Last November 2024, the Public Interest Technology Group (PITG) held its first unconference alongside the IETF in Dublin with support of our community. As digital infrastructure like networks, encryption, and cloud computing become even more central to daily life, a group of technologists gathered at Trinity College to tackle urgent threats to internet freedom: surveillance, censorship, and the dangerous consolidation of power in the hands of a few tech giants.

The issues discussed at this unconference affect everyone who uses the internet—from the apps on your phone to the websites you visit. When a handful of companies control the fundamental infrastructure of the web, they effectively control who gets to participate in our digital future and under what conditions.

The PITG unconference brought together 23 researchers, advocates, and engineers who work inside the very socio-technical systems they are trying to reform—from internet standards bodies like the Internet Engineering Task Force (IETF) to browser development teams at major tech companies. Their mission was to ensure that the internet’s fundamental infrastructure serves public rather than corporate interests.

The never-ending encryption wars

The day began with a sobering assessment of where we stand in the fight against government and corporate surveillance. The protocols that encrypt your web traffic determine whether governments and corporations can spy on your online activity, manipulate the websites you see, or censor your access to information. As such, encryption should matter to everyone. While the Snowden revelations sparked progress in standards—encrypted Domain Name Service (DNS) protocols, Transport Layer Security 1.3, and other privacy-enhancing technologies—unconference participants noted a continued asymmetry in how standards bodies approach different threats.

The Internet Engineering Task Force (IETF) effectively considers government adversaries, multiple participants observed, but continues to struggle with addressing corporate surveillance threats. Possibly because many participants work for companies that run on data collection. This tension plays out in real standards battles. Take encrypted DNS protocols like DNS-over-Hyper Text Transfer Protocol Secure (DoH), which should theoretically protect users from surveillance and manipulation of their web traffic.

Despite being technically sound, DoH faces slow adoption due to government blocking, browser implementations defaulting to less secure options, and Internet Service Provider (ISP) resistance. Meanwhile, protocols that serve corporate interests of decreasing latency—like Google Quick UDP Internet Connection (QUIC)—deploy smoothly across the internet. The lesson we can draw from this is that privacy-enhancing technologies often struggle when they “stick out” or reveal conflicts between user privacy and corporate business models. As many of the technologists present agreed: the challenge is not just technical—it is political.

Locked out of rough consensus and running code

The people making decisions about internet protocols determine everything from whether your messages stay private to which companies can build competing browsers or apps. As such, another unconference discussion centered on who gets to make decisions about internet infrastructure. Despite being “open” in theory, public interest advocates face significant barriers in meaningfully participating in standards bodies like the IETF. With meeting attendance costing $3,000-5,000 per person (counting the participation fee, hotel, travel, visa, per diems etc.) and requiring weeks of travel annually, decision-making power concentrates among employees of large companies who can afford to send engineers to lengthy technical meetings.

Unlike organizations such as the Internet Corporation for Assigned Names and Numbers (ICANN), the IETF lacks robust infrastructure and funding for diverse participation. Decision-making power concentrates among employees of large companies who can afford to send engineers to lengthy technical meetings. While fee waivers, childcare, and mentoring programs exist, they cannot overcome fundamental power dynamics that favor those who control operating systems, networks, and hardware.

The process itself can be opaque, participants noted, with many implicit rather than explicitly documented procedures and norms. This creates a system where good intentions are not enough—you need institutional backing and deep technical knowledge to influence outcomes. There is no one single solution to this concern. Participants, however, did call for deepening the connections between public interest techies in the various bodies—public interest liaisons, if you will—who can highlight key issues, build common agendas among influential technologists, and better connect efforts across standards bodies.

The consolidation crisis

When a few companies control the essential infrastructure of the internet, they can decide which the general level of protection people can expect from surveillance, which websites load quickly, and what information you can access. The most urgent discussions focused on a problem hiding in plain sight: the dangerous consolidation of economic power across many layers of internet infrastructure. In browsers, for example, we have moved from a diverse ecosystem to Chrome’s overwhelming dominance at 65% market share globally, with a few meaningful alternatives. While Chromium’s open-source nature provides some benefits, Google maintains such overwhelming influence that “de-Googling” Chromium remains nearly impossible. Chrome’s dominance also often means de facto control of web standards, and how and when websites work or break.

Mobile operating systems have consolidated into a Google-Apple duopoly, with Android holding approximately the largest market share followed by Apple, together accounting for almost the entire of the smartphone market. Apple and Google collect a significant commission on most app transactions (reduced somewhat for smaller developers), with Apple alone generating over $10 billion globally in commissions in 2024. This consolidation extends beyond just phones—app stores, design standards, and development frameworks all flow through these two gatekeepers.

Another concerning consolidation happens in cloud infrastructure. A few companies—Amazon (32%), Microsoft (23%), Google (10%)—now provide the majority of hosting, compute and other services for everything from government services to “internet freedom” tools. As participants grimly noted, lots of public money effectively is handed over to cloud providers even by free and open-source software projects. This creates perverse dynamics. Organizations building tools to resist surveillance and reduce consolidation find themselves dependent on the very companies that, in some cases, they are trying to circumvent.

Privacy theater vs. real protection

Companies often implement visible privacy features that make users feel protected while continuing surveillance through less obvious means. The web privacy discussion, in particular, revealed how browser makers engage in elaborate “privacy theater”—security or privacy measures that are primarily designed to create an appearance of protection rather than provide meaningful safeguards—while enabling continued surveillance through other means.

Other measures are often costly or reduce functionality. Apple implements “double hop” systems for known trackers and offers paid privacy relay options—but only for those who can afford premium services. Brave focuses on anti-fingerprinting through data randomization, though this breaks legitimate use cases. Safari limits anti-fingerprinting to private browsing mode.

Google’s approach, as of last November, was to change Chrome’s fingerprinting policy to allow a broad range of tracking techniques. Given Chrome’s massive 65% market share, this essentially sets the standard for what is acceptable across the web. Meanwhile, research shows that reducing web tracking does not just improve privacy—it actually reduces fraud rates, demonstrating clear public benefits beyond individual privacy concerns.

The road ahead

The PITG unconference revealed both the scope of the challenges and the different streams of work within the PITG community to counter surveillance, censorship and consolidation. Participants committed to collaborating on projects ranging from abuse prevention in federated messaging to advocacy efforts for cloud accountability. But perhaps the most important insight was strategic: the open internet cannot be protected through protest or regulation alone. It requires technologists who understand both the technical details and the political stakes, working inside standards bodies and tech companies to ensure that the infrastructure we all depend on serves human rights rather than corporate profit.

The next PITG unconference is already being planned for 2026. In a world where tech consolidation accelerates daily and hype distracts from fundamental infrastructure questions; our work remains critical. As one participant noted, “Every protocol decision, every standard, every piece of infrastructure code is a political choice about who gets to participate in our digital future”. The PITG community is working to build both the technical tools and political frameworks needed to keep the internet working in the public interest, bit-by-bit.

This blog was written by Dr. Corinne Cath-Speth, a co-chair of the Public Interest Technology Group.

The PITG chairs would like to extend their thanks to Dr. Stephen Farrell of Trinity College Dublin; the Ford Foundation for their core support of PITG and the Open Tech Fund (OTF) for generously providing travel support to the unconference; baby Aloys for being the youngest participant at only 3 months; and everyone who volunteered to moderate or take notes in the sessions!