Hacker News new | past | comments | ask | show | jobs | submit login
The cypherpunk revolution (csmonitor.com)
352 points by oska on Sept 19, 2016 | hide | past | web | favorite | 68 comments

Wired Issue 1.02 | May/Jun 1993 | Crypto Rebels | John Gilmore Challenges the NSA [1]

What if Gilmore wins, and the NSA is forced to reveal all but the most secret information about cryptography? Would national security be compromised, as the NSA claims? "I don't think so," says Gilmore. "We are not asking to threaten the national security. We're asking to discard a Cold War bureaucratic idea of national security which is obsolete. My response to the NSA is: Show us. Show the public how your ability to violate the privacy of any citizen has prevented a major disaster. They're abridging the freedom and privacy of all citizens -- to defend us against a bogeyman that they will not explain. The decision to literally trade away our privacy is one that must be made by the whole society, not made unilaterally by a military spy agency."

[1] https://archive.wired.com/wired/archive/1.02/crypto.rebels_p...

I think I read this when it first came out. I loved Wired back then.

A good read but I'm struck by how politically naive so many of the crypto crowd seems to be. The idea of escaping the government by going into cyberspace is nonsenical on it's head. You are a body. You buy things for your body. You go do body things all the time. Besides buying software, ebooks, and movies everything else you buy with something like bitcoin is physical and cannot be encrypted. Even with Lackey living on Sealand on San Fransico time had to be buying canned food, diesel, etc. If any government had been interested in what he was doing it would have been trivially easy to keep tabs on him.

ETA: This quote from May especially struck me “Would Hitler and Himmler have used ‘key recovery’ to determine who the Jews were communicating with so they could all be rounded up and killed?” The Nazi's wouldn't have really cared what Jewish people were saying because they just wanted to kill them. Similarly if we think of something like the Soviet Union while cryptography would have undeniably been helpful for dissidents for coordination and getting ideas out ultimately you still need to have people on the streets or in office to get anything changed.

Here is a more recent example from history: the use of encrypted communications by the ANC in organising against the South African government.


You're right that you need to have people on the streets or in office to get anything changed. I think too many people forget this and forgo the slow hard work of street-by-street politics and downticket races.

Agreed. I want to be clear that I do think that encryption has an important role in organization and social change. I'm just struck by claims from some of the self-identified cypher-punks that encryption could mean taxation would be impossible or the idea of escaping into this "Other Plane" as a way to secure freedom.

Agreed. I'm not even sure if it's all that interesting that encryption plays a role: I think privacy, and by extension secrecy plays a role. And in our world, cryptography is increasingly a precursor to both privacy and secrecy.

But I think the fight about making cryptography available, really is the fight for right to privacy, and even right to secrecy in certain areas of our society. The USA is fortunate in some ways because of the constitution, and its repercussions throughout modern history - even if law enforcement can build or buy a device to see through walls, that doesn't allow such tools to be used without regulation.

But now is the time to regulate large scale meta-data, traffic analysis, in addition to guaranteeing a right to technology that allows data to be kept secret.

Why couldn't it make taxation impossible?

Sure, you still need to buy things in person, which can be done with cash. But drug dealers seem to be able to do a pretty good job of evading taxes.

Imagine if everything that you bought in person was done with cash, or a bitcoin payment. That money would be untaxable.

If you buy a house, for sure, the government can track that, and you need to make sure the money used to buy that is "clean", but a surprising large percentage of a person expenses could be done in a safe way.

It's not sufficient to just lean heavily on cash. You also need to have a legitimate-looking explanation for where the cash came from if the tax authorities check up on you. Even if you can work anonymously and get paid via anonymously mailed envelopes of cash or Bitcoin, good luck living a normal middle class lifestyle while avoiding income taxes.

Buying a house or renting housing leaves a paper trail. So does renting or buying a car from most places that sell or rent cars. So does paying utility bills. So does paying for prescription drugs, medical services, car insurance, life insurance... So does paying for higher education.

I guess if you had some cash-only tax evading side business you could use cash to buy things like food, clothing, gasoline, and miscellaneous household goods. But you're not going to be able to dodge the taxes on middle class life's major expenses -- at least not without tripping the same mechanisms that catch drug dealers buying cars etc. with cash. I suppose you could live like an off-the-grid survivalist who never interacts with ordinary businesses. That looks like a lot more work than living an ordinary life where you work at jobs that don't involve trusting other criminals, buy things and pay taxes like usual.

Cash-only for everything is just about feasible, if you accept the extra costs of theft prevention. But bitcoin? Bitcoin is ridiculously traceable. Every transaction is public. Make one opsec mistake and everything is exposed.

You're also assuming that the government would sit still in the face of a serious erosion of the tax base, and not crack down on it. The US is bad enough with its arbitary seizures of cash, let's not destabilise the situation further.

With Bitcoin there is no central agency that can simply confiscate money with a call. The government would have to torture you for the private key. But there is not even a way to see, let alone prove, how much money you own, as long as you made it anonymously.

I think you have an interesting point about still having to live in the real world, but I don't find your argument about Hitler and the Jews persuasive at all.

Just because cryptography isn't useful for that particular case doesn't make it not useful for other cases; no one is arguing crypto will fix all government abuses. It doesn't mean it isn't a useful tool, though, in fighting corrupt governments.

Agreed but May is the one who brought up the Hitler comparison. I think that encryption is minimally effective in cases of actual totalitarian states like Nazi Germany, the Soviet Union, or North Korea. They have too much control, secret police, informers, etc. that encryption doesn't represent a viable way of effecting change in government. In those types of situations your neighbors can just report you for being a dissident and the Stasi can just carry you away in the middle of the night or bug your entire home.

In countries like the USA, or even Apartheid South Africa it can have a much bigger role in organizing protests and other activities.

(Some) Jews were being hidden by non-Jews. The Nazis would be very interested in the secret communication between the people/groups hiding Jews.

Using encrypted communications and bitcoin you can make sure that all your physical interactions are with people you can trust. Dark Net Markets are an example.

I don't want everything I read and write online to be analyzed by agents of a government agency who have, along with some other agencies, spent the majority of the past fifty years engaged in unilateral neo-fascist imperialism. I was under the impression that such spying was forbidden by the laws of my land. Apparently, The American Dream is dead and we are all simply feasting on it's corpse.

Very lengthy, well written article about the history, political implications and principles of public key encryption.

I am a big fan of this technology [1], and still hope that it will be more wide spread among citizens in a secure form. Like freedom of speech, information security is definitely an important pillar of the modern state and empowers citizens. Unfortunately, all attempts to introduce it to the masses and get it right from the security point of view have failed so far.

It is a tough balancing act to get right [2]: freedom, convenience, safety - you seemingly can only have two of them.

[1] e.g. in the form of https://www.gnupg.org/

[2] https://www.schneier.com/blog/archives/2010/11/dan_geer_on_c...

Tim May wrote a (very long) "FAQ" for the Cypherpunks that may be of interest to folks who are interested in this sort of thing:


The Cypherpunks list was remarkable for a time. Very high-volume, fractious, competitive, vicious, with at least one participant going to jail for a long time due to acting on some of the ideas. And very, very full of ideas ranging from mind-candy to very dangerous.

May's Cyphernomicon[1] is really his interpretation of what was going on, colored heavily by his politics. Paraphrasing the joke, ask three cypherpunks what the word meant and you'd get four answers. But the document is an in-depth look at some of the implications of cryptography, a look at some deeply non-mainstream politics, and a contemporaneous recounting of the politics and technology development of a really interesting period of time and a really interesting mailing list that had, I think, a surprisingly outsized (if hard to pin down) role in shaping security policy[2].

[1] Stephenson's Cryptonomicon came out at roughly the same time as May's work, and it was one of those funny little accidents that the name collided.

[2] I do think the Clipper chip fiasco and the ITAR changes wouldn't have played out the same way without the collaboration that happened on the list, and it was fertile ground that lead to several companies and weirder entities being formed.

Whatever happened to Tim May? The wikipedia page says "he retired in 2003", but did he really just drop off the net completely? Cursory searches turn up very little.

Edit: of course as soon as I post I then find some recent(ish) posts by him here: http://lambda-the-ultimate.org/user/3908/track

Graffiti found at 16th/Harrison (just outside Wired office), San Francisco, Mar/Apr 94. Photo by Tom Jennings: tomj@wps.com [1]

    Fuck the NSA.
[1] http://imgur.com/a/npfL7

WiReD was located just off of South Park back then.

You're right -- for some reason I'm sure I saw it somewhere around here:


Maybe he was trying to throw off the NSA, and protect the not-so-innocent... ;)

Back in October 1944, Koenig had suggested a theoretical way of securing a telephone call by having the recipient of a call add noise to the signal and then subtract it afterward. Only Bob could subtract the noise, because only he knew what he had added in the first place. An eavesdropper, Eve, simply would not know how to modify the noise, because she wouldn’t have access to the noise that had been added to the phone conversation in the first place.

Since that's not terribly clear, here's the explanation: https://techpinions.com/an-old-mystery-solved-project-c-43-a...

Ah yes, Cryptowars I :-) As part of my involvement in the Java project I was building crypto classes that you could call from other objects. The NSA^h^h^hDepartment of Commerce was concerned. A couple of the things that were patented out of that project had to be cleared by them. Very odd experience.

The idea that a piece of software could not be legally exported from the US but could be fetched via FTP from Italy was pretty amazing in its dissonance. All of the representatives of the federal government I ended up interacting with all understood that the battle was "lost" but they were doing their part to slow or chill research or distribution.

I know this is a content-free comment, but I've been following your comments here for years now, and you always have interesting stories. Thank you for contributing!

These days, it's challenging to minimize the amount of information given to commercial communication vendors. At present, https://Wire.com (from Skype's founder) is the only cross-platform and easily usable messaging service that:

  - has E2E encryption [0] of text, image, audio, video
  - does not require phone # [1]
  - does not require address book upload
  - is not ad-supported
  - has open-sourced code for their desktop and mobile clients
  - has single msg editing & deletion
[0] derived from the Signal protocol, implemented in Rust, needs more external review/audit, https://wire.com/privacy/

[1] using a desktop browser, register at http://app.wire.com with email, then login to mobile app

> Wire is not financed by ads. Your personal data or the content of your conversations are never sold or rented to anyone, and it will not be used for any third party advertising.

Does anyone know how it's financed? Without a clear business model, it's hard to trust anyone these days. If it was an open source project just for the sake of having an open source solution, that'd be one thing, but the website mentions Jobs, and has a web-based app run by them, so there's real money being invested here, and at some point they'll have to reap profits from it.

Their Twitter account [0] mentioned plans for paid premium services. Features are being added at a steady pace (monthly?), so this seems plausible.

Rdio (common investor) lasted five years, https://en.wikipedia.org/wiki/Rdio

If they go under, it may be possible to build an open-source client+server that is inspired by their current OSS client. In fact, that effort can start now, as an insurance policy.

Edit: found a Mar 2016 interview with Janus Friis (who is financing and chairing the company), they have 50 employees in Berlin and are seeing 150K new user signups per month, http://www.bloomberg.com/news/articles/2016-03-10/amid-apple...

[0] https://twitter.com/wire

Tox[1] meets all of these points except for

    - has single msg editing & deletion
And who cares about that? It is also:

    - a distributed P2P network with no proprietary or centralized services
    - no email requirement
    - Linux support (advertising "cross-platform support" without Linux is a fucking joke)
It's not perfect but I think it's a far better place to invest our mindshare.

[1]: https://tox.chat/

Even an open-source client is hard to trust as a native install in your mobile OS. Sooo many ways your phone is insecure...

iOS is not bad for mainstream users if the right privacy settings are enabled.

Since the baseband processor is a major attack point on a mobile device, it's a big deal that Wire does not need a phone number. It means you can use a WiFi-only device like an iPod Touch or non-cellular tablet.

In the bigger picture, we have to stop supporting companies whose business model is based on data harvesting. Wire is a small step in the right direction. We need more steps and more alternatives.

Although don't get me wrong.. I like what they're doing here.

Are there any that do metadata obscurity?

You would need to use a messaging app that routes your traffic over Tor, or some other anonymizing network. Some options like Ricochet or Tor Messenger are being developed.

Would love to know.

Wire reduces metadata, e.g. no phone number and no social network/contact graph for triangulation. You can use a throwaway email to register, that is never used in other contexts. That leaves metadata for device key fingerprints, Wire account ID and public IP addresses.

Wire also uses WebRTC for some communication, not sure about the metadata implications of that protocol.

I2P Messenger, I2P's Bote mail

Amusing to note that a site hosting a detailed article on the "cypherpunk revolution" doesn't support https.

Talking about cyberphunk / cyberpunk culture, why does it feel that the popular definition and approach nowadays is a defeatist (or sometimes even glorifying) attitude to an unavoidable future of megacorporations and post-industrial dystopia, instead of celebrating the punk side of it? Or am I just checking out the wrong corners like /r/cyberpunk?

Because paid speech is now pervasive on social networks, especially on topics with commercial consequences, from a variety of competing actors with deep pockets and diverse agendas. Punk stakeholders likely cannot compete in either paid speech or mass audience reach for subversive lyrics.

Readers will gradually learn how to select writers with independent perspectives, filtering out groupspeak, as they have learned to do with advertising.

Edit: manually curated Twitter whitelists, connected to Flipboard, can provide an efficient view of reader-prioritized, coherent perspectives. We need better whitelist support on discussion services.

This is why I want content addressed social networking, with cryptographic identities.


Can you quantify what "pervasive" means in this sense?

"Pervasive" is within the context of high-profile topics. One academic study was "Grassroots for Hire", https://www.amazon.com/Grassroots-Hire-Consultants-American-...

For DIY quantification, create a spreadsheet of userids, threads and manually tagged perspectives from your favorite social network or discussion forum. Then apply open-source tools for social network graph analysis of node interactions. With this data, apply exclusion filters to targeted clusters of userids, then re-read the "mass opinion". Palantir has proprietary software for network influence analysis, but many algorithms and OSS tools are available from academia.

I wonder the same thing. The attitudes really do seem pervasive as you suggest, both here and on reddit. Rarely do I see otherwise.

It's both. Post-industrial dystpoia is a possible outcome of current trends, which at the same time is countered with cyberpunk resistance.

Steven Levy's "Crypto" [http://www.stevenlevy.com/index.php/books/crypto] is a good read on this topic if you're looking for something more in-depth.

$23 for a book from 2001 on an evolving topic? Surprised there's not a 2nd edition. Anything that includes the 2000-2010 decade as well?

It's extremely well researched and well written, with fantastic insight - well worth 23 USD - highly recommend.

> Back in October 1944, Koenig had suggested a theoretical way of securing a telephone call by having the recipient of a call add noise to the signal and then subtract it afterward. Only Bob could subtract the noise, because only he knew what he had added in the first place. An eavesdropper, Eve, simply would not know how to modify the noise, because she wouldn’t have access to the noise that had been added to the phone conversation in the first place.

The scheme is called a one-time pad, and while it might be considered impractical, it was definitely used successfully. In fact Alan Turing apparently contributed to one such device: https://en.wikipedia.org/wiki/SIGSALY

Interestingly, according to Wikipedia the SIGSALY was in production before Koenig "invented" the technique. And according to the one-time pad page, one-time pad was first theoretically invented in 1882 by Frank Miller https://en.wikipedia.org/wiki/One-time_pad

You should read the article and my comment above. This was not a one time pad as they was no distribution of a pad. Only one side added and removed the noise.

The article you posted does not seem to contradict what I said, but rather support it.

> The Project X method required courier distribution of noise tracks on phonograph records. Because the noise had to be as long as the speech it masked and each track could only be used once–it was the audio equivalent of a Vernam cipher or a one-time pad–the system was exceedingly cumbersome.

You don't appear to have read it.

Must see "OpenDime: Real Life Cyberpunk Cred Sticks" https://www.youtube.com/watch?v=ypQHc3EQVfE

That's a interesting idea but damned if I'm going to stick a random USB device into my computer.

Maybe that's how you demonstrate your "creds"? "You want me to do what with that USB? In my port? Go away."

Maybe an NFC implementation would be more acceptable.

I don't know, I kind of like the notion of offering someone an USB killer and if they put in into their machine, you never trust them again (cryptographically or otherwise). Jokes aside though, yes, I think NFC would be less likely to be dangerous to your computer, but maybe easier to eavesdrop on?

Also, I'm not sure how they create the private key, but shouldn't it be possible to use the same file twice, giving both of them the same private key? Break the first one, load up bitcoins on the second one, use it as a payment, then use the now known private key to extract the funds before your victim can, and essentially pass a bad check...

Not possible it mixes in user generate entropy https://opendime.com/#faq

Revolution amoung subsets of a population is no revolution.

What is need is a mainstream movement to embrace crypto as a fundamental human right.


Sidebar: The article is part of "Passcode" - a field guide to security and privacy from The Christian Science Monitor: http://passcode.csmonitor.com

It always starts underground. When it breaks out into the mainstream, it won't even be a movement anymore, it will just be life as usual. That green lock will be gone from the browser, along with any protocols that do not end in "s". The dozen or so communications apps on your phone will be encrypting everything, but not exposing any configuration.

And, only one company will sign everyone's public key, because regular users just want to delegate everything to a familiar name. Then we will need another revolution, an underground network of public key signers. With names like 51GNpnk and TheRealBob. One of TheRealBobs will come smoke a joint with you in your parent's basement, and sign your key for $5, so that you can get into the Minecraft party on the weekend.

This is the world I want to live in.

If you join your local Cryptoparty, you will likely find someone who will sign your public key for free. Check out cryptoparty.in to find the closest one, or some great resources for starting your own.

There are a few parties running in the Boston area now. The cryptoparty.in/boston page hasn't been updated in a bit, but there is almost always an cryptoparty on the last Wednesday of the month at Parts and Crafts in Somerville.

No need to deal with TheRealBob. Blockchains make CAs obsolete.

An interesting question is to what extent people will widely accept first-come-first-served solutions to naming. This is partly the case in DNS but not completely because the trademark system was imported into the DNS in an imperfect way, which means that some trademark holders have been able to use UDRP and/or litigation to seize domain names that relate to their trademarks.

In blockchain-style naming, there's no UDRP, and if you can't get jurisdiction over the particular name-holder, you can't get much joy from litigation either. There's no registry or registrar to whom a court order could be issued.

That has advantages and disadvantages from the end user's point of view: sometimes the legal system would have undermined uses of names that they wanted to make (as in the case of censorship by seizing or canceling a domain name, or transferring it as a punishment for violating an unrelated law), while other times it would have protected them from confusion and fraud.

"Public-key encryption was revolutionary for a simple reason. It solved the age-old security problem of key distribution."

Not by itself. That's what protocols are used for. A weak protocol would allow for an attacker to intercept public keys, allowing the attacker to mitm communications.

I've been developing software professionally since the 1980s, when I had to build a computer from scratch. I've seen these three waves first hand- personal computers, now in your palm, the internet, now ubiquitous with cell networks, and finally crypto. The third has not yet become mainstream.

I will say this- we are on the verge of the crypto revolution. I have never before seen so much energy and effort, and finally, money in the crypto sphere. In large part because now there is cryptographic money (eg: bitcoin et al.)

For those of you who think that the startup scene has become lame where you're just building apps to sell advertising, you're missing out.

The thing about the crypto revolution is that it is not nearly as obvious. Internet and PCs were obviously great in the early days- great for everyone. Crypto is harder, has a learning curve for consumers and until that's eliminated it's easy to think that it will go nowhere in the same way that pgp has effectively gone nowhere for 20 years.

Much in the way that we've given up on "artificial intelligence" and made great strides in machine learning.. crypto is on the edge.

It's the place you want to be.

Here's a short interview by Simon Singh with Clifford Cocks about the bits he did: https://www.youtube.com/watch?v=a-xEiOvXux4

Here's a longer clip of the same interview: https://www.youtube.com/watch?v=oR0_LPbWxe4

Sidenote: that Banksy street art (photo in article) has already been destroyed.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact