The Internet landscape is evermore on it’s steadfast course towards surveillance and centralization. Video content and streaming out of CDNs now account for half of all global traffic; splinternets are now a thing, from China to South Korea, from Russia to Iran; mandatory backdoors on communication platforms are just around the conner with EU’s Chat Control. In this scenario, where most Internet connected devices have become tools of imprisonment rather than liberation, reviving the old Internet ethos of peer-to-peer (P2P) and private communication is of uttermost importance.
This is the revival of the Decentralized Internet and Privacy Devroom at FOSDEM 2026.
The devroom and the program is coordinated by decentral.community and RIAT.
Can we make the web more decentralized and more private without asking users to switch browsers? For the past five years, the IPFS ecosystem has pioneered multiple approaches to this challenge. This talk shares hard-won lessons about what works—and what doesn't.
We'll cover three parallel strategies: (1) pushing for native protocol support in major browsers, (2) driving adoption of critical cryptographic building blocks (such as Ed25519 into WebCrypto API, a three-year standards journey led by Igalia that just succeeded in Chrome 137), and (3) using existing browser capabilities in novel ways.
The work emerged from IPFS's needs, but the benefits extend far beyond one protocol. Ed25519 in browsers now helps decentralized identity systems, local-first apps, and any protocol needing trustless verification — all without developers bundling their own cryptography libraries.
The talk will be practical and honest: What takes three years versus three months? How do you fund unglamorous infrastructure work? When should you work around browser limitations versus push for standards changes? Attendees will leave with actionable insights for pushing privacy and decentralization into mainstream web infrastructure, plus a preview of what's coming next.
Links: - ipfs.io - https://blogs.igalia.com/jfernandez/2025/08/25/ed25519-support-lands-in-chrome-what-it-means-for-developers-and-the-web/
The massive size of browser engines has concentrated power over the web platform into a few large corporations. Creating a new browser engine that is sufficiently featureful to be an alternative to the Big Three is practically impossible. But what if we could shrink the footprint of a browser's core? What if a browser was little more than a WebAssembly (Wasm) runtime and nearly everything else was an extension? By breaking up the monolith we would have a chance to re-decentralize control over the web. This talk will explore what a modular web platform might look like with Wasm at its core, with a focus on how Wasm GC enables the mission-critical feature of safely sharing resources amongst components.
In recent decades, the internet has increasingly become centralized, shifting from its hacker-driven origins into a cartel of advertising companies. It won't get better if we allow these same companies to drive the design of the web browsers and their protocols.
Within hacker communities, many solutions have been developed to mitigate centralization, but their adoption has been limited, often because they require specialized expertise to be operated safely.
In this talk I'll introduce you to a new open-source project that aims to provide an accessible alternative by building a web browser that is able to fetch web content using the BitTorrent protocol in tandem with the Tor network.
We will dive into the ethical, security, and privacy trade-offs at play when designing such an alternative web.
The IvI Project: https://ivi.eco
Historically, peer-to-peer communication has been at the heart of the internet since its early days, reaching its peak in the late 90s when the web truly became a platform for sharing knowledge and art. For a moment it felt like we could exchange freely with anyone else. Unfortunately, that did not last long: legal restrictions, centralization and the emergence of commercial streaming services did eventually reshape the internet.
But the peer-to-peer spirit did not die. Over times many tools have been developed to try to keep the web decentralized and open. They are all contributing to forge a vision in which the internet network must be owned and operated by its users.
The project "IvI" that I'm introducing to you tries to bring those pieces together in a way that makes it accessible to anyone: a web browser that streams web content using BitTorrent while guarding privacy using the Tor network. It allows people in different parts of the world to help each other access content freely, even when local internet providers or policies impose restrictions on torrenting.
Rebuilding the web using this model allow us to mitigate the risks of mass surveillance and censorship by design. Though seeding activity is public, the decentralized nature of the network makes it difficult to trace who is accessing what, or from where. It also builds solidarity into the web itself: users helping users across borders through open technology... but it does also raise complex ethical questions.
When users set up their "Akoopa" browser, they will have the choice to operate under a public or private (cloaked) profile.
By choosing a public profile, the node will communicate with the BitTorrent mainline DHT, it participates as an active node in traditional BitTorrent swarms. But here's the twist: a public node also exposes itself using an onion service which is only advertised to peers running the IvI stack. On the other hand, all the HTTP browsing traffic goes through Tor, effectively preventing websites (or their advertisers) from correlating the torrenting activity.
Alternatively, by choosing a private profile, all communications will go through Tor. This means that the node can not directly communicate with BitTorrent mainline DHT. Instead, it relies on the overlay network of public IvI nodes to proxy its requests. In such situation it can participate only passively with the traditional BitTorrent nodes, but it is actively supported by the other IvI nodes in the swarm.
With this design in mind, and a carefully hardened BitTorrent client implementation which is respectful of Tor bandwidth and exit policies, we should be able to work around the issues traditionally encountered when torrenting with Tor.
This initiative is not commercial, not governmental; it is just a community effort to reclaim the web’s original spirit. It’s a simple idea that poses this question: What if we delivered the web itself through torrents? The technology exists; now it’s about putting it together and doing so collectively to figure out how to make it work for everyone.
For over a decade, critiques of OpenPGP and GnuPG have resurfaced in cycles: too complex, too fragile, too old, unfriendly, too “cryptonerd.” Modern messaging apps, "forward-secrecy-by-default" protocols, and crypto tools are frequently presented as decisive reasons to abandon GPG altogether. Yet these arguments often rely on a deeper and more troubling assumption: that ordinary users cannot and should not be expected to understand or control their own cryptographic identity.
This talk challenges that premise.
GnuPG is not merely another encryption tool; it is one of the few remaining technologies that give individuals total sovereign control over their cryptographic keys and consequently, over their digital identity. In an era increasingly shaped by "digital feudalism", where platforms dictate the limits of user agency under the guise of convenience, GPG represents a radically different model: federation instead of walled gardens, user-owned keys instead of opaque key escrow, and a trust model that distributes power horizontally rather than concentrating it in corporate or governmental authorities.
This presentation revisits the popular criticisms such as complexity, usability, lack of forward secrecy, the Web of Trust, aging cryptographic primitives and examines which reflect genuine limitations and which reflect a shift in cultural expectations shaped by centralized, app-centric design. It also highlights the unique strengths of GPG: asymmetric communication without a central provider, universal applicability far beyond email, a single identity usable across code-signing, backup encryption, SSH, authentication, and fully offline communication.
Finally, it explores the broader political and social context: why long term key ownership matters, why revocability and inspectability are essential freedoms, and why privacy cannot be sustainably outsourced to corporations whose incentives are misaligned with user autonomy. While modern protocols like Signal and Matrix bring important innovations, none yet replace the core promise of OpenPGP that cryptographic self determination remains possible.
This talk argues that dismissing GPG as "too hard" risks conceding our digital agency to systems designed to keep users passive. In a world where ideas outlive the apps that package them, GPG’s foundational idea (users should own their keys) remains not only relevant, but indispensable.
Nym is the first decentralized noise-generating mixnet to provision real-world network anonymity to Internet users even against nation-state adversaries. The aim here is to supersede existing VPNs in order to fight increasingly more powerful authoritarianism and surveillance. Unlike traditional centralized VPNs that can be de-anonymized by a global passive adversary - like the NSA - based on their traffic patterns, Nym adds noise (“cover traffic”) to existing Internet communications. Similar to Tor, Nym routes each packet separately over a decentralized network of servers, but unlike Tor, mixes traffic and adds noise at each hop. It has both a “fast” and “anonymous” mode. The “fast” mode features speeds comparable to centralized VPNs using the same decentralized network as the mixnet, but without mixing. We will also explore the effect on anonymity of fine-tuning cover traffic, mix delays, and the rate of the Poisson distribution. We'll briefly overview upcoming features on censorship-resistance and postquantum cryptographic security on the network-level Via the SDK, the Nym mixnet remains free to use by hackers to build the next generation of privacy infrastructure.
TLS has secured the internet for decades, but it has a major limitation: because TLS relies on symmetric encryption, data cannot simply be shared with a third party. As a result, most Web data remains locked inside centralized silos. HTTPS provides authenticity and confidentiality, but not verifiable provenance, leaving applications to rely on screenshots, scraped HTML, or centralized access control mechanisms such as OAuth.
zkTLS changes this. Using MPC-TLS and zero-knowledge techniques, zkTLS allows a client to produce cryptographically verifiable proofs and attestations of real HTTPS sessions. This makes previously inaccessible user data portable, trustworthy, and reusable across applications. Importantly, zkTLS places the user in control: the user decides what to disclose, without exposing secrets (e.g. authentication tokens) or revealing unnecessary fields in a response.
In this talk, we will: * explain how zkTLS works at a protocol level (MPC-TLS, transcript commitments, zero-knowledge) * present real-world use cases * discuss security and trust assumptions * demonstrate TLSNotary running in the browser, generating proofs from private HTTPS requests
Attendees will see how zkTLS provides a practical path toward user-controlled data provenance, enabling open innovation on top of the world’s existing HTTPS infrastructure.
Public certificate authorities in TLS are a security liability from both a censorship and MITM perspective. Conceptually, DNSSEC's idea of tying PKI to domain names should be a better replacement -- except that in the DNS, relying on the names means trusting the registrars, registries, and ICANN. But what if we had self-authenticating domain names? Could we build a PKI on top of those? Could such a PKI work with unmodified mainstream web browsers like Chromium, Firefox, and Tor Browser?
We've done exactly that. Namecoin (a blockchain naming system providing the .bit TLD) and Tor (an anonymity network providing the .onion TLD) provide the self-authenticating domain names. This talk covers how we made the PKI. Topics to be discussed include:
Gosling is a Tor onionservice-based protocol and Rust reference-implementation which allows developers to build privacy-preserving p2p applications with the following properties: - persistent authenticated peer identity - end-to-end encrypted - anonymity - metadata resistance - decentralisation - real-time communication
This talk will go over the complexities involved in combining all of these properties (with a focus on metadata resistance) and describe how Gosling solves these problems.
Short summary of what happened until now and details about the main topics for the afternoon session.
Today, much of the open-source ecosystem depends on a few centralized code forges, even though modern version control systems are designed with fully distributed collaboration in mind. This creates questionable dependencies with regards to governance and supply-chain security. In this talk, we explore an alternative: Radicle, a decentralized, peer-to-peer, open source, code collaboration stack built on Git, that empowers developers to work together while staying sovereign.
Unlike traditional, centralized code forges (such as GitHub or GitLab) that can impose censorship, Radicle ensures that each user retains control over their data, interactions, and collaboration, free from corporate influence. This aligns with broader movements toward decentralization, open-source software, and the democratization of internet services.
Attendees gain a comprehensive understanding of Radicle’s technical architecture, its practical benefits for decentralized code collaboration, and how it contributes to a more autonomous and resilient future for open-source development.
Find out more: - FAQ of the project (radicle.xyz) - How we built a gossip layer and CRDT on top of Git by Alexis Sellier at GitMerge 2024 (youtube.com) - Release Notes for 1.0.0 (radicle.xyz) - Release Notes for 1.1.0 (radicle.xyz) - Release Notes for 1.2.0 (radicle.xyz) - Release Notes for 1.3.0 (radicle.xyz) - Release Notes for 1.4.0 (radicle.xyz) - Release Notes for 1.5.0 (radicle.xyz) - radicle.zulipchat.com
Free your code!
We introduce Peergos, a peer-to-peer protocol for end-to-end encrypted storage, social networking, and application hosting built on top of libp2p. Peergos combines cryptographic identity, content addressing, and decentralized access control into a unified protocol where users fully control their data, identity, and applications without relying on trusted servers.
Instead of treating encryption as an add-on, Peergos integrates cryptographic capabilities directly into its data model: files, directories, social data, and application state are all encrypted and access-controlled by default. We will explain the design of Peergos’ capability-based access control, how key rotation and sharing work in practice, and how identity portability is achieved without central authorities.
We will also introduce the Peergos application sandbox, which allows untrusted applications to operate over private user data without exposing plaintext or keys. This enables privacy-preserving apps such as social feeds, collaborative editing, and backups to run directly on encrypted storage.
The talk will include live demos and a discussion of performance trade-offs, limitations, and open problems in decentralized encrypted systems, including search, discovery, and offline access.
More info: https://peergos.org
https://book.peergos.org
https://github.com/peergos/peergos
OCapN (Object Capability Network) is a secure messaging protocol designed for the next generation of distributed applications. It leverages the capability security model (if you don't have it, you can't use it) to provide secure, peer-to-peer functionality with ergonomics that resemble ordinary programming. It has a rich set of features including promise pipelining, network transport agnosticism, error handling across networks, distributed acyclic garbage collection, and third-party handoffs providing powerful ways to share references with any peer. This talk will provide a tour of the protocol and show how it makes distributed, peer-to-peer development easier.
iroh is a library to establish direct connections between two peers, wherever they are on the internet. It takes care of using different transports and holepunching as needed, to reliably establish connectivity. To the application a normal QUIC connection is presented. The aim is to be a connection layer for p2p, providing greater user agency.
Once there is a QUIC connection between two peers other network protocols can be run on top. iroh encouranges mixing and matching custom protocols as the application needs them. Two such building blocks maintained by the same team are iroh-gossip and iroh-blobs, implementations of gossip and verified streaming.
After explaining how the core iroh system works and what applications need to understand the idea of how iroh encourages modular protocols will be described and iroh-gossip and iroh-blobs building blocks will be presented briefly as part of this.
NextGraph is a protocol, a framework, and a platform that supports development of Local-First, decentralized, secure and private apps.
By combining the best of the local first world (Yjs, Automerge CRDT libraries), a graph database, DID (decentralized identifiers) for users and documents, and end-to-end encryption plus encryption at rest, we provide an SDK that offers all the requirements of portability, interoperability and security needed today for a true alternative to Big Tech platforms and products.
In this talk, we would like to dive into details of implementation of the E2EE sync protocol, the specifics of an encrypted sync protocol for CRDTs, the cryptographic capabilities that enable decentralized access control, and our 2-tier overlay network based on a pub/sub. Our philosophy is "zero single point of failure". With that in mind, we completely got rid of dependencies on DNS, and only rely on IP. Our broker can be and should be self-hosted, and forms a federation of decentralized servers.
The protocol and SDK can be used to develop any kind of app, including messenger, productivity tools, editors, and social networks. All apps developed with our SDK can be built to webapp, Linux, Android, iOS, macOS and Win, thanks to the use of Tauri. All our codebase is in Rust, and MIT/Apache 2.0 of course. We recently released a new ORM mechanism that does all the heavy lifting of managing the database. Developers just need to declare the schema they want to use, and then objects are directly mapped to reactive components in React, Svelte, VueJS, via proxies and signals.
The Walkaway-Stack describes a peer-to-peer system where applications remain functional even if the underlying "event delivery" infrastructure changes. This enables seamless transitions between different network types—whether moving from a "connected" Internet stack to a "connectionless" mesh network, or from radio protocols to sneakernets, and vice versa. In this way, applications are decoupled from the underlying network, giving users the autonomy to choose their preferred infrastructure.
In this presentation, I'll explore the space more broadly—examining why it's so exciting, why it's not fully solved yet, and where things currently stand. Hopefully, this will also reveal a theoretical overlap between "mesh protocols" and "overlay networks," which may actually be more closely related than we realize.
Background
This lecture will be a compressed version of the "p2p lecture series" I've been then running bi-weekly in our community space "offline" in Berlin.
Reticulum is a cryptography-based networking stack designed for resilient, decentralised mesh communication without central coordination, source addresses, or trusted infrastructure. While the reference implementation in Python demonstrates the architecture’s strengths, running it on mobile and embedded systems revealed major performance bottlenecks: high latency, limited throughput, and heavy CPU overhead, especially on Android devices. This led us to re-implement Reticulum in Rust, a language whose safety guarantees and mature cryptographic ecosystem enable a fundamental architectural redesign rather than a direct port.
This talk presents Reticulum-rs, a modern async Rust implementation that eliminates circular dependencies, clarifies module boundaries, and enables components such as links, channels, and transport to be reasoned about and tested independently. We will discuss the concurrency model required for a fully distributed mesh, the challenges in rewriting a large cross-linked system in a type-safe language, and the roadmap toward embedded Rust and no_std targets for future low-power hardware. Finally, we introduce early applications built on the new stack, including a peer-to-peer VPN and MAVLink bridge operating over Reticulum, outlining how a high-performance Rust core unlocks new use cases across mobile mesh, and distributed robotics domains.
qaul is a P2P mesh communication app, with a strong focus on privacy and usability. Every user is identified via their self-sovereign cryptographic identity.
It not only communicates P2P, but builds a mesh network, interconnecting multiple communication such as BLE (Bluetooth Low Energy), Local Area Networks, and Internet overlay links.
The messaging app has an automated user discovery, end-to-end encrypted direct messaging and group chats for text, voice-messages and files, as well as public communication channels.
https://qaul.net
During the past year, Delta Chat has been working on multi-relay chat messaging - you are no longer restricted to one server hosting your identity and transmitting your messages. Instead, the decentralized chatmail relay network transmits your messages, while your identity remains on your devices only, through the cryptographic key.
In this talk we go into the technical details of multi-relay. We show how we migrate the ecosystem to this new approach, and how it can be introduced without taking away the seamless messaging experience from users.
Recap of the main topics and news about what's next with the decentral.community