[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Things we should be working on...

At 5:43 AM -0700 9/2/97, Robert Hettinga wrote:
>At 12:42 am -0400 on 9/2/97, Tim May wrote:
>> Chaumian, identity-protecting technologies need to be deployed.
>> Frankly, I think Cypherpunks are getting off track with all the recent
>> focus on "old" technologies (which I'll leave unspecified, as my point is
>> not to attack certain pet projects).
>> The real stuff is going undone.
>So, Tim, what should we all be working on, in particular?

OK, you asked. This isn't a comprehensive list.

1. Fully secure machine to machine connections for the Net, as in Gilmore's
"SWAN" project. This makes the Net unsnoopable by the NSA and other TLAs,
and makes encryption an automatic (at this level...individual users will of
course still encrypt on top of this, as relying on others is never enough).

2. A usable form of Chaum's cash, a la Goldberg's or Schear's or Back's or
whomever's implementation. An evolution of Magic Money, Hashcash, etc.,
using full strength algorithms. Backing can be decentralized. Less emphasis
on deals with banks, more emphasis on guerilla deployment, a la PGP.

(Initial uses may be for illegal things, which may be a good thing for
deployment. Sex, for example, historically drives technologies like this.
Thus, one might imagine combining blinded (no puns, please) cash with
message pools to allow users to anonymously purchase JPEG images and have
the resultant images placed in a pool for their later browsing. If done on
a per image basis, for small amounts of digital cash, this could help users
get their feet wet and gain familiarity. Integration into browsers would

3. Distributed, decentralized data bases, a la Eternity, Blacknet, etc. My
number one candidate: a commercial credit rating data base not bound by the
U.S.' "Fair Credit Reporting Act." Let lenders and landlords find out the
dirt on those who welshed on loans or who skipped out on leases, regardless
of what the FCRA says. (This could technically be located today in any
non-U.S. country, practically, but access by U.S. persons and corporations
would have to be done circumspectly. A good use for blinded cash, of the
_fully_ untraceable sort, e.g. payer- and payee-anonymous sort.)

Ditto for ratings of doctors and lawyers. Some states in the U.S. are doing
this, but under their strict state control. Why not laissez faire
approaches, with user-inputted information? (I've written about this
extensively. Cf. my Cyphernomicon, for example.)

4. Wider use of persisistent pseudonyms. Most of the "anonymous" posts we
see are signed in cleartext with names like "TruthMonger," "BombMonger,"
etc., with little use of PGP sigs to ensure persistence. Spoofing is
trivial. Checking sigs is up to the *end reader*, for example, to see that
"Pr0duct Cipher" really is the same nym that's in the past posted as
Pr0duct Cipher, but it might be useful for us to start really making more
use of this sig checking, and even to maintain our own data base of nyms
and their public keys, as a kind of demonstration testbed.

5. And so on. Cf. the archives, etc. for many, many things.

What I meant be "the wrong stuff" is the recent focus on breaking simple
ciphers that were known to be breakable 20 years ago...just a matter of
applying the computons in the right way. All credit to Goldberg and all,
but hardly accomplishing  very interesting goals (helps Ian get a good job,
that's certainly true). Maybe it'll cause slightly stronger crypto to be
allowed for export...I don't really care too much about that.

In fact, the whole focus on _exports_ and doing things to make exports
easier is a _detour_, even a _derailment_. As I've said, I'll start
worrying about Netscape getting a license when they start paying me. Until
then, foreigners should just bypass what Netscape provides and use drop-ins.

(In fact, monkeywrenching the status quo is better than helping Netscape
and Microsoft get stronger crypto. For lots of obvious reasons.)

My list above is not meant to be a "Strategic Plan." But clearly the
Cypherpunks list has been slowly devolving into a gossip list, and a
dumping ground for anonymous insults, drunken rambles, and a cheerleading
group for predictable accomplishments and for corporate plans. (In
particular, a large fraction of the Bay Area contingent now work(s) for
various companies in crypto capacitites, even for crypto-focussed
companies, and their edge, or at least their public utterance edge, has
been dulled. One can speculate on some reasons. Too much talk about how to
"help" PGP, Inc., for example, when PGP, Inc. is doing fairly ordinary
crypto things and is in fact participating at some level in GAK talks. (I
may get a nastygram from Phil on this, courtesy of helpful forwarders of my
words to him...it's what I think.)

Also, 95% of the crap about "digital commerce" is merely a distraction. The
wrong direction, the wrong technology. Just "Visa on the Net," and hence of
no real use for our sorts of goals. Worse, the wrong direction.

I could rant on, but will spare you all.

--Tim May

There's something wrong when I'm a felon under an increasing number of laws.
Only one response to the key grabbers is warranted: "Death to Tyrants!"
Timothy C. May              | Crypto Anarchy: encryption, digital money,
[email protected]  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."