Success Story: Maemo Leste – liberating and modernising a GNU/Linux mobile platform

by Maemo Leste team The Challenge Apple's iOS and Google's Android currently make up over 99% of the mobile operating system market. Both exercise a very strong grip on their platform, creating a duopoly of two companies that decide what is allowed on their platform and what is not. In addition, the popular communication applications for the two platforms often explicitly ban third-party clients, leading to a full lock-in of the platform. All of this clearly restricts the freedom of users of mobile devices and puts their privacy at risk, and the users typically have nowhere to go. Both systems are also only partially (or not at all) open source, further weaking the trust users can have in their devices. We want to solve this problem with a free and user-driven operating system. The Solution We believe that Maemo Leste can provide an alternative and fully open-source mobile platform for users who wants to break free of the Android/iOS duopoly. A platform that is fully transparent, allowing users to control their own data and decide what data they want to share. A platform that they can first and foremost trust to protect their privacy and security, one that doesn’t prevent them from installing whatever application of program they want to run. We hope to attract like-minded developers and users to make this a reality. DAPSI support   The DAPSI programme has provided us with useful coaching and business mentorship, helping us in particular think through how to build our community and come up with a long(er) term vision for our project. The programme funding has also allowed us to pull in more developers to work on the project, allowing us to further improve the software foundations of our operating system. DAPSI journey - Achievements from first phase of the DAPSI programme We integrated Wireguard, Tor and OpenVPN into...

Success Story: PDS Pod Migrator – Migrating your Solid data

by PDS migrator team The Challenge In a decentralized world, users regain control of their data. Having control means the freedom of choice of where that data is stored, but what if that decision turns out to be less desirable at a later time? Having the means to move your data from one place to another is needed to achieve actual control of your data. The Solution In our research, we found that there is no agreement (yet) on how to do this. Most providers allow you to download your data, but that is a far cry from actually moving it to somewhere else and have everything continue to work as before. We have created a set of specifications on how data migration between Solid pods should work, as well as multiple proof-of-concept implementations. This allows Solid users to freely choose and move their data around, while everything keeps working seamlessly. DAPSI support The DAPSI programme has allowed us to free up time to focus on the development of the specifications. The business coaching provided helped us to rethink our role in the Solid ecosystem. DAPSI journey - Achievements from first phase of the DAPSI programme In the PDS Migrator project, we’ve created a Solid Migrator application that allows you to move content from one Solid Data Pod to another. In so doing it leaves behind forwarding instructions for data that links to the old location. It does so by using a newly developed RDF ontology, called link-metadata. We’ve implemented support for these forwarding instructions in our PHP Solid Server, which means that if your original Data Pod is on the PHP Solid Server, then a Solid application that requests the original URL, from which you’ve moved your data, will automatically be redirected to the new location, on the HTTP fetch level. This means that the Solid...

Success Story: Realizing a new level of secure data collaboration with confidential computing

by CoCEM/CanaryBit team The Challenge CanaryBit is providing a solution for confidential data collaboration. Today, data owners that do not have the necessary data analysis capacity (for example software or expertise) often choose to transfer data to a third-party business intelligence actor for processing. This means giving data away in clear text, with no verifiable technical way to prevent it from being used for other purposes, transferred to other parties, or simply being stolen. In rare cases, business intelligence actors transfer their data processing setup to the data owners, at the risk of losing control over valuable intellectual property. The Solution CanaryBit’s Confidential Cloud platform enables users to maintain ownership over their digital assets (data, code, algorithms) whenever they are being used. The solution developed within the DAPSI program will help situations when two or more parties need to establish a trustworthy relation for confidential data analysis. This means that they can collaborate, process data sets, and obtain the results without having to give away either their digital assets: data sets, software applications, machine learning models, and algorithms. Fundamentally, Confidential Cloud helps establish an automated, mutual, cryptographically verifiable trust relationship between entities that want to collaborate for data processing. What makes this solution unique is the combination of the latest Privacy Enhancing Technologies and Confidential Computing for verifiable security, along with the strong focus on usability. DAPSI support The DAPSI experience was fundamental to the formation of our team and formulation of the service. The training sessions from the business coaches were particularly valuable, they helped us understand how to deconstruct the customer pains and systematically use this knowledge to build our product. Likewise, the one-to-one sessions with our assigned business coach helped us deep-dive into the problems that we were facing in the very early months of setting up our businesses and focusing on...

Success Story: Break down data silos and let data be free!

by DASI Breaker team The Challenge Industry 4.0 requires maintenance processes to become proactive. IoT technologies enable the development of more connected and smarter solutions to optimise the processes involved in the production and delivery of products and services. Internet interconnectivity of machinery and devices has allowed for more efficient data collection. In such a context, data interoperability is essential to take advantage of the benefits coming from the use of combined real-time, contextualised and multi-channel information. Reconfigurations of production, supply chain and maintenance processes are currently pursued. Concerning the latter, DASI Breaker enables maintenance processes to shift from being reactive to being proactive. Imagine the positive extent of the shift in sectors such as industrial transformers that supply power to large buildings (e.g., industries, malls, hospitals, airports). Being able to anticipate a failure caused by a malfunction of the device could prevent the dramatic consequences of its crash. The Solution Rooted in the open source philosophy, DASI Breaker combines three standards to develop a technology that enables interoperability and allows developing data portability applications and services. DASI Breaker is a semantic open interoperability solution with native support for RDF and SPARQL. At low level, DASI Breaker supports OpenID Connect for client authentication and it allows defining authorization policies though the W3C Access Control List (ACL) ontology. At a higher level, an interoperable access to data is granted by open APIs like NGSI-LD, Linked Data Platform 1.0, and SOLID. DASI Breaker provides developers with a solution to support data driven applications where a user has the full control over her own data, which can be eventually shared in an interoperable way. DAPSI support As a start-up in its very early stage, the NGI DAPSI programme has been a big opportunity to put together a team of motivated, enthusiastic and young innovators. The programme provided the...

Success Story: INTEROFFICE – Collaborating on office documents without giving up privacy

by CryptPad team The Challenge Importing and exporting common office formats (Word, Excel, Powerpoint) is an expected feature for an online collaborative suite. However, all of the existing solutions perform these conversions by sending the document to their server and processing it there. This means the server can see the contents of the document. As a result, anyone who wants to edit an office document with friends or colleagues currently has to choose between collaboration and privacy. The Solution With INTEROFFICE we have developed a document converter using Web Assembly. This is downloaded to the user’s browser so that document conversions can happen on their device rather than on the server. As with the rest of CryptPad, no un-encrypted data leaves the users’ browser and the server only facilitates collaboration without seeing any content. We believe that collaboration doesn’t have to come at the price of privacy. CryptPad exists to demonstrate that it is possible to have both. DAPSI journey - Achievements from first phase of the DAPSI programme In phase 1 we completed most of the technical work on the converter that enables CryptPad to import and export MS Word, MS Powerpoint, and Open Document formats (in addition to MS Excel that was already implemented). We also added additional imports/exports following feedback from users: Trello boards can now be imported to CryptPad Kanban. Our Rich Text application can now export Markdown, and the import/export of Calendar is improved. DAPSI journey - Achievements from second phase of the DAPSI programme In phase 2 we introduced two new applications to make the most out of the new conversion capabilities: OnlyOffice Document and Presentation. We released them as early access to test them with our subscribers on cryptpad.fr and opt-in instance administrators. This new way of releasing new applications was part of broader conversations about future strategy with our DAPSI business...

Why does data portability drive businesses to strengthen their security protocols?

One of the most important rights under the General Data Protection Regulation (GDPR) is the right to data portability. What is the right to data portability and how does it apply to cloud computing? The fundamental concept behind the right to data portability is that an individual should have the ability to access personal information a company has about them and has rights related to transferring their data to other services or businesses. In short, the right to data portability is intended to help people to move, copy or transfer their personal data easily from one service to another in a safe and secure way, without affecting its usability. How does the right to data portability affect businesses? A user can exercise their right to data portability by requesting their data at any given time. They make this request by sending a data subject access request, commonly called a DSAR or SAR. Once a person makes a DSAR, the company that receives the DSAR has a limited amount of time to respond to the request. It’s typically one calendar month. This has forced businesses to reconsider how user data is processed and stored in order to be able to deliver complete and timely responses to DSAR requests. Preparing your business for a DSAR is not just about where data is stored, it’s also about how the data is stored. Personal data must be stored by businesses in a way that it is both available (see above) and secure to comply with data portability regulations. It gets even more complicated because making both personal data availability and security work involves technical, regulatory and process related work - among other skills sets and activities. Examples of security and operational protocols for businesses to achieve personal data availability and security are:: Control of Access for DSAR requests In addition to the...

SUCCESS STORY: SHARING OPEN RESEARCH DATA WITH TYCHO

by Orvium team The Challenge Science is the force behind some of the most revolutionary changes in human history. Today science results and its data are kept under paywalls and are not fully accessible, mainly due to the model imposed by a few large private publishers. Over the past few years, important public initiatives have been created to break down this unfair and inefficient model. The European Commission Horizon 2020, the Plan-S and multiple funding agencies worldwide, mandates all research performed with their funds to be published under Open Science (OS): making science more efficient, reliable and responsive to societal changes. A key area on OS, is Open Research Data (ORD), data underpinning scientific research with no restrictions on its access. The Solution ORD introduces important benefits. A recent study performed by EMBL-EBI estimates the benefits of ORD at 1.3 b€/year. Orvium believes that scientific knowledge is a human heritage and therefore needs to be globally open and accessible. Orvium’s Tycho platform aims to remove the current inefficiencies of ORD offering a FAIR (Findable, Accessible, Interoperable, and Re-usable) model that solves the existing challenges and barriers. Tycho allows researchers to request data for their research and carry out transactions in a secure and identified manner. DAPSI support DAPSI has provided us with the necessary tools to develop Tycho in the best possible way. Thanks to the technical and business training, we have been able to get the most out of it and structure our project. Without DAPSI, all this development would not have been possible and Tycho as a project would not be the same. In addition, having made it to phase two has helped us to further complete our MVP so we can provide this service to all universities in our network. DAPSI journey - Achievements from first phase of the DAPSI programme The main achievements during...

Success Story: Secure Virtual Messages in a Bottle with SCoP

by SCoP team The Challenge People love to receive mail, especially from loved ones. They trust postal workers won’t read private correspondence, but they risk their privacy when sending emails and messages. People send around 300 billion emails, often containing private or sensitive data, through portals with questionable security every single day. Most online communication services are composed of multiple components with complex interactions. If anything goes wrong, it results in critical security incidents. This leaves an unlocked door for malicious hackers to breach private information for profit or just for fun. Since it takes considerable technical skills and reliable infrastructure to operate a secure email service, only a few large companies can handle communications with the proper security levels. Unfortunately for regular people, these companies profit from mining their personal data. Due to this global challenge, Tarides focused their efforts to address these issues and find solutions to protect both personal and professional data. The Solution Our efforts resulted in the project "Secure-by-Design Communications Protocols" (SCoP), a secure, easily deployable solution to preserve users' privacy. In essence, SCoP puts your messages in a secure, virtual ‘bottle’ to protect it from invasive actions. This bottle represents a secure architecture using type-safe languages and unikernels for both email and instant messaging. We mould unikernels (specialised applications that run on a VM) into refined meshes linked by TLS-firm communication pipes, as depicted in the image below. The SCoP virtual bottle creates a trustworthy information flow where dedicated unikernels ensure security for communication from origin to destination. Every component of SCoP is carefully designed as independent libraries, using modern development techniques to avoid the common reported threats and flaws. The OCaml-based development enables this safe online environment, which eliminates many exploited security pitfalls. Moreover, our SCoP project comes with energy-efficient consumption provided by the lightweight and low-latency design...

Success Story: OpenXPort – A data portability API for groupware systems using the open standard JMAP

by OpenXPort team The Challenge Hundreds of millions of users worldwide store their PIM data such as contacts, appointments, tasks, notes, or files on internet services. This is true not only for email or groupware messaging services, but also for Social Networks, CRM systems, … and many other applications. So, what happens to this data when a user decides to change his provider? Many of the most popular Webmail systems have no well-defined APIs and/or data portability support. Thus, millions of email users are involuntary “locked-in” with a service provider. The OpenXPort project helps establishing new standards that simplify the transfer of PIM data. The Solution The OpenXPort project works on open data formats and protocols to improve data portability for groupware/PIM data such as contacts calendars, tasks, notes, and files. The project makes use of audriga’s comprehensive experience in the field of data portability. Audriga provides self-service data portability tooling for many hosting companies worldwide, and assists organizations and ISPs to switch complete messaging or online storage platforms to other solutions. Although important standards like vCard/CardDAV and iCalendar/CalDAV do exist, they have limited use when it comes to data portability as they do not cover all types of data, use complex protocols and lack consistency. For this reason, OpenXPort builds on the JMAP family of standards which have been developed within IETF. JMAP is beginning to replace IMAP (email protocol) and is currently being extended to cover contacts, calendars, and tasks. OpenXPort is engaged in the ongoing standardization and extends Open Source servers with JMAP functionalities. OpenXPort’s JMAP plugins for Roundcube, SqirrelMail, and Horde can already help many of its users to exercise their right to free data portability. They also provide reusable code and blueprints for adding JMAP support to other systems. Besides simplifying the import and export of data, OpenXPort will also improve the overall interoperability between...

Success Story: Building the Platform Relationship Management for Personal Data, by Decentralizing OAuth protocol to remove lock-in-by-designdaps

by ALIAS team The Challenge Users’ personal data is stored in third-party services they use, historically for convenience, but companies have been using it to develop control lock-in on their users, asymmetry of information and unfair advantages with other platform services. This data is locked in because of the design of the main authorization protocol used on the web, that is OAuth. This protocol enables companies to keep too much power hosting the data associated with the service. Another design, enabled with recent cryptography technologies, would be to reverse it, enabling a user to have a Platform Relationship Management for Personal data, enabling to keep control and visibility at any time. The goal was to decentralize OAuth, enabling this value proposition to be technically feasible, easy to implement by developers and user friendly for citizens. The Solution In the DAPSI programme, we developed a platform enabling users to ask for their data from different data providers and platforms via different means, either email or via a portability chatbot. Once the users got their data back, they are able to share this data with different public research project to “Datafund” them. It contributes to a more human-centric internet, because it puts the user at the centre of the data sharing mechanism and process. Nothing can be done without the user's consent, and everything can be undone by the user. DAPSI support DAPSI has helped us to: - Strengthen the team that started the project - Mature the technology - Turn the project into a company - To get legitimacy in the Personal data ecosystem - Attract investors, private and public DAPSI journey - Achievements from the first phase of the DAPSI programme By helping 50 citizens to get back their data as a research project, we managed to check 400+ current portability legal processes and the real implementation of GDPR article 20 by...