Success stories of Cypherpunks

PGP
message signatures and encryption
SSL
channel tamper- and snooping-resistance
Tor
group-anonymous channels
hidden services
OTR
snooping-resistant ad-hoc messaging

Success leads to complacency

Attacks never get worse, they only get better...

Real Attacks

  • traffic analysis
  • provider dependence: code substitution, server encryption, transport sniffing
  • big data
    all human generated information
    Gus Hunt, CTO of CIA, 2013-03-20
  • infrastructure weaknesses: hardware, firmware
  • weakened algorithms, compromised crypto standards
  • misuse of mandated access
    Greek cellphone tapping via CALEA compliance interface, 2004
    Lavabit compelled key disclosure, 2013
  • humans and spycraft: bribery, double agents, black-bag jobs

Shortcomings

  • PGP: usability, forward secrecy, traffic analysis, WoT analysis
  • SSL: CAs, downgrade attacks, compatibility, deployment hurdles
  • OTR: userbase, fingerprint validation, traffic analysis, MITM, denial
  • Tor: leakage, network scalability, performance, usage hurdles, web blockades

Strange New World

Rip van Cypherpunk has been asleep since 1992 and wakes up in 2012. What does she see?

  • PGP everywhere, functioning as crypto-plumbing.
  • Free Software everywhere: Debian, ec2, RPi, Ubuntu, Android, BeagleBoard, Hadoop, Fedora, Firefox, Chromium, Nodejs, Ruby
  • BitTorrent everywhere.
  • TLS everywhere.
  • Bitcoin exists
  • ... WTF.
  • Tor network continues to exist
  • ... to everyone's surprise.

Strange New World

Rip van Cypherpunk has been asleep since 1992 and wakes up in 2012. What does she see?

  • PGP everywhere, functioning as crypto-plumbing.
  • Free Software everywhere: Debian, ec2, RPi, Ubuntu, Android, BeagleBoard, Hadoop, Fedora, Firefox, Chromium, Nodejs, Ruby
  • BitTorrent everywhere.
  • TLS everywhere.
  • Bitcoin exists
  • ... WTF.
  • Tor network continues to exist
  • ... to everyone's surprise.

We Won!

Strange New World

We Won!

Strange New World

We Won!

... well, not really.

  • too many users still have little freedom (Android, iOS, web2.0)
  • too many totalitarian power structures still repress people (Bluecoat, PRISM, GFW, GEMA)
  • too many untrustable, unauditable proprietary systems still lie beneath our freedom (x86, ARM, CDMA/GSM/3G)

Where do we go from here?

Modern Cypherpunks

we hold these truths to be self-evident

  • Real people use these systems.
  • Threat models form a continuum. "Your way is insecure, my way is secure"
  • Systems that work, win.
  • Everything is terrible.
  • ... and that's OK.
  • Continuous improvement.
  • ... don't prohibit improvement with steep on-ramps!
  • Cypherpunks write code.

New Forums

Mailing lists!

  • Perry's Cryptography list cryptography@metzdowd.com
  • Randombit Cryptography list cryptography@randombit.net
  • Cypherpunks cpunks.org
  • Liberationtechnology list (mailman)

Conferences!

  • CCC (Chaos Communications Congress)
  • too many security conferences to list: HITB, Black Hat, Cryptography, Toorcon, Bsides, Toorcamp, PETS, ...

New Forums

Real world meetups!

  • Techno-Activism Third Mondays
  • CryptoParty http://www.cryptoparty.in/
  • PGP keysigning parties at many events (Debian, Linux, F/OSS, BSD)
  • cypherpunk meetups, monthly, in various cities worldwide (don't see one? start one!)

Social Movements!

  • Occupy
  • PrismBreak

A glorious future awaits in the Offworld Colonies

  • open source µcontroller stack (Arduino, avr-gcc, others)
  • FPGAs running libré hardware designs (OpenCores)
  • libré firmware for x86 BIOS (CoreBoot)
  • libré firmware for COTS WiFi (softmac, ath9k)
  • libré Software Defined Radio designs (GNU Radio, BladeRF, many others)
  • libré board designs (Novena / bunniestudios laptop)

Cypherpunks 1.0 versus 2.0

Cypherpunks 1.0 versus 2.0

  • "Look at this utopia we can build, using cryptography!"

Cypherpunks 1.0 versus 2.0

  • "Look at this utopia we can build, using cryptography!"
  • "Look at this dystopia we have built, using cryptography!"

New Projects

Manifesto

  • Build systems we can trust
  • For humans to use
  • Providing individuals with real choice generally wins

Manifesto

  • Build systems we can trust
  • For humans to use
  • Providing individuals with real choice generally wins
  • and finally:

Modern Cypherpunks

we hold these truths to be self-evident

  • Real people use these systems.
  • Threat models form a continuum. "Your way is insecure, my way is secure"
  • Systems that work, win.
  • Everything is terrible.
  • ... and that's OK.
  • Continuous improvement.
  • ... don't prohibit improvement with steep on-ramps!
  • Cypherpunks write code.

<Thank You!>

http://adi.is/s/cpunk20/