The FSFE is helping to build an “Internet of Humans”

The Free Software Foundation Europe is a partner of the Next Generation Internet Zero consortium, which aims to build a more resilient, trustworthy and open Internet that empowers end users to control technology. The FSFE team provides support to NGI0 grantee projects on legal and licensing issues, as well as helping them to become REUSE compliant.

How are emerging technological innovations shaping our future? What will the Internet of the future look like? The Free Software Foundation Europe (FSFE) believes that Free Software is the key to an Internet that is accessible, open, transparent and diverse and respects human rights in digital spaces. Therefore, since 2018, FSFE has been a partner of diverse projects that are part of the European Commission's Next Generation Internet (NGI) initiative to make this dream become a living reality.

Transforming the Internet, one software project at a time

Since the beginning of 2023, the FSFE has been involved in two NGI Zero grant programmes, namely Entrust and Core. Both these programmes aim to create an "Internet of Humans", a virtuous circle of innovation through Free Software, open hardware and open standards. These programmes award grants through calls for proposals for software projects that work to improve privacy, trustworthiness and data sovereignty on the Internet. Submitted projects are judged on their technical merit, strategic relevance to the Next Generation Internet and overall value for money. The main objective is to deliver potential breakthrough contributions to the Open Internet, fostering Free Software alternatives to key elements of the Internet value chain and devices. All scientific results must be published as open access, and all software and hardware must be published in their entirety under a recognised free software or hardware licence.

The FSFE's team provides guidance to successful grantee projects on legal and licensing issues and helping them to become REUSE compliant. Through individual assessments and direct assistance, we aim to promote the display of unambiguous and perfectly human- and machine-readable licence and copyright information. Other consortium partners provide support for other issues that can improve each grantee software project, such as security, accessibility and translations, just to name a few.

"We have been partners of different Next Generation Internet Zero projects for the last five years as we want to empower users to control technology and for that, we need an open internet built on strong and transparent technologies. This will foster innovation and equality and will benefit everyone."

Free Software licensing compliance is paramount

During our previous projects under the NGI Zero framework, the FSFE provided support to 296 participating software projects to help them with their legal and licensing issues, for example providing guidance to them on how to display copyright and licensing information in their repositories using our REUSE specification.

By encouraging the grantee software projects in the NGI Zero programmes to adopt our REUSE specification, the FSFE intends to facilitate management of their licensing and copyright information, by making how this information is added to the source code more consistent, and in ways which allow for automating many of the processes involved.

The REUSE specification is key to making the communication of licensing and copyright information of Free Software projects easier for everyone. With a set of best practices and the REUSE helper tool, adding this legal information in every single file of the project becomes a simple process.

Get funded!

If you are currently working on a software project that you feel fits the aims of the Next Generation Internet, we encourage you to apply to obtain funding and technical support from not just the FSFE, but also from our NGI Zero consortium partners. Calls for proposals take place on a rolling basis, and the deadline for the current call for proposals is on 1st August 2023, at 12:00 CEST.

The Next Generation Internet initiative

The Next Generation Internet (NGI) is a European Commission initiative that aims to shape the development and evolution of the Internet into an Internet of Humans. An Internet that responds to people’s fundamental needs, including trust, security, and inclusion, while reflecting the values and the norms all citizens enjoy in Europe. It aims to put in place the key technological building blocks of tomorrow’s Internet and to shape the future Internet as an interoperable platform ecosystem that embodies the values that Europe holds dear: openness, inclusivity, transparency, privacy, cooperation, and protection of data. The goal is to empower users with the freedom of choice among a range of Free Software decentralised digital solutions for the Internet and devices.

Please consider becoming a FSFE donor. You enable our long-term engagement and professional commitment in defending people's rights to control technology.

Support FSFE

SFP#20: All about Device Neutrality with Lucas Lasota

Join us for the 20th episode of the Software Freedom Podcast, where Bonnie Mehring and Lucas Lasota discuss Device Neutrality and Router Freedom. They cover the concepts and fundamentals of these initiatives and explain why end-users should have control over their devices.

Lucas Lasota, FSFE Senior Project Manager, has been with the organisation since 2019. In this episode, he discusses the Device Neutrality and Router Freedom initiatives, which aim to empower users to control their digital equipment with free software and end-user control over data. Router Freedom specifically means the right for end-users to deploy their own router/modem to access the internet, making it a key element for open internet.Lucas explains the historic background of these initiatives, the issues that arise without these standards, and how individuals can best support them. Join Bonnie and Lucas as they break down these concepts.

This is the perfect episode for everybody interested in controlling their devices and access to the internet.

Read more:

• Survey for Router Freedom in Europe
• Router Freedom
• Device Neutrality
• Greece adopts Router Freedom

If you liked this episode and want to support our continuous work for software freedom, please help us with a donation.

Support FSFE

Lithuania: Students stop university from using only proprietary authentication

Vilnius Tech officials attempted to enforce the use of proprietary two factor identification (2FA) methods. Some students were concerned the methods would compromise privacy and could not be run in their devices, and proposed an alternative way to get the authentication. Finally, the university reversed its decision.

Vilnius Gediminas Technical University (VGTU), a public university in Lithuania, recently attempted to make 2FA methods mandatory for access to its platforms. The problem came when some students noticed that the available methods would make the platforms inaccessible to those who did not wish to use proprietary tools. Students using phones run by Free Software would lose access to their university tools, such as email. So they demanded open standards and Free Software. After weeks of student complaints, and with no official explanation, the measure was reversed. In a symbolic act, one student even hacked the university’s GitLab instance and reported it to the IT department.

University attempted to lock out students who use Free Software phones

On 14th February an email was sent out to all students and staff, instructing them to configure 2FA within two weeks, or they would not be able to access university services. What raised concerns was that the system set up by VGTU only allowed two options for 2FA, Microsoft Authenticator (app notifications) and SMS.

While there is nothing wrong with enforcing 2FA, the methods mandated by VGTU are proprietary and privacy-compromising. Microsoft Authenticator is proprietary software, meaning that users are not allowed to study, share, and improve the code without restriction. In addition, the app was only available on two platforms: Android with Google Play services or iOS, meaning that people using alternative Free Software App stores were locked out. The alternative SMS option required users to share their phone number and personal information with Microsoft, which also made students uncomfortable.

No way to evade it

Several students demanded that VGTU also allow open standards and Free Software. The “app passwords” option, which is normally built into Microsoft Authenticator, was not available. This would have allowed students to access their university email from other clients without 2FA. The “Configure app without notifications” option, which would have allowed the use of other password managers/authenticators, was also unavailable. Since the university disabled alternatives, the only option for the university community was reliance upon Microsoft.

Some students contacted the IT Helpdesk requesting that the TOTP (time-based one-time password) option be enabled. However, the IT department claimed that their systems were not designed to support such authentication. The department stated that two-factor authentication options were currently available, SMS and the Microsoft app, and that the use of TOTP could be considered in the future. In short, the IT department did not listen to these students’ demands.

"This university has a bad habit of enforcing proprietary software and doing little research on the free alternatives. Free software has always been better and easier to use. It's hard to study when you can't agree with invasive EULAs," states Zehra Irem Kuyucu, one of the affected students.

Raising the anti-discrimination argument to the university community

The students then went on to raise their concerns to other members of the university community, including the Deputy Manager, the Students Office, and the Department of Information Technologies. They pointed out that the study agreement did not require them to have a working phone running Google Play services or iOS. According to Lithuanian law, educational institutions cannot discriminate against students on the basis of their social status or beliefs, and the University's 2FA restrictions could discriminate against students who refuse or are unable to install a proprietary application on their personal devices.

Silent victory: access to services, student GitLab hack

After students who could not configure 2FA had been blocked for about a week, the university community was able to access their email again on 27 March. No one was notified of the change. The university didn’t offer a one-time password option for 2FA.

A few days later, one of the students, Zehra Irem Kuyucu, even went one step further. She resorted to drastic measures by hacking the university's GitLab instance. She explained that she wanted to “teach what their infrastructure is worth, as another bad habit they have is poor security, despite authoring articles about it”. Then she sent an email to the IT department with security advice. She has, on other occasions, also reported problems regarding other parts of their infrastructure, such as HTTP plain-text authentication or poor wireless network security.

Conclusion

The use of two factor identification methods helps to secure devices and data but it should be implemented in a way that is not locking anyone out. VGTU's mandate for 2FA only gave the option of using proprietary software, raising concerns to some students who did not want to compromise their privacy. The university's decision to disable options that would have allowed students to access their university email using other clients without 2FA was unfair, as it left students with no options but to use Microsoft Authenticator or to share their phone number and personal information with Microsoft. The IT department's refusal to enable TOTP as an option was also not satisfactory, as it meant that students who did not have devices compatible with Microsoft Authenticator were discriminated against. While the university claimed that TOTP use would be considered in the future, there was no timeline for when this would happen.

After students who could not configure 2FA had been blocked for about a week, the university silently retreated. The university community was able to access their email again on 27 March.

Support FSFE

Check these cool 'Youth Hacking 4 Freedom' projects

While we wait for the projects developed by the participants of the 2nd edition of the Youth Hacking 4 Freedom contest, let's go back to last year's edition to know two of the projects submitted Projects.

Deniss and n0toose are two participants from the first round of the competition. Both have worked on completely different projects, which shows the variety of ideas our participants can come up with. Let's take a look at "StarVibeLab" and OnionSproutsBot, the projects of Deniss and n0toose respectively.

Deniss is currently studying Computer Engineering at the University of Latvia. He loves to learn new things and has already tried a few hobbies like 3D modelling, drawing, UX design, music production, DJing and of course programming. His first contact with coding was when he was about 13 years old, also he struggled at first, but later he became quite good at it. For the first edition of the YH4F contest, Deniss worked on his project StarVibeLab, combining his coding skills with his love for music.

Our second guest is n0toose. He submitted a handy tool to help people download the "Tor Browser", a browser that helps users to stay anonymous while surfing the web. To make it easier for people to download the "Tor Browser" , n0toose developed an Telegram bot. This bot guides people to the process of downloading and installing the "Tor Browser". This tool is especially useful for people coming from countries with a strong surveillance apparatus.

FSFE: Hello n0tosse and Deniss. Thank you for joining us.

FSFE: How did you come into contact with programming and how did you learn to program?

Deniss: To be honest I'm not sure how exactly it all started. But I think it started when I was like 13 years old. Back then I thought programming was cool and I tried to learn it somehow but at first I didn't succeed. I ended up trying again later and now I'm doing fairly well.

n0toose: My exposure to technology begun when I was very, very young. I would say that I am essentially self-taught. I don't come from a family of tech workers and my country's school system didn't really help with the practical aspects of programming, so I really had to depend on the Internet.

FSFE: And what was you first contact with Free Software?

Deniss: I am not sure if that's the first encounter but I think it was when I started using Emacs. I've been doing some research and found out about this editor and once I got used to the keybindings, I fell in love with it. I love the customizability and hackability of it, so that I can customize the editor acording to my needs. To be honest, I'm rarely doing any sorts of customization at the moment but it's good to know that it's an option and I'm sure that without this ability there wouldn't be so many packages for Emacs.

FSFE: How did you both found out about the contest?

n0toose: I tend to follow the FSFE's work and found out about the competition through the organization itself. I used the competition as a vehicle to finish a very important project that I just never had enough time for.

Deniss: I first heard about YH4F in another hackathon I participated. And I loved the idea about this contest being done over a longer period of time instead of the usual "do as much as you can in 24h".

FSFE: Deniss, how did you come up wiht your project idea "StarVibeLab"?

Deniss: Before I started making StarVibeLab, I was getting my feet wet in music production and was in process of learning music theory in order to gather some "tricks" to build better music. I then decided it would be neat to make something interactive that would facilitate the learning of music.

FSFE: When did you learn to play music?

Deniss: About half a year before I started making StarVibeLab. I bought a midi keyboard around that time and also started learning music theory.

FSFE: n0tosse, how did you come up with your project idea?

n0toose: There were already some applications that distributed links to different places that a person can download the Tor Browser from. For example, you could send an email or send a Twitter DM, and you'd get a set of URLs containing a download link. This is useful if you can't access torproject.org.

FSFE: Was Telegram your first choice? And why did you choose Telegram?

n0toose: If I were to recommend a secure communications app to someone, I'd probably choose Signal or Matrix. However, pragmatically speaking, Telegram is used by half a billion users everyday, allows bots to show buttons to users and you can also send large files reliably. It's very ideal if you want to reach as many people as possible, regardless of where they come from or what they do.

FSFE: What motivated you to keep working on your projects?

Deniss: Perhaps the fact that I was participating in a contest. I've also set some milestones which helped me tracking my progress and motivated me to keep going. Oh, and I also got to work with Clojure(Script) -- a language that I learned fairly recently and which I really adore because it doesn't get in a way and lets me to focus on the problem I want to solve.

FSFE: Did any of you encounter any problems during the coding period or the building period?

Deniss: I did encounter problems but they weren't huge ones. I just had to stitch things together, while also making sure that I don't end up in an unmanageable mess of a code. A lot of small problems.

n0toose: I had actually worked on several proofs of concept before the competition, so I used the competition as an opportunity to turn it into something usable. The code wasn't very clean, and certain core features, such as being able to use other languages, were implemented with the help of other contributors later down the line. But, at the time, the basic concept finally worked.

FSFE: Will you continue to work on your projects?

Deniss: Perhaps in the future but not right now. I have studies, am participating in faculty's student council, have a part-time programmer job and also would like to explore the world of embedded programming. StarVibeLab is a way for me to intertwine music learning with programming and since I've set music production aside (for now), the StarVibeLab gets pushed aside as well.

Nonetheless I have several features and milestones written down which I could start tackling once I get back to the project. Finding better sound files instead of synthesizing my own and including more theory are the tasks that I feel are the most important to solve.

FSFE: Thank you both for your time and we wish you both good luck with your next steps.

The coding period for the second edition of YH4F is still ongoing. This competition offers young people between 14 and 18 the opportunity to challenge themselves, meet like-minded people and win cash prizes.

Launched by the FSFE, YH4F aims to inspire young people by giving them the chance to hack a software project in a fair and fun way, while meeting other young developers from all over Europe.

You can find more information at the YH4F website.

Support FSFE

Ready for foss-north 2023?

The FSFE is organising a track covering political and legal aspects of Free Software at foss-north; the conference in Gothenburg that brings together Nordic Free Software communities. It will take place on April 24 and 25 followed by the community day that will take place on April 23. It is time to register and get your tickets!

This year's foss-north will take place on April 24 and 25, following a community day on April 23. It will be a local, face-to-face event. While the past foss-north has focused on the technical aspects of Free Software, this year there will also be room for presenting political, legal, and social issues related to software freedom.

Join the Conversation

The FSFE is co-organising a track on political, social and legal issues around Free Software in the Palmstedt Room.

It will be two days full of interesting topics such as license compliance with AI assisted coding, municipal collaboration on Free Software, enabling Free Software through procurement projects, the role of Free Software for citizen participation and more. Lina Ceballos, Policy Project Manager at the FSFE, will present our position on the Interoperable Europe Act in a keynote.

If you want to know more about the speakers and the talks, you can check the whole schedule here.

Community Day and Social Event

The Communitiy Day is taking place on Sunday April 23. This is a day of communities activities taking place around various locations in Gothenburg. Do you want to know how to get creative with Free Software or want to join us for a chat during our social dinner? Join us and please register your attendance.

Do you want to join us sharing your Free Software projects with the community? It can be a workshop, a development sprint, an install-fest or something completely different - you decide. Simply get in touch with johan (at) foss-north.se for more details. All the organising participants will get a ticket discount for the Conference on April 24 and 25.

Don’t forget to register and to get your tickets!

Please remember that you need to register to take part in the activities of the Community Day. If you want to take part in the conference, don’t forget to get your tickets here!

See you in Gothenburg!

Support FSFE