5 short minutes with a bit of our history and details about the main topics for the morning session.
Can we make the web more decentralized and more private without asking users to switch browsers? For the past five years, the IPFS ecosystem has pioneered multiple approaches to this challenge. This talk shares hard-won lessons about what works—and what doesn't.
We'll cover three parallel strategies: (1) pushing for native protocol support in major browsers, (2) driving adoption of critical cryptographic building blocks (such as Ed25519 into WebCrypto API, a three-year standards journey led by Igalia that just succeeded in Chrome 137), and (3) using existing browser capabilities in novel ways.
The work emerged from IPFS's needs, but the benefits extend far beyond one protocol. Ed25519 in browsers now helps decentralized identity systems, local-first apps, and any protocol needing trustless verification — all without developers bundling their own cryptography libraries.
The talk will be practical and honest: What takes three years versus three months? How do you fund unglamorous infrastructure work? When should you work around browser limitations versus push for standards changes? Attendees will leave with actionable insights for pushing privacy and decentralization into mainstream web infrastructure, plus a preview of what's coming next.
Links: - ipfs.io - https://blogs.igalia.com/jfernandez/2025/08/25/ed25519-support-lands-in-chrome-what-it-means-for-developers-and-the-web/
The massive size of browser engines has concentrated power over the web platform into a few large corporations. Creating a new browser engine that is sufficiently featureful to be an alternative to the Big Three is practically impossible. But what if we could shrink the footprint of a browser's core? What if a browser was little more than a WebAssembly (Wasm) runtime and nearly everything else was an extension? By breaking up the monolith we would have a chance to re-decentralize control over the web. This talk will explore what a modular web platform might look like with Wasm at its core, with a focus on how Wasm GC enables the mission-critical feature of safely sharing resources amongst components.
For over a decade, critiques of OpenPGP and GnuPG have resurfaced in cycles: too complex, too fragile, too old, unfriendly, too “cryptonerd.” Modern messaging apps, "forward-secrecy-by-default" protocols, and crypto tools are frequently presented as decisive reasons to abandon GPG altogether. Yet these arguments often rely on a deeper and more troubling assumption: that ordinary users cannot and should not be expected to understand or control their own cryptographic identity.
This talk challenges that premise.
GnuPG is not merely another encryption tool; it is one of the few remaining technologies that give individuals total sovereign control over their cryptographic keys and consequently, over their digital identity. In an era increasingly shaped by "digital feudalism", where platforms dictate the limits of user agency under the guise of convenience, GPG represents a radically different model: federation instead of walled gardens, user-owned keys instead of opaque key escrow, and a trust model that distributes power horizontally rather than concentrating it in corporate or governmental authorities.
This presentation revisits the popular criticisms such as complexity, usability, lack of forward secrecy, the Web of Trust, aging cryptographic primitives and examines which reflect genuine limitations and which reflect a shift in cultural expectations shaped by centralized, app-centric design. It also highlights the unique strengths of GPG: asymmetric communication without a central provider, universal applicability far beyond email, a single identity usable across code-signing, backup encryption, SSH, authentication, and fully offline communication.
Finally, it explores the broader political and social context: why long term key ownership matters, why revocability and inspectability are essential freedoms, and why privacy cannot be sustainably outsourced to corporations whose incentives are misaligned with user autonomy. While modern protocols like Signal and Matrix bring important innovations, none yet replace the core promise of OpenPGP that cryptographic self determination remains possible.
This talk argues that dismissing GPG as "too hard" risks conceding our digital agency to systems designed to keep users passive. In a world where ideas outlive the apps that package them, GPG’s foundational idea (users should own their keys) remains not only relevant, but indispensable.
In this talk we examine the GNU Name System (RFC 9498) a decentralized directory protocol with a reference implementation in GNUnet. We present its features, potential governance models and future developments including, in particular, the challenges a PQC transition of the cryptography poses.
https://www.rfc-editor.org/rfc/rfc9498.html https://www.gnunet.org/en/gns.html https://nlnet.nl/project/TALER-LookupService/ (See recording https://ngi.eu/ngi-forum25/#1752090697345-640b0769-3184 for a quick overview) https://www.gnunet.org/en/reclaim/index.html
Public certificate authorities in TLS are a security liability from both a censorship and MITM perspective. Conceptually, DNSSEC's idea of tying PKI to domain names should be a better replacement -- except that in the DNS, relying on the names means trusting the registrars, registries, and ICANN. But what if we had self-authenticating domain names? Could we build a PKI on top of those? Could such a PKI work with unmodified mainstream web browsers like Chromium, Firefox, and Tor Browser?
We've done exactly that. Namecoin (a blockchain naming system providing the .bit TLD) and Tor (an anonymity network providing the .onion TLD) provide the self-authenticating domain names. This talk covers how we made the PKI. Topics to be discussed include:
Short summary of what happened until now and details about the main topics for the afternoon session.
We introduce Peergos, a peer-to-peer protocol for end-to-end encrypted storage, social networking, and application hosting built on top of libp2p. Peergos combines cryptographic identity, content addressing, and decentralized access control into a unified protocol where users fully control their data, identity, and applications without relying on trusted servers.
Instead of treating encryption as an add-on, Peergos integrates cryptographic capabilities directly into its data model: files, directories, social data, and application state are all encrypted and access-controlled by default. We will explain the design of Peergos’ capability-based access control, how key rotation and sharing work in practice, and how identity portability is achieved without central authorities.
We will also introduce the Peergos application sandbox, which allows untrusted applications to operate over private user data without exposing plaintext or keys. This enables privacy-preserving apps such as social feeds, collaborative editing, and backups to run directly on encrypted storage.
The talk will include live demos and a discussion of performance trade-offs, limitations, and open problems in decentralized encrypted systems, including search, discovery, and offline access.
More info: https://peergos.org https://book.peergos.org https://github.com/peergos/peergos
OCapN (Object Capability Network) is a secure messaging protocol designed for the next generation of distributed applications. It leverages the capability security model (if you don't have it, you can't use it) to provide secure, peer-to-peer functionality with ergonomics that resemble ordinary programming. It has a rich set of features including promise pipelining, network transport agnosticism, error handling across networks, distributed acyclic garbage collection, and third-party handoffs providing powerful ways to share references with any peer. This talk will provide a tour of the protocol and show how it makes distributed, peer-to-peer development easier.
iroh is a library to establish direct connections between two peers, wherever they are on the internet. It takes care of using different transports and holepunching as needed, to reliably establish connectivity. To the application a normal QUIC connection is presented. The aim is to be a connection layer for p2p, providing greater user agency.
Once there is a QUIC connection between two peers other network protocols can be run on top. iroh encouranges mixing and matching custom protocols as the application needs them. Two such building blocks maintained by the same team are iroh-gossip and iroh-blobs, implementations of gossip and verified streaming.
After explaining how the core iroh system works and what applications need to understand the idea of how iroh encourages modular protocols will be described and iroh-gossip and iroh-blobs building blocks will be presented briefly as part of this.
NextGraph is a protocol, a framework, and a platform that supports development of Local-First, decentralized, secure and private apps.
By combining the best of the local first world (Yjs, Automerge CRDT libraries), a graph database, DID (decentralized identifiers) for users and documents, and end-to-end encryption plus encryption at rest, we provide an SDK that offers all the requirements of portability, interoperability and security needed today for a true alternative to Big Tech platforms and products.
In this talk, we would like to dive into details of implementation of the E2EE sync protocol, the specifics of an encrypted sync protocol for CRDTs, the cryptographic capabilities that enable decentralized access control, and our 2-tier overlay network based on a pub/sub. Our philosophy is "zero single point of failure". With that in mind, we completely got rid of dependencies on DNS, and only rely on IP. Our broker can be and should be self-hosted, and forms a federation of decentralized servers.
The protocol and SDK can be used to develop any kind of app, including messenger, productivity tools, editors, and social networks. All apps developed with our SDK can be built to webapp, Linux, Android, iOS, macOS and Win, thanks to the use of Tauri. All our codebase is in Rust, and MIT/Apache 2.0 of course. We recently released a new ORM mechanism that does all the heavy lifting of managing the database. Developers just need to declare the schema they want to use, and then objects are directly mapped to reactive components in React, Svelte, VueJS, via proxies and signals.
The Walkaway-Stack describes a peer-to-peer system where applications remain functional even if the underlying "event delivery" infrastructure changes. This enables seamless transitions between different network types—whether moving from a "connected" Internet stack to a "connectionless" mesh network, or from radio protocols to sneakernets, and vice versa. In this way, applications are decoupled from the underlying network, giving users the autonomy to choose their preferred infrastructure.
In this presentation, I'll explore the space more broadly—examining why it's so exciting, why it's not fully solved yet, and where things currently stand. Hopefully, this will also reveal a theoretical overlap between "mesh protocols" and "overlay networks," which may actually be more closely related than we realize.
Background
This lecture will be a compressed version of the "p2p lecture series" I've been then running bi-weekly in our community space "offline" in Berlin: https://pads.offline.place/p/r.06dda241c03ad92f2a55c47f4bbdd419
Reticulum is a cryptography-based networking stack designed for resilient, decentralised mesh communication without central coordination, source addresses, or trusted infrastructure. While the reference implementation in Python demonstrates the architecture’s strengths, running it on mobile and embedded systems revealed major performance bottlenecks: high latency, limited throughput, and heavy CPU overhead, especially on Android devices. This led us to re-implement Reticulum in Rust, a language whose safety guarantees and mature cryptographic ecosystem enable a fundamental architectural redesign rather than a direct port.
This talk presents Reticulum-rs, a modern async Rust implementation that eliminates circular dependencies, clarifies module boundaries, and enables components such as links, channels, and transport to be reasoned about and tested independently. We will discuss the concurrency model required for a fully distributed mesh, the challenges in rewriting a large cross-linked system in a type-safe language, and the roadmap toward embedded Rust and no_std targets for future low-power hardware. Finally, we introduce early applications built on the new stack, including a peer-to-peer VPN and MAVLink bridge operating over Reticulum, outlining how a high-performance Rust core unlocks new use cases across mobile mesh, and distributed robotics domains.
qaul is a P2P mesh communication app, with a strong focus on privacy and usability. Every user is identified via their self-sovereign cryptographic identity.
It not only communicates P2P, but builds a mesh network, interconnecting multiple communication such as BLE (Bluetooth Low Energy), Local Area Networks, and Internet overlay links.
The messaging app has an automated user discovery, end-to-end encrypted direct messaging and group chats for text, voice-messages and files, as well as public communication channels.
https://qaul.net
During the past year, Delta Chat has been working on multi-transport chat messaging - you are no longer restricted to one server hosting your identity and transmitting your messages. Instead, the decentralized chatmail relay network transmits your messages, while your identity remains on your devices only, through the cryptographic key.
In this talk we go into the technical details of multi-transport. We show how we migrate the ecosystem to this new approach, and how it can be introduced without taking away the seamless messaging experience from users.