Hey friends 👋
One year ago today, I shared an issue of the newsletter, while on vacation, called Out of Office. Long-time readers will recall the relative informality of the Update back then, and this post, was especially all over the place.
In it, I reflected on my previous issue, All Together Now, which introduced readers to what would become running themes of my writing:
political power decentralization (aka anarchism or libertarianism)
the importance of censorship resistance (web3 social, cryptocurrency)
privacy to prevent coercion, censorship, and abuse (privacy preserving cryptocurrencies; encrypted mail, messaging, and more)
It's funny looking back at those old issues and seeing that I was just beginning to understand how to express those thoughts that now are so core to my identity as a writer. It's also kind of cool to see how early I was encouraging people to explore technologies like Farcaster & Lens. I even gave away invites to readers back then, before these protocols were permissionless.
Aside: You know, I don't believe in alpha, and I don't proclaim to give it. Even though I write a lot about financial technologies and even share some giddy posts about tokens I hold or find interesting, going wild in the market, I don't give advice to anyone to buy them. I've clarified that a lot, even inventing a whole gamified NFT project about how irrational and bizarre markets are.
But interestingly, those readers who followed along and became active Farcaster and Lens users would most likely have earned tens of thousands of dollars worth of airdrops (Farcaster OG NFT, $DEGEN, $BONSAI, $ZK etc).
Just something to think about if you're subscribed but not actually reading through these posts 😉
Back to that particular issue of the newsletter. In it, I had shared that online crypto sleuth, ZachXBT was being attacked by defamation lawsuits by a crypto twitter influencer called MachiBigBrother. The crypto community rallied around Zach to help fund legal counsel, and he was eventually able to settle the lawsuit.
Rereading that, it reminded me of something I wanted to talk about in this issue: Julian Assange is free.
As a teenager in the late eighties, Julian Assange was already a very skilled hacker and was growing increasingly subversive in his targets and approaches. In fact, by 1991, he was considered one of the most notorious hackers (or rather hactivists) in Australia, having broken into several systems of the US military-industrial complex to leak information about how they were breaking laws and abusing power.
This has been a theme throughout Assange's life; breaking into systems, exposing corruption, and trying to weaken the stranglehold of powerful institutions. As part of an online hactivist group known as The International Subversives, he would show, by hacking into MILNET, that the US military was hacking itself to engage in surveillance. Assange's role in the hack is only alleged, of course, as, if it were true, he would still be potentially liable.
Unsurprisingly, the online subcultures he was a part of led him right to the Cypherpunk Mailing List alongside other notable characters like:
Hal Finney (co-developer of PGP encryption standard)
Satoshi Nakamoto (pseudonymous creator of Bitcoin)
Zooko Wilcox-O'Hearn (founder of Zcash)
Nick Szabo (inventor of smart contracts and creator of Bitcoin precursor bit gold)
Bram Cohen (creator of the BitTorrent protocol)
Beyond these names, many of the developers of important projects like Tor, SSL, PGP, IPSec, and founding activists of organizations like the EFF, were all presents on these lists.
What these cypherpunks have in common is their belief in the power of cryptography to improve privacy, security, and, by extension, individual freedom. We'll come back to the ways cryptography can be used to achieve these goals, but for now, I want to talk a bit more about Assange, for those who don't know the story.
In 2006, Assange and a group of other likeminded individuals founded WikiLeaks, an activist journalism organization aimed at exposing corruption, lies, and secrecy through whistleblowing. Assange was inspired by Daniel Ellsberg's release of the Pentagon Papers which showed that the administration was lying about the Vietnam War, not just to the public but to congress as well. Incidentally, that event is also cited as inspiration for Edward Snowden's 2013 leaks.
In 2010, military analyst Chelsea Manning engaged in whistleblowing after witnessing atrocities committed by the US military. That year WikiLeaks released hundreds of thousands of documents related to the Afghanistan and Iraq wars showing the willful murder of innocent civilians, humanitarians, and journalists.
And that same year, while in London, Assange is arrested on a warrant alleging sexual assault in Sweden. Sweden had intended to bring him in to investigate these claims where he could have faced extradition to the US.
Had Assange been extradited, he would have surely been sent to Guantánamo Bay, the extrajudicial military prison the US reserves for anyone they deem a "terrorist," which WikiLeaks itself exposed.
Note: these allegations, while heinous if true, were dropped, and many claim this was a tactic to simultaneously turn public opinion against Assange and facilitate his extradition to the US.
Assange took Asylum in the Ecuadorian embassy in London where he stayed for 7 years until Ecuador revoked his asylum. Some allege this was due to pressure from the US, while Ecuador claimed that Assange had overstayed his welcome—well to be fair, they claimed he was smeared feces on the walls, but this, if true, is not really unexpected for someone undergoing years of mental distress and confinement.
After he was ousted from the embassy, Assange was immediately arrested and the US formally requested his extradition. He spent the next several years in prison awaiting a trial and then several appeals. Finally, he was offered a plea bargain and last week that deal was made final at a court in the unincorporated US territory of the Commonwealth of the Northern Mariana Islands (CNMI).
The story of WikiLeaks contains all the ingredients of why I, and many others, care so much about cryptography. With that in mind, what I'd like to do with the rest of this newsletter is look at details about WikiLeaks and other similar case studies paired with some promising cypherpunk technological solutions.
In December 2010, PayPal suspended the WikiLeaks account after they received a letter from the US State Department that characterised WikiLeaks' activities as illegal in the US. Mastercard and Visa Europe also stopped accepting payments to WikiLeaks after pressure from the US. Bank of America, Amazon and Swiss bank PostFinance had previously stopped dealing with WikiLeaks. Datacell, the IT company that enabled WikiLeaks to accept credit and debit card donations, said Visa's action was the result of political pressure. WikiLeaks referred to these actions as a banking blockade.
Activist individuals and organizations, journalists, whistleblowers, and even those the US finds arbitrarily illegitimate like sex workers (including pornography actors and influencers) regularly have their bank accounts frozen, payments processing blocked, and financial accounts revoked. Ironically, in a country where money is deemed to be speech, this should an unambiguous violation of the first amendment. However the institutions doing the infringing, despite being tendrils of the state, are not officially such, and the law is clear, anyone but the government can legally restrict your speech.
Perhaps this gets at the most important point I can ever make:
ⓘ What is legal ≠ what is right
Knowing that those in power are capricious in nature, and that the financial system is the tool by which control is exerted under capitalism, it's no wonder that so many of the original cypherpunks became focused on creating permissionless digital currencies.
I've written about Bitcoin before (including why it's significant, why its flawed, why it's not the kind of money people want, and why cryptocurrency needs to be private) so I won't make this newsletter longer than it needs to be by defining the OG cryptocurrency.
Suffice to say, the launch of the bitcoin network in 2009 set into motion a chain of events that would produce the world we live in today where anyone can send money across the world in seconds without a bank or other corporation being able to revoke their right to do so.
ⓘ AssangeDAO was formed to raise funds for Julian Assange’s legal expenses. Together they raised $53 million for his legal defense, which his brother credits for his freedom.
But there is one glaring problem with transparent blockchains. They leave everything we do open for everyone in the world to see.
If the US government decides they don't want you donating to WikiLeaks, or LGBTQ+ organizations, or providing/receiving/supporting reproductive healthcare, or donating to Palestinian humanitarian campaigns, or sending money to your relatives in Iran or Russia; they can watch your transactions and punish you in other ways, like:
Blocking you from off-ramping your cryptocurrency to fiat
Blacklisting you from financial institutions or services
Literally arresting you and seizing your assets
This is why blockchain transactions need to be private. Thankfully, there are several options offering varying degrees of privacy. The most popular among these are Zcash, Monero, and mixers like Privacy Pools, and it's predecessor Tornado Cash. There are also currencies like Dash which make use of a technique called CoinJoin to help obscure transactions, and Litecoin which uses MimbleWimble to allow for a Zcash-like shielded transactions.
All of these have their place, and should be more normalized than the purely public transactions that have become the norm, but as is often the case, people don't realize the benefit of privacy until it's too late.
Aztec Network began working on a privacy layer for Ethereum all the way back in 2017 and at one time operated a pretty interesting layer 2 rollup called Aztec Connect. However, the rollup was built on an older architecture that made it slower and pricier to use than was justifiable in the modern L2 landscape.
Alongside the shutdown, Aztec announced they were redirecting their attentions to building the infrastructure for open and permissionless private applications with a new programming language called Noir, and eventually a sequel to that original rollup.
Recently, Aztec announced a new website, with a beautiful aesthetic (they were always among the best in terms of crafting a visual identity) and lots of explainer content about what they're building.
In a so-called Manifesto posted to their blog, Aztec CEO Zac Williamson defines the way forward for crypto privacy:
There is a phrase I think we will hear much of over the coming years: privacy for the user, transparency for the protocol.
The capabilities of private programmable blockchains and the outcomes they enable are not commonly understood. A private blockchain is not one where all information and data are intrinsically hidden. They are hybrid systems where public and private data coexist. Application designers and users can choose which data is hidden.
Efficient markets require data transparency. Data relating to identity requires data confidentiality. The solution is applications where information that relates to assets is public, and information relating to users (e.g. who owns said assets) is private.
To create a privacy-preserving ecosystem it must be possible for confidential, transparent, and hybrid applications to directly interact with one another. Privacy is not an aftermarket add-on to be bolted onto a few select applications. Full composability is essential to develop a rich ecosystem.
Composability enables trust-building networks by allowing individuals to put core aspects of themselves on-chain, disclosing it only selectively and enabling distributed protocols to use these capabilities in a composable permissionless manner, without leaking information. Who are you? What have you done? What do you want to do? With privacy, we can disclose this information to smart contracts and hide it from people. These will form core primitives of our new information networks.
— Regeneration: A Manifesto for an Autonomous Future, Aztec
This idea of a symbiosis of public and private finance is core to the idea of Zcash, a project I hold dear to my heart. Zcash's shielded and transparent duality makes it possible to be both fully private and yet compliant with existing laws (regardless of how stupid those laws are). It also allows for practical uses like charities and other fundraising organizations to receive funds transparently (in terms of amounts) without sharing who donated (for the reasons I already mentioned).
It could even be used in interesting ways, like for transparency around how the government uses taxes (a live view of the coffers and the size of outgoing expenditures) without seeing the account information of the recipients.
The quotidian use case for private cryptocurrency (whether mixed or not) is just to allow people to transact IRL without creating a scenario where someone can see onchain that the guy with a bored ape just paid for coffee at Starbucks, and can come from behind and whack him on the head with a wrench to steal his phone.
I've spent a lot of time talking about private cryptocurrency because it's probably the most fundamental thing we need to fix if we intend for permissionless money to succeeed. Otherwise, it will be Apple or Facebook or the government itself making some fully permissioned wallet with a great UX, but to which they can revoke access at any time.
Aztec’s manifesto alluded to another possibility they’re working to enable private credentials.
Our identity is built on credentials. No, I'm not trying to sell you a LinkedIn Premium membership! But it is true that to know things like whether someone qualifies for financial assistance like a student loan or employment insurance, you need to prove things like income level or work history.
In fact, in a capitalist world, just about everything requires a credential, be it a credit score, or a proof of residence, etc. This is why those who've been in prison or experience homelessness are so disenfranchised in the US; systematic exclusion in order to maintain the modern day slavery the US economy relies upon. But I digress.
There are other use cases for credentials as well, like proving someone completed medical school before allowing them to work as a brain surgeon, proving someone hasn't been convicted of first-degree murder before letting them have a gun, or proving someone is of a certain age before letting them buy alcohol, and so on and so forth.
The problem with most credentials is that they contain a bunch of extra, sensitive information, which you probably should not be sharing. Like I shouldn't be showing a random potential landlord my taxes with my home address, income for the previous year, and social insurance number. They could steal my identity, rob my home or place of work, or simply lose the documents and allow someone else to do these things.
This is why zero-knowledge proofs are such an interesting technology. Rather than a landlord saying "show me your sensitive documents that prove you earn enough to pay the rent," they would say "prove to me that you earn enough to pay the rent".
So if the rent is $2000 a month, they try to prove that you earn > $24000 You earn $50000 a year, let's say, which is indeed > $24000, so you are qualified. Add that to private interviews to prevent racial discrimination, and the existence of landlords almost becomes bearable.
How about another example?
Want to open a bakery but don't have the money? What if you could get a loan by proving that you had a good history of paying your bills, had previously been employed, perhaps had taken business courses, or baking courses, or both. You could have verifiable onchain credentials that are fully private and can be disclosed either in full or via proofs of certain details, like in the last example. All this without needing to share photocopies or pdf files of your college transcripts, employment records, or utility bills.
This would have been especially beneficial to those who were affected by the recent Evolve cybersecurity breach, wherein the private financial information of countless customers was stolen and released on the dark web. And not just customers of Evolve Bank & Trust, but of its many partner institutions like Mastercard, Visa, Mercury, Affirm, Stripe and many more.
ⓘ If Evolve had only been able to confirm your details but not store your information, there would be no risk. Think about it.
Trust is difficult to build and, ultimately, social relationships guide that trust. But there is no reason to believe that trust or worthiness of certain things is earned by being 100% transparent about everything you've ever bought, said, or thought. Dystopian sci-fi warns us of this kind of overly simplistic thinking. But will we heed the warning? Will we even get the message?
Central intelligence agencies are bad. I know, hot take, right? No, but really. They have spent the entirety of their existence breaking constitutional laws, killing civil rights and anti-war activists, and destabilizing every nation with a chance at competing with the US, no matter how peaceable those nations were.
For a long time, the worst offender for infringing on their citizens rights was the US's CIA, formerly the OSS, and right behind that was probably the FBI. But recently, the EU's various intelligence agencies and their political legs in the European Commission have been trying to outdo the US at every turn.
For years, the commission has tried to pass similar versions of the same law: one that breaks encryption on private messaging apps. Now, whenever someone has tried to convince the public that encryption should be weakened, it's unpopular, so they always follow the same trajectory.
Initially, they begin by talking about extremists using these tools to commit acts of terrorism. But, given the infrequency of those actions and the many better ways of stopping them (less antagonistic foreign policy maybe?) it's a hard sell that we should all give up our safety for such an indirect solution.
When the PATRIOT Act move fails, they always move in for the kill: claiming that weakening encryption will protect children from abuse. That seems like a laudable goal, so of course people have a harder time debating it. Fortunately, that argument is still flawed, for a few reasons.
Firstly, most of these CSAM scanning tools have been found to be ineffective at preventing the production and spread of this vile form of content. Think about it, the only way they can work is to have an absolutely enormous database of known material, to send users content to the cloud and compare against every piece of media in the database. Yes, AI models can do this more quickly, and can even be taught to assume what is or isn’t CSAM, but that is only going to prove my final point. So let’s work our way there.
Secondly, weakened encryption puts children at risk from hackers who can find and exploit vulnerabilities. And these same vulnerabilities apply not just to the children, but to everyone; every age, race, class, etc. That's a lot of intersecting vulnerabilities, especially given that the EU parliament (like many of the world’s legislative bodies) is filling up with fascists.
Finally, tools that are created to allow for scanning of CSAM can easily be modified to allow for scanning of other types of images, especially with the aforementioned AI models being added. Leaking government documents? Sharing footage showing abuses of power by the military or police? Organizing a rally against fascists and sending the flyer to other activists on a messaging app? Not anymore you’re not.
And what about when more things become criminalized? In a persistent echo of the Nazis they so clearly idolize, Republicans seem to have made it their prime directive to eradicate queer people, especially trans and non-binary youth. What then when apps that bypass encryption can scan to see if a supposed “boy” ever put on a wig or lipstick? As I said before, breaking encryption puts the most vulnerable people at risk: children, people of colour, queer people, religious minorities, immigrants, workers, labour organizers, activists, journalists; everyone.
Don't take it from me. Here is the response from Signal:
let’s be very clear, again: mandating mass scanning of private communications fundamentally undermines encryption. Full stop. Whether this happens via tampering with, for instance, an encryption algorithm’s random number generation, or by implementing a key escrow system, or by forcing communications to pass through a surveillance system before they’re encrypted. We can call it a backdoor, a front door, or “upload moderation.” But whatever we call it, each one of these approaches creates a vulnerability that can be exploited by hackers and hostile nation states, removing the protection of unbreakable math and putting in its place a high-value vulnerability.
The solution, as the cypherpunks would tell us, is to create hardened, antifragile systems, that operate outside any jurisdiction. In a word: protocols.
XMTP (Extensible Message Transport Protocol) is an open protocol that allows for messaging Ethereum wallets directly. These messages are end-to-end encrypted and can only be decrypted by the wallet on the receiving end.
What's unique about this approach is that it doesn't matter which app you use, much like different email apps can be used to send and receive email, so too can you use various apps with this standard. In fact, XMTP's name is inspired by SMTP (Simple Mail Transfer Protocol) on which the email standard was built.
Recently, XMTP announced some pretty big news: version 3 of the protocol is now available for developers to implement into their apps, and it includes some pretty nice upgrades:
Supports group chat. To learn more, see Build group chat with MLS and XMTP.
Built on MLS (Message Layer Security), which delivers these security and encryption guarantees
Uses app installation-based handling. To learn more, see Installations.
Introduces inbox identities
I've been a longtime fan of XMTP and their vision, and I'm eager to see more apps build on it, especially Farcaster and Lens clients. For the moment though, my go to app for XMTP is Family.
We owe so much to the OG cypherpunks. They've pushed back on the state and capital's relentless thirst for power, and they've protected countless people from abuse as a result. It's no wonder then, that they are made villains (or at best martyrs) for their cause.
For the last few newsletters I've been pushing this idea of subversion, that perhaps the only way to get to where we want to go (freedom, safety, and dignity for all humankind), we have to bypass the existing routes. It may be the only way to get there before we run out of gas.
And with that, I'm all out of gas, so let's get to the...
First up, we’ve got a 2021 Democracy Now! interview with Daniel Ellsberg talking about whistleblowers. The interview was released on the 50th anniversary of the release of the Pentagon Papers. I think it’s really important to understand the legacy and importance of whistleblowing.
Secondly, here’s an interview from Zora Zine with Lunarpunk Rachel Rose O’Leary talking about everything from privacy and antifragility, to encouraging more women to code.
While researching for this post I found out that Julian Assange actually wrote a book called Cypherpunks. I haven’t had a chance to read it yet, but I did find it available online for free via the Internet Archive (another important organization I wrote about in Peer-to-Peer Review) or phyical and ePUB at O/R books. It seems to be mostly a discussion with a few other prominent cypherpunks, but nonetheless worth mentioning.
Until next time,
Thumbs Up
This issue of Thumbs’ Update was brought to you thanks to the gracious support of my Subs Up patrons:
thisiszinger.eth
0xgetoffdeez.eth
riotgoools.eth
taliskye.eth
cpoetter.eth
maxorgel.eth
qubyt.eth
If you want to become a supporter and unlock special perks, check out my onchain patronage susbcription, powered by Hypersub ⬇
And for the privacy minded patron, I accept anonymous tips with Zcash to my shielded address:
u14yghj4gpta3kukkdwch8469fy88rs3ztdrdwc4u7n2npa0s7tl52stwf0mz8fphpga3zcfj559zmsr3y0gmswmdyaah2eyrpetefc5e6nld6v6y2rl04jmuppya0t8hy38a485e576ruls083k5lm4nfr7mzslxav96ml6qdzjfy7es05tcw0je247k3f4l7qkn6art9n6fh67rrf44