decentral.community at 39C3

Welcome and presentation of the CDC.

Electronic hacker badge for the Critical Decentralization Cluster, featuring the TROPIC01 secure element with an ESP32-S3 microcontroller.

Meant to be used for workshops and prototyping. It can also be worn as a mobile badge. Features an e-paper display with frontlight, a JST connector for single-cell LiPo batteries and a 12-button keypad.

Designed with KiCad and released as open-hardware.

https://github.com/riatlabs/cdc-badge

Learn modern OpenPGP with the new RFC 9580 and Sequoia’s sq CLI. In two hours you’ll generate a v6 certificate, create a revocation cert, and practice daily ops: encrypt/decrypt, sign/verify, and publish via WKD/keyservers. We’ll cover Web-of-Trust basics (link vs vouch, trusted introducers, approvals) and note a GnuPG/v4 compatibility path. Optional: quick smart-card demo.

Bring: laptop with terminal, email address; Sequoia sq preferred.

This session looks at where open hardware is heading, starting from recent ground up developments at FOSSASIA and extending to global trends across the open hardware community. With perspectives from FOSSASIA developers and open hardware experts, it explores decentralised collaboration, open silicon and firmware stacks, manufacturing realities, and how openness can be sustained at scale.

Build your own open-source Bitcoin signing device with a Raspberry Pi Zero, camera and display! We have kits for 45€

Free/libre software promotes users' rights, safeguards privacy, individual control over technology and fosters autonomy and decentralisation within our communities. In contrast, proprietary software limits user freedoms leading to centralised monopolies that often misuse their power to oppress and exploit. This imbalance can result in malware, degradation of privacy and service enshitification. Unfortunately, many remain unaware of the unjustices created by proprietary software, but increased awareness and shift towards free software can fuel resistance.

Replacing of proprietary software is a crucial first step to liberate users, yet many need support to make this transition successfully. Workshops for system installation, repair centres and tech-savvy friends can offer essential assistance. However, what is the most effective way to offer this support? Which software should be recommended and how to engage the novice users while minimising the challenges associated with the transition?

In this workshop we aim to discuss possible strategies of providing information on the path to software freedom. We will examine the installation process and ongoing use of free software within our circles. Key topics will include sparking interest in free distributions, selecting ideal software configuration, and exploring various forms of assistance during installation. Additionally, we'll address onboarding into the new system and troubleshooting potential issues. Finally, we hope to gather and share ideas on streamlining the process for everyone involved.

The right to respect for digital integrity is an emerging right to protect people's digital lives.

This talk will introduce this new legal concept, its possible implications for data protection and how this concept is being introduced in the current legal framework. The talk will also be an update of the implementation work with the adoption of the right in the Constitution of Geneva voted with 94% approval rate on the 18th of June 2023 and with 91% in Neuchâtel in November 2024. Zurich will be voting in November 2025.

What went on and what is coming next.

Digital identity is sold as a path to trust, inclusion, and "digital empowerment." In practice, it is a brittle control surface: a set of design choices that decide who is seen, who is excluded, and who can be targeted at scale.

Born from a landmark research project, The Digital Identity Event Horizon, this talk describes the 2025 "mask-off moment" for digital identity: the point where multiple comforting narratives collapse and the core use of identity systems as population-management infrastructure becomes hard to deny. Using short vignettes from New Design Congress case-study work (Estonia, the US, Australia, Gaza, and others), it shows how ambiguity, vendor incentives, and governance theatre turn identity into fraud-permissive, coercion-ready infrastructure

In response to this decline, this talk concludes proposes a working model of the digital self as a socio-technical system with six properties: serialisation, custodianship, presentation, authentication, authorisation, and assetisation, and offers new framing and threat models to help understand how digital identity creates brittle societies.

This talk will cover Z-Wave (an a bit of Zigbee and Matter) security mechanisms as well as different attack vectors on a Z-Wave network and describe how the protocol evolved to mitigate those threats. Many smart homes are still vulnerable to the described attacks.

Namecoin has been used in the wild for years as a TLS Public Key Infrastructure, and using Tor onion services with TLS has been nearing deployment as well. But what kinds of other PKI wizardry can we do with Namecoin and Tor?

A walk-through of how to contribute to open source projects, with Stack Wallet, Monero, and Tor (Arti!) as examples. A quick guide to setting up development environments for each on Linux, macOS, and/or Windows, an update on where each project stands, and a list of big and small tasks to do for each. A "quickstart" guide for newcomers and a survey of outstanding TODOs for more experienced hands.

This workshop will introduce mixnet technology as a tool to achieve network-level anonymity for internet traffic. We will see hands on how a mixnet works, where the idea came from, and discuss other strategies for protecting privacy online against state and corporate surveillance.

Welcome and presentation of the CDC.

Introduction to the TROPIC01 Open Source Secure Element and the CDC Badge. Kick-Off of the Workshop series at the Critical Decentralisation Cluster.

Let's program it on the HATs and shields.

Judith de Boer is leading the Alex Pertsev's legal defence team — fighting his "Alex could've thought that his code will be used by criminals, but still wrote it — so he's guilty of criminal conspiracy" verdict from a Dutch court.

In this workshop we'll look at how iroh establishes p2p QUIC connections. Using holepunching to create direct connections where possible. Then we'll build on top of this by using the gossip protocol to build a group chat.

Anonymous, Uncensored, Sovereign: How DarkFi gives birth to a new Paradigm of Society.

A deep dive into using Embedded I2P to seamlessly anonymize your applications

We will program a Z-Wave or a Zigbee device and add it into a Z-Way smart home controller installed on Linux or flashed into an ESP32.

Zero-knowledge proofs (ZKPs) are reshaping the landscape of privacy, scalability, and trust in decentralized systems. In this workshop, we’ll explore how ZKPs let one party convince another that a statement is true, without revealing anything else about it. We aim to demystify the core ideas behind interactive protocols, walk through modern ZKP constructions, and examine how they’re deployed in cryptocurrencies and modern privacy-preserving designs. Participants will leave with a clear understanding of how the "prove without revealing" paradigm is shaping blockchain technology, verifiable computation, and the next generation of cryptographic standards.

Radicle is an open source, peer-to-peer code collaboration stack built on Git. Unlike centralized code hosting platforms, such as GitHub or GitLab, there is no single entity controlling the network. Repositories are replicated across peers in a decentralized manner, and users retain sovereignty over their data and workflow.

Free your code!

Radicle is an open source, peer-to-peer code collaboration stack built on Git. Unlike centralized code hosting platforms, such as GitHub or GitLab, there is no single entity controlling the network. Repositories are replicated across peers in a decentralized manner, and users retain sovereignty over their data and workflow.

Free your code!

The Bitcoin security budget has profound implications for the long term security of Bitcoin and similar proof of work cryptocurrencies. In this talk we discuss the various types of transaction fee markets for different cryptocurrencies and the possibility of transaction fees replacing falling block rewards to provide security in the future. The results from our analysis of the Monero fee market in particular do pose some very serious questions regarding the long term security and viability of cryptocurrencies that do not have a minimum fixed block reward or tail emission. We will discuss these questions and their implications for the possibility of a worldwide peer-to-peer electronic cash system.

How is OpenTimestamps used in the real world? We'll explain how it achieves cryptographic timestamping, and show some read world examples of it in use such as the Guatemalan Presidential Election.

What went on and what is coming next.

How do we create a pluralistic yet composable and interoperable ecosystem of decentralized applications?

Introduction to the fantastic world of P2P μVMs and discussion about making them a reality.

Passkeys are the new hype for easy onboarding, but it's a quite old protocol that has been hijacked for crypto purposes. We'll dig through the standard history, the potentially misleading security expectations, and see how to reverse engineer an implementation to validate its soundness

This is a rebroadcast of my devcon 7 presentation (https://archive.devcon.org/devcon-7/passkeys-the-good-the-bad-the-ugly/?tab=YouTube)
with some additional details on modern ETH wallets implementations

Augustin Bielefeld, principal engineer at Eilbek Research, has been growing mycelium and other micro-organisms since 2023, and will present his journey building a reproducible and affordable bioreactor, which is destined to be open-sourced.

This talk is aimed at people with an interest in mycology/microbiology but the principles demonstrated are accessible to everyone.

this talk will present the story behind the "referendum citoyen" app, the ZK tech built by Rarimo team, but also how social movements are embracing cypherpunk tools to engage into challenging the structure of power in a country such France.

Introduction to miniscript with Liana for secure Bitcoin self-custody using hardware wallets and recovery paths.

In this talk, I will cover how XMPP manages metadata, what is technically required for which reason, what could be avoided and with which drawbacks, and do some comparisons with centralized (e.g. signal), other decentralized (e.g. matrix) and other systems trying to solve the same issue.

Boot software like BIOS or UEFI are usually nonfree. They still run after the operating system is booted and often contain restrictions (like refusing to boot when the WiFi card is replaced) and are usually related to technologies of control like the Management engine or similar.

On computers with a Management engine, replacing the nonfree BIOS with GNU Boot also removes the Management Engine operating system.

The install party will take place in a room at the GNU Boot assembly location and the maintainers will be available to help you install GNU Boot on a supported computer (see https://www.gnu.org/software/gnuboot/status.html for a list).

What went on and what is coming next.

In this self-paced workshop we will learn how to use the instruments of the Pocket Science Lab (PSLab) board, with the Python API and the Android app.

We will program a Z-Wave or a Zigbee device and add it into a Z-Way smart home controller installed on Linux or flashed into an ESP32.

We meet indoors at CDC Circle and go outside to launch some comms infrastructure on a tethered balloon.

As every Star Trek fan knows, humans are "ugly bags of mostly water" [S1E18] so RF communication in areas densely packed with humans - or their infrastructure made of metal and stone - is problematic.
We'll explore ideas to overcome or mitigate this problem, ideas that are possible due to miniaturisation of RF devices and their constraints.

Come hear about how decentralization is used and viewed in commercial projects, and how you can make a difference in real-world adoption.

Electronic conference badge & devboard by the Critical Decentralization Cluster with:
• TROPIC01 secure element
• ESP32-S3 microcontroller
• e-paper display with frontlight
• battery charging IC and LiPo battery
• 12-button keypad
• Lots of IO: RasPi header, Grove, SAO

https://github.com/riatlabs/cdc-badge

Let's program it on the badge.

Real-world industry cryptographers and developers working on open-source projects, codebases, and research sit down to listen and answer your questions about how they got started, what they're doing, and how they make a difference.

Personal data leaks can happen to the best of us. A unique development in machine learning gives us the opportunity to catch lapses before they're passed on for the world to see. This talk covers how Occlumask works and its developments so far.

Come and experience Occlumask in action! We want to make sure Occlumask can stand up to whatever situations you might find yourself in. Enter your own text and see if Occlumask can tell whether you're doxing yourself, and suggest what kinds of information Occlumask should be able to detect and notify you of.

Let's build mesh radios from scratch.
We will bring 20 PCB kits, containing all parts. Soldering is difficult but doable in the Congress. You have to be very proficient with soldering to get this done during Congress, but the Eternal Soldering Workshop is open and nearby.
We also have solder paste and stencils for the real pros!
If you don't want to get into soldering now, you can take one of the kits home. During the workshop you will get to know everything necessary to get the job done.

When building privacy-sensitive applications, we often rely on proxies like Tor to ensure that no direct connections escape the intended anonymity network. However, verifying that every part of an application reliably goes through the proxy is surprisingly difficult. Even a single syscall escaping the proxy path can quietly deanonymize a user.

SocksTrace is a lightweight proxy-leak detection tool that traces network-related syscalls and validates whether they correctly route through the configured proxy.

In this talk, I’ll show how SocksTrace works under the hood, what kinds of leaks it can catch, and why syscall-level inspection is essential for high-assurance privacy tools. I’ll also walk through real-world findings: during our testing, we identified previously unknown proxy leaks in major browsers including Firefox and Brave, one of which resulted in a confirmed bug bounty. These results highlight how subtle proxy routing mistakes can occur even in widely-used, privacy-oriented software.

Join us for a practical session on auditing network traffic. In this workshop, you will learn how to use SocksTrace to intercept, analyze, and socksify applications.

qaul is a P2P mesh communication app, with a strong focus on privacy and usability. Every user is identified via their self-sovereign cryptographic identity.

It not only communicates P2P, but builds a mesh network, interconnecting multiple communication such as BLE (Bluetooth Low Energy), Local Area Networks, and Internet overlay links.

The messaging app has an automated user discovery, end-to-end encrypted direct messaging and group chats for text, voice-messages and files, as well as public communication channels.

https://qaul.net

The Internet is decentralized by design. It came into being not at once, but in parts.  New protocols were added on top of previous ones, with each new protocol extending and improving functionality of the global network. However one essential protocol is still missing  —  an open way to discover and publish content on the global web.

We walk from ancient Roman times to modern day, discussing the general advancement of applied cryptography across history. We begin with the Caesar cipher, fast forward to the World Wars of the early 20th century, before moving onto the rise and fall of elliptic curve cryptography, including Monero's past, present, and future protocol design philosophy. This talk is informal, intended as a primer for the historically-minded.

Quantum computers represent a looming threat to much of the critical foundations of modern cryptography. Post-quantum cryptography (PQC) utilizes hard mathematical problems that we believe resist the so-called "quantum advantage," to preserve security and privacy. In this workshop we will unpack the principles behind the leading PQC families such as lattice and code based constructions, then showcase their implications for cryptocurrencies, digital signatures, and zero-knowledge protocols.

Introduction into chip flasher device history and operation - get trained!

be-BOP is free and open-source software for autonomous commerce. It’s an all-in-one, batteries-included solution built for merchants, not engineers. It lets communities run markets without accounts, tracking, or gatekeepers. From shops to restaurants, ticketing to peer-funding — all self-hosted. Adoption grows among merchants and creators seeking real independence.

Next steps: multitenant for specialization, cross be-BOP for federation. We’re building the foundations of a free, federated economy.

Proprietary tech from corporations and surveillance from governments never been more pervasive and it's becoming impossible to deflect it's patterns of control. Refuse the captured system and opt out into the parallel one, embracing FOSS, decentralization and freedom. Let's explore technologies we can use as an actual tools without serving third parties, building independent community coordination and distributed systems that cannot be controlled. Join us to share your stack and tips on surviving without proprietary technologies, banks and big brothers as an individual and a hackerspace.

A collaborative dialogue to examine and unsettle the philosophical foundations of decentralization. What do we actually mean when we speak of decentralization, and what forms of order, asymmetry or coordination quietly sustain it? Where does decentralization end and centralization begin, and is this opposition as clear as it appears? Beyond familiar binaries such as order and chaos, what assumptions are embedded in the formal systems, protocols and narratives we rely on? What do participants experience when engaging with institutions, infrastructures or rulesets, and what recedes into the background as those systems operate? Through a self-reflective and performative inquiry, this dialogue explores decentralization not as a moral absolute but as a situated and contested design space shaped as much by what it excludes as by what it enables.

What went on and what is coming next.

NextGraph is a framework aimed at making live collaboration, offline support, end to end encryption, and application interoperability easy.

In this demo, I will walk you through the basics of NextGraph and our new TypeScript SDK.

The new TypeScript SDK turns RDF graph database records into ordinary, typed objects with instant two‑way binding. By proxying those objects and emitting signals, the SDK provides a framework‑agnostic reactive layer that integrates cleanly with React, Vue, and Svelte.

You will get a short introduction to NextGraph, RDF (a graph data format designed for interoperability), and a live demo walking through a simple property change, showing how a mutation is instantly persisted to the database, syncronized, and reflected in UI components across React, Vue, and Svelte.

Build your own open-source Bitcoin signing device with a Raspberry Pi Zero, camera and display! We have kits for 45€

We will give a brief introduction to the Reticulum Network Stack and announce what is new in 2025:

• Reticulum will soon be available in Rust, which will allow users of embedded systems a better performance.

• The new Reticulum BLE Interface enables the creation of autonomous mesh networks without any further hardware or central server. The interface can be used on Linux and Android.

• The Columba App for Reticulum lowers the barrier of entry for using Reticulum.

What would it look like to build financial infrastructure for solidarity rather than speculation? While blockchain technology has largely been captured by libertarian and extractive market logic, it certainly does not need to be that way.

In this talk, we'll explore Solidarity Primitives, development and architectural design patterns designed to forge economic solidarity between individuals and collectives. Drawing from our work at Bread Cooperative and research I've documented through my podcast, The Blockchain Socialist, we'll examine concrete examples like the BREAD community token, savings circles implementation, and the Solidarity Fund mechanisms that enable participatory funding without relying on venture capital or traditional financial intermediaries.

We'll discuss how these primitives address a critical gap: the technical and coordination barriers that have historically made alternative economic models difficult to implement at scale. From worker cooperatives to mutual aid networks, the infrastructure simply hasn't existed. Peer-to-peer technologies can change that but only if designed with solidarity, not profit maximization, as the core principle.

This talk is for anyone interested in the practical dimensions of building a post-capitalist economy: what does it actually look like to write code for collective autonomy? How do we ensure decentralized systems serve communities rather than concentrating power?

Online anonymity is being demonized and undermined. But anonymity has an important social function for preserving individuals and group against social threats. We will argue for the philosophical and political value of being anonymous, especially against the rising state of capture in state and corporate surveillance. Anonymity is more than namelessness: it's a tool of resistance.

Mutual-vend.com - smallest self contained coop decentrally owned and operated infra

Looking at how decentralized social networks, AI, XR, blockchain, and other technologies come together to shape the next stages of web evolution.

++
++
++
++
++
++
++
++

The closing presentation at the Critical Decentralization Cluster assembly during 39C3 is a progress report on Offworld Voyage, a Space Analog Research project dedicated to the design of environmentally sustainable interplanetary exploration training habitats that also solve for adaptation to climate biodevastation on Earth.

The talk will focus on some of the various ways in which Free/Libre Open Source technologies are incorporated into the project - with a strong focus on the development of decentralized and distributed coordination systems for autonomous and collective action - and how creative technologists can plug in and participate in the project.

As a special show-and-tell treat Scott Beibin and Elizabeth Jane Cole, founders of Offworld Voyage will display the new pressurized training spacesuit prototypes they recently commissioned Smith Exploration Garments to build for the project.

See you there!