I'm working on a few projects at the moment that have me struggling to ensure we're considering the full slate of baseline infrastructure capabilities.

Juan Benet has proposed a set of 8 Digital Human Rights. They cover a lot of important ground. You can get the full download in this video, starting ~7:00.

I felt like they could use a bit of editing for clarity. As I was editing, I also realized there might be a missing 9th human right regarding "safety". Thus, I have arrived for now at the conclusion that all digital infrastructure must be open, secure, personal, independent, trustworthy, selective, resilient, portable and safe.

Would love your feedback.

I can share my thoughts, ideas, and work without needing permission — and without fear of censorship or erasure.

Technical Corollaries:

• Content-addressable storage (e.g. IPFS)

• Censorship-resistant publishing (e.g. peer replication, no single point of takedown, permissionless blockchains)

• Signature-based authorship (e.g. Ed25519)

I can share, organize, and express myself without being tracked, recorded, or overheard.

Technical Corollaries:

• End-to-end encryption (e.g. Noise Protocol, Double Ratchet)

• Metadata minimization (e.g. oblivious routing, mixnets)

• Ephemeral communication with no server storage

My files, messages, and memories belong to me. I decide who can see them — and I can take that access away at any time.

Technical Corollaries:

• Local-first storage models (e.g. WNFS)

• Capability-based access control (e.g. UCANs, ZCAP-LD)

• Revocable, time-scoped, and minimal grants of access

• Timestamped proof of custody or ownership (e.g. NFT metadata as a pointer to user-controlled data)

I use systems that link people and devices without needing companies, platforms, or governments in the middle.

Technical Corollaries:

• Peer-to-peer networking (e.g. libp2p, WebRTC)

• Overlay networks (e.g. WireGuard, Headscale)

• Decentralized rendezvous and discovery (e.g. DHT, mDNS)

• Public key infrastructure without central certificate authorities

I don’t have to guess or assume. Every action leaves a trail I can check for myself.

Technical Corollaries:

• Signed logs / event sourcing (e.g. Merkle DAGs, transparency logs)

• Verifiable credentials & attestations (e.g. DID + VC standards)

• Reproducible builds and cryptographic audit trails

• Append-only public ledgers

My information is private by default. Others only see what I choose to show — and only as much as they need.

Technical Corollaries:

• Granular access delegation (e.g. CACAOs, UCANs)

• Principle of least privilege enforced at the data layer

• Encrypted blockstores with access via proxies or keys

• Zero-knowledge proofs for selective disclosure

  • E.g. “I’m over 21” without revealing my birthday

  • E.g. “I earn over $50K” without revealing my salary

My systems keep working — even offline, under pressure, or outside the mainstream. They don’t break when someone says so.

Technical Corollaries:

• Offline-first architecture with sync (e.g. CRDTs, IPFS)

• Open protocols and standards (e.g. no vendor lock-in)

• Redundant infrastructure, mesh routing, error tolerance

My identity moves with me. It’s under my control, not tied to any platform — and I decide who can use it.

Technical Corollaries:

• Decentralized identifiers (DIDs)

• Mnemonic-seeded cryptographic identity (e.g. BIP39 → keypair)

• Non-custodial identity wallets / portable agent keyrings

I choose how others can reach me, interact with me, and affect my experience. My tools help me set limits, avoid harm, and stay in control.

Technical Corollaries:

• Consent-based interaction models (e.g. request-to-contact, scoped delegation)

• Local filtering and blocklists

• Agent behavior transparency and override mechanisms

• Rate-limiting, abuse detection, and feedback tooling built in