#public-key cryptography | Explore Tumblr Posts and Blogs

amalgamasreal · 2 years

Text

So I don't know how people on this app feel about the shit-house that is TikTok but in the US right now the ban they're trying to implement on it is a complete red herring and it needs to be stopped.

They are quite literally trying to implement Patriot Act 2.0 with the RESTRICT Act and using TikTok and China to scare the American public into buying into it wholesale when this shit will change the face of the internet. Here are some excerpts from what the bill would cover on the Infrastructure side:

SEC. 5. Considerations.

(a) Priority information and communications technology areas.—In carrying out sections 3 and 4, the Secretary shall prioritize evaluation of— (1) information and communications technology products or services used by a party to a covered transaction in a sector designated as critical infrastructure in Policy Directive 21 (February 12, 2013; relating to critical infrastructure security and resilience);

(2) software, hardware, or any other product or service integral to telecommunications products and services, including— (A) wireless local area networks;

(B) mobile networks;

(D) satellite operations and control;

(E) cable access points;

(F) wireline access points;

(G) core networking systems;

(H) long-, short-, and back-haul networks; or

(I) edge computer platforms;

(3) any software, hardware, or any other product or service integral to data hosting or computing service that uses, processes, or retains, or is expected to use, process, or retain, sensitive personal data with respect to greater than 1,000,000 persons in the United States at any point during the year period preceding the date on which the covered transaction is referred to the Secretary for review or the Secretary initiates review of the covered transaction, including— (A) internet hosting services;

(B) cloud-based or distributed computing and data storage;

(C) machine learning, predictive analytics, and data science products and services, including those involving the provision of services to assist a party utilize, manage, or maintain open-source software;

(D) managed services; and

(E) content delivery services;

(4) internet- or network-enabled sensors, webcams, end-point surveillance or monitoring devices, modems and home networking devices if greater than 1,000,000 units have been sold to persons in the United States at any point during the year period preceding the date on which the covered transaction is referred to the Secretary for review or the Secretary initiates review of the covered transaction;

(5) unmanned vehicles, including drones and other aerials systems, autonomous or semi-autonomous vehicles, or any other product or service integral to the provision, maintenance, or management of such products or services;

(6) software designed or used primarily for connecting with and communicating via the internet that is in use by greater than 1,000,000 persons in the United States at any point during the year period preceding the date on which the covered transaction is referred to the Secretary for review or the Secretary initiates review of the covered transaction, including— (A) desktop applications;

(B) mobile applications;

(D) payment applications; or

(E) web-based applications; or

(7) information and communications technology products and services integral to— (A) artificial intelligence and machine learning;

(B) quantum key distribution;

(D) quantum computing;

(E) post-quantum cryptography;

(F) autonomous systems;

(G) advanced robotics;

(H) biotechnology;

(I) synthetic biology;

(J) computational biology; and

(K) e-commerce technology and services, including any electronic techniques for accomplishing business transactions, online retail, internet-enabled logistics, internet-enabled payment technology, and online marketplaces.

(b) Considerations relating to undue and unacceptable risks.—In determining whether a covered transaction poses an undue or unacceptable risk under section 3(a) or 4(a), the Secretary— (1) shall, as the Secretary determines appropriate and in consultation with appropriate agency heads, consider, where available— (A) any removal or exclusion order issued by the Secretary of Homeland Security, the Secretary of Defense, or the Director of National Intelligence pursuant to recommendations of the Federal Acquisition Security Council pursuant to section 1323 of title 41, United States Code;

(B) any order or license revocation issued by the Federal Communications Commission with respect to a transacting party, or any consent decree imposed by the Federal Trade Commission with respect to a transacting party;

(C) any relevant provision of the Defense Federal Acquisition Regulation and the Federal Acquisition Regulation, and the respective supplements to those regulations;

(D) any actual or potential threats to the execution of a national critical function identified by the Director of the Cybersecurity and Infrastructure Security Agency;

(E) the nature, degree, and likelihood of consequence to the public and private sectors of the United States that would occur if vulnerabilities of the information and communications technologies services supply chain were to be exploited; and

(F) any other source of information that the Secretary determines appropriate; and

(2) may consider, where available, any relevant threat assessment or report prepared by the Director of National Intelligence completed or conducted at the request of the Secretary.

Look at that, does that look like it just covers the one app? NO! This would cover EVERYTHING that so much as LOOKS at the internet from the point this bill goes live.

It gets worse though, you wanna see what the penalties are?

(b) Civil penalties.—The Secretary may impose the following civil penalties on a person for each violation by that person of this Act or any regulation, order, direction, mitigation measure, prohibition, or other authorization issued under this Act: (1) A fine of not more than $250,000 or an amount that is twice the value of the transaction that is the basis of the violation with respect to which the penalty is imposed, whichever is greater. (2) Revocation of any mitigation measure or authorization issued under this Act to the person. (c) Criminal penalties.— (1) IN GENERAL.—A person who willfully commits, willfully attempts to commit, or willfully conspires to commit, or aids or abets in the commission of an unlawful act described in subsection (a) shall, upon conviction, be fined not more than $1,000,000, or if a natural person, may be imprisoned for not more than 20 years, or both. (2) CIVIL FORFEITURE.— (A) FORFEITURE.— (i) IN GENERAL.—Any property, real or personal, tangible or intangible, used or intended to be used, in any manner, to commit or facilitate a violation or attempted violation described in paragraph (1) shall be subject to forfeiture to the United States. (ii) PROCEEDS.—Any property, real or personal, tangible or intangible, constituting or traceable to the gross proceeds taken, obtained, or retained, in connection with or as a result of a violation or attempted violation described in paragraph (1) shall be subject to forfeiture to the United States. (B) PROCEDURE.—Seizures and forfeitures under this subsection shall be governed by the provisions of chapter 46 of title 18, United States Code, relating to civil forfeitures, except that such duties as are imposed on the Secretary of Treasury under the customs laws described in section 981(d) of title 18, United States Code, shall be performed by such officers, agents, and other persons as may be designated for that purpose by the Secretary of Homeland Security or the Attorney General. (3) CRIMINAL FORFEITURE.— (A) FORFEITURE.—Any person who is convicted under paragraph (1) shall, in addition to any other penalty, forfeit to the United States— (i) any property, real or personal, tangible or intangible, used or intended to be used, in any manner, to commit or facilitate the violation or attempted violation of paragraph (1); and (ii) any property, real or personal, tangible or intangible, constituting or traceable to the gross proceeds taken, obtained, or retained, in connection with or as a result of the violation. (B) PROCEDURE.—The criminal forfeiture of property under this paragraph, including any seizure and disposition of the property, and any related judicial proceeding, shall be governed by the provisions of section 413 of the Controlled Substances Act (21 U.S.C. 853), except subsections (a) and (d) of that section.

You read that right, you could be fined up to A MILLION FUCKING DOLLARS for knowingly violating the restrict act, so all those people telling you to "just use a VPN" to keep using TikTok? Guess what? That falls under the criminal guidelines of this bill and they're giving you some horrible fucking advice.

Also, VPN's as a whole, if this bill passes, will take a goddamn nose dive in this country because they are another thing that will be covered in this bill.

They chose the perfect name for it, RESTRICT, because that's what it's going to do to our freedoms in this so called "land of the free".

Please, if you are a United States citizen of voting age reach out to your legislature and tell them you do not want this to pass and you will vote against them in the next primary if it does. This is a make or break moment for you if you're younger. Do not allow your generation to suffer a second Patriot Act like those of us that unfortunately allowed for the first one to happen.

And if you support this, I can only assume you're delusional or a paid shill, either way I hope you rot in whatever hell you believe in.

#politics #restrict bill #tiktok #tiktok ban #s.686 #us politics #tiktok senate hearing #land of the free i guess #patriot act #patriot act 2.0

896 notes · View notes

mostlysignssomeportents · 3 months

Text

How to design a tech regulation

TONIGHT (June 20) I'm live onstage in LOS ANGELES for a recording of the GO FACT YOURSELF podcast. TOMORROW (June 21) I'm doing an ONLINE READING for the LOCUS AWARDS at 16hPT. On SATURDAY (June 22) I'll be in OAKLAND, CA for a panel (13hPT) and a keynote (18hPT) at the LOCUS AWARDS.

It's not your imagination: tech really is underregulated. There are plenty of avoidable harms that tech visits upon the world, and while some of these harms are mere negligence, others are self-serving, creating shareholder value and widespread public destruction.

Making good tech policy is hard, but not because "tech moves too fast for regulation to keep up with," nor because "lawmakers are clueless about tech." There are plenty of fast-moving areas that lawmakers manage to stay abreast of (think of the rapid, global adoption of masking and social distancing rules in mid-2020). Likewise we generally manage to make good policy in areas that require highly specific technical knowledge (that's why it's noteworthy and awful when, say, people sicken from badly treated tapwater, even though water safety, toxicology and microbiology are highly technical areas outside the background of most elected officials).

That doesn't mean that technical rigor is irrelevant to making good policy. Well-run "expert agencies" include skilled practitioners on their payrolls – think here of large technical staff at the FTC, or the UK Competition and Markets Authority's best-in-the-world Digital Markets Unit:

https://pluralistic.net/2022/12/13/kitbashed/#app-store-tax

The job of government experts isn't just to research the correct answers. Even more important is experts' role in evaluating conflicting claims from interested parties. When administrative agencies make new rules, they have to collect public comments and counter-comments. The best agencies also hold hearings, and the very best go on "listening tours" where they invite the broad public to weigh in (the FTC has done an awful lot of these during Lina Khan's tenure, to its benefit, and it shows):

https://www.ftc.gov/news-events/events/2022/04/ftc-justice-department-listening-forum-firsthand-effects-mergers-acquisitions-health-care

But when an industry dwindles to a handful of companies, the resulting cartel finds it easy to converge on a single talking point and to maintain strict message discipline. This means that the evidentiary record is starved for disconfirming evidence that would give the agencies contrasting perspectives and context for making good policy.

Tech industry shills have a favorite tactic: whenever there's any proposal that would erode the industry's profits, self-serving experts shout that the rule is technically impossible and deride the proposer as "clueless."

This tactic works so well because the proposers sometimes are clueless. Take Europe's on-again/off-again "chat control" proposal to mandate spyware on every digital device that will screen everything you upload for child sex abuse material (CSAM, better known as "child pornography"). This proposal is profoundly dangerous, as it will weaken end-to-end encryption, the key to all secure and private digital communication:

https://www.theguardian.com/technology/article/2024/jun/18/encryption-is-deeply-threatening-to-power-meredith-whittaker-of-messaging-app-signal

It's also an impossible-to-administer mess that incorrectly assumes that killing working encryption in the two mobile app stores run by the mobile duopoly will actually prevent bad actors from accessing private tools:

https://memex.craphound.com/2018/09/04/oh-for-fucks-sake-not-this-fucking-bullshit-again-cryptography-edition/

When technologists correctly point out the lack of rigor and catastrophic spillover effects from this kind of crackpot proposal, lawmakers stick their fingers in their ears and shout "NERD HARDER!"

https://memex.craphound.com/2018/01/12/nerd-harder-fbi-director-reiterates-faith-based-belief-in-working-crypto-that-he-can-break/

But this is only half the story. The other half is what happens when tech industry shills want to kill good policy proposals, which is the exact same thing that advocates say about bad ones. When lawmakers demand that tech companies respect our privacy rights – for example, by splitting social media or search off from commercial surveillance, the same people shout that this, too, is technologically impossible.

That's a lie, though. Facebook started out as the anti-surveillance alternative to Myspace. We know it's possible to operate Facebook without surveillance, because Facebook used to operate without surveillance:

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3247362

Likewise, Brin and Page's original Pagerank paper, which described Google's architecture, insisted that search was incompatible with surveillance advertising, and Google established itself as a non-spying search tool:

http://infolab.stanford.edu/pub/papers/google.pdf

Even weirder is what happens when there's a proposal to limit a tech company's power to invoke the government's powers to shut down competitors. Take Ethan Zuckerman's lawsuit to strip Facebook of the legal power to sue people who automate their browsers to uncheck the millions of boxes that Facebook requires you to click by hand in order to unfollow everyone:

https://pluralistic.net/2024/05/02/kaiju-v-kaiju/#cda-230-c-2-b

Facebook's apologists have lost their minds over this, insisting that no one can possibly understand the potential harms of taking away Facebook's legal right to decide how your browser works. They take the position that only Facebook can understand when it's safe and proportional to use Facebook in ways the company didn't explicitly design for, and that they should be able to ask the government to fine or even imprison people who fail to defer to Facebook's decisions about how its users configure their computers.

This is an incredibly convenient position, since it arrogates to Facebook the right to order the rest of us to use our computers in the ways that are most beneficial to its shareholders. But Facebook's apologists insist that they are not motivated by parochial concerns over the value of their stock portfolios; rather, they have objective, technical concerns, that no one except them is qualified to understand or comment on.

There's a great name for this: "scalesplaining." As in "well, actually the platforms are doing an amazing job, but you can't possibly understand that because you don't work for them." It's weird enough when scalesplaining is used to condemn sensible regulation of the platforms; it's even weirder when it's weaponized to defend a system of regulatory protection for the platforms against would-be competitors.

Just as there are no atheists in foxholes, there are no libertarians in government-protected monopolies. Somehow, scalesplaining can be used to condemn governments as incapable of making any tech regulations and to insist that regulations that protect tech monopolies are just perfect and shouldn't ever be weakened. Truly, it's impossible to get someone to understand something when the value of their employee stock options depends on them not understanding it.

None of this is to say that every tech regulation is a good one. Governments often propose bad tech regulations (like chat control), or ones that are technologically impossible (like Article 17 of the EU's 2019 Digital Single Markets Directive, which requires tech companies to detect and block copyright infringements in their users' uploads).

But the fact that scalesplainers use the same argument to criticize both good and bad regulations makes the waters very muddy indeed. Policymakers are rightfully suspicious when they hear "that's not technically possible" because they hear that both for technically impossible proposals and for proposals that scalesplainers just don't like.

After decades of regulations aimed at making platforms behave better, we're finally moving into a new era, where we just make the platforms less important. That is, rather than simply ordering Facebook to block harassment and other bad conduct by its users, laws like the EU's Digital Markets Act will order Facebook and other VLOPs (Very Large Online Platforms, my favorite EU-ism ever) to operate gateways so that users can move to rival services and still communicate with the people who stay behind.

Think of this like number portability, but for digital platforms. Just as you can switch phone companies and keep your number and hear from all the people you spoke to on your old plan, the DMA will make it possible for you to change online services but still exchange messages and data with all the people you're already in touch with.

I love this idea, because it finally grapples with the question we should have been asking all along: why do people stay on platforms where they face harassment and bullying? The answer is simple: because the people – customers, family members, communities – we connect with on the platform are so important to us that we'll tolerate almost anything to avoid losing contact with them:

https://locusmag.com/2023/01/commentary-cory-doctorow-social-quitting/

Platforms deliberately rig the game so that we take each other hostage, locking each other into their badly moderated cesspits by using the love we have for one another as a weapon against us. Interoperability – making platforms connect to each other – shatters those locks and frees the hostages:

https://www.eff.org/deeplinks/2021/08/facebooks-secret-war-switching-costs

But there's another reason to love interoperability (making moderation less important) over rules that require platforms to stamp out bad behavior (making moderation better). Interop rules are much easier to administer than content moderation rules, and when it comes to regulation, administratability is everything.

The DMA isn't the EU's only new rule. They've also passed the Digital Services Act, which is a decidedly mixed bag. Among its provisions are a suite of rules requiring companies to monitor their users for harmful behavior and to intervene to block it. Whether or not you think platforms should do this, there's a much more important question: how can we enforce this rule?

Enforcing a rule requiring platforms to prevent harassment is very "fact intensive." First, we have to agree on a definition of "harassment." Then we have to figure out whether something one user did to another satisfies that definition. Finally, we have to determine whether the platform took reasonable steps to detect and prevent the harassment.

Each step of this is a huge lift, especially that last one, since to a first approximation, everyone who understands a given VLOP's server infrastructure is a partisan, scalesplaining engineer on the VLOP's payroll. By the time we find out whether the company broke the rule, years will have gone by, and millions more users will be in line to get justice for themselves.

So allowing users to leave is a much more practical step than making it so that they've got no reason to want to leave. Figuring out whether a platform will continue to forward your messages to and from the people you left there is a much simpler technical matter than agreeing on what harassment is, whether something is harassment by that definition, and whether the company was negligent in permitting harassment.

But as much as I like the DMA's interop rule, I think it is badly incomplete. Given that the tech industry is so concentrated, it's going to be very hard for us to define standard interop interfaces that don't end up advantaging the tech companies. Standards bodies are extremely easy for big industry players to capture:

https://pluralistic.net/2023/04/30/weak-institutions/

If tech giants refuse to offer access to their gateways to certain rivals because they seem "suspicious," it will be hard to tell whether the companies are just engaged in self-serving smears against a credible rival, or legitimately trying to protect their users from a predator trying to plug into their infrastructure. These fact-intensive questions are the enemy of speedy, responsive, effective policy administration.

But there's more than one way to attain interoperability. Interop doesn't have to come from mandates, interfaces designed and overseen by government agencies. There's a whole other form of interop that's far nimbler than mandates: adversarial interoperability:

https://www.eff.org/deeplinks/2019/10/adversarial-interoperability

"Adversarial interoperability" is a catch-all term for all the guerrilla warfare tactics deployed in service to unilaterally changing a technology: reverse engineering, bots, scraping and so on. These tactics have a long and honorable history, but they have been slowly choked out of existence with a thicket of IP rights, like the IP rights that allow Facebook to shut down browser automation tools, which Ethan Zuckerman is suing to nullify:

https://locusmag.com/2020/09/cory-doctorow-ip/

Adversarial interop is very flexible. No matter what technological moves a company makes to interfere with interop, there's always a countermove the guerrilla fighter can make – tweak the scraper, decompile the new binary, change the bot's behavior. That's why tech companies use IP rights and courts, not firewall rules, to block adversarial interoperators.

At the same time, adversarial interop is unreliable. The solution that works today can break tomorrow if the company changes its back-end, and it will stay broken until the adversarial interoperator can respond.

But when companies are faced with the prospect of extended asymmetrical war against adversarial interop in the technological trenches, they often surrender. If companies can't sue adversarial interoperators out of existence, they often sue for peace instead. That's because high-tech guerrilla warfare presents unquantifiable risks and resource demands, and, as the scalesplainers never tire of telling us, this can create real operational problems for tech giants.

In other words, if Facebook can't shut down Ethan Zuckerman's browser automation tool in the courts, and if they're sincerely worried that a browser automation tool will uncheck its user interface buttons so quickly that it crashes the server, all it has to do is offer an official "unsubscribe all" button and no one will use Zuckerman's browser automation tool.

We don't have to choose between adversarial interop and interop mandates. The two are better together than they are apart. If companies building and operating DMA-compliant, mandatory gateways know that a failure to make them useful to rivals seeking to help users escape their authority is getting mired in endless hand-to-hand combat with trench-fighting adversarial interoperators, they'll have good reason to cooperate.

And if lawmakers charged with administering the DMA notice that companies are engaging in adversarial interop rather than using the official, reliable gateway they're overseeing, that's a good indicator that the official gateways aren't suitable.

It would be very on-brand for the EU to create the DMA and tell tech companies how they must operate, and for the USA to simply withdraw the state's protection from the Big Tech companies and let smaller companies try their luck at hacking new features into the big companies' servers without the government getting involved.

Indeed, we're seeing some of that today. Oregon just passed the first ever Right to Repair law banning "parts pairing" – basically a way of using IP law to make it illegal to reverse-engineer a device so you can fix it.

https://www.opb.org/article/2024/03/28/oregon-governor-kotek-signs-strong-tech-right-to-repair-bill/

Taken together, the two approaches – mandates and reverse engineering – are stronger than either on their own. Mandates are sturdy and reliable, but slow-moving. Adversarial interop is flexible and nimble, but unreliable. Put 'em together and you get a two-part epoxy, strong and flexible.

Governments can regulate well, with well-funded expert agencies and smart, adminstratable remedies. It's for that reason that the administrative state is under such sustained attack from the GOP and right-wing Dems. The illegitimate Supreme Court is on the verge of gutting expert agencies' power:

https://www.hklaw.com/en/insights/publications/2024/05/us-supreme-court-may-soon-discard-or-modify-chevron-deference

It's never been more important to craft regulations that go beyond mere good intentions and take account of adminsitratability. The easier we can make our rules to enforce, the less our beleaguered agencies will need to do to protect us from corporate predators.

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2024/06/20/scalesplaining/#administratability

Image: Noah Wulf (modified) https://commons.m.wikimedia.org/wiki/File:Thunderbirds_at_Attention_Next_to_Thunderbird_1_-_Aviation_Nation_2019.jpg

CC BY-SA 4.0 https://creativecommons.org/licenses/by-sa/4.0/deed.en

#pluralistic #cda #ethan zuckerman #platforms #platform decay #enshittification #eu #dma #right to repair #transatlantic #administrability #regulation #big tech #scalesplaining #equilibria #interoperability #adversarial interoperability #comcom

99 notes · View notes

yearningwitherrors · 6 months

Text

So, I am away from computer for four days for a really cool event and I come back and in the mean time they maybe found a polynomial quantum attack against Learning With Errors, a lattice problem? (https://eprint.iacr.org/2024/555) If this paper is correct then this is some serious breaking news shit, because lattices are like the main candidate for quantum-secure public key cryptography. (there are others but they are much less practical and for other types there have also been attacks) I mean, this paper seems to attack just a particular setting, is very impractical and does not work for schemes that are actually proposed, but an existing impractical attack often signals the way for more practical attacks. So, if it is not a false alarm, this is pretty big. It could signal the attackability of lattice schemes and undermine the trust in them. And it takes a long time to move to a new standard. Oh well. I guess we have to wait for experts to check the paper for mistakes before we can say anything.

#cryptography #lattices #postquantum

75 notes · View notes

andmaybegayer · 1 year

Text

annoyingly the most influential thing in my head from Murderbot is the Feed. The Feed is so appealing as a concept. A universally comprehensible and widely accessible mesh-based standard for mixed machine and human communication with a reliable subscription service, that has a ton of things publishing constantly by default but with a robust (assuming no rogue antisocial biological hypercomputers) cryptographic system for secret data. The Feed very clearly can scale up to an entire space station network or down to one person and their accoutrements forming a personal area network.

Some kind of hierarchical MQTT implemented on a mesh network with public key cryptography could get you so close if you just standardized ways to get the MQTT schema of any given endpoint. After that it's all dashboarding. Publish as much or as little information as you want and allow any given device to access that data and respond to it.

Some of this is probably leftovers from $PREVJOB. When I was doing industrial automation our entire fleet of devices lived on a strict schema under one MQTT server that I had complete read/write for so by doing clever subscriptions I could sample anything from a temperature reading from a single appliance in the back of the restaurant I was standing in to accumulating the overall power draw of every single business we were working with all at once.

On more than one occasion something silently broke and I drove up near the back of a facility in my car where I knew the IoT gateway was, connected to our local IoT network over wifi, fixed the issue, and left without telling anyone.

Unfortunately if the Feed existed people like me would make extremely annoying endpoints. To be fair canonically the Feed is absolute dogshit unless you have an Adblock. So really it would be exactly the same as in the books.

#the murderbot diaries

149 notes · View notes

utopicwork · 3 months

Text

Interesting work

7 notes · View notes

unpluggedfinancial · 4 months

Text

The Philosophy Behind Bitcoin

Introduction

In the world of finance, few innovations have sparked as much intrigue and debate as Bitcoin. But beyond its role as a digital currency, Bitcoin embodies a profound philosophy that challenges traditional financial systems and proposes a new paradigm for economic freedom. Understanding the philosophy behind Bitcoin is essential to grasp its potential impact on our world.

The Origins of Bitcoin

In 2008, amid the global financial crisis, a mysterious figure known as Satoshi Nakamoto published the Bitcoin whitepaper. This document outlined a revolutionary idea: a decentralized digital currency that operates without the need for a central authority. The financial turmoil of the time, characterized by bank failures and government bailouts, underscored the need for a system that could function independently of traditional financial institutions.

Core Philosophical Principles

Decentralization-Decentralization lies at the heart of Bitcoin’s philosophy. Unlike traditional financial systems that rely on centralized authorities such as banks and governments, Bitcoin operates on a decentralized network of computers (nodes). Each node maintains a copy of the blockchain, Bitcoin's public ledger, ensuring that no single entity has control over the entire network. This decentralization is crucial for maintaining the integrity and security of the system, as it prevents any one party from manipulating the currency or its underlying data.

Trustlessness-Bitcoin's trustless nature is another fundamental principle. In traditional financial systems, trust is placed in intermediaries like banks and payment processors to facilitate transactions. Bitcoin eliminates the need for these intermediaries by using blockchain technology, where transactions are verified by network nodes through cryptography. This system ensures that transactions are secure and reliable without requiring trust in any third party.

Transparency-The transparency of Bitcoin’s blockchain is a key philosophical aspect. Every transaction that has ever occurred on the Bitcoin network is recorded on the blockchain, which is publicly accessible. This transparency allows anyone to verify transactions and ensures accountability. However, while the ledger is public, the identities of the individuals involved in transactions remain pseudonymous, balancing transparency with privacy.

Immutability-Immutability is the concept that once a transaction is recorded on the blockchain, it cannot be altered or deleted. This is achieved through cryptographic hashing and the decentralized nature of the network. Immutability ensures the integrity of the blockchain, making it a reliable and tamper-proof record of transactions. This principle is crucial for maintaining trust in the system, as it prevents fraudulent activities and data corruption.

Financial Sovereignty-Bitcoin empowers individuals by giving them full control over their own money. In traditional financial systems, access to funds can be restricted by banks or governments. Bitcoin, however, allows users to hold and transfer funds without relying on any central authority. This financial sovereignty is particularly valuable in regions with unstable economies or oppressive governments, where individuals may face restrictions on their financial freedom.

The Ideological Spectrum

Bitcoin’s philosophy is deeply rooted in libertarian values, emphasizing personal freedom and minimal government intervention. It also draws inspiration from the cypherpunk movement, a group of activists advocating for privacy-enhancing technologies to promote social and political change. These ideological influences shape Bitcoin's emphasis on decentralization, privacy, and individual empowerment.

Real-World Applications and Challenges

Bitcoin's philosophy extends beyond theory into practical applications. It is used for various purposes, from everyday transactions to a store of value akin to digital gold. However, this revolutionary system also faces challenges. Regulatory issues, scalability concerns, and environmental impact are some of the hurdles that need addressing to realize Bitcoin’s full potential.

Conclusion

The philosophy behind Bitcoin is a radical departure from traditional financial systems. Its principles of decentralization, trustlessness, transparency, immutability, and financial sovereignty offer a new vision for economic freedom and integrity. As Bitcoin continues to evolve, its underlying philosophy will play a crucial role in shaping its future and potentially transforming the global financial landscape.

Call to Action

Explore more about Bitcoin and consider its implications for your own financial freedom. Engage with the community, stay informed, and think critically about the role Bitcoin can play in our economic future. Let’s continue the journey of understanding and embracing the Bitcoin revolution together.

6 notes · View notes

moral-autism · 1 year

Text

Pretty Good Privacy: Software that encrypts and decrypts messages, for transmission over the Internet, using public-key cryptography.

Pretty Good Pronouns: A set of pronouns that can be considered reasonably adequate for speech in most cases.

Pretty Gender Privacy: Modes of fashionable dress that create an androgynous appearance.

Pretty Gender Pronouns: ve/vis/vim. They look neat.

Preferred Good Privacy: Whatever adequate crypto scheme you like.

Preferred Good Pronouns: The high-quality and elegant pronoun scheme you prefer.

Preferred Gender Privacy: What level of openness around gender you want in environments you occupy.

Preferred Gender Pronouns: The set of pronouns that an individual wants others to use in order to reflect that person's gender identity.

40 notes · View notes

pretensesoup · 1 year

Text

Queer fiction, day 2/30

Since I mentioned it yesterday, let's talk about Widdershins, which is book one of the Whyborne and Griffin books. There are eleven in total, but they're in a series such that you kind of have to read in order, so I'm going to talk about them as a group.

I only have these as ebooks right now, so I'm gonna hotlink to goodreads for the cover. Hopefully that works.

Okay, so the plot. Let's start by saying these do have a plot. Set in a very gothic town called Widdershins, in Massachusetts (just down the road from Arkham, it seems). As places go, it's very Night Vale--people keep to themselves and don't make eye contact if they're out after dark; the city's museum was designed by a man who slowly went mad during the work; everyone worships at a church called First Esoteric, which has some rather non-standard ritual practices.

The books are set around 1900. At the outset, we meet Dr. Percival Endicott Whyborne (he goes by Whyborne, which makes sense). He's highly educated, a philologist (someone who studies the history of languages). He speaks something like thirteen languages himself, and is also interested in cryptography, so it makes sense that when a private eye named Griffin Flaherty is referred to the museum with an occult, encyphered book, Whyborne is the person who's asked to help him. Together, they investigate a secret brotherhood and also fall in love.

I love a bunch of things about these books: the side characters are excellent; the sense of place (for a place that doesn't exist!) is extremely strong, and it's a funny, creepy place; the way the main characters get a chance to grow, both personally and in their relationship across all the books (unusual to find a series with so many entries in this genre); the explicit ways that Hawk deals with and subverts the ideas of "other" in Lovecraftian fiction.

Key quote: "Although the public areas of the museum were designed to give the appearance of a neat and orderly progression through history, the rest of the building exemplified chaos. Storerooms burrowed deep into the earth, while various wings sprawled off in every direction. The library was a literal labyrinth, and shortly after I'd first been hired, I'd found myself obliged to cross the flat roof of one of the wings as the most direct route from one department to another. Even though the museum was less than forty years old, there were rumors of lost storerooms and offices, and I did not doubt the possibility."

These books have a lot of sex in them, so be forewarned. When I read the first book, I found the use of euphemism in these a little grating to the inner ear ("my length" and suchlike), but over the course of the books I came to appreciate the voice. Then I read all the books and turned into a tiny eldrich creature myself.

10/10 for them.

#pride #lgbtq fiction #book reviews #thirty days of books #queer books #queer romance #whyborne and griffin

22 notes · View notes

alice12awc · 3 months

Text

Security Analysis of BitPower

Introduction With the rapid development of blockchain technology and cryptocurrency, decentralized finance (DeFi) platforms have attracted increasing attention. As an innovative DeFi platform, BitPower uses blockchain and smart contract technology to provide users with safe and efficient financial services. This article will explore the security of the BitPower platform in detail, covering three key areas: cryptocurrency, blockchain, and smart contracts, and explain its multiple security measures at the technical and operational levels.

Security of cryptocurrency Cryptography Cryptography uses cryptographic principles to ensure the security and privacy of transactions. BitPower supports a variety of mainstream cryptocurrencies, including Bitcoin and Ethereum, which use advanced encryption algorithms such as SHA-256 and Ethash. These algorithms ensure the encryption and verification of transaction data and improve the system's anti-attack capabilities.

Decentralized characteristics The decentralized nature of cryptocurrency makes it independent of any central agency or government, reducing the risk of being controlled or attacked by a single entity. All transaction records are stored on a distributed ledger to ensure data integrity and transparency.

Immutability Once a cryptocurrency transaction record is recorded on the blockchain, it cannot be tampered with or deleted. Any attempt to change transaction records will be detected and rejected by the entire network nodes, thus ensuring the authenticity and reliability of the data.

Security of blockchain Distributed storage Blockchain is a distributed ledger technology whose data is stored on multiple nodes around the world without a single point of failure. This distributed storage method improves the security of data, and the data is still safe and available even if some nodes are attacked or damaged.

Consensus mechanism Blockchain verifies the validity of transactions through consensus mechanisms such as proof of work PoW and proof of stake PoS. These mechanisms ensure that only legitimate transactions can be recorded on the chain, preventing double payments and fraud.

Immutability Once the data on the blockchain is written, it cannot be changed, and any attempt to tamper with the data will be discovered and rejected. This immutability ensures the reliability and integrity of transaction records, providing users with a transparent and trusted trading environment.

Security of smart contracts Automated execution Smart contracts are self-executing contracts running on blockchains, whose terms and conditions are written in code and automatically executed. The automated execution of smart contracts eliminates the risk of human intervention, all operations are transparent and visible, and users can view the execution of contracts at any time.

Transparency and openness BitPower's smart contract code is public, and anyone can review the logic and rules of the contract to ensure its fairness and transparency. The openness of the code increases the credibility of the contract, and users can use it with confidence.

Security Audit In order to ensure the security of smart contracts, BitPower will conduct strict security audits on the contract code. Audits are conducted by third-party security companies to discover and fix potential vulnerabilities and ensure the security and reliability of the contract. This audit mechanism improves the overall security of the platform and prevents hacker attacks and exploitation of code vulnerabilities.

Decentralization BitPower's platform is completely decentralized and has no central control agency. All transactions and operations are automatically executed through smart contracts, eliminating the risk of single point failures and human manipulation. Users do not need to trust any third party, only the code of the smart contract and the security of the blockchain network.

Other security measures of the BitPower platform Multi-signature BitPower uses multi-signature technology to ensure that only authorized users can perform fund operations. Multi-signature requires multiple independent signatories to jointly sign transactions to prevent single accounts from being hacked. This mechanism increases the security of the account and ensures that funds can only be transferred after multiple authorizations.

Cold wallet storage To prevent online wallets from being attacked, BitPower stores most of its users' assets in offline cold wallets. Cold wallets are not connected to the internet, so they are not vulnerable to hacker attacks, which improves the security of funds. Only a small amount of funds are stored in hot wallets for daily transactions and operational needs.

Two-step verification The BitPower platform implements a two-step verification (2FA) mechanism, which requires users to perform two-step verification when performing important operations (such as withdrawals). 2FA requires users to provide two different authentication information, such as passwords and dynamic verification codes, which improves the security of accounts and prevents unauthorized access.

Regular security updates BitPower regularly performs security updates for systems and software to ensure that the platform is always up to date with the latest security status. Security updates include patching known vulnerabilities, improving system performance, and enhancing security protection. Regular updates reduce security risks and prevent the exploitation of known attack vectors.

Conclusion The BitPower platform has built a highly secure DeFi environment through cryptocurrency, blockchain, and smart contract technology. Its decentralized, transparent, and tamper-proof characteristics, coupled with security measures such as multi-signatures, cold wallet storage, and two-step verification, ensure the security of user assets and data. When choosing a DeFi platform, security is a crucial consideration. BitPower has become a trustworthy choice with its excellent security performance.

By continuously improving and strengthening security measures, BitPower is committed to providing users with a safe, reliable and efficient financial service platform. Whether ordinary users or institutional investors, they can invest and trade with confidence on the BitPower platform and enjoy the innovation and convenience brought by blockchain technology.

#btc

2 notes · View notes

hackernewsrobot · 3 months

Text

Asynchronous Consensus Without Trusted Setup or Public-Key Cryptography

https://eprint.iacr.org/2024/677

2 notes · View notes

gratixtechnologies90 · 7 months

Text

What is Blockchain Technology & How Does Blockchain Work?

Introduction

Gratix Technologies has emerged as one of the most revolutionary and transformative innovations of the 21st century. This decentralized and transparent Blockchain Development Company has the potential to revolutionize various industries, from finance to supply chain management and beyond. Understanding the basics of Custom Blockchain Development Company and how it works is essential for grasping the immense opportunities it presents.

What is Blockchain Development Company

Blockchain Development Company is more than just a buzzword thrown around in tech circles. Simply put, blockchain is a ground-breaking technology that makes digital transactions safe and transparent. Well, think of Custom Blockchain Development Company as a digital ledger that records and stores transactional data in a transparent and secure manner. Instead of relying on a single authority, like a bank or government, blockchain uses a decentralized network of computers to validate and verify transactions.

Brief History of Custom Blockchain Development Company

The Custom Blockchain Development Company was founded in the early 1990s, but it didn't become well-known until the emergence of cryptocurrencies like Bitcoin. The notion of a decentralized digital ledger was initially presented by Scott Stornetta and Stuart Haber. Since then, Blockchain Development Company has advanced beyond cryptocurrency and found uses in a range of sectors, including voting systems, supply chain management, healthcare, and banking.

Cryptography and Security

One of the key features of blockchain is its robust security. Custom Blockchain Development Company relies on advanced cryptographic algorithms to secure transactions and protect the integrity of the data stored within it. By using cryptographic hashing, digital signatures, and asymmetric encryption, blockchain ensures that transactions are tamper-proof and verifiable. This level of security makes blockchain ideal for applications that require a high degree of trust and immutability.

The Inner Workings of Blockchain Development Company

Blockchain Development Company data is structured into blocks, each containing a set of transactions. These blocks are linked together in a chronological order, forming a chain of blocks hence the name of Custom Blockchain Development Company. Each block contains a unique identifier, a timestamp, a reference to the previous block, and the transactions it includes. This interconnected structure ensures the immutability of the data since any changes in one block would require altering all subsequent blocks, which is nearly impossible due to the decentralized nature of the network.

Transaction Validation and Verification

When a new transaction is initiated, it is broadcasted to the network and verified by multiple nodes through consensus mechanisms. Once validated, the transaction is added to a new block, which is then appended to the blockchain. This validation and verification process ensures that fraudulent or invalid transactions are rejected, maintaining the integrity and reliability of the blockchain.

Public vs. Private Blockchains

There are actually two main types of blockchain technology: private and public. Public Custom Blockchain Development Company, like Bitcoin and Ethereum, are open to anyone and allow for a decentralized network of participants. On the other hand, private blockchains restrict access to a select group of participants, offering more control and privacy. Both types have their advantages and use cases, and the choice depends on the specific requirements of the application.

Peer-to-Peer Networking

Custom Blockchain Development Company operates on a peer-to-peer network, where each participant has equal authority. This removes the need for intermediaries, such as banks or clearinghouses, thereby reducing costs and increasing the speed of transactions. Peer-to-peer networking also enhances security as there is no single point of failure or vulnerability. Participants in the network collaborate to maintain the Custom Blockchain Development Company security and validate transactions, creating a decentralized ecosystem that fosters trust and resilience.

Blockchain Applications and Use Cases

If you've ever had to deal with the headache of transferring money internationally or verifying your identity for a new bank account, you'll appreciate How Custom Blockchain Development Company can revolutionize the financial industry. Custom Blockchain Development Company provides a decentralized and transparent ledger system that can streamline transactions, reduce costs, and enhance security. From international remittances to smart contracts, the possibilities are endless for making our financial lives a little easier.

Supply Chain Management

Ever wondered where your new pair of sneakers came from? Custom Blockchain Development Company can trace every step of a product's journey, from raw materials to manufacturing to delivery. By recording each transaction on the Custom Blockchain Development Company supply chain management becomes more transparent, efficient, and trustworthy. No more worrying about counterfeit products or unethical sourcing - blockchain has got your back!

Enhanced Security and Trust

In a world where hacking and data breaches seem to happen on a daily basis, Custom Blockchain Development Company offers a beacon of hope. Its cryptographic algorithms and decentralized nature make it incredibly secure and resistant to tampering. Plus, with its transparent and immutable ledger, Custom Blockchain Development Company builds trust by providing a verifiable record of transactions. So you can say goodbye to those sleepless nights worrying about your data being compromised!

Improved Efficiency and Cost Savings

Who doesn't love a little efficiency and cost savings? With blockchain, intermediaries and third-party intermediaries can be eliminated, reducing the time and cost associated with transactions. Whether it's cross-border payments or supply chain management, Custom blockchain Development Company streamlined processes can save businesses a ton of money. And who doesn't want to see those savings reflected in their bottom line?

The Future of Blockchain: Trends and Innovations

As Custom Blockchain Development Company continues to evolve, one of the key trends we're seeing is the focus on interoperability and integration. Different blockchain platforms and networks are working towards the seamless transfer of data and assets, making it easier for businesses and individuals to connect and collaborate. Imagine a world where blockchain networks can communicate with each other like old friends, enabling new possibilities and unlocking even more potential.

Conclusion

Custom Blockchain Development Company has the potential to transform industries, enhance security, and streamline processes. From financial services to supply chain management to healthcare, the applications are vast and exciting. However, challenges such as scalability and regulatory concerns need to be addressed for widespread adoption. With trends like interoperability and integration, as well as the integration of Blockchain Development Company with IoT and government systems, the future looks bright for blockchain technology. So strap on your digital seatbelt and get ready for the blockchain revolution!

#blockchain development company #smart contracts in blockchain #custom blockchain development company #WEB #websites

3 notes · View notes

mariacallous · 1 year

Text

For 20 years, the only way to really communicate privately was to use a widely hated piece of software called Pretty Good Privacy. The software, known as PGP, aimed to make secure communication accessible to the lay user, but it was so poorly designed that even Edward Snowden messed up his first attempt to use PGP to email a friend of Laura Poitras. It also required its users to think like engineers, which included participating in exceptionally nerdy activities like attending real-life “key-signing parties” to verify your identity to other users. Though anyone could technically use PGP, the barrier to entry was so high that only about 50,000 people used it at its peak, meaning that privacy itself was out of reach for most.

These days, to talk to a friend securely, all you have to do is download a free app. For a certain set, that app will be Signal. Snowden and Elon Musk have recommended it; it’s been name-dropped on big-budget shows like House of Cards, Mr. Robot, and Euphoria, and its users include journalists, members of the White House, NBA players, Black Lives Matters activists, and celebrities trying to get their hands on Ozempic. Its founder has been profiled by The New Yorker and appeared on Joe Rogan’s podcast. A tiny organization with virtually no marketing budget has become synonymous with digital privacy in the public imagination.

Technology can be deeply shaped by the personal inclinations of a founder. Facebook’s light-fingeredness with user data is inseparable from its roots in Zuckerberg’s dorm room as an app for ranking women by their looks; Apple’s minimalist design was influenced by Jobs’ time spent practicing Zen Buddhism. Signal is no different. During its formative years, the charismatic face of Signal was Moxie Marlinspike, a dreadlocked anarchist who spent his time sailing around the world, living in punk houses, and serving free food to the unhoused. He led every aspect of Signal’s development for almost a decade, at one point complaining, “I was writing all the Android code, was writing all of the server code, was the only person on call for the service, was facilitating all product development, and was managing everyone. I couldn’t ever leave cell service.”

In the field of cryptography, Marlinspike is considered the driving force behind bringing end-to-end encryption—the technology underlying Signal—to the real world. In 2017, Marlinspike and his collaborator, Trevor Perrin, received the Levchin Prize, a prominent prize for cryptographers, for their work on the Signal Protocol. Afterward, Dan Boneh, the Stanford professor who chaired the award committee, commented that he wasn’t sure that end-to-end encryption would have become widespread without Marlinspike’s work. At the very least, “it would have taken many more decades,” he said.

The motivations that led to end-to-end encryption going mainstream lie far out on the political fringe. The original impetus for Marlinspike’s entry into cryptography, around 2007, was to challenge existing power structures, particularly the injustice of how (as he put it) “Internet insecurity is used by people I don’t like against people I do: the government against the people.” But sticking to anarchism would imply an almost certain defeat. As Marlinspike once noted, the “trail of ideas that disappears into the horizon behind me is completely and utterly mined over with failures … Anarchists are best known for their failures.”

For an idealistic engineer to succeed, he will have to build something that is useful to many. So there has also been an unusually pragmatic bent to Signal’s approach. Indeed, in many interviews, Marlinspike has taken a mainstream stance, insisting that “Signal is just trying to bring normality to the internet.” Signal’s success depends on maintaining its principled anarchist commitments while finding a wide-ranging appeal to the masses, two goals that might seem at odds. Examining how the app navigates this tension can help us understand what might come next in Signal’s new quest to reach “everyone on the planet.”

Released after WhatsApp set the standards for messaging, Signal’s problem has always been how to keep up with its competition—a fine dance between mimicry (so as to seem familiar to new users) and innovation (to poach users from its competitors). Signal started off by copying WhatsApp's user experience, while at the same time pioneering end-to-end encryption, a feature that WhatsApp turned around and copied from Signal. Throughout this evolutionary dance, Signal has managed to maintain an unusual focus on the autonomy of the individual, a wariness of state authority, and an aversion to making money, characteristics that are recognizably anarchist.

Because a small fringe of cypherpunks, Marlinspike included, came to see cryptography as a way to remedy the imbalance of power between the individual and the state, Signal focused on getting end-to-end encryption on messages and calls absolutely right. With Signal, no one can read your messages. Amazon can’t, the US government can’t, Signal can’t. The same is true for voice calls and metadata: A user’s address book and group chat titles are just as safe. Signal knows basically nothing about you, other than your phone number (which is not mapped to your username), the time you created your account, and the time you last used the app. Your data can’t be sold to others or cause ads to follow you around on the internet. Using Signal is just like talking with your friend in the kitchen.

Because Signal is committed to retaining as little metadata as possible, that makes it hard for it to implement new features that are standard to other apps. Signal is essentially footing the cost of this commitment in engineer-hours, since implementing popular features like group chats, address books, and stickers all required doing novel research in cryptography. That Signal built them anyway is a testament to its desire for mass appeal.

Signal also pioneered features that gave individuals more autonomy over their information, such as disappearing messages (which WhatsApp later adopted) and a feature that let users blur faces in a photo (which it rapidly rolled out to support the Black Lives Matter protests). At the same time, Signal has garnered users' trust because its code is open source, so that security researchers can verify that its end-to-end encryption is as strong as the organization claims.

For the ordinary user, though, individual autonomy and privacy may not be as important. On WhatsApp, users accept that it will be very hard to figure out what exactly the app knows about you and who it might be shared with. Users’ information is governed by an ever-shifting labyrinth of grudging caveats and clauses like “we will share your transaction data and IP address with Facebook” and “we can’t see your precise location, but we’ll still try to estimate it as best as we can” and “we will find out if you click on a WhatsApp share button on the web.” WhatsApp is also closed-source, so its code can’t be audited. If using Signal is like talking in a friend’s kitchen, using WhatsApp is like meeting at a very loud bar—your conversation is safe, but you’re exposed, and you’ll have to pay for your place.

If you’re not an anarchist, you may be less worried about a shadowy state and more worried about actual people you know. People in your community might be harassing you in a group chat, an abusive ex might be searching your chats for old photos to leak, or your child might have gotten access to your unlocked phone. WhatsApp’s features better support a threat model that is sensitive to interpersonal social dynamics: You can leave groups silently, block screenshots for view-once messages, and lock specific chats. WhatsApp can even view the text of end-to-end encrypted messages that have been reported by a user for moderation, whereas Signal has no moderation at all.

Idealists have called centralization one of the main ills of the internet because it locks users into walled gardens controlled by authoritarian companies. In a great stroke of pragmatism, Signal chose to be centralized anyway. Other encrypted-messaging apps like Matrix offer a federated model akin to email, in which users across different servers can still communicate through a shared protocol. (Someone on Gmail can still email someone on Yahoo, whereas someone on Facebook Messenger can’t contact someone on Signal.) This federated approach more closely mirrors anarchy; it could theoretically be better, because there would be no single point of failure and no single service provider for a government to pressure. But federated software creates a proliferation of different clients and servers for the same protocol, making it hard to upgrade. Users are already used to centralized apps that behave like Facebook or Twitter, and email has already become centralized into a few main service providers. It turns out that being authoritarian is important for maintaining a consistent user experience and a trusted brand, and for rolling out software updates quickly. Even anarchism has its limits.

What Signal has accomplished so far is impressive. But users famously judge software not on how much it can do, but on how much it can’t. In that spirit, it’s time to complain.

Because of Signal’s small team, limited funding, and the challenges of implementing features under end-to-end encryption, the app bafflingly lacks a number of important features. It doesn’t have encrypted backups for iOS; messages can only be transferred between phones. If you lose your iPhone, you lose all your Signal chat history.

Signal also doesn’t do a good job serving some of its core users. Activists and organizers deal with huge amounts of messages that involve many people and threads, but Signal’s interface lacks ways to organize all this information. These power users’ group chats become so unwieldy that they migrate to Slack, losing the end-to-end encryption that brought them to Signal in the first place. It’s common to try and make multiple group chats between the same people to manage all their threads. When users are hacking “desire paths” into your interface to create a new feature, or leaving because of the lack of the feature, that’s a strong hint that something is missing.

WhatsApp and Telegram, on the other hand, are leading the way on defining how group chats can scale up. WhatsApp “communities” gather different private group chats in one place, better mimicking the organization of a neighborhood or school that may be discussing several things at once. Telegram’s social media “channel” features are better for broadcasting info en masse, though Telegram’s lack of moderation has been blamed for attracting the kind of fringe crowd that has been banned from all other platforms.

It's no exaggeration to say that small features in a chat app encode different visions of how society should be organized. If the first reacji in the palette was a thumbs down rather than a heart, maybe we would all be more negative, cautious people. What kind of social vision did Signal arise from?

“Looking back, I and everyone I knew was looking for that secret world hidden in this one,” Marlinspike admitted in a 2016 interview. A key text in anarchist theory describes the idea of a “temporary autonomous zone,” a place of short-term freedom where people can experiment with new ways to live together outside the confines of current social norms. Originally coined to describe “pirate utopias” that may be apocryphal, the term has since been used to understand the life and afterlife of real-world DIY spaces like communes, raves, seasteads, and protests. And Signal is, unmistakably, a temporary autonomous zone that Marlinspike has spent almost a decade building.

Because temporary autonomous zones create spaces for the radical urges that society represses, they keep life in the daytime more stable. They can sometimes make money in the way that nightclubs and festivals do. But temporary autonomous zones are temporary for a reason. Over and over, zone denizens make the same mistake: They can’t figure out how to interact productively with the wider society. The zone often runs out of money because it exists in a world where people need to pay rent. Success is elusive; when a temporary autonomous zone becomes compelling enough to threaten daytime stability, it may be violently repressed. Or the attractive freedoms offered by the zone may be taken up in a milder form by the wider society, and eventually the zone ceases to exist because its existence has pressured wider society to be a little more like it. What kind of end might Signal come to?

There are reasons to think that Signal may not be around for very long. The nonprofit’s blog, meant to convince us of the elite nature of its engineers, has the unintentional effect of conveying the incredible difficulty of building any new software feature under end-to-end encryption. Its team numbers roughly 40; Marlinspike has just left the organization. Achieving impossible feats may be fun for a stunt hacker with something to prove, but competing with major tech companies’ engineering teams may not be sustainable for a small nonprofit with Marlinspike no longer at the helm.

Fittingly for an organization formerly led by an anarchist, Signal lacks a sustainable business model, to the point where you might almost call it anti-capitalist. It has survived so far in ways that don’t seem replicable, and that may alienate some users. Signal is largely funded by a big loan from a WhatsApp founder, and that loan has already grown to $100 million. It has also accepted funding from the US government through the Open Technology Fund. Because Signal can’t sell its users’ data, it has recently begun developing a business model based on directly providing services to users and encouraging them to donate to Signal in-app. But to get enough donations, the nonprofit must grow from 40 million users to 100 million. The company’s aggressive pursuit of growth, coupled with lack of moderation in the app, has already led Signal employees themselves to publicly question whether growth might come from abusive users, such as far-right groups using Signal to organize.

But there are also reasons for hope. So far, the most effective change that Signal has created is arguably not the existence of the app itself, but making it easy for WhatsApp to bring Signal-style end-to-end encryption to billions of users. Since WhatsApp’s adoption, Facebook Messenger, Google’s Android Messages, and Microsoft’s Skype have all adopted the open source Signal Protocol, though in milder forms, as the history of temporary autonomous zones would have us guess. Perhaps the existence of the Signal Protocol, coupled with demand from increasingly privacy-conscious users, will encourage better-funded messaging apps to compete against each other to be as encrypted as possible. Then Signal would no longer need to exist. (In fact, this resembles Signal’s original theory of change, before they decided they would rather compete with mainstream tech companies.)

Now, as the era of the global watercooler ends, small private group chats are becoming the future of social life on the internet. Signal started out a renegade, a pirate utopia encircled by cryptography, but the mainstream has become—alarmingly quickly—much closer to the vision Signal sought. In one form or another, its utopia just might last.

9 notes · View notes

mostlysignssomeportents · 1 year

Text

Red Team Blues Chapter One, part three

With just days to the publication of my next novel, Red Team Blues, I’m taking the chance to serialize the first chapter of this anti-finance finance thriller, and introduce you to Marty Hench, a 67-year-old forensic accountant who specializes in Silicon Valley finance scams.

If you’d like an essay-formatted version of this post to read or share, here’s a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2023/04/19/whats-wrong-with-iowa/#henched

Marty is ready to retire, but there’s just one more job he has to do — recover a billion dollars’ worth of cryptographic keys that are claimed by money-launderers, narcos, and shady US three letter agencies.

Here’s the previous installments:

Part one:

https://pluralistic.net/2023/04/17/have-you-tried-not-spying/#unsalted-hash

Part two:

https://pluralistic.net/2023/04/18/cursed-are-the-sausagemakers/#henched

Here’s where US readers can pre-order the book:

https://us.macmillan.com/books/9781250865847/red-team-blues

Here’s pre-orders for Canadians:

https://services.raincoast.com/scripts/b2b.wsc/featured?hh_isbn=9781250865847&ht_orig_from=raincoast

And for readers in the UK and the rest of the Commonwealth:

https://uk.bookshop.org/p/books/red-team-blues-cory-doctorow/7225998?ean=9781804547755

And now, here’s today’s serial installment:

I grunted noncommittally. Danny had been around since crypto meant “cryptography,” and I hadn’t figured him to become one of these blockchain hustlers. They’re the kind of smart people who outsmart themselves, especially when it comes to shenanigans, forgetting that their public ledger is public and all their transactions are visible to the whole world forever. Forensic accounting never had a better friend than crypto, with its mix of public ledgers, deluded masters of the universe, and suckers pumping billions into the system. It was full employment for me and my competitors until cryptocurrency’s carbon footprint rendered the earth uninhabitable.

“There are certain technical differences between Trustless and other coins. Will you allow me to explain them to you? I promise it’s germane and I’m not trying to sell you anything.” “Aw, hell, Danny, you can tell me anything. I just get sick of being hustled.”

“Me, too, pal. Okay, if you mentioned distributed sudoku puzzles, you know something about proof of work: the way blockchain maintains the integrity of its ledger is by having everyone in the system repeatedly do compute work that reaffirms all the entries in the ledger. So long as the value of all the assets in the ledger is less than the electricity bill for taking over the majority of the compute work, they’re safe.”

“That means that the more valuable all this blockchain stuff becomes, the more coal they have to burn to keep it all from being stolen,” I said. It was something I’d almost said to the bros at dinner the night before, but I didn’t want an argument to distract from the otherwise lovely time I’d been having with my entirely lovely companion.

“That’s fair,” he said. “That’s what every greenie who hasn’t received a couple of mil in donations from surprised crypto-millionaires will tell you. But, Marty, that’s a problem with proof of work, not with distributed ledgers. If you could build a blockchain that had a negligible carbon budget, you could do a lot with it.”

“Launder money. Badly.”

“That,” he said. “Lot of Chinese entrepreneurs and officials are anxious to beat currency controls. But it’s not just money, it’s anything you want to have universally available, unfalsifiable, and cryptographically secured.”

“Laundered money.”

He made a face. “Cynic. Not laundered money. Genocide-proof ID. Cryptographically secured, write-only manifests of a person’s identifiers, including nationality, vitals, and ethnic group, but each one has its own key, held by the Blue Helmets. You get to a border and you present your biometrics, and the UN tells the border guards your nationality but not your ethnicity.”

“Fanciful.”

“Cynic! Yeah, fine, no one’s doing it yet, but we could. All that blockchain for good shit that the hucksters talked up to make it sound like proof of work wasn’t a crime against humanity. Trust lesscoin lets you do them because it doesn’t need the sudoku.”

I dredged up memories of half-digested podcasts I’d listened to on the road. “Is it a proof-of-stake thing?”

He snorted. “Don’t try to sound smart, Marty, you’ll sprain something. No, it’s secure enclaves. That crypto-sub-processor in your iPhone that Apple uses to keep you from switching to another app store? It can run code. What’s more, it can sign the output. So we can send you a program and check to see whether it ran as intended, because we know that the owner of a phone can’t override the secure enclave. Far as Apple’s concerned, iPhone owners are the enemy, and their threat model treats the device owner as an adversary — as someone who might get apps someplace that doesn’t kick a fifteen to thirty percent vigorish up to Apple for every transaction, depriving its shareholders of their rake.

“Any device with a secure enclave or other trusted computing module is a device that treats its owner as the enemy. That’s a device we need, because when you’re in the Trustlesscoin network, that device will defend me from you, and you from me. I don’t have to trust you, I just have to trust that you can’t break into your own phone, which is to say that I have to trust that Apple’s engineers did their job correctly, and well, you know, they’ve got a pretty good track record, Marty.”

“Except?”

He finished his lemonade and scowled at the reusable straw.

“Yeah, except. Look, Trustlesscoin is on track to become the standard public ledger for the world. I know, I know, every founder talks that ‘make a dent in the universe’ crap, but I mean it. You want to know how serious I am about this? I took in outside capital.”

He let me sit with that a moment. Danny Lazer, the man who ate ramen in a twenty-year-old, bent-axle RV for decades with the love of his life so he’d never have to take a nickel from any of those bloodsuckers on Sand Hill Road, and he took in outside capital. Danny Lazer, a man who’d owned 75 percent of a unicorn, which is to say, seven-point-five-times-ten-to-the-eight U.S. American Greenback Simoleon Dollars, and he took in outside capital.

“Why? And also, what for?”

He laughed. “Watching you work out a problem is like watching a bulldog chew a wasp, brother. You’ve got a hell of a poker face, but when you start overclocking the old CPU, it just melts. I’ll tell you why and what for.

“First of all, I wanted to create something for Sethu. She’s never had the chance to live up to her potential. She’s smart, Marty, smart like Galit was, but she’s also technical, and managerial, and just born to run things. I’ve never met a better candidate for a CEO than she is. And I’m not young, you know that, and there’s going to be a long time after I’m dead when she’ll still be in her prime, and I wanted to make something she could grow into and grow around her.

“I’d been playing with the idea behind Trustless since the early 2000s, when Microsoft released its first Trusted Computing papers, all the way back in the Palladium days! So Sethu and I hung up a whiteboard in the guest room and started spending a couple of hours a day in there. I didn’t want to bring in anyone else at first, first because it seemed like a hobby and not a business, and hell, every cryptographer I know is working seventy-hour weeks as it is.

“Then I didn’t want to bring in anyone else because I got a sense of how big this damned thing is. I mean, there’s about two trillion in assets in the blockchain today, and that’s with all the stupid friction of proof-of-work. When we lift the shackles off of it, whoosh, we’re talking about a ledger that will encompass more assets than the total balance sheets of twenty or thirty of the smallest UN members . . . combined.

“You know me, Marty. I don’t believe in much, but when I do believe in something, I’m all in. All. In. And so I brought some people in.”

“What for, though? Danny, how much of your Keypairs jackpot did you manage to blow? How much money could you possibly need, and for what? Are you building your own chip foundry? Buying a country?”

“We actually thought of doing both of those things, you know, but decided we didn’t need the headaches. The Keypairs money’s only grown since I cashed out, thanks to the bull runs. I can’t spend it all, won’t be able to. It would sicken me to try, because I’d have to be so wasteful to even make a dent in it.

“The reason I went for outside capital wasn’t money, it was connections.”

I groaned. Every grifter in private equity and VC-land claimed that they had “connections” that represented value add for their portfolio companies. The social butterfly market was implausible on its face, and in practice, it was just a way of turning cocktail parties into a business expense. “Come on, Danny, you know people already.”

“Not these people.” And he did the thing. He looked from side to side, up and down. He turned off his phone and held his hand out for mine and carried them both to the little step next to the water feature and set them down on it so they’d be in the white-noise zone. He came back, looked around again. “I got signing keys for four of the most commonly deployed secure enclaves.” He looked around again.

“I think I know what that means, Danny, but maybe you could spell it out? I’m just a dumb old accountant, not a cryptographic legend like yourself. And for God’s sake, stop looking around. I’ll let you know if I see anyone sneaking up on us.”

“Sorry, sorry. Okay. The secure enclave gets a program, runs it, and signs the output. The secure enclave’s little toy operating system says that it does this reliably and without exception. You see a signature on a program’s output, you know the program produced it. That toy OS, it’s simple. Stupid. Brutal. Does about six things, very well, and nothing else. You can’t change that program. Secure enclaves are designed to be non-serviceable. Even taking them off the mainboard wrecks them. You get them into a lab and decap them and hit them with an electron-tunneling microscope, you still won’t be able to recover the signing keys or force a false sig.

“But if you have the signing keys? You can just simulate a secure enclave on any computer. Then you can run any operating system you want on it, including one that will forge signatures. You do that, and you can falsify the ledger. You can move unlimited sums from any part of the balance sheet to your part of the balance sheet. You can jackpot the whole fucking thing.”

I blew out air. “Well, that seems like a defect in the system, all right.”

“It can’t be helped. We call it Trustless, but there’s always some trust in a system like this. You’re not trusting the other users of the system or the company that made the software. You’re trusting that a couple of leading manufacturers of cryptographic coprocessors and sub-processors, companies with decades of experience, will maintain operational security and not lose control of the keys that their entire business — and the entire business of all their customers and their customers’ customers — are dependent upon. You’re not trusting the other users, but you’re trusting them.”

“And yet,” I said, looking over at Sethu, who was painting away and performing an excellent simulation of someone who wasn’t eavesdropping, “you found someone willing to sell you some of those keys.”

“Yes,” he said and gave me a calm, no-bullshit, eye-to-eye stare. “I did. It’s useful to have those, especially when you’re first kicking a new cryptocurrency around. You make a smart contract with a bad line of code in it, you create a bug bounty with an unlimited payout. So in the early days, when you’re figuring this stuff out, you do a little ledger rewriting.”

“You do rewriting on a read-only ledger that no one is ever supposed to rewrite.”

He rolled his eyes. “Ethereum did it early on, moved fifty mil in stolen payout from a bad smart contract out of the crook’s account and back into the mark’s account. No one made too much of a fuss. I mean, the immutable ledger sounds like a great idea until someone no stupider than you gets taken for fifty mil, and then rewriting the ledger is just sound fiscal policy in service to fundamental justice.”

“But Ethereum told everyone they were doing it. Sounds like you did it all on the down low?”

“We were early. No one was even paying attention. All we wanted was a ledger whose early entries weren’t an eternal monument to my stupid mistakes as I climbed the learning curve.”

“Fine. Vain, but fine. Still, getting those keys meant a lot of power for a little reputation laundering.”

He sighed and looked away. “Yeah. The thing is, I’m not the only one who makes mistakes. We are aiming for trillions secured on our chain. Trillions, Marty. Ten to the twelve. It’s an unforgiving medium, and the stakes are high. The Ethereum lesson was clear: a couple of divide-by-zeros or fence post errors, a single badly typed variable or buffer overrun, and the whole thing could sink. I needed an eraser. Not on day zero but well before I attained liftoff.”

“Every hacker builds in a back door, huh?”

“Don’t call it that. Call it an Undo button.”

“Okay, then. An Undo button in a system whose cryptography is supposed to prevent undo at all costs. But not a back door.”

“You, my friend, are too smart. I miss the days when forensic accountancy and security engineering were distinct fields. ” “Me, too, pal. So what happened? Your keys took a walk?”

Tomorrow (Apr 21), I’m speaking in Chicago at the Stigler Center’s Antitrust and Competition Conference. This weekend (Apr 22/23), I’m at the LA Times Festival of Books.

#pluralistic #fiction #technothrillers #crypto means cryptography #crypto #cryptocurrency #books #serials #martin hench #`red team blues

18 notes · View notes