A few days ago, a vulnerability in xz-utils named CVE-2024-3094 was discovered, and since then the open source community as well as security pundits fall over themselves and each other to provide the best analysis of this incident. Don’t worry, this post isn’t another one of those. Because while all the speculation about what motivates such a long-term attack is fun, the underlying issue is way, way simpler. In a tweet1, Heather Adkins of Google posted an “unpopular opinion: if your hobby is now responsible for running the modern world, it’s no longer a hobby”.

With 2023 over, and some time between now and the last update, it’s perhaps a good moment to reflect on what happened in 2023 and where the project is right now. Achievements Last year saw the closing of our grant from Internet Society Foundation, who have been excellent partners for the past two years! I don’t think I can overstate how important this grant has been for our work. In particular, a longer-running grant meant the focus could be more on actual research – trying things out and writing up the results – and less on implementation.

A few days ago, I made a social media post about Google vs. the Open Web. It received some responses, so I’ll reproduce it below with some additional comments. Figure: “Open Web - Gnomedex 2008” by Randy Stewart is licensed under CC BY-SA 2.0 Google is trying to kill the Open Web. Using the proposed “Web Environment Integrity” means websites can select on which devices (browsers) they wish to be displayed, and can refuse service to other devices.

Figure: “Bucket & spade” by Dale Gillard is licensed under CC BY 2.0 The other day, I was asked by a friend what it is I’m doing with this project. He’s very much into following technological trends, but not a deeply technical person himself. That drove home yet again how hard it is to provide an “elevator pitch” summary of our work. When I speak about a “human centric” internet, what I mean is a digital place where human rights are protected, and human needs are met.