We're pleased to announce that we're bringing WEBCAT to the second annual Transparency.dev Summit later this month in Gothenburg, Sweden.

The conference connects designers and implementers of various types of transparency systems, from boot transparency to key transparency and everything in between.

WEBCAT author Giulio B. will be presenting his talk, “A decentralized integrity and transparency model for web applications,” and will also be hosting a breakout session afterwards.

A quick refresher: WEBCAT is our open source, privacy-first code integrity project for web applications that use browser-based cryptography. It gives users a way to trust that they’re running signed, authentic code when they visit an enrolled web application — and code that fails those checks, such as maliciously inserted JavaScript, is blocked before it has a chance to execute, no user action required.

Here’s where the transparency comes in: WEBCAT makes use of Sigsum to log all signing events, meaning that all the information that helps users know that a web application is serving authentic code is guaranteed to be in a transparency log. Anyone (developers, administrators, the public) can monitor these tamper-evident logs, and this process means that malicious updates can’t sneak in undetected, even if a developer’s signing keys are compromised.

Transparency logging services have been in use behind the scenes in internet infrastructure for years, such as by Certificate Authorities managing the issuance of TLS certificates, and by software and package distributions. We’re excited to see renewed efforts, talks, and community interest in this approach, and we think it can benefit not just decentralized, self-hostable web platforms like SecureDrop, CryptPad, Jitsi, or GlobaLeaks, but other applications too.

The Transparency.dev conference runs from October 20-22, 2025, and online. Hope to see you there!