platoose

Terms such as “climate neutral” or “climate positive” that rely on offsetting will be banned from the EU by 2026 as part of a crackdown on misleading environmental claims.

On Wednesday, members of the European parliament [MEPs] voted to outlaw the use of terms such as “environmentally friendly”, “natural”, “biodegradable”, “climate neutral” or “eco” without evidence, while introducing a total ban on using carbon offsetting schemes to substantiate the claims.

Under the new directive, only sustainability labels using approved certification schemes will be allowed by the bloc. It comes amid widespread concern about the environmental impact of carbon offsetting schemes, which have often been used to justify labelling products “carbon neutral”, or imply that consumers can fly, buy new clothes or eat certain foods without making the climate crisis worse.

“This new legislation puts an end to misleading advertising for supposedly environmentally friendly products and thus enables consumers to make sustainable choices,” said Anna Cavazzini, the Green MEP and chair of the Committee of the Internal Market and Consumer Protection.

“I am particularly pleased that claims such as “climate-neutral” or “climate-positive”, which are based on CO2 offsetting, have been completely banned from the internal market. Investments by companies in climate protection projects are welcome and of course they can still be communicated,” she said. “However, it should no longer appear that planting trees in the rainforest makes the industrial production of a car, the organisation of a soccer World Cup or the production of cosmetics climate neutral. This deception is now a thing of the past. This is a great success for the environment, the climate and consumers.”

The directive comes after months of negotiations over how environmental claims will be regulated in the EU, with a deal reached in September that was approved by law makers on Wednesday. Member states now have two years to introduce the new rules. Drop carbon offsetting-based environmental claims, companies urged Read more

In January, the Guardian published a joint investigation into forest carbon offsets approved by the world’s leading certifier that big corporations used for their sustainability commitments, finding more than 90% of offsets from a large sample of projects to be worthless.

Environmental NGOs have raised concerns about claims based on offsets, including the 2022 World Cup in Qatar which was advertised as a “carbon neutral” event.

“This agreement is a big step towards more honest commercial practices and more informed European consumers. The European Union is taking leadership in combating greenwashing,” said Lindsay Otis, a policy expert on global carbon markets at CMW. “Carbon neutrality claims have been shown to be unintelligible to consumers, and they must stop. Today marks the end of outlandish and baseless advertisements that tell European consumers that they can take carbon-neutral flights, wear carbon-neutral clothes, and eat carbon-neutral food.”

DEF CON Infosec super-band the Cult of the Dead Cow has released Veilid (pronounced vay-lid), an open source project applications can use to connect up clients and transfer information in a peer-to-peer decentralized manner.

The idea being here that apps – mobile, desktop, web, and headless – can find and talk to each other across the internet privately and securely without having to go through centralized and often corporate-owned systems. Veilid provides code for app developers to drop into their software so that their clients can join and communicate in a peer-to-peer community.

In a DEF CON presentation today, Katelyn "medus4" Bowden and Christien "DilDog" Rioux ran through the technical details of the project, which has apparently taken three years to develop.

The system, written primarily in Rust with some Dart and Python, takes aspects of the Tor anonymizing service and the peer-to-peer InterPlanetary File System (IPFS). If an app on one device connects to an app on another via Veilid, it shouldn't be possible for either client to know the other's IP address or location from that connectivity, which is good for privacy, for instance. The app makers can't get that info, either.

Veilid's design is documented here, and its source code is here, available under the Mozilla Public License Version 2.0.

"IPFS was not designed with privacy in mind," Rioux told the DEF CON crowd. "Tor was, but it wasn't built with performance in mind. And when the NSA runs 100 [Tor] exit nodes, it can fail."

Unlike Tor, Veilid doesn't run exit nodes. Each node in the Veilid network is equal, and if the NSA wanted to snoop on Veilid users like it does on Tor users, the Feds would have to monitor the entire network, which hopefully won't be feasible, even for the No Such Agency. Rioux described it as "like Tor and IPFS had sex and produced this thing."

"The possibilities here are endless," added Bowden. "All apps are equal, we're only as strong as the weakest node and every node is equal. We hope everyone will build on it."

Each copy of an app using the core Veilid library acts as a network node, it can communicate with other nodes, and uses a 256-bit public key as an ID number. There are no special nodes, and there's no single point of failure. The project supports Linux, macOS, Windows, Android, iOS, and web apps.

Veilid can talk over UDP and TCP, and connections are authenticated, timestamped, strongly end-to-end encrypted, and digitally signed to prevent eavesdropping, tampering, and impersonation. The cryptography involved has been dubbed VLD0, and uses established algorithms since the project didn't want to risk introducing weaknesses from "rolling its own," Rioux said.

This means XChaCha20-Poly1305 for encryption, Elliptic curve25519 for public-private-key authentication and signing, x25519 for DH key exchange, BLAKE3 for cryptographic hashing, and Argon2 for password hash generation. These could be switched out for stronger mechanisms if necessary in future.

Files written to local storage by Veilid are fully encrypted, and encrypted table store APIs are available for developers. Keys for encrypting device data can be password protected.

"The system means there's no IP address, no tracking, no data collection, and no tracking – that's the biggest way that people are monetizing your internet use," Bowden said.

"Billionaires are trying to monetize those connections, and a lot of people are falling for that. We have to make sure this is available," Bowden continued. The hope is that applications will include Veilid and use it to communicate, so that users can benefit from the network without knowing all the above technical stuff: it should just work for them.

To demonstrate the capabilities of the system, the team built a Veilid-based secure instant-messaging app along the lines of Signal called VeilidChat, using the Flutter framework. Many more apps are needed.

If it takes off in a big way, Veilid could put a big hole in the surveillance capitalism economy. It's been tried before with mixed or poor results, though the Cult has a reputation for getting stuff done right. ®