Fighting back against Libra - Decentralizing Facebook Connect
This is a modal window.
Das Video konnte nicht geladen werden, da entweder ein Server- oder Netzwerkfehler auftrat oder das Format nicht unterstützt wird.
Formale Metadaten
| Titel |
| |
| Untertitel |
| |
| Serientitel | ||
| Anzahl der Teile | 102 | |
| Autor | ||
| Lizenz | CC-Namensnennung 4.0 International: Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen. | |
| Identifikatoren | 10.5446/43263 (DOI) | |
| Herausgeber | ||
| Erscheinungsjahr | ||
| Sprache |
Inhaltliche Metadaten
| Fachgebiet | ||
| Genre | ||
| Abstract |
|
Chaos Communication Camp 201924 / 102
1
6
8
14
17
18
19
20
25
27
28
29
30
34
35
36
39
41
47
52
53
54
55
58
59
63
65
67
71
79
81
84
85
86
87
91
92
93
94
95
96
97
98
99
100
101
00:00
FacebookUnordnungInterprozesskommunikationFacebookAuthentifikationProjektive EbeneKoordinatenEinfach zusammenhängender RaumNummerungHilfesystemJSONXMLUMLVorlesung/Konferenz
00:43
NeuroinformatikKryptologieAppletSkriptspracheUnordnungTermZentralisatorVorlesung/Konferenz
01:24
Gebäude <Mathematik>DatenmissbrauchFacebookMereologieZentralisatorÄußere Algebra eines ModulsIdentitätsverwaltungFacebookCASE <Informatik>Physikalisches SystemDatenmissbrauchEinfach zusammenhängender Raum
02:03
FacebookOrdnung <Mathematik>IdentitätsverwaltungMereologiePhysikalisches SystemEinfach zusammenhängender RaumModallogikZuckerberg, MarkDienst <Informatik>PaarvergleichAggregatzustandSchlüsselverwaltungPerspektiveCASE <Informatik>Vorlesung/Konferenz
03:28
Kette <Mathematik>p-BlockIdentitätsverwaltungTransaktionValiditätAlgorithmusStörungstheorieMAPp-BlockKette <Mathematik>MaßerweiterungVorlesung/KonferenzXMLUML
04:10
MagnetkartePlastikkarteTransaktionValiditätLeistung <Physik>Service providerFacebookAssoziativgesetzUltraviolett-PhotoelektronenspektroskopieBAYESVarietät <Mathematik>Vorlesung/KonferenzComputeranimation
05:00
RechenwerkFacebookMagnetkarteStrömungsrichtungQuick-SortService providerAssoziativgesetzFacebookPlastikkarteGruppenoperationValiditätSchreiben <Datenverarbeitung>App <Programm>Open SourceLeistung <Physik>IdentitätsverwaltungKette <Mathematik>TermComputerspielTransaktionMaßerweiterungp-BlockChiffrierungVorlesung/KonferenzComputeranimation
05:47
DigitalsignalSchedulingVerschlingungStrom <Mathematik>RankingDualitätstheorieViereckInklusion <Mathematik>ZahlzeichenRechenwerkComputerspielTermTransaktionPhysikalisches SystemWeb logMathematikMAPPerspektiveGruppenoperationFacebookLeistung <Physik>Reelle ZahlHochdruckHypermediaSchreib-Lese-KopfVorlesung/KonferenzXML
06:53
FacebookHypermediaSchreib-Lese-KopfRegulator <Mathematik>TransaktionPhysikalisches SystemAssoziativgesetzNummerungBesprechung/InterviewVorlesung/Konferenz
07:39
Lokales MinimumComputerspielFacebookBildverstehenNummerungOpen SourceAssoziativgesetzValiditätFlussdiagrammVorlesung/Konferenz
08:18
E-MailGoogolVorzeichen <Mathematik>FacebookValiditätRegulator <Mathematik>Exogene VariableXMLUML
08:52
FacebookStrömungsrichtungMereologieEinfach zusammenhängender RaumApp <Programm>LoginExogene VariableOrdnung <Mathematik>IdentitätsverwaltungSchlüsselverwaltungSoftwareTransaktionAggregatzustandValiditätGrößenordnungp-BlockKette <Mathematik>Vorlesung/Konferenz
09:55
FacebookInduktive logische ProgrammierungAutorisierungService providerComputersicherheitTLSWärmeübergangIdentitätsverwaltungAuthentifikationFacebookTransaktionÄußere Algebra eines ModulsIdentitätsverwaltungEinfach zusammenhängender RaumGrößenordnungPhysikalisches SystemInternetworkingProgrammiergerätGebäude <Mathematik>HackerProfil <Aerodynamik>WärmeübergangRuhmasseHilfesystemDienst <Informatik>LoginSingle Sign-OnStandardabweichungTwitter <Softwareplattform>PasswortQuick-SortAuthentifikationGesetz <Physik>Service providerMultiplikationsoperatorMessage-PassingVorzeichen <Mathematik>AutorisierungNummernsystemExpertensystemDigitale PhotographieBenutzerbeteiligungXMLUMLComputeranimation
11:51
ComputersicherheitKryptologieDatenflussDigitalisierungAuthentifikationQuick-SortBenutzerbeteiligungFacebookMultiplikationsoperatorProzess <Informatik>Bildgebendes VerfahrenElektronische UnterschriftTwitter <Softwareplattform>Regulator <Mathematik>CASE <Informatik>FunktionalToken-RingDatenmissbrauchNummernsystemEntropie <Informationstheorie>ZeitstempelSinusfunktionVorlesung/Konferenz
13:48
IdentitätsverwaltungFacebookEinfach zusammenhängender RaumDienst <Informatik>NummernsystemZentralisatorEINKAUF <Programm>Service providerCASE <Informatik>Vorlesung/Konferenz
14:34
NormalvektorMinkowski-MetrikKette <Mathematik>p-BlockMaßstabPhysikalisches SystemIdentitätsverwaltungDatenmissbrauchFacebookDesintegration <Mathematik>SchlüsselverwaltungBildverstehenMotion CapturingDienst <Informatik>WärmeübergangTwitter <Softwareplattform>GoogolNonstandard-AnalysisInternetworkingGanze FunktionService providerZentrische StreckungKette <Mathematik>Minkowski-MetrikFacebookWeb logPhysikalisches SystemDatenmissbrauchIdentitätsverwaltungKryptologieNichtlinearer OperatorQuick-SortZentralisatorDienst <Informatik>Total <Mathematik>Service providerTermMAPMessage-PassingEinfach zusammenhängender RaumSchlüsselverwaltungNormalvektorLeistung <Physik>GamecontrollerMathematikRuhmassep-BlockÄußere Algebra eines ModulsArithmetische FolgeGraphfärbungBesprechung/InterviewComputeranimation
16:58
IdentitätsverwaltungMotion CapturingDienst <Informatik>WärmeübergangTwitter <Softwareplattform>GoogolFacebookKette <Mathematik>p-BlockDatenmissbrauchKontrollstrukturInterprozesskommunikationBasis <Mathematik>KommunikationsprotokollInternetworkingExt-FunktorChiffrierungFundamentalsatz der AlgebraService providerZentralisatorDienst <Informatik>EnergiedichteIdentitätsverwaltungSoftwareindustrieProjektive EbeneKette <Mathematik>Minkowski-MetrikSoftwarePhysikalisches SystemKurvenanpassungFacebookDatenmissbrauchOpen SourceGrundraumVorlesung/KonferenzXMLComputeranimation
18:40
IdentitätsverwaltungDatenmissbrauchRechnernetzKontrollstrukturWärmeübergangAuthentifikationDienst <Informatik>InformationRandomisierungTransaktionSchwellwertverfahrenAttributierte GrammatikBeweistheorieDesintegration <Mathematik>AuthentifikationPhysikalisches SystemBeweistheorieKategorie <Mathematik>Betrag <Mathematik>WärmeübergangOrdnung <Mathematik>Zentrische StreckungMetadatenMixed RealityToken-RingGewicht <Ausgleichsrechnung>Attributierte GrammatikKartesische KoordinatenGamecontrollerDatenmissbrauchIdeal <Mathematik>Computeranimation
19:40
ValiditätBeweistheorieAuthentifikationMultiplikationMessage-PassingAlgebraische ZahlCodierung <Programmierung>VerschlingungProtokoll <Datenverarbeitungssystem>Orakel <Informatik>ZufallszahlenElektronische UnterschriftAnonymisierungKartesische KoordinatenMessage-PassingProfil <Aerodynamik>FrequenzAuthentifikationIntegralMixed RealityElektronische UnterschriftMultiplikationsoperatorService providerMusterspracheAttributierte GrammatikDienst <Informatik>NummernsystemVerschlingungChiffreVorlesung/Konferenz
20:55
ValiditätBeweistheorieAuthentifikationCodierung <Programmierung>Algebraische ZahlMessage-PassingMultiplikationVerschlingungOrakel <Informatik>ZufallszahlenElektronische UnterschriftProtokoll <Datenverarbeitungssystem>KommunikationsprotokollAttributierte GrammatikStabKonsistenz <Informatik>BrowserCookie <Internet>Primitive <Informatik>ComputersicherheitEin-AusgabeFunktion <Mathematik>RechenwerkDatenmissbrauchIntelParametersystemProgrammverifikationComputerAlgorithmusPhysikalisches SystemSchlüsselverwaltungEingebettetes SystemMehrrechnersystemWort <Informatik>KontrollstrukturAlgebraisches ModellBeweistheorieKryptologieQuick-SortSystemaufrufSigma-AlgebraService providerElektronische UnterschriftSchlüsselverwaltungVersionsverwaltungFacebookNummerungProgrammverifikationAttributierte GrammatikKommunikationsprotokollParametersystemGenerator <Informatik>AuthentifikationProtokoll <Datenverarbeitungssystem>Physikalisches SystemTransaktionDatenmissbrauchDienst <Informatik>Symmetrische MatrixOrtsoperatorKonstruktor <Informatik>SchnittmengeLokales MinimumAutorisierungNormalvektorSpieltheorieMechanismus-Design-TheorieMessage-PassingSoundverarbeitungGruppenoperationPlastikkarteIntegralTwitter <Softwareplattform>Vorzeichen <Mathematik>Vorlesung/KonferenzComputeranimation
25:27
BitrateAttributierte GrammatikZeichenketteSchlüsselverwaltungMultiplikationIntelKommunikationsprotokollProtokoll <Datenverarbeitungssystem>DatenmissbrauchDemo <Programm>ZentralisatorVersionsverwaltungAlgebraisches ModellDatenmissbrauchQuick-SortInverser LimesLokales MinimumService providerDienst <Informatik>FacebookSchlüsselverwaltungMultiplikationSchwellwertverfahrenMultiplikationsoperatorEinfach zusammenhängender RaumZeichenketteWärmeübergangÄußere Algebra eines ModulsTouchscreenBeweistheorieElektronische UnterschriftBitCodeAutorisierungHash-AlgorithmusWort <Informatik>Demoszene <Programmierung>Inhalt <Mathematik>VektorpotenzialProgrammverifikationMobiles InternetVorlesung/KonferenzComputeranimation
27:48
Demo <Programm>IkosaederCodeVideokonferenzZweiService providerDatenmissbrauchValiditätTransaktionMathematikDienst <Informatik>TypentheorieBaum <Mathematik>ChiffreExponentEingebettetes SystemRechenschieberProgramm/QuellcodeJSONXMLComputeranimation
29:14
Demo <Programm>Hill-DifferentialgleichungKonvexe HülleExponentKryptologieSymmetrische MatrixKommunikationsprotokollAlgorithmusEingebettetes SystemAttributierte GrammatikBeweistheorieEllipseKurvenanpassungRandomisierungSchwellwertverfahrenChiffrierungProgrammverifikationIdentitätsverwaltungHash-AlgorithmusPartielle DifferentiationChiffreFreewareSoftwareCASE <Informatik>CodierungFunktionalValiditätPhysikalisches SystemSchwellwertverfahrenKryptologieQuick-SortHash-AlgorithmusHinterlegungsverfahren <Kryptologie>Elektronische UnterschriftAttributierte GrammatikIdentitätsverwaltungStandardabweichungGamecontrollerInformationDienst <Informatik>Elliptische KurveOrdnung <Mathematik>IdentifizierbarkeitZusammenhängender GraphEreignishorizontReelle ZahlMultiplikationsoperatorVorzeichen <Mathematik>Token-RingService providerTransaktionDemo <Programm>RandomisierungBeweistheorieComputeranimationVorlesung/Konferenz
31:33
Service providerDienst <Informatik>Token-RingKommunikationsprotokollRechenwerkValiditätAuthentifikationMultiplikationsoperatorDienst <Informatik>Zusammenhängender GraphService providerQuick-SortAttributierte GrammatikInterprozesskommunikationp-BlockKette <Mathematik>Vorzeichen <Mathematik>Mixed Reality
32:23
RechenwerkMaßstabVerdünnung <Bildverarbeitung>Quick-SortMultiplikationsoperatorAttributierte GrammatikTransaktionMultiplikationVerschlingungProgrammverifikationVorlesung/KonferenzComputeranimation
33:04
RandomisierungProgrammverifikationMaßstabLokales MinimumHill-DifferentialgleichungSchlussregelDistributionenraumData MiningBeweistheorieProgrammschemaTransaktionTopologieMessage-PassingToken-RingRechenwerkNotepad-ComputerAnalysisInformationVirtuelles privates NetzwerkInternetworkingIdentitätsverwaltungLoginAuthentifikationDialektInterprozesskommunikationComputersicherheitTermGruppenkeimKonsistenz <Informatik>StandardabweichungStochastische AbhängigkeitKonstanteSchnittmengeKnotenmengePhysikalisches SystemSkalierbarkeitFacebookElektronische UnterschriftKryptologiePlastikkarteGebäude <Mathematik>DigitalsignalDigitales ZertifikatFormation <Mathematik>NummerungQuellcodeDatenmissbrauchChiffrierungTelekommunikationInnerer PunktAlgorithmische ProgrammierspracheBitPhysikalisches SystemDienst <Informatik>Demoszene <Programmierung>SoftwareStandardabweichungSkalierbarkeitÄußere Algebra eines ModulsLeistung <Physik>CASE <Informatik>IdentitätsverwaltungComputersicherheitReelle ZahlFacebookMessage-PassingHook <Programmierung>Protokoll <Datenverarbeitungssystem>TermGruppenoperationOffene MengeEinfach zusammenhängender RaumQuick-SortPlastikkarteInformationAttributierte GrammatikDatenmissbrauchWeb SiteGüte der AnpassungKommunikationsprotokollSchlüsselverwaltungProjektive EbeneWort <Informatik>Gesetz <Physik>CodeHyperbelverfahrenZentrische StreckungMultiplikationsoperatorNP-hartes ProblemGenerator <Informatik>VerschlingungKette <Mathematik>Minkowski-MetrikEinsPersönliche IdentifikationsnummerMereologieNummerungDiagrammComputeranimation
35:57
EmulationNummerungElektronische UnterschriftFacebookKette <Mathematik>Minkowski-MetrikDatenmissbrauchTelekommunikationQuellcodePlastikkarteKryptologieGebäude <Mathematik>Digitales ZertifikatDigitalsignalChiffrierungComputersicherheitAuthentifikationToken-RingDatenmissbrauchCASE <Informatik>Web SiteCodeReelle ZahlKette <Mathematik>Generator <Informatik>AuthentifikationPlastikkarteElektronische UnterschriftAlgebraisches ModellGüte der AnpassungSpeicherabzugTransaktionComputeranimation
36:45
IdentitätsverwaltungPunktInformationNummernsystemNichtlinearer OperatorKontextbezogenes SystemAutorisierungPhysikalisches SystemGamecontrollerNummerungDatenmissbrauchComputerspielRechter WinkelTransaktionÄußere Algebra eines ModulsFacebookAggregatzustandCodeApp <Programm>Vorlesung/Konferenz
37:56
Basis <Mathematik>Vorlesung/Konferenz
38:32
PlastikkarteInformationStandardabweichungQuick-SortRuhmasseFacebookGamecontrollerBruchrechnungMAPParallele SchnittstelleOpen SourceIdentitätsverwaltungPhysikalisches SystemService providerAssoziativgesetzDifferenteVorlesung/Konferenz
39:44
InterprozesskommunikationAnalysisInformationVirtuelles privates NetzwerkInternetworkingTransaktionIdentitätsverwaltungAuthentifikationLoginSchlussregelDistributionenraumBeweistheorieData MiningProgrammschemaTopologieMessage-PassingToken-RingProgrammverifikationRandomisierungMaßstabService providerDienst <Informatik>p-BlockKette <Mathematik>Attributierte GrammatikSerielle SchnittstelleKommunikationsprotokollSymmetrische MatrixKryptologieAlgorithmusExponentEingebettetes SystemEllipseKurvenanpassungSchwellwertverfahrenHash-AlgorithmusChiffrierungPartielle DifferentiationChiffreIdentitätsverwaltungProgrammverifikationService providerPhysikalisches SystemValiditätDiagrammZentralisatorVorlesung/KonferenzDiagramm
40:18
Service providerDienst <Informatik>Token-RingKommunikationsprotokollAttributierte GrammatikSerielle SchnittstelleIdentitätsverwaltungSichtenkonzeptComputeranimationDiagrammVorlesung/Konferenz
40:49
JSONComputeranimation
Transkript: Englisch(automatisch erzeugt)
00:16
I'm very happy to introduce our next speaker, and his name is Harry Halpin.
00:23
He's the founder of NIM and the project co-ordinator of the Next Leap, and he's talking about fighting back against Libra, decentralising Facebook connect, NIM anonymous authentication credentials. I'm happy he's here. Please give a big applause for Harry Halpin.
00:49
It's always good to be back at Chaos Computer Camp. A few years ago, when I first came to Chaos Computer Congress, I was working on JavaScript
01:01
cryptography, was really thrilled that the community here came back for camp where I talked about my own rather personal experiences in terms of surveillance, and over the last few years, what I've been up to with a lot of other people who will congratulate the end and who have done a huge amount of work is we've been trying to build something
01:25
which I think Chaos Computer Congress inspired me to work on, decentralised privacy-enhancing technologies, and, in particular, we're going to look at the case of Facebook as a whole, but, in particular, what we believe is the most dangerous part of not only Facebook but
01:44
all of the centralisation inside of Silicon Valley which is their identity systems, in particular, Facebook connect, and then we're going to see how privacy-enhanced decentralised alternatives work. So fighting back against Libra, and I think, you know, the issue with Libra, originally
02:07
called Global Coin, is incredibly politically and philosophically interesting. It signals that the nation-state order that arised in Germany at the Treaty of Westphalia
02:24
is collapsing, and that now private companies are now taking over parts of infrastructure and parts of services that were traditionally provided by governments.
02:41
Currency is obviously one case, and identity is another, and they're intimately connected. Global Coin shows that the ambition of Mark Zuckerberg and the ambition of any of these companies is to build a global system of identity which is a necessity for a global
03:02
system of currency, and that, I believe, is extremely dangerous insofar as if it is ran in an authoritarian manner, and all for-profit companies are ran in an authoritarian manner, this is actually considerably worse than nation-state identity, and incredibly dangerous
03:24
in comparison to, for example, you know, decentralised key-based identity, or federated email-based identity. So Libra is announced as a global cryptocurrency. It actually makes quite a lot of sense.
03:41
As a design, from a technical perspective, I'm not going to go too far into it. I think Morgan Beller, the designer, is somewhere here at camp, so you can talk to her about it, but, effectively, it is a blockchain. There are validators, there are blocks, transactions are collected and written to blocks. On that level, not actually particularly interesting, uses a fast consensus algorithm
04:04
which has the rather hilarious name hot crap, and is essentially the validators confirm transactions. And this is where it gets interesting. Because the validators are the exact same companies, and, to some extent, investors
04:22
and start-ups that really power surveillance capitalism. So it's not just Facebook, although Facebook has built the technology and initiated the effort, they've created what is called a Swiss Verine which is equivalent to a mutual
04:40
association, and in this mutual association, there are different companies, including some traditional blockchain companies such as Coinbase, large investment firms, but also start-ups, Uber, Lyft, and huge Silicon Valley companies such as eBay, telco providers
05:03
such as Vodafone, and the current payment providers, MasterCard, Visa, PayPal. This is an incredibly powerful group of companies. And the primary design bet of the Facebook Libra association is that each of these companies
05:26
has paid 10 million up front to be a validator for these transactions, so that, you know, even though the blockchain itself will be public, there will be an API against it, you will probably be able to write apps against it, and it is interesting, and I
05:41
think very, to some extent, cypherpunk to try to put open source in the middle of such a titantically huge company which really controls the identity of a third of sentient life in terms of humanity. Nonetheless, these are the companies that we're trusting to validate the transactions.
06:02
So on that level, it's not exactly decentralised. But that's not the real problem. There's been lots of complaints, is it a blockchain system? Is it the real blockchain system? Is it decentralised? The real problem, from an economic perspective, which I think we should actually congratulate Facebook on, is that they're saying it's completely absurd that the US government
06:24
is the reserve currency of the world. I mean, come on, Trump's in power. They're doing a trade war with China, printing tons of money to sustain unsustainable American consumer debt, so they took a basket of uncorrelated assets, yen, dollars, Swiss franc,
06:41
combined them with percentages, and they've created a new currency, and this actually does threaten the US dollar as a reserve currency. And that's where the action has been. You can see the US Congress has called the kind of media head and the director of the
07:01
Libra inside of Facebook to testify at Congress, but I think, weirdly enough, I mean, probably Facebook screwed it up. Probably the regulators will not allow private companies to create a new global payment and transaction system based on essentially a basket of currencies which will disrupt the
07:21
dollar. And, you know, I would be dubious if the kind of six billion that got put in the Libra Association Swiss bank account, the US government can't poke through and get all the way to the 60 billion or however much it is inside of Facebook's bank account. Nonetheless, if it does happen, and we already know these things will eventually
07:42
work, even if Facebook doesn't do it, people will have phone numbers, and be able to send payments in their phones, and this will lead to tons of payment, and the vision that Facebook is pushing with the liberal is that this will allow us to bank the unbanked. This will allow us that, you know, the large portion of humanity in countries like India,
08:05
Sub-Saharan Africa that do not have access to bank accounts, as an American in Europe, it's actually really hard to get a European bank account. This will allow people to have bank accounts, however, what, even though Facebook has said we will not use your personal data in the Libra Association, we will not share your
08:25
personal data with, say, PayPal, or whoever. People running the validators. There is this giant loophole, and that is that the wallet, the Calibra wallet, will have to do what is called KYC AML, know your customer, anti-money laundering, they will
08:46
essentially have to identify every person using the Calibra wallet, and they will be able to, as they have stated, and then their response to the regulators, they will be able to leverage the tremendous amount of personal data that they control, at least
09:04
they easily can, in order to take these synonymous keys which are on the Libra blockchain which has validators, and they will be able to attach identities to those keys, and how
09:22
they do that is a software which no-one has talked about, which is the most important part of Facebook's current empire, and, to be honest, I believe Calibra and Libra are just another way to leverage this kind of technology to create even more personal data, because right now, Facebook obviously has your friends, and your name, and all that,
09:43
but they really would like your bank account. This is done via what is called Facebook Connect. Everyone who uses the app typically signs in with Facebook Connect, and there are probably as many Facebook Connect, or on the same magnitude at least, Facebook Connect transactions
10:01
as there are Visa transactions. This is the identity system of the internet, currently, for the vast majority of users, whether we like it or not, and, as hackers, as programmers, as people who want to change the system, we should understand this incredibly vital technology and build alternatives.
10:20
So the technology is built on a very innocent standard called IETF OAuth which stands for authorization, and what OAuth is, it was invented, a good friend of mine, another great anarchist party called Blaine Cook was working at Twitter, and, at the time, in 2003, 4, 5, people wanted to sign on to Twitter, but they wanted some profile data from them,
10:46
a photo, easy access, not having to repeat passwords, so, you know, at the time, they said, well, just give us your Gmail password and we will give you access to Twitter, but that's very dangerous because then Twitter has access to your entire Gmail. So OAuth was invented not as a mass personal data collection scheme, but as a way to essentially
11:06
help people log in for single sign-in log in, and then authorize the transfer of data, and the transfer of data takes place through the following players, the identity provider, the user, who is, for example, Facebook, who has a lot of your personal data, and you
11:24
would like to hand that data to a service provider, also called a relying party, that needs this personal data, and you have the user who gave you the personal data to begin with, and needs to authorize the service provider, so they've already authenticated
11:41
using a password, two-factor authentication, whatever, to the identity provider, they've got a new service, for example, say, Twitter, and they want to use their Facebook ID to log into Twitter, and so you want to transfer data without sharing any authentication credentials. You might want to transfer all sorts of data, cities, age, whatever, you want to
12:01
authorize that, and how OAuth does is very simple, because, at the time, JavaScript cryptography and web cryptography in general was very immature, so they couldn't use digital signatures, people couldn't interoperate with digital signatures, instead, all security boils down to TLS. This is the kind of flow, I'm just going to step through the flow
12:20
really quickly, but you've all done this a million times, so you kind of know how it works. In the first step, you go up to Twitter, and you say, hi, I would like to use my Twitter account. Twitter says, do you want to log in with Facebook? You click that log in with Facebook button, and you are effectively shipped over to the IDP, which in this case would be Facebook, now you're on, you got shipped, that's
12:43
step two. Step three, you say, Facebook says, do you want to authorize Twitter to have my data? You click yes, that's step three. You move, when you click step four, you go back to Twitter. Twitter, you have a token, which is called a bearer token. That token is basically a time-stamped kind of hash, is one way to
13:03
think about it, essentially a capability if you're into sort of that kind of way of thinking about things. You hand that token, which functions as a capability, to Twitter, Twitter then shows that to Facebook in step six, and in step seven, all that precious personal data flows from Facebook to Twitter. And what's
13:25
really dangerous is that you will have to do that when you use Calibra, when you use a wallet which is compliant, and they'll use the regulation, the compliance regulations as the kind of excuse. There are privacy ways to be compliant, but, of course, I would be highly dubious that people would not
13:43
leverage the amount of public data they can, that they already have to use here, that they will be able to control your financial data, and send that data back and forth using this kind of centralized identity scheme they've already set up with Facebook Connect to both verify who you are and what
14:02
you're purchasing, because in the current scheme, as you may have noticed, the identity provider, which is Facebook in this case, has a hundred percent transparency into which services you're using, and when you're using them, and with Calibra, they would have a hundred percent transparency into what purchases you're making, and who you're making them with, and when you're making them.
14:22
And that, of course, is a tremendous amount of very valuable data currently spread in a heterogeneous manner among various banks. Seems to be a great business ploy to push that all together inside of Facebook. And, you know, we have to do something here, I think, to prevent what will be effectively a
14:43
totalitarian identity system on a scale that we have never seen before. It will destroy, people may think however they want about the blockchain space, but essentially attaching Facebook identities via Facebook Connect to
15:00
pseudonymous keys will kill innovation in the blockchain space, it will divide the blockchain into essentially a mass-market, identified blockchain, and it will be, to be honest, total nonsense in terms of the people they're trying to serve. Obviously, people who are in countries such as, you know, India, China
15:22
may not have all the identity papers, may not be able to pass normal banking compliance, will also not be able to pass very easily banking compliance for the Calibra wallet, and maybe Facebook can help do that via leveraging all this data, but it still seems to be a very flimsy excuse to engage in this
15:41
truly tremendous amount of data collection. So what we want is we want a alternative, and luckily, cypherpunks have been working on this along with academic cryptographers for more than 20 years. So the quote I like to repeat is that privacy is the power to selectively reveal oneself to the world
16:06
which means under your control, when you want it, and with whatever data you believe is sufficient for the operations of whatever service you choose to use, and that really is freedom. Otherwise, you will be tracked and
16:20
the services can be censored, and it's exceedingly dangerous, sorry. So these are the sort of two fundamental problems we have to tackle. One is how do we create, how do we not create the kinds of activities that people want to do, logging into things, paying for things, without a centralised identity provider like
16:43
Facebook in the middle? And I hope some will talk about this briefly, but there was a great talk about yesterday by David Stanton. Even with that massive powerful out of reach, the NSA can watch the traffic and use that to violate privacy, so we do need some traffic, TCPI, UDP level protection as
17:02
well. So the centralised entity provider is just to repeat the kind of attacks they can use on ordinary people. They capture identity data, they know exactly which services a user uses, when they use them, they can transfer personal data, ideally with consent, but they don't have to ask for consent
17:21
technically, and they can even impersonate you to other service providers, and they can censor service providers, they can prevent people from logging in to service providers they may not agree with. Luckily, there is technology, and this is the main technology I'm going to explain. It was created by an obscure London start-up. I recommend looking at the Wired article
17:42
called Chain Space that came out of University College London and was a software company that was acquired by Facebook, but luckily for us, that software was left open-source, and the papers are all published without patents and all that stuff. It's very ironic this happened, because the
18:01
researchers that were working on this were funded by, you know, the European Commission mostly to create privacy-enhanced decentralised technologies in cities such as Barcelona and Amsterdam to enable citizens to own their own data. So that's kind of the background of where this technology came from, and the
18:22
particular technology, some of it also came from another project called NextLeap which I coordinated, which is trying to say, after the Snowden revelations, how can we build better decentralised privacy-enhanced identity systems? So this is going to be a quick overview. I'm just going to give the intuitions behind the cryptography, but I think you'll probably get
18:42
something from it. The solutions on a very broad scale is in order to end metadata collection, as mentioned earlier, you need something like Tor or ideally something even better, such as a mix net. We're going to focus on authentication, you want privacy-enhanced transfer of any data under absolute user control, that's why we're going to use anonymous
19:02
authentication credentials, and you want tokens which can basically subsidise the whole system. Make sure that it's sustainable and people can do transfer in a privacy-enhanced manner. We also want a few other properties. We want possibly these transfers of data to be cryptographically unlinkable, actually anonymised. We want users to be able to not only show
19:23
data such as IM18 but also private attributes, proof that they know something without revealing it, such as proof that I own a secret, or proof that I'm a member of a citizen in Europe without revealing which country. And we also may want, you know, a lot of anonymous
19:40
technologies, makes it very hard to produce some very useful applications such as, for example, long-term messaging, where you want a profile which can receive and send messages over a long period of time, so we want pseudonym integration, not just complete anonymity. So, anonymous authentication credentials have been around for a very long time.
20:01
The initial work was, of course, done by David Cham, who's one of the fathers of the modern cypherpunk movement, and most of the interesting work we've seen in cryptography, including mixnets that were now finally getting to market, but what they do is a very simple blinded signature scheme where you basically have some credentials, you
20:21
verify that these credentials are true, these attributes such as age, name, citizenship, and the blinding basically prevents the issuer to kind of know exactly what the credentials are. They can just show that they're, they have been issued correctly, that they are indeed correct, and that other service providers can verify
20:42
them. But the problem is, every time you re-show that credential, you allow yourself to be linked. Again, you know, blind signatures, you see the same, even if you see the same cypher text more than once, you can look at the byte pattern and the cypher text and link it. So luckily, there's been some really amazing work that's been more research papers
21:01
that I can possibly go into, primarily by Jan Kamenisch and many other people talking about blinded showing which allows multiple shows of the same credential, and that's really, I think, a wonderful work, but it's very complicated, and we're going to talk about some new work that uses algebraic max, which is we think much more efficient, but not decentralised, and then we're
21:22
going to discuss how we can make it decentralised. Okay, so the big picture is you have the user wants to prove that they have some attributes. They get a certified credential from what we call the issuer. So this is sort of a
21:42
standard, what we would call sigma protocol game, if you're familiar with cryptography. You show these assertions to a verifier, could be the third-party service providers such as Twitter, and then the verifier can, for example, like, check that these are correct. And the general
22:00
intuition is that the, unlike when I go to, for example, a bar in the United States, or I go to vote, I show you my ID card, but, you know, all you really want to know is the age. Instead, you get my name and my date of birth and where I was born. We allow you just to show just
22:23
the age. And they learn nothing else. So, we can use MACs, which are essentially a symmetric cryptographic authentication mechanism, which can guarantee integrity, authentication, and symmetric crypto, to sort of make this
22:40
work in a privacy-enhanced fashion, but we need a little bit extra. So we want to be able to effectively, we have an issuer, and they want to be able to verify these credentials. So, the MAC credentials are indeed correct, that they've issued them correctly. There's the user, the prover. They get the certified credential. We've
23:03
seen this before. And they can make some assertions, which can be proven, but, we essentially, there's a secret MAC key, which is then used to essentially MAC the credential, and we use a new cryptographic formulation, which we'll discuss right now, called algebraic MACs to
23:25
basically make it private, because if you just use a normal MAC, it's a normal signature, and you can sort of, you don't have any privacy over the credential itself. Algebraic MACs allow a number of, basically, the way to think about it is it's a normal MAC, but
23:42
you can basically make them unlinkable, and they're very efficient, just like MACs typically are very efficient, so you have efficient proofs of MAC creation, and efficient proofs of possession, and you use the possession of the MAC as showing an attribute, and the issuer basically uses MACs as the sort of signature over
24:02
the attribute, and you can do these protocols in the clear for parameters and key generation. If you want the whole paper, it's Sarah Michaeljohn and Melissa Chase, Algebraic MACs and keyed verification anonymous credentials. What we did is we took Algebraic MACs and we said let's make a privacy-enhanced version of
24:23
Facebook connect, and we made a system called unlimited ID, which embeds the attributes into the MAC messages, but we want not only, again, we don't want people to be able to say, yes, you know, my name is, my age is, but we also want private attributes, possession of keys, for example, possession of keys
24:43
and we wanted to make sure that we could access a bank account, which could access a financial transaction. So we take this construction, embed it in the previous set-up we saw, and then using the issuing authority, you kind of
25:02
run it like you would run it with a normal MAC-based credential, so you ask or prove her, yes, make sure you sign off the fact that I'm of age X, that I'm a European citizen, whatever, you get that credential, the Algebraic MAC can sort of with over non-zero knowledge proofs can
25:24
hide the private attributes, the MAC prevents you from just forging it, from just making it up, so some third party has signed off on it, but you could use an anonymous channel to basically have these Algebraic MACs
25:40
verified, and that's kind of one way to create a centralised version of OAuth which has privacy, that's the unlimited ID technique, and you can do all sorts of great things, you can rate limit, you can check for duplication, a lot of these things you can do is by simply embedding various hashes,
26:02
strings, proof of knowledge of strings and keys into the credential itself, and so, for example, this prevents reuse, so you can sort of say, hey, I can't just keep showing you the credential multiple times, I can only show it to you once, which sounds sort of silly, but it actually could be very useful if that credential was, for example,
26:20
sending money, because then you don't want to say, hey, yes, I got a bank account, this bank account has, let's say, 30 euros in it, and then I send the anonymous credential to a verifier, and I ship them the money, they don't know, no one who's watching can figure it out, your bank has verified that you have 30 euros in your
26:43
account, that 30 euros then transfers to the service provider, but the service provider can then check with the bank to make sure that 30 euros is still there, but you can still maintain your privacy. So there's very neat tricks with Algebraic MACs, which unfortunately I do not have time to go into, but we're interested not just in a privacy-enhanced
27:05
alternative to Facebook Connect, but a decentralized and privacy-enhanced version of Facebook Connect. So we want something that's a little bit more complicated. We don't want to have trust in a single third party, even if they don't know anything about us,
27:21
to be able to hold our keys. So we have an issuing authority, multiple, multiple sort of bobs, multiple bananas, as is in the screen. We get a threshold signature with multiple signing keys, and then we kind of get that credential, we merge the credential, and then we can show that credential
27:43
to third parties, service providers. So I'm going to show a little bit of code about how that works. So we have this code for this, and I'm going to explain it on GitHub. But let me just show you a little video while I have a second. So this is what's called a NIM wallet.
28:03
You can embed even currency, which we call NIMs, into this wallet, and then you basically, this is why this step takes a while, you can ask different validators to validate that you have that money in your wallet. So this is like three of five validators, or 60 of 100,
28:25
or we even get kind of pretty good performance when you have up to 10,000 validators. When that validator confirms that transaction, so it confirms it on essentially a blockchain, you can type in how much you want,
28:41
you get that in a credential, you can embed other stuff such as name, and age, or whatever else you want, and then you send it, and this is the real trick, you make it privacy-enhanced by un-linking it. So you can see there's a re-randomised button, you can click on that button, and the ciphertext itself re-randomises by simply taking the existing ciphertext
29:01
and taking it to another exponent, and boom, you've just created an unlinkable, decentralised privacy-enhanced transaction. And you can send the money to whatever service provider you want. So they go back to the slides. So the codes, AGPL, free software, online,
29:27
we love to have people play with it, but just to give you intuition for the tricks that we use, it's very similar to algebraic case, but there's a few different things going on. You should read the coconut paper, talk to Mustafa Al-Bassam if he's here,
29:40
if you can see him around in the audience. You embed the attributes as commitments, sort of standard Peterson-style commits. Like I said earlier, you can use non-reactive zero-knowledge proofs, if you want private attributes, and then you have pairing-based elliptic curve cryptography, which helps allow the signature itself to be re-randomised.
30:03
So you package up your commits into an encrypted package using El Gamal encryption, because you can then re-randomise it, ship it up the validators, they validate it, let's say three of five validate it, you ship it back, and you have some new functions. So, while you can get partial credentials from an issuer,
30:23
a validator, so to speak, the user merges these credentials together. They don't have any third party do it for them, and that creates a full credential that embeds all the information for identity they need, which is going to be shipped to a verifier in a service. And as I showed in the demo,
30:41
the user is under control of re-randomisation, so anytime they want to unlink a transaction, they want no one to connect, their validation and their issuing, they just basically hit the re-randomisation button, simple explanation, and they can re-randomise the signature itself. And the two other tricks, the well-known tricks which essentially allow this to work,
31:03
is you use threshold cryptography to achieve decentralisation, and in order to achieve verifiability, because you have to, the people who get these credentials, they have to verify that they're really valid, that they actually, someone actually saw something that said you're 18, or you actually do have this amount of money
31:21
in your bank account, you can basically use a hashing trick over the secrets, similar to identity-based encryption, to make a hash which anyone can check, which can be publicly published. So we built this whole giant system which I actually just demoed to you, minus the mixnet component already, taking essentially some sort of NIM,
31:41
some sort of token, shipping it around, embedding all sorts of attributes into anonymous authentication credential, you can have third parties sign off with them, you can create these attributes yourself and make them self-sovereign, so you can sign them, ship them up to a validator, the validator doesn't know what credentials
32:02
you're getting signed off on, they don't know where you're going with them, they just said yep, looks valid, someone signed that, I don't really care, we trust the user here, they ship it back, depends on the kind of attribute you want, you can then ship it through something like a mixnet or a tour, an anonymous communication channel, bring the linkability on the timing aspects and various other metadata,
32:22
the service provider can then check the credential, go back to the blockchain, make sure that there's been no double spending, and then you can both do one-time attribute shows for essentially financial transactions or other kinds of one-time sort of things, and also multi-shows for things like age, date, whatever, your name,
32:41
where you really want to tell multiple people you can just do it an unlimited amount of time. And you know, because we're not using full ZK snarks, we're using these kind of very specialized non-interactive zero-knowledge proofs, we get pretty linear scaling, things operate on linkability, can take place in two milliseconds,
33:01
and verification tends to be around 50, it's a bit more expensive of procedure because you have to check all the secrets, and you can see the more and more people you add to the system, it of course gets slower because there's more and more things to check, but it's slower in a linear fashion, so we think that's pretty cool.
33:21
And I think we won't really go into this, but we're really thinking really hard about rewards and how that works, how we can actually make sure that to make privacy-enhanced services really sustainable, surveillance capitalism is obviously not sustainable, and neither are US government grants to Tor and other projects,
33:41
we really need to be able for privacy-enhancing technologies to be able to plug into something that looks like Facebook Connect, that's decentralized, that defends user privacy, and then lets them get paid in a way where they don't have to essentially hold user data. For example, if I run a VPN service, I don't want to have anyone's credit card information,
34:02
I don't want any more personal data, ideally zero, I just want to provide a VPN service and get paid at the end of the month, and know there's real users coming through. And there's tons of other use cases outside of VPNs, one which I think the European Commission worked on tribute-based credentials and funded a lot of this for identity management
34:21
to make an alternative to Facebook Connect, but there's also I think there's a very powerful use case around secure messaging, you know, when you use, for example, Signal, you have a phone number, you have contacts, all of this stuff should be embeddable within a privacy-enhanced credential, and we have some software,
34:41
I recommend taking a look at Status, which actually is decentralized, which tries to provide some of the same capability as Signal, and this software should be embeddable, and some of the newer standards coming out to try to make open standards that have better scalability than the Signal protocol in terms of large group messaging, and to be an actual IETF open standard,
35:02
and these kind of standards, because they're built to support things like Facebook Connect is the fundamental identity system, we want to make sure we can slot in sort of decentralized privacy-enhancing credentials into these kinds of next-generation messaging protocols, so I'd recommend anyone interested in messaging,
35:20
check out the IETF message layer security work, I won't go into mixnets, because I'm running out of time, but again, there was a great talk yesterday, just check that talk out, essentially it is possible to obfuscate metadata, and hook that to a credential, this is all the wonderful people who have been working on the project, Claudia Diaz, Anja, Dave,
35:41
who actually left Libra and has now joined us, Jared, Andrew, who's done a lot of the hard work on the code, and I would really recommend, you know, if you want to get involved, everything is on GitHub, I want to review some of the papers that you may want to take a look at if you're interested in deep diving, so again, the keywords are chain space, a lot of the code is on their website,
36:02
lots of good links, even though they were purchased by Facebook, their website and the code is still there, for early work on NOMIS, authentication credentials, the real classic paper that goes over Schnorr signatures, all the way from 1991, efficient signature generation by smart cards, and then the kind of use of this, well, it ended up being Microsoft Passport
36:21
by Stefan Braun, and the real core paper for Coconut credentials is called Coconut, that gives you the decentralization and privacy, but if you're interested in the algebraic Mac work, which allows to have centralized privacy enhanced could be useful for some use cases like government, some places where you really need a lot of speed,
36:40
a lot of transactions, you can look at my work on unlimited ID, and that's it. I do want to, there was a lot of information at once, but I just wanted, I'm just going to reiterate the fundamental points, and the fundamental points are this, that everyone's very concerned about currency, but identity is the real currency,
37:01
and any plays for new global cryptocurrency schemes are effectively plays to make global identity systems. We already have the world's largest identity system operational right now, bigger than any nation state, ran by Facebook, but luckily, due to 20 years of research, we have the technology to build alternative,
37:22
we even have working code, we just have more people be aware of the problem, build this into their own apps, and work with us to make more efficient, more private, and a more decentralized alternative, because to be honest, I don't think anyone wants to live in a society where single authority can watch all your transactions,
37:43
and have the control over both your financial transactions, and the most intimate details of your life. We need to have privacy enhanced decentralized alternatives, and I welcome you to just join us, and help me make this true. Make this a reality. Fight back against Libra.
38:00
So, any questions? Thank you. That was emotional, but I think that's really, really worth it. We need engagement. We need to fight. Okay, do we have questions?
38:35
A question about the Libra. Basically, when everybody puts money there, they pile up a lot of cash,
38:41
so it's kind of like a debit card. I couldn't find any information about what happens with the money after you give it to Facebook, and before you spend it for something. Yeah, so this is something which there hasn't been too much work on in the public, because Facebook has published very little about this.
39:01
That being said, it would likely work as a fractional reserve banking system, so that when you give control over, sort of, you know, I give Facebook $50, 50 euros, they can then, you know, have that under their control, or at least the Libra Association control, and then relend it out.
39:20
So that will effectively lead to mass capital accumulation by the Libra Association. If you add that by one-third of humanity being stuck under Facebook Connect, that's a whole lot of cash, that's essentially a parallel corporate payment and banking infrastructure, which can rival traditional banking infrastructures. And that's on some level very cypherpunk,
39:40
on another level very terrifying. Okay, we have one more question. We just have one more question now. I'm here afterwards. Yeah, here afterwards. So, have any thoughts on decentralised identity providers? So would they verify governance credentials or anything,
40:00
or are there different ideas about that to do that decentralised? Yeah, so what we tried to do, if I can get back to the picture, is we tried to build a system where we disintermediate centralised providers from validation and verification. So there it is. So you can see in this diagram in step two,
40:20
okay, your identity party could be the German government, which is a big centralised entity. They might sign off on just your age or just your passport, and you can make up some other stuff, and you can work these together and have them be validated in a decentralised way. So we don't think they're incompatible. Okay, thank you so much. You will be here for questions, and thank you for watching.
40:41
Please wash your hands, take your stuff with you, and don't leave any garbage, and a big applause for Harry Hilbert.
Empfehlungen
Serie mit 27 Medien