WhatsApp has its own backup feature (actually, it has more than one way to do it.) WhatsApp supports end-to-end encrypted backups that can be protected with a password, a 64-digit key, and (more recently) passkeys. WhatsApp’s public docs are here and WhatsApp’s engineering writeup of the key-vault design is here. Conceptually, this is an interesting compromise: it reduces what cloud providers can read, but it introduces new key-management and recovery assumptions (and, depending on configuration, new places to attack). Importantly, even if you think backups are a mess — and they often are — this is still a far cry from the effortless, universal access alleged in this lawsuit.

If you use native device backup on iOS or Android devices (for example, iCloud device backup or the standard Android/Google backup), your WhatsApp message database may be included in a device backup sent to Apple or Google.

Several online commenters have pointed out that there are loopholes in WhatsApp’s end-to-end encryption guarantees. These include certain types of data that are explicitly shared with WhatsApp, such as business communications (when you WhatsApp chat with a company, for example.) In fairness, both WhatsApp and the lawsuit are very clear about these exceptions. These exceptions are real and important. WhatsApp’s encryption protects the content of your messages, it does not necessarily protect information about who you’re talking to, when messages were sent, and how your social graph is structured. WhatsApp’s own privacy materials talk about how personal message content is protected while other categories of data exist.

The most important thing to keep in mind here is that Meta’s encryption happens on the client application, the one you run on your phone. If the claims in this lawsuit are true, then Meta would have to alter the WhatsApp application so that plaintext (unencrypted) data would be uploaded from your app’s message database to some infrastructure at Meta, or else the keys would. And this should not be some rare, occasional glitch. The allegations in the lawsuit state that this applied to nearly all users, and for every message ever sent by those users since they signed up. Those constraints would tend to make this a very detectable problem. Even if WhatsApp’s app source code is not public, many historical versions of the compiled app are available for download. You can pull one down right now and decompile it using various tools, to see if your data or keys are being exfiltrated. I freely acknowledge that this is a big project that requires specialized expertise — you will not finish it by yourself in a weekend (as commenters on HN have politely pointed out to me.) Still, reverse-engineering WhatsApp’s client code is entirely possible and various parts of the app have indeed been reversed several times by various security researchers. The answer really is knowable, and if there is a crime, then the evidence is almost certainly* right there in the code that we’re all running on our phones.

In the case of WhatsApp, the application software is written by a team inside of Meta. This wouldn’t necessarily be a bad thing if the code was open source, and outside experts could review the implementation. Unfortunately WhatsApp is closed-source, which means that you cannot easily download the source code to see if encryption performed correctly, or performed at all. Nor can you compile your own copy of the WhatsApp app and compare it to the version you download from the Play or App Store. (This is not a crazy thing to hope for: you actually can do those things with open-source apps like Signal.)

Today WhatsApp describes itself as serving on the order of three billion users worldwide, and end-to-end encryption is on by default for personal messaging. They haven’t once been ambiguous about what they claim to offer. That means that if the allegations in the lawsuit proved to be true, this would be one of the largest corporate coverups since Dupont.

The state of encryption on major messaging apps in early 2026. Notice that three of these platforms are operated by Meta.

Not only does WhatsApp’s encryption prevent Meta from mining your chat content for advertising or AI training

should never be able to read the content of your messages.

Beginning in 2014 (around the time they were acquired by Facebook), the app began rolling out end-to-end (E2E) encryption based on the Signal protocol.

The downside of vast scale is that apps like this can also collect data at similarly large scale. Every time you send a message through an app like WhatsApp, you’re sending that data first to a server run by WhatsApp’s parent company, Meta.

In terms of scale, modern messaging apps are unbelievably huge. At the start of the period in the lawsuit, WhatsApp already had more than one billion monthly active users. Today that number sits closer to three billion. This is almost half the planet. In many countries, WhatsApp is more popular than phone calls.

De Duitse investering zorgt ervoor dat Tennet niet langer zelf het merendeel van de aandelen heeft van de Duitse activiteiten. De Nederlandse pensioenuitvoerder APG, een Noors staatsoliefonds en een Singaporees staatsinvesteringsfonds bezitten samen ongeveer 46 procent."TenneT Holding zal minimaal 28,9 procent van de aandelen in TenneT Duitsland behouden", schrijft het bedrijf. "Hierdoor beschikt TenneT Holding over volledige betrokkenheid bij belangrijke besluiten."

Het genoemde AI Deltaplan is overigens geen deltaplan. Het is eigenlijk niet eens een plan. Het is meer een opsomming van wensen van mensen die zouden willen dat Nederland gewoon net zo zou worden als Silicon Valley. “Maar dan wel veilig”, zeggen ze. Ik schreef daar eerder over, als je in Europa wil innoveren moet je dat op een Europese manier doen. En niet kleine stukjes uit Amerika kopiëren en dan hopen dat dat hier gaat werken. Want dat doet het niet.

uitbreiding van de WBSO voor ontwikkeling van AI”

“We stimuleren de bouw van een AI-fabriek in Noord-Nederland en van Europees- autonome datacentra. W

Probeer vooral eens wat er nog werkt als het door het Amerikaanse Equinix onderhouden Koppelnet Publieke Sector gehacked is. Of Solvinity!

“We richten een Nederlandse Digitale Dienst op: compact, deskundig en met doorzettingsmacht. Deze dienst ondersteunt de digitalisering Rijksbreed, stelt kwaliteitsstandaarden op en borgt goede ontwerpkeuzes. We verminderen afhankelijkheid van externe IT-leveranciers door meer IT-talent in dienst van het Rijk te nemen.”

De “call-in bevoegdheid” komt voort uit een initiatiefwetsvoorstel van GroenLinks-PvdA kamerlid Bushoff. De gedachte daarbij is dat bedrijfsovernames, ook als er nog geen gevaar is voor een echt monopolie, toch ongewenst kunnen zijn. Het voorstel noemt daarbij Co-Med, waar veel huisartsenpraktijken onder gingen vallen, met vervelende gevolgen. Deze bevoegdheid lijkt ook best gevolgen te kunnen hebben voor overnames van Solvinity-achtige bedrijven met lokaal zeer belangrijke posities.

Met de new competition tool (NCT), ook omschreven in het beroemde Draghi report (pagina 302), is het mogelijk bedrijven bindende aanwijzingen te geven als er effectief geen concurrentie mogelijk is. Als voorbeeld, als het praktisch onmogelijk is om te concurreren met Google of Microsoft voor email en agendabeheer kan je hiermee een bindende aanwijzing geven dat deze bedrijven het mogelijk moeten maken om als nieuwe speler mee te doen in hun ecosysteem. Zo’n verplichting is er nu soms ook al, maar alleen onder hele specifieke omstandigheden. Met de NCT kan het ook onder de algemene voorwaarde dat er van een niet-concurrerende markt sprake is.

rijksdienst nu werkelijk gemarineerd is in Amerikaanse technologie & dito arbeidsverleden. Ook consultants, big four, integrators en andere partijen waar de overheid op leunt komen uit die wereld. Als we weg willen komen bij “big tech” is het een hele uitdaging om dat te doen vanuit zo’n achtergrond/denkwereld. Ik zeg hier nadrukkelijk niet dat de ambtenaren voor Microsoft werken overigens, noch dat ze corrupt zijn! Desondanks vind ik de monocultuur in achtergrond en adviseurs een probleem. “Microsoft-tenzij” is op veel plekken uitgeschreven en officieel beleid.

We uniformeren de bedrijfsvoering binnen het Rijk onder leiding van het ministerie van BZK: van ICT en inkoop tot HR, onder andere door verplichte standaarden en gezamenlijke voorzieningen

“Digitale inkoop en aanbestedingen worden gestandaardiseerd en gecentraliseerd, gestuurd op security-by-design, zero-trust, soevereiniteit, open source en ketenveiligheid. De overheid benut haar marktmacht om veilige standaarden af te dwingen en stelt rijksbrede minimumeisen op voor security. Om voor financiering in aanmerking te komen moeten IT-projecten van de overheid (> €5 mln.) aan centrale IT-standaarden worden getoetst”

“Digitale autonomie moet het uitgangspunt zijn voor de overheid. We kiezen voor een Europese digitale infrastructuur, bouwen strategische afhankelijkheden in cloud, data en cruciale systemen doelgericht af”

Nederland moet de aanjager zijn van een geopolitieke en sterke Europese Unie die daadkrachtig optreedt. Geopolitiek besef moet doorklinken in alle beleidsterreinen.

Ook zegt het akkoord niet veel over geld, en voor sommige dingen gaat een boel geld nodig zijn, want anders blijft het bij warme woorden hoe belangrijk we dingen vinden. Er is een budgettaire tabel gepubliceerd maar hier lijkt op het eerste gezicht niets te staan over digitalisering. Wel over BTW op sierteelt.

Deze week bleek dat deze NDS een door bigtech gedomineerde lobbyclub had aangesteld om te bepalen wie de overheidsbrede cloud mocht gaan bouwen (archieflink).

Er komt een “digitaal bewindspersoon”, maar onbekend waar en hoe Geen woord over geld, is ook niet opgenomen in de “budgettaire tabel”!

Twee nieuwe mogelijkheden voor ACM om de markt voor Europese clouddiensten wakker te schudden/te beschermen

Men wil echt weg uit de Amerikaanse cloud, en digitale autonomie moet het uitgangspunt zijn

Geen enkele verwijzing naar de eerdere Nederlandse Digitaliseringsstrategie (NDS), of het daaruit voortvloeiende beloofde Overheidsbrede Cloudbeleid - opmerkelijk

Nederlandse Digitale Dienst binnen de overheid met “doorzettingsmacht”

Een revolutie in de ICT in de Rijksoverheid: centrale aansturing, centrale inkoop, verplichte standaarden, geen geld als men zich niet aan die standaarden houdt. Dit vanuit Binnenlandse Zaken, die daar een zware dobber aan gaan krijgen

Ollama is automatically detected when running locally at http://127.0.0.1:11434/v1

Ollama Ollama is a local LLM runtime that provides an OpenAI-compatible API:

Setting context length Setting a larger context length will increase the amount of memory required to run a model. Ensure you have enough VRAM available to increase the context length.

Cloud models are set to their maximum context length by default.

Context length is the maximum number of tokens that the model has access to in memory. The default context length in Ollama is 4096 tokens. Tasks which require large context like web search, agents, and coding tools should be set to at least 64000 tokens.

Note: Claude Code requires a large context window. We recommend at least 64k tokens. See the context length documentation for how to adjust context length in Ollama. ​

Set the environment variables:

Quick setup Copyollama launch claude

Recommended Models qwen3-coder glm-4.7 gpt-oss:20b gpt-oss:120b

Clawdbot Realistic Costs:Software: Free (MIT licensed, forever)Hardware: VPS $4-5/month, or Raspberry Pi ~$50-100 upfront, or old laptop free, or Mac Mini ~$600AI Model: Claude Pro $20/month (casual) to Claude Max $200/month (heavy use like Viticci)Realistic minimum: ~$25/monthBut remember: that $300+ in 2 days user is real. Heavy agentic use burns through tokens fast.

I solved it with a two-tier system - short-term memory.md files and long-term topic indexes.

Clawdbot is built for something completely different. Think of it as a personal executive assistant that lives inside your messaging apps. Just like you’d email instructions to a real assistant who then handles the work while you focus on other things, Clawdbot receives natural language requests through WhatsApp, Telegram, Slack, or Discord and then executes actual tasks on your computer.

The $300/day cost you mention for heavy Clawdbot usage matches what I've seen in practice.

Clawdbot uses AI APIs on every interaction and every background task. Costs accumulate.

Clawdbot requires technical setup. You need to deploy it on a server or local machine, configure messaging platform integration, manage API keys, and set permission boundaries thoughtfully. It’s not a consumer app. You can’t open an app store, tap install, and have it ready. That’s a real friction point that’s worth acknowledging.

Use Clawdbot when your primary bottleneck is the accumulation of small tasks across your digital life.

Clawdbot’s power to access messaging platforms means anyone with a security compromise at any layer could potentially impersonate you to the agent. A prompt injection through a web page it’s browsing, a malicious message in a group chat, or a crafted email could theoretically redirect it toward unintended actions. Proper sandboxing and permission boundaries mitigate this, but they require genuine technical discipline

Clawdbot requires elevated system permissions to do what it does. It needs to read and write files, execute shell commands, access your terminal, connect to services on your behalf. Running an always-on agent with access to your credentials, your messaging platforms, and your file system creates security surface area that’s worth understanding.

Every conversation you have with it, every preference you state, every decision you make gets stored in a markdown file that evolves over time. Future requests pull relevant context from that history automatically. You don’t have to remind it of things.

Clawdbot is built for async, long-running, continuous tasks that exist across your entire digital life. It’s the tool that monitors your inbox at midnight, processes information while you sleep, and sends you a briefing in the morning. It’s designed to be always on, always learning your preferences, always available through the messaging apps where you already live

It maintains persistent memory across conversations, so it remembers your preferences, past decisions, and ongoing projects. It can monitor scheduled tasks, send you proactive notifications, and continuously work on long-running tasks even when you’re not actively messaging it.

Clawdbot connects to dozens of services by default: Gmail, Google Calendar, Todoist, GitHub, Spotify, even smart home devices. When it needs capabilities it doesn’t have built in, it can request them, and with proper guidance from you, it can expand those capabilities itself.

More knowledge on d.AP’s website.

Why This Matters: From Probabilistic Guesses to Deterministic AnswersGrounding your AI in a Knowledge Graph delivers three non-negotiable enterprise advantages:1. Accuracy: Answers are derived from an explicit model of your business, not from statistical correlations in text. You eliminate both factual and relational hallucinations.2. Explainability: Every answer comes with a query that shows exactly how it was derived, which entities were connected and which rules were applied. This turns the AI from a black box into a transparent tool.3. Architectural Stability: The semantic layer, the ontology, remains stable even as the underlying systems change. When you migrate your CRM, you simply update the mapping to the ontology. Your AI, analytics, and dashboards continue to work without interruption. This is agility where it counts.

2. A Schema-RAG system using a Knowledge Graph operates differently:The AI first consults the ontology to understand the question’s components.It finds that Support Ticket is a class linked via a property referencesProduct to the Product class.It discovers that the Product class has a property called productType, and that ‘Connected Service’ is a specific instance of that type.Armed with this understanding of the relationships, it constructs a precise, formal query (SPARQL) to retrieve only the tickets that conform to this logic.

Consider a critical business question: “Show me all open support tickets for our ‘Connected’ services.”

1. A Formal Ontology: This is the rulebook. Built using standards like RDF, OWL, and SHACL, the ontology is an intentional, explicit contract of meaning. It defines the classes of things that matter (Customer, Contract, Product), their properties (hasName, hasValue), and the relationships between them (coversProduct, assignedTo). This is where you declare, unambiguously, that a Debitor in SAP is, in fact, the same as a Client in Salesforce.

This grounds a probabilistic LLM in a deterministic model of your business, transforming a clever chatbot into a reliable reasoning engine for mission-critical decisions.

The winning architecture uses Schema-RAG: retrieving meaning from a formal ontology before any data query is formed. This approach grounds the AI in verifiable business logic, ensuring accuracy and full explainability

Knowledge Graphs provide the semantic context, constraints and explicit relationships that LLMs lack. This enables true reasoning, like navigating a map of your business, instead of just text retrieval.

Standard Retrieval-Augmented Generation (RAG) over documents is a good first step, but it fails when faced with complex, cross-domain enterprise questions. It finds text that looks similar, which isn’t the same as finding facts that are related.

Julius Hollmann

Actieagenda Digitale Autonomie

Volgens de Strategische verkenning Digitale autonomie en de Rijksoverheid

Definities Volgens de Van Dale is soevereiniteit een synoniem van autonomie en zelfbestuur, maar de opstellers van een nieuw rapport zien dat toch anders. In hun optiek verwijst digitale autonomie naar het vermogen van de Rijksoverheid om onafhankelijk en zelfvoorzienend te opereren in het digitale domein. Een digitaal autonome overheid heeft controle over haar eigen digitale infrastructuren, systemen en gegevens zonder buitensporige afhankelijkheid van externe partijen, met name buitenlandse entiteiten. Digitale soevereiniteit gaat volgens de opstellers van het rapport nog een stap verder. Het verwijst naar de volledige onafhankelijkheid en de afdwingbare jurisdictie van de Rijksoverheid over haar digitale domein, zonder de mogelijkheid voor buitenlandse entiteiten om controle of invloed uit te oefenen.

Your assistant. Your machine. Your rules. Unlike SaaS assistants where your data lives on someone else’s servers, OpenClaw runs where you choose—laptop, homelab, or VPS. Your infrastructure. Your keys. Your data.

OpenClaw is an open agent platform that runs on your machine and works from the chat apps you already use

WhatsApp, Telegram, Discord, Slack, Teams

Two months ago, I hacked together a weekend project. What started as “WhatsApp Relay” now has over 100,000 GitHub stars and drew 2 million visitors in a single week.

He talks about the intended audience for his work, whom he is speaking to. “My work addresses black [American] people, everybody else gets to listen in.” How having a limited imagined audience for your work is not an exclusionary act. How it is something that breathes life into the work, injects meaning and passion into a creative expression, impossible to achieve if that work would have been imagined for everyone. After which that life, meaning and passion can be appreciated as well by anyone outside those that are originally being addressed.

He talks about the spectrum between good and bad, hence the title of the interview ‘not all good, not all bad’. That us typically wanting to pigeonhole someone or something as either good or bad, before finding out an aspect about it that doesn’t fit, should not lead to then fully switching to labeling it the opposite. You have to get comfortable with the discomfort of juggling different and opposite notions about someone or something at the same time.

met de overheid en andere marktpartijen

Digitale soevereiniteit gaat over controle op drie niveaus: geografisch, juridisch en operationeel. Als data en kritische bedrijfsprocessen in datacentra binnen Nederland of Europa staan, dan ben je geografisch en juridisch in control, omdat deze datacenters vallen onder Nederlandse en Europese jurisdictie. Dat is echter niet voldoende, want voor digitale soevereiniteit is ook operationele controle nodig.

Niet altijd zal de nieuwe software dezelfde functionaliteit hebben die men gewend was. Minder functionaliteit tegen hogere kosten kan een gevolg zijn van de keuze voor autonomie.

geografisch in control? Mag ik zelf beslissen waar mijn systemen en data staan?

juridisch in control? Wat is het risico dat ik mijn data verplicht moet overdragen aan een derde, niet-Europese partij?

operationeel in control? Wat is het risico dat de aanbieder de voorziening afsluit; heb ik een mogelijkheid tot een exit met behoud van mijn data?

Het lijkt in het huidige debat alsof de hele overheid voor haar digitalisering moet overgaan naar autonome of soevereine toepassingen, en wel meteen. Dat is echter niet haalbaar en ook niet nodig. Het begint met het maken van heldere keuzes voor welke data en systemen digitale autonomie en soevereiniteit nodig zijn, en voor welke niet. Zodat vervolgens in een realistisch tempo en haalbare stappen de overgang ingezet kan worden.

Daarom is voor digitale soevereiniteit ook operationele controle nodig. Dat realiseer je door waarborgen in te bouwen, die je in staat stellen om de controle te houden. Dit wordt bepaald door de keuze en een specifieke implementatie van de componenten waaruit de cloud is opgebouwd. Software van niet-Europese partijen kan binnen die veilige kaders nog steeds gebruikt worden. Nog beter is het om toepassingen te gebruiken van Nederlandse of Europese aanbieders. Ook dan zijn waarborgen nodig, zoals afspraken over verkoop aan ongewenste partijen.

Digitale autonomie gaat over het zelfstandig keuzes kunnen maken in het digitale domein. Het gaat over het behouden van beslissingsbevoegdheid, zonder volledige onafhankelijkheid. Digitale soevereiniteit gaat een stap verder. Het betekent volledige controle en zeggenschap over data, digitale infrastructuur en technologieën.

The choice is ours. We simply need to choose whom we admire. Whom we want to recognize as successful. Whom we aspire to be when we grow up. We need to sing the praises of our true heroes: those who contribute to our commons.

Supporting Forgejo with work on dependency features would help too. The goal would be feature parity with GitHub and GitLab so self-hosted forges work with the same security tooling.

Procurement requirements could include open supply chain tooling. If an agency requires SBOMs, they could also require that generation doesn’t depend on proprietary services. If they require vulnerability scanning, the scanner could consume open advisory databases. Germany’s ZenDiS and openCode.de initiatives are relevant here. Connecting them with existing open solutions would be more efficient than starting fresh.

The strategy is to unbundle the parts of a package manager and standardize them individually. Registry APIs, dependency graphs, vulnerability feeds, update notifications. Each piece can be commodified without replacing entire systems. Eat the elephant one bite at a time.

Treat dependency intelligence as infrastructure worth funding directly. The Sovereign Tech Fund model applies: direct funding to open source projects that serve as foundations. Ecosyste.ms, VulnerableCode, OSV, PURL implementations, CycloneDX/SPDX tooling, Forgejo’s dependency features all fit this category.

What governments and funders could do

The gap between these columns is where standardization would reduce switching costs. Not building a European deps.dev, but defining a common dependency graph API. Not building a European Dependabot, but standardizing how dependency updates get proposed. A protocol for package management could let different implementations compete on the same interfaces. GitHub and GitLab bundle dependency features into their platforms: dependency graphs, vulnerability alerts, automated updates. A self-hosted Forgejo or Gitea instance doesn’t have equivalent tooling. But if those features were built on open standards and open data sources, switching forges wouldn’t mean losing supply chain visibility. The dependency intelligence could come from any provider that implements the same interfaces, rather than being locked to the forge vendor. Some gaps need new standards rather than adoption of existing ones. There’s no good specification for package version history across registries. Codemeta describes a package at a point in time, not its release history. PkgFed proposes using ActivityPub to federate release announcements, similar to how ForgeFed handles forge events.

Most standards work in this space focuses on compliance artifacts: SBOMs for the Cyber Resilience Act, attestations for procurement requirements. Less attention goes to the underlying tools developers actually use. The dependency graph that feeds the SBOM generator, the metadata lookup that powers vulnerability scanning, the notification when a new version ships.

Other areas don’t, which keeps switching costs high. Dependency graph APIs vary by platform, vulnerability scanning integration is proprietary per forge, Dependabot and Renovate each have their own config format, and package metadata APIs differ across registries.

some areas have formal specifications. PURL provides a standardized way to reference packages across ecosystems. OSV and OpenVEX let advisory data flow between systems. CycloneDX and SPDX handle SBOMs. SLSA, in-toto, and TUF cover provenance. OCI standardizes container images.

Eaves’s commodification argument depends on standards to reduce switching costs. In the package management landscape, some de facto standards have emerged. Git is nearly universal for source hosting. Semver is the dominant versioning scheme, even if ecosystems interpret it differently. Lockfile formats vary by ecosystem, but they’ve become standards in practice: every dependency scanning company builds the same set of parsers to extract dependency information from all of them. Syft, bibliothecary, gemnasium, osv-scalibr, and others all parse the same formats. I made a dataset covering manifest and lockfile examples across ecosystems, and a similar collection of OpenAPI schemas for registry APIs. These are what made git-pkgs come together quickly.

Dries Buytaert extended this to procurement: governments buy from system integrators who package and resell open source, but that money doesn’t reach the maintainers who build it. If procurement scoring rewarded upstream contributions, money would flow differently. Open source is “the only software you can run without permission” and therefore useful for sovereignty, but it needs funding to work.

Ploum made a related point: Europe doesn’t need a European Google. The European contribution to software has been infrastructure that serves as collective commons: the web, Linux, Git, VLC, OpenStreetMap.

The security and metadata tooling built on top of these registries tends to be US-based regardless of where the registry itself is hosted. A European company running Forgejo for code hosting still typically uses US services for dependency updates, vulnerability scanning, license compliance, and SBOM generation. Self-hosting the forge doesn’t change the intelligence layer.

The package registries follow a similar pattern, with a few European exceptions: Registry Owner Country npm Microsoft US PyPI Python Software Foundation US RubyGems Ruby Central US Maven Central Sonatype US NuGet Microsoft US Crates.io Rust Foundation US Go module proxy Google US Docker Hub Docker Inc US Conda/Anaconda Anaconda Inc US CocoaPods CocoaPods US Pub.dev Google US CPAN Perl Foundation US Homebrew Homebrew US Hex.pm Six Colors AB Sweden Packagist Private Packagist Netherlands CRAN R Foundation Austria Clojars Clojars Germany

The dependency intelligence layer built on top of these forges

Most git forges are US-based: Forge Owner Country GitHub Microsoft US GitLab GitLab Inc US Gitea Gitea Ltd US HuggingFace Hugging Face Inc US

The same logic applies to the software supply chain, though that layer gets less attention in sovereignty discussions than cloud and storage.

Europe shouldn’t try to build its own AWS. Instead, governments should use procurement power to enforce interoperability standards.

If governments required that kind of compatibility as a condition for contracts, smaller providers could compete. Sovereignty through standards rather than state-owned infrastructure.

S3 API became a de facto standard

I’m Andrew Nesbitt. I’ve spent the last decade thinking about package management.

Mais en novembre, le groupe français a répondu à un nouvel appel d’offres, cette fois pour identifier et localiser des étrangers. Cela s'appelle du skip-tracing, et une urgence pour l'ICE. Capgemini rafle la plus grosse part du marché, avec jusqu'à 365 millions de dollars à la clé. C'est écrit noir sur blanc : plus la société française localisera de migrants, plus elle pourra empocher d'argent. Les bonus financiers, en effet, sont basés sur le taux de réussite dans la vérification des adresses des étrangers.

Le champion français des services informatiques compte 350 000 collaborateurs dans le monde, et une filiale américaine installée près de Washington. Celle-ci travaille avec plusieurs agences gouvernementales : ministère de la Santé, des Anciens Combattants et, depuis plus de quinze ans, le département de la Sécurité intérieure. Des contrats que nous avons consultés sur les bases de données publiques. Pour l'ICE, Capgemini gère par exemple un standard téléphonique réservé aux victimes de crimes commis par des étrangers. Une création de Donald Trump.

If proven, these failures would constitute infringements of Articles 34(1) and (2), 35(1) and 42(2) of the DSA.

he Commission has extended its ongoing formal proceedings opened against X in December 2023 to  establish whether X has properly assessed and mitigated all systemic risks, as defined in the DSA, associated with its recommender systems, including the impact of its recently announced switch to a Grok-based recommender system.

The new investigation will assess whether the company properly assessed and mitigated risks associated with the deployment of Grok's functionalities into X in the EU. This includes risks related to the dissemination of illegal content in the EU, such as manipulated sexually explicit images, including content that may amount to child sexual abuse material.