EteSync is an open source, end-to-end encrypted, and privacy respecting sync solution for contacts, calendars and tasks with more data types planned for the future. It's currently supported on Android, the desktop (using a DAV adapter layer) where it seamlessly integrates with existing apps, and on the web for easy access from everywhere.

Many people are well aware of the importance of end-to-end encryption. This is evident by the increasing popularity of end-to-end encrypted messaging applications. However, in today's cloud-based world, there is much more (as important!) information that is just left exposed and unencrypted, without people even realising. Calendar events, tasks, personal notes and location data ("find my phone") are a few such examples. This is why the overarching goal of EteSync is to enable users to end-to-end encrypt all of their data.

The purpose of this project is to create an EteSync iOS client which will seamlessly integrate with rest of the system and let the many currently uncatered for iOS users securely sync their data.

>> Read more about EteSync - iOS application

Tracking the Trackers — Automated scanning for spyware in mobile applications

F-Droid is a free software, community app store that has been working since 2010 to make all forms of tracking and advertising visible to users. It is the trusted name for privacy in Android, and app developers who sell based on privacy make the extra effort to get their apps included in the collection. These include Nextcloud, Tor Browser,, and Tutanota. Auditing apps for tracking is labor intensive and error prone, yet ever more in demand. Our tools already aide F-Droid contributors in this process. This project creates new tools using machine learning to drastically speed up this process by augmenting the human review process. Since the prime motivation of the F-Droid community is ethical software distribution, algorithms will never replace humans in making ethical decisions. We will also explore using machine learning to detect tracking in a more generic way, without requiring manually compiled lists of key information. The resulting tools will be generally available for any use case needing to reliably detect trackers in Android apps. This builds upon our collaboration with Exodus Privacy and LibScout.

>> Read more about Tracking the Trackers

Fractal — Native client for the Matrix protocol

Fractal is an Open Source (GPLv3) Matrix client written in Rust. It uses the GTK graphical interface toolkit and is part of the GNOME project. It was created with a big focus on usability and interface design. The objective of this project is to add end-to-end encryption support to Fractal. Fractal has two major parts: A backend part, which communicates with the Matrix server, and a part that contains the GUI and data handling. This will be achieved by first replacing the current backend with the matrix-rust-sdk that was created recently and has several advantages to the current backend, including an abstraction for handling end-to-end encryption for Matrix. Once the backend pieces are in place, Fractal's UI needs to be updated to allow users to actually use end-to-end encryption, which involves a number of non-trivial new user flows (e.g. device verification, cross-signing, key backup).

>> Read more about Fractal

Fix the Pitch Black Attack in Freenet routing — A decentralized distributed platform for private communication

Hyphanet (previously: Freenet) is a peer-to-peer platform with academic roots, offering censorship-resistant publication and privacy by design. It uses a decentralized distributed data store to store and forward information of its users, and is one of the oldest privacy related infrastructures - having been in continuous development for two decades, and predating the alpha version of TOR with several years. This project solves a published theoretical denial-of-service attack on the friend-to-friend structure of its routing, which has been a looming threat since it was discovered a number of years ago.

>> Read more about Fix the Pitch Black Attack in Freenet routing

GNU Mes — Help create an operating system we can trust

GNU Mes was created to address the security concerns that arise from bootstrapping an operating system using large, unauditable binary blobs, which is common practice for all software distributions. Mes is a Scheme interpreter written in a simple subset of C and a C compiler written in Scheme and comes with a small, bootstrappable C library. The Mes bootstrap has halved the size of opaque binaries that were needed to bootstrap GNU Guix, a functional GNU/Linux distribution that focusses on user freedom, reproducibility and security. That reduction was achieved by replacing GNU Binutils, GNU GCC and the GNU C Library with Mes. The final goal is to help create a full source bootstrap for any interested UNIX-like operating system. After three years of volunteer work this funding will enable us to take another big step forward and reach an important new milestone in creating more auditable secure software distributions.

>> Read more about GNU Mes

GNU Mes on ARM — Trustworthy bootstrap for operating systems on ARM ISA

GNU Mes was created to address the security concerns that arise from bootstrapping an operating system using large, unauditable binary blobs, which is common practice for all software distributions. Mes is a Scheme interpreter written in a simple subset of C and a C compiler written in Scheme that comes with a small, bootstrappable C library. The final goal is to help create a full source bootstrap for any interested UNIX-like operating system. This funding will enable GNU Mes to work on the ARM platform.

>> Read more about GNU Mes on ARM

GNU Mes: Full Source bootstrap

GNU Mes was created to address the security concerns that arise from bootstrapping an operating system using large, unauditable binary blobs, which is common practice for all software distributions.

Mes is a Scheme interpreter written in a simple subset of C and a C compiler written in Scheme and comes with a small, bootstrappable C library.

The Mes bootstrap has greatly reduced the size of opaque binaries that were needed to bootstrap GNU Guix, a functional GNU/Linux distribution that focusses on user freedom, reproducibility and security.

That reduction (from ~250MB to ~60MB) was achieved by first replacing GNU Binutils, GNU GCC and the GNU C Library with Mes. The second step was funded by NLnet ( and replaced GNU Awk, GNU Bash, the GNU Core Utilities, GNU Grep, GNU Gzip, GNU SED, and GNU Tar with a more mature Mes, Gash and Gash-Utils.

The final goal is to help create a full source bootstrap for any interested UNIX-like operating system and non-intel architectures (see This funding will enable us to take another big step forward and reach an important new milestone in creating more auditable secure software distributions.

>> Read more about GNU Mes: Full Source bootstrap

GNU Taler — Advanced electronic payment system for privacy-preserving payments

GNU Taler is an advanced electronic payment system for privacy-preserving payments. Unusual for such a system, the entire Taler system is ethical, free/libre software, so there are no dependencies on third parties and no black boxes. Taler can support digital payments in any currency - existing or new, mainstream or private. Unique to the GNU Taler system is that it provides anonymity for customers, while delivering various anti-fraud measures necessary to curb abuse.

If you are a central bank, you can use Taler to provision a CBDC. If you are a regular bank or payment provider, you can use it as a mature digital payment method instead of various proprietary solutions which are opaque and come with many restrictions and high costs. The technology behind Taler fully supports local or community currencies too. Taler was designed to meet all the usual regulations for electronic money issuers, and supports regulations like PCI-DSS and GDPR out of the box. The work done within this grant delivered a key regulatory requirement, an independent audit of the payment service operator (the "exchange"). With the third party security audit of the GNU Taler codebase completed, banks and payment providers can now switch to this new system with confidence. GNU Taler finally brings us a transparent, trustworthy and truly private payment ecosystem that operates independent from vendors.

>> Read more about GNU Taler

GPG Lacre project — Best effort encryption of mail flows with OpenPGP

This project is the continuation of the work on providing open source, GnuPG based email encryption for emails at rest. All incoming emails are automatically encrypted with user's public key before they are saved on the server. It is a server side encryption solution while the control of the encryption keys are fully at the hands of the end-user and private keys are never stored on the server.

The scope of the project is to improve on the already existing code, provide easy to use key upload system (standalone as well as Roundcube plugin) and key discoverability. Beside providing a solution that is easy to use we will also provide easy to digest material about encryption, how it works and how to make use of it in situations other the just mailbox encryption. Understanding how encryption works is the key to self-determination and is therefore an important part of the project.

GPG Mailgate will be battle tested on the email infrastructure of (an ethical non-profit service provider).

>> Read more about GPG Lacre project

GoatCounter — Privacy-friendly web analytics for small websites

GoatCounter aims to provide meaningful privacy-friendly analytics for businesspurposes, while still staying usable for non-technical users to use onpersonal websites. The choices that currently exist are between hosted online services that have serious privacy issues, running your own complex software, or extremely simplistic "vanity statistics". GoatCounter attempts to strike a good balance between various interests. Major features include an easy to run self-hosted option, an intuitive user interface that is also accessible to website maintainers with accessibility needs, and meaningful statistics that go beyond "vanity stats" but still respect user privacy.

>> Read more about GoatCounter

Implement sound support in the Hurd — Add audio capabilities to the multiserver microkernel from GNU

The GNU Hurd is a light weight kernel (the central part of an operating system) on top of the Mach microkernel, with full POSIX compatibility. The mission of the Hurd project is: to create a general-purpose kernel suitable for the GNU operating system, which is viable for everyday use, and gives users and programs as much control over their computing environment as possible. Hurd provides security capabilities like adding access to services for programs at runtime when and only while they need it, and to enable easy low-level development - like replacing a file system during runtime and real-time kernel debugging as if it were a normal program. This project adds an important feature to GNU Hurd: an audio-system with fine-grained access management to physical hardware.

>> Read more about Implement sound support in the Hurd

A proof of concept of identity-based encryption — Make encryption simpler

The project aims to extend the existing attribute-based identity platform IRMA with easy-to-use encryption. The kind of encryption is called Identity-Based. Its main advantage is that key management is simple, so that encryption becomes easy to use, via a plugin to an email client (only Thunderbird in this proof of concept project). The plugin computes the public key of the recipient of a message, from some uniquely identifying attribute of the recipient (typically an email address, but phone number, or citizen registration number could work as well). The receiver of the message will have to prove, via IRMA, possession of the uniquely identifying attribute to some Trusted Third Party (TTP), which will then provide the corresponding private key. Within this project a working set-up will be built. Turning it into a widely usable product will require more work, in follow-up projects.

>> Read more about A proof of concept of identity-based encryption

IMSI Pseudonymization — Better privacy protection for 2G-5G

The IMSI Pseudonymization project will design a specification and provide a reference implementation of a mechanism to conceal the IMSI (international mobile subscriber identity) of a mobile subscriber on the radio interface. The IMSI is used to uniquely identify each subscriber in a (2G, 3G, 4G, 5G) cellular network. However, the privacy of users is not really well protected: current specification require to transfer the IMSI in plain-text at various times before an encrypted connection can be set up. The present project will specify, implement and evaluate a method by which the IMSI will be concealed on the air interface with no modifications to existing mobile phones or any network elements of the operator beyond the HLR/HSS (which implements the authentication on the network side). The project will further submit this proposal into the 3GPP standardization process and attempt to make it at least an optional extension that operators (even MVNOs) can deploy.

>> Read more about IMSI Pseudonymization

IRMA made easy — Usability research into attribute based authentication

Authentication methods, like passwords, often involve a trade-off between usability and security. Secure passwords are a hassle to use, and easy-to-use passwords are often also easy to guess or to brute force. Clearly, there is a need for authentication methods that are both secure and user-friendly. The IRMA mobile app can fill this gap. It was originally developed with a strong focus on providing secure and privacy-friendly authentication. This project will focus on making IRMA easy to use for everyone. We will conduct a formal large-scale evaluation of IRMA that focuses on usability in general as well as on accessibility (i.e. for users with disabilities) in particular. By doing so, usability hindrances can be identified and improved, making IRMA user-friendly and accessible for users with the widest range of capabilities.

>> Read more about IRMA made easy

YunoHost and the Internet Cube — Solutions for DIY-ISP's and self-hosters

YunoHost is a free and open-source server distribution that provides a self-hosted alternative to commercial centralized services, and allows people to take back control over their data. Yunohost aims to make server administration accessible to the general public and ultimately make personal servers as common as desktop computers. Based on YunoHost, the Internet Cube project develops an affordable plug-and-play server that can be bought and easily deployed at home by the general public. In addition to its self-hosting capabilities, it provides a privacy-enhancing WiFi hotspot which protects its users from censorship and metadata leaks. And because it is low-power, it can be used even in remote and offline situations.

>> Read more about YunoHost and the Internet Cube

JavaScript Restrictor — Increasing Security and Privacy of JavaScript APIs

A JavaScript-enabled web page can access any of the APIs that a web browser provides. The user has only a limited control, and some APIs cannot be restricted by the user easily. JShelter (previously also known as JavaScript Restrictor) aims to improve the user control of the web browser. Similarly to a firewall that controls the network traffic, Jshelter controls the APIs provided by the browser. This project has several goals: (1) the analysis of fingerprinting scripts deployed on the web; based on the study, we want to improve the anti-fingerprinting techniques deployed in the JShelter, (2) improvements in the integration, functional, and unit testing, (3) usability and documentation.

>> Read more about JavaScript Restrictor

JShelter — Cross-browser extension to make javascript less exploitable

The Internet is vital to the everyday lives of billions of people. That's why it's especially problematic that, in the course of using the Web, even from an otherwise fully free machine, browsers run nonfree programs that are outside the control, and even awareness, of many users. These programs run behind the scenes -- but on the user's system -- whenever the Web server says to run them. They are typically served to the user as minified JavaScript, and few provide the corresponding human readable source code, or a free license allowing users to lawfully inspect and modify the program. By definition, these programs infringe user freedom. In practice, this also means they pose serious threats to users' privacy and security -- such as by surreptitiously using a user's CPU to mine cryptocurrency, or by capturing and manipulating keystrokes. The Free Software Foundation is working to make all JavaScript on the Web be free software; its JavaScript Shield project is a freely licensed anti-malware browser add-on to limit potential threats from JavaScript, such as fingerprinting, tracking and data collection. It would ask -- globally or per site -- if specific native functions provided by the JavaScript engine and the DOM are allowed by the user. It would also link to an explanatory page for each function, to raise awareness of related threats. Depending on the function being addressed, the user would have the option to allow it, block it, or have it return a spoofed value. This extension will help protect users from critical threats now, and contribute significantly to progress on the necessary longer-term cultural shift of moving away from nonfree JavaScript.

>> Read more about JShelter

End-To-End Encryption for Jitsi Meet — Proven strong encryption for open source video conferencing

Jitsi Meet is an open-source video conferencing application that uses Jitsi Videobridge to provide high quality, secure and scalable video conferences. Traditionally, it used hop-by-hop encryption to secure the contents. The drawback of this is of course that the videobridge is able to view the unencrypted contents. With the advent of the WebRTC Insertable Streams API in Chrome it became possible to implement actual end-to-end encryption on top of WebRTC. This project will implement and verify a more complete solution that involve a key management system which establishes public keys, derives encryption keys and changes them depending on the state of the conference.

>> Read more about End-To-End Encryption for Jitsi Meet

Verified Differential Privacy for Julia — Proving sound privacy guarantees through a type system

Differential privacy can be used to prevent leakage of private information from published results of analyses performed on sensitive data. Doing so correctly requires handling the extra complexity introduced by this technique, on top of the complexity of the analysis procedure itself. A proposed relief comes in the form of type systems. They allow tracking privacy properties of functions in types, where successful typechecking is equivalent to proving sound privacy guarantees. This aids the programmer in reasoning about code, detects implementation errors that are really hard to notice before one falls victim to privacy breach, and can give formal guarantees to the people whose privacy is claimed to be protected. This project will implement a typechecker based on the type system of the Julia programming language. Julia is a high-level, high-performance, dynamic programming language. While it is a general purpose language and can be used to write any application, many of its features are well-suited for high-performance numerical analysis and computational science. This should enable data scientists to compute privacy guarantees for any Julia function before they start working with real user data.

>> Read more about Verified Differential Privacy for Julia

Kaidan — Adding encryption to userfriendly cross-platform XMPP client

Kaidan is a user-friendly and modern chat app for every device. It uses the open communication protocol XMPP (Jabber). Unlike other chat apps, you are not dependent on one specific service provider. Instead, you can choose between various servers and clients. Kaidan is one of those XMPP clients. In contrast to many other XMPP clients, it is easy to get started and switch devices with Kaidan. Additionally, it adapts to your operating system and device's dimensions. It runs on mobile and desktop systems including Linux, Windows, macOS, Android, Plasma Mobile and Ubuntu Touch. The user interface makes use of Kirigami and QtQuick. The back- end of Kaidan is entirely written in C++ using Qt and the Qt-based XMPP library QXmpp.

>> Read more about Kaidan

Kaidan A/V — Secure audio and video calls for Kaidan and QXmpp

The project summary for this project is not yet available. Please come back soon!

>> Read more about Kaidan A/V

Improve Email Encryption in KMail — Adopt improvements in Email Encryption in KMail

The goal of this project is to make it more simple for inexperienced users to just use encrypted mails, at the click of a button. Autocrypt is a new method for email encryption, that needs nearly no user interaction. It performs the needed key exchange transparently in the background, and does key management automatically. Encrypted Headers is a protocol to send mail headers in the encrypted mail part. Traditional encryption methods leaked meta-data, which could be used for mass surveillance purposes. The result will be part of the KDEPIM codebase, so you don't have to install anything else than KMail to use these improvements.

>> Read more about Improve Email Encryption in KMail

ARPA2 LDAP Middleware — Privacy enhancing middleware

Some protocols are far better known than others. Everyone will recognise the HTTP protocol we use to transfer web pages. LDAP is not as well known, but it is also a key technology we use on a daily basis - in fact it shapes how most organisations are organised online. LDAP is a proven technology but can be cumbersome to work with, and as a result it has seen little innovation in recent years.

This project develops a number of innovatie middleware components from the ARPA2 project. This includes a privacy enhancing middleware for LDAP (LEAF), which allows to do attribute filtering and selectively transforming of LDAP; SteamWorks, which allows for responsive large scale configuration and trust delegation; and Lillydap, a library that can be used to easily add LDAP to any application. The project also delivers on (broad)er deployability of these building blocks, by providing tools for distropackaging the innovative solutions produced by the project.

>> Read more about ARPA2 LDAP Middleware

Liberaforms — Open source form server

Cloud services that offer handling of online forms are widely used, for questionnaires but also for gathering data within schools, associations, volunteer organisations, civil society and even families. While these cloud services (such as Google Forms and Microsoft Forms) can be quite convenient to create forms with, for the constituency which has to fill out these forms such practices can actually be very invasive to their privacy - as many forms not only include personal details such as their name, address, gender or age, but also a lot more intimate questions - up to medical details, political information and life style background. In many situations there is a power asymmetry between the people creating the form and the users that have to supply the data through that form. Often there is significant time pressure. No wonder that users feel socially coerced to comply and hand over their data, even though they might be perfectly aware that their own data might be used against them.

This project will produce a free and libre software solution to create online forms, and to manage the outcomes. The goal is to make something for regular humans: user-friendly, non-intrusive and light-weight. The project aims to make self-hosted form management easy even for novice users, so data can be kept safely on-premise or with a hosting company you can trust. Something that can be used by our neighbours, friends, colleagues and anyone else who respects privacy and understands the moral obligation of the creator of a form to protect the privacy of the people that are supposed to share data with them.

>> Read more about Liberaforms

Libre-SOC — A fully open hardware System-on-a-Chip

It is 2019 and it is not possible to buy a mass-produced laptop, tablet or smartphone and replace all of its software (with software that a user can trust) without loss of functionality. Processor boot-loaders are DRM-locked; WIFI, 3D Graphics and Video Processors are proprietary, and Intel's processors contain problematic features and intransparent elements such as the "Management" Engine. The most logical way to restore and engender trust is to literally make a new processor - one that is developed transparently and may be independently audited to the bedrock. The project develops a low-power, mobile-class, 64-bit Quad-Core OpenPower SoC at a minimum 800mhz clock rate, suitable for tablet, netbook, and industrial embedded systems. Full source code files are available for the operating system and bootloader, and the actual processor, its peripherals and its 3D GPU and VPU. Details at

>> Read more about Libre-SOC

LibreSilicon — Free/open source semiconductor manufacturing process

LibreSilicon aims to reduce the steep entry barriers to full custom application-specific integrated circuit (ASIC) design and help people to regain trust in their computing devices, right at the bedrock: When they are manufactured. LibreSilicon provides a standard for manufacturing semiconductors which allows platform independent process design kits (PDKs) and design rules that allow manufacturing the same chip layout in any factory that has calibrated their process according to the LibreSilicon specs. By introducing this process standard, full custom ASIC design should become available to private persons without corporate or academic access to IC foundries. After democratizing software development with tools like Arduino, and PCB design with tools like KiCAD, LibreSilicon will democratize ASIC design, and GDS2 intends to become the new Gerber file format for semiconductor manufacturing.

>> Read more about LibreSilicon

Libre Silicon compiler — Synthesize, place and route hardware description to silicon

LibreSilicon Compiler (LSC) is a place + route suite for silicon. The main focus of this project is to produce legal and efficient silicon layouts from digital netlists (e. g. BLIF, EDIF). Traditionally the placement and routing problem are handled separately and in sequence and the final layout is given by the routing step. In this setup the routing step gains information from placement but not the other way around. LSC attempts to shift this paradigm to create a feedback loop between the two main problems to improve the solution. Furthermore we are incorporating formal methods to produce the compiler software and to verify resulting layouts. While the latter is standard practice, proving properties of the compiler software itself is only widespread in the domain of software compilers. This exercise will be favored by the use of the programming language Haskell and advanced theorem provers. Finally this software aims to profit from explicit module hierarchies given by the developers of digital logic in register-transfer level (e. g. Verilog, Chisel). Greedy solutions can be found for highly modularised chips: when logic is not inlined in the conventional software compiler sense, the size of problem instances is kept small. This also gives parallelism for free, as the dependency tree is resolved from the bottom up.

>> Read more about Libre Silicon compiler

Standard Cell Library — Open Standard Cell Library with automated dimensioning of transistors

Without having an open standard cell library, any open hardware project depends on unknown components. This significantly hampers innovation, and is on the critical path of delivering truly open hardware chips. LibreSilicon's approach to this problem is generative, working from a (potentially verifiable) algorithm for automated sizing of transistors. All commercial available Standard Cell Libraries contain a small subset of all useful cells only, limited by the manpower of the vendor. They are hand-crafted and error-prone, and typically require Non-disclosure agreement (NDAs) while heavily depending on the underlaying PDKs - meaning that the outcome is hard to verify and trust. Goal it so produce a production quality free and open source Standard Cell Library.

>> Read more about Standard Cell Library

Port of AMDVLK/RADV 3D Driver to the Libre-SOC — Adapt Vulkan Drivers to the Libre-SoC

The Libre SoC is being developed to provide a privacy-respecting modern processor, developed transparently and as libre to the bedrock as possible. As a hybrid processor, it is intended to be both a CPU and a GPU. GPUs are typically proprietary (and thus not fully transparent), as is the 3D driver software. The SoC design requires a Vulkan compliant hybrid hardware-software API. The development of the Kazan 3D Driver (developed from scratch inside the Libre SoC) that aims to provide such an API is therefore on the critical path to final release. Given the complex nature of 3D driver development, and because Kazan is a novel approach (written in rust, for security reasons) that dependency is considered a liability. This project develops a second, more traditional Mesa3D driver in c++. This reduces the pressure on the Kazan development, and allows for benchmarking and increased transparency and collaboration on this ambitious project.

>> Read more about Port of AMDVLK/RADV 3D Driver to the Libre-SOC

Libre-SOC Formal Correctness Proofs — Mathematical unit tests for open hardware System-on-Chip

Hardware projects like the Libre-SOC Project involve writing an inordinate amount of comprehensive unit tests to make sure everything functions the way it should. This is a critical and expensive part of the overall design process. Formal Mathematical Proofs (already quite popular in secure software development) provide an interesting alternative for several reasons: they're mathematically inviolate, which we believe makes them more trustworthy. And they are simpler to read and much more comprehensive (100% coverage), saving hugely on development and maintenance. From a security and trust perspective, both aspects are extremely important. Security mistakes are often accidental due to complexity: a reduction in complexity helps avoid mistakes. Secondly: independent auditing of the processor is a matter of running the formal proofs. The project aims to provide proofs for every module of the Libre RISC-V SoC, and therefore contributes significantly with the larger goal of developing a privacy-respecting processor in a way that is independently verifiable.

>> Read more about Libre-SOC Formal Correctness Proofs

Libre-SOC Formal Standards Development — Formal Standards for OpenPower extensions from Libre-SoC

Libre-SOC was first funded from NLnet in 2018. This was for the core of the project, based on an informally-developed Hybrid CPU-GPU 3D instruction set that had been written (and implemented in a simulator) in the 18 months prior to contacting NLnet. During the implementation it became clear that a lot more work is needed, and, further, that to meet proper transparency criteria, the proposed instruction set enhancements would need to be properly written up. In addition, negotiations and communications with the Standards Body responsible for POWER ISA (the OpenPower Foundation) also needed to be taken into consideration. The goal of this project is to deliver on those requirements, and achieve full transparency and understanding of the Libre-SoC.

>> Read more about Libre-SOC Formal Standards Development

Libre-SOC Video Acceleration — Optimised video acceleration instructions for Libre RISC-V SoC

The Libre-SoC Project, has been funded by NLnet to get to FPGA-proven status. This was for the "core" (the main processor). One of the next, specialist, phases, is to ensure that its capabilities are useable to perform Video Acceleration. To do so, Video Software such as ffmpeg, gstreamer and their low-level libraries need to actually use the hardware-accelerated capability. A "normal" commercial processor usually has a separate proprietary VPU, along with proprietary software: both unfortunately are vectors for attack against users, undermining trust and privacy. Without access to Video Acceleration, users are left with the stark choice: be compromised, or don't watch any video, period. This project therefore provides a commercial-grade Video Decoder (minimum 720p) and helps restore trust in the software *and* hardware.

>> Read more about Libre-SOC Video Acceleration

Lightmeter — Email server configuration lifecycle management

Lightmeter will make it easy to run email servers large and small by visualising, monitoring, and notifying users of problems and opportunities for improved performance and security. People will regain control of sensitive communications either directly by running their own mailservers, or indirectly via the increased diversity and trustworthiness of mail hosting services.

>> Read more about Lightmeter

Usability of Linux firewall userspace tools — Userspace tooling for Linux kernel Netfilter

Netfilter is the project offering the packet classification framework for GNU/Linux operating systems. Netfilter supports for stateless and stateful packet filtering, mangling, logging and NAT. Netfilter provides a rule-based language to define the filtering policy through a linear list, sets and maps. This language is domain specific and it provides a simplified programming language to express filtering policies.

Firewall operators are usually not programmers, although they are typically knowledgeable about shell scripting. Humans currently have few means to check for mistakes when elaborating filtering policies, which as a result can interact in unpredictable ways or cause performance issues - meaning one can never be sure how much they can be trusted to protect users.

Lack of correctness and inconsistencies emerge as the rule set increases in complexity. Introducing ways to assist the operator to spot these problems and to provide hints to express the filtering policies in a better way would help to improve this situation. Error reporting is another key aspect to assist humans in troubleshooting. This project aims to extend the existing tooling to introduce infrastructure to cover this aspects.

>> Read more about Usability of Linux firewall userspace tools

LumoSQL — Create more reliable, distributed embedded databases

The most widely-used database (SQLite) is not as reliable as it could be, and is missing essential features like encryption and safe usage in networked environments. Billions of people unknowingly depend on SQLite in their applications for critical tasks throughout the day, and this embedded database is used in many internet applications - including in some core internet and technology infrastructure. This project wants to create a viable alternative ('rip and replace'), using the battle tested LMDB produced by the LDAP community. This effort allow to address a number of other shortcomings, and make many applications more trustworthy and by means of adding cryptography also more private. Given the wide range of use cases and heavy operational demands of this class of embedded databases, a serious effort is needed to execute this plan in a way where users can massively switch. The project will extensively test, and will validate its efforts with a number of critical applications.

>> Read more about LumoSQL

Luna PnR — A versatile and fast new open-source place and route tool

Making a custom chip (ASIC) requires a vast ecosystem of expensive commercial tools, limiting the application of ASICs to large companies; this greatly hampers innovation. Project Luna aims to mitigate this situation by providing a robust open-source automated place & route tool, which forms an important but mostly missing part of the ASIC design flow. This way, universities, makers, small companies and start-ups can get access to ASIC design tools. Luna targets ASIC processes larger than 100nm, which makes it ideal for designing mixed-signal (analogue + digital) chips used in sensors and IOT devices. It integrates well with existing open-source tools, such as YosysHQ's Yosys (a logic synthesis tool) and KLayout (a manual ASIC layout tool), and commercial tools via industry standard file formats. In addition to the affordability issue, Luna allows a full-circle chain-of-trust to be established between designer and chip manufacturer because of its fully open-source nature. During its development, Luna will be used to manufacture designs via our industrial partners in order to verify the correctness and usability of the software. The goal is to present a minimal viable product consisting of a GUI, working place & route and timing verification.

>> Read more about Luna PnR

MNT Reform — A trustworthy open hardware laptop

MNT Reform is a modular open hardware laptop, the first of its kind - designed and built in Europe. The project has high ambitions in terms of usability and user experience. A mechanical keyboard and an elaborate industrial design provide for professional ergonomics. MNT Reform uses RISC processors like ARM and has no built-in recording technology. It runs a free and open source software stack from the ground up. Third parties can easily contribute to the development of new modules. The modular approach does not only make the laptop more extensible but also improves sustainability, and supports the right to repair.

During the project, the team will develop two open hardware System-on-Modules. The first module is based on NXP LS1028A, and will increase RAM capacity to up to 16GB and make external GPUs usable. The second open hardware SoM uses an FPGA (field programmable gate array) to support the validation of open silicon SoC projects in a real laptop. Modules like this make the development of embedded computers easier for open hardware engineers by pre-solving risky and expensive challenges. Finally, we will develop an optional camera module for MNT Reform as part of the project, which will allow the laptop to be used for remote learning and video conferencing.

>> Read more about MNT Reform

Maemo Leste — An independent mobile operating system focused on trustworthiness

Maemo Leste aims to provide a free and open source Maemo experience on mobile phones and tablets. It is an effort to create a true FOSS mobile operating system for the FOSS community. Maemo Leste is based on GNU/Linux, and specifically - Devuan GNU/Linux. The goal is to provide a secure and modern mobile operating system that consists only of free software, obeys and respects the users' privacy and digital rights. The project also works closely with projects that aim to produce hardware that Maemo Leste and other community mobile operating systems could run on. The operating system itself takes much of its design and core components from the Nokia-developed Maemo Fremantle, while replacing any closed source software with open source software.

>> Read more about Maemo Leste

Manyverse — An off-line capable privacy-centric social messaging app

Manyverse is a social networking mobile app, implemented not as a typical cloud service, but instead on a peer-to-peer network: Secure Scuttlebutt (SSB). The mobile app locally hosts the user's database, allowing them to own their personal data, and also use the app when offline. Data can sync from one mobile device to another, via Bluetooth, Wi-Fi, or Internet. Free and open source software.

>> Read more about Manyverse

MEGA65 Phone — A phone simple enough to understand in full

Much of the insecurity and lack of privacy is the simple result of how complex computers, the internet and all of the protocols and technologies that they include. It seems that the majority of proposals to fix this solution consist of adding something to this complicated mess. While this has helped to reduce the symptoms of the problem, by adding complexity it has actually made the problem worse. There are simply too many places for insecurities and privacy violating software to hide in modern complex systems. Even the hardware itself is not immune, with problems like SPECTRE, MELTDOWN and vulnerabilities in the management processors of modern computers and phones showing that even the processors we use today carry significant risks due to their complexity. This project takes a contrarian approach of seeing just how simple a system can be make, that would still be useful for a core set of functionality. The project takes inspiration from the simple and effective computers of the 1980s: it explores how to retain their simplicity and transparency, and combine them with modern improvements in security and capability. The goal is to allow even a single determined person to completely verify that a device has not been compromised, and that there are no unwanted listening ears when performing privacy sensitive tasks. The project will advance its current proof-of-concept to a functioning hardware and software system that can demonstrate profoundly improved security and privacy, and in a way that allows a determined user to verify that the device is still truly under their exclusive control and serving them alone.

>> Read more about MEGA65 Phone

MobileAtlas — A distributed open hardware test infrastructure to analyse mobile networks

MobileAtlas is an international measurement platform for cellular networks that takes roaming measurements to the next level. Although mobile cellular networks have become a major Internet access technology, mobile data traffic is surging, and data roaming has become widely used, well-established measurement platforms (e.g., RIPE Atlas) are not well-suited for measurements in the mobile network ecosystem. This includes measurements of metered connections and consideration of roaming status and zero-rating offers.

MobileAtlas implements a promising approach by geographically decoupling SIM card and modem, which boosts the scalability and flexibility of the measurement platform. It offers versatile capabilities and a controlled environment that makes a good foundation for qualitative measurements. We want to establish the framework with at least twenty open hardware probes, and create a platform for shared usage among scientists and Internet activists.

>> Read more about MobileAtlas

Mobile Test Farm — Test farm setup for aftermarket mobile operating systems

This project will deliver a useful contribution to the alternative mobile ecosystem: a physical continuous integration system that allows to connect different phones and which can be used to e.g. run regression tests for different operating systems on these devices to verify if core functionality isn't broken when e.g. a new kernel is added.

>> Read more about Mobile Test Farm

Mosaic — Trustworthy open hardware design tool for electrical engineers

Today, the chip design industry is deeply proprietary with NDAs at every level, which means it is not possible to share design files at all, which in turn stifles innovation and transparency in chip design. In order to create a chip design industry that can be trusted with our digital lives, and is accessible to educational institutions and small business, it is essential to develop powerful open source tools for chip design, which can be used by anyone and allows unhindered collaboration. Mosaic is a tool that attacks the first design phase of an analog chip, or analog peripherals for a digital one: design and simulation of the schematic. It will also interact with other phases of the design as needed. Unlike existing open source solutions it will be catered towards chip design, based on modern technologies, and extensive UX design.

>> Read more about Mosaic

Movim — Add OMEMO encryption to Movim XMPP client

Movim is a web platform that delivers social and IM features on top of the mature XMPP standard (aka Jabber). Unlike other chat apps, with XMPP you have a choice of both servers and clients - and the ability to add any features you want, and restrict your trust to those that deserve it. Movim is a user-friendly communication platform aimed at small and medium structures (up to a hundred simultaneous users), and sports a number of unique social features beyond instant messaging. And because it sits on XMPP, Movim users can explore the whole global instant messaging network from a single account.

In this project, Movim will add end-to-end encryption to its chat interface, in this case the OMEMO XEP. Since Movim is browser based, the implementation will be have to put the encryption layer client-side - or in other words, inside the browser. Because users can connect simultaneously on the same XMPP account using different browsers with Movim, each browsers will be seen as a different "device". Decrypted messages will be saved in a browser database, using IndexedDB. The web server will just take care of handling public keys to the XMPP network and store the encrypted messages, same as the user's XMPP server does when using archiving methods. The project will deal with both the one-to-one chat implementation and the Multi-User Chat part of Movim. This is part of a concerted effort to create reliable end-to-end encryption for XMPP based real time communications. At present growth of the wider network is hampered by lack of interoperability.

>> Read more about Movim

Nitrokey — Open hardware for encryption and authentication

Nitrokey is an open source hardware USB key for data encryption and two-factor authentication with FIDO. While FIDO is supported by web browsers, using Nitrokey as a secure key store for email and (arbitrary) data encryption requires a native software. Therefore email encryption in webmail isn’t possible with Nitrokey. At the same time strong end-to-end encryption in web applications all share the same challenge: To store users' private keys securely and conveniently. Therefore secure end-to-end encryption usually requires native software too (e.g. instant messenger app) or - less secure - store the user keys password-encrypted on servers. Nitrokey aims to solve these issues by developing a way to use Nitrokey with web applications. To avoid the necessity of device driver, browser add-on or separate software this project is going to utilize the FIDO (CTAP) protocol. As a result the solution will work with any modern browser (which all support WebAuthn), on any operating system even on Android. This will give any web application the option to store private keys on ones own Nitrokey devices.

>> Read more about Nitrokey

NoScript Contextual Policies & LAN protection — Application Boundaries Enforcer (ABE) for new generation of browsers

NoScript is a FOSS browser extension for Firefox, Chromium and its derivatives. It can be used on desktop and mobile browsers, and enhances security by providing control over JavaScript and other active content. It is the first and still most effective XSS filter. NoScript is an integral part of the Tor Browser, as the back-end of its "Security Level" settings.

ABE-Quantum is the next generation of the Application Boundary Enforcer (ABE), a NoScript module that provided protection against several cross-site and cross-network attacks. When Mozilla abandoned the legacy Firefox add-ons platform in 2017, ABE did not survive the painful transition to the new cross-browser (but backward incompatible) WebExtensions API. The ABE-Quantum project aims to bring the main ABE features to WebExtension-capable browsers, and specifically: 1) contextual content blocking policies depending both on the origin and the destination of the request, e.g. "Block scripts everywhere unless the parent site is"; 2) protecting LAN endpoints (i.e. routers or other internal applications) against browser-based attacks from the WAN using the web layer to work-around traditional firewalls. These features will be integrated in NoScript's user interface - rather than leveraging a firewall-inspired policy definition language like in the original ABE - in order to provide a simpler, more accessible and more intuitive user experience.

>> Read more about NoScript Contextual Policies & LAN protection

Nym Credentials — A decentralised solution for authentication

Nym Credentials provides open-source code for privacy-enhanced authentication and authorization in a decentralized environment. Today, when using "single-sign in" solutions, users hand over their personal data to third-party identity providers such as Facebook Connect and Sign-In with Google. Nym Credentials tackles this problem by allowing users to securely authenticate and transfer personal data (and proofs of private data) while maintaining privacy without a centralized identity provider. Each credential is cryptographically unlinkable between usages and multiple decentralized identity providers can verify this data. Open-source Nym credential libraries can be easily integrated into existing services, with a focus on federated and decentralized European environments.

>> Read more about Nym Credentials

Off-the-Record messaging version 4 — Advanced protocol for secure messaging

OTRv4 is the newest version of the Off-The-Record messaging protocol. It is a protocol where the newest academic research intertwines with real-world implementations. It's aim is to give end-to-end encryption, deniability, authentication, forward secrecy and post-compromise security for any kind of messaging (online or offline). The goal of this new version is to give the most secure privacy and security properties that have a real impact on the world. This new version aims to be available in different desktop clients (that use XMPP or other messaging protocol) and in mobile clients.

>> Read more about Off-the-Record messaging version 4

OnBaSca — Tor Bandwidth Scanner

The Tor network is comprised of thousands of volunteer-run relays around the world, and millions of people rely on it for privacy and freedom online everyday. To monitor the Tor network's performance, detect attacks on it, and better distribute load across the network, we employ what we call Tor bandwidth scanners. The bandwidth scanners are run by the directory authorities, which are special relays that maintains a list of currently-running relays. This project will make a number of improvements to the new bandwidth scanner call sbws, to make it easier for directory authorities to deploy it, for relay operators to better diagnose issues and for end users to benefit from increased quality of experience.

>> Read more about OnBaSca

Opaque Sphinx — Secure password-based authentication with Opaque/Sphinx

Opaque Sphinx is a project that aims to secure password-based authentication by deploying the state-of-the-art SPHINX and OPAQUE cryptographic protocols to eliminate almost all common attack vectors - such as weak guessable passwords, password reuse, phishing, password databases, offline dictionary attacks, database leaks - plaguing current solutions. These protocols provide the strongest available cryptographic properties with cryptographic proofs. The project intend to port its already existing free software SPHINX implementation - besides already existing support for Linux and Windows - to Android so it can also be used on smartphones.

>> Read more about Opaque Sphinx

Opaque Sphinx Server and Clients — Server and tools for modern authentication

Passwords are probably the most common way to remotely use private services, which makes them a major liability - humans on average find it very hard to memorize strong passwords. Luckily, passwords - or more particularly tools to work with passwords more safely - are evolving as well. SPHINX is a novel approach to password storage that is information theoretically secure. And unlike most online password managers, the user does not even have to trust the server. OPAQUE is a novel protocol that can be used to eliminate phishing as an attack vector when authenticating to servers. The combination of SPHINX and OPAQUE provides some very strong guarantees while still allowing users to only need to remember one or just a few passwords. This project will develop a SPHINX server in a safe, compiled language, with ample tests. It will also further develop and refine a protocol above SPHINX, handling creation, deletion, backup and changing of data. In addition it will add the OPAQUE protocol to various free software ecosystems such as PHP, java, nodejs, ruby, golang, erlang and rust, as well as to the two most used webservers: nginx and apache2.

>> Read more about Opaque Sphinx Server and Clients

DRTM implementation for AMD processors — Unified framework for dynamic RTM

The Trenchboot project aims to create a unified framework for dynamic RTM (DRTM) implementation for all platforms. (D)RTM is used to verify if bugs or vulnerabilities have compromised a system, and as such is an important component to get to advanced stages of trustworthiness for our hardware.

>> Read more about DRTM implementation for AMD processors

OpenPGP Certificate Authority — Managing OpenPGP keys for communities and organisation

OpenPGP CA is a tool for managing OpenPGP keys within an organization. Its primary goal is to make it trivial for end users to authenticate the OpenPGP keys of users in their organization, and in adjacent organizations. In an OpenPGP CA-using organization, users delegate authentication to an in-house CA. This allows users to securely and seamlessly communicate via PGP-encrypted email without having to manually compare fingerprints, without having to understand OpenPGP keys or signatures, and without having to trust a third-party with potentially conflicting interests. This goal is achieved by shifting the authentication burden from individual users to an organization's administrator, and providing a tool that largely automates key creation, and signing as well as key dissemination. Importantly, because OpenPGP CA works within the existing OpenPGP framework, users do not need any new software to take advantage of OpenPGP CA's benefits; they can continue to use existing email clients and encryption plugins. Further, OpenPGP CA can co-exist with other authentication approaches, like traditional key signing workflows.

>> Read more about OpenPGP Certificate Authority

802.11n feature of openwifi — Open Hardware implementation of wifi

The Openwifi project aims to offer an open source Wi-Fi chip design that could act as a missing piece of the open source software/hardware puzzle. In the past decades, open source software has played a key role towards the open and trusted internet. In recent years, the open source processor project, like openRISC and RISC-V, pushes forward to construct open source devices/computers. However, the radio connectivity of the device still relies on the black-box radio chips (Wi-Fi, BLE, cellular). As the initial step of the open source Wi-Fi chip, openwifi project has implemented the 802.11a/g full-stack on the FPGA based Software Defined Radio (SDR) platform. The FPGA (Xilinx Zynq SoC) also includes a multi-core ARM processor, so that we can have Linux (TCP/IP, mac80211 and driver) and Wi-Fi (Low MAC and PHY) in the same chip. This NGI funding opportunity will support openwifi project development of 802.11n feature, which moves the project closer to the state of art Wi-Fi technology. The development mainly includes 3 tasks: Adding the 802.11n mode to the original 802.11a/g PHY (Physical layer) transceiver; Extending the low MAC (Media Access Control) and processor interface to support the additional 802.11n elements, such as the SIGNAL field and bigger payload size; Improving the openwifi driver to handle the 802.11n elements and expose the 802.11n capabilities to Linux mac80211 framework. The Openwifi project currently focuses on the Wi-Fi functionality, integrity and stability. In the future, the platform independent methodology will be considered: Integrating the openwifi IP with open source on-chip bus (such as wishbone) and RISC-V processor by open source EDA tools.

>> Read more about 802.11n feature of openwifi

PGP4civiCRM — Add email encryption to CRM

E-mail security and privacy is not just relevant inside organisations or between individuals. A lot of email traffic comes from the institutions we all have to deal with, including some of the most confidential emails we get. And yet there is no way for users to protect their privacy and confidentiality when sending and receiving messages from organisations using such systems. PGP4civiCRM enables automatic PGP encryption/decryption of e-mails on the server side. While the project will provide special integration for the Constituent Relation Management System CiviCRM, the basic functionality can be used also with regular mailservers like postfix. The PGP4civiCRM core will basically be a milter, that listens for input messages, then looks up PGP keys from configurable sources (local key rings, LDAP) and then, based on a local, configurable, policy, encrypts/decrypts messages (or leaves them untouched) before passing them on. This way system administrators can with tiny effort provide transparent encryption support for all their mail users. Especially for CiviCRM the project will create an extension that allows easy web-based configuration of the relevant pieces and displaying of encrypted, received e-mails using OpenPGP.js.

>> Read more about PGP4civiCRM

Securing PLCs via embedded protocol adapters — Open hardware protocol adapters for industrial automation

Industrial Programmable Logic Controllers have been controlling the heart of any production machinery since the mid-70s. However have these devices never been built for the usage in completely unprotected environments such as the Internet. Currently most PLCs out in the wild have absolutely no means to protect them from malicious manipulation (Most don't even have an effective password protection). Unfortunately "Industry 4.0" is all about connecting these devices to the Cloud and hereby attaching them to potentially unsecure networks. In the "Securing PLCs via embedded Open-Source protocol adapters" initiative we are planning on porting the Apache PLC4X drivers to languages that can also be used in embedded hardware. Additionally we also want to create secure protocol-adapters using these new drivers together with Apache MyNewt, to create protocol-adapters that could eventually even be located inside the network connectors which are plugged into the PLC in an attempt to reduce the length of the unsecured network to an absolute minimum without actually modifying the PLC itself.

>> Read more about Securing PLCs via embedded protocol adapters

Privacy Enhancements for PowerDNS and DNSdist — Make it easier to deploy private DoT/DoH resolvers

DNS over TLS (DoT) and DNS over HTTPS (DoH) are two recent developments in the DNS field, and currently these are dominated by US based providers. The project will enhance the availability of open, trustworthy, privacy respecting DNS Resolvers in such a way that it allows any DNS provider, operator, or user to provide encrypted DNS service. This project aims to speed up implementation, improvement and standardisation of the most important Privacy enhancing features of DNSdist and PowerDNS resolvers to allow for the entire DNS-chain (from client, to caching-resolver, to authoritative nameserver) to be encrypted. The project will add support to the (open source) PowerDNS components (dnsdist, recursor and Authoritative server) for the privacy features necessary.

>> Read more about Privacy Enhancements for PowerDNS and DNSdist

Qubes OS — Bring the security of Qubes OS to people with disabilities

Qubes OS is a free and open source operating system uniquely designed to protect the security and privacy of the user. Its architecture is built to enable the user to define different security environments ("qubes") on their computer and visually manage their interaction with each other and the world. This project will improve the usability of Qubes OS by: (1) reviewing and integrating already existing community-created usability improvements, (2) implementing a localization strategy for the OS and its documentation, and (3) creating a holistic approach for improved accessibility.

>> Read more about Qubes OS

RISC-V Phone — Open hardware RISC-V Phone

The goal of the "RISC-V Phone" project is to develop a simple, fully featured and privacy enhanced mobile phone. It is built using off-the-shelf inexpensive components which are easy to assemble even in a home lab. The software for it is small, simple and easy to audit. Basic phone functionality is running on a secure RISC-V microcontroller (FE310 from SiFive) which controls all peripherals: microphone, speaker, display/touch controller, camera. The phone will be using esp32 for WiFi and Bluetooth, along with industry standard mPCIe modem for cellular communication. Graphics/touch panel controller FT813 enables advanced user experience. The phone will provide VOIP/messaging application using packet data protocol similar to CurveCP which features end-to-end encryption and onion routing. There is also a socket for optional ARM SoM which shares display/touch panel with the main board.

>> Read more about RISC-V Phone

RNP Confium — Distributed trust store enabling threshold encryption

Confium is an open-source distributed trust store framework that enables usage of the new paradigm of threshold encryption, powering new modes such as cryptographic secure multi-factor authentication. It aims to provide a generalized API and an extensible architecture for the usage of trust stores and future cryptographic families, to support standardization efforts of threshold cryptography, and to bridge cryptographers with the practical usage of cryptography. The current project enables implementation of the Confium framework with a 2-out-of-3 threshold RSA signature scheme.

>> Read more about RNP Confium

Redwax — Standardisation of client side PKI interfaces

The internet was not designed as a public infrastructure and most of the engineering trade-offs of the lower-layer technologies have generally erred on the side of accommodating fast growth and ease rather than values such as security, confidentiality and privacy. Yet today the internet is everywhere from providing a place for democratic discourse to healthcare to finance and personal communication. Redwax aims to decentralise trust management so that the values security, confidentiality and privacy can be upheld in public infrastructure and private interactions. The overarching goal of Redwax is to strengthen the existing technologies and infrastructure by providing a modular and practical set of tools to manage public key based trust infrastructures as currently used. These tools capture and hard code a lot of industry best practice and specialist PKI knowledge so that they can be put into the hands of a much wider community than currently served by a few specialist industries. With this project the Redwax team hopes to help re-establish (and/or strengthen) the support for these non-centralized trust management technologies inside web browsers and other relevant applications by working with standards organizations and industry coordination groups, and to create the initial reference implementations for their standardisation.

>> Read more about Redwax

Reowolf — Rip and replace for BSD socket insecurity

The Reowolf project aims to replace a decades-old application programming interface (BSD-style sockets) for communication on the Internet. In this project, a novel programming interface is implemented at the systems level that is interoperable with existing Internet applications. Currently, to increase quality of service (e.g. intrusion detection, latency and throughput) non-standard techniques are applied. Internet service providers resort to deep packet inspection to guess applications intent, and BSD-style socket programming is error-prone and tweaking is fragile. This project resolves these problems: it provides support to middleware to further improve quality of service without having to give up on privacy, and makes programming of Internet applications easier to do correctly and thus more reliable.

>> Read more about Reowolf

Graphics acceleration on Replicant — Free software graphics drivers for mobile phones

The project aims to create a free software graphics stack for Replicant 9 that is compatible with OpenGL ES (GLES) 2.0 and can do software rendering with a decent performance, or GPU rendering if a free software driver is available. Replicant is a fully free software Android distribution that puts emphasis on freedom, privacy and security. It is based on LineageOS and replaces or avoids every proprietary component of the system. Replicant is so far the only distribution for smartphones that is endorsed by the Free Software Foundation as meeting the Free System Distribution Guidelines. Due to its strict commitment to software freedom, Replicant does not use the proprietary GPU drivers that shipped within other Android distributions. The project aims to put together a new graphics stack for the upcoming Replicant 9 that is GLES 2.0 capable. The project will then focus on improving the performance by fine tuning its OpenGL operations and leveraging hardware features. At last, focus will swift into the integration of the Lima driver, a free software driver for ARM Mali-4xx GPUs, which will allow to offload some GLES operations to the GPU. This will greatly increase graphics performance and thus usability.

>> Read more about Graphics acceleration on Replicant

Finish porting Replicant to newer Android version — Alternative, free software version of Android

Replicant is the only fully free operating system for smartphones and tablets. All the other operating systems for smartphones and tablets use nonfree software to make some of the hardware components work (cellular network modem, GPS, graphics, etc). Replicant avoids that, either by writing free software replacement, by tweaking the system not to depend on it, or, as the last resort by not supporting the hardware component that depends on it. However it is based on Android 6, which is not supported anymore, thus it has way too many security issues to fix, so keeping using this version is not sustainable. This project consists in finishing to port Replicant to Android 9, which now has standardised an interface for the code that makes the hardware components work. Once done, it will also make the free software replacement automatically work on future Android versions.

>> Read more about Finish porting Replicant to newer Android version

Ricochet Refresh — Anonymous, meta-data free secure messaging

Ricochet Refresh, is a metadataless messenger for PCs (Windows, macOS, Unix) that provides anonymity as well as security. By using Tor, it allows people at risk making public interest disclosures to communicate in chat sessions with anonymity to journalists, members of parliament, regulators protecting the environment, financial malfeasance investigators and others who have the power in society to act as corrective mechanisms to serious wrongdoing. This project will update Ricochet, reduce known security risks, and ensure continued compatibility with Tor's onion services protocol. The possibility of anonymous communication is important for everyone, but particularly vital for those who risk reprisal in their workplace or other institutions to be able to speak up. Through anonymity, Ricochet Refresh allows the focus to be on the disclosure, not on the source or whistleblower. Thus, the project provides a tool in support of evidence-based reporting in the public interest by creating a safe on-going channel for the journalist to conduct verification as the story develops.

>> Read more about Ricochet Refresh

Ripple — Safer and faster incremental software builds

As it stands, reproducible builds are not accessible to the average developer. Existing projects tackling this problem come with significant caveats: some rebuild packages from scratch, making them practically useless for interactive development, while discouraging users from hacking on the core parts of their system due to cascading rebuilds; others are drastically more efficient, but come with fewer correctness guarantees, and require build scripts to be re-implemented in custom DSLs, making them costly to adopt. This is further exacerbated by frustrating, flaky tooling, and the proliferation of compatibility issues arising from inherent constraints of these solutions. Ripple is a hermetic, incremental, meta build system. It provides stronger purity guarantees and improved efficiency over existing solutions, while being completely ecosystem-agnostic. In effect, Ripple can memoize arbitrary programs. This lets users migrate gradually, opting into ecosystem-specific optimizations and abstractions at their own pace, and opens up a huge number of creative possibilities. Ripple aims to make reproducible builds not only easy, but fun — encouraging mainstream adoption, so we might together put to rest the ghost of bygone builds.

>> Read more about Ripple

Robotnix — Reproducible Builds of Android with NIX

Robotnix enables a user to easily build Android (AOSP) images using the Nix package manager. AOSP projects often contain long and complicated build instructions requiring a variety of tools for fetching source code and executing the build. This applies not only to Android itself, but also to projects which are to be included in the Android build, such as the Linux kernel, Chromium webview, and others. Robotnix orchestrates the diverse build tools across these multiple projects using Nix, inheriting its reliability and reproducibility benefits, and consequently making the build and signing process very simple for an end-user.

>> Read more about Robotnix

Rust Threadpool — Improve privacy of Rust threading library

ThreadPool is a free and open-source library that provides a simple and intuitive interface for programmers to multi-threaded programming. ThreadPool aims to make parallel programming accessible to the general public. Running tasks in parallel is a vital building block for building efficient solutions on modern hardware. Combined with Rust's type-system this library allows programmers to parallelize their applications without introducing unsafe behaviour while managing the administrative tasks of interacting with the operating system.

>> Read more about Rust Threadpool

SASL XMSS — Make SASL work with XMSS protocol

Simple Authentication and Security Layer (SASL) is an authentication and data security framework. The framework defines a structured interface to which SASL mechanisms must comply. These mechanisms can then be used by application protocols in a uniform manner. XMSS provides cryptographic digital signatures without relying on the conjectured hardness of mathematical problems. Instead, it is proven that it only relies on the properties of cryptographic hash functions. XMSS provides strong security guarantees and is even secure when the collision resistance of the underlying hash function is broken. It is suitable for compact implementations, is relatively simple to implement, and naturally resists side-channel attacks. Unlike most other signature systems, hash-based signatures can so far withstand known attacks using quantum computers. The SASL XMSS project's goal is to implement the XMSS system as a SASL mechanism in one of the publicly available open source SASL libraries.

>> Read more about SASL XMSS

SASL Works for the InternetWide Architecture — Integrate new authentication mechanisms into SASL

The SASL Works allow clients to use authentication mechanism that meet their requirements, and use it in virtually all protocols, which includes but is not limited to the web. Servers on the other hand, can flexibly adapt to clients from any domain, by backporting authentication inquiries to the client's own realm for the desired level of approval. Once configured, this process frees service providers from the need to manage user accounts and secure storage of credentials. Clients finally get a choice to use strong cryptographic authentication mechanisms instead of being forced to use a site programmer's poor approach to security. This in turn is helpful for setting higher levels of security policies in formal bodies such as organisations and governments, while generally simplifying the user interaction.

>> Read more about SASL Works for the InternetWide Architecture

SpinalHDL, VexRiscv, SaxonSoc — Open Hardware System-on-Chip design framework based on SpinalHDL

The goal of SaxonSoc is to design a fully open source SoC, based on RISC-V, capable of running linux and optimized for FPGA to allow its efficient deployment on cheap and already purchasable chips and development boards. This would provide a very accessible platform for individuals and industrials to use directly or to extend with their own specific hardware/software requirements, while providing an answer to hardware trust.

Its hardware technology stack is based on 3 projects. SpinalHDL (which provides an advanced hardware description language), VexRiscv (providing the CPU design) and SaxonSoC (providing the facilities to assemble the SoC).

In this project, we will extend SpinalHDL, VexRiscv and SaxonSoc with USB, I2S audio, AES and Floating point hardware capabilities to extend the SoC applications to new horizons while keeping the hardware and software stack open.

>> Read more about SpinalHDL, VexRiscv, SaxonSoc

SeedVault — Private backups of mobile applications

SeedVault is an independent open-source data backup and restore application for Android and derived mobile operating systems. By storing Android users' data in a place the user chooses, and by using client-side encryption to protect backed-up data, SeedVault offers users maximum data privacy and resilience with minimal hassle. SeedVault uses Android's Storage Access Framework (SAF) to read and write encrypted app data. This allows it to backup and restore application data on a wide range of platforms and even USB flash drives. The first part of this project is to improve the current implementation and optimize it to work with widely used self-hosted storage solutions like Nextcloud. The second part of this project is to allow SeedVault to also back up data beyond the installed apps and their data, including the user's photos, videos and music as well as their call logs and SMS.

>> Read more about SeedVault

Solid Control — Access Control mechanism for data and services within Solid

Solid-Control aims to enhance Tim Berners-Lee's Social Linked Data Project (Solid) with Attribute-Based Access Control. By extending the Linked Data Platform (LDP) with WebID based authentication and Access Control Lists (ACL), Solid has enabled the emergence of new forms of Hyper-Apps. These apps can follow data from server to server, authenticate when needed and write to the user's Personal Online Data storage (Pod), creating a decentralised social web.

With relation-based access control (friend of a friend, business network, etc.), Solid can be a full alternative to centralised social networks. We also want to allow authentication based on Verifiable Claims such as age. Solid-Control will work on developing the needed logic, verify protocols, write prototype implementations and contribute to the Solid Auth Community groups, which are developing specs for standardisation.

>> Read more about Solid Control

Spectrum — A security through compartmentalization based operating system

Spectrum is an implementation of a security through compartmentalization based operating system, built on top of the Linux kernel. Unlike other such implementations, user data and application state will be managed centrally, while remaining isolated, meaning that the system can be backed up and managed as a whole, rather than mixed up in several dozen virtual machines. The host system and isolated environments will all be managed declaratively and reproducibly using Nix, the purely functional package manager. This will save the user the burden of maintaining many different virtual computers, allowing finer-grained resource access controls and making it possible to verify the software running across all environments. The Linux base, and a variety of isolation technologies from containers to virtual machines, will bring security through compartmentalization to a much wider range of hardware than previous implementations, and therefore make it accessible to many more people.

>> Read more about Spectrum

Secure User Interfaces (Spritely) — Usability of decentralised social media

Spritely is a project to advance the federated social network by adding richer communication and privacy/security features to the network. This particular sub-project aims to demonstrate how user interfaces can and should play an important role in user security. The core elements necessary for secure interaction are shown through a simple chat interface which integrates a contact list as an easy-to-use implementation of a "petname interface". Information from this contact list is integrated throughout the implementation in such a way that helps reduce phishing risk, aids discovery of meeting other users, and requires no centralized naming authority. As an additional benefit, this project will demonstrate some of the asynchronous network programming features of the Spritely development stack.

>> Read more about Secure User Interfaces (Spritely)

Suhosin-NG — Harden PHP 7 and PHP 8 applications

The PHP programming language was invented by Danish programmer Rasmus Lerdorf in 1994. The language is actively used by millions of websites through popular tools such as WordPress, Owncloud and Wikimedia. Suhosin-NG (next generation) will significantly improve the security of web applications running with PHP 7, and help thwart popular web attack vectors aimed at PHP based websites. Already existing ideas from the Suhosin project for PHP 5 will be gathered in addition to implementing a number of new ideas to improve the overall security stature of PHP 7. This concerns harnessing new features of the language, mitigating security risks in the default configuration and improvements to the runtime behaviour. In practical terms the project will implement these by extending the PHP extension Snuffleupagus, that already provides a good basis for hardening PHP 7. The project's goal is to provide software and documentation for setting up a PHP 7 environment in the most secure way possible.

>> Read more about Suhosin-NG

Sylk chat — Add instant messaging features to Sylk

Internet communications privacy is important to users, and there is a limited set of encrypted multiparty audio and videoconferencing solutions available to consumers and businesses today. The market, predominantly occupied by proprietary services that often require risky plugins, lack introspection and transparency, proved to expose users to significant security and privacy issues. This trend must be counteracted by better open source equivalents. Sylk provides a multi-party video encrypted conferencing solution meant to run on an end user computer or a mobile device. It is based on the WebRTC standard, and has a focus on user privacy and easy of use. This project will add one-to-one and group chat capabilities, allowing users to for example have end-to-end encryption or maintain long term group chats like other messaging apps do.

>> Read more about Sylk chat

Sylk Client — Secure multiparty videoconferencing application

Internet communications privacy is important to users, and there is a limited set of encrypted multiparty audio and videoconferencing solutions available to consumers and businesses today. The market, predominantly occupied by proprietary services that often require risky plugins, lack introspection and transparency, proved to expose users to significant security and privacy issues. This trend must be counteracted by better open source equivalents.

SylkSuite, composed by SylkServer and SylkClient is a clean and elegant open source multiparty conferencing solution for both the client and a server written in Python. SylkSuite allows groups of users to communicate privately with rich multimedia, accessed through different protocol stacks. SylkSuite allows bridging SIP clients, XMPP endpoints and WebRTC applications by using Janus backend.

The developers have a focus on strong interoperability based on the use of open standards.

>> Read more about Sylk Client

Sylk Mobile — Secure real-time mobile communications

Internet communications privacy is important to users, and there is a limited set of encrypted multiparty audio and videoconferencing solutions available to consumers and businesses today. The market, predominantly occupied by proprietary services that often require risky plugins, lack introspection and transparency, proved to expose users to significant security and privacy issues. This trend must be counteracted by better open source equivalents. Sylk Mobile provides a multi-party video encrypted conferencing solution mean to run on an end user computer or a mobile device. It is based on the WebRTC standard, and has a focus on user privacy and easy of use.

>> Read more about Sylk Mobile

RETETRA — Security Analysis of Proprietary Cryptography in Terrestrial Trunked Radio

Terrestrial Trunked Radio (TETRA) is a European standard for trunked radio used globally by government agencies, emergency services and critical infrastructure. Apart from most European police agencies (such as BOSNET in Germany or RAKEL in Sweden), military operators and emergency services, TETRA is also widely used for SCADA telecontrol of oil rigs, pipelines, transportation and electric and water utilities. TETRA authentication and encryption are handled by secret, proprietary cryptographic cipher-suites known as TAA1 and TEA which are only available to select parties under strict NDAs which runs counter to both the spirit of open technologies and Kerckhoffs's principle. The latter's potential consequences are illustrated by the fate of A5/1, A5/2 and their GMR variants in cellular and satellite communications, allowing ciphers that can be broken in practice to fester in public and critical infrastructure for far too long. This project aims to reverse-engineer and subsequently perform cryptanalysis on these cipher-suites and finally formulate a hardening roadmap in order to provide a research-oriented FOSS implementation of the cipher-suites and aid affected parties in moving away from unexamined, proprietary security mechanisms towards open standards.

>> Read more about RETETRA

TLS-KDH mbed — Implement TLS-KDH into mbed

TLS-KDH ( is a mechanism that adds Kerberos authentication to the Transport Layer Security (TLS) network protocol. TLS-KDH is developed under the flag of ARPA2 ( and is formalized in the form of a draft Internet specification. Furthermore, a successful prototype implementation has been built and integrated into GnuTLS. Making this prototype code production ready is well underway and in its final stage.

In order for TLS-KDH to become an Internet Standard the IETF requires at least two working implementations. To provide the IETF with two TLS-KDH implementations and to address the embedded world with a TLS-KDH capable TLS library we chose MbedTLS as our second library. The TLS-KDH mbed project's goal is to implement the TLS-KDH functionality in the MbedTLS library.

But why do we want to implement Kerberos authentication in the first place? Well first of all, the Kerberos protocol is quantum computer proof. That means that we can use this mechanism in the (future) presence of quantum computers. Since TLS is one of the most widely used security protocols on the present Internet having such mechanism would be a welcome addition. Secondly, Kerberos employs a centralized architecture as opposed to X.509 which is distributed. Adding TLS-KDH gives the user a choice which architecture (and implied pros and cons) to use. For a more extensive overview of advantages of TLS-KDH we refer to the project's homepage (

>> Read more about TLS-KDH mbed

Padding Machines for Tor — Protect metadata in the Tor onion routing network

Tor is the worlds largest anonymity network with about eight million daily users around the world who use Tor to browse the web anonymously, access onion services, and circumvent censorship. The project Padding Machines for Tor will design and implement padding machines---as part of a new framework in Tor for generating fake padding traffic---to defend against website fingerprinting attacks. A website fingerprinting attack is a type of traffic analysis attack where an attacker attempts to determine websites visited by a target Tor user by analysing encrypted traffic. The results of the project will be both open source and open access, with the goal of contributing to effective and efficient defenses deployed by default in Tor against website fingerprinting attacks.

>> Read more about Padding Machines for Tor

Build Transparency (Trustix) — Towards a decentralized supply chain for software

When we install a program, we usually trust downloaded software binaries. But how do we know that we aren't installing something malicious? Typically, we have confidence in those binaries because we get them from a trusted provider. But if the provider itself is compromised, the binaries can be anything. This makes individual providers a single point of failure in a software supply chain. Trustix is a tool that compares build outputs across a group of providers - it decentralized trust. Multiple providers independently build the software, each in their own isolated environment, and then can vouch for the content of binaries that are the outcome of reproducible builds - while non-reproducible builds can be automatically detected. This is the first step towards an entirely decentralized software supply chain that can securely distribute software without any central corruptible entity.

>> Read more about Build Transparency (Trustix)

ULX4M — A modular open hardware FPGA platform

Embedded systems are everywhere, including in trusted environments. But what is really inside them? ULX3M is a modular version of the popular open hardware project ULX3S. ULX3M delivers a versatile programmable (FPGA) modular mainboard that can be used a wide choice of peripherals. The main board is "vendor neutral" and can be used with different FPGA vendors daughter boards. As the community continues to grow, lots of FPGA modules are written, and one goal of our boards would be that we can easily switch and check other vendor chips, and work more on vendor neutral code where possible. The project also improves SERDES availability. Some cheaper FPGA chips do not have lots of SERDES lines and when someone makes a board it needs to choose what peripheral will be using those SERDES lines. A daughter board that can be rotated in any position will allow more flexible usage. In that way, cheaper FPGA could be used to write all the code. With an open source design, users are not dependent on anyone to make boards and can run independent production.

>> Read more about ULX4M

Universal DID Resolver and Registrar — Tooling for decentralized identifiers

The Universal DID Resolver and Registrar are open-source software components that implement Decentralized Identifiers (DIDs). DIDs lie at the heart of an emerging technical and social paradigm known as "self-sovereign identity" (SSI), which allows individuals, organizations, and things to create and manage their digital identities without dependence on any central authority or intermediary. This technology is highly aligned with Next Generation Internet values such as human-centricity, openness, trust, and reliability. DIDs as a building block for protocols are of similar importance to Internet infrastructure as other identifiers such as domain names or e-mail addresses. The Universal DID Resolver and Registrar are aligned with corresponding W3C community group specification efforts. Development and maintainance of the code takes place in close collaboration with relevant community and industry stakeholders such as the Decentralized Identity Foundation, uPort, Jolocom, Sovrin, Civic, Veres One, Blockstack, ERC725 Alliance, etc.

>> Read more about Universal DID Resolver and Registrar

ValOS Cryptographic Content Security project — Cryptographic Content Security for ValOS

ValOS (Valaa Open System) is a project pushing programming to become a civic skill. It’s a decentralized software development architecture that empowers beginners with little training or prior experience to create practical web applications. ValOS applications and data are created, stored and distributed as event streams. ValOS Gateway is a JavaScript library that acts like a browser: it connects to event streams, reduces them into applications and provides means to induce new events. ValOS Cryptographic Content Security project focuses on enhancing the infrastructure level security of ValOS through event log hash chaining, end-to-end encryption and other features.

>> Read more about ValOS Cryptographic Content Security project

Noise Explorer-VerifPal — Automated proofs and code generation for secure protocols

Noise Explorer is an online engine for reasoning about Noise Protocol Framework (revision 34) Handshake Patterns. Noise Explorer allows you to design Noise Handshake Patterns, and immediately obtain validity checks that verify if your design conforms to the specification. For visually oriented people, it provides a convenient visualisation in your browser. Noise Explorer can also generate Formal Verification Models and Software Implementations. This allows to instantly generate full symbolic models in the applied pi calculus for any Noise Handshake Pattern that you enter. Using ProVerif, these models can be analyzed against passive and active attackers with malicious principals. The model's top-level process and sophisticated queries are specifically generated to be relevant to your Noise Handshake Pattern, including tests for strong vs. weak forward secrecy and resistance to key compromise impersonation Noise Explorer also automatically generates a secure implementation of your chosen Noise Handshake Pattern design, written in Go. In addition the users can explore a Compendium of Formal Verification Results. Since formal verification for complex Noise Handshake Patterns can take time and require fast CPU hardware, Noise Explorer comes with a compendium detailing the full results of all Noise Handshake Patterns described in the original specification. These results are presented with a security model that is even more comprehensive than the original specification, since it includes the participation of a malicious principal.

>> Read more about Noise Explorer-VerifPal

Verifpal — Prove soundness of verification in Verifpal

Verifpal is new software for verifying the security of cryptographic protocols. Building upon contemporary research in symbolic formal verification, Verifpal’s main aim is to appeal more to real-world practitioners, students and engineers without sacrificing comprehensive formal verification features.

In order to achieve this, Verifpal introduces a new, intuitive language for modeling protocols that is much easier to write and understand than the languages employed by existing tools. At the same time, Verifpal is able to model protocols under an active attacker with unbounded sessions and fresh values, and supports queries for advanced security properties such as forward secrecy or key compromise impersonation.

Verifpal has already been used to verify security properties for Signal, Scuttlebutt, TLS 1.3, Telegram and other protocols. It is a community-focused project, and available under a GPLv3 license.

>> Read more about Verifpal

VFRAME: Visual Defense Tools — Use computer-vision to shield privacy in video

Visible data shares many of the same risks as wireless data yet visual privacy is often overlooked in the field of information security studies as separate and less relevant. As computer vision becomes increasingly adept at understanding the visual domain, differences between existing protocols for processing wireless data and emerging protocols for processing visible data (computer vision) become less apparent. Ultimately, images and video are wireless data too, and they are exposed to an increasing number of attacks on visual information privacy with less technologies for protection. Visual Defense Tools will explore and prototype computer vision methods for visual privacy through visual obfuscation and minimization techniques, mostly related to biometrics. The goal will be to build a conceptual road map and functional open-source prototypes to stimulate future development of more accessible visual privacy technologies.

>> Read more about VFRAME: Visual Defense Tools

video box — Affordable open hardware video-to-network

The goal of the FOSDEM video box project is to develop a cheap, compact, open hardware & free software video-to-network solution. Initial motivation came from scratching our own itch: replacing 60 bulky, costly, not entirely free boxes currently used at the conference. Several other conferences have already used the current setup successfully. We expect this number to grow in the future. The solution being free software and open hardware should make it flexible to adapt to different environments, like education. Being cheap and compact encourages experimental use in areas difficult to foresee. On the hardware side, we use the open hardware Olimex Lime2 board (EU built!) as a base. We plan an open hardware hdmi input daughterboard, iterating on a simplified prototype that helped us verify feasibility. On the software side, the core Allwinner A20 chip has attracted a lot of free and open source development already. That enables us to focus our efforts on optimising video encoding on this platform from a hdmi signal to a compact network stream.

>> Read more about video box

Video chat privacy — Add privacy features to video chats

Making video calls can be very invasive to privacy: the camera does not only capture the face and posture of the person talking, but will in fact capture the entire environment in glorious high definition - from the books in your bookshelf to family members or laundry rack behind you. This information is of no interest to the other end, but with a camera you have little choice: once you slide open the camera cover, it takes everything within the field of view and broadcasts it to the other side. This project aims to use advanced AI technology to edit the video feed in real-time, and apply various privacy enhancements such as removal of backgrounds.

>> Read more about Video chat privacy

Free Software Vulnerability Database — A resource to aggregate software updates

"Using Components with Known Vulnerabilities" is one of the OWASP Top 10 Most Critical Web Application Security Risks. Identifying such vulnerable components is currently hindered by data structure and tools that are (1) designed primarily for commercial/proprietary software components and (2) too dependent on the National Vulnerability Database (from US Dept. of Commerce). With the explosion of Free and Open Source Software (FOSS) usage over the last decade we need a new approach in order to efficiently identify security vulnerabilities in FOSS components that are the basis of every modern software system and applications. And that approach should be based on open data and FOSS tools.

The goal of this project is create new FOSS tools to aggregate software component vulnerability data from multiple sources, organize that data with a new standard package identifier (Package URL or PURL) and automate the search for FOSS component security vulnerabilities. The expected benefits are to contribute to the improved security of software applications with open tools and data available freely to everyone and to lessen the dependence on a single foreign governmental data source or a few foreign commercial data providers.

>> Read more about Free Software Vulnerability Database

Waasabi Framework — P2P Live Streaming for events

Waasabi is a highly customizable platform for self-hosted video streaming (live broadcast) events. It is provided as a flexible open source web framework that anyone can host and integrate directly into their existing website. By focusing on quick setup, ease of use and customizability Waasabi aims to lower the barrier of entry for hosting custom live streaming events on one's own website, side-stepping the cost, compromises and limitations stemming from using various "batteries-included" offerings, but also removing the hassle of having to build everything from scratch. Active research into the creation of a peer-to-peer streaming backend seeks to advance the project's long-term goal of promoting the adoption of owned experiences through the use of decentralized technology. By further cutting down on dependencies, cost and infrastructure complexity this effort aims to enable broadcasts to scale as the audience size grows, which in turn will support Waasabi's continued adoption.

>> Read more about Waasabi Framework

Web Shell — Desktop and security environment for web apps

The WebShell project aims to define and implement a new secure dataflow and the accompanying APIs for allowing users to use their files in Web apps without authorizing the apps to access the user's file storage. At its core, WebShell consists of a container single-page application which can open remote components (primarily apps and file-system adapters) in sandboxed iframes and communicate with them through HTML5 message channels using the defined APIs. WebShell provides for file operations and the required UI (file menus, toolbars, dialogs) to support the familiar file operations (new, open, save, etc.) while apps merely implement serialization and deserialization of an individual file's content, after the user's explicit request. The project will build a fully-featured WebShell Desktop container, as well as a minimal WebShell container for testing and easy deployment of single apps. In addition, we will integrate a starter set of editor apps for common file types and a starter set of file system adapters, concentrating primarily on self-hosting and non-commercial web storage solutions like and Solid storage.

>> Read more about Web Shell

WireGuard — Scale up WireGuard

WireGuard is a next generation VPN protocol that uses state of the art cryptography. This project aims to deliver various tasks: put WireGuard into the OpenBSD kernel and userspace tooling (tcpdump, ifconfig, wg, etc), rewrite Android client UI in Kotlin and make use of Kotlin coroutines, make the Android code into a library consumable by third-party apps, support more complex DNS and networking management in Windows client, improve performance and stability of cross-platform userspace implementation library, integrate more closely with various Linux netdev semantics and backport to Linux 5.4 and 4.19.

>> Read more about WireGuard

Wireguard Windows client — Native Wireguard protocol client for Windows

WireGuard is a next generation VPN protocol that uses state of the art cryptography. WireGuard allows to safely tunnel traffic across the internet. WireGuard presents a new abuse-resistant and high-performance alternative based on modern cryptography, with a focus on implementation and usability simplicity. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. While still under heavy development, it is regarded by many as the most secure, easiest to use, and simplest VPN solution in the industry. Initially released for the Linux kernel, it is now cross-platform and the open source technology is ready for wide deployment. Unfortunately, WireGuard support on the widely used Microsoft Windows operating system is still immature and experimental. This makes the technology unavailable to many desktop and notebook users. This project will deliver the first stable Windows version.

>> Read more about Wireguard Windows client

Wireguard Rust Implementation — Implementation of WireGuard in a type safe language

WireGuard is an emerging open VPN protocol, WireGuard stands out from similar solutions, notably OpenVPN and IPSec, by being significantly simpler and hence easier to analyze and implement. WireGuard is currently available on Linux, Windows, MacOS,iOS, Android and BSD variants. WireGuard-rs will be an implementation of WireGuard in the Rust systems programming language. The WireGuard projects desire for a Rust userspace implementation, stems from the improved speed, memory consumption and safety guarantees offered by the Rust language, all of which are essential to the nature of the WireGuard project: a high performance, high security VPN. This implementation will be targeting userspace for Linux, Windows, MacOS and BSD variants.

>> Read more about Wireguard Rust Implementation

Wishbone Streaming — Add Streaming capabilities to Wishbone

On System-on-Chips (SoC) the commercial grade bus infrastructure is covered by patents and at best available "royalty-free" (but with no ability to change). A serious alternative with significant adoption is the Wishbone SoC Bus, which is an Open Standard but does not yet have a "streaming" capability. That capability is needed for high-throughput data paths and interfaces. This project will provide an enhancement to the current Wishbone SoC Bus specification, provide Reference Implementations and Bus Function Models (BFM) to easily allows unit tests for all Wishbone BFM users. For demonstration purposes the project will implement an example peripheral to prove the overall concept.

>> Read more about Wishbone Streaming

ZSipOs — Open hardware for telephony encryption

ZSIPOs is a fully open source based encryption solution for internet telephony. It takes the shape of a little dedicated gadget you connect with a desktop phone. At its core the device does not have a normal chip capable of running regular software (including malware) but a so called FPGA (Field Programmable Gate Array). This means the device cannot be remotely updated (secure by design): the functionality is locked down into the chip, and the system is technically incapable of executing anything else. This means no risk of remote takeover by an attacker like with a normal computer or mobile phone connected to a network like the internet. The whole system is open hardware, and the full design is available for introspection. Normal users and security specialists get transparent access to the whole system and can easily check, what functionality is realized by the FPGA. This means anyone can verify the absence of both backdoors and bugs. ZSIPOs is designed to be fully compatible with the standard internet telephony system (SIP) which is the one used with traditional telephony numbers. The handling is done in principal by a regular internet phone (Dial, Confirm once – done). The cryptographic system is based on the standard RFC 6189 - ZRTP (with “Z” like Phil Zimmermann, the father of PGP), meaning it can also be used when using internet telephony on a laptop or mobile phone - of course without the additional guarantee of hardware isolation. There is no need to trust in an external service provider to establish the absolute privacy of speech communication. The exchange and verification of a secure key between the parties ensures end-to-end encryption, meaning that no third party can listen into the call. To that extent the device has a display to exchange security codes. The same approach can also also used for secure VPN Bridgeheads, secure storage devices and secure IoT applications and platforms. The ZSipOS approach is an appropriate answer on today security risks: it is completely decentralized, and has no dependency on central instances. It has a fully transparent design from encryption hardware to software. And it is easy to use with hundreds of millions of existing phones.

>> Read more about ZSipOs

ARPA2 resource ACL and HTTP SASL modules for NGINX — Extend consistent access control to NGINX webserver

In most of our daily interactions with a remote server we depend on the application running on the server to properly authenticate the user within the browser session, and to manage who can do what. However, if we want to enforce stronger guarantees with regards to restricted resources and tasks, our options are much more limited. This project from the ARPA2 community wants to move the state of the art in access control forward by combining the extensible SASL standard with a well-defined generic ACL mechanism that also allows for pseudonimity. The project will produce a self-contained library and two modules for a popular web server (NGINX) that use the new library. With the NGINX HTTP SASL module a user-agent can authenticate to the web server using any SASL mechanism the server supports. With the NGINX ARPA2 ACL module the web server can determine whether an authenticated user has authorization for the request that he/she sent. I.e. a user makes the request: "DELETE /messages/10" and the server can then decide based on the authenticated user, the action and resource whether this is allowed or not.

>> Read more about ARPA2 resource ACL and HTTP SASL modules for NGINX

betrusted — A protected hardware device for your private matters.

Betrusted aims to be a secure communications device that is suitable for everyday use by non-technical users of diverse backgrounds. We believe users shouldn’t have to be experts in supply chain or cryptography to gain access to our ultimate goal: privacy and security one can count on. Today’s “private key only” secure enclave chips are vulnerable to I/O manipulation. This means there is no essential correlation between what a user is told, and what is actually going on. Betrusted will build a full technology stack, including silicon, device, OS, and UX that is open for inspection and verification. Betrusted is a simple, secure, and strong device that aims to advance Internet freedom.

>> Read more about betrusted

Bitmask — User-friendly and secure VPN configuration

Bitmask is a Desktop and Android client designed to achieve a zero-configuration end-user experience for setting up a VPN that connects to a given set of providers - those that follow the LEAP platform specification. To do so, clients rely on providers exposing configuration files on well-known urls, according to their particular setup regarding the available VPN gateways and transports. This project aims at adding low-end routers a new extra platform that users can choose when installing BitmaskVPN. Running VPN software in a commonly available router, with hardware-based user interfaces, will greatly extend the target audience for Bitmask. To achieve this goal, a porting of the BitmaskVPN client will be done in nim, a statically typed language that generates small native and dependency-free executables, allowing the setup of the VPN with the switch of a hardware button. Finally, the resulting port will be packaged for OpenWRT, and build scripts will be made available for providers to offer to their users a ready-to-use flashing image for a selection of routers.

>> Read more about Bitmask

Katzenpost — Observation resistant secure messaging layer

Secure messaging is among the most fundamental privacy challenges of today. While there are meanwhile several widely used offerings that can encrypt instant messages you send to others, there are very few reliable options that are able to keep others from finding out who you were communicating with - and when. The most popular end-to-end messaging application do not adequately protect the identities of who-is-talking-to-who from the infrastructure operators. Katzenpost aims to offer a traffic analysis resistant messaging layer that allows all the participants in the network to have significantly more privacy than other mechanisms. It offers a decentralized mixnet architecture that works similarly to onion routing, where message routing information is encrypted, and differs in that each message is a fixed size, has random forwarding delays, and is accompanied by cover traffic messages to frustrate passive traffic analysis. The project aims to be a building block for other to build applications on, lowering the threshold for existing applications to benefit from increased privacy and confidentiality.

>> Read more about Katzenpost

DNSSEC Key Signing Suite — A best practise for DNSSEC Key Signing

DNSSEC provides trust in the DNS by guaranteeing the authenticity and integrity of DNS responses. As DNS is of fundamental importance to most Internet communication, this is a vital function that needs safeguarding. Beyond providing trust in the DNS, DNSSEC is a key enabler for other technologies that improve the security, privacy and trust of Internet users. In the DNSSEC Key Signing Suite project we build a set of tools, scripts and guidelines (a playbook) to facilitate simple key signing with a standardised ceremony that has automated checks and audits where possible. The impact of this will be twofold. First, it leads to reliable, predictable and verifiable key ceremonies, which improves the trust in DNSSEC. Second, it will significantly ease the burden of operation, bringing the use of a validated and trustworthy signing procedure within reach for many more DNSSEC operators than today (e.g. smaller or less profitable top-level domain operators).

>> Read more about DNSSEC Key Signing Suite

libspng — A fast and safe implementation of Portable Network Graphics

libspng is a platform-independent C library for handling IETF's Portable Network Graphics (PNG) images. The goal of this project is to provide a robust and fast library with an easy to use API. It is designed to be a modern alternative to the reference implementation, written from scratch using secure coding standards. It comes with an extensive test suite and is fuzz tested, it is also fastest decoder overall. The NGI Zero grant will be used to develop complete PNG write support, architecture-specific performance optimizations, including improvements to testing, decoding and documentation.

>> Read more about libspng

mobile-nixos — NixOS for mobile phones and tablets

The mobile-nixos project seeks to provide a coherent tool to produce configured boot images of NixOS GNU/Linux on existing mobile devices (cellphones, tablets). The goal is to provide a completely integrated mobile operating system, allowing full use of the hardware's capabilities, while empowering the user to exercise their four software freedoms to use, study, share and improve the software.

>> Read more about mobile-nixos

node-Tor — Implementation of Tor protocols for inside webpages

Node-Tor is an open source project and the only existing implementation of the Tor protocol in Javascript. That gives it the unique property to not just run on a server or desktop, but also inside a regular webbrowser itself as a standalone secure webapp. It must not be misunderstood for just a re-implementation of Tor network nodes: the goal is much wider, because it allows any project related to privacy/security enhancement to implement the Tor protocol in their nodes and/or inside a web page. The browser client acts as a standalone node itself communicating via web interfaces such as Websockets with servers or through WebRTC with other browsers. The use of Javascript allows to reduce very significantly the code and libraries (prone to security breaches), simplifying the integration for developers (like removing the need to maintain installation packages since standard web interfaces can be used), simplifying the use for users. This offers a lot of potential for increasing security and privacy for everybody, since the technology can be accessed from any place and any device that has a browser or can run Javascript, including mobile devices.

>> Read more about node-Tor

offen — Ethical site analytics, controlled by the user

Transparently handling data in the open creates mutual trust: Offen is a web analytics software that gives users insights into the data they are generating by giving them access to the same suite of analytics tools site operators themselves are using. Usage metrics come with explanations about their meaning, relevance, usage and possible privacy implications, and also details which kind of data is not being collected. Offen treats both users and operators as parties of equal importance. Users can expect full transparency and are encouraged to make autonomous and informed decisions regarding the use of their data, and operators are being enabled to collect needed usage statistics while fully respecting their users' privacy and data. No user data is being collected until the user has explicitly opted-in. All data can be deleted either selectively or in its entirety by the users.

>> Read more about offen

pcb-rnd — Modular printed circuit board editor

Pcb-rnd is a modular printed circuit board editor that is designed with the UNIX mind set. It has a convenient GUI for editing the graphical data of the board but is also has a handy command line interface. Both the GUI and the CLI aspects are scriptable (in more than 10 scripting languages) and pcb-rnd can also process boards as a headless converter tool. It has support for various proprietary schematics/netlist and board formats which makes it also a good choice for converting free hardware designs coming in proprietary formats to free file formats. Among the upcoming challenges are a full rewrite of the Design Rule Checker, more file format support and making the menu system even more dynamic to match the modular nature of pcb-rnd better.

>> Read more about pcb-rnd

postmarketOS — An independent mobile operating system

postmarketOS is a mobile phone operating system for phones (and other mobile devices), based on Alpine Linux. Just like desktop Linux distributions, we have a package manager and a carefully crafted repository of trustworthy and privacy focused free software that will actually serve the users and not exploit them for their data. By sharing as much code as possible between various phone models, postmarketOS scales well and it becomes feasible to maintain devices even after OEMs have abandoned them.

>> Read more about postmarketOS

x86-64 VM Monitor for seL4 verified microkernel — Very restricted virtualized environment for higher security

The security of any software system depends on its underlying Operating System (OS). However, even OSes such as Qubes, which are "reasonably secure" depend on large trusted computing bases (e.g. hypervisors) with hundreds of thousands of lines of code. For example, the Qubes' Xen Security Advisory Tracker reports that 53/283 (18%) of Xen vulnerabilities over the last eight years affected Qubes. As a step towards facilitating the implementation of more secure, Qubes-like systems, we propose to retarget it to the seL4 microkernel. seL4 is an open-source, formally-verified microkernel that has matured and been maintained for over a decade. seL4's small size (10,000 Lines of Code) and formal verification make it an appealing Xen replacement for Qubes, however, its virtualization support is currently limited. As a first step to enabling Qubes on seL4 we will implement a hardened, open-source, x86 64-bit Virtual Machine Monitor (VMM) for the seL4 microkernel capable of hosting the core Qubes OS virtual machines.

>> Read more about x86-64 VM Monitor for seL4 verified microkernel

Vita — A high performance IPSEC implementation

When the IP protocol was designed, its original authors did not add adequate security features. In 1994 the first official RFC concerning an end-to-end encrypted variant of IP called IPSEC was published after a number of years of standardisation work in the IETF. Almost a quarter of a century later, there is still a very limited set of implementations of the protocol. IPSEC is perceived by many as hard to deploy, which creates a chicken and egg situation in driving adoption. Vita is a fresh new implementation of IPSEC based on Snabb Switch, a high performance open source packet networking toolkit. The goal of Vita is to make it very easy to use IPSec on commodity hardware, and to produce a fast and compliant clean room implementation. Vita previously received funding from the Internet Hardening Fund. This project will move the deployability of Vita forward, and among others will produce a number of drivers for interfacing with e.g. high speed interfaces such as the Linux kernel. It limited size and use of an existing packet networking toolkit means it can be easily audited.

>> Read more about Vita

Wireguard — Take modern network tunnels to the next level

WireGuard is a next generation VPN protocol that uses state of the art cryptography. One of the most exciting recent crypto-networking developments, WireGuard aims to drastically simplify secure tunneling. The current state of VPN protocols is not pretty, with popular options, such as IPsec and OpenVPN, being overwhelmingly complex, with large attack surfaces, using mostly cryptographic designs from the 90s. WireGuard presents a new abuse-resistant and high-performance alternative based on modern cryptography, with a focus on implementation and usability simplicity. It uses a 1-RTT handshake, based on NoiseIK, to provide perfect forward secrecy, identity hiding, and resistance to key-compromise impersonation attacks, among other important security properties, as well as high performance transport using ChaCha20Poly1305. A novel IP-binding cookie MAC mechanism is used to prevent against several forms of common denial-of-service attacks, both against the client and server, improving greatly on those of DTLS and IKEv2. Key distribution is handled out-of-band with extremely short Curve25519 points, which can be passed around in the likes of OpenSSH. Discarding the academic layering perfection of IPsec, WireGuard introduces the idea of a "cryptokey routing table", alongside an extremely simple and fully defined timer-state mechanism, to allow for easy and minimal configuration; WireGuard is actually securely deployable in practical settings. In order to rival the performance of IPsec, in addition to cross-platform implementations, WireGuard is implemented inside the Linux kernel, but unlike IPsec, it is implemented in less than 4,000 lines of code, making the implementation manageably auditable. These features converge to create an open source VPN utility that is exceedingly simple, yet thoroughly modern and secure.

>> Read more about Wireguard