MPowerUp — Tool Evaluation Tracker¶
Tracks tools under research. Status lifecycle: new → tried → evaluated → adopted / rejected. Trust axes: Private / Autonomous / Secure (yes / partial / no). Architecture axes: Zone (Arch) = by-design network zone, Zone (Ops) = how it behaves in practice today (1 = P2P, 2 = client–relay, 3 = federated, 4 = centralized / walled garden; a tool may span zones). Operator = who runs the infrastructure (self / third-party / mixed). Policy = strength/shape of policy- vs cryptographically-enforced privacy (freeform). Protocols = underlying protocol(s). Score is 0–10 (your overall fit rating). Deployment substrate (cloud vs self-host) is a separate axis from these topology zones — see the companion cloud-providers.md sovereignty matrix.
| Tool | Category | Protocols | Zone (Arch) | Zone (Ops) | Operator | Status | Private | Autonomous | Secure | Policy | Score | Notes | Updated |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Apache AGE | Graph (Postgres ext) | new | partial | partial | yes | Adds graph queries to PostgreSQL; best if already on Postgres. | 2026-06-13 | ||||||
| Apache Jena / Fuseki | RDF triplestore | new | partial | partial | yes | RDF triples + SPARQL; formal vocabularies (schema.org/FOAF). Likely overkill unless interoperability is a goal. | 2026-06-13 | ||||||
| ArangoDB | Multi-model DB | new | partial | partial | yes | Graph + document + key-value; good if resources are messy documents. Apache-2.0 / BSL depending on version. | 2026-06-13 | ||||||
| Berty | P2P BLE mesh | evaluated | partial | yes | partial | 5.5 | Best non-Tor offline BLE mesh + permissive (Apache/MIT). Wesh crypto self-declared not-hardened; study the transport pattern, not the crypto. | 2026-06-13 | |||||
| Blazegraph | RDF triplestore | rejected | partial | partial | yes | RDF + SPARQL, reasoning-capable, BUT effectively unmaintained since ~2020 (team moved to Amazon Neptune). Avoid for new work. | 2026-06-13 | ||||||
| Bluesky | Federated social (atproto) | AT Protocol (atproto) | 3 | 4 | mixed | new | no | partial | no | weak in practice; portability + credible-exit by DESIGN (DID), not by policy promise | Federated by design: atproto splits roles Mastodon bundles - Personal Data Servers (identity/repo), Relays (crawl whole network into one firehose), App Views (index/present); anyone can run any piece. DID identity gives credible-exit + provider portability, stronger than Mastodon where identity is tied to the home instance. BUT in practice nearly everyone runs on Bluesky-the-company PDS/relay/app today, so it behaves like z4 (X-like). Relay crawls the entire network (heavy to run), concentrating power. Separate, ActivityPub-incompatible universe from the fediverse. Decentralization-capable but currently centralized. | 2026-06-15 | |
| Briar | P2P messaging | Bramble (over Tor / BLE / WiFi) | 1 | 1 | none | tried | yes | yes | yes | 8.5 | Only true offline tier: BLE/WiFi mesh + sneakernet + Mailbox. Cure53-audited. GPLv3; feed-style groups; battery. Strongest offline candidate / interim referral. | 2026-06-15 | |
| Conversations (XMPP) | Federated messaging | evaluated | no | partial | partial | 4.5 | Best budget-Android federated client; OMEMO 1:1 mature, group E2E experimental. Server-bound. | 2026-06-13 | |||||
| Cwtch | Tor group messaging | evaluated | yes | yes | yes | 7.0 | Best group-metadata model (untrusted discardable group servers); permissive libcwtch (embeddable). Tor-only no offline; heaviest battery; funding-fragile. | 2026-06-13 | |||||
| Delta Chat | Email-based messaging | evaluated | partial | partial | yes | 6.5 | No-new-infrastructure exemplar; E2E default incl groups; Autocrypt v2 adds FS/PQ; near-zero header metadata. Needs a mailbox; no local mesh. | 2026-06-13 | |||||
| did:key | Identity | adopted | yes | yes | yes | 8.5 | Current identity (Ed25519). Keep; add Verifiable Credentials (SD-JWT-VC) in Phase 4. | 2026-06-13 | |||||
| DuckDuckGo | Centralized search | HTTPS | 4 | 4 | third-party | tried | partial | no | yes | policy-based no-log promise; receives your IP; no cryptographic guarantee | 4.0 | Policy-based privacy; centralized; receives your IP. | 2026-06-15 |
| Social (walled garden) | closed / proprietary | 4 | 4 | third-party (Meta) | rejected | no | no | yes | surveillance-advertising model; social graph locked in | 1.0 | Maximal walled garden; closed protocol; social graph locked in. The negative baseline the MPowerUp thesis reacts against - tracked as a contrast anchor, not a candidate. | 2026-06-15 | |
| GoToSocial | Federated social (minimal) | ActivityPub | 3 | 3 | self | evaluated | partial | partial | yes | 5.0 | Single-binary self-host on Pi-class (Second Boot refurb-server reference); no E2E messaging. | 2026-06-15 | |
| Iroh | P2P transport (QUIC) | evaluated | partial | yes | yes | 7.5 | Best libp2p alternative; Rust core + official Android/iOS FFI. Highest-value transport spike; verify RN binding maturity. | 2026-06-13 | |||||
| Jami | P2P comms | OpenDHT, SIP/TLS | 1 | 1 | none | evaluated | partial | yes | yes | 6.0 | Active/mature but IP exposed to peers via DHT + battery-heavy. NOT adopted (corrects prior framing); hybrid verdict adopts no single app. | 2026-06-15 | |
| Jitsi | Video conferencing | WebRTC (SFU: Jitsi Videobridge) | 1 (1:1) / 4 (multi-party) | 1 / 3 (self-hosted bridge) / 4 (meet.jit.si) | mixed | rejected | partial | no | yes | architecture-determined, not policy-based | 4.0 | Spans zones by call type AND hosting: 1:1 is true browser-to-browser P2P (z1); multi-party routes through the Jitsi Videobridge SFU. On meet.jit.si the bridge is third-party (z4); self-hosting the bridge shifts trust to you (behaves like z3). Not E2E in multi-party by default - the bridge must route streams. Dropped from MPowerUp precisely because it does not sit in one zone. | 2026-06-15 |
| Kuzu | Embedded graph DB | embedded (no network) | 1 | 1 | none (embedded, data axis) | new | yes | yes | partial | 7.0 | MIT, embedded, no server; runs inside app. | 2026-06-15 | |
| libsignal | Encryption protocol | rejected | yes | yes | yes | 4.0 | Gold-standard 1:1 but AGPL + group-shape mismatch. Borrow ideas (Double Ratchet, PQXDH), not the code. | 2026-06-13 | |||||
| Logseq | Knowledge graph (local) | local Markdown files | 1 | 1 | none (local, data axis) | new | yes | yes | partial | 8.0 | Open-source, local Markdown; fits data-sovereignty. | 2026-06-15 | |
| Mastodon / ActivityPub | Federated social | ActivityPub | 3 | 3 | mixed | rejected | partial | partial | no | 3.0 | No E2E DMs in the family; public-social only. Wrong tool for private messaging; possible future open/Z3 broadcast layer. | 2026-06-15 | |
| Matrix / Element | Federated messaging | rejected | no | partial | yes | 4.0 | Server mandatory (fails offline/no-server). But mine matrix-sdk-crypto (network-free Olm/Megolm) as a reusable component. | 2026-06-13 | |||||
| Memgraph | Graph DB (server) | new | partial | partial | yes | Neo4j-compatible (Cypher), in-memory/fast, real-time. Source-available license — check against open-source-only standard. | 2026-06-13 | ||||||
| Meshtastic | Off-grid LoRa mesh | new | yes | yes | yes | 7.0 | Off-grid bearer over LoRa; BLE bridge from RN. Needs per-user LoRa hardware (Second Boot build). Pilot for off-grid. | 2026-06-13 | |||||
| Neo4j Community | Graph DB (server) | new | partial | partial | yes | 6.0 | Self-host; GPLv3 Community edition; great visualization. | 2026-06-13 | |||||
| Nostr / Damus | Client-relay social | Nostr | 2 | 2 | third-party (relays; self-hostable) | evaluated | partial | partial | partial | 5.0 | No PFS; persistent pubkey + public timestamps leak DM metadata. Value is embeddability (nostr-tools MIT) for a future public layer, not privacy. | 2026-06-15 | |
| Obsidian | Knowledge graph (local) | new | yes | partial | partial | Graph view, plain Markdown, on-device. NOT open source (free for personal use) — counts against the open-source-only standard. (The BNI vault itself is an Obsidian vault.) | 2026-06-13 | ||||||
| OnionShare | Anonymous file-share | evaluated | yes | yes | yes | 6.0 | Ephemeral anonymous file/secret-drop primitive over Tor; not a persistent messenger. | 2026-06-13 | |||||
| OpenMLS (MLS) | Group encryption protocol | evaluated | partial | yes | yes | 7.5 | RFC 9420; forward secrecy + post-compromise security over the shared-key model. Permissive. Gate = decentralized delivery + FFI. | 2026-06-13 | |||||
| PeerTube | Federated video publishing | ActivityPub (+ WebTorrent P2P delivery) | 3 | 3 | self / mixed | new | partial | partial | yes | per-instance operator trust; public content (no E2E role) | 6.0 | ActivityPub video (YouTube analog) with WebTorrent P2P delivery to offload bandwidth; federated/self-hostable. Relevant to MPowerUp only if scope grows to video publishing - out of current comms scope. Public-by-nature; no private-messaging role. | 2026-06-15 |
| Proton | Centralized E2EE suite | OpenPGP, WireGuard | 4 | 4 | third-party | new | partial | no | yes | zero-access E2EE on content (cryptographic guarantee); policy-only on metadata | Zero-access E2EE: servers cannot read content even though centralized - a structural guarantee, not a no-log promise (vs DuckDuckGo). Stays z4 because: single operator + account lock-out; sees metadata (recipients, timing, subject for non-Proton mail, IP unless using their VPN/Tor); full E2EE only Proton-to-Proton (drops to standard transport to Gmail etc.); Swiss legal compulsion can target metadata. Proof z4 is not monolithic - content confidentiality and metadata exposure are separate axes. | 2026-06-15 | |
| Quiet | Tor + libp2p team chat | evaluated | yes | yes | partial | 5.0 | Closest prior-art to MPowerUp (libp2p + CRDT over Tor). Self-described not audited; heavy stack. | 2026-06-13 | |||||
| Scuttlebutt (SSB) | P2P social | SSB gossip | 1 | 1 | none | rejected | no | yes | partial | 3.5 | Permanent un-deletable logs + open social graph unsafe for vulnerable users; Manyverse winding down. | 2026-06-15 | |
| Session | Onion messaging | evaluated | partial | partial | partial | 4.5 | Best UX/battery but NO forward secrecy today + 2026 Oxen consensus-takeover paper (eprint 2026/773) + token dependency. Do not use as trust anchor. | 2026-06-13 | |||||
| Signal | Encrypted messaging | Signal Protocol (Double Ratchet, X3DH/PQXDH) | 4 | 4 | third-party | new | partial | no | yes | content E2E by crypto; minimal metadata + sealed sender by POLICY; centralized operator | 7.0 | Best-in-class E2E content (Double Ratchet + post-quantum PQXDH). But centralized single operator (Signal servers mandatory) and phone-number identity links real-world ID; sealed sender + minimal retention reduce metadata by policy, not architecture. Complements libsignal already in tracker (borrow ideas, AGPL) - the app itself is z4. | 2026-06-15 |
| SimpleX Chat | Secure messaging (no-identifier) | evaluated | yes | partial | yes | 8.0 | No persistent identifiers; best metadata resistance; small-group model fits Circles. AGPLv3 + Haskell hard to embed in RN; no local mesh; battery. Design exemplar / interim referral. | 2026-06-13 | |||||
| Threads | Social (fediverse edge) | ActivityPub (partial, Meta-operated) | 3 (partial ActivityPub) / 4 (Meta core) | 4 | third-party (Meta) | new | no | partial | yes | Meta data-driven; embrace-extend concern over ActivityPub | 3.0 | Meta-owned; federates outbound via partial ActivityPub but the core is a walled garden. Straddles federated to walled-garden - classic embrace-extend concern (absorb fediverse reach, then wall it). Contrast/watch point, not a candidate. | 2026-06-15 |
| Tor / Arti | Anonymity network / transport | evaluated | yes | partial | yes | 7.5 | Add network-identity (IP) axis via Arti client crate (MIT/Apache). Mission-aligned; battery cost on mobile; do not host onion services from Arti yet. | 2026-06-13 | |||||
| Tox | P2P messaging | rejected | partial | yes | no | 2.5 | Unaudited/alpha crypto + IP exposed to contacts. Reject for vulnerable users. | 2026-06-13 | |||||
| Veilid | Privacy P2P framework | new | yes | yes | yes | 4.5 | Strong privacy philosophy but demo-grade + Flutter-first (no RN binding). Watch. | 2026-06-13 | |||||
| WebRTC | Transport | adopted | partial | partial | yes | 7.0 | Current baseline transport (DTLS). Keep; benchmark Iroh against it. Needs TURN/relay for symmetric NAT. | 2026-06-13 | |||||
| X / Twitter | Social (walled garden) | closed / proprietary | 4 | 4 | third-party | rejected | no | no | yes | single-company silo; no federation | 2.0 | Single-company silo; no federation; the centralized baseline the decentralization thesis reacts against. Contrast anchor, not a candidate. | 2026-06-15 |
| Yjs | CRDT sync engine | adopted | yes | yes | partial | 8.0 | Current stack; RN-proven per-Circle docs. Keep. Read Cinapse anti-CRDT counter-evidence before doubling down. | 2026-06-13 |