A slideshow about cypherpunks 2.0
The original cypherpunks were mostly Californian libertarians. I was from a different tradition but we all sought to protect individual freedom from state tyranny. Cryptography was our secret weapon. It has been forgotten how subversive this was. Cryptography was then the exclusive property of states, for use in their various wars. By writing our own software and disseminating it far and wide we liberated cryptography, democratised it and spread it through the frontiers of the new internet.
The resulting crackdown, under various "arms trafficking" laws, failed. Cryptography became standardised in web browsers and other software that people now use on a daily basis. Strong cryptography is a vital tool in fighting state oppression. That is the message in my book, Cypherpunks. But the movement for the universal availability of strong cryptography must be made to do more than this. Our future does not lie in the liberty of individuals alone.
[...]
These are just some of the important ways in which the message of the cypherpunks goes beyond the struggle for individual liberty. Cryptography can protect not just the civil liberties and rights of individuals, but the sovereignty and independence of whole countries, solidarity between groups with common cause, and the project of global emancipation. It can be used to fight not just the tyranny of the state over the individual but the tyranny of the empire over smaller states.
The cypherpunks have yet to do their greatest work. Join us.
A Cypherpunk's Manifesto
by Eric Hughes
Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn't want the whole world to know, but a secret matter is something one doesn't want anybody to know. Privacy is the power to selectively reveal oneself to the world.
If two parties have some sort of dealings, then each has a memory of their interaction. Each party can speak about their own memory of this; how could anyone prevent it? One could pass laws against it, but the freedom of speech, even more than privacy, is fundamental to an open society; we seek not to restrict any speech at all. If many parties speak together in the same forum, each can speak to all the others and aggregate together knowledge about individuals and other parties. The power of electronic communications has enabled such group speech, and it will not go away merely because we might want it to.
Since we desire privacy, we must ensure that each party to a transaction have knowledge only of that which is directly necessary for that transaction. Since any information can be spoken of, we must ensure that we reveal as little as possible. In most cases personal identity is not salient. When I purchase a magazine at a store and hand cash to the clerk, there is no need to know who I am. When I ask my electronic mail provider to send and receive messages, my provider need not know to whom I am speaking or what I am saying or what others are saying to me; my provider only need know how to get the message there and how much I owe them in fees. When my identity is revealed by the underlying mechanism of the transaction, I have no privacy. I cannot here selectively reveal myself; I must always reveal myself.
Therefore, privacy in an open society requires anonymous transaction systems. Until now, cash has been the primary such system. An anonymous transaction system is not a secret transaction system. An anonymous system empowers individuals to reveal their identity when desired and only when desired; this is the essence of privacy.
Privacy in an open society also requires cryptography. If I say something, I want it heard only by those for whom I intend it. If the content of my speech is available to the world, I have no privacy. To encrypt is to indicate the desire for privacy, and to encrypt with weak cryptography is to indicate not too much desire for privacy. Furthermore, to reveal one's identity with assurance when the default is anonymity requires the cryptographic signature.
We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy out of their beneficence. It is to their advantage to speak of us, and we should expect that they will speak. To try to prevent their speech is to fight against the realities of information. Information does not just want to be free, it longs to be free. Information expands to fill the available storage space. Information is Rumor's younger, stronger cousin; Information is fleeter of foot, has more eyes, knows more, and understands less than Rumor.
We must defend our own privacy if we expect to have any. We must come together and create systems which allow anonymous transactions to take place. People have been defending their own privacy for centuries with whispers, darkness, envelopes, closed doors, secret handshakes, and couriers. The technologies of the past did not allow for strong privacy, but electronic technologies do.
We the Cypherpunks are dedicated to building anonymous systems. We are defending our privacy with cryptography, with anonymous mail forwarding systems, with digital signatures, and with electronic money.
Cypherpunks write code. We know that someone has to write software to defend privacy, and since we can't get privacy unless we all do, we're going to write it. We publish our code so that our fellow Cypherpunks may practice and play with it. Our code is free for all to use, worldwide. We don't much care if you don't approve of the software we write. We know that software can't be destroyed and that a widely dispersed system can't be shut down.
Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act. The act of encryption, in fact, removes information from the public realm. Even laws against cryptography reach only so far as a nation's border and the arm of its violence. Cryptography will ineluctably spread over the whole globe, and with it the anonymous transactions systems that it makes possible.
For privacy to be widespread it must be part of a social contract. People must come and together deploy these systems for the common good. Privacy only extends so far as the cooperation of one's fellows in society. We the Cypherpunks seek your questions and your concerns and hope we may engage you so that we do not deceive ourselves. We will not, however, be moved out of our course because some may disagree with our goals.
The Cypherpunks are actively engaged in making the networks safer for privacy. Let us proceed together apace.
Onward.
Eric Hughes hughes@soda.berkeley.edu
9 March 1993
In 1989, when the internet was predominantly ASCII-based and HyperCard had yet to give birth (or at least act as a midwife) to the world wide web, R.U. Sirius launched Mondo 2000. “I’d say it was arguably the representative underground magazine of its pre-web day,” William Gibson said in a recent interview. “Posterity, looking at this, should also consider Mondo 2000 as a focus of something that was happening.”
Twenty years ago, it was cypherpunk that was happening.
And it’s happening again today.
http://www.cypherpunks.to/faq/cyphernomicron/cyphernomicon.txt
Table of Contents
Introduction
MFAQ--Most Frequently Asked Questions
Cypherpunks -- History, Organization, Agenda
Goals and Ideology -- Privacy, Freedom, New Approaches
Cryptology
The Need For Strong Crypto
PGP -- Pretty Good Privacy
Anonymity, Digital Mixes, and Remailers
Policy: Clipper,Key Escrow, and Digital Telephony
Legal Issues
Surveillance, Privacy, And Intelligence Agencies
Digital Cash and Net Commerce
Activism and Projects
Other Advanced Crypto Applications
Reputations and Credentials
Crypto Anarchy
The Future
Loose Ends and Miscellaneous Topics
Appendices
README
[Là-bas si j'y suis]
Pour toute une génération aujourd'hui dans le monde, Julian Assange est le héros qui invente Wikileaks, qui dévoile les crimes de guerre des États-Unis en Irak, qui diffuse des milliers de pages de documents officiels, qui fait trembler États et services de renseignement. Il prolonge l'esprit des journalistes qui ont révélé l'affaire du Watergate ou des Pentagone Papers.
Évidemment le pouvoir américain le poursuit par tous les moyens. Hilary Clinton veut sa peau, l'éditorialiste de Fox News lance des appels au meurtre contre Assange, partout le pouvoir exerce des pressions sur les médias, la Suède le poursuit pour abus sexuel, un moyen de l'attirer en Suède pour l'extrader aux Etats Unis où il risque la prison à vie, selon ses supporters. Le pays de la transparence et de la liberté d'expression, montre une image moins séduisante. Depuis des mois, le soldat Bradley Maning accusé d'avoir diffusé des secrets d'État par Wikileaks, risque la prison à perpétuité. Mis à l'isolement dans l'attente de son jugement, l'ONU dénonce les "tortures psychologiques" dont il fait l'objet.
Traqué de partout, Assange a trouvé refuge à l'ambassade de l'Équateur à Londres dans quelques mètres carrés, surveillé par des centaines de policiers. S'il met un pied dehors il est immédiatement arrêté. C'est là que nous le rencontrons aujourd'hui, à l'occasion d'un livre qu'il publie avec trois autres "Résistants numériques", MENACES SUR NOS LIBERTES (Robert Laffont).
Big brother aujourd'hui s'appelle GAFA (Google, Apple, Facebook, Amazon) sa dévise : DATA TO VALUE.
Comment Internet nous surveille, comment résister...
Avec Julian Assange et Jérémie Zimmerman de la Quadrature du Net
==================================================================
Les archives http://www.la-bas.org/
The first great conflict over cryptography and state power happened in the 1990s. In one corner were cryptographers equipped with subtle math, digital technologies, and new ideas. In the other were the Clinton administration and its National Security Agency (NSA), which sought to maintain and extend the federal government's control over cryptography. They struggled over the concept that cryptography could be classified as munitions, over requirements to include NSA-friendly chips in communication hardware, and, in general, over the shape of post–Cold War security.
The geeks eventually defeated the feds, freeing up crypto for public use. Cryptography became a huge force in business and private life, making ecommerce possible and enabling relatively secure interpersonal communication. At the same time, the rise of mobile devices and early social media raised new questions about privacy. In response, a "cypherpunk" movement arose, its name and attitude drawing on the cyberpunk subgenre of science fiction. Its proponents argued that only through personal use of encryption could individuals defend their right to communicate without interception.
Freedom and the Future of the InternetJULIAN ASSANGE
With JACOB APPLEBAUM, ANDY MÜELLER-MAGUHN and JÉRÉMIE ZIMMERMANN
L'éditeur américain OR Books a annoncé ce dimanche qu'il avait acquis les droits pour la publication du livre de Julian Assage, Cypherpunks, un nouvel ouvrage traitant de liberté et d'internet. On s'en serait douté.
Chiffrez tout !
Dès que l'on commence à parler de « sécurité » en informatique, il est facile de devenir paranoïaque : de qui veut on se protéger, qui peut nous protéger, que demande t'il pour le faire ? Peut on lui faire confiance ? Partons du principe que nous sommes en danger de mort si quelqu'un a accès à nos informations, nous avons besoin d'une confiance absolue, et pour cela, nous pouvons faire une croix sur des logiciels comme Skype (cf. l'Égypte / de Microsoft) ou UltraSurf (d'Ultrareach).
Il faut obligatoirement appréhender la sécurité comme un ensemble : physique, logiciel, architecture (architecture centralisée de BlackBerry) ou encore la surcouche opérateur (cf. « spyware » Carrier IQ).
Un bon système cryptographique est le plus souvent open-source (libre), massivement utilisé, et audité sur un laps de temps important (plusieurs années) par des programmeurs, des experts et des chercheurs. Les algorithmes « fermés » possèdent souvent des faiblesses.
La nationalité des logiciels est très importantes. Certains pays permettent l'utilisation de la cryptographie forte, mais pas son exportation (lire à ce propos l'histoire de Philip Zimmerman et de PGP ainsi que « laws concerning cryptography » de la société RSA. L'implantation d'une entreprise dans un pays peut être fait à la condition que les autorités puissent avoir accès aux serveurs, comme BlackBerry en Inde ou en Arabie Saoudite (et sans doute dans d'autres pays). La présence de spywares (comme des backdoors) peut aussi être de la partie (installation du système de surveillance d'Amesys en Libye) et des lois comme le Patriot Act américain peuvent forcer votre prestataire à laisser un accès à ses serveurs aux autorités.
Par exemple, la société Kryptos Communications développe un équivalent de l'application RedPhone de Whispersys avec des fonctionnalités alléchantes : Kryptos (chiffrement en AES 256 bit pour la communication, échange des clés d'authentification via RSA 2048 bit. Appels sécurisés via 3G, 4G, WiFi …), mais il faut avoir en tête certaines choses : Kryptos Communications est une société commerciale américaine (donc soumis au Patriot Act) qui propose un service payant (10 $/mois) avec inscription (et donc une base de données de ses utilisateurs), le tout avec un logiciel non open-source, qui fonctionne alors comme une boite noire, il est alors impossible de savoir ce qu'il fait vraiment.
Ce n'est pas parce que un logiciel utilise un ou plusieurs protocoles de cryptographie qu'il est pour autant fiable. Un des meilleurs exemple est « CrypTweet », qui permet d'envoyer des messages privés chiffrés sur Twitter. Les fonctionnalités sont intéressantes (SHA2, RSA et DES3), mais le tout mal implémenté et avec des manquements (pas de ssl pour accéder au serveur de clé public par exemple). Heureusement, le code source étant disponible (licence MIT), les problèmes ont été rapidement relevés.
En allant plus loin, l'accès direct à Google Play (anciennement Android Market), demande une authentification via un compte Gmail (autre service de Google) : pouvons-nous faire assez confiance à une entreprise qui collecte 600 gigaoctets de données (Wifi non sécurisés, SSID, adresses Mac, mais aussi pages web, textes, images, mots de passe) soi-disant à cause d'une « erreur de programmation » et dont le chiffre d'affaire provient de la vente de publicité ultra-ciblée ?
Pour finir, faites la différence entre un logiciel gratuit (freeware, ou « gratuiciel ») et un logiciel libre (free software}). Un freeware indique un logiciel « gratuit » mais en rien « libre », il peut être payant pour une utilisation commerciale et son code n'est pas accessible. Un logiciel libre permet son utilisation (le plus souvent gratuitement), son étude, sa modification (le code source étant disponible) et sa duplication en vue de sa diffusion. Cette différence est très importante, et quand on parle de cryptographie, elle peut sauver des vies.