Amber Baldet — Decentralized, Private, Open, Secure: Building a More Ethical Internet (Turing Fest 2018)

Transcript

1. | Decentralized, private, open, secure Building a more ethical internet

   AmberBaldet GrowClovyr

2. | hi! Currently: § Co-founder & CEO, Clovyr § Board,

   Zcash Foundation Previously: § Blockchain Program Lead, JPMorgan § Chair, Enterprise Ethereum Alliance Financial Industry Working Group @AmberBaldet

3. | Technical choices have human impact Human Experience Human Effort

   Human Rights Decentralized, private, open, interoperable, accessible, secure, & sustainable Functional, convenient, & reliable Delightful Respect Source: ind.ie

4. | Decentralized Lack of a central administrative authority |

5. | Decentralized Lack of a central administrative authority Distributed systems

   Independent computers working together |

6. | Private Free from intrusion into confidential matters |

7. | Private Free from intrusion into confidential matters Anonymous Unable

   to link actions to alternate identities |

8. | Open [access] Low barriers to entry, easy to interoperate

   |

9. | Open [access] Low barriers to entry, easy to interoperate

   | Ability to view / modify / redistribute source code Open [source]

10. | Secure Resistant to undesired outcomes |

11. | Secure Resistant to undesired outcomes Usable Functional, accessible, intuitive,

    pleasant |

12. | “As we start to see things, like autonomous vehicles,

    that clearly have the ability to save people but also cause harm, I think that people are scrambling to build a system of ethics.” -Joi Ito Director, M.I.T. Media Lab NYTimes 2018 |

13. | Data collection Why are you collecting that GPS data?

    Is it accessible via API? Is historical data accessible (but buried) somewhere within the app? Is it sold to third parties?

14. | Data collection User experience Why do you want to

    collect a user’s gender identity? What choices are offered? How does the UX change based on selection? Are there restrictions on updating (e.g. show ID)? Why are you collecting that GPS data? Is it accessible via API? Is historical data accessible (but buried) somewhere within the app? Is it sold to third parties?

15. | Data collection User experience Default settings Why are you

    requiring user action to opt-in to a privacy feature? Who is notified when a setting is changed? Why do you want to collect a user’s gender identity? What choices are offered? How does the UX change based on selection? Are there restrictions on updating (e.g. show ID)? Why are you collecting that GPS data? Is it accessible via API? Is historical data accessible (but buried) somewhere within the app? Is it sold to third parties?

16. | A quick show of hands

17. | So, how did we get here?

18. | ARPANET 1969

19. | ARPANET 1970

20. | ARPANET 1973

21. | ARPANET 1982

22. | The Internet 1984

23. | Usenet traffic 1993

24. | Internet Backbone Privatization, 1994

25. |

26. |

27. | Walled gardens & Elysian fields XMPP RSS Feb 2018

    YoY weekly referral traffic (billions of pageviews)

28. |

29. | Privacy is easy, just use a bunch of different

    tools correctly, all the time

30. | Lots of people care about the open internet &

    digital freedom epic.org eff.org openprivacy.ca z.cash.foundation hrf.org torproject.org freedom.press cdt.org signal.foundation

31. | Freedom == Ethical == Good Guys, right? Right??? |

32. | Apple FBI Hackers Repressive Regimes Etc. Source: carlsontoons.com Strong

    encryption matters. A lot.

33. |

34. | Problem: Sometimes important stuff disappears from the web

35. | Problem: Sometimes terrible stuff won’t disappear from the web

36. | Information wants to be free!

37. | Information wants to be free! Privacy is a human

    right!

38. | Global Bitcoin node distribution a/o 2018-07-31 Source: bitnodes.earn.com

39. |

40. |

41. | Every tool is a weapon, if you hold it

    right. -Ani Difranco

42. | Tradeoffs Enforcement Privacy Abuse Anonymity Responsibility for content Freedom

    Data protection Data portability User protection User choice Local law Human rights Credit: Alex Stamos

43. | Here are some promising tools

44. | Mesh networking § Primary internet access for mobile-first communities

    § Failover internet access in disaster situations § Cheaper municipal wifi § Censorship resistant networking § Finally get wifi in that dead spot in your house …application architecture could change, but will it?

45. | Zero-knowledge proofs ZK-SNARKS: Zero- Knowledge Succinct Non-interactive ARgument of

    Knowledge Background concepts: § Arithmetic circuits & constraint systems § Homomorphic hiding § Verifiable blind evaluation of polynomials § Elliptic curve pairings <SO MUCH MATH>

46. | Zero-knowledge proofs ZK Range Proofs You could generate a

    zero-knowledge proof demonstrating your annual income is within a given range to afford a lease, without disclosing your exact salary ZK-SNARK You could generate a zero-knowledge proof to show a prospective buyer that your Cryptokitty has a specific genetic trait, without disclosing the whole genome

47. | Selective disclosure Birth certificate • Name • Date of

    birth • Location of birth • Parent’s names Passport • Name • Date of birth • Country of citizenship • Height Diploma • University attended • Degree received • Date of matriculation Employer • Place of employment • Dates of employment • Salary Bank • Cash flow averages • Credit score • Consumer profile Job Application Name Date of birth Citizenship Degree Prior employer

48. | Self-sovereign identity § Collection of data that defines our

    identities in various spheres (government ID, job credentials, social reputation) § No reliance on institutional permanence § Allow third parties to quickly verify data with high veracity § Take data across geographic boundaries § Potential to monetize personal data, ideally anonymously

49. | Cryptoeconomics § Allow people (and smart contracts and robots

    and IoT and…) to enter into economic agreements with a low barrier of trust § Incentivize desired behavior (e.g. mining), punish undesired behavior (e.g. staking) § Create fluid microeconomies / next generation sharing economy

50. | Cryptoeconomics § Allow people (and smart contracts and robots

    and IoT and…) to enter into economic agreements with a low barrier of trust § Incentivize desired behavior (e.g. mining), punish undesired behavior (e.g. staking) § Create fluid microeconomies / next generation sharing economy § Most ICOs are stupid

51. | CAP Theorem Append- only logs Horizontal scalability Byzantine Generals

    Representation Elections Invisible Hand PoW PoS Game Theory Git + PGP BitTorrent Public / Private Keypairs Hash Functions Merkle Trees Error Correction Espionage Provably Secure Elections Blockchains E-Commerce National Security Global Banking Monetary Policy Regulation Markets Sovereignty Communities Democracy Resource Allocation Speculation Artificial Scarcity Intrinsic Value Supply & Demand Economics Politics Cryptography Distributed Systems Source: unchained-capital.com

52. | dApp design principles Data Revenue Portability Free Speech Safety

    Privacy User data lives in application- owned servers Corporation is main beneficiary of data Social graph and friend list are locked in to preserve monopoly Platform determines what content and ideas are acceptable Centralized data creates a honeypot for hackers Communication s can be compromised by a central authority Decouples user data from the application Users can share, rescind, or monetize their data Users can seamlessly take their social graph to different apps User determines what content and ideas are acceptable Millions of data vaults make more work for hackers Communication is encrypted end-to-end Source: Blockstack DECENTRALIZED CENTRALIZED

53. | “...Demanding Enron employees prove that they were smarter than

    everyone else inadvertently contributed to a narcissistic culture [where] employees were both incredibly smug and driven by deep insecurity to keep showing it off. It was a culture that encouraged short-term performance but discouraged long term growth. -Angela Duckworth Grit C re d it: @ A p rilW e n se l | Compassion tech

54. | Technical choices have human impact Human Experience Human Effort

    Human Rights Decentralized, private, open, interoperable, accessible, secure, & sustainable Functional, convenient, & reliable Delightful Respect Source: ind.ie human technical

55. | Decentralized networks, growing together. clovyr.io GrowClovyr AmberBaldet