In case people don't open the link or miss the disclosure:
Disclosure: CoinDesk is a subsidiary of Digital Currency Group, which has an ownership stake in Zcash Company, the for-profit entity supporting zcash's development.
For those of you who are down voting, perhaps you could explain why this case might be different from any other value hype. What happened to trust no one--verify?
He didn't receive any money for the movie Snowden (it was donated to The Guardian instead) [1]. He didn't sell any of the NSA data. He doesn't have a track record of profiting, apart from working (like we all do) and receiving some donations.
So the claim that Snowden is a proponent of Zcash because he has invested in it has no merit. There is zero proof for such statement, and his track record doesn't suggest it either.
>So the claim that Snowden is a proponent of Zcash because he has invested in it has no merit.
Maybe you're using hyperbole. The /suspicion/ at least, has plenty of merit. I agree that doing something like that would go against his track record, but believing a subjective statement on face value doesn't keep that track record intact (except in your own mind, maybe).
I trust Snowden's opinion as much as anyone here, but you can't ignore basic precautions simply because someone is popular for "the right reasons".
I very much think that Mr. Snowden would agree with my frame of mind on this. You may disagree.
Merit? I've seen no merit whatsoever. A vague conspiracy theory, that's what I've seen.
> I trust Snowden's opinion as much as anyone here, but you can't ignore basic precautions simply because someone is popular for "the right reasons".
What you propose doesn't fall under basic precautions; it is a conspiracy theory. And one consisting of very little theory, I'm afraid.
For the record your two quotes:
"I'm suspicious of this."
"For those of you who are down voting, perhaps you could explain why this case might be different from any other value hype. What happened to trust no one--verify?"
You're trying to shift the blame. The burden of proof lies at you.
So you would trust anything he says on face value? Regardless of what he might stand to gain? My only point is that having a substantial amount of faith in anyone, when the stakes are high, is folly. That's the entire point of blockchain technology. I'm not openly accusing him of anything. Im only stating that, as for myself, I regard the statement (given its content) with a reasonable amount of suspicion. Again, you may disagree.
> My only point is that having a substantial amount of faith in anyone, when the stakes are high, is folly.
Because he has credibility due to his track record. That's the basis of how networking works. The authors of software such as TLS, Whonix, Tor, Tails, Debian, all have a certain amount of credibility within their peers as well as the general public.
We stand on the shoulders of giants.
Yes, credibility can be abused; as a matter of fact, he did abuse his credibility. Snowden broke his credibility to the NSA (and US government), but for a greater good of both the people of the USA as well as the international community. The price he paid? He lost his well paid job, he lost seeing his family and friends, he lost the luxury life in the USA, his house and any and all of his assets, and a substantial part of the USA hates him (tho a more vast, significant part in the world, is thankful). Ie. his credibility with the rest of the world has substantially increased.
Now, you may think he may abuse his credibility, and it'd be a great plot for a movie, but that doesn't make it realistic. And why? Isn't the same true for any programmer on Zcash, Bitcoin, Etherium, and anything else? If you claim you cannot trust anyone, how can you live with yourself? Are you sure that's air you're breathing? Are you sure the color white is white? You'll end up with a full blown paranoid psychosis if you go with that line of reasoning (speaking from personal experience as well here). My point is that, at the very basic level, we need to trust and take some basics for granted (and, all of us do).
So what we need from you, is some kind of facts (not theory) as to why we cannot trust Snowden. The fact, as far as I can tell, contradict what you wrote: Snowden hasn't acted in the past based on financial gains. For example, he didn't sell NSA information to media or foreign agencies. Instead, his actions were solely based on moral grounds plus personal survival (hence he ended up in Russia).
I'd like to end my post that, yes, people who are psychopaths would very well end up doing something you described. I have no indication Snowden is a psychopath; tho I'm not sure about those he worked for at the CIA and NSA.
>The authors of software such as TLS, Whonix, Tor, Tails, Debian, all have a certain amount of credibility...
All of which are open source == independently verifiable. TOR would not be recommended as highly as it is if it were a closed-source binary.
>If you claim you cannot trust anyone, how can you live with yourself?
Hilarious when people speak down to you like this. You're inflating my (very clear, i feel) statement to mean something I don't think i said.
>I'd like to end my post that, yes, people who are psychopaths would very well end up doing something you described.
For someone who claims to have had issues with mental stability, you seem very quick to use that label. /Anyone/ is capable of /anything/. The only variable is choice. There are many variables which can factor into people justifying immoral actions at any given time. Its easy to demonize others whom you disagree with, but you would do well to understand that the reality is not as simple as 'us vs. them'. Every single actor on the world stage has their own reasons and motivations for what they do. Not all of them align with your personal wellbeing.
> All of which are open source == independently verifiable.
Sure, sure.
Independently verifiable. That's why we had the Debian OpenSSL PRNG fiasco [1]. Your reponse to deterministic builds? "Not needed, its open source after all, independently verifiable." Of course it is needed, just because its open source doesn't mean you can trust the provided binaries. Heck, there was a time where Debian didn't even sign .deb packages. Also, nevermind the spaghetti of OpenSSL and Heartbleed which lead to BoringSSL and LibreSSL.
Yet, its important to realize we don't assume malice here. We don't assume these people who did this were evil until we have substantial proof. Their track record and positions suggest such as well. We assume they're innocent (albeit, ignorant), and that is BTW also in the HN guidelines.
> Hilarious when people speak down to you like this. You're inflating my (very clear, i feel) statement to mean something I don't think i said.
How so? You claim we should be suspicious of everyone.
At the same time, you provided no proof which suggests we should doubt Snowden's motives, generally or specifically. Only vague rhetoric.
> Its easy to demonize others whom you disagree with
No, stop shifting the blame. YOU are the one who is demonizing someone else (Snowden) without anything to back up your claims. Instead of this theater, put your money where your mouth is and show us your proof.
Such a weak reason to write up an article about ZCash that it comes off as shill. Debating Snowden's skillset or motivations is a waste of time. I think he was just referring to the concepts behind ZCash, not the technical implementation. And even if it was the latter, a 140 character tweet isn't the place to state the why/how of his methodology when arriving at such a statement.
Every crypto-currency has it's zealots but that's not to detract from what Snowden said about Monero, labelling it "amateur crypto".
Ring signatures have been around longer than zk-snarks so time will tell on that comment.
I do however believe Zcash could be doing a better job for privacy, notably by mandating private transactions once the new "JUBJUB"optimizations have been merged [0].
If all you have is a cryptocurrency, then I don't think you have anything that interesting. They've proven useful for buying drugs, but beyond that they've not created many new business opportunities. I don't have an exhaustive knowledge of cryptos, but Ethereum is extensible which is interesting. GNU came out with a crypto that they say is unsuited for illegal activities. Being even more secure than Bitcoin just makes you more appealing to an even smaller set of Bitcoin users.
«beyond that they've not created many new business opportunities»
What an understatement. As of 2 years ago, at least 729 Bitcoin businesses were created¹, received $1 billion in investments², and employed thousands of persons.
Investments are the opposite of what I'm talking about. Where are the returns? What are the new businesses? If you throw a million dollars into a hole, you can't say the useless hole industry is a million dollar idea. If you build a new railroad line, tell me what cities it connects, not how much people have spent building it. I'm well aware there's interest in bitcoin. But the only industry, besides itself, that it's revolutionized is drugs. And it doesn't offer a way to grow, there's no innovating on bitcoin. There's innovating on crypto, and because of that it's that innovation that has the potential to matter. Fine, it's private. Is that it? That's not enough.
Bitcoin revolutionizes payments. There is major growth happening because there is simply no other system that works as well as Bitcoin for fast international payments, as it works for all ("permissionless"), 24/7 (doesn't close on weekends and bank holidays), and quickly (10min block time).
It's hard to quantify exactly how much Bitcoin helps the economy on a global scale beyond these BitPay stats, because of the inherent decentralized nature of the tech. But we know it reduces payment friction, so it indirectly increases economic activity of its users.
I don't agree with any part of your statement. But even if I did,
> They've proven useful for buying drugs, but beyond that they've not created many new business opportunities.
that's a pretty huge market. I don't think that you can both acknowledge that something is useful for one of the most fundamental human activities (acquiring psychoactive plants and compounds) and at the same time that it is entirely uninteresting.
Intimating that privacy is only for illegal transactions is the "I have nothing to hide" of money. It doesn't hold in that domain either: traditionally money is one of the domains people want to be most private about from their neighbors, not just Uncle Sam.
Credit cards as the way to do e-commerce never sat right with me; I only reluctantly started using one in the later 90s. Coincidentally today is "Crypto Is Currency Day" promoting actually buying stuff online with Zcash, Monero, etc., not just holding it: https://cryptoiscurrency.com/
It changes that "he was a sharepoint admin". He was a lot more. He wrote the backup software that was used to distribute drone video/data feeds around the globe. He was a trained offensive security engineer.
Before he was known for the NSA leaks he was still a privacy activist who helped teach people about cryptography. It's not totally unrelated, especially since Zcash's selling point is that it offers more privacy than Bitcoin.
I thought it was reasonably widely believed that he took the job at the NSA specifically so he could figure out what they were doing wrong and leak it.
Yeah sure, people believe what they want to believe. Or we could just accept that until 2013 he was just another wheel in the giant machinery that is the NSA and that his morals changed - for whatever reason. But he was with the bad guys.
> Yeah sure, people believe what they want to believe. Or we could just accept that until 2013 he was just another wheel in the giant machinery that is the NSA and that his morals changed - for whatever reason.
His motives and how he ultimately ended up leaking information is well documented in the 2014 documentary Citizenfour [1] and the 2016 movie Snowden [2].
> But he was with the bad guys.
Are there shades of grey or nuances or is the NSA the root of all evil? Its impossible to care about security as NSA employee? Teaching US civilians how to use GPG means you're trying to protect civilians against the NSA? The world isn't black and white.
His motives? He worked happily for the CIA from 2007 - 2009. Then he worked for Booz Allen Hamilton/NSA from 2009 to 2013. That's seven years of employment in the security-industrial complex. Was he playing the long game then?
>"Its impossible to care about security as NSA employee?"
I don't think the question is security but privacy and no, it's hard to imagine sincerely caring about other's privacy and working for an organization that regularly disrespects it as a matter of course.
Documentaries like autobiographies are often a vehicle for revisionist history. In regards to [2], Hollyood is not really considered a good source of historical accuracy.
> His motives? He worked happily for the CIA from 2007 - 2009. Then he worked for Booz Allen Hamilton/NSA from 2009 to 2013. That's seven years of employment in the security-industrial complex. Was he playing the long game then?
Your question is answered in depth in the documentary, in the movie, and in various interviews (written, as well as videos). Imagine someone who's patriotic at heart, who picks up signs where he's starting to doubt the things he's doing are patriotic (e.g. on the longer term, or in their specific targets). That's Snowden in a nutshell.
You're also seemingly unaware Snowden attempted to disclose the information before.
Furthermore, elsewhere in this thread HN user sig links to an article where he admits he did join "Booz Allen to gather evidence of surveillance".
> I don't think the question is security but privacy
Semantics, both are entwined in case as GPG. The latter depends on the former, and GPG is very much related to security just as well.
> Documentaries like autobiographies are often a vehicle for revisionist history.
And often they're not. They're used to tell one side of the story. The other one's the US government's take on the matter.
> In regards to [2], Hollyood is not really considered a good source of historical accuracy.
Not a statement of much, if any, value.
It wasn't the sole source I stated. If you'd have a look on Wikipedia article, you could learn how the movie was made (research-wise there's quite some details). If you'd have seen both docu and move you'd know how close the movie is to the docu (although also dramatised as mentioned in the movie itself, btw).
>"Your question is answered in depth in the documentary ..."
It wasn't an actual question it was rhetorical. I've seen the documentary, I don't buy it all. I find his sincerity questionable. Similarly his Twitter profile shows he is the President at @FreedomofPress, yet he takes refuge in a country that that is one of the most deplorable in terms of media freedom.
>"Semantics, both are entwined in case as GPG."
No it's not semantics and if you want distort it like that, both security and privacy are under assault by that same NSA.
>"Not a statement of much, if any, value."
But sighting a Hollywood movie as evidence of accuracy is? Sure, right that makes a lot of sense.
> Similarly his Twitter profile shows he is the President at @FreedomofPress, yet he takes refuge in a country that that is one of the most deplorable in terms of media freedom.
That's because we live in a world where there is no country that's good at media freedom. We have the US, which is interested in exposing Russia's crimes and hiding its own; Russia, which is interested in exposing the US's crimes and hiding its own, various somewhat less powerful countries that are effectively allied with one or the other, and various significantly less powerful countries that don't have the ability to anger either.
What country do you think he should have taken refuge in?
>"We have the US, which is interested in exposing Russia's crimes and hiding its own; Russia, which is interested in exposing the US's crimes and hiding its own,"
Please name one crime that the US media hid from the American people? Everything and everyone in the US is fair game.
>"What country do you think he should have taken refuge in?"
That's not the point, the point is he emigrates to Putin's Russia and then becomes President at @FreedomofPress. And for a refresher on the state of media freedom in Russia:
Cute list, Sweden at #2, I suppose Assange should go to Sweden as well?
What you say is completely and utterly irrelevant in the context where the United States of America would use extradition agreements to get Snowden back on US soil, for example by basing themselves on this ridiculous law [1]. Notwithstanding that Snowden did a service to the countries in your list.
Germany did not pardon Snowden, so he didn't go there.
Bottomline is, such a list is secondary to Snowden's personal freedom, his primary interest (don't confuse that with your lack of care about his personal freedom). His personal freedom is [somewhat] protected in Russia, but not in Sweden, Germany, or The Netherlands because the claw of the US government reaches that far. TL;DR he'd have been an utter idiot if he went to the EU.
Reporters Without Borders is a 35 year old non-profit institution that promotes and defends freedom of information and freedom of the press around. It's incredibly respected and has local watch-dog offices all over the world.
Every time you are confronted with facts and you shift the focus to something else. Now you are discussing Julian Assange? But since you brought him up, he is another one who has taken up refuge in a country where censorship is rampant and press freedom is abysmal:
>"Bottomline is, such a list is secondary to Snowden's personal freedom,"
How very selective for both Snowden and Assange that being a pawn of corrupt regimes that have no respect for press freedoms is acceptable as long as you have another bogeyman to point at.
So it's OK for them to condone the behavior of those governments provided that both of them are recipients of their favors? They are both principled where and when it's convenient for them. I didn't think principles were something that could be selectively applied. I'm sure they both appreciate that your doing their bidding though.
> Reporters Without Borders is a 35 year old non-profit institution that promotes and defends freedom of information and freedom of the press around. It's incredibly respected and has local watch-dog offices all over the world.
Every time you are confronted with facts and you shift the focus to something else. Now you are discussing Julian Assange? But since you brought him up, he is another one who has taken up refuge in a country where censorship is rampant and press freedom is abysmal:
Newsflash Sherlock: Reporters Without Borders credibility isn't related to extradition laws with the USA. Those 2 variables are not affecting each other, yet the latter is very much relevant here for the freedom and perhaps even life of Snowden.
I already told you this once in my previous post, and you carefully dance around that cause it doesn't suit your agenda. What you say regarding RWB is irrelevant, as Snowden wouldn't be long in that country. He'd have been send a one way ticket to the USA instead, and he'd have gotten a secret trial. What matters is looking at the situation and facts as they occurred and being practical. Now you are going to tell us which country Snowden should've fled to instead of Russia. Go ahead, share the magic faerie-tale country which would've been better according to your one criteria of Reporters Without Borders. Then I will tell you 1) the plane from Ecuador didn't stop at that country (and Snowden got stuck in Russia thanks to US action). 2) Furthermore, he wouldn't been long in said country as I already described.
> I'm sure they both appreciate that your doing their bidding though.
And I am sure the US government is pleased you're doing theirs with your baseless character assassinations.
> Similarly his Twitter profile shows he is the President at @FreedomofPress, yet he takes refuge in a country that that is one of the most deplorable in terms of media freedom.
His destination wasn't Russia. He went from Hong Kong to Ecuador and got stuck in transit at Sheremetyevo International Airport because the US government revoked his password while he was flying from Hong Kong. Efforts to get him to Germany (with pardon) failed.
As for media freedom in our Western so-called free world, look at what happened with news agency The Guardian, how they had to discard material which was in the interest of the general population of the UK and the world.
It isn't just "widely believed", it is something he admitted to doing. I am not sure why you are being downvoted for saying it.
>For the first time, Snowden has admitted he sought a position at Booz Allen Hamilton so he could collect proof about the US National Security Agency's secret surveillance programmes ahead of planned leaks to the media.
>"My position with Booz Allen Hamilton granted me access to lists of machines all over the world the NSA hacked," he told the Post on June 12. "That is why I accepted that position about three months ago."
>...Asked if he specifically went to Booz Allen Hamilton to gather evidence of surveillance, he replied: "Correct on Booz."[1]
Coworkers started to become suspicious of his intentions years earlier when he was with the CIA.
>Just as Edward J. Snowden was preparing to leave Geneva and a job as a C.I.A. technician in 2009, his supervisor wrote a derogatory report in his personnel file, noting a distinct change in the young man’s behavior and work habits, as well as a troubling suspicion.
>The C.I.A. suspected that Mr. Snowden was trying to break into classified computer files to which he was not authorized to have access, and decided to send him home, according to two senior American officials. [2]
The next sentence in that linked article states the documents leaked were from Booz Allen. He didn't have any proof to leak until he took the job. Therefore "he took the job at [Booz Allen] specifically so he could figure out what they were doing wrong and leak it." That is a fact. We don't know when he became intent on trying to whistleblow and whether it was while he was with the CIA or Dell, but it was clearly before working at Booz Allen. He never worked directly at the NSA.
ZCash is only as secure as you trust 9 people and their ceremony. There's gotta be a way to do consensus about zero-knowledge proofs that's a little more... you know ... decentralized.
Before you guys start saying, banks don't trust Bitcoin either because transactions are controlled by like 5 mining pools and the occasional lucky lottery winner. If they blacklist your address, your "permissionless" currency starts looking a lot more like a frozen bank account.
«ZCash is only as secure as you trust 9 people and their ceremony»
No. You only need to trust 1 of 9 persons. The cryptographic algorithm works so that if 1 honest and 8 malicious persons participate, then the output can be 100% trusted. I do think it would have been interesting to allow hundreds of random participants to take part in the ceremony. But I'm not sure what the technical hurdles would have been (eg. what if one person abandons the process in the middle, does the whole ceremony has to be restarted?)
I believe there's a hardfork planned to add more features (like light client support) that will need another ceremony and the Zcash team is planning on there being hundreds of participants.
> There's gotta be a way to do consensus about zero-knowledge proofs that's a little more... you know ... decentralized.
Not really, no. There is no known scheme that has similar properties but non-trusted setup. There's not a proof that it's impossible either, so something might get invented. But at the moment, no.
That said I share the criticism. Even with trusted setup it could have been done much better.
> There is no known scheme that has similar properties but non-trusted setup. There's not a proof that it's impossible either, so something might get invented. But at the moment, no.
With a very different set of tradeoffs. MW does not provide anonymity. It provides, at best, pseudo-anonymity with coinjoin mixing by default, with N=2 in the implementations being considered. Careful repeated application with the right counter-parties can compound that into larger anonymity sets. That's a step forward from bitcoin, for sure. And if you're very careful, it could achieve whatever privacy requirement you might have.
The Zcash-like approach on the other hand is to provide a transaction mode where your anonymity set is everyone who has ever transacted with the system before. That's N=everybody; the source of funds is entirely obscured.
The two achieve totally different goals, with a different set of tradeoffs. Apples to oranges.
If I understand correctly a recent presentation by Eli Ben-Sasson, one of ZCash's scientists, there is now at least one ZK system with this 'transparent' property (needing no trusted setup), but it is not yet practical for a blockchain currency. See Ben-Sasson on "STARK": https://www.youtube.com/watch?v=HJ9K_o-RRSY
Yes, as interesting a development as zcash is, you need more trust in the 9 people at that one-off ceremony than you do in a central bank.
Monero's ring signatures have their drawbacks, but they don't require trust. It is hard to see his rationale for referring to it as an "amateur effort".
Ring signatures with small anonymity sets have very serious privacy drawbacks, but they have more sensible assumptions for protecting the monetary base integrity.
zk-SNARKs are the opposite: they don't compromise on privacy at all, but require stronger assumptions to protect the monetary base.
ZCash has unsolveable issues, Monero has solveable issues. I don't see that as a tradeoff.
zk-SNARKS have no privacy issues, but to trust ZCash you require absolute trust in the zcash ceremony. This is an issue for many, including me. This ceremony has happened, there is no way for me to prove to myself that the private keys were not stored somewhere. Although I can prove to myself it is decentralised and private, I can't see how I could ever prove to myself that noone can cheat and generate coins with minimal effort, thus devaluing mine. I just have to trust the founders.
Monero's Ring signatures require no trust, but they have privacy problems in the case of small rings. This is solveable by restricting to large rings (as a hard fork will enforce this September[1]), and at that point, I can see how to convince myself that the system is decentralised, private, and noone can generate coins without appropriate mining effort.
Zcash's zk-SNARKs are totally private even if that ceremony failed and even if the cryptographic assumptions underlying zk-SNARKs fall apart.
I find the comparison with Bitcoin perfect. The same people trusting PoW cartels to keep their system operational are complaining that zk-SNARKs require a parameter setup for proof soundness? That doesn't really make sense to me.
Zero-knowledge proofs for a given statement, by definition, reveal nothing about its witness. zk-SNARKs (used by Zcash) are statistically zero-knowledge; there are no cryptographic assumptions involved.
As a slight aside, I always wondered if zero-knowledge proofs really reveal "slight" knowledge.
That is, if I ask 1 billion questions about a resource, and get true, verifiable answers, can't I find out something about it? For example, some projection onto a linear subspace or something.
"If they blacklist your address, your "permissionless" currency starts looking a lot more like a frozen bank account."
Interesting aspect. Could you please clariy _who_ could blacklist _what_ address? It's not exactly clear what you were referring to.
The software those people ran is a single point of failure that hasn't been properly audited. As one of those people, all I know is I attempted to faithfully run a DVD image; I have no idea if that DVD image was backdoored.
Only when you opt-in to using shielded transactions. Which up until the recent upgrade took a ton of CPU power and RAM to do.
Combine that with two of the founders saying they're OK with backdoors (Green) and making it too traceable for criminals (Zooko) plus a 20% cut of all the currency for years and it starts looking sort of bad. (Yes it's 10% overall, but instead of showing long-term trust in their project, they decided to grab 20% really quick.)
Monero is far from perfect. Their ringsize is pitiful. But it works well, doesn't require heavy hardware, and privacy is mandatory. Plus it feels like a real community effort, not commandeered by a group that's open to making things traceable or demanding a huge cut.
>Which up until the recent upgrade took a ton of CPU power and RAM to do.
It's nothing beyond what most laptops can do in a few seconds; the main issue is that it's enough that they decided not to make it the default mode, and many services like exchanges don't make anonymous transactions when sending to users. (A user can always then immediately move that zcash to an anonymous address afterwards, but that does mean it's somewhat public that $service made a transaction of X amount at a certain time.) Hopefully they'll change the default sometime since they've announced that they've found ways to massively improve the efficiency.
To be fair, Snowden wasn't endorsing Zcash based on his own cryptographic or security expertise, he was responding in agreement to a tweet regarding the cryptographic background of the Zcash developers with a general statement that privacy is important with regard to cryptocurrencies[0].
The primary reason anyone cares what Snowden thinks is his celebrity - it should be a non-story, although the Twitter thread is an interesting read.
As of November, 2016, Snowden's opinions have altogether stopped being relevant, and I no longer have any confidence that he acts in good faith. The guy almost certainly lives in an FSB safe-house in Moscow, the very same FSB that just helped to launch a brazen attack on our electoral process. This is not a coincidence. Snowden and like-minded people (Assange, Greenwald, Manning) were very deliberately used as Russian pawns to help divide the left and libertarians against themselves, making them unable to form a functional democratic coalition. They've also helped the FSB demonize - and attempted to neuter - the US Intelligence Community charged with defending us against this aggression while cozying up to one of the most autocratic and corrupt regimes in the world. Why anyone here takes Snowden seriously is beyond me. You can be privacy-conscious without cozying up to someone who continues to betray his country to the benefit of a corrupt dictator.
I thought that Crowdstrike's report equated APT28 signatures with GRU, not FSB.
To defend Snowden, I haven't seen overt regime support for Putin besides a softball question being asked during the Russian President's Q&A session two years ago.
Assange's support for the regime's talking points is comically earnest to the point that he has completely given up his credibility.
The left and the libertarians have always been divided, they've never been a coalition, why would they start now? I mean I agree Russia fucked with the election, but I wouldn't group Snowden with Assange, Greenwalk, and Manning. Assange in particular is out to bring down the U.S. empire, his motives are always in question even if the information he chooses to release is real. Snowden is the only one in that list that deserves any respect.
I'm not attacking any movement, I'm saying I think Snowden did a just thing and I respect it and have no reason to distrust his motives; the same is not true for Assange who's made it clear he wants to topple America. I watched Wiki leaks display bias in the election in a clear attempt to take down Clinton, so I don't trust his motives and have every reason to doubt him. Had he attacked both sides equally, it'd be a different case, but his motive was clear, do the most damaging thing he could to us, help Trump.
It is clear to me that he is brave, principled and committed to privacy. It is not clear to me that his skills extend beyond that of the average sysadmin.
An "average sysadmin" would not be (anywhere near) capable of setting up a VPN so that non-technical journalists can access a considerably sized document stash - but which not even the most powerful and well-funded spy agency on the planet can break into.
I was referring to his initial assistance to Poitras, actually (which apparently involved setting her up with enhanced email encryption, not setting up a VPN per se).
So people can get jollies downvoting me for misremembering something I last read about 4 years ago, if they want. The bigger point is that the depiction of Snowden as simply a "SharePoint administrator" is clearly off base, according to multiple journalistic accounts (which are very easily findable).
I don't think he had more technical capability than a typical SharePoint administrator at the time of his leaks. Setting up a VPN is pretty much sysadmin work. Digital Ocean had excellent guides on setting up OpenVPN and IPSec tunnels on CentOS in 2012.
SharePoint administration is credible tech work, it's just unrelated to programming and crypto.
He has had time to learn about any subject he wants to since. He may very well be a privacy or crypto expert now. If he wants to become an authority on any of that knowledge, he'll need to write about it with justification. Otherwise, why would anyone take him at face value?
I don't think he had more technical capability than a typical SharePoint administrator at the time of his leaks.
Well again there were several journalistic pieces at the time that summarized his work both for the CIA and as a contractor that (taken together) make it pretty clear that, while he's not like some domain expert, his crypto and security skills (before the leak) went significantly beyond that of a typical sysadmin. And again, they're pretty easy to find my keyword searching and the like.
I flubbed the detail about the VPN though -- apparently all he did for Poitras was set her up with a (significantly) enhanced mail drop.
While at the CIA, he occupied a traditional Active Directory administrator position overseas. Prior to that, he was doing physical security, I believe.
His Dell position in Japan was possibly more broad, I don't know. His Dell position in Hawaii, however, was rote SharePoint and Active Directory administration, according to the articles I've read.
I'm interested in reading a credible article about his skills in cryptography, etc. if you have them on hand.
I don't follow him too closely, actually, so I wouldn't have the articles handy. But as I recall the WP for him was pretty thick with references as to the details of his various gigs.
He has experience with how well metadata is being utilized to control popular opinion. He's since become President of https://freedom.press/about
I was a highschool student; that isn't a relevant argument to dismiss my opinion on any topic
Granted a relevant argument will be separate from my identity, but while we're in ad hominem we might as well defend this article's plea to authority fallacy
For the same reason people care what Jay-Z thinks about laptops or whatever. Because he is a celebrity.
Hell, I remember some unremarkable actor (Kutcher, I guess?) being hired at Intel for some quazi-technical job a couple of years ago. Because marketing.
And you are wondering why Snowden (some hackerish dude that worked at some super-secret government agency and revealed how USA spies on everyone — or something like that) has something to say about everything privacy/security-related.
Labeling Monero as "amateur crypto" detracts from his credibility a lot. The crypto Monero uses is older and more tested than the new crypto in Zcash and the development in Monero seems very professional. It's not perfect of course but it's far from amateurish.
It's just a reference to the Monero devs saying "Don't buy Monero" as they don't want to make the financial recommendation to invest in a coin under very active development.
Yet ignores the founders of zCash saying they can make a backdoor for police and make it too traceable for criminals.
>Green says that he and his fellow researchers are not interested in facilitating criminal activity with Zerocoin. "Zerocoin would give you this incredible privacy guarantee, then we could add on some features which let the police, for instance, to be able to track money laundering. A back door."
That alone scares me off of it, and why we're suggesting people use Monero to invest with us. I know that was a while ago, and zerocoin isn't zCash but combined with Zooko's tweets about making zCash too traceable for criminals, no thanks. The crypto is too new, so who knows how they could go about hiding a backdoor.
It's so odd anyone would ever work with these guys given their attitude and statements.
That's a very weird statement, and I wish there were some more context behind it in the article - is this a cryptographic or protocol-level back door, or is this just the idea that you can start with an anonymous system and add tracing (but you can't start with a visible system and add anonymity)? It could be either, and I'm not sure how to read it.
That's not an explanation. It's just an assertion they'd not do bad stuff, ignoring what he previously tweeted. Neither is his stuff about it being compatible with law enforcement. A real explanation would follow through the thought and say exactly how they can make zCash "too traceable for criminals".
Especially when Green has his own quote saying they're OK building backdoors for police.
Or maybe that is their entire plan. Say something slightly sketchy, knowing any real criminal will be too paranoid to trust it. Worked for me.
I want to rely on a cryptosystem which means that at a protocol level, the designers can't build in backdoors for police even if they want to. Then I don't have to worry about their public statements. Maybe they're firmly ideologically opposed today and get a court order tomorrow. (This is exactly what happened with well-intentioned scam artist Ladar Levison: he built a system that didn't have the cryptographic properties he promised, and the government called his bluff. He didn't particularly desire to help the government, but he had no choice.)
The question is, do we believe that there's room in the Zcash protocol for a cryptographic back door?
I am unable to judge zcash and must rely on other cues. So when the founders seem to be saying they're OK with backdoors, it makes me think hey, given the chance maybe there's something they could do.
Anyways once they get mandatory shielded transactions I'll look at it in more depth and see if I can get comfortable.
- Aren't zerocoin and zerocash two different currencies? Did you mean to say zerocash in your previous comment?
- If what Matt Green is saying is true, is there a way to create a backdoor in Monero or any other new crypto that comes along?
- One of the reservations that I have around z-cash is the "don't roll your own crypto" mantra even if you are an experienced, academic cryptographer? Is z-cash inherently more risky because its using newer crypto?
I know, but it's the history of the person I'm looking at. Monero could well have weaknesses. That's why I don't rely on it. In fact, I know it has weaknesses. Monero's problem is they do not adequately tell people how to use it safely. The marketing is all about how Monero is safe, not about its limitation. Dangerous game for them to play.
It's not about rolling own crypto. My understanding is that zcash is more risky due to the newer concepts involved.
This is all theoretical right now anyways. Without more support for shielded transactions, it isn't feasible to use zcash to clean Bitcoin or other cryptocurrencies. Exchange volumes of XMR-ZEC are also too small from what I can see to make stacking them useful.
That said, we are reconsidering things. We will probably add zcash as a payment method sometime this week.
Why start up world wide? Why not start only in jurisdictions where what you're doing is legal? Wouldn't that give yourselves an opportunity to build and test all the layers of your company in a relatively safe environment before moving into markets like the US?
Not starting worldwide. Launch city Toronto. There are essentially no jurisdictions where we'd be legal. Places that have legal sex work usually make surrounding activities legal. Places where it's fully legal have regulatory issues we wouldn't pass.
US targeted for mid-2018 after we have a few cities smoothly operating.
> I am unable to judge zcash and must rely on other cues. So when the founders seem to be saying they're OK with backdoors, it makes me think hey, given the chance maybe there's something they could do.
This approach is vulnerable to an easy attack: get government funding, design a cryptosystem with lots of backdoors, and proudly proclaim that you will never add one and you will absolutely stand up to the government.
I think you should find a better way to evaluate cryptosystems.
Matt Green here. This statement has been trotted out a lot by people who I don’t honestly feel are offering it up with any kind of good faith.
As you suggested, all I meant is that once you have a fully anonymous currency it’s always possible to deliberately weaken that privacy if you want to. I think that sort of decision is up to the currency adopters. But to be clear, that kind of feature is absolutely not included in ZCash. Anyone who implies so is selling FUD. Since the ZCash code and design is fully open source this is easily verifiable, and plenty of people have looked.
For the record: as a researcher I deal with a lot of people who’ve told me that privacy technology is fundamentally dangerous. One standard response I give them is that this is crazy: a fully private currency is the right starting point. If you want to make a fork of ZCash that has less privacy, you can do that and I won’t stop you. But that isn’t ZCash.
I don't mean it in bad faith. I am one of the people you and Zooko talk about preventing from using zCash. That's very offputting and since I cannot audit zCash it makes me nervous. People tell me zcash is very advanced and thus hard to understand and audit for other people too: newer crypto.
I am not implying any backdoor, just that it seems you are sympathetic to such works. I don't follow Zooko's explanation that he wasn't talking about zcash but about some other unmentioned layer. If it's a generic statement about all currencies, why bring it up and mention zcash in the same breath?
Its curious to see, I travel around a bit and I'm always astounded how many countries still use cash and have backwards banking infrastructure.
You'd think transferring money from one account to another should be near instantaneous and require no third party. If bitcoins can shake the rest of the world into the modern age I'm all for it.
Love the assertion of critical thinking taking place. Nets out to be petty banter.
I think at any given time Snowden doesn't have a lot of liquid assets to do a Jamie Dimon and swing the markets on a trade. Hence I think his intentions are sound coupled with his known scruples.
Monero was found traceable recently. Period. Fixed or not doesn't matter, to him it's a risk for a) being tracable b) having bugs.
Lastly, it's a tweet from one person getting wrapped around the axel overthinking it. Next.
They describe the whole ceremony the guys go through to generate the random secret key that seeds their algorithm and needs to be kept secret in order to prevent anybody from counterfeiting coins. It was an elaborate setup supposedly designed to prevent people from observing any details they might be able to use to reverse engineer the algorithm. But, despite all their insistance on bespoke cloak and dagger shit, there were a lot of times the process could have been broken:
- They're supposed to be driving to a randomly selected electronics store to buy the laptop that will generate the number; but the guy makes an "unscheduled" stop at a costume store so he can buy a wizard hat (and potentially hand off information with a third party who wants to know their destination, or to pick up some kind of surveillance device)
- When the time comes to type random numbers on the laptop keyboard, the guy covers his hands and the keyboard. Arguable pro there is that nobody can see which keys he touches, but the big obvious con is that he can slip that USB device he picked up at the costume shop into one of the USB ports.
- People are using their phones while this whole process is going on? Ok, seems counterproductive to all that paranoid security they were trying to have...
- Oh look, they noticed strange indicators that strongly suggested somebody's phone got hacked and was being used to spy on their skype conversation? Somebody that paranoid should have immediately shut the process down and restarted it at a later date. They didn't do that? Something sure is fishy with the guy running this thing.
Here's Peter Todd's writeup of his part in the setup ceremony: https://petertodd.org/2016/cypherpunk-desert-bus-zcash-trust... . For what it's worth, he was completely physically separate from anyone else in the ceremony, and no such shenanigans are described in his part of it. As long as any one of the 9 did their part correctly, then it's good. His writeup is not without criticism of the Zcash system though.
149 comments
[ 2.8 ms ] story [ 198 ms ] threadDisclosure: CoinDesk is a subsidiary of Digital Currency Group, which has an ownership stake in Zcash Company, the for-profit entity supporting zcash's development.
He didn't receive any money for the movie Snowden (it was donated to The Guardian instead) [1]. He didn't sell any of the NSA data. He doesn't have a track record of profiting, apart from working (like we all do) and receiving some donations.
So the claim that Snowden is a proponent of Zcash because he has invested in it has no merit. There is zero proof for such statement, and his track record doesn't suggest it either.
[1] https://en.wikipedia.org/wiki/Snowden_(film)
Maybe you're using hyperbole. The /suspicion/ at least, has plenty of merit. I agree that doing something like that would go against his track record, but believing a subjective statement on face value doesn't keep that track record intact (except in your own mind, maybe).
I trust Snowden's opinion as much as anyone here, but you can't ignore basic precautions simply because someone is popular for "the right reasons".
I very much think that Mr. Snowden would agree with my frame of mind on this. You may disagree.
Merit? I've seen no merit whatsoever. A vague conspiracy theory, that's what I've seen.
> I trust Snowden's opinion as much as anyone here, but you can't ignore basic precautions simply because someone is popular for "the right reasons".
What you propose doesn't fall under basic precautions; it is a conspiracy theory. And one consisting of very little theory, I'm afraid.
For the record your two quotes:
"I'm suspicious of this."
"For those of you who are down voting, perhaps you could explain why this case might be different from any other value hype. What happened to trust no one--verify?"
You're trying to shift the blame. The burden of proof lies at you.
Because he has credibility due to his track record. That's the basis of how networking works. The authors of software such as TLS, Whonix, Tor, Tails, Debian, all have a certain amount of credibility within their peers as well as the general public.
We stand on the shoulders of giants.
Yes, credibility can be abused; as a matter of fact, he did abuse his credibility. Snowden broke his credibility to the NSA (and US government), but for a greater good of both the people of the USA as well as the international community. The price he paid? He lost his well paid job, he lost seeing his family and friends, he lost the luxury life in the USA, his house and any and all of his assets, and a substantial part of the USA hates him (tho a more vast, significant part in the world, is thankful). Ie. his credibility with the rest of the world has substantially increased.
Now, you may think he may abuse his credibility, and it'd be a great plot for a movie, but that doesn't make it realistic. And why? Isn't the same true for any programmer on Zcash, Bitcoin, Etherium, and anything else? If you claim you cannot trust anyone, how can you live with yourself? Are you sure that's air you're breathing? Are you sure the color white is white? You'll end up with a full blown paranoid psychosis if you go with that line of reasoning (speaking from personal experience as well here). My point is that, at the very basic level, we need to trust and take some basics for granted (and, all of us do).
So what we need from you, is some kind of facts (not theory) as to why we cannot trust Snowden. The fact, as far as I can tell, contradict what you wrote: Snowden hasn't acted in the past based on financial gains. For example, he didn't sell NSA information to media or foreign agencies. Instead, his actions were solely based on moral grounds plus personal survival (hence he ended up in Russia).
I'd like to end my post that, yes, people who are psychopaths would very well end up doing something you described. I have no indication Snowden is a psychopath; tho I'm not sure about those he worked for at the CIA and NSA.
All of which are open source == independently verifiable. TOR would not be recommended as highly as it is if it were a closed-source binary.
>If you claim you cannot trust anyone, how can you live with yourself?
Hilarious when people speak down to you like this. You're inflating my (very clear, i feel) statement to mean something I don't think i said.
>I'd like to end my post that, yes, people who are psychopaths would very well end up doing something you described.
For someone who claims to have had issues with mental stability, you seem very quick to use that label. /Anyone/ is capable of /anything/. The only variable is choice. There are many variables which can factor into people justifying immoral actions at any given time. Its easy to demonize others whom you disagree with, but you would do well to understand that the reality is not as simple as 'us vs. them'. Every single actor on the world stage has their own reasons and motivations for what they do. Not all of them align with your personal wellbeing.
Sure, sure.
Independently verifiable. That's why we had the Debian OpenSSL PRNG fiasco [1]. Your reponse to deterministic builds? "Not needed, its open source after all, independently verifiable." Of course it is needed, just because its open source doesn't mean you can trust the provided binaries. Heck, there was a time where Debian didn't even sign .deb packages. Also, nevermind the spaghetti of OpenSSL and Heartbleed which lead to BoringSSL and LibreSSL.
Yet, its important to realize we don't assume malice here. We don't assume these people who did this were evil until we have substantial proof. Their track record and positions suggest such as well. We assume they're innocent (albeit, ignorant), and that is BTW also in the HN guidelines.
> Hilarious when people speak down to you like this. You're inflating my (very clear, i feel) statement to mean something I don't think i said.
How so? You claim we should be suspicious of everyone.
At the same time, you provided no proof which suggests we should doubt Snowden's motives, generally or specifically. Only vague rhetoric.
> Its easy to demonize others whom you disagree with
No, stop shifting the blame. YOU are the one who is demonizing someone else (Snowden) without anything to back up your claims. Instead of this theater, put your money where your mouth is and show us your proof.
[1] https://www.schneier.com/blog/archives/2008/05/random_number...
Demonizing, no. Simply expressing a lack of faith in human nature.
Ring signatures have been around longer than zk-snarks so time will tell on that comment.
I do however believe Zcash could be doing a better job for privacy, notably by mandating private transactions once the new "JUBJUB"optimizations have been merged [0].
[0] - https://z.cash/blog/cultivating-sapling-faster-zksnarks.html
What an understatement. As of 2 years ago, at least 729 Bitcoin businesses were created¹, received $1 billion in investments², and employed thousands of persons.
¹https://venturescannerinsights.wordpress.com/2015/09/04/the-...
²http://money.cnn.com/2015/11/02/technology/bitcoin-1-billion...
See for example the growth and use of Bitcoin witnessed by payment processor BitPay: https://blog.bitpay.com/bitpay-growth-2017/
It's hard to quantify exactly how much Bitcoin helps the economy on a global scale beyond these BitPay stats, because of the inherent decentralized nature of the tech. But we know it reduces payment friction, so it indirectly increases economic activity of its users.
The Ransomware business model has really taken off as well.
> They've proven useful for buying drugs, but beyond that they've not created many new business opportunities.
that's a pretty huge market. I don't think that you can both acknowledge that something is useful for one of the most fundamental human activities (acquiring psychoactive plants and compounds) and at the same time that it is entirely uninteresting.
Credit cards as the way to do e-commerce never sat right with me; I only reluctantly started using one in the later 90s. Coincidentally today is "Crypto Is Currency Day" promoting actually buying stuff online with Zcash, Monero, etc., not just holding it: https://cryptoiscurrency.com/
Don't get me wrong, I'm grateful for his sacrifice, and I think he deserves to be pardoned.
He wasn't just a sharepoint admin.
He wasn't just a sharepoint admin.
https://www.forbes.com/sites/runasandvik/2014/05/27/that-one...
So he was a privacy activist while he worked at the NSA? Isn't this a bit like being a healthcare activist and working for McDonalds?
Also he worked for the CIA prior to the NSA:
https://en.wikipedia.org/wiki/Edward_Snowden
His motives and how he ultimately ended up leaking information is well documented in the 2014 documentary Citizenfour [1] and the 2016 movie Snowden [2].
> But he was with the bad guys.
Are there shades of grey or nuances or is the NSA the root of all evil? Its impossible to care about security as NSA employee? Teaching US civilians how to use GPG means you're trying to protect civilians against the NSA? The world isn't black and white.
[1] https://en.wikipedia.org/wiki/Citizenfour
[2] https://en.wikipedia.org/wiki/Snowden_(film)
>"Its impossible to care about security as NSA employee?"
I don't think the question is security but privacy and no, it's hard to imagine sincerely caring about other's privacy and working for an organization that regularly disrespects it as a matter of course.
Documentaries like autobiographies are often a vehicle for revisionist history. In regards to [2], Hollyood is not really considered a good source of historical accuracy.
Your question is answered in depth in the documentary, in the movie, and in various interviews (written, as well as videos). Imagine someone who's patriotic at heart, who picks up signs where he's starting to doubt the things he's doing are patriotic (e.g. on the longer term, or in their specific targets). That's Snowden in a nutshell.
You're also seemingly unaware Snowden attempted to disclose the information before.
Furthermore, elsewhere in this thread HN user sig links to an article where he admits he did join "Booz Allen to gather evidence of surveillance".
> I don't think the question is security but privacy
Semantics, both are entwined in case as GPG. The latter depends on the former, and GPG is very much related to security just as well.
> Documentaries like autobiographies are often a vehicle for revisionist history.
And often they're not. They're used to tell one side of the story. The other one's the US government's take on the matter.
> In regards to [2], Hollyood is not really considered a good source of historical accuracy.
Not a statement of much, if any, value.
It wasn't the sole source I stated. If you'd have a look on Wikipedia article, you could learn how the movie was made (research-wise there's quite some details). If you'd have seen both docu and move you'd know how close the movie is to the docu (although also dramatised as mentioned in the movie itself, btw).
It wasn't an actual question it was rhetorical. I've seen the documentary, I don't buy it all. I find his sincerity questionable. Similarly his Twitter profile shows he is the President at @FreedomofPress, yet he takes refuge in a country that that is one of the most deplorable in terms of media freedom.
>"Semantics, both are entwined in case as GPG."
No it's not semantics and if you want distort it like that, both security and privacy are under assault by that same NSA.
>"Not a statement of much, if any, value."
But sighting a Hollywood movie as evidence of accuracy is? Sure, right that makes a lot of sense.
That's because we live in a world where there is no country that's good at media freedom. We have the US, which is interested in exposing Russia's crimes and hiding its own; Russia, which is interested in exposing the US's crimes and hiding its own, various somewhat less powerful countries that are effectively allied with one or the other, and various significantly less powerful countries that don't have the ability to anger either.
What country do you think he should have taken refuge in?
No, there's no shortage of countries that have good media freedom:
https://rsf.org/en/ranking#
>"We have the US, which is interested in exposing Russia's crimes and hiding its own; Russia, which is interested in exposing the US's crimes and hiding its own,"
Please name one crime that the US media hid from the American people? Everything and everyone in the US is fair game.
>"What country do you think he should have taken refuge in?"
That's not the point, the point is he emigrates to Putin's Russia and then becomes President at @FreedomofPress. And for a refresher on the state of media freedom in Russia:
https://www.washingtonpost.com/news/worldviews/wp/2017/03/23...
Cute list, Sweden at #2, I suppose Assange should go to Sweden as well?
What you say is completely and utterly irrelevant in the context where the United States of America would use extradition agreements to get Snowden back on US soil, for example by basing themselves on this ridiculous law [1]. Notwithstanding that Snowden did a service to the countries in your list.
Germany did not pardon Snowden, so he didn't go there.
Bottomline is, such a list is secondary to Snowden's personal freedom, his primary interest (don't confuse that with your lack of care about his personal freedom). His personal freedom is [somewhat] protected in Russia, but not in Sweden, Germany, or The Netherlands because the claw of the US government reaches that far. TL;DR he'd have been an utter idiot if he went to the EU.
[1] https://en.wikipedia.org/wiki/Espionage_Act_of_1917
Every time you are confronted with facts and you shift the focus to something else. Now you are discussing Julian Assange? But since you brought him up, he is another one who has taken up refuge in a country where censorship is rampant and press freedom is abysmal:
https://knightcenter.utexas.edu/blog/00-17891-attacks-freedo...
https://en.wikipedia.org/wiki/Censorship_in_Ecuador
>"Bottomline is, such a list is secondary to Snowden's personal freedom,"
How very selective for both Snowden and Assange that being a pawn of corrupt regimes that have no respect for press freedoms is acceptable as long as you have another bogeyman to point at.
So it's OK for them to condone the behavior of those governments provided that both of them are recipients of their favors? They are both principled where and when it's convenient for them. I didn't think principles were something that could be selectively applied. I'm sure they both appreciate that your doing their bidding though.
Newsflash Sherlock: Reporters Without Borders credibility isn't related to extradition laws with the USA. Those 2 variables are not affecting each other, yet the latter is very much relevant here for the freedom and perhaps even life of Snowden.
I already told you this once in my previous post, and you carefully dance around that cause it doesn't suit your agenda. What you say regarding RWB is irrelevant, as Snowden wouldn't be long in that country. He'd have been send a one way ticket to the USA instead, and he'd have gotten a secret trial. What matters is looking at the situation and facts as they occurred and being practical. Now you are going to tell us which country Snowden should've fled to instead of Russia. Go ahead, share the magic faerie-tale country which would've been better according to your one criteria of Reporters Without Borders. Then I will tell you 1) the plane from Ecuador didn't stop at that country (and Snowden got stuck in Russia thanks to US action). 2) Furthermore, he wouldn't been long in said country as I already described.
> I'm sure they both appreciate that your doing their bidding though.
And I am sure the US government is pleased you're doing theirs with your baseless character assassinations.
1. I said US (as in the government), not US media.
2. You, uh, realize we're in a thread about Edward Snowden, right? Are you familiar with what he did?
> the point is he emigrates to Putin's Russia and then becomes President at @FreedomofPress.
So? What is this point relevant to?
His destination wasn't Russia. He went from Hong Kong to Ecuador and got stuck in transit at Sheremetyevo International Airport because the US government revoked his password while he was flying from Hong Kong. Efforts to get him to Germany (with pardon) failed.
As for media freedom in our Western so-called free world, look at what happened with news agency The Guardian, how they had to discard material which was in the interest of the general population of the UK and the world.
>For the first time, Snowden has admitted he sought a position at Booz Allen Hamilton so he could collect proof about the US National Security Agency's secret surveillance programmes ahead of planned leaks to the media.
>"My position with Booz Allen Hamilton granted me access to lists of machines all over the world the NSA hacked," he told the Post on June 12. "That is why I accepted that position about three months ago."
>...Asked if he specifically went to Booz Allen Hamilton to gather evidence of surveillance, he replied: "Correct on Booz."[1]
Coworkers started to become suspicious of his intentions years earlier when he was with the CIA.
>Just as Edward J. Snowden was preparing to leave Geneva and a job as a C.I.A. technician in 2009, his supervisor wrote a derogatory report in his personnel file, noting a distinct change in the young man’s behavior and work habits, as well as a troubling suspicion.
>The C.I.A. suspected that Mr. Snowden was trying to break into classified computer files to which he was not authorized to have access, and decided to send him home, according to two senior American officials. [2]
[1] - http://www.scmp.com/news/hong-kong/article/1268209/snowden-s...
[2] - http://www.nytimes.com/2013/10/11/us/cia-warning-on-snowden-...
https://petertodd.org/2016/cypherpunk-desert-bus-zcash-trust...
https://www.reddit.com/r/Monero/comments/6a26rh/peter_todd_h...
Before you guys start saying, banks don't trust Bitcoin either because transactions are controlled by like 5 mining pools and the occasional lucky lottery winner. If they blacklist your address, your "permissionless" currency starts looking a lot more like a frozen bank account.
There are better ways :)
No. You only need to trust 1 of 9 persons. The cryptographic algorithm works so that if 1 honest and 8 malicious persons participate, then the output can be 100% trusted. I do think it would have been interesting to allow hundreds of random participants to take part in the ceremony. But I'm not sure what the technical hurdles would have been (eg. what if one person abandons the process in the middle, does the whole ceremony has to be restarted?)
Not really, no. There is no known scheme that has similar properties but non-trusted setup. There's not a proof that it's impossible either, so something might get invented. But at the moment, no.
That said I share the criticism. Even with trusted setup it could have been done much better.
Already invented. It's called MimbleWimble.
The Zcash-like approach on the other hand is to provide a transaction mode where your anonymity set is everyone who has ever transacted with the system before. That's N=everybody; the source of funds is entirely obscured.
The two achieve totally different goals, with a different set of tradeoffs. Apples to oranges.
Monero's ring signatures have their drawbacks, but they don't require trust. It is hard to see his rationale for referring to it as an "amateur effort".
Ring signatures with small anonymity sets have very serious privacy drawbacks, but they have more sensible assumptions for protecting the monetary base integrity.
zk-SNARKs are the opposite: they don't compromise on privacy at all, but require stronger assumptions to protect the monetary base.
zk-SNARKS have no privacy issues, but to trust ZCash you require absolute trust in the zcash ceremony. This is an issue for many, including me. This ceremony has happened, there is no way for me to prove to myself that the private keys were not stored somewhere. Although I can prove to myself it is decentralised and private, I can't see how I could ever prove to myself that noone can cheat and generate coins with minimal effort, thus devaluing mine. I just have to trust the founders.
Monero's Ring signatures require no trust, but they have privacy problems in the case of small rings. This is solveable by restricting to large rings (as a hard fork will enforce this September[1]), and at that point, I can see how to convince myself that the system is decentralised, private, and noone can generate coins without appropriate mining effort.
[1] https://getmonero.org/2017/09/13/september-15-2017-protocol-...
I find the comparison with Bitcoin perfect. The same people trusting PoW cartels to keep their system operational are complaining that zk-SNARKs require a parameter setup for proof soundness? That doesn't really make sense to me.
On the face of it, that sounds very wrong. Could you elaborate on what you were saying?
That is, if I ask 1 billion questions about a resource, and get true, verifiable answers, can't I find out something about it? For example, some projection onto a linear subspace or something.
The software those people ran is a single point of failure that hasn't been properly audited. As one of those people, all I know is I attempted to faithfully run a DVD image; I have no idea if that DVD image was backdoored.
For the crowd, Zcash obfuscates the sending address, the receiving address, and even the amount transacted, using zero-knowledge proofs.
Combine that with two of the founders saying they're OK with backdoors (Green) and making it too traceable for criminals (Zooko) plus a 20% cut of all the currency for years and it starts looking sort of bad. (Yes it's 10% overall, but instead of showing long-term trust in their project, they decided to grab 20% really quick.)
Monero is far from perfect. Their ringsize is pitiful. But it works well, doesn't require heavy hardware, and privacy is mandatory. Plus it feels like a real community effort, not commandeered by a group that's open to making things traceable or demanding a huge cut.
See matthewdgreen response elsewhere in this thread. This is FUD.
https://news.ycombinator.com/item?id=15370744
It's nothing beyond what most laptops can do in a few seconds; the main issue is that it's enough that they decided not to make it the default mode, and many services like exchanges don't make anonymous transactions when sending to users. (A user can always then immediately move that zcash to an anonymous address afterwards, but that does mean it's somewhat public that $service made a transaction of X amount at a certain time.) Hopefully they'll change the default sometime since they've announced that they've found ways to massively improve the efficiency.
No. Zooko denied it: https://twitter.com/zooko/status/864341289374023680
The primary reason anyone cares what Snowden thinks is his celebrity - it should be a non-story, although the Twitter thread is an interesting read.
[0]https://twitter.com/Snowden/status/913544739542241282
To defend Snowden, I haven't seen overt regime support for Putin besides a softball question being asked during the Russian President's Q&A session two years ago.
Assange's support for the regime's talking points is comically earnest to the point that he has completely given up his credibility.
A line in the same vein as such others we've heard before:
"Schwartz doesn't count because he gave up."
"For Assange it's mostly about himself, and a little bit about anonymity."
"Kim Dotcom doesn't rank with the likes of ... because he's a profiteering off of it."
These lines attack the Free Information movement by peeling off those at its edges one by one.
This is just silly. His skills are clearly way broader and deeper than that.
It is clear to me that he is brave, principled and committed to privacy. It is not clear to me that his skills extend beyond that of the average sysadmin.
For example.
So people can get jollies downvoting me for misremembering something I last read about 4 years ago, if they want. The bigger point is that the depiction of Snowden as simply a "SharePoint administrator" is clearly off base, according to multiple journalistic accounts (which are very easily findable).
I don't think he had more technical capability than a typical SharePoint administrator at the time of his leaks. Setting up a VPN is pretty much sysadmin work. Digital Ocean had excellent guides on setting up OpenVPN and IPSec tunnels on CentOS in 2012.
SharePoint administration is credible tech work, it's just unrelated to programming and crypto.
He has had time to learn about any subject he wants to since. He may very well be a privacy or crypto expert now. If he wants to become an authority on any of that knowledge, he'll need to write about it with justification. Otherwise, why would anyone take him at face value?
Well again there were several journalistic pieces at the time that summarized his work both for the CIA and as a contractor that (taken together) make it pretty clear that, while he's not like some domain expert, his crypto and security skills (before the leak) went significantly beyond that of a typical sysadmin. And again, they're pretty easy to find my keyword searching and the like.
I flubbed the detail about the VPN though -- apparently all he did for Poitras was set her up with a (significantly) enhanced mail drop.
His Dell position in Japan was possibly more broad, I don't know. His Dell position in Hawaii, however, was rote SharePoint and Active Directory administration, according to the articles I've read.
I'm interested in reading a credible article about his skills in cryptography, etc. if you have them on hand.
It's fun to question the author, but it's unclear if you actually read it.
I was a highschool student; that isn't a relevant argument to dismiss my opinion on any topic
Granted a relevant argument will be separate from my identity, but while we're in ad hominem we might as well defend this article's plea to authority fallacy
Hell, I remember some unremarkable actor (Kutcher, I guess?) being hired at Intel for some quazi-technical job a couple of years ago. Because marketing.
And you are wondering why Snowden (some hackerish dude that worked at some super-secret government agency and revealed how USA spies on everyone — or something like that) has something to say about everything privacy/security-related.
>Green says that he and his fellow researchers are not interested in facilitating criminal activity with Zerocoin. "Zerocoin would give you this incredible privacy guarantee, then we could add on some features which let the police, for instance, to be able to track money laundering. A back door."
https://www.newscientist.com/blogs/onepercent/2013/03/bitcoi...
That alone scares me off of it, and why we're suggesting people use Monero to invest with us. I know that was a while ago, and zerocoin isn't zCash but combined with Zooko's tweets about making zCash too traceable for criminals, no thanks. The crypto is too new, so who knows how they could go about hiding a backdoor.
It's so odd anyone would ever work with these guys given their attitude and statements.
Especially when Green has his own quote saying they're OK building backdoors for police.
Or maybe that is their entire plan. Say something slightly sketchy, knowing any real criminal will be too paranoid to trust it. Worked for me.
The question is, do we believe that there's room in the Zcash protocol for a cryptographic back door?
Anyways once they get mandatory shielded transactions I'll look at it in more depth and see if I can get comfortable.
- Aren't zerocoin and zerocash two different currencies? Did you mean to say zerocash in your previous comment?
- If what Matt Green is saying is true, is there a way to create a backdoor in Monero or any other new crypto that comes along?
- One of the reservations that I have around z-cash is the "don't roll your own crypto" mantra even if you are an experienced, academic cryptographer? Is z-cash inherently more risky because its using newer crypto?
It's not about rolling own crypto. My understanding is that zcash is more risky due to the newer concepts involved.
This is all theoretical right now anyways. Without more support for shielded transactions, it isn't feasible to use zcash to clean Bitcoin or other cryptocurrencies. Exchange volumes of XMR-ZEC are also too small from what I can see to make stacking them useful.
That said, we are reconsidering things. We will probably add zcash as a payment method sometime this week.
Why start up world wide? Why not start only in jurisdictions where what you're doing is legal? Wouldn't that give yourselves an opportunity to build and test all the layers of your company in a relatively safe environment before moving into markets like the US?
US targeted for mid-2018 after we have a few cities smoothly operating.
This approach is vulnerable to an easy attack: get government funding, design a cryptosystem with lots of backdoors, and proudly proclaim that you will never add one and you will absolutely stand up to the government.
I think you should find a better way to evaluate cryptosystems.
As you suggested, all I meant is that once you have a fully anonymous currency it’s always possible to deliberately weaken that privacy if you want to. I think that sort of decision is up to the currency adopters. But to be clear, that kind of feature is absolutely not included in ZCash. Anyone who implies so is selling FUD. Since the ZCash code and design is fully open source this is easily verifiable, and plenty of people have looked.
For the record: as a researcher I deal with a lot of people who’ve told me that privacy technology is fundamentally dangerous. One standard response I give them is that this is crazy: a fully private currency is the right starting point. If you want to make a fork of ZCash that has less privacy, you can do that and I won’t stop you. But that isn’t ZCash.
I am not implying any backdoor, just that it seems you are sympathetic to such works. I don't follow Zooko's explanation that he wasn't talking about zcash but about some other unmentioned layer. If it's a generic statement about all currencies, why bring it up and mention zcash in the same breath?
You'd think transferring money from one account to another should be near instantaneous and require no third party. If bitcoins can shake the rest of the world into the modern age I'm all for it.
You're describing the United States, right?
I think at any given time Snowden doesn't have a lot of liquid assets to do a Jamie Dimon and swing the markets on a trade. Hence I think his intentions are sound coupled with his known scruples.
Monero was found traceable recently. Period. Fixed or not doesn't matter, to him it's a risk for a) being tracable b) having bugs.
Lastly, it's a tweet from one person getting wrapped around the axel overthinking it. Next.
So Zcash should be a risk to him then:
a) Zooko's tweet about making it traceable.
b) Zcash's bugs:
.i) Right after launch, they discovered private transactions couldn't be mined - https://www.cryptocoinsnews.com/zcash-bug-prevents-private-t...
.ii) Security vulnerabilities, bugs, attack vectors, etc - https://z.cash/tag/bugs.html
http://www.radiolab.org/story/ceremony/
They describe the whole ceremony the guys go through to generate the random secret key that seeds their algorithm and needs to be kept secret in order to prevent anybody from counterfeiting coins. It was an elaborate setup supposedly designed to prevent people from observing any details they might be able to use to reverse engineer the algorithm. But, despite all their insistance on bespoke cloak and dagger shit, there were a lot of times the process could have been broken:
- They're supposed to be driving to a randomly selected electronics store to buy the laptop that will generate the number; but the guy makes an "unscheduled" stop at a costume store so he can buy a wizard hat (and potentially hand off information with a third party who wants to know their destination, or to pick up some kind of surveillance device)
- When the time comes to type random numbers on the laptop keyboard, the guy covers his hands and the keyboard. Arguable pro there is that nobody can see which keys he touches, but the big obvious con is that he can slip that USB device he picked up at the costume shop into one of the USB ports.
- People are using their phones while this whole process is going on? Ok, seems counterproductive to all that paranoid security they were trying to have...
- Oh look, they noticed strange indicators that strongly suggested somebody's phone got hacked and was being used to spy on their skype conversation? Somebody that paranoid should have immediately shut the process down and restarted it at a later date. They didn't do that? Something sure is fishy with the guy running this thing.
tl;dr; I don't trust 'em
https://twitter.com/petertoddbtc/status/861726383730503680