DebugBear: What is JPEG XL: do we really need another image format?. “In 2018, the Joint Photographic Experts Group (JPEG) issued a call for proposals for the ‘next-generation image compression’. Numerous proposals were submitted, but only two were selected to proceed, one by Cloudinary (FUIF) and one by Google (PIK). The two were eventually combined to create JPEG XL (often shortened to JXL), […]
https://rbfirehose.com/2026/02/07/what-is-jpeg-xl-do-we-really-need-another-image-format-debugbear/#InternetStandards
@rickvanrooijen @MastodonEngineering @staff
Valid point. The mastodon.social instance already seems to support inbound IPv6: https://en.internet.nl/site/mastodon.social/3738895/#siteipv6
However, for actual interaction and federation via IPv6 outbound support is needed as well and the latter indeed seems to be missing. Hopefully they can fix this.
We were happy to be present in the "Modern Email" devroom at @fosdem!
Email is the workhorse of digital communication and it is important to keep our implementations up to date and interoperable.
Benjamin Broersma (@forumstandaardisatie) gave a talk on email configuration, highlighting some useful testing tools, and common config errors.
The video recording is now available at https://fosdem.org/2026/schedule/event/H9GEBT-fos-check-tooling-for-mail-config/.
Enjoy watching, and questions are welcome!
Ars Technica: Google temporarily disabled YouTube’s advanced captions without warning. “Google has now posted a brief statement and confirmed to Ars that it has not ended support for SRV3. However, all is not well. The company says it has temporarily limited the serving of SRV3 caption files because they may break playback for some users.”
https://rbfirehose.com/2026/01/22/ars-technica-google-temporarily-disabled-youtubes-advanced-captions-without-warning/Happy holidays and a great start to the new year! 🎄💫☃️
In 2025, you carried out 850,000 tests via the website and 12 million via the API & dashboard. 🚀
Keep up the great work and continue testing & improving in 2️⃣0️⃣2️⃣6️⃣!
Need help? The number of hosters in the Hall of Fame (https://en.internet.nl/halloffame/hosters/) has grown by 50%, giving you plenty of options to choose from. 🤝
These results would not have been possible without our valued platform members (see 1st comment).
The Linux Foundation: Linux Foundation Announces the Formation of the Agentic AI Foundation (AAIF), Anchored by New Project Contributions Including Model Context Protocol (MCP), goose and AGENTS.md. “The Linux Foundation announced the formation of the Agentic AI Foundation (AAIF) with founding contributions of leading technical projects including Anthropic’s Model Context Protocol (MCP), […]
We are pleased to welcome Alena Muravska from @ripencc as the new Chair of the Global Internet Standards Testing Community (GISTC).
Many thanks to Wout de Natris - van der Borght for setting up the international community around Internet.nl.
For more info on the GISTC, see https://intgovforum.org/en/content/igf-2025-launch-award-event-96-empower-the-global-internet-standards-testing-community
Interested in joining? Please send an email to international@internet.nl.
The Dutch Internet Standards Platform, the public-private partnership behind Internet.nl, and #Punktum_dk, the organisation behind the Danish sikkerpånettet.dk and registry of the .dk domain, are proud to announce that #Punktum_dk will make an annual contribution to the maintenance and further development of Internet.nl.
Read more about the partnership here: https://en.internet.nl/article/punktum-dk-contribution/
The @EUCommission seeks participants for the Multi-Stakeholder Forum on Internet Standards Deployment.
The Commission launches this Forum to guide deployment of key Internet standards under NIS2 network security measures and promote wider industry uptake. Applicants wishing to join the Forum from the start are strongly encouraged to submit their applications no later than *12 December 2025*.
For more information see https://digital-strategy.ec.europa.eu/en/news/european-commission-seeks-participants-multi-stakeholder-forum-internet-standards-deployment.
🎉 IETF 124 in Montreal is a wrap!
Another fantastic week developing new ideas for the future of the Internet. From hackathons to working group sessions, the energy was incredible.
Thread 🧵 1/5
Continued development, content creation, and testing are still needed to complete and refine the upcoming features. We expect to release them incrementally before the end of this year.
Is your website, email, and internet connection compliant with modern, reliable internet standards? Now is a good time to test your compliance on Internet.nl.
#InternetStandards #CyberSecurity #TLS #CAA #PostQuantumCryptography
3/3
Sasha Romijn (@sash), Internet.nl's contracted lead engineer, joined @NLNOG Day 2025 on 30 September in Amsterdam.
Sasha presented the 'how and why of Internet.nl', sharing feedback from the NLNOG community, and giving a detailed look at how we decide which tests to include and how to test for compliance: https://www.youtube-nocookie.com/embed/ZEtglnvTSyc
Find more details, links to slides, and recordings of all talks on: https://nlnog.net/events/nlnog-day-2025/
Members of the Dutch Internet Standards Platform, Alena Muravska (@ripencc ) and @wouterkobes (@forumstandaardisatie), will take part in #SEEDIG10 on 10 and 11 October in Athens. Together with other panelists, they will share their perspectives and expertise during the session 'Securing the Internet Routing in the SEE Region' on 10 October.
More information can be found on the #SEEDIG10 event page: https://seedig.net/seedig-10/
The Verge: The web has a new system for making AI companies pay up. “On Wednesday, major brands like Reddit, Yahoo, Medium, Quora, and People Inc. announced support for Really Simple Licensing (RSL), an open content licensing standard that enables publishers to outline how bots should pay to scrape their sites for AI training data. They’re hoping the collective action gives them leverage to […]
https://rbfirehose.com/2025/09/11/the-verge-the-web-has-a-new-system-for-making-ai-companies-pay-up/
The UK’s Online Safety Act: A Lesson in Technosolutionism
The United Kingdom has just delivered the world’s most expensive demonstration of why throwing technology at social problems doesn’t work. After two years of ignoring expert advice and billions in compliance costs, the UK’s Online Safety Act has achieved the opposite of its stated goal by making the internet less safe.
Six months into enforcement, Britain’s techno-solutionist fantasy has crashed into reality with predictable results. Beneficial online communities have been obliterated, VPN adoption has surged 1,400%, and the UK has created a perfect case study for why governments can’t regulate away complex social problems with algorithmic band-aids and surveillance theater.
If you wanted to design legislation to eliminate the internet’s safest spaces for vulnerable people, you couldn’t improve on the UK’s approach. The Act’s most spectacular own-goal has been systematically destroying community-run websites that provided genuine social support.
Consider Microcosm’s 300 community websites serving 275,000 monthly users. These weren’t dark corners of the internet. They were cycling forums, parenting advice sites, and local community hubs where people actually knew each other. Dee Kitchen, who ran these communities for nearly three decades, captured the government’s logic perfectly: “It’s too vague and too broad and I don’t want to take that personal risk.”
The community websites closed specifically because age verification would destroy the trust and openness that made them safe spaces. As site administrators noted: “The impact that these forums have had on the lives of so many cannot be understated… approximately 28 years and 9 months of providing almost 500 forums in total to what is likely a half a million people.”
Meanwhile, harmful content on major platforms continues largely unabated. Tech giants with billion-dollar compliance budgets simply absorb fines as operating costs. TikTok’s £1.875 million penalty represents roughly 0.01% of ByteDance’s $155 billion annual revenue, making it count less than a virtual parking ticket.
Perhaps the crown jewel of the UK’s techno-solutionist delusion is demanding “safe” encryption backdoors. Despite government admission that the necessary technology “does not yet exist,” officials refused to let inconsequential details like reality or mathematics interfere with their mandates.
Ciaran Martin, who founded the UK’s National Cyber Security Centre, called out this “magical thinking”, essentially the belief that encryption can be weakened for government access while remaining strong against everyone else. This isn’t a technical challenge; it’s a fundamental impossibility as the Global Encryption Coalition noted.
Even the tech industry’s response was swift and unified. Signal, WhatsApp, and Apple essentially told the UK government to choose between secure communications and backdoors. Instead of magically solving encryption, the UK triggered a 1,400% surge in VPN adoption as users decided to route around the government’s technical incompetence rather than submit to it.
In other failures, within days of enforcement, automated systems were treating Conservative MP posts about grooming gangs, police arrest footage, and parliamentary speeches exactly like genuinely harmful content. This wasn’t a bug, it’s the inevitable result of the futility of trying to teach machines to understand human context, intent, and meaning.
When platforms face £18 million fines for missing harmful content, they predictably err toward censoring everything that might possibly be problematic, including discussions of the very problems they’re supposed to solve.
The meta-censorship problem showcases the system’s absurdity: documentation of censored content gets censored, creating a feedback loop where evidence of the system’s failures becomes impossible to discuss publicly. It’s compliance theater at its finest. It is visible enough to inconvenience ordinary users, yet ineffective enough to let determined bad actors adapt around it.
This reveals the UK’s techno-solutionism’s true beneficiaries: tech giants who can afford compliance theater while their smaller competitors get regulated out of existence. Meta and Google can absorb billions in compliance costs; community forums run by volunteers cannot.
he threshold-based requirements create what researchers call ‘vastly disproportionate compliance incentives’, which is academic speak for “we’ve built a regulatory country club and labeled it child safety.” The UK has essentially using child safety as cover for the largest anti-competitive regulation in internet history, with the result being an internet that’s simultaneously less safe and less accessible.
Not to be outdone, the European Union watched the UK’s comprehensive failure and decided to ask them to hold their beer. The EU is implementing almost identical age verification systems that require Big Tech technology as a key dependency while pursuing deeply unpopular “chat control” legislation that is planned be adopted by October 2025.
Despite Poland’s EU Presidency giving up on voluntary chat scanning, the fundamental legislative momentum continues unchanged. European policymakers have learned nothing from watching their neighbours systematically destroy beneficial online communities while failing to protect children. They’re implementing the same impossible technical requirements, ignoring the same expert warnings, and expecting different results.
The UK’s experiment has produced one unambiguously successful outcome: the largest grassroots digital rights movement in British history. Over 290,000 citizens have signed petitions demanding repeal, which is impressive political engagement for any cause, let alone internet infrastructure policy.
Proton VPN reported that 1,400% increase in UK signups within hours of enforcement, noting this was “sustained and significantly higher than when France lost access to adult content.” Multiple VPN providers reported similar surges, with privacy apps dominating UK App Store charts for weeks.
The circumvention became so widespread that Ofcom demanded platforms prohibit content encouraging VPN use, creating a perfectly Orwellian situation where discussing privacy tools becomes prohibited speech under legislation supposedly designed to protect online safety.
The UK’s experiment inadvertently provided a perfect demonstration of what makes the internet genuinely safer: community-based moderation, user empowerment, and addressing real-world social problems that manifest online.
The forums destroyed by the Act had operated safely for decades through transparent governance, engaged user communities, and voluntary compliance with clear standards. These spaces worked because they created genuine human relationships where inappropriate content was quickly identified and addressed by people who actually cared about the community’s wellbeing.
Technical mandates destroy these approaches by replacing human judgment and community accountability with automated systems that users cannot understand, appeal, or improve. When algorithms make moderation decisions, users lose agency over their own spaces, communities lose the ability to set their own standards, and the social dynamics that create genuine safety disappear.
This expensive UK experiment offers the world a choice: learn from their mistakes or repeat them at even greater scale. The evidence is overwhelming that age verification systems, encryption backdoors, and automated content moderation create more problems than they solve while systematically destroying community-based approaches that actually work.
The lesson is clear but politically inconvenient: protecting people online often begins offline, and requires addressing factors like social isolation, inadequate education, economic inequality, and lack of community support. Online factors can also help, but those require giving users agency to manage their own communities, and investing in digital literacy. Unfortunately these solutions involve long-term investment in unglamorous things like schools, social services, and community programs, not exciting technology mandates that primarily serve our big tech overlords.
#digitalRights #internetStandards #publicInterest #rant #regulation
HTTP/1.1 Must Die
#HackerNews #HTTP #Must #Die #HTTP/1.1 #WebDevelopment #TechNews #InternetStandards
The Register: Exif marks the spot as fresh version of PNG image standard arrives. “The World Wide Web consortium has announced the third edition of the specification for the Portable Network Graphics format – or PNG, pronounced ‘ping’, for short. The chair of the W3C working group in charge of PNG, Chris Blume, has a description of what’s new in post entitled PNG is back!.”
Digital Sovereignty in Practice: Web Browsers as a Reality Check
Reading in Servo’s latest weekly report that it’s now passing 1.7 million Web Platform Subtests, I started wondering: How much investment would it build it into a competitive, independent browser, in the context of all this talk on digital sovereignty?
Servo is an experimental web browser engine written in Rust, originally developed by Mozilla Research as a memory-safe, parallel alternative to traditional browser engines like Gecko and WebKit. After Mozilla laid off the entire Servo team in 2020, the project was transferred to Linux Foundation Europe, where it continues to be developed with minimal funding from individual donors and Igalia, a team of just five engineers. Servo’s progress demonstrates what’s possible with intentional investment in independent browser projects.
As initiatives like EuroStack propose €300 billion investments in digital infrastructure and researchers proposing comprehensive roadmaps for “reclaiming digital sovereignty” through democratic, public-led digital stacks, browsers are an ideal test case to ground these ambitious visions in reality.
The current browser landscape reveals how concentrated digital control has become. Roughly 75% of global web traffic flows through browsers based on Google’s Chromium engine; not just Chrome, but Microsoft Edge, Samsung, and dozens of others. Apple’s Safari dominates iOS but remains locked to their ecosystem. Firefox, once a genuine alternative, has declined to under 5% market share globally. This means American companies control how billions of users worldwide access the web. Every search, transaction, and digital service flows through infrastructure ultimately controlled by Silicon Valley. For societies valuing their independence and sovereignty, this represents a fundamental vulnerability that recent geopolitical events have made impossible to ignore.
Digital infrastructure is as important as energy or transportation networks. Unlike physical infrastructure, however, digital systems can be controlled remotely, updated unilaterally, and modified to serve the interests of their controllers rather than their users. Browsers exemplify this challenge because they’re both critical and seemingly replaceable. In theory, anyone can build a browser. The web standards are open, and rendering engines like Servo prove it’s technically feasible.
In practice, building browsers requires sustained investment, institutional coordination, and overcoming network effects that entrench existing players. If democratic societies can successfully coordinate to build and maintain competitive browser alternatives, it demonstrates their capacity for more complex digital sovereignty goals. If they cannot, it reveals the institutional gaps that need addressing.
Firefox offers important lessons about the challenges facing independent browsers. Mozilla has indeed faced difficulties: declining market share, organizational challenges, and ongoing technical issues. The organization has also alienated its most dedicated supporters by pivoting toward advertising, AI initiatives and cutting their impactful public advocacy programs.
However, Firefox remains the only major browser engine not controlled by Apple or Google, serving hundreds of millions of users worldwide. Its struggles reflect structural challenges that any alternative browser would face: the enormous engineering effort required to maintain web compatibility, the network effects favouring dominant platforms, and the difficulty of sustaining long-term technical projects through diverse funding sources.
Servo’s recent progress illustrates both the potential and the resource constraints of independent browser development. Since 2023, Igalia’s team of just five engineers has increased Servo’s Web Platform Test pass rate from 40.8% to 62.0%, added Android support, and made the engine embeddable in other applications, even demonstrating better performance than Chromium on Raspberry Pi. This progress on a shoestring budget shows what focused investment could achieve, while also highlighting how resource-constrained independent browser development remains.
Yet, building a competitive alternative browser infrastructure would require substantial but manageable investment. Here is a ballpark estimation I made based on existing browsers: Annual operating costs would include:
- Engineering Team of ±50 developers, designers, managers etc.: €15 million.
- Quality Assurance and Testing Infrastructure: €10 million
- Security Auditing and Vulnerability Management: €10 million
- Standards and Specification Development: €5 million.
At this point I would just round up to around 50-70 million annually, which I’m sure would comfortably cover everything I missed. The proposed EuroStack initiative already envisions €300 billion over multiple years. Browsers represent a tiny fraction of what democratic societies already spend on strategic infrastructure. This calculation proves that the cost isn’t the primary barrier: the European Space Agency for example has had a budget of €7.8 billion in 2024. Europe can afford to build a browser.
It would probably take around 3-4 years to fully build an alternative browser from scratch, less so if it’s a fork of one of the existing ones. Forking Chromium/Gecko or building upon Servo’s foundation could reduce this timeline to 18-24 months for basic functionality, though achieving full web compatibility and market readiness would still require several additional years of refinement. The initial development sprint needs to be followed by a sustained engineering effort needed afterward, for maintaining compatibility with evolving web standards, fixing security vulnerabilities, and keeping pace with performance improvements.
The core challenge isn’t technical; it’s institutional. How do you sustain long-term technical projects through democratic processes that span multiple countries with different priorities, resources, and political systems? Successful models exist. The European Space Agency coordinates complex multi-national technical projects. CERN manages cutting-edge research infrastructure across dozens of countries. The Internet Engineering Task Force maintains critical internet standards through voluntary coordination among global stakeholders. The “Reclaiming Digital Sovereignity” proposal specifically addresses this challenge by advocating for “new public institutions with state and civil society representation” to govern universal digital platforms, alongside “multilateral agreements on principles and rules for the internet” as safeguards for autonomous, democratically governed solutions.
Browser development could follow similar patterns: international frameworks that respect national sovereignty while enabling coordinated action, governance structures that balance technical expertise with democratic accountability, and funding mechanisms that provide stability across political cycles. The Reclaiming Digital Sovereignity’s report’s emphasis on “democratic international consortia” and “public knowledge networks led by a new public international research agency” provides concrete institutional models that could be adapted for browser development. Germany’s Sovereign Tech Agency represents another model for public investment in digital infrastructure for the public interest.
With all that being said, browsers represent one of the more achievable digital sovereignty goals. They’re built on open standards, rely heavily on open source components, and face fewer network effects than platform-based services. Other areas of the technology stack would be far more challenging, and far less open.
Success here would demonstrate that democratic societies can coordinate effectively on complex technical infrastructure and pass the first hurdle. Failure would reveal institutional gaps that need addressing before attempting more ambitious digital sovereignty goals. Democratic digital sovereignty is challenging but feasible, if societies are willing to think institutionally, invest sustainably, and build incrementally rather than trying to recreate Silicon Valley with different ownership structures.
Ultimately, the real question isn’t whether democratic societies can build alternative technologies, but whether they can build the democratic institutions necessary to govern them effectively across the complex realities of international coordination, competing priorities, and long-term sustainability. I believe browsers offer an ideal place to start testing these institutional innovations. The technical challenges are surmountable. The institutional ones remain to be proven.
Views expressed are personal and do not represent any organization.
#digitalSovereignity #funding #internetStandards #openSource #publicInterest
HAPPY IPv6 DAY!
FRANCK MARTIN’S IPv6 VISION STILL LEADS THE WAY | Franck Martin’s post on IPv6 Day sparked a deep technical discussion about the future of internet protocols. From Pacific-based open-source projects to LinkedIn infrastructure, Franck has been a long-time advocate for IPv6. The comments reveal both the challenges and momentum surrounding IPv6 adoption today. #IPv6Day #FranckMartin #IPv6Adoption #OpenSourcePacific #TechMentor #InternetStandards…
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst