If the police can spy on us, we can spy on them. Legally, that is.

and here’s how that channel recommends hardening an android phone: https://youtu.be/mlW6I5Kuj6c

How do you prove something without giving away all your data? Zero Knowledge Proofs could hold the answer. Alberto Sonnino, Research Student at UCL explains.

Further reading.

Zero Knowledge technology holds the key to true privacy by default.

May this community be inspired by Aaron's spirit.

Here's his manifesto:

Guerilla Open Access Manifesto

Information is power. But like all power, there are those who want to keep it for themselves. The world's entire scientific and cultural heritage, published over centuries in books and journals, is increasingly being digitized and locked up by a handful of private corporations. Want to read the papers featuring the most famous results of the sciences? You'll need to send enormous amounts to publishers like Reed Elsevier.

There are those struggling to change this. The Open Access Movement has fought valiantly to ensure that scientists do not sign their copyrights away but instead ensure their work is published on the Internet, under terms that allow anyone to access it. But even under the best scenarios, their work will only apply to things published in the future. Everything up until now will have been lost.

That is too high a price to pay. Forcing academics to pay money to read the work of their colleagues? Scanning entire libraries but only allowing the folks at Google to read them? Providing scientific articles to those at elite universities in the First World, but not to children in the Global South? It's outrageous and unacceptable.

"I agree," many say, "but what can we do? The companies hold the copyrights, they make enormous amounts of money by charging for access, and it's perfectly legal — there's nothing we can do to stop them." But there is something we can, something that's already being done: we can fight back.

Those with access to these resources — students, librarians, scientists — you have been given a privilege. You get to feed at this banquet of knowledge while the rest of the world is locked out. But you need not — indeed, morally, you cannot — keep this privilege for yourselves. You have a duty to share it with the world. And you have: trading passwords with colleagues, filling download requests for friends.

Meanwhile, those who have been locked out are not standing idly by. You have been sneaking through holes and climbing over fences, liberating the information locked up by the publishers and sharing them with your friends.

But all of this action goes on in the dark, hidden underground. It's called stealing or piracy, as if sharing a wealth of knowledge were the moral equivalent of plundering a ship and murdering its crew. But sharing isn't immoral — it's a moral imperative. Only those blinded by greed would refuse to let a friend make a copy.

Large corporations, of course, are blinded by greed. The laws under which they operate require it — their shareholders would revolt at anything less. And the politicians they have bought off back them, passing laws giving them the exclusive power to decide who can make copies.

There is no justice in following unjust laws. It's time to come into the light and, in the grand tradition of civil disobedience, declare our opposition to this private theft of public culture.

We need to take information, wherever it is stored, make our copies and share them with the world. We need to take stuff that's out of copyright and add it to the archive. We need to buy secret databases and put them on the Web. We need to download scientific journals and upload them to file sharing networks. We need to fight for Guerilla Open Access.

With enough of us, around the world, we'll not just send a strong message opposing the privatization of knowledge — we'll make it a thing of the past. Will you join us?

Aaron Swartz

July 2008, Eremo, Italy

In this report, we examine the future of voting and the possibility of conducting secure elections online. Specifically, we explore whether End-to-End Verifiable Internet Voting (E2E-VIV) systems are a viable and responsible alternative to traditional election systems.

This report contains the most complete set of requirements to date that must be satisfied by any Internet voting system used in public elections. Developed by a team of experts in election integrity, election administration, high-assurance engineering, and cryptography, the report starts from the premise that public elections in the U.S. are a matter of national security.

• Report for Non-technical Audiences

• Complete Rreport

• Usability Study

I think a utxo blockchain makes perfect sense as an application for this homomorphic encryption technology for use in democratic voting, and subsequent verification, and security of the vote (to protect the voter from intimidation after the fact).

In my opinion, the main problem behind blockchain voting comes when a centralized power (like the US for example) wants to understandably use their own national currency in CBDC form (digital currency) as the oil in that machine. It's a dilemma because decentralized, open source technologies must be used for a system like this to truly be secure and independently-verified.

This one answer to that question has been ringing through my head for a couple of days.

• The right to solidarity, i.e. all should be allowed to partake in solidary action during a strike.
• The right of initiative and right to recall.
• The right to free software, or freedom from proprietary software.
• The right to a third place, i.e. ready access to physical spaces that allow for socializing with strangers.
• Freedom from eviction (mainly wrt rent strikes and squatting.)
• The right to democratic education.
• The right to cross borders.
• The right to be forgotten.
• The right to purpose, or freedom from meaningless labor. This includes the right to an employee fund.

And there are of course other things. I just think that under the world's current paradigm, these, at least individually, seem relatively attainable without a literal revolution.

Perhaps we might talk about how we might guide society toward these things using technology.

Born in North Carolina in 1983, Edward Snowden later worked for the National Security Agency through subcontractor Booz Allen in the organization's Oahu office. During his time there, Snowden collected top-secret documents regarding NSA domestic surveillance practices that he found disturbing. After Snowden fled to Hong Kong, China and met with Guardian journalists, newspapers began printing the documents that he had leaked, many of them detailing the monitoring of American citizens. The U.S. has charged Snowden with violations of the Espionage Act while many groups call him a hero. Snowden has found asylum in Russia and continues to speak about his work.

Background and Early Years

Edward Snowden was born in Elizabeth City, North Carolina, on June 21, 1983. His mother works for the federal court in Baltimore (the family moved to Maryland during Snowden's youth) as chief deputy clerk for administration and information technology. Snowden's father, a former Coast Guard officer, later relocated to Pennsylvania and remarried.

Snowden dropped out of high school and studied computers at Anne Arundel Community College in Arnold, Maryland (from 1999 to 2001, and again from 2004 to 2005). Between his stints at community college, Snowden spent four months (May to September 2004) in the Army Reserves in special-forces training. He did not complete training according to Army sources, and he was discharged after he broke his legs in an accident.

As ethical hackers are becoming a crucial investment for businesses, here are our all-time top picks

It took the white hat hacker from Pangu Labs one second to hack the iPhone Pro 13 recently. The hacker managed to get the highest level of access on the jailbroken iPhone 13 Pro remotely, and he also demonstrated a data wipeout.

With advancing technologies, cyber vulnerabilities are skyrocketing and moreover, the 2020 pandemic brought an onslaught of cyberattacks worldwide. Adobe systems faced a data hack involving 2.9 million customers. The Centre for Strategic and International Studies and McAfee released a report, The Hidden Costs of Cybercrime, which revealed monetary losses to have hit $945 billion and predicted that organisations would spend $145 billion on cybersecurity services. Ethical hackers have become a crucial investment for businesses.

Here are ten most popular white hatters who have been impactful, and serve as an inspiration to several aspiring ethical hackers and security researchers worldwide.

Charlie Miller

After his PhD in Mathematics from the University of Notre Dame, Charlie Miller worked as a computer hacker for the National Security Agency for five years. Since then, he has also worked as a consultant for the security teams of Twitter and Uber ATC. In the annual Pwn2Own competition, he won the title of Super Bowl of computer hacking four times. He was the first person to have the authority to remotely exploit the iPhone and the android phone when it was released. Featured on several publications and TV shows, the ethical hacker has also demonstrated the vulnerability in Fiat Chrysler vehicles that could be hacked and control the radio, brakes, and even the steering wheel. Currently, Miller is the security engineer, autonomous vehicle security at Cruise.

Dino Dai Zovi

Hacking his way into Macbooks, Dino Dai Zovi is known for eliminating security issues in them, and also for identifying and preventing malware attacks in Apple devices. A member of the Black Hat review board, Zovi has co-authored The iOS Hacker’s Handbook (2012), The Mac Hacker’s Handbook (2009), and The Art of Software Security Testing (2006). The white hat hacker is best known in the information security community for winning the first Pwn2Owncontest at CanSecWest 2007. He is the head of security for Cash App, and previously worked as the staff security engineer at Square. He has also held security leadership roles with Endgame, Two Sigma Investments and Matasano Security.

Jeff Moss

With a degree in criminal justice, ethical hacker Jeff Moss goes by the name of Dark Tangent. He began hacking as a young man by removing copyright protection from games. After his first job as a director at the Secure Computing Corporation division, Ernst &Young, he founded the Black Hat and Defcon hacker conferences, served as the chief security officer at ICANN, and acted as an advisor to the US Department of Homeland Security. Although Moss sold Black Hat in 2005 and stepped down from ICANN in 2013, he continues to work on DefCon, and he freelances as a security consultant. The unofficial spokesperson for the hacking community was also elected to be the Commissioner at the Global Commission on the Stability of Cyberspace (GCSC) in 2017.

Joanna Rutkowska

Known for her research on low-level security and stealth malware, Joanna Rutkowsha is a Polish computer security expert who founded a security-focused desktop operating system, Qubes OS. In 2006, at the Black Hat conference, Rutkowsha presented the vulnerabilities in the Vista kernel and also a technique dubbed Blue Pill that used hardware virtualisation to move a running OS into a virtual machine. The white hat hacker shot to fame when she exposed numerous attacks on virtualisation systems and Intel security technologies, including the popular series of exploits against the Intel Trusted Execution Technology (TXT). Rutkowsha, who is also the founder of Invisible Things Labs, has been invited to several security conferences, such as Chaos Computer Conferences, Black Hat Briefings, HITB, RSA Conference, and Gartner IT Security Summit.

Kevin Mitnick

Kevin-Mitnick was once the FBI’s Most Wanted because he hacked into 40 major corporations just because he could. Today, he is known as a trusted security consultant for Fortune 500 companies and governments worldwide. With a 100 per cent track record of being able to penetrate any security system anywhere in the world with his Global Ghost Team, Mitnick’s security insights are highly sought after and have led him to be a commentator, security analyst, and a guest speaker on CNN, CNBC, FOX News, BBC, and 60 Minutes, to name a few. He is also the author of several books, including Art of Intrusion: The Real Story Behind the Exploits of Hackers, Intruders and Deceivers and Art of Deception: Controlling the Human Element of Security, which are mandatory readings for security professionals.

Marc Maiffret

A former member, known as the Chameleon, of the hacking group Rhino9 and a high school dropout, Marc Maiffret realised his potential when he was raided by the FBI at the age of 17. An industry visionary, he developed some of the first vulnerability management and Web Application Firewall solutions. The ethical hacker co-founded security software company eEye Digital Security, which was credited for exposing vulnerabilities in Microsoft products such as the Code Red worm. He became the Chief Technological Officer at BeyondTrust. Maiffret has testified before the United States Congress on matters of critical infrastructure protection, and has been included in People’s Magazine’s 30 People under 30.

Mark Abene

Once a member of hacker groups Legion of Doom and Masters of Deception, Mark Abene goes by the pseudo name Phiber Optik. He was one among first white hat hackers to publicly discuss the importance and advantages of ethical hacking as a tool for business. Some of Abene’s key services are on-site security assessment, reverse engineering, fraud investigation, and security awareness training. He is the director of cybersecurity at Rivian. Previously, he was the principal code reviewer at Identity Guard. He had also co-founded TraceVector and was a cryptographer, programmer, and contractor for Major League Baseball Advanced Media. His client list includes American Express, UBS, First USA, Ernst & Young, and KPMG.

Richard Stallman

As a programmer at MIT’s Artificial Intelligence Labs, Richard Stallman indulged in hacking activities. The programmer strongly believed in freely tweaking and sharing computer codes. Being an American free software movement activist, he founded the GNU (GNU’s not Unix) project, the free software, mass collaboration project. In 1990, Stallman received a MacArthur fellowship that helped him write various utilities for the GNU Project, such as the GNU Emacs editor, GNU compiler, and GNU debugger. It was later combined with the kernel developed by Linus Torvalds to produce the Linux operating system in 1994. The white hat hacker invented Copyleft, a legal mechanism concept that allowed programmers to redistribute a program’s code.

Sherri Sparks

Sherri-Sparks is a security researcher who made rootkits and stealth malware her pursuit. She once attacked the military service and her ethical hacking skills came to light after she exposed how operating system-independent rootkits could be used to infiltrate and compromise computer networks. She has demonstrated at RSA, Black Hat, and other summits on offensive, defensive stealth code technologies, and digital forensics. In 2007, she co-founded Clear Hat Consulting, specialising in Windows kernel and hypervisor development. Sparks holds a Bachelor’s degree in Computer Engineering, Graduate Certificate in Computer Forensics, and a Master’s degree in Computer Science from the University of Central Florida.

Tsutomu Shimomura

Tsutomu-Shimomura shot to fame when he helped the FBI track down Kevin Mitnick in 1995. He published a book called Takedown in 2000 that centred around the pursuit. In his early life, the Japanese computer security expert was a research scientist in the physics department at the University of California at San Diego, and senior fellow at the San Diego Supercomputer Centre. He also worked for the National Security Agency, and raised awareness on the vulnerabilities of cellular phones. He testified before Congress on matters of its privacy and security issues in 1992. A computational physics research scientist, Shimomura is the CEO and founder of Neofocal, a company that develops smart LED networks.

Top 10 Most Notorious Hackers of All Time

Kaspersky

Computer hacking is the act of identifying and exploiting system and network vulnerabilities in order to obtain unauthorized access to those systems. Not all hacking is malicious. White hat hackers may work in cyber security or as software engineers and testers seeking out vulnerabilities in order to fix them. Black hat hackers operate with malicious intent. That said, there is a large grey area populated by political activists and hackers who wear both hats.

Hacking costs companies and consumers trillions of dollars every year. According to CPO Magazine, by 2021, hacking attacks will cost a total $6 trillion, up from $2 trillion in losses reported in 2019. Much of the cyber crime problem stems from the same features of the internet from which we all benefit. Even the most amateur hacker can easily find all the tools they need online at virtually no cost.

The hacker onslaught didn't occur overnight. It took decades of work by now-famous hackers to discover critical vulnerabilities and reveal the strategies that established the foundations of the internet and its free-for-all libertarianism. Here's a look at the top ten most notorious hackers of all time.

Kevin Mitnick

A seminal figure in American hacking, Kevin Mitnick got his start as a teen. In 1981, he was charged with stealing computer manuals from Pacific Bell. In 1982, he hacked the North American Defense Command (NORAD), an achievement that inspired the 1983 film War Games. In 1989, he hacked Digital Equipment Corporation's (DEC) network and made copies of their software. Because DEC was a leading computer manufacturer at the time, this act put Mitnick on the map. He was later arrested, convicted and sent to prison. During his conditional release, he hacked Pacific Bell's voicemail systems.

Throughout his hacking career, Mitnick never exploited the access and data he obtained. It's widely believed that he once obtained full control of Pacific Bell's network simply to prove it could be done. A warrant was issued for his arrest for the Pacific Bell incident, but Mitnick fled and lived in hiding for more than two years. When caught, he served time in prison for multiple counts of wire fraud and computer fraud.

Although Mitnick ultimately went white hat, he may be part of the both-hats grey area. According to Wired, in 2014, he launched "Mitnick's Absolute Zero Day Exploit Exchange," which sells unpatched, critical software exploits to the highest bidder.

Anonymous

Anonymous got its start in 2003 on 4chan message boards in an unnamed forum. The group exhibits little organization and is loosely focused on the concept of social justice. For example, in 2008 the group took issue with the Church of Scientology and begin disabling their websites, thus negatively impacting their search rankings in Google and overwhelming its fax machines with all-black images. In March 2008, a group of "Anons" marched passed Scientology centers around the world wearing the now-famous Guy Fawkes mask. As noted by The New Yorker, while the FBI and other law enforcement agencies have tracked down some of the group's more prolific members, the lack of any real hierarchy makes it almost impossible to identify or eliminate Anonymous as a whole.

Adrian Lamo

In 2001, 20-year-old Adrian Lamo used an unprotected content management tool at Yahoo to modify a Reuters article and add a fake quote attributed to former Attorney General John Ashcroft. Lamo often hacked systems and then notified both the press and his victims. In some cases, he'd help clean up the mess to improve their security. As Wired points out, however, Lamo took things too far in 2002, when he hacked The New York Times' intranet, added himself to the list of expert sources and began conducting research on high-profile public figures. Lamo earned the moniker "The Homeless Hacker" because he preferred to wander the streets with little more than a backpack and often had no fixed address.

Albert Gonzalez

According to the New York Daily News, Gonzalez, dubbed "soupnazi," got his start as the "troubled pack leader of computer nerds" at his Miami high school. He eventually became active on criminal commerce site Shadowcrew.com and was considered one of its best hackers and moderators. At 22, Gonzalez was arrested in New York for debit card fraud related to stealing data from millions of card accounts. To avoid jail time, he became an informant for the Secret Service, ultimately helping indict dozens of Shadowcrew members.

During his time as a paid informant, Gonzalez continued his in criminal activities. Along with a group of accomplices, Gonzalez stole more than 180 million payment card accounts from companies including OfficeMax, Dave and Buster's and Boston Market. The New York Times Magazine notes that Gonzalez's 2005 attack on US retailer TJX was the first serial data breach of credit information. Using a basic SQL injection, this famous hacker and his team created back doors in several corporate networks, stealing an estimated $256 million from TJX alone. During his sentencing in 2015, the federal prosecutor called Gonzalez's human victimization "unparalleled."

Matthew Bevan and Richard Pryce

Matthew Bevan and Richard Pryce are a team of British hackers who hacked into multiple military networks in 1996, including Griffiss Air Force Base, the Defense Information System Agency and the Korean Atomic Research Institute (KARI). Bevan (Kuji) and Pryce (Datastream Cowboy) have been accused of nearly starting a third world war after they dumped KARI research onto American military systems. Bevan claims he was looking to prove a UFO conspiracy theory, and according to the BBC, his case bears resemblance to that of Gary McKinnon. Malicious intent or not, Bevan and Pryce demonstrated that even military networks are vulnerable.

Jeanson James Ancheta

Jeanson James Ancheta had no interest in hacking systems for credit card data or crashing networks to deliver social justice. Instead, Ancheta was curious about the use of bots—software-based robots that can infect and ultimately control computer systems. Using a series of large-scale "botnets," he was able to compromise more than 400,000 computers in 2005. According to Ars Technica, he then rented these machines out to advertising companies and was also paid to directly install bots or adware on specific systems. Ancheta was sentenced to 57 months in prison. This was the first time a hacker was sent to jail for the use of botnet technology.

Michael Calce

In February 2000, 15-year-old Michael Calce, also known as "Mafiaboy," discovered how to take over networks of university computers. He used their combined resources to disrupt the number-one search engine at the time: Yahoo. Within one week, he'd also brought down Dell, eBay, CNN and Amazon using a distributed-denial-of-service (DDoS) attack that overwhelmed corporate servers and caused their websites to crash. Calce's wake-up call was perhaps the most jarring for cyber crime investors and internet proponents. If the biggest websites in the world—valued at over $1 billion—could be so easily sidelined, was any online data truly safe? It's not an exaggeration to say that the development of cyber crime legislation suddenly became a top government priority thanks to Calce's hack.

Kevin Poulsen

In 1983, a 17-year-old Poulsen, using the alias Dark Dante, hacked into ARPANET, the Pentagon’s computer network. Although he was quickly caught, the government decided not to prosecute Poulsen, who was a minor at the time. Instead, he was let off with a warning.

Poulsen didn’t heed this warning and continued hacking. In 1988, Poulsen hacked a federal computer and dug into files pertaining to the deposed president of the Philippines, Ferdinand Marcos. When discovered by authorities, Poulsen went underground. While he was on the run, Poulsen kept busy, hacking government files and revealing secrets. According to his own website, in 1990, he hacked a radio station contest and ensured that he was the 102nd caller, winning a brand new Porsche, a vacation, and $20,000.

Poulsen was soon arrested and barred from using a computer for three years. He has since converted to white hat hacking and journalism, writing about cyber security and web-related socio-political causes for Wired, The Daily Beast and his own blog Threat Level. Paulson also teamed with other leading hackers to work on various projects dedicated to social justice and freedom of information. Perhaps most notably, working with Adam Swartz and Jim Dolan to develop the open-source software SecureDrop, initially known as DeadDrop. Eventually, Poulsen turned over the platform, which enabled secure communication between journalists and sources, to the Freedom of Press Foundation.

Jonathan James

Using the alias cOmrade, Jonathan James hacked several companies. According to the New York Times, what really earned James attention was his hack into the computers of the United States Department of Defense. Even more impressive was the fact that James was only 15 at the time. In an interview with PC Mag, James admitted that he was partly inspired by the book The Cuckoo’s Egg, which details the hunt for a computer hacker in the 1980s. His hacking allowed him to access over 3,000 messages from government employees, usernames, passwords and other sensitive data.

James was arrested in 2000 and was sentenced to a six months house arrest and banned from recreational computer use. However, a probation violation caused him to serve six months in jail. Jonathan James became the youngest person to be convicted of violating cyber crime laws. In 2007, TJX, a department store, was hacked and many customer’s private information were compromised. Despite a lack of evidence, authorities suspect that James may have been involved.

In 2008, James committed suicide by gunshot. According to the Daily Mail, his suicide note stated, “I have no faith in the 'justice' system. Perhaps my actions today, and this letter, will send a stronger message to the public. Either way, I have lost control over this situation, and this is my only way to regain control.”

ASTRA

This hacker differs from the others on this list in that he has never been publicly identified. However, according to the Daily Mail, some information has been released about ASTRA. Namely that he was apprehended by authorities in 2008, and at that time he was identified as a 58-year-old Greek mathematician. Reportedly, he had been hacking into the Dassault Group, for almost half a decade. During that time, he stole cutting edge weapons technology software and data which he then sold to 250 individuals around the world. His hacking cost the Dassault Group $360 million in damages. No one knows why his complete identity has never been revealed, but the word 'ASTRA' is a Sanskrit word for 'weapon'.

Some of these top hackers aimed to make the world a better place, others to prove UFO theories. Some wanted money and others hoped for fame. All these people played a critical role in the evolution of the internet and cyber security.

Rest in peace, Kevin Mitnick.

Developer Comments:

”This algorithm was presented at the ForenSecure 2017 conference on cybersecurity and forensics. The experts attending were not particularly happy after the talk, for their job of trying to detect hidden data had suddenly become quite a bit harder. One year later, I realized the general public might want to check out what it can do, hence this addon.”

PassLok stego is based on the F5 algorithm by Andreas Westfeld (2001), which is described at https://www2.htw-dresden.de/~westfeld/publikationen/21370289.pdf, which is extended to PNG images as well. In addition, PassLok does some simple tricks to preserve the DCT AC coefficient histogram almost perfectly, making it even harder to detect than F5.

Features

UnixPorn at its core

PwNixOS places a strong emphasis on delivering a top-notch graphical experience by providing a visually appealing and productivity-focused interface.

Hacking Tools

PwNixOS offers a wide array of tools and utilities out of the box to support your hacking endeavors. From advanced network analysis and penetration testing tools to powerful scripting languages and development environments, PwNixOS equips you with the necessary arsenal to explore and manipulate computer systems to your heart's content.

Package Management with Nix

One of the standout features of NixOS is its unique package management system called Nix. With Nix, you can easily install, update, and manage software packages on your system. What makes Nix special is its ability to provide isolated and reproducible environments for each package, ensuring that software installations do not interfere with one another. This allows for painless experimentation and easy rollback to previous configurations.

Declarative Configuration

NixOS follows a declarative approach to system configuration. Instead of making changes directly to the system, you define the desired state of your system in a configuration file or flake (like this one). This configuration specifies all the packages, services, and settings you want, providing a clear and reproducible blueprint for your system. This declarative nature simplifies system administration, enables easy replication of configurations across multiple machines, and facilitates version control of your system setup.

Custom packages

This flake has custom hacking tools that are uploaded to the NUR. The purpose of these tools is to fill in the gaps that exist today in the official repositories and create a full arsenal of tools, with well-known tools such as BloodHound and lesser-known tools such as psudohash.

The moderator/host of this instance has a great podcast about infosec.

Episode 18: Mastodon & Cyber-success w/ @rebootkid - Recorded on December 30, 2022

Edgar Cervantes / Android Authority

TL;DR

• Code within the official Reddit app suggests that the company is working on a Contributor program.

• Redditors in the US could earn real money for the gold and karma that their posts and comments receive.

• This will likely be subject to minimum withdrawal thresholds.

Reddit has been in the news recently for its API changes that killed popular Reddit apps and the subreddit protests that followed the announcement. The company believes the official Reddit app is all you need for a great community experience. We say the Reddit app is good for giving us a sneak peek at what the company is working on. In the near future, Reddit could introduce a Contributor program that will reward community contributors with real-world money.

An APK teardown helps predict features that may arrive on a service in the future based on work-in-progress code. However, it is possible that such predicted features may not make it to a public release.

Reddit v2023.27.0 for Android includes code that suggests that the online community platform is looking for ways to incentivize the community to be more proactive. Similar to how other platforms reward creators, Reddit could be exploring ways that would let community members convert the gold and karma they have received from other community members into real-world money that they can cash out. Check out the references below.

Code

Fake internet points are finally worth something! Now redditors can earn real money for their contributions to the Reddit community, based on the karma and gold they've been given. How it works:

• Redditors give gold to posts, comments, or other contributions they think are really worth something.
• Eligible contributors that earn enough karma and gold can cash out their earnings for real money.
• Contributors apply to the program to see if they're eligible.
• Top contributors make top dollar. The more karma and gold contributors earn, the more money they can receive. The code suggests that the program will initially have two tiers: Contributor and Top Contributor. Top Contributors will have better rates.

Further, from what we can discern, the payout could use Reddit gold as a currency, while the karma accumulated could be used to improve the rate of exchange for Reddit gold into real-world money (possibly USD). Note that the community itself passes around Reddit gold and karma to each other. Reddit gold is purchased with real-world money, while karma is a net figure of upvotes and downvotes on comments and posts.

Before you get too excited, the program appears to have some constraints around eligibility:

Code

Not just anyone can be a contributor. To join and stay in the program, contributors need to meet a few requirements:

• Be over 18 and live in the U.S.
• Only Safe for Work contributions qualify
• Earn xx gold and karma each month
• Provide verification information. You must have at least 10 gold and 100 karma to begin verification.
• NSFW accounts aren't eligible for the Contributors Program With a threshold of 10 gold and 100 karma for verification, the bare minimum is set at a high enough point to not be easy to game. Contributors will have to further earn an unspecified number of gold and karma each month to be eligible for payouts within the program.

Here is what could be the necessary information needed for verification:

Code

Provide the following information to get verified for the program and start earning:

• Email
• Personal Information
• Tax and bank account information The verification appears to be powered by Persona and Stripe.

Code

Once you hit the payment threshold, you'll automatically be paid out via your Stripe account.

• Approximate calculation before fees. Exchange rate and payment thresholds are subject to change. The payout threshold is not mentioned within the code, and neither is the monthly gold and karma requirement for being part of the contributor program.

Curiously, unlike the creator programs of other social platforms, Reddit’s purported Contributor Program will be routing community-purchased gold and karma back into the community. We could not locate any mentions of Contributors receiving any part of ad or subscription revenue from the platform, which is usually how the creator programs of other platforms work. In effect, the community would be incentivizing the community.

Do you think Reddit's contributor program is a good idea?

Note that the program, so far, does not explicitly mention any community moderators within its ambit, and no incentives have been carved out for them. However, since Reddit has not made any official announcements, things could change by the time the program goes live.

We’ve reached out to Reddit for comments and more information. We’ll update the article when we hear back from them.

Crypto Anarchy: Encryption, digital money, anonymous networks, digital pseudonyms, zero knowledge, reputations, information markets, black markets, collapse of governments.

#RISC-V WILL STOP HACKERS DEAD FROM GETTING INTO YOUR COMPUTER

by: Brian Benchoff

The greatest hardware hacks of all time were simply the result of finding software keys in memory. The AACS encryption debacle — the 09 F9 key that allowed us to decrypt HD DVDs — was the result of encryption keys just sitting in main memory, where it could be read by any other program. DeCSS, the hack that gave us all access to DVDs was again the result of encryption keys sitting out in the open.

Because encryption doesn’t work if your keys are just sitting out in the open, system designers have come up with ingenious solutions to prevent evil hackers form accessing these keys. One of the best solutions is the hardware enclave, a tiny bit of silicon that protects keys and other bits of information. Apple has an entire line of chips, Intel has hardware extensions, and all of these are black box solutions. They do work, but we have no idea if there are any vulnerabilities. If you can’t study it, it’s just an article of faith that these hardware enclaves will keep working.

Now, there might be another option. RISC-V researchers are busy creating an Open Source hardware enclave. This is an Open Source project to build secure hardware enclaves to store cryptographic keys and other secret information, and they’re doing it in a way that can be accessed and studied. Trust but verify, yes, and that’s why this is the most innovative hardware development in the last decade.

WHAT IS AN ENCLAVE?

Although as a somewhat new technology, processor enclaves have been around for ages. The first one to reach the public consciousness would be the Secure Enclave Processor (SEP) found in the iPhone 5S. This generation of iPhone introduced several important technological advancements, including Touch ID, the innovative and revolutionary M7 motion coprocessor, and the SEP security coprocessor itself. The iPhone 5S was a technological milestone, and the new at the time SEP stored fingerprint data and cryptographic keys beyond the reach of the actual SOC found in the iPhone.

The iPhone 5S SEP was designed to perform secure services for the rest of the SOC, primarily relating to the Touch ID functionality. Apple’s revolutionary use of a secure enclave processor was extended with the 2016 release of the Touch Bar MacBook Pro and the use of the Apple T1 chip. The T1 chip was again used for TouchID functionality, and demonstrates that Apple is the king of vertical integration.

But Apple isn’t the only company working on secure enclaves for their computing products. Intel has developed the SGX extension which allows for hardware-assisted security enclaves. These enclaves give developers the ability to hide cryptographic keys and the components for digital rights management inside a hardware-protected bit of silicon. AMD, too, has hardware enclaves with the Secure Encrypted Virtualization (SEV). ARM has Trusted Execution environments. While the Intel, AMD, and ARM enclaves are bits of silicon on other bits of silicon — distinct from Apple’s approach of putting a hardware enclave on an entirely new chip — the idea remains the same. You want to put secure stuff in secure environments, and enclaves allow you to do that.

Unfortunately, these hardware enclaves are black boxes, and while they do provide a small attack surface, there are problems. AMD’s SEV is already known to have serious security weaknesses, and it is believed SEV does not offer protection from malicious hypervisors, only from accidental hypervisor vulnerabilities. Intel’s Management engine, while not explicitly a hardware enclave, has been shown to be vulnerable to attack. The problem is that these hardware enclaves are black boxes, and security through obscurity does not work at all.

THE OPEN SOURCE SOLUTION

At last week’s RISC-V Summit (December 2018), researchers at UC Berkeley released their plans for the Keystone Enclave, an Open Source secure enclave based on the RISC-V (PDF). Keystone is a project to build a Trusted Execution Environment (TEE) with secure hardware enclaves based on the RISC-V architecture, the same architecture that’s going into completely Open Source microcontrollers and (soon) Systems on a Chip.

The goals of the Keystone project are to build a chain of trust, starting from a silicon Root of Trust stored in tamper-proof hardware. this leads to a Zeroth-stage bootloader and a tamper-proof platform key store. Defining a hardware Root of Trust (RoT) is exceptionally difficult; you can always decapsulate silicon, you can always perform some sort of analysis on a chip to extract keys, and if your supply chain isn’t managed well, you have no idea if the chip you’re basing your RoT on is actually the chip in your computer. However, by using RISC-V and its Open Source HDL, this RoT can at least be studied, unlike the black box solutions from Intel, AMD, and ARM vendors.

The current plans for Keystone include memory isolation, an open framework for building on top of this security enclave, and a minimal but Open Source solution for a security enclave.

Right now, the Keystone Enclave is testable on various platforms, including QEMU, FireSim, and on real hardware with the SiFive Unleashed. There’s still much work to do, from formal verification to building out the software stack, libraries, and adding hardware extensions.

This is a game changer for security. Silicon vendors and designers have been shoehorning in hardware enclaves into processors for nearly a decade now, and Apple has gone so far as to create their own enclave chips. All of these solutions are black boxes, and there is no third-party verification that these designs are inherently correct. The RISC-V project is different, and the Keystone Enclave is the best chance we have for creating a truly Open hardware enclave that can be studied and verified independently.

When quantum computers become powerful enough, they could theoretically crack the encryption algorithms that keep us safe. The race is on to find new ones.

By Tammy Xu

Tech Review Explains: Let our writers untangle the complex, messy world of technology to help you understand what's coming next. You can read more here.

Cryptographic algorithms are what keep us safe online, protecting our privacy and securing the transfer of information.

But many experts fear that quantum computers could one day break these algorithms, leaving us open to attack from hackers and fraudsters. And those quantum computers may be ready sooner than many people think.

That’s why there is serious work underway to design new types of algorithms that are resistant to even the most powerful quantum computer we can imagine.

What do these algorithms even do? Cryptographic algorithms turn readable data into a secret, unreadable form so it can be safely shared on the open internet. They are used to secure all types of digital communication, like traffic on websites and the content of emails, and they are necessary for basic privacy, trust, and security on the web. There are several types of standard cryptographic algorithms widely used today, including symmetric-key and public-key algorithms.

Symmetric-key encryption is what people usually think of as encryption. It allows data and messages to be scrambled using a “key” so they are indecipherable to anyone without the key. It’s commonly used for securing sensitive data stored in databases or hard drives. Even data breaches that compromise databases full of sensitive user information aren’t as bad if the underlying data is encrypted—hackers may get the encrypted data, but there’s still no way to read it.

Public-key algorithms are important too. They help get around the fundamental drawback of symmetric-key encryption, which is that you need a secure way to share symmetric keys in the first place. Public-key algorithms use a set of two keys, one that is privately kept by the recipient and one that is made public.

Anyone can use the receiver’s public key to scramble data, which only the receiver can unscramble using the private key. This method can be used to transfer symmetric keys and can even be used in reverse for digital signatures—because private keys are unique to the receiver, receivers can use them to validate their identity.

Why do these algorithms need to be quantum resistant? Cryptographic algorithms are able to keep data secret because they are mathematically intensive to break. It would take a modern computer trillions of years to break just one set of encryption keys using brute force.

But in the 1990s, before quantum computers were ever seriously talked about, mathematician Peter Shor discovered that the way a theoretical quantum computer would work happened to line up particularly well with cracking the kind of math used in public-key encryption.

Although no quantum computer existed at the time, other mathematicians were able to confirm that Shor’s Algorithm, as it became known, could theoretically be used by such computers to break public-key encryption. Now it’s widely accepted that once a working quantum computer with enough processing power is built, the algorithms we rely on today for public-key encryption will be easily breakable. The National Institute of Standards and Technology (NIST) predicts that quantum computers that can do this may be ready in just 10 to 20 years.

Luckily, symmetric-key encryption methods are not in danger because they work very differently and can be secured by simply increasing the size of the keys they use—that is, unless mathematicians can come up with a way for quantum computers to break those as well. But even increasing the key size can’t protect existing public-key encryption algorithms from quantum computers. New algorithms are needed.

What are the repercussions if quantum computers break encryption we currently use? Yeah, it’s bad. If public-key encryption were suddenly broken without a replacement, digital security would be severely compromised. For example, websites use public-key encryption to maintain secure internet connections, so sending sensitive information through websites would no longer be safe. Cryptocurrencies also depend on public-key encryption to secure their underlying blockchain technology, so the data on their ledgers would no longer be trustworthy.

There is also concern that hackers and nation-states might be hoarding highly sensitive government or intelligence data—data they can’t currently decipher—in order to decrypt it later once quantum computers become available.

How is work on quantum-resistant algorithms progressing? In the US, NIST has been looking for new algorithms that can withstand attacks from quantum computers. The agency started taking public submissions in 2016, and so far these have been narrowed down to four finalists and three backup algorithms. These new algorithms use techniques that can withstand attacks from quantum computers using Shor’s Algorithm.

Project lead Dustin Moody says NIST is on schedule to complete standardization of the four finalists in 2024, which involves creating guidelines to ensure that the new algorithms are used correctly and securely. Standardization of the remaining three algorithms is expected in 2028.

The work of vetting candidates for the new standard falls mostly to mathematicians and cryptographers from universities and research institutions. They submit proposals for post-quantum cryptographic schemes and look for ways to attack them, sharing their findings by publishing papers and building on each other’s different methods of attack.

In this way, they slowly weed out candidates that are successfully attacked or shown to have weaknesses in their algorithm. A similar process was used to create the standards we currently use for encryption.

However, there are no guarantees that a new type of clever quantum attack, or perhaps even conventional attack, won’t someday be discovered that can break these new algorithms.

“It’s impossible to prove that you can’t break it—the nonexistence of a mathematical algorithm is hard to impossible to prove,” says cryptographer Thomas Decru. But “if something stands the test of time in the world of cryptography, the trust grows.”

Lion is a formally verified, 5-stage pipeline RISC-V core. Lion targets the VELDT FPGA development board and is written in Haskell using Clash.

This repository contains four parts:

1. The Lion library: a pipelined RISC-V core.
2. lion-formal: formally verify the core using riscv-formal.
3. lion-soc: a System-on-Chip demonstrating usage of the Lion core on the VELDT.
4. lion-metric: Observe Yosys synthesis metrics on the Lion Core.

In my view, with RISC-V, it is finally within the realm of possibility for every single layer of a machine's architecture to be open source and formally verified. The development on this seems to have gone mostly dormant (and many of the toughest parts of the process remain).

I am posting this here because this sounds like a great foundation for a cypherpunk machine. My vision is for an end-to-end formally verified machine and OS. 99.9999999999% free of back doors, exploits. That's sort of impossible but this machine might have less of them. It would obviously require extreme hardening in comparison to a typical Linux machine.

This might be the foundation for something like "trusted hardware".

applications for such a machine:

• Lemmy/ActivityPub instance (this one would be the perfect candidate)
• secure communications
• pen testing
• voting machines
• stake pool/node/mining
• lite node for real-time on-site transaction verification

I don't nearly have the skills to approach this. But what I do have is time.

I thought I'd write about the last four years, an eventful time for Bitcoin and me.

For those who don't know me, I'm Hal Finney. I got my start in crypto working on an early version of PGP, working closely with Phil Zimmermann. When Phil decided to start PGP Corporation, I was one of the first hires. I would work on PGP until my retirement. At the same time, I got involved with the Cypherpunks. I ran the first cryptographically based anonymous remailer, among other activities.

Fast forward to late 2008 and the announcement of Bitcoin. I've noticed that cryptographic graybeards (I was in my mid 50's) tend to get cynical. I was more idealistic; I have always loved crypto, the mystery and the paradox of it.

When Satoshi announced Bitcoin on the cryptography mailing list, he got a skeptical reception at best. Cryptographers have seen too many grand schemes by clueless noobs. They tend to have a knee jerk reaction.

I was more positive. I had long been interested in cryptographic payment schemes. Plus I was lucky enough to meet and extensively correspond with both Wei Dai and Nick Szabo, generally acknowledged to have created ideas that would be realized with Bitcoin. I had made an attempt to create my own proof of work based currency, called RPOW. So I found Bitcoin facinating.

When Satoshi announced the first release of the software, I grabbed it right away. I think I was the first person besides Satoshi to run bitcoin. I mined block 70-something, and I was the recipient of the first bitcoin transaction, when Satoshi sent ten coins to me as a test. I carried on an email conversation with Satoshi over the next few days, mostly me reporting bugs and him fixing them.

Today, Satoshi's true identity has become a mystery. But at the time, I thought I was dealing with a young man of Japanese ancestry who was very smart and sincere. I've had the good fortune to know many brilliant people over the course of my life, so I recognize the signs.

After a few days, bitcoin was running pretty stably, so I left it running. Those were the days when difficulty was 1, and you could find blocks with a CPU, not even a GPU. I mined several blocks over the next days. But I turned it off because it made my computer run hot, and the fan noise bothered me. In retrospect, I wish I had kept it up longer, but on the other hand I was extraordinarily lucky to be there at the beginning. It's one of those glass half full half empty things.

The next I heard of Bitcoin was late 2010, when I was surprised to find that it was not only still going, bitcoins actually had monetary value. I dusted off my old wallet, and was relieved to discover that my bitcoins were still there. As the price climbed up to real money, I transferred the coins into an offline wallet, where hopefully they'll be worth something to my heirs.

Speaking of heirs, I got a surprise in 2009, when I was suddenly diagnosed with a fatal disease. I was in the best shape of my life at the start of that year, I'd lost a lot of weight and taken up distance running. I'd run several half marathons, and I was starting to train for a full marathon. I worked my way up to 20+ mile runs, and I thought I was all set. That's when everything went wrong.

My body began to fail. I slurred my speech, lost strength in my hands, and my legs were slow to recover. In August, 2009, I was given the diagnosis of ALS, also called Lou Gehrig's disease, after the famous baseball player who got it.

ALS is a disease that kills moter neurons, which carry signals from the brain to the muscles. It causes first weakness, then gradually increasing paralysis. It is usually fatal in 2 to 5 years. My symptoms were mild at first and I continued to work, but fatigue and voice problems forced me to retire in early 2011. Since then the disease has continued its inexorable progression.

Today, I am essentially paralyzed. I am fed through a tube, and my breathing is assisted through another tube. I operate the computer using a commercial eyetracker system. It also has a speech synthesizer, so this is my voice now. I spend all day in my power wheelchair. I worked up an interface using an arduino so that I can adjust my wheelchair's position using my eyes.

It has been an adjustment, but my life is not too bad. I can still read, listen to music, and watch TV and movies. I recently discovered that I can even write code. It's very slow, probably 50 times slower than I was before. But I still love programming and it gives me goals. Currently I'm working on something Mike Hearn suggested, using the security features of modern processors, designed to support "Trusted Computing", to harden Bitcoin wallets. It's almost ready to release. I just have to do the documentation.

And of course the price gyrations of bitcoins are entertaining to me. I have skin in the game. But I came by my bitcoins through luck, with little credit to me. I lived through the crash of 2011. So I've seen it before. Easy come, easy go.

That's my story. I'm pretty lucky overall. Even with the ALS, my life is very satisfying. But my life expectancy is limited. Those discussions about inheriting your bitcoins are of more than academic interest. My bitcoins are stored in our safe deposit box, and my son and daughter are tech savvy. I think they're safe enough. I'm comfortable with my legacy.

• Hal Finney

Part One

Part Two

A Cypherpunk's Manifesto

by Eric Hughes

Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn't want the whole world to know, but a secret matter is something one doesn't want anybody to know. Privacy is the power to selectively reveal oneself to the world.

If two parties have some sort of dealings, then each has a memory of their interaction. Each party can speak about their own memory of this; how could anyone prevent it? One could pass laws against it, but the freedom of speech, even more than privacy, is fundamental to an open society; we seek not to restrict any speech at all. If many parties speak together in the same forum, each can speak to all the others and aggregate together knowledge about individuals and other parties. The power of electronic communications has enabled such group speech, and it will not go away merely because we might want it to.

Since we desire privacy, we must ensure that each party to a transaction have knowledge only of that which is directly necessary for that transaction. Since any information can be spoken of, we must ensure that we reveal as little as possible. In most cases personal identity is not salient. When I purchase a magazine at a store and hand cash to the clerk, there is no need to know who I am. When I ask my electronic mail provider to send and receive messages, my provider need not know to whom I am speaking or what I am saying or what others are saying to me; my provider only need know how to get the message there and how much I owe them in fees. When my identity is revealed by the underlying mechanism of the transaction, I have no privacy. I cannot here selectively reveal myself; I must always reveal myself.

Therefore, privacy in an open society requires anonymous transaction systems. Until now, cash has been the primary such system. An anonymous transaction system is not a secret transaction system. An anonymous system empowers individuals to reveal their identity when desired and only when desired; this is the essence of privacy.

Privacy in an open society also requires cryptography. If I say something, I want it heard only by those for whom I intend it. If the content of my speech is available to the world, I have no privacy. To encrypt is to indicate the desire for privacy, and to encrypt with weak cryptography is to indicate not too much desire for privacy. Furthermore, to reveal one's identity with assurance when the default is anonymity requires the cryptographic signature.

We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy out of their beneficence. It is to their advantage to speak of us, and we should expect that they will speak. To try to prevent their speech is to fight against the realities of information. Information does not just want to be free, it longs to be free. Information expands to fill the available storage space. Information is Rumor's younger, stronger cousin; Information is fleeter of foot, has more eyes, knows more, and understands less than Rumor.

We must defend our own privacy if we expect to have any. We must come together and create systems which allow anonymous transactions to take place. People have been defending their own privacy for centuries with whispers, darkness, envelopes, closed doors, secret handshakes, and couriers. The technologies of the past did not allow for strong privacy, but electronic technologies do.

We the Cypherpunks are dedicated to building anonymous systems. We are defending our privacy with cryptography, with anonymous mail forwarding systems, with digital signatures, and with electronic money.

Cypherpunks write code. We know that someone has to write software to defend privacy, and since we can't get privacy unless we all do, we're going to write it. We publish our code so that our fellow Cypherpunks may practice and play with it. Our code is free for all to use, worldwide. We don't much care if you don't approve of the software we write. We know that software can't be destroyed and that a widely dispersed system can't be shut down.

Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act. The act of encryption, in fact, removes information from the public realm. Even laws against cryptography reach only so far as a nation's border and the arm of its violence. Cryptography will ineluctably spread over the whole globe, and with it the anonymous transactions systems that it makes possible.

For privacy to be widespread it must be part of a social contract. People must come and together deploy these systems for the common good. Privacy only extends so far as the cooperation of one's fellows in society. We the Cypherpunks seek your questions and your concerns and hope we may engage you so that we do not deceive ourselves. We will not, however, be moved out of our course because some may disagree with our goals.

The Cypherpunks are actively engaged in making the networks safer for privacy. Let us proceed together apace.

Onward.

Eric Hughes hughes@soda.berkeley.edu

9 March 1993