
Tell HN: Tim May, Author of “The Crypto Anarchist Manifesto”, Has Died - hmsln
The following is from Lucky Green&#x27;s announcement on Facebook (https:&#x2F;&#x2F;www.facebook.com&#x2F;lucky.green.73&#x2F;posts&#x2F;10155498914786706):<p>Tim May - Cypherpunks co-Founder, Discoverer of Radiation-Induced Single Event Upsets in Integrated Circuits, Uncompromising Firearms Proponent<p>Word has reached me that my dear friend, co-conspirator in many things and for many years, fellow Freedom Fighter Tim May passed away earlier this week at his home in Corralitos, California.<p>Death appears to be from natural causes pending autopsy. I.e. Tim did not die in a hail of bullets as so many who didn’t know Tim all that well and largely from his public writings had predicted.<p>(...)<p>Tim’s realization that any Manifesto, Constitution, or Bill of Rights wasn’t worth the paper it was written on absent a broadly armed (and heavily armed) population left many of his critics and admirers alike confused. As with so many of his assertions, Tim was correct in this analysis, though his assertion that “private ownership of firearms is a public good” will likely not be as soon widely accepted as his assertion that “private ownership of strong crypto is a public good” was. As such, Tim leaves behind a very large firearms collection.<p>Please raise a glass of Bourbon, can be any brand, doesn’t have to be the expensive stuff, it didn’t have to be for Tim, to Tim May!<p>Ad Astra, Tim!
======
cypher_
The end of an age.

RIP, Tim.

Cypherpunk Movement, leaded by Tim May is an established ideology and movement
since the late 80s. At the time, they were the most prominent supporters of
individual privacy and digital liberty. It was them, who helped to build the
EFF DES cracker to expose the lies of FBI about DES’s security, and forced the
U.S government moving to the 128-bit encryption standard. It was them, who
successfully stopped the NSA’s plan to install mandatory encryption backdoor
on the telephone system. And it was also them, who fought against the
regulation of cryptography through various means, and effectively ended it.

They were also the earliest researchers on practical technology to defend
privacy. The very idea of an anonymous communication system was purposed by
David Chaum in 1981, and implemented as Type I Cypherpunk Anonymous Remailer.
By purely coincidence, the syntax used in the control messages allows the user
to chain multiple remailers, and hence the concept of Onion Routing was
discovered. Cypherpunks also recognized the importance of cash — an anonymous
payment system in the past 3000 years, urgently needed a electronic version to
stop the enablement of a surveillance state in the digital age. The original
vision was also purposed by David Chaum, but it faced various difficulties,
especially the problem of consensus and double-spending (Chaum's own
centralized payment processor was good, but did not succeed commercially, but
check GNU/Taler!), so it was under constant discussion throughout the entire
90s, until Satoshi Nakomoto, presumably a Cypherpunk, purposed a workable, but
perhaps less-favorable solution 10 years later. The inventor of computer
firewall, Steven Bellovin, and the first developer of a commercial firewall,
Marcus Ranum, were also cypherpunks. The entire concept of deniable
cryptography was also invented by the cypherpunks, specifically, first
implemented in a Linux Full-Disk Encryption program by Julian Assange.

~~~
cypher_
Cypherpunks, were also the root of many, if not all, security and cryptography
tools and projects used by everyone today. You name it, it’s probably has a
cypherpunk personally involved, or derived from a cypherpunk prototypes, or at
least some some degrees of involvements. SSH, PGP/OpenPGP/GnuPG, Tor, OTR,
OpenSSL/SSL, GNU Radio, Warrant Canary, TrueCrypt, HashCash, WikiLeaks,
Linux’s /dev/random, just to name a few. Yeah, these are not just independent
project, but they were created by the large Cypherpunk movement.

Yes, the original mailing list was a victim of its own success — it
disintegrated in 2000 because the entire fields of privacy, cryptography the
movement kickstarted, turned to be too diverse to be contained in a single
mailing list.

>“The main reason the list doesn’t seem to have the center of gravity anymore
is the topic has gotten so big and gone in so many directions,” Wayner says.
“It used to be you could read maybe (the newsgroup) comp.risks and Cypherpunks
and you had read all there was. Now there are so many things going on it can’t
be the center of gravity, it can’t be the center of all things.”

You don't have to agree Tim May's Anarcho-Capitalist position or everything he
has said, but I think we can all agree that the victory of the First Crypto
War is our timeless legacy and his largest contributions (as a leader) to the
Internet.

------
flyingfences
The Manifesto:

[https://activism.net/cypherpunk/crypto-
anarchy.html](https://activism.net/cypherpunk/crypto-anarchy.html)

~~~
starchild_3001
Very interesting. Thanks for sharing!

------
boramalper
> Just as the technology of printing altered and reduced the power of medieval
> guilds and the social power structure, so too will cryptologic methods
> fundamentally alter the nature of corporations and of government
> interference in economic transactions. Combined with emerging information
> markets, crypto anarchy will create a liquid market for any and all material
> which can be put into words and pictures. And just as a seemingly minor
> invention like barbed wire made possible the fencing-off of vast ranches and
> farms, thus altering forever the concepts of land and property rights in the
> frontier West, so too will the seemingly minor discovery out of an arcane
> branch of mathematics come to be the wire clippers which dismantle the
> barbed wire around intellectual property. > > Arise, you have nothing to
> lose but your barbed wire fences!

~~~
CryptoPunk
The ability that the blockchain gives to economically coordinate across great
spaces and at massive scale without a central authority may make Tim May's
predictions come true.

"Crypto anarchy will alter completely the nature of government regulation, the
ability to tax and control economic interactions, the ability to keep
information secret, and will even alter the nature of trust and reputation."
-Tim May, 1988

I would add that limiting the ability of the govermment to tax and control
economic interactions does not imply eliminating the government's ability to
collect taxes. It would instead mean governments shifting from taxing people's
private transactions, which properly belong in the private sphere, to taxing
immovable property within their jurisdictions, like land, which properly
belongs in the public sphere.

------
NelsonMinar
RIP Tim May. He wrote thoughtfully and prolifically and shaped a generation's
thinking.

For any of you younger folks who don't have much context for cypherpunks,
here's a couple of good articles: [https://medium.com/@bruces/the-blast-
shack-f745f5fbeb1c](https://medium.com/@bruces/the-blast-shack-f745f5fbeb1c)
[http://projects.csmonitor.com/cypherpunk](http://projects.csmonitor.com/cypherpunk)

I'm still trying to get my head around the idea Lucky Green has a Facebook
account.

~~~
r3bl
Not Medium link: [http://www.webstock.org.nz/the-blast-
shack/](http://www.webstock.org.nz/the-blast-shack/)

------
Qworg
A recent interview RE: the tenth anniversary of Bitcoin -
[https://www.coindesk.com/enough-with-the-ico-me-so-horny-
get...](https://www.coindesk.com/enough-with-the-ico-me-so-horny-get-rich-
quick-lambo-crypto)

Always sad to lose deep thinkers.

------
dbg31415
* Timothy C. May - Thirty Years of Crypto Anarchy | HCPP16 - YouTube || [https://www.youtube.com/watch?v=TdmpAy1hI8g](https://www.youtube.com/watch?v=TdmpAy1hI8g)

------
Ologn
When May worked at Intel, the IC's would encounter unexplained state changes
from time to time.

He looked into it - and eventually realized the problem was the ceramic/clay
semiconductor packaging was slightly radioactive, causing single event upsets.
Intel switched to less alpha-heavy packaging, plastic, and the problem went
away. That's impressive debugging!

I knew him more from his cryptography and privacy work (and his curmudgeonly
Usenet posts on how downtown Santa Cruz was going down the drain, in his
opinion), but this feat always impressed me.

~~~
cypher_
His paper is available at:

[https://sci-hub.tw/10.1109/IRPS.1978.362815](https://sci-
hub.tw/10.1109/IRPS.1978.362815)

A New Physical Mechanism for Soft Errors in Dynamic Memories

------
burtonator
These early documents are really interesting in that they often NAIL the
future but underestimate the technical challenges required.

Onion routing being a good example... it's taken longer to get there and it's
still not going to be the default for a long long long time.

~~~
cypher_
I think the major mistakes of the early Cypherpunks include the following. If
we want to go forward, these problems must be solved.

(a) informal approach to cryptography, the entire applied cryptography from
late 1990s to the early 2000s suffered from this problem, we are still working
hard to correct them since Post-Snowden. TLSv1.3 is the most recent effort to
pay our debt.

We should understand that, even we can create lots of clever things by mixing
and meshing different cryptographic primitives, if the cryptosystem is
fundamental enough that you need to use them in serious systems, they must be
formally designed and analyzed. Linux’s /dev/random works by gathering various
sources of entropy and mixing them, sounds extremely secure, right? But it
doesn’t have the rigorous security properties as shown by formal analysis.

One may argue the design is practically secure, but for something fundamental
like this, formal approach should be used to keep it robust in all possible
and impossible circumstances, just like a good symmetric cipher should resist
all forms of known cryptanalysis, to ensure a strong fallback security — that
even the adversary can ask you to encrypt any data of their choice, the cipher
is still unbreakable.

Empiricism works well in many cases, and you can surely design cryptographic
protocols and applications in this way, but it should know when it is needed
to stop and call a true cryptographer. The Signal Protocol is a good example
of well-designed, and formally analyzed protocol, while Telegram is a bad one.

(b) Overemphasize of Technical Possibilities, But Not Usability. The
Cypherpunks were fascinated by cryptography’s endless possibilities. As a
result, they create systems which there are hundreds of user adjustable
parameters and options.

Do you want AES? TwoFish? 3DES? The first one is the U.S. national standard,
well-reviewed, fast hardware implementation, but it has a relatively weak key
schedule and may have a small risk of related-key attack in 256-bit mode, but
related-key is not a real issue in proper encryption, and… the second one is
the security guru Schneier’s cipher, years of cryptanalysis didn’t discover
any flaws, and the pure software implementation is typically faster than
256-bit AES, but… Do you want SHA-1? RIPEMD-160? SHA-256? SHA-512? SHA-3?
BLAKE2e? SHA-1 and RIPEMD-160 is not recommended for new systems, SHA-256 is
the best practice, but why don’t you use SHA-512 for additional protections?
By the way, SHA-3 is not vulnerable to length-extension attacks as it’s not a
Merkle–Damgård construction, and BLAKE2e is the state-of-art by utilizing
Daniel J. Bernstein’s ChaCha20 stream cipher…and so on, and so on, and so on…

You can see this in GnuPG, almost every aspect of encryption can be adjusted.
Another example is Mixmaster remailer, which has more than 20 parameters to
control the behavior of mail forwarding.

These designs are clearly from the desires to fit the personal preferences by
different professional Cypherpunks, but has little actual security benefits.
Instead, it greatly complicates the entire protocol, and expose a large
surface for attackers. On the other hand, WireGuard, an execellent VPN
protocol, doesn’t allow the user to change anything. It is hard-coded to only
use state-of-art, and proven algorithms, such as ChaCha20 and Curve25519.

Dreaming about the endless use-cases is another related issue, Cypherpunks
spent too much time discussing them, such as trustless key management, etc.
However, to bring real changes, we must have systems designed for ordinary
people. An less-than-ideal encryption protocol that is simple enough for mass
adoption, is superior to a completely trustless protocol, but only usable by a
handful of Cypherpunk.

Cypherpunk may disregard these protocols for its imperfections by Cypherpunk’s
standard, but it’s still essential to develop them as mass adoption is crucial
for Cypherpunks to succeed.

(c) Unrealistic Overconfidence in Cryptography

In Tim May’s The Crypto Anarchist Manifesto of 1992, it announced that, there
will be the extensive re-routing of encrypted packets and tamper-proof boxes
which implement cryptographic protocols with nearly perfect assurance against
any tampering, and as more and more Cypherpunk decided to opt-out from the
conventional social order and enters the cypherspace, the State can be
therefore eliminated.

The security of any real-life systems is nowhere close to that level in the
Manifesto, it could be done in theory doesn’t mean it can be done in practice.

Also, as Cory Doctorow stated, the best encryption, the fastest computers, the
most open networks, will not make you comfortable living in an autocratic,
corrupt state. You and your radical friends will eventually make a mistake and
be rolled up by state thugs, or blacklisted, or blackmailed, or publicly
discredited. To evade this all-pervading power, you have to be perfect. To
defeat your evasion, the state need merely find a moment’s imperfection in
your operational security. Even if your system is perfect, the human-element
is the weakest link, the State just need to wait you making a single mistake
to be hunt you down, the story of The Silk Road is a good cautionary tale for
us.

We should continue the original vision and ideals, but also adopt an reality-
based approach, keep quoting Doctorow,

The internet is a tool that can crack open a space in even the most
totalitarian of regimes, a place where reformers and revolutionaries can
organize, mobilize, and fight back. It’s a forum for whispering dissidence in
secret and for blasting the shameful secrets of the powerful at full volume.

The theory of change that goes, “We will walk away from politics and use the
internet to evade state oppression” is a dead letter. It always has been. But
the theory that goes, “The internet will let us organize to hold the
government to account, to topple the corrupt, to rally the honorable and
expose the wicked” — that theory has never been more important.

(d) “Cypherpunks Write Code!”

Linus Torvalds like to say “Talk is cheap, show me the code”. The slogan of
Cypherpunks in fact came earlier, “Cypherpunks Write Code!”. The meaning is
that, good ideas need real implementation, not just talks.

Unfortunately, the discussions of the Cypherpunks were too broad and pretty
much ahead of its time, as a result, most ideas were not implemented, and few
implementations were only prototypes. Even the best software package, suffers
from Problem B.

It is not to say that discussions are unnecessary, but we must build something
for mass adoption as well. So perhaps a new slogan, “Cypherpunks Build Apps”
can be used, although “app” sounds like a corporate buzzword.

(e) Hostile Discussion Atmosphere

Cypherpunks were radicals, many are radical individualists and anarcho-
capitalists, with very strong personally opinions on almost everything and
very militant. The Cypherpunk mailing list suffered from endless personal
attacks and arguments from day 0. I recommend everyone to read the Cypherpunk
Mailing List archives to understand the situations.

If we want to build a public forum, we should take all the possible
precautionary measures to prevent it from happening, and cooperate towards a
common goal. Having an ideological civil war between democratic socialist, and
libertarians only helps the Big Brother.

We should find a way to allow diverse groups of people of different ideologies
to cooperate to accomplish things, meanwhile still upholding the same core
values.

~~~
schoen
I gave a talk in October where I said that some things that original
cypherpunks got right were

\+ _Money and payments_ as locus of power

\+ _Naming and identity_ as locus of power

\+ _Access to cryptography_ as locus of power

\+ Governments' appetite for electronic surveillance

\+ Anonymity enabling otherwise impossible interactions

and some things that they got wrong were

\- Vanguardism

\- Sybils and models of public discourse

\- Adaptability and resources of state actors

\- Software vulnerability

\- Decentralization is consistently expensive (in many different ways) and few
people have agreed that they need it

\- Extreme technical fragility of anonymity (deanonymization, correlations,
uniqueness of items in high-dimensional datasets, stylometry and behavioral
uniqueness)

(This is not meant to suggest that the cypherpunks didn't talk or think about
these issues, just that they tended to underestimate how big a challenge they
would represent.)

~~~
cypher_
Insightful comment, thank you!

I would like further to say, as I said in another comment, Cyphernomicon is
one of the most valuable document worth to read, an amazing collecting of
farseeing ideas. The widespread of data breach, privacy-invading computer
systems and software, tendency of authoritarianism and mass surveillance in
the digital world, how Internet will change whistleblowing, and even
cryptographic ransomware were predicted.

They got a lot of things correct. But many great ideas are still not
implemented. I'm listing a few that I really want to see and use today...

* In Tim May's Cyphernomicon, two concepts are of great significance: anonymity, AND reputation. The most common argument today against anonymity is, "how can you trust these people", but the problem has been answered early: you build a system and community based on reputation. Unfortunately, nowadays, only the first part of the vision, anonymity, is partially implemented, but there is almost no deployed reputation/identity system.

There are some of them, e.g. Web-of-Trust based, blockchain-based,
Reddit/Hacker News karma, but I think we still don't have figure out a system
that implements May's vision. I really want to see something similar to the
Cyberspace in True Names or Ender's Game... Currently the best approximation
is just 4chan + Reddit + Second Life + Tor, or perhaps OpenBazaar and
BitNation?, which is not very interesting.

And of course, there are reasons. If you attach an identity to anonymity, it
downgrades to pseudonymity. Having a long-term pseudonymity is very dangerous,
once you have leaked ~30 bit of entropy, your anonymity is basically finished.
Another hard problem of reputation is Sybil Attack.

* Dining cryptographers, or DC-net, a revolutionary anonymous network by David Chaum, which eliminates correlation attacks and information-theoretic secure. Cypherpunks saw the Onion Routing of Cypherpunk Remailing can be written in an afternoon of Perl hacking, it shouldn't be hard to perfect the system and move to DC-net within the next 5 years.

But the hard problems of DC-net has been overlooked, one non-cooperative
participant can DoS the entire network. The solution is the construction of a
BLAME protocol for kicking out malicious nodes out. I think we just managed to
solve most of the problem with a functional prototype, DISSENT, in 2015 (20
years later!!). Until a practical network has been engineered, DC-net is still
like One-Time Pad, good on paper but not useful in practice.

------
rdl
Tim was pretty much why I got interested in crypto. I'm glad I got to meet him
in person once a few years ago, but lots of great interactions online over the
years.

------
raphlinus
RIP Tim. I remember him as one of the guiding forces of the early Cypherpunks.

------
kwaldman
RIP Tim. I remember reading his work (usenet) back in the late 80's/early
nineties - he once told me of his early days at Intel and later invited me to
join the cypherpunks list a very long time ago. Tempus fugit.

------
sphinxpy
R.I.P. He and John Perry Barlow are true hero's.

------
mindcrime
Oh man, that's terrible news.

R.I.P. Tim May.

------
clubm8
I wonder if any nyms will suddenly stop posting and be outed as his? One thing
I've though about recently is that on a long enough timeline if you use a
handle, eventually you'll die.

(I register new nyms occasionally for this reason)

------
daedlanth
We will prevail over these mad people. A little piece of Tim lives on within
me. Plant that seed & purvey the knowledge today through tomorrow until the
end of our time.

Goodbye Tim

------
quickthrower2
Just to avoid the confusion, "crypto" means cryptography not currency in this
context. I had to check myself.

------
NelsonMinar
Worth remembering Tim also wrote some violently racist and hateful crap. A
sample (there's lots more) "Liquidate the Jew and the negro and most of our
problems fade away." [https://scruz.general.narkive.com/29QgNUds/commie-rag-
praise...](https://scruz.general.narkive.com/29QgNUds/commie-rag-praises-mlk)

I admire Tim's writing on crypto and what it could do. I deplore his violent
racism. They both came together in one person.

------
pizza
RIP

------
javajosh
Okay, I'm curious - did anyone else get a screen flicker when they clicked on
these comments? I'm on macOS 10.14.2 chrome 71.0.3578.98. I think it would be
interesting if someone wanted to trigger software based on particular URLs,
or, more likely, textual content in the page. Because it is personal, and
transient, it would be very difficult to detect.

