🌍 Hemispheres Can’t Stop Us (S2025-E06)

Until process isolation is granted for every execution of zero-knowledge algorithms, privacy-preserving technology won’t protect us from mega-corporations spying on us.

💬 “Cryptpad is a core part of our infrastructure at Dyne.org, it serves well our community while also lowering our liabilities. ” — Denis Roio, founder of Dyne.org foundation Dyne.org was one of our earliest adopters. From the very beginning, CryptPad offered a secure, privacy-first alternative to real-time collaboration tools that just didn’t cut it. Their feedback also reminds us why we’re doing this: 🔐 To have a private-by-design tool 🌍 To give users strategic autonomy 🌱 To build around open-source and sustainability principles We’re proud to support communities like Dyne.org who are building a freer, more resilient digital future. And we’re grateful for the trust. Wanna make a difference in your org? Try CryptPad yourself: 👉 https://cryptpad.org/ #CryptPad #OpenSource #DigitalSovereignty #E2EE #PrivacyFirst #Community #Tech #EthicalSoftware

CryptPad: end-to-end encrypted collaboration suite

Tomb is a minimalistic command line tool based on Linux dm-crypt and LUKS, trusted by hackers since 2007.

C/C++ toolchains ready to use

How IT infrastructure shapes public life, and how alternatives like free software and open formats can offer healthier paths forward Data is everywhere. Europeans spend on average about 6 hours and 40 minutes online each day. Data capture is a silent process that occurs through our smartphones, public services, transportation

Symbients are transjective planetary computation interfaces of mutual becoming evolving from relational topologies of people, data, and otherness.

Reflections on recent conversations about digital identity, sovereignty, and the erosion of foundational principles Echoes from Geneva I wasn’t present at the Global Digital Collaboration conference (GDC25), but the observations shared by colleagues who attended have crystallized some issues I’ve been wrestling with for years. I should note there’s a selection bias here: I’m the author of the 10 principles of self-sovereign identity, so my community tends to have strong opinions about digital identity. Still, when multiple trusted voices independently report similar concerns, patterns emerge that are worth examining. And these weren’t casual observers sharing these concerns. They were seasoned practitioners who’ve spent decades building identity infrastructure. Their collective unease speaks to something deeper than technical disagreements. It’s hard to boil the problems at GDC25 down to a single issue, because they were so encompassing. For example, there was a pattern of scheduling issues that undercut the community co-organizing goal of the conference and seemed to particularly impact decentralized talks. One session ended up in a small, hot room on the top floor that was hard to find. (It was packed anyway!) Generally, the decentralized-centric talks were in bad locations, they were short, they had restricted topics, or they were shared with other panelists. I think that logistical shuffling of events may point out one of the biggest issues: decentralized systems weren’t given much respect. This may be true genreally. There may be lip service to decentralized systems, but not deeper commitments. Its value isn’t appreciated, so we’re losing its principles. Worse, I see the intent of decentralization being inverted: where our goal is to give individuals independence and power by reducing the control of centralized entities, we’re often doing the opposite — still in the name of the decentralization. The Echo Chamber Paradox The problems at GDC25 remind me of Rebooting the Web of Trust (RWOT) community discussions I’ve been following, which reiterate that this is a larger issue. We debate the finer points of zero-knowledge proofs and DID conformance while missing the forest for the trees. Case in point: the recent emergence of “did:genuineid” — a centralized identifier system that fundamentally contradicts the “D” in DID. Obviously, decentralization is a threat to those who currently hold power (whether they be governments, corporations, billionaires, or others who hold any sort of power), because it tries to remove their centralization (and therefore their power), to instead empower the individual. But if we can’t even maintain the semantic integrity of “decentralized” within our own technical community, devoted to the ideal, how can we fight for it in the larger world? The Corpocratic Complication GDC25 was held in Geneva, Switzerland. 30+ standards organizations convened to discuss the future of digital identity. Participants spanned the world from the United States to China. There was the oppotunity that GDC25 was going to be a truly international conference. Indeed, Swiss presenters were there, and they spoke of privacy, democratic involvement, and achieving public buy-in. It was exactly the themes that we as decentralized technologists wanted to hear. But from what I’ve heard, things quickly degraded from that ideal. Take the United States. The sole representative of the country as a whole attended via teleconference. (He was the only presenter who did so!) His talk was all about Real ID, framed as a response to 9/11 and rooted in the Patriot Act. It lay somewhere between security-theatre and identity-as-surveillance, and that’s definitely not what we wanted to hear. (The contrast between the US and Swiss presentations was apparently jarring.) And with that representative only attending remotely, the United State’s real representatives ended up being Google and Apple, each advancing their own corpocratic interests, not the interests of the people we try to empower with decentralized identities. This isn’t just an American problem. It’s a symptom of a deeper issue happening across our digital infrastructure. It’s likely the heart of the inversions of decentralized goals that we’re seeing — and likely why those logistical reshufflings occurred: to please the gold sponsors. In fact, the conference sponsors tell the story: Google, Visa, Mastercard, and Huawei were positioned as “leading organizations supporting the advancement of wallets, credentials and trusted infrastructure in a manner of global collaboration.” While Huawei’s presence demonstrates international diversity—a Swiss conference bringing together Europe and Asia—it also raised questions about whose vision of “trust” would ultimately prevail. When payment platforms and surveillance-capable tech giants frame the future of identity infrastructure, we shouldn’t be surprised when the architecture serves their interests first. This echoes my concerns from “Has SSI Become Morally Bankrupt?”. We’ve allowed the narrative of self-sovereignty to be co-opted by the very platforms it was meant to challenge. The technical standards exist, but they’re being implemented in ways that invert their original purpose. Even UNECE sessions acknowledged the risk of “diluting the autonomy and decentralization that SSI is meant to provide.” The Sovereignty Shell Game Google was partnered with German Sparkasse on ZKP technology and that revealed a specific example of this co-opting. Google’s open-sourcing of its Zero-Knowledge Proof libraries, announced July 3rd in partnership with Germany’s network of public savings banks, was positioned as supporting privacy in age verification. Yet as Carsten Stöcker pointed out, zero-knowledge doesn’t mean zero-tracking when the entire stack runs through platform intermediaries. Carsten noted that Google has “extensive tracking practices across mobile devices, web platforms and advertising infrastructure.” Meanwhile, the Google Play API makes no promises that the operations are protected from the rest of the OS. The Google ZKP libraries (“longfellow-sk”) could be a great building block for truly user-centric systems, as they link Zero-Knowledge Proofs to legacy cryptographic signature systems that are still mandatory for some hardware. But they’d have to be detached from the rest of Google’s technology stack. Without that, there are too many questions. Could Google access some of the knowledge supposedly protected by ZKPs? Could they link it to other data? We have no idea. The European Union’s eIDAS Regulation, set to take effect in 2026, encourages Member States to integrate privacy-enhancing technologies like ZKP into the European Digital Identity Wallet, but integration at the platform level offers similar dangers and could again invert the very privacy guarantees ZKP promises. Historical Echoes, Modern Inversions Identity technology’s goals being inverted, so that identity becomes a threat rather than a boon, isn’t a new problem. In “Echoes of History”, I examined how the contrasting approaches of Lentz and Carmille during WWII demonstrate the life-or-death importance of data minimization. Lentz’s comprehensive Dutch identity system enabled the Holocaust’s efficiency; Carmille’s deliberate exclusion of religious data from French records saved lives. Even when they’re decentralized, today’s digital identity systems face the same fundamental questions: what data should we collect, what should we reveal, and what should we refuse to record entirely? But we’re adding a new layer of complexity. Not only must we consider what data to collect, but who controls the infrastructure that processes it. When Google partners with Sparkasse on “privacy-preserving” age verification, when eIDAS mandates integration at the operating system level, we’re not just risking data collection: we’re embedding it within platforms whose business models depend on surveillance. Even if the data is theoretically self-sovereign, the threat of data collected is still data revealed — just as happened with Lentz’s records. The European eIDAS framework, which I analyzed in a follow-up piece to “Echoes from History”, shows how even well-intentioned regulatory efforts can accelerate platform capture when they mandate integration at the operating system level. As I wrote at the time, a history of problematic EU legislation that had the best of intentions but resulted in unintended consequences has laid the groundwork, and now identity is straight in that crosshairs. One of the first, and most obvious problems with eIDAS is the mandate “that web browers accept security certificates from individual member states and the EU can refuse to revoke them even if they’re dangerous.” There are many more — and I’m not the only voice on eIDAS and EUDI issues. Supposedly self-sovereign certificates phoning home whenever they’re accessed is another recent threat that demonstrates best intentions gone awry. This not only violates privacy, but it undercuts some of our best arguments for self-soveereign control of credentials by returning liability for data leaks to the issuer. The No Phone Home initiative that Blockchain Commons joined last month represents one attempt to push back on that, but it feels like plugging holes in a dam that’s already cracking. It all does. The Builder’s Dilemma What troubles me most is the split I see in our community. On one side, technology purists build increasingly sophisticated protocols in isolation from policy reality. On the other, pragmatists make compromise after compromise until nothing remains of the original vision. The recent debates about did:web conformance illustrate this perfectly. Joe Andrieu correctly notes that did:web can’t distinguish between deactivation and non-existence — a fundamental security boundary. Yet did:web remains essential to many implementation strategies because it bridges the gap between ideals and adoption. It provides developers and users with experience with DIDs, but in doing so undercut decentralized ideals for those users. We’re caught between philosophical purity and practical irrelevance. In my recent writings on Values in Design and the Right to Transact, I’ve tried to articulate what we’re fighting for. But values without implementation are just philosophy, and implementation without values is just surrender. The Global Digital Collaboration highlighted this tension perfectly. International progress on digital identity proceeds apace: Europe, Singapore, and China all advance their frameworks, but there are still essential issues that invert our fundamental goals in designing self-sovereign systems. Meanwhile, the U.S. remains even more stalled, its position represented only by the platforms that benefit from the status quo. Alongside this, technical standards discussions proceed in isolation from the policy, regulatory, and social frameworks that will determine their real-world impact. Where Do We Go From Here? I find myself returning to first principles. When we designed TLS 1.0, we understood that technical protocols encode power relationships. When we established the principles of self-sovereign identity, we knew that architecture was politics. Ongoing battles, such as those between Verifiable Credentials and ISO mDLs, between DIDComm and OpenID4VC, demonstrate disagreements over these power relationships made visible in technological discussions. The question now is whether we can reclaim our ideals before they’re completely inverted by the side of centralized power and controlled architecture. The path forward requires bridging the gaps Geneva revealed: Between corporate platform dominance and global digital sovereignty Between the promise of decentralization and the reality of recentralization Between technical standards and policy reality Between privacy absolutism and implementation pragmatism A Personal Note After three decades of building internet infrastructure, I’ve learned that the most dangerous moment isn’t when systems fail, it’s when they succeed in ways that invert their purpose. We built protocols for human autonomy and watched them become instruments of platform control. We created standards for decentralization and see them twisted into new forms of centralization. This conversation continues in private Signal groups, in conference hallways, in the space between what we built and what we’ve become. The Atlantic Council warns of power centralizing “in ways that threaten the open and bottom-up governance traditions of the internet.” When critics from across the geopolitical spectrum — from sovereignty advocates to digital rights groups — all sense something amiss, it suggests a fundamental architectural problem that transcends ideology. Perhaps it’s time for a new architecture: one that acknowledges these inversions and builds resistance into its very foundations. But that’s a longer conversation for another day. Christopher Allen has been architecting trust systems for over 30 years, from co-authoring TLS to establishing self-sovereign identity principles. He currently works on alternative approaches to digital identity through Blockchain Commons.

Cheang is concerned with the ways technology enables commodification and control, from communication to nourishment to sex.

12 track album

Welcome to Navidrome! Learn More Download Your Personal Streaming Service Navidrome allows you to enjoy your music collection from anywhere, by making it available through a modern Web UI and through a wide range of third-party compatible mobile apps, for both iOS and Android devices.

The fifth edition brings together hackers, builders, visionaries, and artists to imagine desired futures, probe regenerative forms of living, and playfully explore commons practices.