Public Interest Technology Group

The Need for an OSINT Protocol for Journalists

Mon, 23 Mar 2026 08:00:00 +0000

In the first hours after a missile strike, a natural disaster or a political assassination, the same thing happens every time: social media fills with photos and videos faster than any newsroom can process them. Some are real. Some are from a different country, a different year, a different war. Some are AI-generated. A journalist with a large following shares one without checking. It spreads. By the time the correction goes out, the original post has half a million impressions.

This is the problem that open source intelligence was supposed to solve. And in many ways, it has. But the most powerful investigative tool available to journalists today was not developed for journalists. It was developed for prosecutors, war crimes investigators, and intelligence analysts. Journalists borrowed it, adapted it, and built entire beats around it — without ever stopping to consider specific rules and standards. Especially around ethics.

OSINT, short for Open Source Intelligence, refers to the methodology and tools that leverage public-facing information like satellite imagery, radio, ship and plane tracking data, social media photos and videos, for either storytelling or accountability purposes. (There are far more tools than anyone could master or count, but collectives like Bellingcat do a great job at compiling and explaining what each tool does.)

OSINT helps us verify whether a photo or video is real, where and when it was taken, and whether it’s been used out of context. By examining individuals’ digital footprints, we can identify potential perpetrators and trace chain of command structures for criminal responsibility in war and conflict zones. We can also cross-reference weapons and equipment visible in footage against databases like the Open Source Munitions Portal to identify who the arms suppliers are in a conflict, and use platforms like Flightradar24 and MarineTraffic to track military air and naval movements, blockades, and resource flows.

The possibilities are infinite. But so are the mistakes. In the end, OSINT is less about the tools and more about the methodology. More than the open source information we collect, OSINT is about collecting what is relevant, archiving it, and analyzing it without error.

Most OSINT handbooks and tutorials tend to be tool-oriented. And only recently has the OSINT methodology been codified in documents like the Berkeley Protocol on Digital Open Source Investigations.

In this blog post, I want to argue that even though the Berkeley Protocol has enormously contributed to the field, it is mostly written for those who investigate human rights violations and war crimes at an international level. It doesn’t work for journalists. It’s of course a guiding document on the craft regardless, at a time when blogs are abundant but normative documents are scarce. And yet the Berkeley Protocol reads like a law. It makes sense, as it was written so that social media videos and photos from conflict zones could be accepted as evidence in international courts. It was very much needed in that space.

But it’s of little use to journalists.

Don’t get me wrong: most of the principles are very relevant. Keeping yourself and your team safe, not breaking the law, being transparent in your findings, knowing your biases, and archiving the information you collect are all sound practices. But the Protocol is written in language that is barely understandable by journalists, and it contemplates outputs that have to work within the constraints of a trial, including the right to due process, the legal principle requiring states to respect someone’s rights before depriving them of life, liberty, or property.

Journalism follows a different logic. It involves characters that take the audience through a plot and hold power to account. It operates within a news cycle, and deadlines are a lot stricter. It’s precisely those differences between human rights law and journalism that affect not only the collection methods, but also the outcome, the presentation, and the ethical rules.

It’s time for an OSINT Protocol for journalists and storytellers, especially given its rise in the past years as a method of investigation.

The tools are the same for human rights practitioners and journalists alike. But the methodology, the output, and the process change. What follows is what I think an OSINT Protocol for journalists should include at the minimum, and what it should leave out. These are not meant to be comprehensive, but rather to get the conversation started.

What it should leave out

The Berkeley Protocol has genuinely useful principles that should apply across disciplines, regardless of whether your output is a war crimes tribunal or a front-page story.

But the Protocol was written with a specific reader in mind, one whose job is to build a legal case that can withstand cross-examination in an international court. That reader has to respect the due process rights of the people they’re investigating. Even an alleged war criminal has a right to privacy, a right to a fair trial, and a right not to have evidence collected through methods that could get it thrown out. The Protocol’s stricter principles exist to protect those rights, and to protect the integrity of the prosecution.

Journalists operate under a different obligation. We are accountable to the public and to the truth, not to evidentiary standards designed for The Hague.

Take “data minimization,” the principle that investigators should collect only what is strictly necessary, conduct preliminary assessments before gathering material, and develop formal retention and deletion policies for everything they handle. For a prosecutor, this makes sense: over-collection can constitute a privacy violation and compromise a case. For a journalist, the calculus is different. Our concern when gathering material is relevance to the story, not whether collecting a public social media post might infringe on someone’s legal rights.

The same goes for chain of custody, the strict chronological documentation of who has controlled a piece of evidence, when, and how it was transferred or analyzed, so that it can be admitted in court. Maintaining a formal digital preservation system to satisfy chain of custody requirements is a reasonable demand on a war crimes investigator. It is an unreasonable demand on a reporter working on deadline. That doesn’t mean journalists shouldn’t archive their material carefully. They should, for their own reasons. But the standard is different, and pretending otherwise produces compliance theater rather than better journalism.

What it should include

For all its wonders, OSINT can be abused: exposing someone’s private or intimate information, stalking, harassing, or impersonating could all be done with OSINT tools and methods. That’s why the first thing an OSINT Protocol for journalists should address is ethical standards.

OSINT is still too new in journalism. Ethics codes like the one from the Society of Professional Journalists (SPJ) are not even reflective of the social media era, let alone open source intelligence methods or AI. Some ideas that came up in the Open Source Investigative Reporting class I used to teach with Alexa Koenig and David Barstow at UC Berkeley are the following:

1. We don’t hack. This seems obvious. And yet it needs to be said, because the line between open source investigation and unauthorized access can blur faster than you’d expect, especially when the information is sitting right there, one more click away. OSINT, by definition, is information that is publicly accessible by design, or that has been made available through legal means. OSINT journalism is not hacking. It doesn’t matter how important the story is. It doesn’t matter if the target is a war criminal, a corrupt official, or a corporate fraudster. It doesn’t matter if the door was technically left open. It’s a threshold we shouldn’t cross.

2. We don’t break the law. This principle sounds obvious, but it deserves closer examination because OSINT creates specific ambiguities that general journalism ethics codes were never written to address. Scraping public data might be legal in one country but not in another. In some places you need a person’s consent to record a phone call; in others you can record without it. The ethical principle here is about knowing the laws in the places where you are working, especially given the international nature of OSINT.

3. We don’t doxx people. Doxxing is the act of publishing someone’s private or identifying information with the intent to harass, threaten, or extort. It’s one of the most obvious misuses of OSINT, and it’s sometimes done accidentally. The distinction matters. There is a difference between identifying a person in the public interest, such as naming a military commander responsible for a documented atrocity or identifying the owner of a shell company linked to corruption, and publishing a private individual’s home address, phone number, or daily routine. The first is accountability journalism. The second is unethical.

4. We don’t take advantage of sources. OSINT can create a power imbalance that is different from traditional source relationships. You may know a great deal about someone before they know you exist. You may have their location history, their social connections, their family situation. You may have found them because they posted something in a moment of grief, anger, or confusion, in a community they thought was private, or in a language they didn’t expect a foreign journalist to read. This is especially true when the people you’re dealing with are victims.

5. We fact-check. Fact-checking is different from verification. Fact-checking is about corroborating facts with multiple sources and being clear about where you got your information. Verification in OSINT is about establishing where a photo or video was taken (geolocation) and when it was taken (chronolocation). But OSINT alone is never enough. In 2017, Bellingcat located the site of an execution based on satellite imagery and social media videos, noting that from the satellite you could see what appeared to be blood stains exactly where people had been executed. Fact-checking in OSINT journalism means treating your open source findings as a lead, not a conclusion. In that case, it would mean obtaining additional evidence to confirm that those spots were actually blood, whether through a witness who was present or someone who analyzed the stains directly. It means seeking ground truth: physical verification, on-record sources, documentary evidence that either corroborates or complicates what the data shows. It means being willing to hold a story that is visually compelling but not yet confirmed.

6. We verify before we publish. More and more journalists re-share AI-generated photos or older videos taken out of context and passed off as breaking news. The speed of social media has made this worse: a compelling image gets shared by a journalist with a large following before anyone has asked the basic questions, namely when it was taken, where, and by whom. A new ethical principle for journalists in the disinformation era would be to use OSINT tools and methods to determine the veracity of information before publishing, not after it has already spread. Reverse image search takes thirty seconds. Checking a video’s metadata, cross-referencing landmarks, or running a clip through a tool like InVID takes a few minutes more. These are not exotic skills. They are, increasingly, the minimum standard of care. The correction, when it comes, rarely travels as far as the original error.

A whole discussion could be had about a particularly fraught principle for US-based journalists: “We don’t misrepresent ourselves.” Not everyone takes the same approach, especially with OSINT. Is it acceptable to pose as a white supremacist to gain access to a Facebook group you’re investigating? Do you always have to disclose yourself as a journalist? European news organizations tend to be considerably more permissive about undercover investigations. I’m setting this principle aside for now because it merits its own post.

Conclusion

The OSINT field has matured faster than the frameworks meant to govern it. The Berkeley Protocol was a landmark, rigorous, necessary, and built for a specific purpose. But a document designed to get satellite imagery admitted as evidence at the International Criminal Court was never going to serve a journalist trying to verify a video before a 6 p.m. deadline.

What journalists need is a protocol written in their language, for their constraints, and with their outputs in mind. Not a legal brief, but a practical and honest set of commitments that reflects how open source investigation actually works inside a newsroom: the collaborative chaos of it, the time pressure, the platforms, the AI-generated noise, and the very real ethical traps that existing codes were never designed to catch.

The principles sketched out here, including not hacking, not breaking the law, not doxxing, not exploiting sources, fact-checking, and verifying before publishing, are a starting point, not a finished document. But the conversation has to start somewhere. The disinformation environment isn’t waiting for journalism to catch up, and neither are the people who would misuse these methods. An OSINT Protocol for journalists won’t solve everything. It will, at least, give the field something to argue about. And in journalism, that’s usually how progress gets made.

Gisela Pérez de Acha is an open source investigative reporter specializing on extremism, disinformation and environmental issues. She works as a cybersecurity expert and a digital safety trainer with PEN America. In 2021, she created a partnership between at UC Berkeley’s Investigative Reporting Program and its Human Rights Center to teach a first-of-its-kind Open Source Investigative Reporting course at Berkeley Journalism.

Geopolitics at the Internet’s Core – A Policy Practitioners Perspective

Wed, 04 Feb 2026 08:00:00 +0000

The Internet Protocol was borne out of conflict and that legacy is only intensifying and more visible beyond the expert community as technical infrastructure is increasingly a proxy for political and economic power. After 20 years on the front lines of some rather public, but also very private battels around Internet policy at both the national and international levels, I wanted to offer a fact-based accounting of events. Partnering with a thoughtful, smart, and supportive team of experienced academics on Geopolitics at the Internet’s Core provided that space for me.

Uniquely co-authored by a trio of academics that span both sides of the Atlantic and one former government policy practitioner allowed for the blending of academic analytical research and, on the ground, firsthand policy experience. My participation as a co-author resulted in a drafting process that could be likened to having a “permanent interviewee” as part of the writing team. Crafted over a 4-year period via Google Docs and weekly Zoom meetings, the drafting process was full of spirited discussion, debate, and coordination.

Using the ecosystem approach that is a mainstay of theoretical frameworks from science and technology studies, the Internet Protocol ecosystem can defined as a combination of virtual resources, abstract specifications, tangible infrastructure, functionally specific systems, and the institutions and rules that design, operate, and coordinate these systems. This allows the Internet Protocol to be used as a lens into the governance structure of the Internet, which – while highly decentralized in many aspects – has a few centralized coordination points.

Understanding five key elements is crucial to appreciating what exactly it is about the Internet Protocol that generates so much geopolitical attention. These include the technical criticality of the systems themselves to the Internet, as well as the fact that there is a finite pool of resources prompts concerns of equity. The reality that these resources can be used for personal identification, and if tapped in the right manner can also be a choke point for control, makes them an attractive target for governments, irrespective of impact or effectiveness. Lastly, the not historically market-based approach used to distribute these resources via multistakeholder, or privatized processes raises questions of legitimacy.

The progression of the Internet Protocol has endured crises all along the way and detailing the stories of its foundational struggle (the choice of TCPIP over OSI), the expansion struggle (IPv4 to IPv6), and the oversight struggle (the privatization of the management of the domain name system) clearly demonstrates this point. Weaving in numerous illustrative mini case studies to make different complex issues more accessible, as well as several insights ‘from the field, illustrate how the contemporary policy issues of content, security, and inclusion relate to the IP ecosystem. Stories covered include, the pollicization of IP addresses in Russia’s war on Ukraine, content-blocking efforts to mediate societal concerns related to human safety during the Covid-19 pandemic, and Internet standard bodies capacity development efforts.

Geopolitics at the Internet’s Core concludes by offering a taxonomy of eight levers of power within the IP ecosystem drawn from the case studies presented and suggests this framework could be used for other technologies. Observing that the Internet Protocol ecosystem – rightly or not – has occupied a unique place at the center of many public policy issues in the digital era, controversies around core Internet architecture are a feature of our sociotechnical world. How these conflicts unfold has had and will continue to have enormous consequences for human rights, national security, economic stability, and the very heart of the Internet, which continues to have the Internet Protocol at its core.

Fiona M. Alexander is a Distinguished Fellow at the Internet Governance Lab, American University. She previously worked in the U.S. government at the National Telecommunications and Information Administration. This blog post by Fiona M. Alexander summarizes a presentation she made to the Public Interest Technology Group on November 10, 2025, on a book she co-authored with Dr. Laura DeNardis, Dr. Nanette S. Levinson, and Dr. Francesca Musiani.

The PITG Travel Fund in 2024

Mon, 25 Aug 2025 08:00:00 +0000

The PITG Travel Fund (PITG-TF) operates on a rolling basis to support underrepresented voices in Internet governance and standards bodies. We target individuals from civil society and public interest technology backgrounds who have historically been absent from these technically complex forums. This funding is critical because Internet infrastructure decisions made in these rooms affect billions of users worldwide, yet the voices of those most impacted by surveillance, censorship, and digital inequality are systematically excluded due to financial barriers and institutional gatekeeping.

The PITG Travel Fund supports participation in key organizations including the Internet Engineering Task Force (IETF), World Wide Web Consortium (W3C), International Telecommunications Union (ITU), Institute of Electrical and Electronics Engineers (IEEE), and the 3rd Generation Partnership Project (3GPP), among others, with the goal of promoting public interest perspectives, bridging knowledge gaps between technical communities and civil society, and cultivating sustained participation that increases diversity in these critical spaces where Internet standards are developed.

In 2024, the PITG-TF received 46 applications, and 12 were approved. Grantees attended a wide variety of events, mostly standards fora including IETF (120 and 121) and the Internet Corporation for Assigned Names and Numbers (ICANN 80 and 81), but also other governance spaces such as RightsCon, the Internet Governance Forum and the Association for Women’s Rights in Development (AWID) Forum. We are proud to say that geographic location of grantees was also diverse, as five of them were based in Africa (Morocco, Ghana, Kenya, Nigeria and Zimbabwe), one in Europe (Germany), three in North America (USA), two in South America (Brazil), and one in Asia (Palestine).

Although it is satisfying to see the participation of public interest technologists in these spaces grow, we recognize that there are still some barriers that as a Fund are hard to overcome. Two of the 2024 PITG TF grantees were not able to complete their travel because of visa issues, and some trips had to be delayed for the same reason. Whenever possible we have supported grantees in their visa application processes, arranged their flights and accommodation directly, and we have endeavored to maintain open and honest communication regarding our limitations as a small fund.

We are committed to support under-represented groups to allow them to have meaningful participation in technical standards forums and conversations. That is why we are constantly working on administrative adjustments that help us better respond to their needs and overcome constraints individuals face in attending in-person meetings.

Below are two examples of success of PITG-TF 2024 grantees and what they worked on with the Fund’s support.

Kris Shrishak
Germany, Europe
IETF 120, 20-26 July 2024
Kris has focused their participation in IETF on privacy enhancing technologies related working groups, including HRPC and GREEN BoF. In DULT, Kris had advocated for the threat model draft authors to get inputs from outside US/EU since IETF 119, but it had not still happened; DIEM BoF main use case is the use of digital emblems, something that many participants consider a too broad scope that should be limited to e.g., ICRC, with specific desirable properties; in SAAG and ISOPEN, questions regarding “national” cryptography and its potential standardization at the IETF were raised, but it was stated that IETF itself does not standardize new cryptography and relies on external experts including the academic community for that. Kris considers as problematic that DULT and PPM are working on corporate models and interests, with a lack of discussion and advances on reducing data collection.

“I realized the importance of BoF sessions during this IETF (I had previously only attended DULT BoF). They help scope working groups and speaking up at BoFs is one of the most effective ways to shape the work at the IETF.”

Tabitha Wangechi
Kenya, Africa
ICANN 81 Annual General Meeting, 9-14 November 2024
Tabitha’s participation was focused on contributing to discussions on Universal Acceptance and its critical role in fostering inclusivity on the Internet, and to help bridge the gap between grassroots realities and technical policy discussions. She shared insights on the barriers rural communities face in taking part in the domain names industry (mainly cost and access to localized digital content). In a discussion on how to build consumer confidence in the DNS registration data process, she emphasized on the importance of data protection and safety for communities.

Tabitha highlights the focus on DNS abuse mitigation during the whole meeting, which allowed her to understand that DNS abuse motivations are mainly financial, and it has to be taken into consideration while developing solutions. In her own words, “this insight will inform future capacity-building programs at Digital Rurals”.

The internet’s architecture is not predetermined—it emerges from the people who participate in shaping it. Every technical standard, every protocol decision, every seemingly abstract infrastructure choice ultimately determines whether the digital world becomes more open or more controlled, more inclusive or more exclusive. The PITG Travel Fund recognizes that meaningful change happens when diverse voices are present where these decisions are made. When Kris advocates for privacy-enhancing technologies at IETF or Tabitha brings rural perspectives to DNS policy discussions at ICANN, they are ensuring that internet governance reflects the needs of all users, not just those with traditional access to these spaces. Building a truly public internet requires more than good intentions—it requires sustained participation from the communities most affected by these technical choices and the funding to do so. PITG TF is just one of many efforts needed in that direction.

Please reach out to chairs@pitg.network if you are interested in applying for the fund, supporting the fund’s continued existence, or have any question related to the scope, topics or events that are in the PITG-TF remit.

Juliana Guerra is a co-chair of the Public Interest Technology Group.

Tackling tech consolidation from the inside: insights from the PITG Dublin Unconference

Fri, 15 Aug 2025 09:00:00 +0000

Last November 2024, the Public Interest Technology Group (PITG) held its first unconference alongside the IETF in Dublin with support of our community. As digital infrastructure like networks, encryption, and cloud computing become even more central to daily life, a group of technologists gathered at Trinity College to tackle urgent threats to internet freedom: surveillance, censorship, and the dangerous consolidation of power in the hands of a few tech giants.

The issues discussed at this unconference affect everyone who uses the internet—from the apps on your phone to the websites you visit. When a handful of companies control the fundamental infrastructure of the web, they effectively control who gets to participate in our digital future and under what conditions.

The PITG unconference brought together 23 researchers, advocates, and engineers who work inside the very socio-technical systems they are trying to reform—from internet standards bodies like the Internet Engineering Task Force (IETF) to browser development teams at major tech companies. Their mission was to ensure that the internet’s fundamental infrastructure serves public rather than corporate interests.

The never-ending encryption wars

The day began with a sobering assessment of where we stand in the fight against government and corporate surveillance. The protocols that encrypt your web traffic determine whether governments and corporations can spy on your online activity, manipulate the websites you see, or censor your access to information. As such, encryption should matter to everyone. While the Snowden revelations sparked progress in standards—encrypted Domain Name Service (DNS) protocols, Transport Layer Security 1.3, and other privacy-enhancing technologies—unconference participants noted a continued asymmetry in how standards bodies approach different threats.

The Internet Engineering Task Force (IETF) effectively considers government adversaries, multiple participants observed, but continues to struggle with addressing corporate surveillance threats. Possibly because many participants work for companies that run on data collection. This tension plays out in real standards battles. Take encrypted DNS protocols like DNS-over-Hyper Text Transfer Protocol Secure (DoH), which should theoretically protect users from surveillance and manipulation of their web traffic.

Despite being technically sound, DoH faces slow adoption due to government blocking, browser implementations defaulting to less secure options, and Internet Service Provider (ISP) resistance. Meanwhile, protocols that serve corporate interests of decreasing latency—like Google Quick UDP Internet Connection (QUIC)—deploy smoothly across the internet. The lesson we can draw from this is that privacy-enhancing technologies often struggle when they “stick out” or reveal conflicts between user privacy and corporate business models. As many of the technologists present agreed: the challenge is not just technical—it is political.

Locked out of rough consensus and running code

The people making decisions about internet protocols determine everything from whether your messages stay private to which companies can build competing browsers or apps. As such, another unconference discussion centered on who gets to make decisions about internet infrastructure. Despite being “open” in theory, public interest advocates face significant barriers in meaningfully participating in standards bodies like the IETF. With meeting attendance costing $3,000-5,000 per person (counting the participation fee, hotel, travel, visa, per diems etc.) and requiring weeks of travel annually, decision-making power concentrates among employees of large companies who can afford to send engineers to lengthy technical meetings.

Unlike organizations such as the Internet Corporation for Assigned Names and Numbers (ICANN), the IETF lacks robust infrastructure and funding for diverse participation. Decision-making power concentrates among employees of large companies who can afford to send engineers to lengthy technical meetings. While fee waivers, childcare, and mentoring programs exist, they cannot overcome fundamental power dynamics that favor those who control operating systems, networks, and hardware.

The process itself can be opaque, participants noted, with many implicit rather than explicitly documented procedures and norms. This creates a system where good intentions are not enough—you need institutional backing and deep technical knowledge to influence outcomes. There is no one single solution to this concern. Participants, however, did call for deepening the connections between public interest techies in the various bodies—public interest liaisons, if you will—who can highlight key issues, build common agendas among influential technologists, and better connect efforts across standards bodies.

The consolidation crisis

When a few companies control the essential infrastructure of the internet, they can decide which the general level of protection people can expect from surveillance, which websites load quickly, and what information you can access. The most urgent discussions focused on a problem hiding in plain sight: the dangerous consolidation of economic power across many layers of internet infrastructure. In browsers, for example, we have moved from a diverse ecosystem to Chrome’s overwhelming dominance at 65% market share globally, with a few meaningful alternatives. While Chromium’s open-source nature provides some benefits, Google maintains such overwhelming influence that “de-Googling” Chromium remains nearly impossible. Chrome’s dominance also often means de facto control of web standards, and how and when websites work or break.

Mobile operating systems have consolidated into a Google-Apple duopoly, with Android holding approximately the largest market share followed by Apple, together accounting for almost the entire of the smartphone market. Apple and Google collect a significant commission on most app transactions (reduced somewhat for smaller developers), with Apple alone generating over $10 billion globally in commissions in 2024. This consolidation extends beyond just phones—app stores, design standards, and development frameworks all flow through these two gatekeepers.

Another concerning consolidation happens in cloud infrastructure. A few companies—Amazon (32%), Microsoft (23%), Google (10%)—now provide the majority of hosting, compute and other services for everything from government services to “internet freedom” tools. As participants grimly noted, lots of public money effectively is handed over to cloud providers even by free and open-source software projects. This creates perverse dynamics. Organizations building tools to resist surveillance and reduce consolidation find themselves dependent on the very companies that, in some cases, they are trying to circumvent.

Privacy theater vs. real protection

Companies often implement visible privacy features that make users feel protected while continuing surveillance through less obvious means. The web privacy discussion, in particular, revealed how browser makers engage in elaborate “privacy theater”—security or privacy measures that are primarily designed to create an appearance of protection rather than provide meaningful safeguards—while enabling continued surveillance through other means.

Other measures are often costly or reduce functionality. Apple implements “double hop” systems for known trackers and offers paid privacy relay options—but only for those who can afford premium services. Brave focuses on anti-fingerprinting through data randomization, though this breaks legitimate use cases. Safari limits anti-fingerprinting to private browsing mode.

Google’s approach, as of last November, was to change Chrome’s fingerprinting policy to allow a broad range of tracking techniques. Given Chrome’s massive 65% market share, this essentially sets the standard for what is acceptable across the web. Meanwhile, research shows that reducing web tracking does not just improve privacy—it actually reduces fraud rates, demonstrating clear public benefits beyond individual privacy concerns.

The road ahead

The PITG unconference revealed both the scope of the challenges and the different streams of work within the PITG community to counter surveillance, censorship and consolidation. Participants committed to collaborating on projects ranging from abuse prevention in federated messaging to advocacy efforts for cloud accountability. But perhaps the most important insight was strategic: the open internet cannot be protected through protest or regulation alone. It requires technologists who understand both the technical details and the political stakes, working inside standards bodies and tech companies to ensure that the infrastructure we all depend on serves human rights rather than corporate profit.

The next PITG unconference is already being planned for 2026. In a world where tech consolidation accelerates daily and hype distracts from fundamental infrastructure questions; our work remains critical. As one participant noted, “Every protocol decision, every standard, every piece of infrastructure code is a political choice about who gets to participate in our digital future”. The PITG community is working to build both the technical tools and political frameworks needed to keep the internet working in the public interest, bit-by-bit.

Corinne Cath-Speth is co-chair of the Public Interest Technology Group.

The PITG chairs would like to extend their thanks to Dr. Stephen Farrell of Trinity College Dublin; the Ford Foundation for their core support of PITG and the Open Tech Fund (OTF) for generously providing travel support to the unconference; baby Aloys for being the youngest participant at only 3 months; and everyone who volunteered to moderate or take notes in the sessions!

Beyond cookies: browser fingerprinting in 2025

Fri, 15 Aug 2025 08:00:00 +0000

Cookies are optional. Fingerprinting isn’t. In 2025, the easiest way for trackers and third-party advertisers to follow you across the Web is to read the traits your browser can’t help revealing (screen, fonts, GPU quirks) and stitch them into a stable ID. The third-party advertising and tracking ecosystem has metastasized to a point that even US intelligence agencies use ad blockers internally for security reasons. The connection between real-time bidding and personal data leaks is well-established. This personal data often ends up with data brokers and subsequently leads to users experiencing financial fraud.

This blog post gives an overview of browser fingerprinting as a means of tracking users, how browsers protect users, and how users can protect themselves. This latter part is important, because most browsers (even the privacy-respectful ones) don’t always automatically enable anti-fingerprinting measures.

What is a browser fingerprint?

A browser fingerprint is much like a human fingerprint: a unique identifier that is hard to change. The more ways in which you’re different from other users, the more uniquely-identifiable your browser fingerprint, and the easier you are to track across the Web. If all a website comes to know is that you’re on an iPhone 16, that’s not particularly identifying, since you are far (far, far) from the only iPhone 16 user. But websites also need to know things like your screen size (to properly display the website for your screen), your timezone (to show you your calendar), whether or not you have dark mode enabled (for accessibility as well as general hacker vibes), etc. In combination, all of these small differences contribute to making your browser look unique.

For a browser, this presents a dilemma: break the ability for websites to detect dark mode and you incur the wrath of your most vocal users whose hacker aesthetics you just committed photocide against (ask me how I know). Don’t, and that’s yet another bit of information exposed to malicious tracking scripts. It gets even more complicated with more advanced fingerprinting techniques that rely on subtle differences between how different computers render pixels, or how sound cards process sound. We’ll come back to this point when discussing anti-fingerprinting strategies, but generally, the more modded and customized your computer setup, the more identifiable it is.

This majorly sucks, because the power of the Web is in its dynamism and diversity. JavaScript and other Web technologies let developers design immersive experiences and power the Web economy. Also, the same Wikipedia.org website can work across different operating systems, device manufacturers, form factors and hardware capabilities, ranging from my Apple device to my colleague’s bespoke Sailfish-flashed handset, and I think that’s beautiful. Powerful browsers and adaptive websites are a good thing!

Who does browser fingerprinting?

Advertisers

Advertisers want to know very legal and very cool things like whether that Nike ad you saw on Instagram ended up being responsible for a purchase you made on Nike’s website later that week. Without this kind of tracking data, they have no idea if the billions of dollars they pay advertising platforms like Meta is paying off. Advertising networks also want to know who you are in order to increase the chances you click on an ad. There is an overwhelming financial incentive to get any kind of user tracking they can. Interestingly, browser fingerprinting is controversial even within the advertising industry, though it happens anyway.

Anti-fraud and anti-bot vendors

Anti-fraud and bot-mitigation companies aim to identify unwanted clients by fingerprinting their browsers. “Unwanted” typically means “could be a security threat” or “is a bot”. Identifying non-human traffic is a growing concern, especially as LLMs get better at solving CAPTCHAs. NYTimes and other news websites were caught harvesting local IP addresses as an anti-bot strategy a few years ago.

Law enforcement and nation states

Government agencies frequently use whatever data collection mechanism they can get their hands on. NSA used XKEYSCORE to hoover up Internet traffic directly from fiber optic cables around the world, and extracted browser fingerprints to assess exploitability of their targets. The UK tax revenue agency (HMRC) recently asked around for fingerprinting solutions to detect tax fraud.

After much back-and-forth, Google Chrome announced in April 2025 that they will be rolling back their latest already-watered-down proposal to bring third-party cookie blocking to users (basically just ask them), and will now be doing (checks notes) absolutely nothing. The working title of this post was “tracking in a post-cookie world”, but it looks like that world is still far away, given Chrome’s reluctance to touch third-party cookies and their dominant browser market share. More than half the Web’s traffic comes from Chrome (exact numbers vary depending on who you ask for interesting reasons that deserve their own blog post).

Other major browsers, thankfully, do block and partition third-party cookies. Even so, browser fingerprinting is still widely used by trackers and third-party advertisers to overcome the limitations of cookie-based tracking.

Cookies can be isolated (e.g. Private Browsing)

Users can use dedicated browsing sessions, isolating cookies and other storage. The classic example is Private or Incognito windows which also clear storage when users exit them, but Firefox’s Containers or Chromium’s Profiles serve the same purpose of making sure that whatever state the user picks up in the course of their browsing is isolated to that session.

Browser fingerprinters try to pierce session isolation in order to re-identify users. The NSA used Evercookie to unmask Tor users by recreating cookies even after they were deleted.

Cookies can be cleared

Cookies and other kinds of storage can be proactively cleared by the user even within the same session. Brave and DuckDuckGo offer ways to automatically clear storage when a tab/site/app is closed. Several browsers use heuristics to figure out when it’s safe to clear a website’s storage so as to prevent tracking while preserving benign use-cases. Bounce tracking mitigations is one category of this work that is implemented by most browsers, with varying degrees of aggressiveness. Again, Chrome lags behind other browsers by not applying bounce tracking mitigations by default.

A browser fingerprint is a lot more pernicious and hard to clear, since it relies on inherent characteristics of your machine.

Fingerprinting is invisible

Browser fingerprinting is often passive: the malicious website or script doesn’t need to do anything observable in order to fingerprint you. This is unlike cookies, where the user can see that a tracking script left some state. But if a website is using your User-Agent string to create a fingerprint for your browser, there’s not much you can do about it since you won’t even know that the website is doing it. Brave has a way for users to see if a website invoked a Web API that has fingerprinting protections applied.

Harder for regulators to enforce

Regulators have mostly enforced laws against storage-based tracking, since violations are much easier to detect. Cookie consent notices are a very visible example of this: you’re inundated with them as websites try to comply with laws that require explicit consent for storage on the user’s device. This leaves fingerprint-related profiling under-enforced since it happens by websites and trackers on the backend.

Google announced in 2024 that they will no longer prohibit their advertising customers from fingerprinting users, which was (thankfully) sharply rebuked by the UK ICO.

Protecting against fingerprinting

Trackers doing browser fingerprinting are essentially trying to divide users into buckets that are:

diverse. If every user is in the same bucket (“uses an iPhone”), you haven’t learned much about the user.
stable. If the user changes their fingerprint every time they visit your site, it’s not much of a fingerprint.

Browsers apply fingerprinting protections that are aimed at defeating this bucketing.

Consider the butterfly

Let’s imagine you’re a beautiful and unique butterfly, trying to avoid capture and identification by malicious lepidopterists (apologies in advance to worthy lepidopterists). You have two main strategies to avoid a future that involves being pinned up on a wall:

hide in a crowd
fly randomly

This is much like being a user on the Web, where you’re trying to avoid being fingerprinted by trackers.

Hiding in a crowd (avoid diverse buckets)

As a butterfly, you can evade capture by hiding your unique beauty in a crowd of other butterflies. The goal of “hiding in a crowd” (or herd immunity) is to make every browser look the same. This is the strategy used by Tor browser and Mullvad. The way this works is that you remove APIs and capabilities that reveal a lot of information about the browser. Unfortunately, this often means that powerful APIs end up getting removed from the Tor browser, which limits its widespread use (WebRTC, for example). This might be fine for a browser like Tor, which targets users with a higher-than-usual risk profile and whose users tend to be more concerned about privacy than usability. But more mainstream browsers cannot afford to do this. Having said that, major browsers frequently remove APIs that are low-utility and high-fingerprintability such as the Topics API being removed by Brave, Safari and Firefox.

It’s worth noting that browsers that always run on similar hardware and software, like Apple’s Safari, benefit from the lack of diversity.

Fly randomly (avoid stable buckets)

As a butterfly, instead of trying to be the same as everyone else, you can zig-zag across the sky, evading capture. You can try to be as different as possible, every time.

This is Brave browser’s approach for many Web APIs: randomize the fingerprint per-session and per-site. This effectively means that your fingerprint will be unique for a website but different across every website (which defeats cross-site tracking), and will reset after every browsing session (which defeats cross-session tracking), similar to how cookies and state is cleared after a Private browsing session.

Safari 17 introduced advanced fingerprinting protection (though only in Private Browsing mode) largely modeled on Brave’s fingerprinting approach of adding random noise to API output. Encouragingly, Safari 26 will enable advanced fingerprinting protection by default.

When this strategy of randomizing Web APIs works, you get both powerful Web APIs and privacy. In practice, this can be tricky to get right and can lead to web dev frustration and website breakage, when the injected randomness interferes with benign use-cases. Brave had to change their screen fingerprinting protection to report “one-of-few” outputs to bucket users instead of purely randomizing.

Bonus: block known trackers

As a butterfly, you can also start a list containing photographs of lepidopterists so that you can distinguish them from harmless human visitors, and you can share that with your butterfly friends, so you all know to stay away from the bad guys. This “crowdsourced blocklist of known bad actors” approach is surprisingly effective in Web privacy. You might (as a concerned butterfly) ask: What if a blocked lepidopterist just puts on a disguise? What if a new lepidopterist appears? And why are we still continuing with this butterfly analogy when it has clearly broken down several paragraphs ago and was probably broken to begin with? These are all valid questions.

A blocklist to block advertisers and trackers might not seem like a robust approach. But the truth is that most tracking on the Web is done by a few well-known companies, and if you block them, you protect yourself against most of the harms. Also, community lists are surprisingly well-maintained, with new rules being added (to counter new tracking scripts and requests) and removed (to counter website breakage) on the order of minutes.

Every browser uses blocklists in some way to block content: Firefox’s Enhanced Tracking Protection based on Disconnect and Brave’s ad & tracker blocking based on various community-maintained lists are good examples of this. Safari blocks known trackers in Private Browsing mode using a combination of EasyPrivacy and DuckDuckGo’s Tracker Radar. Chrome interestingly also uses this strategy to block “bad ads” as defined by Better Ads Standards using a modified form of EasyList.

How do I protect myself?

Turn fingerprinting protections on!

In practice, every browser applies some mix of the above strategies, depending on the Web API or source of variance they’re trying to minimize. However, not every browser applies fingerprinting protection by default:

Safari

Enable Settings → Advanced → “Use advanced tracking and fingerprinting protection.” → “in all browsing”.
The current default is “in Private Browsing”, though this will change in Safari 26.

Firefox

Turn on Resist Fingerprinting in about:config. See instructions.

Brave

Fingerprinting protections applied automatically and by default.

Chrome

Chrome doesn’t currently do much against fingerprinters. They’re exploring blocking known third-party fingerprinting scripts in Incognito Mode.

Block trackers

If you don’t use a browser with an in-built ad and tracker blocker like Brave, use a good adblocking extension like uBlock Origin. On Chromium-based browsers, unfortunately, the use of adblocking extensions is becoming increasingly harder given Google’s move to phase out Manifest V2 extensions.

Hide your IP address

When possible, try to hide your IP address. IP addresses are fairly stable network-level identifiers that browsers can’t hide easily. Use the following to get around IP address-based tracking:

Apple’s 2-hop iCloud Private Relay: requires an iCloud+ subscription.
A trustworthy VPN: most VPNs are privacy nightmares. Some good ones are bundled into the browser such as Mozilla VPN, Brave VPN or Mullvad.
The Tor network: either via Tor Browser or another browser’s implementation such as Brave’s Tor mode, though always prefer Tor Browser if your safety depends on it.

Lastly, test!

You can check your browser’s vulnerability to fingerprinters by using a good fingerprinting testing website like Cover Your Tracks.

I put together a simple demo website to give a visual example of how browsers apply anti-fingerprinting measures. The website writes and reads data using Canvas API, a widely-used and useful Web API that is also sadly commonly used by fingerprinters. Canvas fingerprinting draws hidden graphics using the Canvas API and re-reads the raw pixels. These pixels encode subtle details about your GPU, driver, fonts and sub-pixel rendering which can then be hashed by a tracker into a stable identifier which survives anything you can do (short of getting a new computer). To combat this, many browsers inject noise into the pixels when they are read back. The demo website shows that the noise injected by the browser (if it does) is ordinarily invisible to the human eye. The test deliberately amplifies the distortion to show how different browsers use different noise-injection strategies.

Brave in default mode. Random noise throughout the canvas.

Above is visualization of Brave in default mode (as tested here at time of publication), where there is random noise throughout the canvas.

Safari in Private Browsing. Notice the subtle random noise at the four corners of the image

And here is Safari in Private Browsing, as tested at time of publication. Notice the subtle random noise at the four corners of the image where noise is highlighted.

For a fun exercise, try out the demo website on Mozilla Firefox with Resist Fingerprinting turned on and see the surprising result you get!

What are we sustaining, the internet or the planet?

Fri, 01 Aug 2025 08:00:00 +0000

The world is burning. Accounts of devastating heatwaves, forest fires, and deadly flooding are symptoms of the fact that we have already exceeded a number of the planetary boundaries. Planetary boundaries are a scientific framework that identifies nine critical Earth system processes—including climate change, biodiversity loss, and nutrient cycles—and establishes safe operating limits for humanity to avoid triggering irreversible environmental changes that could destabilize the conditions necessary for human civilization.

The urgency to act is real. Political and industry leaders are heralding technological progress as a quick solution to these existential crises. But before we, in true Silicon Valley fashion, ‘move fast and break things, ’ we should question who stands to win and lose from these technofixes.

Will these solutions contribute to or delay critical action on proven climate solutions?

In my Tech Dive, I drew on my research into how political and industry leaders are framing the relationship between internet infrastructures and environmental harms and what is missing from these narratives. Which solutions are not included or even considered? I specifically talked about my analysis of the Internet Architecture Board (IAB) workshop on the Environmental Impact of Internet Applications and Systems held in 2022. The IAB is the technical advisory body that provides architectural oversight and guidance for Internet protocol development within the Internet Engineering Task Force.

Here are some of the key findings: discussions on sustainability are built on the premise that digitisation is crucial for economic and social progress, and the internet has the potential to make other sectors, such as transportation, building, manufacturing, agriculture, and energy, more sustainable. These assumptions place the internet and the technology industry at the centre of our understanding of the world and sustainability.

When it comes to minimising the environmental impact of the internet, it is primarily about reducing the carbon emissions associated with routing. The IETF community argues there is a need for standardised measurement approaches across the network to gain more accurate and granular information on the internet’s carbon footprint. These measurements need to be complemented by substituting fossil fuel dependencies with renewable energy sources. More aspirational propositions offered ideas such as ‘carbon-aware networking’, which aims to optimise internet traffic by routing it along ‘greener’ nodes, or ‘sleep mode’, shutting down devices to diminish the total volume of energy consumed by the network.

These efforts aim to reduce the energy required to run the internet, but do not fundamentally challenge the imaginaries of growth ingrained in the community’s understanding of the internet. As Corinne Cath describes, the internet is imagined “as an inherent good whose availability depends on uncurbed growth and a non-prescriptive ethos.” Said differently, internet governance practices should not hinder or put boundaries around the network’s growth through permissionless innovation. A belief that in itself prevents critical engagement with the question: how much internet do we actually need and at what cost?

There is not one quick fix to the climate crisis. Yes, we need to reduce the carbon emissions of the internet, and these engineering solutions will contribute to that. However, their impact will be limited as long as the solutions fail to engage with the economic model of the internet. In modern history, technological efficiency gains have not reduced but increased the overall consumption of natural resources, as all usable capital, time and energy are reinvested again and again. What is called the Jevon paradox. As such, banking on promises of efficiency without questioning the growth paradigm embedded within our economies can lead to more harm than good. Just as the internet’s distributed architecture mirrors Earth’s interconnected systems, addressing our environmental crisis requires recognising that technical solutions alone cannot keep us within planetary boundaries—we need to fundamentally question internet growth, not just efficiency gains.

How internet applications geolocate users and why it needs a rethink

Sun, 20 Jul 2025 08:00:00 +0000

Internet applications have come to rely on IP addresses to estimate where their users are located. This blogpost explains ongoing standards work to improve IP address privacy, their approach to IP geolocation, and questions whether it is the role of internet routing protocols to reveal information about a user’s location.

We have all encountered localized content on the internet – be it search engines that show results near you or a website that displays content in your local language. Many web and mobile applications rely on a mechanism known as ‘IP-based geolocation’, wherein the IP address connecting to a server is used to estimate where a visitor might be located. IP location estimates are sourced from commercial services that rely on a number of open and proprietary signals to profile IP addresses and deduce their locations, with increased accuracy being a selling point for these services. Location estimates are considered to be accurate at the country level, but accuracy may drop at the city and zip code granularity.

IP-based geolocation has served as a quick-and-easy way for applications to show their users locally relevant content and to demarcate virtual borders that are used to comply with local regulations. While this approach may be convenient for companies and users alike, it neglects to consider the privacy implications of deriving private information about internet users from network layer metadata without their knowledge or consent. Even though IP-based geolocation has become the norm, there is an important need to deliberate on whether this is a desirable property of a network protocol, or simply one that has emerged from popular use, and whether it meets the privacy expectations of end-users.

IP geolocation is also being increasingly used to enact geo-blocking – a form of internet censorship where content is withheld from internet users based on their geographical location. When governments find it infeasible to block access to an entire online platform, they instead issue takedown orders to the platforms to block individual pieces of content. These platforms utilize IP-based geo-blocking to restrict access to content in the country. In India, for example, IP-based geo-blocking has become a predominant way for the government to conduct internet censorship. Reports indicate that out of the 6,775 pieces of content (including web pages, websites, apps, social media posts and accounts) blocked by the IT Ministry in 2022, about 50% were X posts and accounts and 25% were on Facebook.

Emerging recognition of the need to keep IP addresses private

Originally designed to identify routes to entities that can be reached through the internet, IP addresses have been (ab)used in a number of ways to glean information about end-users. This includes profiling internet users for behavioral advertising and abuse prevention, identifying individuals for law enforcement purposes, building IP reputation systems for spam and DDoS prevention, and geolocating users for localization and to comply with local laws.

Recognizing the privacy risks of IP addresses in profiling and identifying internet users, some jurisdictions have designated them as personally identifiable information for data protection purposes. A number of technical solutions, such as VPNs, proxies, mixnets and Tor, have emerged to obfuscate users’ IP addresses from the web services they visit, with each offering varying degrees of privacy-usability tradeoffs.

Participants at the IETF have also acknowledged the need to keep IP addresses private and are developing and deploying protocols to help internet users protect their IP address from the web servers they interact with. This work is primarily being done through the OHAI and MASQUE working groups, where participants are working on developing “privacy relays”.

Oblivious routing: ongoing standards work to improve IP address privacy

The go-to solution for obfuscating a user’s IP address from a web service they are trying to visit is to route the request through an intermediary server, so that the recipient sees the intermediary’s IP address and not the user’s. This is how VPNs and proxies operate. This design, however, shifts the privacy issue to a different entity, as the intermediary now has visibility into the user’s internet usage. To work around this, IETF participants are developing an “oblivious routing” pattern. In this approach, the request is routed through two intermediary servers operated by separate entities, neither of which is given a complete picture of the request. As long as the two intermediaries do not collude, they cannot see which web servers a user is communicating with, which allows internet use without revealing a user’s IP address.

The OHAI working group has developed the Oblivious HTTP standard which defines a way for specific applications that involve repeatedly querying information from a server to do so privately using oblivious routing. The MASQUE working group has developed more generic transport-level relay protocols that are suited for a wider range of use-cases, like web browsing. A MASQUE proxy can be used with or without oblivious routing, depending on the privacy properties required from the system.

While there (currently) is no singular definition of what privacy relays are, these are some examples of how they’ve been deployed: (1) Apple’s iCloud Private Relay is a subscription service that uses MASQUE proxies with oblivious routing to allow users to browse the internet while keeping their IP address private, (2) Apple’s Private Cloud Compute is experimenting with Oblivious HTTP to reduce the footprint of their user’s queries to AI models, (3) Google’s proposed IP Protection envisions MASQUE-based oblivious routing for a very limited set cases (third-party requests in incognito mode) in its Chrome browser, (4) Cloudflare’s Warp offers both free and paid versions of a VPN-like service that uses a MASQUE proxy for internet browsing, but without oblivious routing, and (5) Google’s Safe Browsing service uses Oblivious HTTP to enable users to privately query for unsafe URLs.

An opportune moment to rethink IP-based geolocation

If privacy relays get adopted more widely, internet applications will no longer be able to rely on metadata derived from a user’s IP address for the variety of purposes that they are used for today. Internet companies are working to establish alternate signals to provide this information to web servers in situations where they deem the metadata to be useful. For example, anonymous credential schemes, like those used in the Privacy Pass standard, are being used to distinguish human traffic from bots without using signals like IP addresses or CAPTCHAs.

When it comes to geolocating users through privacy relays, operators are looking to maintain the status quo by conveying geolocation information to web servers through alternate means. Both Apple’s iCloud Private Relay and Chrome’s proposed IP Protection, convey users’ IP geolocation through their relays by maintaining a pool of IPs in each region, and routing requests through a relay whose IP location corresponds to the user’s IP location. While Apple’s service offers users the choice to reduce the IP location granularity to a country-level, it does not allow users to opt-in or opt-out of geolocation sharing entirely. Recognising that it is expensive to maintain a pool of IP addresses in every potential user location, these companies have also proposed a new HTTP header to allow clients/browsers to directly convey geolocation information through any privacy relays that may be present.

Given the pervasive reliance on IP-based geolocation by much of the web, it is easy to see why these companies have taken a cautious approach in retaining support for it. But simultaneously, as we move away from IP metadata signals and design appropriate alternatives for them, it is important to deliberate upon whether geolocating users is truly a function of a network routing protocol or one that happened to emerge from its design, and how geolocation mechanisms can incorporate user privacy and agency.

Internet applications have incorrectly come to rely on network layer metadata to derive private information about internet users without their knowledge or consent. This metadata is also being misused to conduct internet censorship on a large scale. While it is not an easy task for companies to re-evaluate their assumptions on the free availability of geolocation data, it is in the best interest of end-users to start planning a migration to consensual forms of location sharing on the internet, and the arrival of IP privacy solutions at the IETF is an opportune moment to do so.

Standardization work on privacy relays, oblivious routing and IP geolocation is ongoing in the HTTPBIS, MASQUE and OHAI working groups at the IETF. These discussions could benefit from participation of the public interest technology community to advocate for migration to consensual forms of location sharing on the web.

Divyank Katira is a researcher at the internet Research Lab and Internet of Rights Fellow with ARTICLE 19. The author would like to thank Michaela Shapiro and Shivan Kaul Sahib for their invaluable suggestions. Mistakes and opinions remain the author’s.

Further and Safer: Reviving HF Radio in the Digital Age

Sat, 19 Jul 2025 08:00:00 +0000

Unfortunately, billions of people worldwide, especially those in rural areas and with low income, are unable to access meaningful and affordable connectivity due to the market-dominated forces that determine how telecommunications services are deployed around the world. Furthermore, the Internet itself has become a vector for misinformation, addiction and distraction, forcing communities to debate whether they want to be connected at all.

In 2017, Rhizomatica – an organization that began in 2009 as a quest to make alternative telecommunication infrastructures possible for people around the world – set out to design a long-range, secure digital communication system that did not use the Internet as its primary means of transporting information. This system is called HERMES – HF Emergency and Rural Multimedia Exchange System. The motivation to do so came from years of doing community connectivity work in rural, isolated and indigenous communities around the world.

The hardest part of this work, from a technical standpoint, was figuring out how to backhaul traffic to a location with an Internet connection. At the time, Low Earth Orbit (LEO) satellite constellations like Starlink did not exist and connectivity was even less available globally than it is today. To further complicate things, most potential users of this system did not have money to pay a service provider, and even if they did, there was no easy way to get the money deposited in a bank. Imagine a small village in the Amazon: where are they going to get money and how many days by canoe will it take to deposit that into an Internet Service Provider’s (ISP) account? Finally, security concerns were, and remain, very real for partners. How to keep information safe as it transits around the global Internet is no easy task, especially for people at the margins geographically, politically and technologically.

With all of these challenges in view, Rhizomatica decided to hack an old technology, HF radio (also known as shortwave), and try to drag it into the 21st century as a means to safely move bits over hundreds of kilometers with no infrastructure between network nodes (radios). Due to a physical phenomenon called “skywave propagation”, known about for at least a century, radio waves between 3 and 30MHz are reflected off of the Earth’s ionosphere, a layer of the atmosphere between 45km and 965km above the surface of the planet composed of particles charged by solar radiation. One way to think about this is as a free, natural satellite that bounces certain signals around the world. With very little power, skywave propagation allows you to transmit digital information, or analog voice, over long distances. The Internet allows for communication around the world, but only insofar as there are thousands of kilometers of fiber optic cables, microwave radio links, and cellular towers installed over much of the globe, and encircled by thousands of satellites.

HF radio, as mentioned, is not a new technology, and as such is very much stuck in an outdated regulatory paradigm meant for analog voice. For example, the standard channel size for HF is a measly 3kHz, compared to 20MHz or 40MHz channel sizes for WiFi. In other words, when sending digital information over HF within regulations, it has to be squeezed into a very tiny channel, and therefore the throughput is much lower compared to more modern technologies like WiFi or LTE. There is no inherent reason why HF should be experienced as slower than those technologies, if not for the small channel size. In order to make HERMES usable, Rhizomatica put a lot of work into information compression and uses delay tolerant protocols like UNIX-to-UNIX Copy Program (UUCP) to exchange digital information between radios. On the plus side, HF has a security advantage over the Internet in that it is truly decentralized; it is extremely difficult to know where a transmission is coming from and even harder to ascertain who is receiving it. Add to that some layers of encryption and non-public addressing of stations and it becomes quite hard to crack or track communication.

Currently, HF frequencies are used by international broadcasters, amateur radio enthusiasts (hams), time and weather stations, governments and their militaries, the maritime and aviation industries, and rural communities. Nevertheless, there is relatively little investment or development put into HF/shortwave, especially for non-military uses, and there hasn’t been since the first satellites launched in the 1960s. As such, military standards like the US Military’s MIL-STD and Nato’s STANAG are way ahead of what civilians have access to in terms of digital communication on HF, with nothing similar available for civilian use beyond a few small software and hardware projects, including Rhizomatica’s.

As with other technologies, development can only progress so far without favorable standards and regulatory environments. There is a lot to be done, at both national and international levels by regulators and policymakers. Some of these steps we recommend include:

Create larger channels or make it easy to “bond” channels
Create licensing frameworks which allow access to multiple HF sub-bands by services with automatic optimal frequency selection (eg.: day / night)
Create a spectrum commons for digital in certain HF bands for civilian users

There is a long way to go, but also a lot of potential for new ways that HF can serve peoples’ communication needs, especially for those in isolated places or with sensitive information to transmit.

Peter Bloom is the General Coordinator of Rhizomatica. This blogpost summarises the ‘tech dive’ delivered to the members of the Public Interest Technology Group on 25 June 2025.

Behind the Signal: Techno-Diplomacy and the Global Fight for Your Right to Connect

Fri, 02 May 2025 08:00:00 +0000

When we think about internet control, many people focus on issues like social media censorship or content moderation. However, a fundamental battleground for your right to connect lies deeper—in the invisible, behind-the-scenes decisions about who controls the infrastructure that makes the internet work. This is where techno-diplomacy plays a decisive role.

At the heart of techno-diplomacy is the global radio-frequency spectrum, a finite and shared natural resource that enables wireless communication. Managed internationally by the International Telecommunication Union Radiocommunication Sector (ITU-R), this spectrum is far from neutral. It’s shaped by geopolitical alliances, corporate lobbying, and legacy inequalities that civil society rarely sees. The decisions made there affect not just access to the internet but who gets to control the infrastructure that makes it possible.

What is Techno-Diplomacy, Really?

Techno-diplomacy refers to the international negotiations over technologies, standards, and policies that shape global communication systems. These discussions often happen under the guise of “technical neutrality”—yet behind this language lie powerful economic and strategic interests.

In forums like ITU-R, member states officially make decisions on spectrum allocation and telecommunication policies. However, large mobile telecom companies (such as Telefonica, Deutsche Telekom, Tim, and Ericsson), particularly through their member-state representatives, are constantly present in these meetings, pushing their agenda, even though the final decisions rest with the member states in this multilateral space. Meanwhile, smaller ISPs and community networks, which might offer more diverse and accessible technologies, and need unlicensed spectrum to operate, are often absent from these discussions.

This imbalance means that decisions about spectrum allocation or signal interference that directly impact how we access the internet are often shaped more by market consolidation than by public interest. Countries that can afford larger delegations, maintain a constant presence in meetings; in the same way, large telecom companies often see their interests reflected in global internet decisions, while those with fewer resources struggle to have their needs represented. Below are a couple of examples illustrating this dynamic:

Spectrum Policy: A Battle Over Control

Historically, exclusive licensing models have benefited large mobile telecom corporations by selling off spectrum through high-priced auctions. These auctions, while promising next-gen connectivity (e.g., 5G, and soon 6G), effectively block local ISPs, community networks, and alternative service providers from entering the market. This model limits innovation and competition, particularly in the Global South, where many communities lack affordable internet access.

On the other hand, unlicensed spectrum, which is used by technologies like Wi-Fi and community networks, has come under constant pressure from large mobile telecom industry eager to claim more bandwidth for private use. A key example is the 6GHz spectrum band dispute at the last World Radiocommunication Conference (WRC), where the interests of large corporations pushed for greater control over spectrum at the expense of public access.

LEO Satellites and the Illusion of Global Connectivity

In recent years, companies like SpaceX (Starlink) and Amazon (Project Kuiper) have launched or are planning to launch thousands of Low Earth Orbit (LEO) satellites, promising global internet coverage. These projects have been hailed by many as the solution to the digital divide, especially in remote areas. But the reality is a bit more complicated; in Iran, Starlink equipment was smuggled in to bypass internet shutdowns. While hailed by some as a free speech win, this situation sparked a a broader question: can foreign private companies beam internet into sovereign countries without authorization to operate in the area? Despite Iran’s formal complaints at the ITU, Starlink representatives claimed they couldn’t deactivate services regionally—though they’ve done exactly that elsewhere, including in parts of Africa and conflict zones in Ukraine.

For example, Starlink obtained the first authorization to operate in Brazil under President Bolsonaro’s government, without a proper technical analysis by the national regulator. Suddenly, it was providing services in the Amazon region, disregarding local demands for sustainable and community-driven alternatives that were consistently voiced by local communities. This created new social and geopolitical issues, along with economic dependencies. Starlink’s equipment was later found in the hands of illegal miners, raising serious concerns about the safety of indigenous people and the environment in the area.

Starlink’s selective service denials—whether pausing access over Crimea, South Africa or warning Ukraine of cutoffs unless certain mineral deals were met—clearly illustrate how connectivity can be used as a political instrument, rather than as neutral infrastructure. Because these decisions are made behind closed doors or in “purely technical spaces,” civil society remains sidelined or misinformed from the very debates that shape internet access.

How Civil Society Can Respond

It’s essential that we reframe the spectrum—the foundation of internet connectivity—as a public good. This requires advocating for shared spectrum models, challenging the “neutral technical decisions” that entrench monopolies, and pushing for more transparency in global forums.

Civil society must ensure that public-interest actors—including small ISPs and community networks—are involved in key discussions at regional bodies like CITEL (Inter-American Telecommunications Commission), APT (Asia-Pacific Telecommunity), ATU (African Telecommunication Union), and CEPT (European Conference of Postal and Telecommunications Administrations). These organizations decide which services (e.g., satellites, terrestrial mobile networks) will have access to the spectrum, and engaging in them might ensure a diverse and competitive internet landscape.

We must also demand greater transparency in internet network data, such as mobile service coverage, usage statistics, and service quality. This would help ensure that policy research isn’t driven by the interests of corporate lobbyists, but rather reflects the needs of local communities and public good.

Reclaiming the Internet Agenda: A Call to Action

The right to connect isn’t just about policies—it’s about the fundamental infrastructure that underpins the internet. This idea is not entirely new; in the pre-internet past, community radio activists like Radio Alice members in Italy, Mbanna kantako in the US and theorists like Mario Kaplún and Paulo Freire in Latin America, advocated for “free waves”, or media that was bidirectional and accessible to all, not just controlled by a few government-sanctioned actors.

Today, however, civil society has become increasingly distanced from the technical discussions that shape the internet. This is in part due to the complex commercial and geopolitical forces driving internet infrastructure decisions, which have sidelined the original ideals of inclusive and community-driven access. As we witness firsthand how the internet is increasingly used to harm democracy and civil rights, it’s clear that reclaiming this agenda is crucial.

This is not just about accessing the internet —it’s about participating in society, and exercising human rights. If we leave infrastructure diplomacy to tech giants and powerful states, the internet will reflect only their interests. But if we reclaim the agenda, there is still time to build a truly open and resilient internet for all.

Dr. Raquel Renno is Senior Digital Programme Officer at ARTICLE 19. This blogpost summarises the ‘tech dive’ she delivered to the members of the Public Interest Technology Group on 28 November 2024.

A Playbook for End-to-End Encrypted Messaging Interoperability

Tue, 04 Feb 2025 08:00:00 +0000

The future of messaging is encrypted, and it is also interoperable. Now that the EU’s Digital Markets Act has gone into effect, the technical means by which gatekeepers of end-to-end encrypted messaging (e2ee) platforms must interoperate have been defined. While WhatsApp is the only gatekeeper identified for the moment, would-be interoperators have already been preparing for this moment.

Still, the rollout for end users will be slow. The contours of the wider playing field will be similarly slow to emerge, with messaging and texting remaining separate user contexts, not to mention the sheer number and diversity of e2ee messaging apps on the market. However, we can still make some informed predictions about interoperable e2ee, as well as plan out the desirable outcomes from an end-user perspective for existing and emerging e2ee services.

There is still an opportunity to inform the arena in which the creators and owners of e2ee applications might voluntarily gather to resolve the most challenging aspects of providing secure and ubiquitous end-to-end encryption applications to users globally.

Background: The Players

Signal and WhatsApp (maybe Messenger)

This is the “family” of messaging apps that publicly promote their use of the Signal protocol. The main innovation in Signal was the “Double Ratchet Algorithm,” an iteration of Off-The-Record messaging (OTR). The Signal protocol is not a standard but it is effectively synonymous with trusted encryption. It’s also important to note that in all messaging services, the protocol is a rather small part of the application. The server and client software implement the protocol alongside somewhat interchangeable features such as identifiers (usernames or phone numbers), the user interface, how to handle blocking and reporting, group chat administration, and other configurations. These are largely platform-specific features that aren’t included in the protocol and may or may not be compatible with the features of other services.

In 2016, Signal announced a partnership with WhatsApp (owned by Meta) to integrate the Signal protocol, bringing end-to-end encryption to its billion worldwide users. In 2023 Meta announced that Messenger–its direct messaging platform for Facebook and Instagram–would adopt end-to-end encryption using the Signal protocol in 2024, and that it would also interoperate with WhatsApp.

iMessage and Messages

Google Messages and Apple’s iMessage do not have a history of working well together in the interest of end users. After many, many years of Google fighting Apple over the color of the text bubbles of Google Messages as displayed on the iPhone, the US DOJ stepped in to sue Apple, accusing the tech giant of anticompetitive and monopolistic practices. The suit accused Apple of intentionally making iPhone users’ texting experience with Android users worse.

However Apple’s argument hinged upon technical considerations for security and privacy, which were not entirely without merit. Google Messages uses a mobile telephone standard called Rich Communications Service (RCS). RCS was developed as a newer version of SMS and is a more feature-rich protocol that includes encryption, user presence, typing status, read receipts, and location sharing. However RCS encryption is considered to be less secure than iMessage because RCS is a feature of network communications, whereas iMessage encryption is a feature of a service, giving end users more of a security guarantee that treats both the network and the service itself as an adversary.

In short, iMessage is messaging and Messages is texting. So while Google is leaning on an open and interoperable standard, Apple’s e2ee is more trustworthy from an end-user privacy perspective. As highlighted in recent reports, the default implementation of RCS on Android is fraught with security vulnerabilities, particularly cross-platform messages as it lacks end-to-end encryption. However there exists a new, draft GSMA specification for MLS over RCS driven by Google.

For what it’s worth, even Signal was once compatible with SMS. There may be a version of the future in which users get to message and text completely interoperably and with strong encryption. But what’s standing in the way of that future is a shared standard and RCS just doesn’t provide good-enough encryption close to the user.

With Apple’s recent adoption of RCS for iPhones, as part of compliance with the EU’s Digital Markets Act (DMA), interoperable texting is now achievable. However, these developments do not resolve the fundamental security issues associated with RCS, which remains inferior to more robust encryption protocols like those used in iMessage. Google Messages is reportedly preparing to implement Messaging Layer Security (MLS) as its new protocol, a significant step forward. Developed by the IETF, MLS offers stronger encryption for both one-on-one and group chats, ensuring secure communication across apps and platforms.

At the same time, there are reports that Google Messages is preparing to implement MLS as its new messaging protocol. “To help address this need, Google pledged its support for Messaging Layer Security (MLS) last year to give the nascent standard an early boost. MLS is an enhanced protocol developed by the IETF. It ensures that communication between apps and platforms is encrypted in one-on-one and group chats.”

Matrix

Matrix is a protocol designed for messaging, voice, and video that has been explicitly designed to facilitate decentralization and federation. It uses its own e2ee protocol, Olm and Megolm cryptographic ratchets.

Matrix is presumably not alone in hoping to provide third-party services as well as client software that puts end users in control of how they receive their messages and what implementation features exist in a client environment. However it is the first mover in realizing a clear vision for interoperable messaging that is end-to-end encrypted and has been influential in the drafting of the DMA. Its user base is notably hyper-security-conscious enterprise consumers like governments and military applications, requiring or assuming trusted intermediary functions within the deployed implementation, such as cybersecurity features, proxies, and other potential features, which may or may not be compatible with mass-market expectations for end-to-end encrypted messaging.

The other reason to focus on the future of Matrix (and its own messaging application Element) is that it appears to be in limbo, not having entirely settled on how and whether it will implement multiple encryption protocols. Matrix will likely go with whatever “winners” emerge, including Signal and Messaging Layer Security (MLS), RCS, or others, as long as they are able to implement them directly or “bridge” them.

MLS is an e2ee protocol specified in RFC 9420 designed for group messaging. More Instant Messaging Interoperability (MIMI) refers to a set of ongoing specifications documents being openly developed at the IETF to facilitate interoperability between MLS implementations. Matrix is an active participant in this effort.

Bridging presents a particularly thorny problem for discussions of interoperability because while end users might benefit from an app or platform environment in which all of their messaging services work together, it is not strictly “interoperability” and more like “integration,” which can fall short of the strong privacy and security guarantees of strict e2ee.

Other e2ee apps

There are, of course, many other e2ee applications that have niche but substantial user bases: Threema (bespoke protocol)), Webex (MLS), and Deltachat (openPGP) and which stand to have some incentives to interoperate. In the case of Deltachat, PGP-encrypted email is already interoperable, just not widely used. There are others with dubious e2ee features, like WeChat and Telegram, which have indicated an unwillingness to offer stronger e2ee guarantees.

In addition, there are even more web- and client-based enterprise and consumer applications that have messaging as a feature: Slack, dating apps, social media platforms, etc. Many have had to answer publicly– and to the authorities– on the question of whether user message contents are accessible to the platform or not. Others, like the fediverse platforms, have begun considering how to implement e2ee.

How the DMA levels the field

By far, the largest effort to force e2ee interoperation across jurisdictions and applications is the EU Digital Markets Act. It aims to foster competition and innovation in the digital market, and it enhances consumer choice by letting users switch between messaging services more easily. In this case, Europe’s single market is a force for good– there is no application that does not want access to European users, and therefore, changes to entire systems, not just client software, will be required in order to comply. These changes will move e2ee interoperability to a lower and more durable layer, literally.

DMA fundamentals

The EU Digital Markets Act criteria for designating gatekeepers include having a market capitalization of at least €65 billion, more than 45 million monthly active end users in the EU, and over 10,000 yearly active business users. Gatekeepers must adhere to several obligations: allowing interoperability so that competing messaging services can exchange messages with their platform, facilitating data portability to enable user data transfer to other platforms upon request, ensuring non-discrimination by treating all business users and services fairly, and providing transparency by clearly informing users and regulators about data collection and usage.

The DMA also prohibits certain practices: gatekeepers cannot prevent users from uninstalling pre-installed apps, combine personal data from different services without explicit user consent, or rank their own services more favorably than those of competitors.

The timeline for implementation began with the DMA’s adoption by the EU in July 2022, followed by its entry into force the following November. As of March 2024, companies meeting the gatekeeper criteria had to notify the EC of their plans in documents called Reference Offers, which the EC then assesses. Designated gatekeepers must comply with the DMA obligations by March 2025, six months after the EC’s designation in response to the Reference Offers.

To enforce compliance, the DMA includes penalties: fines of up to 10% of a company’s total worldwide annual turnover for non-compliance and periodic penalty payments of up to 5% of the company’s total daily turnover for continued non-compliance. The EC will monitor compliance and identify new gatekeepers in an ongoing manner. It’s worth noting that, at present, fines are being held while the European Commission reevaluates its probes into major tech companies, which may suggest a potential adjustment to its enforcement approach.

The WhatsApp-interop plan

The Digital Markets Act identifies WhatsApp as the sole gatekeeper in messaging, or “number-independent interpersonal communications” as it is officially designated, granting Meta a significant role in shaping how e2ee interoperability functions across various applications for billions of users. Meta’s reference offer to the European Commission details this plan, which includes several major features.

Firstly, there is a three-month timeframe from the receipt of an interoperability request to its production. The plan heavily emphasizes that user privacy and security must not be compromised. User content is to be conveyed using the Signal Protocol in an XML format, while media, authentication, notifications, and other server-to-server communications will use HTTPS. The plan also employs fingerprinting methods to manage third-party clients and makes no promises regarding changes to WhatsApp’s user interface to distinguish between WhatsApp and third-party messages.

From a technical design perspective, it’s very clear from Meta’s plans outlined in its reference offer that WhatsApp intends to remain (anti-)competitive even as it is “forced” to “interoperate”. Furthermore, market research amongst messaging users in Germany suggests that preferences for messaging services reveals that WhatsApp’s current domination (at more than 90% market concentration) will endure as alternative services remain less popular. Most users say they intend to continue using gatekeeper services at similar levels, with some even predicting that they will use them more now that they will be interoperable with less popular apps. This research suggests that interoperability could reduce usage of competing messaging services and strengthen WhatsApp’s dominance, raising questions about whether interoperability will truly foster competition, as it might instead reinforce market concentration across the board, not just in messaging.

Discussion: Future plays

While the DMA and US domestic competition enforcement have exercised their will to level the playing field on behalf of e2ee messaging users, the future is far from settled. Below, I ponder each of the most significant changes that are likely to have an effect on whether true interoperable messaging is possible for end users.

A large question for emerging and less popular messaging apps remains as to which e2ee protocol is best for interoperation. Signal’s trusted but proprietary protocol offers reliability, while MLS, as an open standard, provides scalability and flexibility. Choosing the right protocol will be critical for ensuring compatibility with larger platforms. And it’s important that there be one protocol that emerges. Without protocol interoperability, integration is only possible in intermediary applications or through “bridged” accounts, which can be particularly unfortunate for e2ee security.

Signal

To remain relevant in the face of the open MLS standard, Signal might consider standardizing whole or parts of its protocol and open-source more of its tech stack. This would encourage further adoption, enhance interoperability, and position Signal as the key player in the evolving landscape of interoperable end-to-end encrypted messaging. This would build on the existing Signal and WhatsApp user bases, as well as leverage “Signal” as a trustworthy brand. Signal protocol implementers and Signal would need to agree on terms, considering Signal’s sustainability model rests on the trustworthiness of this brand.

MLS

While an open standard, MLS adoption has been slow, and interoperability specifications have been even slower. Accelerating these efforts is crucial to realizing seamless, secure communication across platforms, as MLS holds significant potential to unify encrypted messaging systems and drive broader adoption. MIMI isn’t yet specified, and there are still unresolved issues like third-party client security that aren’t (yet) in scope for standardization. Without comprehensive specifications from an open standards body, WhatsApp, as the sole gatekeeper named in the DMA, will have control over the details of interoperable e2ee architectures.

RCS

RCS is the bridge from insecure, traditional SMS toward modern messaging that would include security through encryption, but all telecommunications infrastructure will fall short in terms of security due to lawful interception regulations over network-layer services. However, if RCS can be the delivery protocol for a truly e2ee protocol like MLS, then progress on both interoperability and encryption is promising.

OpenPGP

OpenPGP, a trusted encryption standard for secure emails, offers a proven model for enabling private and interoperable communication. In a similar manner to its use for email, it might also help messaging apps communicate securely across platforms, addressing key challenges as end-to-end encryption continues to evolve. Furthermore there could be inroads for messaging and email interoperability, perhaps simply starting with integration in a third-party app that can send and receive both as well as manage keys.

Conclusions

Messaging interoperability under the DMA offers great potential but comes with significant challenges. Below are some key areas to focus on as interoperability evolves.

Future antitrust efforts should sweep up more gatekeepers

A main drawback to the DMA is the power handed to gatekeepers, which is even more pronounced in the case of messaging in which there is only one gatekeeper. Concentrating power in a single gatekeeper, like WhatsApp, risks reinforcing its dominance and privileges its chosen encryption protocol, centralizing decisions about secure messaging standards.

Preference open standards

As demonstrated by the open and decentralized internet itself, both present and future interoperability depend on implementers and stakeholders building consensus on protocol specifications in the open. This ensures no single entity dominates, fosters innovation, and allows diverse players to contribute while maintaining security and privacy for all users.

Encrypted SMS fallback

As demonstrated by iMessage and Messages interoperability, perhaps it is a positive direction that all messaging apps have SMS/RCS fallback in hopes that current security drawbacks are addressed or at least minimized for the sake of interoperability.

Identify security and privacy tradeoffs

Numerous security and privacy challenges are at risk if e2ee messaging interoperability is poorly executed. Developers, regulators, and platform operators need to carefully evaluate tradeoffs between interoperability, privacy, and security. Furthermore, the most difficult cases tend to be deprioritized in global standards setting, but with so many players on the field, we all stand to benefit from leaderly ambition to resolve them as a team.

Protocols aside, user interface design for messaging apps will play a crucial role as interoperability evolves. WhatApp’s reference offer in response to the DMA highlights the need to rethink disclosure, consent, privacy, and security and intersects with the concerns of the GDPR (General Data Protection Regulation).

Addressing the dominance of gatekeepers, fostering open standards, and balancing user privacy with security trade-offs will require collaboration between regulators, industry leaders, and standards bodies. Without close commentary from civil society advocates, this spectacle of so many players, plays, and possible outcomes risks user rights don’t end up sidelined.

Mallory Knodel is a founder and director of the Social Web Foundation. She studies cryptography at NYU and advises governments and companies on issues of technology and human rights. This blogpost by Mallory Knodel summarises the ‘tech dive’ she delivered to the members of the Public Interest Technology Group on 23 May 2024, and appeared first at TechPolicy.Press.