intro’d to Moxie via social good summit 2015 – his insight/work with encryption: (para) can’t hack if don’t have info.. got my head spinning back to a natural encryption (perhaps) of 1\ idiosyncratic jargon (rather than babel izing some elitist bespeak) along with and because of 2\ everyone doing something else (usefully preoccupied)
looking into him…
webstock 2015 – april:
open whisper – making private communications simple
6 min – 80s – all films cold war.. nothing till 95 – braveheart.. against govt.. hackers…… matrix… ultimate story of oppression – against their reality… 2000… bourne series.. govt out of control…..90s – power vs people………2001 – change again … and all about terrorism….. superheroes to save us.. because they are virtuous… taken – cia saves the day…
10 min – cyber war – cyber punks vs eaves droppers… shift from ultimate control to no control..
11 min – clipper chip – into every device… to establish secure sessions.. but govt had master key to decrypt..
14 min – 2000 – game over – won the war ? – first we see: info wants to be free.. they thought surveillance et al would become impossible.. predictions: 1\anonymous digital cash will flourish 2\intellectual property will disappear 3\surveillance will become impossible 4\govt’s unable to continue collecting taxes 5\govt’s will fall
fast forward 20 yrs… and not so much… surveillance at all time high, privacy at all time low
15 min – all we got was pgp – future cypherpunks saw was proximate surveillance… instead got oblique surveillance.. ie: cell phone.. as surveillance.. via choice..
17 min – in some ways .. choice to not have a phone is choice to not participate in society
19 min – on public key vs private key
21 min – what do we need – 1\ limited damage from key compromise 2\opinionated defaults 3\opportunistic, transparent encryption 4\mobile oriented, multi-device, modern world….. basically…. need to make the lock icon a thing of the past
one click encryption is one click too many – Bruce Schneier
22 min – axolotl
24 min – tofu – trust on first use
25 min – since we are open.. no patents.. gave this to whatsapp
27 min – until all communication is .. ( )
Next Generation Threats 2014 – march 2015
13 min – pgp world (total nightmare – 100 p tutorials w/links to learn more) vs otr (off the record) – any secure protocol needs: confidentiality, integrity, authenticity
DEFCON 19: Whitfield Diffie and Moxie Marlinspike
3 min – on being locked into trust
4 min – trust agility – should be easy to trust and untrust somebody.. initiated by client
7 min – it wouldn’t make any sense for dhs to issue web cert’s for chinese websites.. moxie – and i disagreed with it..
12 min – on notaries and trust anchors (pre defined by someone that wasn’t the user)
13 min – doesn’t make sense that one organization decides certification… should be up to users
16 min – graduated decisions on trust.. not all or nothing
that’s where i don’t see it.. perhaps in business ness.. which i’m questioning as well.. ie: client ness
trust – partial is no.. ness
19 min – from audience.. i don’t see this not ending in similar cycle as komodo (sp?) – people buy based on cost
21 min – released convergence.. stab at inverting this trust relationship
23 min – on multiple notaries – whitfield
27 min – on trusting someone to set your trust mechanisms…
29 min – audience – speaking of trust in too broad context
34 min – the way i wish this term worked is that term expired every second.. at any moment you can decide
encroaching singularity ness of trust.. and.. back to the dance of all or nothing ness..
seems the partial ness of trust comes when money is involved.. no? i don’t know.
audience – on users wanting to set it and forget it – don’t want to decide every moment..
but do want to be able to decide (change mind) every moment
Moxie Marlinspike is the pseudonym of a computer security researcher. His research has focused primarily on techniques for intercepting communication, as well as methods for strengthening communication infrastructure against interception. He is a member of the Institute for Disruptive Studies, former head of the security team atTwitter, founder of Open Whisper Systems, and a fellow at the Shuttleworth Foundation. He runs a cloud-based WPA cracking service, manages the GoogleSharing targeted anonymity service, and is the author of theConvergence SSL authentication system.
jul 31 2016
K.M. Gallagher (@ageis) tweeted at 9:19 AM on Sun, Jul 31, 2016:
Profile of @Moxie Marlinspike, the anarchist bringing encryption to all of us https://t.co/5xsZZ1bqXa by @a_greenberg
Marlinspike designed Signal to bring uncrackable encryption to regular people.
The standoff quickly becomes the topic of the RSA panel, and Marlinspike waits politely for his turn to speak. Then he makes a far simpler and more radical argument than any advanced by Apple: Perhaps law enforcement shouldn’t be omniscient. “They already have a tremendous amount of information,” he tells the packed ballroom. He points out that the FBI had accessed Farook’s call logs as well as an older phone backup. “What the FBI seems to be saying is that we need this because we might be missing something. Obliquely, they’re asking us to take steps toward a world where that isn’t possible. And I don’t know if that’s the world we want to live in.”
Marlinspike follows this remark with a statement that practically no one else in the privacy community is willing to make in public: that yes, people will use encryption to do illegal things. And that may just be the whole point. “I actually think that law enforcement should be difficult,” Marlinspike says, looking calmly out at the crowd. “And I think it should actually be possible to break the law.”
A few days after Snowden’s first leaks, Marlinspike posted an essay to his blog titled “We Should All Have Something to Hide,” emphasizing that privacy allows people to experiment with lawbreaking as a precursor for social progress.
Marlinspike views encryption as a preventative measure against a slide toward Orwellian fascism that makes protest and civil disobedience impossible, a threat he traces as far back as J. Edgar Hoover’s FBI wiretapping and blackmailing of Martin Luther King Jr. “
To a bored middle schooler, it was all a revelation. “You look around and things don’t feel right, but you’ve never been anywhere else and you don’t know what you’re missing,” Marlinspike says. “The Internet felt like a secret world hidden within this one.”
“I got interested in experimenting with a way to live that didn’t involve working.”
Even today, Marlinspike describes those reckless adventures in the itinerant underground as a kind of peak in his life. “Looking back, I and everyone I knew was looking for that secret world hidden in this one,” he says, repeating the same phrase he’d used to describe the early Internet. “I think we were already there.”
If anything can explain Marlinspike’s impulse for privacy, it may be that time spent off society’s grid: a set of experiences that have
driven him to protect a less observed way of life.
“I think he likes the idea that there is an unknown,” says Trevor Perrin, a security engineer who helped Marlinspike design Signal’s core protocol. “That the world is not a completely surveilled thing.”
merely going to demonstrations never felt like the right way to challenge the world’s power structures.
Instead, around 2007 he turned his political interests back to the digital world, where he’d seen a slow shift toward post–Patriot Act surveillance. “When I was young, there was something fun about the insecurity of the Internet,” he says, with its bounty of hackable flaws available to benign pranksters. “Now Internet insecurity is used by people I don’t like against people I do: the government against the people.”
Marlinspike dreamed of bringing his encryption tools to millions of people, an ambition that required some sort of business model to fund them. He moved back to San Francisco to promote Whisper Systems as a for-profit startup. The company had barely gotten off the ground when Twitter approached him with a buyout offer, hoping to use his expertise to fix the shambolic security that had led to repeated hacks of celebrity and journalist accounts.
A normal person might have quit sailing. Instead, Marlinspike quit Twitter. A year and a day after he had started, he walked away from over $1 million in company stock.
“The big win for us is when a billion people are using WhatsApp and they don’t even know it’s encrypted,” Marlinspike says. “At this point, I think we’ve already won the future.”
Marlinspike surprises me by admitting that he looks forward to the moment when he can quit. “Someday Signal will fade away,” he states unsentimentally. Instead, he says, Open Whisper System’s legacy will be the changes Signal will have inspired in better-funded, for-profit communication apps.
That time may not be so far off. “I don’t really want to do this with the rest of my life,” Marlinspike says. “Eventually, you have to declare victory.”
But cypherpunks like Marlinspike—let’s be honest—haven’t yet won the crypto war. In fact, the war may be unwinnable by either side.
unless.. we make all that irrelevant.. so that .. everyone can not work..
Marlinspike, she says, seeks the “zero point, when you have nothing to lose, when you have no property, no lover, nothing to hold you back.”
The best @moxiehttps://t.co/Hj6Q4JqnAY
Original Tweet: https://twitter.com/jack/status/1228399629600845824
on the success of signal
But Marlinspike argues that Signal’s fundamental aims haven’t changed, only its strategy—and its resources. “This has always been the goal: to create something that people can use for everything,” Marlinspike says. “I said we wanted to make private communication simple, and end-to-end encryption ubiquitous, and push the envelope of privacy-preserving technology. This is what I meant.”