39C3: My Major Topics of the Chaos Communication Congress
The CCC’s Chaos Communication Congress of is an event I’m always looking forward to. It’s the annual conference of the German and international sub culture around computers and the culture surrounding it. I’ve attended all four days and want to share my key takeaways as well as what I observed to be the major topics of 2025
Digital sovereignty
The global political balance is shifting. Not just in the United States, populist movements are gaining traction. Relying on big tech vendors and trusting them with our data and using their infrastructure for critical communication has become a liability.
On the congress there were multiple talks but also self organized sessions around what options we have, and how to move away from IT services under direct control of other parties. Using selfhosted open source alternatives run on hardware run and controlled by someone you trust is the proposed solution.
The community proclaimed the Digital Independence Day, a distributed event where people get help with moving their digital infrastructure towards self hosted alternatives. The talk Die Känguru-Rebellion: Digital Independence Day introduced the idea and gave a motivation on why it is important.
In addition to that vendors are selling devices that come with operating systems in their control and it is getting harder to write and distribute programs for them that are not approved by them. This has been discussed in the talk A post-American, enshittification-resistant internet.
European citizens are customers and give a lot of power to the vendors and operators of critical digital infrastructure. It is on us to minimize risks of being held to ransom.
Gen- and Agentic AI
The rise of Artificial Intelligence powered features in software has also been addressed by a couple of talks and sessions. In AI Agent, AI Spy the people behind the signal messenger talked about a new feature within the windows operating system currently in beta testing. Windows recall is a function that is taking a screenshot of the whole desktop every couple of seconds. These screenshots are then run through a text detection LLM run locally to extract information from the text displayed on the screen and store them in a local file for later usage by copilot.
According to security researchers this is extremely dangerous because it is creating a honeypot of very sensible data that also includes information that has been end to end encrypted because that encryption is terminated on the end device.
Features like that put users at extreme risk. In addition to that such features could be used to find out extreme sensitive information for example about employees.
Another talk went though the possible ways to attack software engineers using coding agent tools by doing prompt injection attacks: Agentic ProbLLMs: Exploiting AI Computer-Use and Coding Agents.
Because todays Large Language Models (LLMs) do not have a separation of input data into context and commands, these issues will not be fixed but only mitigations will make it harder to exploit these design flaws. Currently, they cannot be prevented completely.
Hardware Security
Over the years security researchers have demonstrated various attacks on the hardware of computer systems like the CPU or the RAM. This years congress demonstrated that even though vendors invested in mitigations various of these attacks were proven to be exploitable in real world scenarios. The talk Rowhammer in the Wild: Large-Scale Insights from FlippyR.AM evaluated a field study were various people ran tests on their system. These studies showed that a lot of systems can be targeted by rowhammer attacks. Also Spectre in the real world: Leaking your private data from the cloud with CPU vulnerabilities showed that it was possible to extract information from other customers CPU processes on a public cloud provider. In addition to that the talk Bluetooth Headphone Jacking: A Key to Your Phone showed that insecure bluetooth devices that can act as an input device can be used to attack a computer paired to them.
Rise of far right politics
The last topic that I want to point out is the rise of far right political actors in a lot of western democracies. I especially liked the talk Gegenmacht - Best of Informationsfreiheit which pointed out the importance of the Informationsfreiheitsgesetz, Germanys Freedom of Information Act, which allows civil society actors to use the courts to have information made publicly available by the government. This is effective to control a government and fight corruption.
Call to action
The chaos communication congress is a very important event with talks of outstanding quality. They point out techological and social hotspots. It is on us to have a look, discuss and address them. The event shows that technology always has a social impact on all of us. As people working with software it is our responsibility to keep that in mind when working on software and digital infrastructure. All of the talks from 39C3 are being published on the media.ccc.de portal. I encourage you to take a peek into the recordings.
