Events in room UD2.218A

For nearly a decade, Open Collective has served as the financial and legal infrastructure for over 3,000 open source projects, managing millions in funding. However, for much of that history, the platform itself was owned by Venture Capitalists a tension that sits at the heart of the FOSS funding conversation.

In this talk, we reveal how the platform’s largest users, specifically the Open Source Collective—orchestrated a coup to boot out the initial investors and restructure the entity into a 501(c)(6) membership non-profit - Open Finance Consortium (https://oficonsortium.org/). This is a case study in "Exit to Community" (E2C), demonstrating a radical alternative to the traditional startup exit that often threatens FOSS sustainability. https://blog.opencollective.com/the-open-collective-platform-is-moving-to-a-community-governed-non-profit/

We will move beyond the celebration of the acquisition to discuss the hard realities that followed. It is one thing to "free" a platform; it is another to sustain it. We will explore:

• The Negotiation: How a Fiscal Host leveraged its position to facilitate a transition from private equity to community ownership.

• Governance vs. Reality: The evolution of our shared governance model and the difficulty of putting democratic ideals into practice while running a complex tech stack.

• The Financials: The transparent challenges of achieving financial sustainability without the cushion of VC cash flow, and what was sacrificed in the process.

This session is for maintainers, funders, and policymakers interested in the structural future of FOSS infrastructure. We offer not just a success story, but a candid look at the friction involved in building a technology platform that is truly owned by the ecosystem it serves.

Free software has no shortage of talent, ideas, or users, but it does have a funding problem. The largest potential funding source already exists: public procurement. Governments spend billions each year on software and digital services, but most of that money flows into proprietary silos that limit transparency, reuse, and sovereignty.

If we take “Public Money, Public Code” - https://publiccode.eu - seriously, we must recognize that procurement (not donations or sponsorships) is the most powerful lever to sustain open source. Every government contract is a potential long-term investment in the commons.

This talk examines how procurement practices can become the backbone of sustainable free software ecosystems: • Why procurement reform is essential to digital sovereignty. • How existing frameworks (e.g., the EU Open Source Strategy - https://commission.europa.eu/about/departments-and-executive-agencies/digital-services/open-source-software-strategy_en ) still fall short. • How to structure tenders, contracts, and governance to ensure open deliverables. • Why governments should stop “buying software” and start funding maintenance and collaboration. • The opportunity for community organizations and small firms to compete fairly.

Procurement is where ideals meet infrastructure. By redirecting even a small fraction of public IT budgets toward open, reusable solutions, we can achieve what years of advocacy and fundraising have not: a self-sustaining free software ecosystem that serves everyone.

This talk is a call-to-action to join our campaign to convince the European Union that, in order to secure its digital future, it should invest in open source maintenance via an EU Sovereign Tech Fund (EU-STF).

Right now, the EU is negotiating its multi-year budget for the period of 2028-2034. Traditionally, the EU budget has been focused on regional development and agriculture, but more and more policymakers are realizing that investment in our digital infrastructure is just as important as maintaining physical roads and bridges. Last year at FOSDEM, we discussed with you what an EU fund for open source maintenance should look like. A lot has happened since then: We have conducted an in-depth study into the political, legal and economic feasibility of an EU-STF, building on the successful example of the German Sovereign Tech Agency. We assembled a coalition of supporters from industry and civil society, and we have presented our proposal to the European Parliament and Member States.

Now it’s time to take the campaign to the next level and we need your support to make it happen. The goal of this session is to present the findings of the feasibility study for the EU-STF and demonstrate why mission-driven investment, coordinated by the public sector, is important for the diversification of Europe’s funding landscape. It will demonstrate concretely how such a proposal can directly improve the sustainability and health of the open source community globally, and why this is so important for Europe in achieving its digital future.

This is a session combining the experience of several FOSS projects in their funding journey. Each will have 10 minutes to present, after which a Q&A session will happen.

The presenting FOSS projects will be:

• Mockoon is a popular open-source API tool, built and maintained from Luxembourg. In this talk, its creator shares the journey of growing a developer tool used by thousands, without external funding. Learn what worked (and didn't) in the pursuit of sustainability through sponsorships, community, and a cloud SaaS offering.

• DuckDB is the fastest growing data management tool to date. Meanwhile, DuckDB is Free and Open Source Software under the permissive MIT license. DuckDB's development began inside an academic instituted funded by grants. We then moved to a bootstrapped spin-off and have been running ever since. In my short talk, I will describe the meandering route and mental processes that lead us to choose this funding model, the things we do and why we do them, the things to avoid and why to avoid them.

• WeasyPrint is an open source Python library which transforms HTML/CSS into PDF, with the first commit dating back to April 2011. However we’ve only been making a living from it since 2020. We’ll present the evolution of our free software, how we transitioned from a project developed and used within a company to a product with paying clients, and discuss the different solutions we choose to earn money with free software.

• GNOME, founded in 1997, is one of the two leading desktop projects on the Linux platform. In this talk, we will talk about the outcome of our community based fundraising, the outcomes we wanted to achieve and results of the fundraising campaign. The talk will conclude with our next steps with feedback from the audience.

The Domain Name System (DNS) is one of the core pillars of the internet, enabling users to navigate the web reliably and securely. However, underfunded open source DNS projects create systemic risks, exposing millions of users to vulnerabilities and threatening the stability and security of the entire internet. 

The Nominet DNS Fund aims to tackle these critical gaps by investing in the security, resilience, and long-term viability of these essential open source components, recognising that a robust and secure DNS is fundamental to the internet’s continued operation and the public benefit it provides. Having completed our first round of funding in 2025 and with a view to extending in 2026, this session will share highlights including:

RESEARCH Reflections on revisiting research conducted by Demos that led us to create the fund

PILOT AND LEARN Analyse some key learning about implementing the fund, including surprises and challenges we face moving forward

ITERATE Seek feedback from the devroom in an interactive session to reflect on the fund and shape its future direction.

We aim to share learning and future direction in open dialogue with the devroom and have ideas about what devroom participants will get out of the session:

Practical Knowledge: Participants will come away with insight from a real case study of funding OS and delve into some of the learning and challenges

Conversation points: asking questions such as: How do we better align what's being funded with what's needed? What are the opportunities for better dialogue, feedback and listening? How can applications for funding be more inclusive and accessible?

This talk, based on a paper in Open Research Europe, will discuss the current state of research software funding, propose a way of thinking about the different models that are currently used, and suggest new models to better support the global research software community.

Today, research software funding operates across a disconnected landscape of public and private grant-making organizations, leading to inefficiencies for software projects and the broader research community. The lack of coordination forces projects to pursue multiple, often overlapping opportunities, and forces funders to independently evaluate projects and proposals, resulting in duplicated effort and suboptimal resource distribution.

By examining existing collaboration models, including centralized and distributed approaches, we highlight how joint decision-making mechanisms could improve sustainability for reusable software resources. An international set of examples illustrates how cross-organization cooperation for research software funding can be structured. Such collaborations can optimize grant disbursement and align priorities. Increased collaboration could allow funders to better address the ongoing maintenance and evolution of research software, lowering barriers that hamper discovery across multiple research domains. Encouraging both bottom-up user-driven and top-down coordination mechanisms ultimately supports more robust, widely accessible research software, improving global research outcomes.

The open source funding landscape is changing. Funders struggle to effectively measure and communicate the impact of their programs beyond case-by-case stories. This disconnect threatens the long-term sustainability of funding and thus the sustainability of FOSS. We spent the last year talking with FOSS funding organizations and grant recipients to understand their approach to grant funding, impact reporting, and FOSS sustainability. We also sought to understand the disconnect between the needs of FOSS projects and what funders can provide.

In this talk, we share early insights from our interviews. We will share current funder challenges, like differentiating between reactive vs. proactive impact reporting and translating technical outcomes into policy-maker language. Interestingly, we’re are hosting a workshop here at FOSDEM with FOSS funders to co-design on a shared Funding Impact Taxonomy and Measurement Guidelines co-designed. We will share with the audience the the latest learnings and offer a space for further discussion. We may not bring any solutions but we will advance the dialog, so that funders and FOSS projects can better understand each other.

As an OSS developer, finding funding is probably the least inspiring high-priority activity on your list of things to do. This session will present concrete steps for the funding task you already have. These will become the tools to find the funding you need. As the Director of Operations at the Erlang Ecosystem Foundation and Chair of the Sponsorship Working Group, I'm both a seeker of funding and a reviewer of funding requests. There are no secret handshakes or tricks here, just connecting dots to create a purpose and roadmap that will help. I will cover content you can create to help inform potential sponsors, how to approach them, and the fiscal efficiency of funding methods. The information is based on my own experience working with sponsors and projects, so it is not theoretical but also far from universal or complete.

Funding remains one of the biggest challenges in sustaining free and open source software. In this interactive workshop, we will use the results of a global survey and interview series start a conversation around how developers, users and maintainers think about money in FOSS and what it means for the future of our ecosystem. During the session we will explore donation campaign best practices from FOSS projects, discuss the role transparency and clear policies play in how funds are handled, and give participants an opportunity to learn, contribute, connect and explore how we can help make FOSS more sustainable.

Open source foundations face growing demands, more projects, more users, more scrutiny, while still relying on fragile funding models built around grants, sponsorships, and donations. This talk argues that the problem is not funding open source projects, but funding them in isolation.

Drawing on experiences from the Apereo and the eBPF Foundations, this session explores a shift from project-centric funding to ecosystem-level investment. Using eBPF as a case study, it shows how funding efforts like security audits, upstream kernel work, directed development, face-to-face collaboration, and ecosystem marketing can strengthen many projects at once and deliver far greater impact per dollar.

The talk also introduces Apereo's self-sustainability model, in which foundations, even projects, support themselves through services rooted in community expertise, such as training, events, audits, and operational support, rather than perpetual fundraising. The goal is not to create more foundations, but ones more focused on ecosystems that are resilient by design, and able to support open source as shared infrastructure rather than a collection of individual projects.

This is a merged session combining the following two lightning talks and audience Q&A. 1. "Funding a FOSS Revolution in the Energy Sector" by Maximilian Perzen 2. "An Enterprise Perspective on Open Source Funding" by Tobias Gabriel and Fabian Palmer

"Funding a FOSS Revolution in the Energy Sector" by Maximilian Perzen

What happens when you try to build a fully open-source ecosystem inside one of the most closed, risk-averse industries on the planet? As a former core contributor to the PyPSA ecosystem and now co-founder & CEO of a three-year-old FOSS non-profit OET working on energy and grid planning, I’ve spent the last years hacking exactly that problem: pushing an industry dominated by billion-euro black-box tools toward a future built on shared code and community-driven infrastructure.

We began with a Prototype Fund experiment that didn’t survive on its own, but it gave us just enough credibility and momentum to grow. Three years later, our organisation has scaled to 50 people working across major open-source energy planning projects (though mostly around one tool: PyPSA), supporting public, private and philanthropic partners. The “open-source revolution” in grid planning isn’t complete, but we’ve hit enough walls, breakthroughs, and strange funding dynamics to share what’s actually happening behind the scenes.

This talk answers the questions we wish someone had answered when we started, including: - Where and how, inside a conservative industry, can open-source realistically get funded? - How do you identify which projects and maintainers are already carrying the ecosystem? - How to expand the ecosystem beyond a single institution and why this is important? - How do you convince institutions, philanthropic or private, to finance long-term maintainer time?

This is the inside story of trying to open-source an entire domain and what other hackers can borrow from that journey.

"An Enterprise Perspective on Open Source Funding" by Tobias Gabriel and Fabian Palmer

Have you wondered how open source funding works inside large companies? Whether you’re trying to start a program at your organization or understand it from a maintainer perspective?

In this talk, we’ll share how SAP, one of the world’s largest enterprise software companies, started a direct open source funding program in 2025. We’ll cover the questions we faced, the answers we found, and what we learned along the way: - How to select projects and maintainers to support? - What metrics and tools can support in finding suitable projects? - How to determine the right funding amount? - How to organize the process and budget internally? - How to scale it further in the future?

With this talk we would like to share our experience and insights and invite you to share your own experiences and ideas as well.

In a wide array of funding and investment directed at open source, enterprise and venture capital funding rarely gets an important slot in European discussions.

However, as shown in our recent "State of Commercial Open Source" research report of ~800 VC-backed commercial open source (COSS) companies, the virtuous cycle created by enterprise contributions and VC funding not only improves upstream open source projects across virtually every metric but drives thriving commercial ecosystems creating tangible economic and societal value.

The data is clear: while public funding (so far) often functions as early-stage seed capital or a safety net for critical projects, research shows enterprises contributing over $7.7B annually in funding and paid developer time to open source on a global basis. Furthermore there is a big promise in VC funding for open source, also in Europe, with the number and value of transactions rising in recent years, with $26.4B invested in 2024 and strong investment performance indicators.

As vertical sectors like finance, energy, telco, and agriculture increasingly embrace open source as a pillar of their digital transformation, it’s clear that commercial open source has become a superior venture model and a strategic opportunity for Europe, but one that requires engaging diverse stakeholders and mutual education on the opportunities at hand.

In this talk we will share Linux Foundation Europe’s experience of building (and balancing) some of the largest global open source ecosystems as well as Commit’s unique perspective as the first fund solely focused on commercial open source investments in Europe.

The Internet landscape is evermore on it’s steadfast course towards surveillance and centralization. Video content and streaming out of CDNs now account for half of all global traffic; splinternets are now a thing, from China to South Korea, from Russia to Iran; mandatory backdoors on communication platforms are just around the conner with EU’s Chat Control. In this scenario, where most Internet connected devices have become tools of imprisonment rather than liberation, reviving the old Internet ethos of peer-to-peer (P2P) and private communication is of uttermost importance.

This is the revival of the Decentralized Internet and Privacy Devroom at FOSDEM 2026.

The devroom and the program is coordinated by decentral.community and RIAT.

Can we make the web more decentralized and more private without asking users to switch browsers? For the past five years, the IPFS ecosystem has pioneered multiple approaches to this challenge. This talk shares hard-won lessons about what works—and what doesn't.

We'll cover three parallel strategies: (1) pushing for native protocol support in major browsers, (2) driving adoption of critical cryptographic building blocks (such as Ed25519 into WebCrypto API, a three-year standards journey led by Igalia that just succeeded in Chrome 137), and (3) using existing browser capabilities in novel ways.

The work emerged from IPFS's needs, but the benefits extend far beyond one protocol. Ed25519 in browsers now helps decentralized identity systems, local-first apps, and any protocol needing trustless verification — all without developers bundling their own cryptography libraries.

The talk will be practical and honest: What takes three years versus three months? How do you fund unglamorous infrastructure work? When should you work around browser limitations versus push for standards changes? Attendees will leave with actionable insights for pushing privacy and decentralization into mainstream web infrastructure, plus a preview of what's coming next.

Links: - ipfs.io - https://blogs.igalia.com/jfernandez/2025/08/25/ed25519-support-lands-in-chrome-what-it-means-for-developers-and-the-web/

The massive size of browser engines has concentrated power over the web platform into a few large corporations. Creating a new browser engine that is sufficiently featureful to be an alternative to the Big Three is practically impossible. But what if we could shrink the footprint of a browser's core? What if a browser was little more than a WebAssembly (Wasm) runtime and nearly everything else was an extension? By breaking up the monolith we would have a chance to re-decentralize control over the web. This talk will explore what a modular web platform might look like with Wasm at its core, with a focus on how Wasm GC enables the mission-critical feature of safely sharing resources amongst components.

In recent decades, the internet has increasingly become centralized, shifting from its hacker-driven origins into a cartel of advertising companies. It won't get better if we allow these same companies to drive the design of the web browsers and their protocols.

Within hacker communities, many solutions have been developed to mitigate centralization, but their adoption has been limited, often because they require specialized expertise to be operated safely.

In this talk I'll introduce you to a new open-source project that aims to provide an accessible alternative by building a web browser that is able to fetch web content using the BitTorrent protocol in tandem with the Tor network.

We will dive into the ethical, security, and privacy trade-offs at play when designing such an alternative web.

The IvI Project: https://ivi.eco

Historically, peer-to-peer communication has been at the heart of the internet since its early days, reaching its peak in the late 90s when the web truly became a platform for sharing knowledge and art. For a moment it felt like we could exchange freely with anyone else. Unfortunately, that did not last long: legal restrictions, centralization and the emergence of commercial streaming services did eventually reshape the internet.

But the peer-to-peer spirit did not die. Over times many tools have been developed to try to keep the web decentralized and open. They are all contributing to forge a vision in which the internet network must be owned and operated by its users.

The project "IvI" that I'm introducing to you tries to bring those pieces together in a way that makes it accessible to anyone: a web browser that streams web content using BitTorrent while guarding privacy using the Tor network. It allows people in different parts of the world to help each other access content freely, even when local internet providers or policies impose restrictions on torrenting.

Rebuilding the web using this model allow us to mitigate the risks of mass surveillance and censorship by design. Though seeding activity is public, the decentralized nature of the network makes it difficult to trace who is accessing what, or from where. It also builds solidarity into the web itself: users helping users across borders through open technology... but it does also raise complex ethical questions.

When users set up their "Akoopa" browser, they will have the choice to operate under a public or private (cloaked) profile.

By choosing a public profile, the node will communicate with the BitTorrent mainline DHT, it participates as an active node in traditional BitTorrent swarms. But here's the twist: a public node also exposes itself using an onion service which is only advertised to peers running the IvI stack. On the other hand, all the HTTP browsing traffic goes through Tor, effectively preventing websites (or their advertisers) from correlating the torrenting activity.

Alternatively, by choosing a private profile, all communications will go through Tor. This means that the node can not directly communicate with BitTorrent mainline DHT. Instead, it relies on the overlay network of public IvI nodes to proxy its requests. In such situation it can participate only passively with the traditional BitTorrent nodes, but it is actively supported by the other IvI nodes in the swarm.

With this design in mind, and a carefully hardened BitTorrent client implementation which is respectful of Tor bandwidth and exit policies, we should be able to work around the issues traditionally encountered when torrenting with Tor.

This initiative is not commercial, not governmental; it is just a community effort to reclaim the web’s original spirit. It’s a simple idea that poses this question: What if we delivered the web itself through torrents? The technology exists; now it’s about putting it together and doing so collectively to figure out how to make it work for everyone.

For over a decade, critiques of OpenPGP and GnuPG have resurfaced in cycles: too complex, too fragile, too old, unfriendly, too “cryptonerd.” Modern messaging apps, "forward-secrecy-by-default" protocols, and crypto tools are frequently presented as decisive reasons to abandon GPG altogether. Yet these arguments often rely on a deeper and more troubling assumption: that ordinary users cannot and should not be expected to understand or control their own cryptographic identity.

This talk challenges that premise.

GnuPG is not merely another encryption tool; it is one of the few remaining technologies that give individuals total sovereign control over their cryptographic keys and consequently, over their digital identity. In an era increasingly shaped by "digital feudalism", where platforms dictate the limits of user agency under the guise of convenience, GPG represents a radically different model: federation instead of walled gardens, user-owned keys instead of opaque key escrow, and a trust model that distributes power horizontally rather than concentrating it in corporate or governmental authorities.

This presentation revisits the popular criticisms such as complexity, usability, lack of forward secrecy, the Web of Trust, aging cryptographic primitives and examines which reflect genuine limitations and which reflect a shift in cultural expectations shaped by centralized, app-centric design. It also highlights the unique strengths of GPG: asymmetric communication without a central provider, universal applicability far beyond email, a single identity usable across code-signing, backup encryption, SSH, authentication, and fully offline communication.

Finally, it explores the broader political and social context: why long term key ownership matters, why revocability and inspectability are essential freedoms, and why privacy cannot be sustainably outsourced to corporations whose incentives are misaligned with user autonomy. While modern protocols like Signal and Matrix bring important innovations, none yet replace the core promise of OpenPGP that cryptographic self determination remains possible.

This talk argues that dismissing GPG as "too hard" risks conceding our digital agency to systems designed to keep users passive. In a world where ideas outlive the apps that package them, GPG’s foundational idea (users should own their keys) remains not only relevant, but indispensable.

Nym is the first decentralized noise-generating mixnet to provision real-world network anonymity to Internet users even against nation-state adversaries. The aim here is to supersede existing VPNs in order to fight increasingly more powerful authoritarianism and surveillance. Unlike traditional centralized VPNs that can be de-anonymized by a global passive adversary - like the NSA - based on their traffic patterns, Nym adds noise (“cover traffic”) to existing Internet communications. Similar to Tor, Nym routes each packet separately over a decentralized network of servers, but unlike Tor, mixes traffic and adds noise at each hop. It has both a “fast” and “anonymous” mode. The “fast” mode features speeds comparable to centralized VPNs using the same decentralized network as the mixnet, but without mixing. We will also explore the effect on anonymity of fine-tuning cover traffic, mix delays, and the rate of the Poisson distribution. We'll briefly overview upcoming features on censorship-resistance and postquantum cryptographic security on the network-level Via the SDK, the Nym mixnet remains free to use by hackers to build the next generation of privacy infrastructure.

TLS has secured the internet for decades, but it has a major limitation: because TLS relies on symmetric encryption, data cannot simply be shared with a third party. As a result, most Web data remains locked inside centralized silos. HTTPS provides authenticity and confidentiality, but not verifiable provenance, leaving applications to rely on screenshots, scraped HTML, or centralized access control mechanisms such as OAuth.

zkTLS changes this. Using MPC-TLS and zero-knowledge techniques, zkTLS allows a client to produce cryptographically verifiable proofs and attestations of real HTTPS sessions. This makes previously inaccessible user data portable, trustworthy, and reusable across applications. Importantly, zkTLS places the user in control: the user decides what to disclose, without exposing secrets (e.g. authentication tokens) or revealing unnecessary fields in a response.

In this talk, we will: * explain how zkTLS works at a protocol level (MPC-TLS, transcript commitments, zero-knowledge) * present real-world use cases * discuss security and trust assumptions * demonstrate TLSNotary running in the browser, generating proofs from private HTTPS requests

Attendees will see how zkTLS provides a practical path toward user-controlled data provenance, enabling open innovation on top of the world’s existing HTTPS infrastructure.

Public certificate authorities in TLS are a security liability from both a censorship and MITM perspective. Conceptually, DNSSEC's idea of tying PKI to domain names should be a better replacement -- except that in the DNS, relying on the names means trusting the registrars, registries, and ICANN. But what if we had self-authenticating domain names? Could we build a PKI on top of those? Could such a PKI work with unmodified mainstream web browsers like Chromium, Firefox, and Tor Browser?

We've done exactly that. Namecoin (a blockchain naming system providing the .bit TLD) and Tor (an anonymity network providing the .onion TLD) provide the self-authenticating domain names. This talk covers how we made the PKI. Topics to be discussed include:

• Why public certificate authorities are dangerous.
• Prior work on using DNS as a PKI (and why it's less useful for us than you might think).
• How we creatively used API's to get mainstream TLS implementations to use Namecoin to validate TLS certificates.
• Why you might want to use TLS with Tor onion services (and why onion service encryption might not be as secure as you think).
• How we generalized Namecoin TLS to work with Tor onion services.
• How we made TLS implementations that don't support Ed25519 work anyway with Tor onion services (which rely on Ed25519).
• How we can use TLS with Namecoin without putting a TLSA record on the blockchain (for better scalability).
• How Namecoin's smart contract functionality (allowing multisig and timelocks to control updating a name) interacts with PKI use cases.
• How we generalized Namecoin and Tor PKI to work with non-TLS protocols.
• How revocations can be handled securely.
• How we ensured anonymity (including Tor stream isolation) despite TLS implementations not providing API's for this.

Gosling is a Tor onionservice-based protocol and Rust reference-implementation which allows developers to build privacy-preserving p2p applications with the following properties: - persistent authenticated peer identity - end-to-end encrypted - anonymity - metadata resistance - decentralisation - real-time communication

This talk will go over the complexities involved in combining all of these properties (with a focus on metadata resistance) and describe how Gosling solves these problems.

Short summary of what happened until now and details about the main topics for the afternoon session.

Today, much of the open-source ecosystem depends on a few centralized code forges, even though modern version control systems are designed with fully distributed collaboration in mind. This creates questionable dependencies with regards to governance and supply-chain security. In this talk, we explore an alternative: Radicle, a decentralized, peer-to-peer, open source, code collaboration stack built on Git, that empowers developers to work together while staying sovereign.

Unlike traditional, centralized code forges (such as GitHub or GitLab) that can impose censorship, Radicle ensures that each user retains control over their data, interactions, and collaboration, free from corporate influence. This aligns with broader movements toward decentralization, open-source software, and the democratization of internet services.

• We describe the Radicle gossip protocol, peer discovery, and secure data replication through cryptographic verification.
• We share plans for future development of the network.

Attendees gain a comprehensive understanding of Radicle’s technical architecture, its practical benefits for decentralized code collaboration, and how it contributes to a more autonomous and resilient future for open-source development.

Find out more: - FAQ of the project (radicle.xyz) - How we built a gossip layer and CRDT on top of Git by Alexis Sellier at GitMerge 2024 (youtube.com) - Release Notes for 1.0.0 (radicle.xyz) - Release Notes for 1.1.0 (radicle.xyz) - Release Notes for 1.2.0 (radicle.xyz) - Release Notes for 1.3.0 (radicle.xyz) - Release Notes for 1.4.0 (radicle.xyz) - Release Notes for 1.5.0 (radicle.xyz) - radicle.zulipchat.com

Free your code!

We introduce Peergos, a peer-to-peer protocol for end-to-end encrypted storage, social networking, and application hosting built on top of libp2p. Peergos combines cryptographic identity, content addressing, and decentralized access control into a unified protocol where users fully control their data, identity, and applications without relying on trusted servers.

Instead of treating encryption as an add-on, Peergos integrates cryptographic capabilities directly into its data model: files, directories, social data, and application state are all encrypted and access-controlled by default. We will explain the design of Peergos’ capability-based access control, how key rotation and sharing work in practice, and how identity portability is achieved without central authorities.

We will also introduce the Peergos application sandbox, which allows untrusted applications to operate over private user data without exposing plaintext or keys. This enables privacy-preserving apps such as social feeds, collaborative editing, and backups to run directly on encrypted storage.

The talk will include live demos and a discussion of performance trade-offs, limitations, and open problems in decentralized encrypted systems, including search, discovery, and offline access.

More info: https://peergos.org

https://book.peergos.org

https://github.com/peergos/peergos

OCapN (Object Capability Network) is a secure messaging protocol designed for the next generation of distributed applications. It leverages the capability security model (if you don't have it, you can't use it) to provide secure, peer-to-peer functionality with ergonomics that resemble ordinary programming. It has a rich set of features including promise pipelining, network transport agnosticism, error handling across networks, distributed acyclic garbage collection, and third-party handoffs providing powerful ways to share references with any peer. This talk will provide a tour of the protocol and show how it makes distributed, peer-to-peer development easier.

iroh is a library to establish direct connections between two peers, wherever they are on the internet. It takes care of using different transports and holepunching as needed, to reliably establish connectivity. To the application a normal QUIC connection is presented. The aim is to be a connection layer for p2p, providing greater user agency.

Once there is a QUIC connection between two peers other network protocols can be run on top. iroh encouranges mixing and matching custom protocols as the application needs them. Two such building blocks maintained by the same team are iroh-gossip and iroh-blobs, implementations of gossip and verified streaming.

After explaining how the core iroh system works and what applications need to understand the idea of how iroh encourages modular protocols will be described and iroh-gossip and iroh-blobs building blocks will be presented briefly as part of this.

NextGraph is a protocol, a framework, and a platform that supports development of Local-First, decentralized, secure and private apps.

By combining the best of the local first world (Yjs, Automerge CRDT libraries), a graph database, DID (decentralized identifiers) for users and documents, and end-to-end encryption plus encryption at rest, we provide an SDK that offers all the requirements of portability, interoperability and security needed today for a true alternative to Big Tech platforms and products.

In this talk, we would like to dive into details of implementation of the E2EE sync protocol, the specifics of an encrypted sync protocol for CRDTs, the cryptographic capabilities that enable decentralized access control, and our 2-tier overlay network based on a pub/sub. Our philosophy is "zero single point of failure". With that in mind, we completely got rid of dependencies on DNS, and only rely on IP. Our broker can be and should be self-hosted, and forms a federation of decentralized servers.

The protocol and SDK can be used to develop any kind of app, including messenger, productivity tools, editors, and social networks. All apps developed with our SDK can be built to webapp, Linux, Android, iOS, macOS and Win, thanks to the use of Tauri. All our codebase is in Rust, and MIT/Apache 2.0 of course. We recently released a new ORM mechanism that does all the heavy lifting of managing the database. Developers just need to declare the schema they want to use, and then objects are directly mapped to reactive components in React, Svelte, VueJS, via proxies and signals.

The Walkaway-Stack describes a peer-to-peer system where applications remain functional even if the underlying "event delivery" infrastructure changes. This enables seamless transitions between different network types—whether moving from a "connected" Internet stack to a "connectionless" mesh network, or from radio protocols to sneakernets, and vice versa. In this way, applications are decoupled from the underlying network, giving users the autonomy to choose their preferred infrastructure.

In this presentation, I'll explore the space more broadly—examining why it's so exciting, why it's not fully solved yet, and where things currently stand. Hopefully, this will also reveal a theoretical overlap between "mesh protocols" and "overlay networks," which may actually be more closely related than we realize.

Background

This lecture will be a compressed version of the "p2p lecture series" I've been then running bi-weekly in our community space "offline" in Berlin.

Reticulum is a cryptography-based networking stack designed for resilient, decentralised mesh communication without central coordination, source addresses, or trusted infrastructure. While the reference implementation in Python demonstrates the architecture’s strengths, running it on mobile and embedded systems revealed major performance bottlenecks: high latency, limited throughput, and heavy CPU overhead, especially on Android devices. This led us to re-implement Reticulum in Rust, a language whose safety guarantees and mature cryptographic ecosystem enable a fundamental architectural redesign rather than a direct port.

This talk presents Reticulum-rs, a modern async Rust implementation that eliminates circular dependencies, clarifies module boundaries, and enables components such as links, channels, and transport to be reasoned about and tested independently. We will discuss the concurrency model required for a fully distributed mesh, the challenges in rewriting a large cross-linked system in a type-safe language, and the roadmap toward embedded Rust and no_std targets for future low-power hardware. Finally, we introduce early applications built on the new stack, including a peer-to-peer VPN and MAVLink bridge operating over Reticulum, outlining how a high-performance Rust core unlocks new use cases across mobile mesh, and distributed robotics domains.

qaul is a P2P mesh communication app, with a strong focus on privacy and usability. Every user is identified via their self-sovereign cryptographic identity.

It not only communicates P2P, but builds a mesh network, interconnecting multiple communication such as BLE (Bluetooth Low Energy), Local Area Networks, and Internet overlay links.

The messaging app has an automated user discovery, end-to-end encrypted direct messaging and group chats for text, voice-messages and files, as well as public communication channels.

https://qaul.net

During the past year, Delta Chat has been working on multi-relay chat messaging - you are no longer restricted to one server hosting your identity and transmitting your messages. Instead, the decentralized chatmail relay network transmits your messages, while your identity remains on your devices only, through the cryptographic key.

In this talk we go into the technical details of multi-relay. We show how we migrate the ecosystem to this new approach, and how it can be introduced without taking away the seamless messaging experience from users.

• Delta Chat website: https://delta.chat
• Chatmail relay documentation: https://chatmail.at/doc/relay/

Recap of the main topics and news about what's next with the decentral.community