The modern internet is a terrible, no-good privacy nightmare and we should probably start over. At least that’s the argument that spawned the latest project from the Cult of the Dead Cow.
While the internet is made up of more than Facebook, Google and the app formerly known as Twitter, these platforms make up the bulk of the internet as most users experience it, and the advertising-based business models of these firms means that privacy features are often a mere tool in delivering highly targeted advertising.
This is what the hacking collective the Cult of the Dead Cow wants to change with a project they’re calling Veilid, which is a foundation for software developers to build apps with privacy as the default.
“We exist to develop, distribute and maintain a privacy-focused communication platform and protocol for the purpose of defending human and civil rights,” Christien “DilDog” Rioux, a Cult of the Dead Cow (cDc) member and a co-founder of the security software Veracode, said at a launch event at the DEF CON hacking conference last month.
Known as the “original hacking supergroup,” the cDc has a long history of building technical tools aimed at preserving user privacy and security. Veilid represents its first major project in more than a decade.
It also may be its most ambitious.
Veilid aims to replace the advertising giants that run social media platforms with an alternative suite of open-source, serverless, peer-to-peer and mobile-first applications. By creating an application framework that puts privacy first, Veilid tries to put tools in the hands of developers to let them build applications with a fundamentally different ethos than today’s advertising-driven internet economy.
The project began roughly four years ago, when Rioux approached Katelyn “Medusfour” Bowden about a project to create a new private social media and messaging service. Rioux had most of the technical details figured out but worried about how to address the safety concerns of developing tools to build encrypted, surveillance resistant applications.
Bowden is the founder of BADASS, an advocacy group that works against non-consensual pornography, and said that the elimination of the profit motive is key to ensuring safety for applications built using Veilid. “We cannot have a profit motive because once you enter a profit motive into the equation, that’s when trust and safety falls apart. That’s when you start having to appease VCs or investors,” Bowden said.
The project exists as part of the non-profit Veilid Foundation, which is made up of Rioux, Bowden, and Paul Miller, a community organizer and privacy advocate. “We have no intention of setting up a corporation. We have no intention of making any money. None of us want to quit our day jobs. We just want to make something that is cool,” Bowden said.
Following Elon Musk’s purchase of Twitter last year, a slew of alternatives to the bird app have tried to replace the platform. Protocols like ActivityPub for Mastodon and AT Protocol for Bluesky Social aim for a decentralized design, with users having to pick a server to post in. (Bluesky only has one main server at the moment but that is planned to change in the future.) But these decentralized networks have struggled to break through into the mainstream, even if they have caught on among technically oriented communities.
The difficulty of using Mastodon, for example, spawned a deluge of how-to articles to help users not familiar with a “federated” social media application get up to speed. The successful launch of Meta’s Threads — which saw 10 million users sign up in the first seven hours — only illustrated the importance of ease of use. Signing up for Threads only required an Instagram account and tapping a few buttons; Mastodon required a bit of dedicated reading.
Despite its initial success, the number of active users on Threads has declined precipitously since launch, perhaps illustrating that there remains space for a bona fide Twitter competitor to emerge after Musk’s acquisition of the platform.
That leaves the proverbial grandfather who only knows about Google and Facebook with few options for tools that preserve privacy. “All of us that know better and want to be off of Facebook are still on there because our grandparents and aunts or uncles are still there,” Bowden said.
The Signal protocol and chat app is one example where an app that began as tool a focused on tech-savvy users, journalists and activists know has gained more widespread adoption, in part thanks to its ease of use.
Where Veilid is different is that it is not single-purpose software. One can use Mastadon for social media, Signal for chat and calls, Keybase as a sort of Slack replacement, not to mention the plethora of self-hosted projects found on Github. But developers for many of these projects have to figure out the privacy and security components themselves. And while many of the high-profile applications like Signal and Keybase have white papers on their security and privacy methods, not every developer has the desire, skill or time to painstakingly document their software.
Veilid tries to build a foundation for developers to build apps where privacy is the default. Whether it’s a peer-to-peer messenger, social media or a storage app, “the possibilities here are endless,” Bowden said in announcing the project at DEF CON.
The project is aiming to release its first flagship application, VeilidChat, in the coming months.
“This is not only about the code and the tech, but it’s about the people,” Bowden said. We’re making hacktivism available to everyone. My mother can join our Discord and present an idea and get involved,” Bowden said.
The keystone of the project is the community being built around the framework. Veilid launched a Discord server, and new users have been flooding in with ideas, small projects and other contributions to the framework. Among the early projects are a python-based chat demonstration, a paste-bin equivalent and an ASCII Star Wars.
Open-source development is probably most known for the communities it creates, but many of them are made up only of programmers, which can exclude the less tech-savvy from influencing the products they use.
“If somebody is not necessarily technical, but they have wanted to have a say in how their internet works, they have an interest in privacy, we would love to have them join the Discord,” Bowden said. “We want people that aren’t technical. I want regular people in there, so that they can find themselves in a situation where they get to have a say in how apps are built.”