1 00:00:00,000 --> 00:00:29,000 Welcome to today's episode of solar gas! 2 00:00:29,000 --> 00:00:38,000 It is with a bubbly excitement that I will be introducing KDM from New 3 00:00:38,000 --> 00:00:47,000 Design Congress and we just had a wonderful conversation and it gets into 4 00:00:47,000 --> 00:00:54,000 a bit of the high level like how do you actually design securely and for local 5 00:00:54,000 --> 00:00:58,000 first and peer-to-peer protocols and you could think of this episode as a 6 00:00:58,000 --> 00:01:04,000 primer since this is probably the first of a little bit of a series and where we 7 00:01:04,000 --> 00:01:12,000 introduce a Kade and New Design Congress framework as well as the thinking of 8 00:01:12,000 --> 00:01:18,000 security in peer-to-peer and local first networks from a socio-technical 9 00:01:18,000 --> 00:01:29,000 perspective. So with no further ado, let's come Kade! I'm so happy to be having you 10 00:01:29,000 --> 00:01:33,000 here and we've been chatting away for quite a bit already and there's so much 11 00:01:33,000 --> 00:01:39,000 to cover. But first and foremost one of the things we talked about earlier and 12 00:01:39,000 --> 00:01:46,000 honest, you have so many world records. Specifically you have a world record in 13 00:01:46,000 --> 00:01:56,000 swimming. You have three? What? Oh my god yeah. That's incredible! Three! Yeah, three 14 00:01:56,000 --> 00:02:01,000 events, three events like you know you can do different strokes and length 15 00:02:01,000 --> 00:02:14,000 distances and stuff. Just casually drop that. It's what's known as S6 16 00:02:14,000 --> 00:02:19,000 swimming which is a classification in Paralympic sport. 200 meter individual meds, 17 00:02:19,000 --> 00:02:24,000 sorry excuse me, 200 meter individual meds, 400 meter freestyle for short course. 18 00:02:24,000 --> 00:02:32,000 That's great! And I feel like this also sets the basis kind of for like your life in 19 00:02:32,000 --> 00:02:37,000 some form because you've had quite very interesting and which ones say like 20 00:02:37,000 --> 00:02:47,000 a substantial life and also your perspectives are quite substantial. So if we go back a little bit 21 00:02:49,000 --> 00:02:55,000 where did this all start? Like how did you end up being so interesting? Goddamn it! 22 00:02:57,000 --> 00:03:02,000 So I think I would preface this by saying so I have osteoporosis and I was born with it as a 23 00:03:02,000 --> 00:03:08,000 specific kind called Spondyloepfisile dysplasia which if you know the actor Warren Davis, I think 24 00:03:08,000 --> 00:03:15,000 Warwick Davis, Warwick Davis. He's a short statured person he's about. He's quite short but he's been 25 00:03:15,000 --> 00:03:20,000 in a number of really successful really famous films. He's a Hollywood actor. He's in I think 26 00:03:20,000 --> 00:03:23,000 Harry Potter and a number of things like that. I actually don't follow this guy's career. It's 27 00:03:23,000 --> 00:03:31,000 just somebody who has the same kind of osteoporosis I have. But what happens when you have something 28 00:03:31,000 --> 00:03:39,000 like that is you it's the systems that exist around us will try to classify and read you in 29 00:03:39,000 --> 00:03:44,000 very specific ways and often get it really wrong. You would call that in modern terminology like 30 00:03:44,000 --> 00:03:50,000 ableism but I think it's deeper than that. I think there's an institutional desire to classify 31 00:03:50,000 --> 00:03:59,000 people in different ways and it's universal and when you have something that is so out far of the 32 00:03:59,000 --> 00:04:05,000 accepted norm then it becomes very very clear to see that. You have to fight against it for 33 00:04:05,000 --> 00:04:10,000 your entire life. So this is where I think my sensitivity towards understanding 34 00:04:13,000 --> 00:04:17,000 digital systems comes from because these are downstream. We use digital systems in order to 35 00:04:17,000 --> 00:04:23,000 manage the way we communicate how we represent people and ourselves and how we store information 36 00:04:23,000 --> 00:04:31,000 about ourselves and other people and that I think is intrinsically related to how we classify 37 00:04:31,000 --> 00:04:37,000 people outside of that before the cybernetic digestion before we turn people from people and 38 00:04:37,000 --> 00:04:44,000 attributes into representations. So downstream from that you mentioned the Paralympic swimming. 39 00:04:46,000 --> 00:04:51,000 I guess the turning point the catalyst which we really drove that move into doing lots of 40 00:04:51,000 --> 00:04:57,000 different things is I was trialing for the Paralympics as a teenager is about 19 years old 41 00:04:57,000 --> 00:05:03,000 and this is after I'd achieved the world records and in the 200 meter individual medley 42 00:05:03,000 --> 00:05:09,000 race that I was in the qualifiers for I did a turn the first turn from butterfly to backstroke 43 00:05:10,000 --> 00:05:17,000 and as I pushed from the wall my hips disintegrated from the osteoporosis and I ended up 44 00:05:18,000 --> 00:05:25,000 instead of going to the Paralympics I ended up getting a double hit replacement at 19 years old 45 00:05:25,000 --> 00:05:30,000 and in the recovery from that it kind of wiped out my swimming career but it also made me realize 46 00:05:30,000 --> 00:05:36,000 that I had to do like probably two things a little bit fatalistic one is that I was probably 47 00:05:36,000 --> 00:05:42,000 living on borrowed time which luckily has turned out to not be true and the second is that that I 48 00:05:42,000 --> 00:05:48,000 had to do a lot of different things and put like myself into lots of different places rather than 49 00:05:48,000 --> 00:05:56,000 banking all on one one kind of thing so fast forward to 2015 I end up working accidentally on 50 00:05:56,000 --> 00:06:03,000 signal in version one as part of the team that helped launch signal the secure messaging app 51 00:06:03,000 --> 00:06:09,000 and get taken to Hawaii after volunteering on the github project for six months and then 52 00:06:09,000 --> 00:06:13,000 flown to Hawaii and actually work on signal directly and I end up having a rather large 53 00:06:15,000 --> 00:06:20,000 disagreement with Moxie Marlon's bike the the leader of open whisper systems and the 54 00:06:20,000 --> 00:06:28,000 co-founder of signal over the use of phone numbers as an identifier which has become a huge issue 55 00:06:28,000 --> 00:06:34,000 with signal which has been weird to kind of have been the quiet I won't even call it the source 56 00:06:34,000 --> 00:06:37,000 because I never talked about it again I lost that argument obviously and that kind of really 57 00:06:37,000 --> 00:06:44,000 blew me away I wrote an essay last year and was due to circumstances beyond my control only able 58 00:06:44,000 --> 00:06:49,000 to publish it in March of this year but on our website newdesigncongress.org you'll find the 59 00:06:49,000 --> 00:06:54,000 website they find an essay called who will remember us when the servers go dark which chronicles the 60 00:06:54,000 --> 00:07:00,000 experience that I had that I would call if you like my origin story the second half of the origin story 61 00:07:00,000 --> 00:07:07,000 in which I get a sense of the violence at the heart of the digital world and how it relates to 62 00:07:07,000 --> 00:07:12,000 historically other forms of colonialist violence and imperialist violence 63 00:07:14,000 --> 00:07:18,000 and not to say that this is not to say that Moxie Marlon's bike is an instigate of him that 64 00:07:18,000 --> 00:07:25,000 but rather that like the technology lives downstream from these these goals and that it will it's 65 00:07:25,000 --> 00:07:32,000 desire above all is scale and it will do that regardless of the cost and that was I believe when I 66 00:07:32,000 --> 00:07:39,000 started to within I guess three years of that I would have moved to Berlin joined Tactical Tech 67 00:07:39,000 --> 00:07:46,000 for a few years the data privacy non-profit and then by 2018 I would have formed new design 68 00:07:46,000 --> 00:07:50,000 Congress which is the research organization that helps to understand the gap between what is said 69 00:07:50,000 --> 00:07:57,000 to be happening and what is actually happening in digitized societies and then by 2026 now I've 70 00:07:58,000 --> 00:08:04,000 got the research and development lab called Para Real Limited and so over the past nearly 10 years 71 00:08:04,000 --> 00:08:11,000 now of this work we've been working very closely on understanding different ways in which 72 00:08:12,000 --> 00:08:17,000 different I would say first principles if you like of digitization and how they relate to the real 73 00:08:17,000 --> 00:08:23,000 world and those include digital identity and how we represent ourselves how we communicate with 74 00:08:23,000 --> 00:08:32,000 each other over the network and what the the material costs are of all of this stuff and this is 75 00:08:32,000 --> 00:08:38,000 the entanglement I think between those three things is what covers a lot of the kind of work that we do 76 00:08:41,000 --> 00:08:46,000 and I feel like this example that you brought up or it's not an example it was very real and still 77 00:08:46,000 --> 00:08:53,000 is very real with signal and the phone numbers is kind of a great case example to start from when 78 00:08:53,000 --> 00:09:04,000 one's trying to understand the approach you take towards security and it's it's I was thinking 79 00:09:04,000 --> 00:09:12,000 as your essay this is fine points out very acutely it's a missing perspective in a lot of projects 80 00:09:12,000 --> 00:09:19,000 especially projects that aim to take privacy seriously or aim to be some sort of ethical or 81 00:09:19,000 --> 00:09:29,000 utopian solution and so I'm thinking if we look more closely here because I most people are familiar 82 00:09:29,000 --> 00:09:40,000 with maybe pen testing or testing for security vulnerabilities or using encryption you know but 83 00:09:40,000 --> 00:09:47,000 like these very technically focused ways of ensuring security and I think this also ties into 84 00:09:47,000 --> 00:09:53,000 the whole conversation of like different data systems trying to solve trust technically rather 85 00:09:53,000 --> 00:10:01,000 than solving trust socially and but your perspective on security it shifts the lens quite strongly 86 00:10:02,000 --> 00:10:08,000 and your essay kind of was a wake-up call for an entire movement you mentioned a little bit before 87 00:10:09,000 --> 00:10:15,000 but like the history of like what what's been going on what's happening since that essay and 88 00:10:15,000 --> 00:10:24,000 what's been what's what's emerged as like paradigm shifts one could say okay around about 89 00:10:24,000 --> 00:10:32,000 July of 2020 so you know not to bring us back to that point but middle of lockdown where a couple 90 00:10:32,000 --> 00:10:38,000 months into the pandemic a couple months into new design congress as a formal full-time 91 00:10:38,000 --> 00:10:46,000 piece of work rather than a side project and I'd written previously my first I would say new 92 00:10:46,000 --> 00:10:54,000 design congress piece called on weaponized design at tactical tech back in 2018 and your design 93 00:10:54,000 --> 00:10:58,000 congress is your company if the research it's the research organization yeah as I mentioned a 94 00:10:58,000 --> 00:11:03,000 little bit earlier so it's a research organization that we run that is building a body of work to 95 00:11:03,000 --> 00:11:06,000 confront the gap between what is said to be happening and actually happening in digitized 96 00:11:06,000 --> 00:11:11,000 societies so it's it's really what you're sort of taught what you described just then about like 97 00:11:11,000 --> 00:11:19,000 the difference between um the belief that engaging only in device based or systems based security 98 00:11:20,000 --> 00:11:25,000 brings safety and what is the actual outcome of it as like an example of the gap between 99 00:11:26,000 --> 00:11:32,000 the two right that we that we look at very closely yeah so I wrote this essay in 2018 100 00:11:32,000 --> 00:11:38,000 called on weaponized design which described how it was impossible to have a system it was possible 101 00:11:38,000 --> 00:11:45,000 excuse me it was possible to have a system that could harm users without actually breaking in any 102 00:11:45,000 --> 00:11:52,000 way and without really design it it systems or interfaces that harm users whilst performing 103 00:11:52,000 --> 00:11:59,000 exactly as intended and these are the facebook news feed for example back in 2018 this is a 104 00:11:59,000 --> 00:12:05,000 very quaint example now of being able to produce an emotional contagion in users through like 105 00:12:05,000 --> 00:12:11,000 viral posts is an example of weaponized and the entire thing is operating precisely as is intended 106 00:12:11,000 --> 00:12:17,000 to be but it can whether or not the designers are aware of it or not it can produce emotional 107 00:12:17,000 --> 00:12:23,000 responses that are you know deeply harmful and we knew this as early as 2016-2017 when people 108 00:12:23,000 --> 00:12:30,000 started doing research into the effects of the facebook news feed and its algorithms um from 109 00:12:30,000 --> 00:12:33,000 that a number of other it's like one of the genesis pieces of new design congress and from 110 00:12:33,000 --> 00:12:38,000 that there's a number of ideas that descend on that from that one of them is an essay I wrote 111 00:12:38,000 --> 00:12:44,000 specifically to warn one of my beloved spaces even though i'm a little bit of an outsider 112 00:12:44,000 --> 00:12:49,000 the pia to pia community so this i wrote this essay called in 2020 called this is fine optimism 113 00:12:49,000 --> 00:12:55,000 and emergency in the pia to pia network in which i describe how the last 15 years had seen a surge 114 00:12:55,000 --> 00:13:00,000 of interest in decentralized technology from blockchain projects through to that scuttle 115 00:13:00,000 --> 00:13:08,000 butt activity pub and that after this period of time which kind of ended when bit torrent died out 116 00:13:08,000 --> 00:13:13,000 and when the streaming services began like when Netflix began to take off i guess kind of the 117 00:13:13,000 --> 00:13:19,000 development of the iphone and the move from desktop computers into smartphones which for years 118 00:13:19,000 --> 00:13:24,000 couldn't really do decentralized tech very well um there's not you know what i could see was a 119 00:13:24,000 --> 00:13:30,000 renaissance we could all see it at the time a renaissance of interest in decentralized technologies 120 00:13:30,000 --> 00:13:36,000 that had explosive growth driven by the desire for platform commons and community self-determination 121 00:13:37,000 --> 00:13:42,000 and what i say in the piece is that the goals that we had collectively back then are fundamentally 122 00:13:42,000 --> 00:13:49,000 at odds with and a response to the incumbent platforms of social media cultural distribution 123 00:13:49,000 --> 00:13:56,000 data storage and and so on and the piece was a warning that by the 2020s centralized power 124 00:13:56,000 --> 00:14:00,000 and decentralized communities are on the verge of outright conflict for the control of digital 125 00:14:00,000 --> 00:14:05,000 society and that the resilience of centralized networks and their political organizations 126 00:14:06,000 --> 00:14:12,000 remained significantly underestimated by people in the peer-to-peer space and uh on the flip side 127 00:14:12,000 --> 00:14:16,000 the decentralized networks and the communities that they serve have never been more vulnerable 128 00:14:16,000 --> 00:14:23,000 um again this is written a few it was written a year before or actually no it's written at the 129 00:14:23,000 --> 00:14:27,000 end of the first trump administration when a lot of people were beginning to feel a little bit more 130 00:14:28,000 --> 00:14:31,000 relaxed that something better was coming after the first trump administration 131 00:14:32,000 --> 00:14:37,000 and what i could see coming new space on the work they've been doing was like not that at all and 132 00:14:37,000 --> 00:14:44,000 so my concern was that you could look historically and see what happened to decentralized communities 133 00:14:44,000 --> 00:14:50,000 in previous decades you could then like apply that same thing because you know none of the issues 134 00:14:50,000 --> 00:14:55,000 had been solved and as a result the peer-to-peer community was dangerously under-prepared for a 135 00:14:55,000 --> 00:14:59,000 crisis-fueled future that has and i say in the essay very suddenly arrived at our door 136 00:15:00,000 --> 00:15:08,000 and uh six years later that turned out to be true you know um and that's also like it's something 137 00:15:08,000 --> 00:15:15,000 like that a lot of these uh older like now i do you scuttle about as an older network for these 138 00:15:15,000 --> 00:15:22,000 precise reasons because they cannot hold up to actual security risks in real life and are not 139 00:15:22,000 --> 00:15:28,000 therefore not scalable beyond other reasons of not being scalable so it's really taking a shift 140 00:15:28,000 --> 00:15:33,000 and i think a lot of these newer protocols like peer-to-pumba have started embedding these 141 00:15:33,000 --> 00:15:40,000 right this and also especially willow um has started embedding these thinking into their 142 00:15:40,000 --> 00:15:48,000 methodologies and design of protocols which is also like stems back to this colonialist like 143 00:15:48,000 --> 00:15:53,000 issues of who is actually building this technology right not necessarily always the people who are 144 00:15:53,000 --> 00:16:04,000 at risk so this kind of thinking has started taking form in people's realization of building 145 00:16:04,000 --> 00:16:11,000 these projects are you seeing that or is there still like a large discrepancy between security 146 00:16:11,000 --> 00:16:16,000 in reality and security in theory that's a big question with lots of answers yeah 147 00:16:16,000 --> 00:16:20,000 the starting the starting is that i hear you very clearly on the secure scuttle 148 00:16:20,000 --> 00:16:24,000 about thing and i feel kind of the same way what was interesting is that when i released the piece 149 00:16:24,000 --> 00:16:28,000 and i have had a some time to reflect on this and i know that part of this has to do with the 150 00:16:30,000 --> 00:16:35,000 resistance to the ideas of the essay and part of it has to do with the antagonism that we have 151 00:16:35,000 --> 00:16:40,000 at new design congress and it was a relatively new organization at that point um that piece 152 00:16:40,000 --> 00:16:45,000 really divided people and i went from someone who had co-organized you know the first peer-to-peer 153 00:16:45,000 --> 00:16:51,000 web spaces in Berlin like the very first one that um Lewis Center and um couple other people 154 00:16:51,000 --> 00:16:58,000 put together at Trust back in like 2019-2018 um i was sort of going from being very participatory 155 00:16:58,000 --> 00:17:04,000 in this sort of space to really making quite a few uh and i wouldn't say enemies but like people 156 00:17:04,000 --> 00:17:09,000 who really didn't like what i had said and didn't want anything to do with me as a result of that 157 00:17:10,000 --> 00:17:15,000 um and i named a number of projects this is something that i do because i'm not really i 158 00:17:15,000 --> 00:17:19,000 think we would sort of run out of time but i named projects right i didn't say that people 159 00:17:19,000 --> 00:17:24,000 were bad people but i named projects right and one of them of course was the secure scuttle 160 00:17:24,000 --> 00:17:30,000 butt which i described as a what did i describe it as like it's a mercultry of forensics investigators 161 00:17:30,000 --> 00:17:38,000 dream come true um where everything because everything every piece of um information 162 00:17:39,000 --> 00:17:44,000 is permanently etched into a record whilst that is an absolutely elegant offline first system it also 163 00:17:45,000 --> 00:17:54,000 uh given the fact as well that it was hosting a left-wing anti-capitalist political movement 164 00:17:54,000 --> 00:18:01,000 was like precisely not what you wanted to have if anybody if anybody like in an 165 00:18:01,000 --> 00:18:07,000 estate security service or something took the the threat of that seriously right it was a very very 166 00:18:07,000 --> 00:18:12,000 it's unbelievable that nothing seriously bad happened during that time frame it was very scary 167 00:18:13,000 --> 00:18:19,000 but but what i've noticed over the past especially the past three years so a year later i put out 168 00:18:19,000 --> 00:18:28,000 with incense witch ray mccellvey benjamin roya christson day uh myself and peter we put together 169 00:18:28,000 --> 00:18:33,000 and based off of an idea that i had about how we could start defending against these issues 170 00:18:34,000 --> 00:18:40,000 um we put together identity primitive called back channel we started from this idea that 171 00:18:40,000 --> 00:18:47,000 one of the threats in digital systems especially decentralized digital systems was that social 172 00:18:47,000 --> 00:18:52,000 engineering attack was particularly effective where you could um pretend to be somebody on a 173 00:18:52,000 --> 00:18:59,000 network and it didn't matter how much encryption or how well designed your system was um if someone 174 00:18:59,000 --> 00:19:05,000 could convince you in the network in the peter pia network that they were someone else you know 175 00:19:06,000 --> 00:19:11,000 equivalent of like catfishing someone on tinder but for purposes other than messing with people in 176 00:19:11,000 --> 00:19:17,000 dating service something more you know it sounds side note yeah fun side note there we actually did 177 00:19:17,000 --> 00:19:21,000 that on scottabut just as a joke because you know scottabots full of jokes it was more like a 178 00:19:21,000 --> 00:19:27,000 humorous thing but like someone just created an account and it was four people and we had all 179 00:19:27,000 --> 00:19:32,000 agreed to do this joke and it was just a joke um and we made an account called uh 180 00:19:33,000 --> 00:19:38,000 dominic and dominic was the founder of scottabu and then everyone else started 181 00:19:38,000 --> 00:19:42,000 verifying that dominic was dominic oh my god i didn't know the story 182 00:19:45,000 --> 00:19:53,000 it was me kegs and a few others um and everyone else started verifying that dominic was dominic 183 00:19:53,000 --> 00:19:59,000 but then dominic the real dominic was like no i'm actually i'm not gonna lose my account 184 00:19:59,000 --> 00:20:06,000 and it was exactly what you're talking about here that like kind of co-opting someone's identity 185 00:20:07,000 --> 00:20:14,000 in this case i find that like it's quite telling that we had to be five people who were friends 186 00:20:14,000 --> 00:20:21,000 of dominic to agree to co-conspire against dominic but the the case stands that like the 187 00:20:21,000 --> 00:20:28,000 digital identity of dominic who had made the software that we were creating a digital identity of him 188 00:20:28,000 --> 00:20:35,000 on top of was having to fight us saying that we were not him i love that story it's so it's 189 00:20:36,000 --> 00:20:39,000 lucky that he had those five rich friends and not like his worst enemies 190 00:20:40,000 --> 00:20:46,000 it's yeah but like i guess the that's the thing that made it credible that we were actually his 191 00:20:46,000 --> 00:20:52,000 friends because i guess if some random account came on and said this is dominic i guess it would 192 00:20:52,000 --> 00:20:57,000 be because it's a social graph i i don't know i would love i would love your take on this like 193 00:20:57,000 --> 00:21:04,000 because it's the social graph of trust verifying the identity does it become more or less safe 194 00:21:04,000 --> 00:21:09,000 like in that sense i i don't think it's a case by case basis right and it depends upon 195 00:21:09,000 --> 00:21:15,000 a number of factors and some of which are outside of the summer which are really temporal like 196 00:21:16,000 --> 00:21:22,000 if dominic had been a way on holiday for example and away from his computer or you know sailing or 197 00:21:22,000 --> 00:21:28,000 something or or just completely offline um it could be possible that someone who had been like 198 00:21:29,000 --> 00:21:35,000 more closely tracking his movements with the goal of you know impersonating him for some reason 199 00:21:35,000 --> 00:21:42,000 for a gain um could have used the time when he was offline to build a quicker version of trust by 200 00:21:42,000 --> 00:21:47,000 like reappearing as a new account and then convincing certain people to sign that and then 201 00:21:47,000 --> 00:21:53,000 trying to build that five person team that you're talking about but through convincing other people 202 00:21:53,000 --> 00:21:59,000 that this attacker was him so you're right in the sense that like one of the web of trust is 203 00:21:59,000 --> 00:22:05,000 is like what you've done is you've like speedrun the web of trust problem um where the five of you 204 00:22:05,000 --> 00:22:09,000 because you were conspiring together and because you were friends with dominic that made it very 205 00:22:09,000 --> 00:22:15,000 easy to do very quickly but you also not i i assume none of you were particularly skilled in like 206 00:22:15,000 --> 00:22:20,000 actual adversarial like social engineering attacks like not that you have to be trained in it some 207 00:22:20,000 --> 00:22:24,000 people are just naturally better at it than others as well as people who practice but 208 00:22:26,000 --> 00:22:30,000 it's not like you know if you're doing it as a joke the stakes alert the the intent and the 209 00:22:30,000 --> 00:22:36,000 motivation is a bit lower so that all plays in your favor the fact that you had the five people here but 210 00:22:38,000 --> 00:22:43,000 it's i i would say it shows that it can be difficult it doesn't show that the five people 211 00:22:43,000 --> 00:22:49,000 themselves protect you what it does show is the power of the social graph itself and the power of 212 00:22:50,000 --> 00:22:55,000 of relationships that have existed outside of the network itself right that's where the real 213 00:22:56,000 --> 00:23:03,000 power of social engineering exists and so gosh i wish i'd known that during the that period of 214 00:23:03,000 --> 00:23:08,000 time i would have absolutely used that in the essay you would not believe god damn 215 00:23:11,000 --> 00:23:18,000 no no no no no no no people would have done that for sure um but 216 00:23:19,000 --> 00:23:28,000 i think we yeah i mean everyone has got about like we were utopian like trying to just strive 217 00:23:28,000 --> 00:23:34,000 to build what we believed could be a better world and i think there's this yin and yang relation 218 00:23:34,000 --> 00:23:42,000 between people who have your like gift of critiquing and and breaking things down to like the small 219 00:23:42,000 --> 00:23:49,000 pieces and also seeing the holistic aspect at the same time i don't want to say penetrate but like 220 00:23:49,000 --> 00:23:57,000 to to pierce the veil of like this utopia bubble but i think both are needed like we need to be able 221 00:23:57,000 --> 00:24:02,000 to to that's another sidetrack which i would love actually to hear your thoughts on this but 222 00:24:02,000 --> 00:24:09,000 just to finish the thought um like we need to have both the critical and the the visionary 223 00:24:09,000 --> 00:24:13,000 together in order to actually have the forward momentum that's sustainable and i think a lot of 224 00:24:13,000 --> 00:24:20,000 the visionaries in scuttle but uh want to not everyone because you got a lot of angry people 225 00:24:20,000 --> 00:24:26,000 coming at you after this article but i think a lot of them want to actually understand how to 226 00:24:26,000 --> 00:24:35,000 move forward uh sustainably and safely um but yeah so i think i agree with you i think the 227 00:24:35,000 --> 00:24:41,000 difference where we would sit is that i i would call it aspirational uh in a sense because uh and 228 00:24:41,000 --> 00:24:44,000 this is a i don't want to open a can of worms here but we could definitely talk about this 229 00:24:44,000 --> 00:24:52,000 route is i actually kind of believe based on how humans have developed as a species um and again 230 00:24:52,000 --> 00:24:57,000 with keeping in mind the wide experiences that individuals have and that cultural differences 231 00:24:57,000 --> 00:25:04,000 between different um parts of our you know global society if you like not to use a again a really 232 00:25:04,000 --> 00:25:12,000 seriously colonizing to a colonialist term the the human like humans are very sensitive to 233 00:25:12,000 --> 00:25:19,000 scarcity it's one of the things i think that drives a lot of fear um i think that scarcity is one 234 00:25:19,000 --> 00:25:26,000 of the things that's leveraged to uh weaponized populations into excluding and othering different 235 00:25:26,000 --> 00:25:32,000 parts of society um and and so one of the tension points that i hold in my head is that utopianism 236 00:25:33,000 --> 00:25:40,000 promises things that i think humans are for the most part somehow i want to say biologically unable 237 00:25:40,000 --> 00:25:46,000 to accept but somehow intrinsically resistant to the and unable to really fully grapple with the 238 00:25:46,000 --> 00:25:52,000 concept of of of abundance in like a serious way and i think you can see this very clearly in 239 00:25:52,000 --> 00:25:58,000 examples such as like the modern the modern condition right where um in some ways there's 240 00:25:58,000 --> 00:26:05,000 abundance like um for all of its deep flaws the number of people you know whenever you point 241 00:26:05,000 --> 00:26:10,000 out the the like the crimes of capitalism you'll always have economists and other people defenders 242 00:26:10,000 --> 00:26:17,000 come forward and say that capitalism has lifted the largest groups of people out of poverty now 243 00:26:17,000 --> 00:26:24,000 sending aside that as an argument um uh that can be attacked from multiple different ways 244 00:26:25,000 --> 00:26:31,000 one thing i would say to that is that i think it's interesting that even if you accept the very 245 00:26:31,000 --> 00:26:35,000 like a very narrow definition of that claim or very narrow um interpretation of that claim that 246 00:26:35,000 --> 00:26:40,000 there are fewer people in poverty in capitalist societies than they were historically before 247 00:26:40,000 --> 00:26:48,000 they were industrialized even if you um interpret that as in its narrowest um version of that claim 248 00:26:48,000 --> 00:26:55,000 um people we still have the society still struggles over the same issues of wealth accumulation 249 00:26:55,000 --> 00:27:03,000 of fear of um resource fear you know cost of living things like that and without again 250 00:27:03,000 --> 00:27:08,000 with keeping this very high level so i don't we don't veer off into another direct dimension like i do 251 00:27:08,000 --> 00:27:15,000 worry that that utopianism as a as an aspirational goal creates a tension point between like humans 252 00:27:15,000 --> 00:27:23,000 and that goal now sorry to be off topic that no i invited for the question i'm actually 253 00:27:23,000 --> 00:27:29,000 personally really curious about this so i i've been thinking about asking you for a long time so 254 00:27:29,000 --> 00:27:35,000 i'm glad it came up oh i appreciate that so i i but i'm not this is not nihilism speaking right what 255 00:27:35,000 --> 00:27:41,000 i'm saying is that like i'm not at by any stretch of imagination analyst um what i'm trying to say is 256 00:27:41,000 --> 00:27:46,000 that and this is where i do start to call on where i start to call on like some of the stuff that 257 00:27:46,000 --> 00:27:53,000 happened after the essay um i believe you can be visionary or aspirational and somebody who has 258 00:27:53,000 --> 00:27:59,000 a deep critique and the last five years has proven that um the the choices that certain people made 259 00:27:59,000 --> 00:28:04,000 after the this is fine essay was published and after we completed the back general work for example 260 00:28:05,000 --> 00:28:09,000 there are people who were inspired by that work or people who had parallel ideas that they committed 261 00:28:09,000 --> 00:28:14,000 to and started building in that environment as that that world collectively opened up and that 262 00:28:14,000 --> 00:28:22,000 dialogue started to happen properly and then there are people who didn't and what i find interesting 263 00:28:23,000 --> 00:28:31,000 is that we tend to try to separate the visionary from the critic and i think if there was one thing 264 00:28:31,000 --> 00:28:37,000 that i would say that was intrinsic to the initial blowback that i got from the essay and the warning 265 00:28:38,000 --> 00:28:47,000 was that people the visionary for a number of reasons is very protective of the thing that 266 00:28:47,000 --> 00:28:53,000 they're working on and i think that if you're a builder i it took to the detriment of of of of 267 00:28:54,000 --> 00:29:00,000 that work to the to the detriment of all else like and and usually this this this manifests in the 268 00:29:00,000 --> 00:29:07,000 sense where the the visionary will accept criticism on the terms in which they are developing their 269 00:29:07,000 --> 00:29:12,000 this vision on so in in the case of decentralized systems this will be people accepting github issues 270 00:29:12,000 --> 00:29:16,000 but not fundamental or philosophical critique of the thing that they're building in the first place 271 00:29:17,000 --> 00:29:21,000 right which is but both of these are important right like the tech stack you choose is just as 272 00:29:21,000 --> 00:29:27,000 important as who you choose to be excluded from the system that you're designing itself like 273 00:29:27,000 --> 00:29:34,000 all of these ultimately are legitimate questions and you can't if you anoint yourself as the builder 274 00:29:34,000 --> 00:29:40,000 if you want to inherit the arrogance of the builder of the vision visionary then you have to accept 275 00:29:40,000 --> 00:29:47,000 the arrogance of the critic who believes that they can come and tell you why the thing that you're 276 00:29:47,000 --> 00:29:57,000 building poses a threat and i would say especially not to invoke the kind of idea of ableism here 277 00:29:57,000 --> 00:30:04,000 because i do keep this that side of me quite quite private um from expertise that can see it coming 278 00:30:04,000 --> 00:30:11,000 right because it's expertise that's lived in that world in in a in a sense in exile from the norm 279 00:30:12,000 --> 00:30:18,000 for you know my entire life in this case now of course like online much harder to tell i don't 280 00:30:18,000 --> 00:30:23,000 identify with my osteoporosis online things like that but there were people who knew me i had people 281 00:30:23,000 --> 00:30:28,000 who had seen me and and spoken to me in real life or seen talks i'd given and sort of you know there's 282 00:30:28,000 --> 00:30:38,000 a sense of of of of like the how do i put this it makes me sound like i'm still really angry about 283 00:30:38,000 --> 00:30:43,000 that this is fine piece and in some ways i think i might be a little bit um because i feel like 284 00:30:43,000 --> 00:30:49,000 there's i'm sorry and that's okay yeah well i'm angry not because of the blurb i'm angry because 285 00:30:49,000 --> 00:30:54,000 i feel like we missed there like there are ways in which things could be even better than they are 286 00:30:54,000 --> 00:31:00,000 now in certain ways like the improvements the kind of consolidation around um decentralized 287 00:31:00,000 --> 00:31:04,000 digital identities that are much more carefully designed than they were historically or the 288 00:31:04,000 --> 00:31:08,000 the promotion of end-to-end encryption these sorts of things have been really powerful 289 00:31:08,000 --> 00:31:14,000 but i feel like there was so much time lost in such a terrible lull it like in a lull in the 290 00:31:14,000 --> 00:31:19,000 terribleness of the world that ah man if there was a way in which i could have written this better 291 00:31:19,000 --> 00:31:24,000 or if there was anything i could have done to communicate the ideas better maybe that's not 292 00:31:24,000 --> 00:31:28,000 that offering or just a part of a bigger system and what you did had a huge catalyzing effect on 293 00:31:28,000 --> 00:31:36,000 larger pewter pew and local first ecosystem space and yeah to finalize that thought is that like 294 00:31:36,000 --> 00:31:41,000 i believe that the visionary and the critic can be the same person and i think that to have someone 295 00:31:41,000 --> 00:31:48,000 come at you and offer substantial criticism even if it's confrontational or antagonistic 296 00:31:48,000 --> 00:31:54,000 if the criticism itself is deeply thought and something more than what you should do is x or y 297 00:31:54,000 --> 00:32:00,000 or something that very clearly pushes a motivation that doesn't align or is an uneducated opinion 298 00:32:01,000 --> 00:32:08,000 then i think you can kind of it's in i think it is also on you to meet that person where that 299 00:32:08,000 --> 00:32:13,000 where they are in terms of that criticism and i feel like the people who are going to emerge 300 00:32:13,000 --> 00:32:18,000 in the next couple of years as the leaders of decentralized movements because they they are and 301 00:32:18,000 --> 00:32:24,000 will they will be and are being attacked right now um by the centralize um in common as i 302 00:32:24,000 --> 00:32:30,000 described in the essay the people who emerge from that as the wind as the kind of systems that 303 00:32:30,000 --> 00:32:36,000 are resilient to these sorts of attacks are the people i feel who have internalized their ability 304 00:32:36,000 --> 00:32:42,000 as a visionary or as a sort of a leader of these kinds of systems and also someone who's internalized 305 00:32:42,000 --> 00:32:49,000 the ability to critique it at an existential level um and that i think is like i think that 306 00:32:49,000 --> 00:32:59,000 people who are unable to do that read really in danger um themselves their teams and communities 307 00:32:59,000 --> 00:33:05,000 around them when you are completely unable to separate yourself from the vision and consider 308 00:33:06,000 --> 00:33:14,000 the critique especially strong critique foundational critique as an indictment of your vision itself 309 00:33:16,000 --> 00:33:21,000 what does one do when like because some of this foundational critique and i think what causes 310 00:33:21,000 --> 00:33:26,000 some people and it just to sidetrack a little bit more because we have some time before we dive 311 00:33:26,000 --> 00:33:32,000 into the next part which is also very juicy because a lot of people who are met with this 312 00:33:32,000 --> 00:33:37,000 kind of critique especially when it's larger peer-to-peer projects that they've been working years on 313 00:33:37,000 --> 00:33:42,000 and then they come to realize that there's like a foundational issue with the infrastructure and 314 00:33:42,000 --> 00:33:50,000 how it's built and like solving these foundational critiques would mean basically starting over 315 00:33:50,000 --> 00:33:58,000 from scratch like is it because because i think that's what kind of makes people 316 00:33:59,000 --> 00:34:08,000 um bite down and i guess i guess what i'm leading on towards is that like in a conversation i had 317 00:34:08,000 --> 00:34:15,000 a few years ago with Anyosha one of the approaches and one of the reasons that it was so difficult 318 00:34:15,000 --> 00:34:20,000 for especially Skudel but to kind of swallow this critique is because we were built in such a 319 00:34:20,000 --> 00:34:25,000 monolithic way or Skudel but was built in such a monolithic way that it was very difficult to 320 00:34:25,000 --> 00:34:31,000 change small pieces here and there without changing the entire system and then Anyosha had 321 00:34:31,000 --> 00:34:38,000 brought up this perspective that like in order to be more adaptable in order to be more resilient 322 00:34:38,000 --> 00:34:46,000 in order to be more future-proof we need to change the way we build to become more modular 323 00:34:46,000 --> 00:34:54,000 which i guess in turn also becomes an answer to the question i posed unintentionally so but 324 00:34:55,000 --> 00:35:02,000 that we can respond to critique in a better way i'm just guessing because it's easier to change 325 00:35:02,000 --> 00:35:11,000 yeah firstly shout out to the willow team sammy and um alio for being the urges of 326 00:35:12,000 --> 00:35:17,000 recognizing that this is fine critique and kind of baking this entire philosophy into along with 327 00:35:17,000 --> 00:35:25,000 cinnamon when they were um still with us um and when willow was called um earth star 328 00:35:26,000 --> 00:35:32,000 that is a group of people descendant from secure Skudel but who like were even grappling it at 329 00:35:32,000 --> 00:35:37,000 the time before the essay came out i think one of the first times we did a reading of the essay 330 00:35:37,000 --> 00:35:41,000 itself was actually in their discord server in the earth star discord server which was like 331 00:35:42,000 --> 00:35:48,000 only a few weeks after i published um you're right in the sense what what when you refer to 332 00:35:48,000 --> 00:35:53,000 what alio she was saying in that conversation of of needing to produce a way of designing systems 333 00:35:53,000 --> 00:35:58,000 it's way more modular i think that's 100 true i also want to say there's two other things to 334 00:35:58,000 --> 00:36:02,000 and we can touch on this either now or in the future sometime because it's a big issue 335 00:36:04,000 --> 00:36:10,000 that we have to change how things are funded for starters um part of the concern that there's 336 00:36:10,000 --> 00:36:16,000 i talked about ego and fragility of the self as being a big part of the pushback to criticism 337 00:36:16,000 --> 00:36:21,000 but you're also right that there are other reasons why people get feel really vulnerable why 338 00:36:22,000 --> 00:36:25,000 team members who are building projects like this get really feel really vulnerable about 339 00:36:25,000 --> 00:36:30,000 these kinds of critiques especially fundamental ones the first thing i'll say on that is that like 340 00:36:30,000 --> 00:36:36,000 no matter what the nature of a digital system and the nature of compressing the variety of human 341 00:36:36,000 --> 00:36:42,000 lived experience and the kind of material world around us into a digital system means that you 342 00:36:42,000 --> 00:36:47,000 always make a trade-off and it's always going to be bad right there's always going to be a serious 343 00:36:47,000 --> 00:36:52,000 existential drawback to what you're what you're building the question that you ask yourself 344 00:36:53,000 --> 00:36:58,000 that you're as a designer as a like a protocol developer or platform developer as somebody who's 345 00:36:58,000 --> 00:37:07,000 designing these systems is can i live with this and does this align with my politics completely 346 00:37:07,000 --> 00:37:14,000 how closely does it get to how i position myself in the world and what i put forth as my politics 347 00:37:14,000 --> 00:37:18,000 if you're a protocol designer if you're working in decentralized spaces and you're producing 348 00:37:18,000 --> 00:37:26,000 you're engineering some kind of future you are essentially in one sense existing in this kind of 349 00:37:26,000 --> 00:37:31,000 what i would call like a power real state where you are operating both in the digital world and 350 00:37:31,000 --> 00:37:37,000 in the material world simultaneously in a kind of third space and you're creating that third space 351 00:37:37,000 --> 00:37:43,000 so that others can be there as well right in a sense a little bit esoteric but it's really about 352 00:37:43,000 --> 00:37:50,000 these creating these moments of charged sort of social interactivity that you that are mediated 353 00:37:50,000 --> 00:37:59,000 through a ideally controlless decentralized system that's almost kind of like political writing 354 00:37:59,000 --> 00:38:06,000 it's like writing interventions in the form of essays but your essays here occurred and rather 355 00:38:06,000 --> 00:38:15,000 than reading them people are participating in them right and so and so beyond like beyond the 356 00:38:15,000 --> 00:38:20,000 sensitivity towards that the two things i would say is one yeah absolutely what alia would 357 00:38:21,000 --> 00:38:26,000 i talk with alia should pretty frequently i think that that's one of the core things that 358 00:38:26,000 --> 00:38:28,000 they've impressed on me too and there's some stuff that we've been working on which we could 359 00:38:28,000 --> 00:38:37,000 talk about sometime later um that really embodies this completely and then secondly that we have to 360 00:38:37,000 --> 00:38:43,000 have funding we have to have a cultural change in the funding landscape on what the expectations 361 00:38:43,000 --> 00:38:52,000 that funders have on decentralized systems because right now there is no margin for error 362 00:38:52,000 --> 00:39:00,000 and error is seen as something that's has to be defended against or justified rather than 363 00:39:02,000 --> 00:39:08,000 being seen as for what it is which is like an opportunity to to build upon 364 00:39:08,000 --> 00:39:14,000 um and hopefully avoid you know systemic failures of the previous implementation 365 00:39:15,000 --> 00:39:21,000 now of course i understand the risk like funders are this way as well because otherwise you end 366 00:39:21,000 --> 00:39:26,000 up with people spinning their wheels reinventing things over and over again you know like reproducing 367 00:39:26,000 --> 00:39:31,000 the same material every six weeks because they find a flaw in it and they have to start over like 368 00:39:31,000 --> 00:39:35,000 the idea here is not to say this is why it preface this by saying that the questions that you ask 369 00:39:35,000 --> 00:39:39,000 yourself are whether it's politically in alignment and whether you can sleep at night 370 00:39:40,000 --> 00:39:45,000 um the idea here isn't to be perfect but rather that the the the work has to be 371 00:39:46,000 --> 00:39:51,000 defensible not on terms of the mistakes that you've made or the or the the the blind spots that 372 00:39:51,000 --> 00:39:56,000 have been coded into the into the work but rather whether or not it aligns with the politics of 373 00:39:56,000 --> 00:40:00,000 yourself and to a lesser extent but still importantly the politics of the funder and then 374 00:40:00,000 --> 00:40:05,000 building from that the other thing we desperately need are representatives in places like the 375 00:40:05,000 --> 00:40:14,000 wc3 and other standards bodies who are um essentially pooling for the shed consensus on where we feel 376 00:40:14,000 --> 00:40:19,000 these things should stand and what their standards should uphold and actually advocating for those 377 00:40:20,000 --> 00:40:23,000 in the larger society because that's the only way as well that we're going to establish ourselves 378 00:40:23,000 --> 00:40:28,000 for like longer-term strategies around funding around implementation around protecting ourselves 379 00:40:28,000 --> 00:40:30,000 if we if we have that representation as well 380 00:40:32,000 --> 00:40:40,000 and there's a whole world we're going to dive into which is like how does one get a consensus 381 00:40:40,000 --> 00:40:47,000 in these spaces and how do we actually approach this and I think this also boils down a little bit 382 00:40:47,000 --> 00:40:55,000 to this uh paradigm shift that kind of uh came about around 2020 and around the time of your 383 00:40:55,000 --> 00:41:05,000 article um but I think one missing aspect in this conversation that we haven't quite touched about 384 00:41:05,000 --> 00:41:11,000 or touched on which is we've been kind of talking around it but the methodology that you have 385 00:41:11,000 --> 00:41:16,000 developed which mentioned it like three times everyone on the like listening is like what are 386 00:41:16,000 --> 00:41:24,000 you talking about yeah and I guess that makes sense because it's often like the outcomes that are 387 00:41:24,000 --> 00:41:32,000 relevant for people and but there's actually a process that you have charted out and kind of 388 00:41:32,000 --> 00:41:42,000 created in order to discover these kind of fundamental challenges and safety concerns of 389 00:41:43,000 --> 00:41:51,000 socio-technical systems yeah so you you have mentioned it to me and first time I saw it I was 390 00:41:51,000 --> 00:42:01,000 what's axillic so it's an acronym there's two yeah anxiety and axillic yeah yeah yes there we go 391 00:42:02,000 --> 00:42:09,000 and could you could you like help us like if if someone is coming into this and they want to start 392 00:42:11,000 --> 00:42:17,000 understanding things from a social material security perspective where did they start okay 393 00:42:17,000 --> 00:42:23,000 so to understand why something like this needs to exist we start first with what it's in response 394 00:42:23,000 --> 00:42:29,000 to so maybe some people who are listening to this will well know this will be old news then but 395 00:42:29,000 --> 00:42:35,000 there will be people here listening to this that don't know threat modeling is the idea of looking 396 00:42:35,000 --> 00:42:40,000 at a potential looking at a set of conditions that you have right now in a digital system 397 00:42:41,000 --> 00:42:47,000 and then trying to forecast in different ways focusing on different parts of that system like 398 00:42:47,000 --> 00:42:55,000 the computer the network the inputs of like data things like that where an attacker might come in 399 00:42:55,000 --> 00:43:03,000 and actively attack that um so things like um you know the idea of HTTP unencrypted 400 00:43:04,000 --> 00:43:10,000 um web browser communication versus uh HTTPS uh the threat models around why you would implement 401 00:43:10,000 --> 00:43:20,000 HTTPS is that the uh that the the data coming over the protocol in an HTTP request you know 402 00:43:20,000 --> 00:43:26,000 such as your bank information or other data that you like might be sensitive that you've sent to 403 00:43:26,000 --> 00:43:32,000 a website can be listened to when it's unencrypted by anybody between you and that server and so 404 00:43:32,000 --> 00:43:36,000 that would be the threat modeling your threat modeling the idea of well if it's unencrypted 405 00:43:36,000 --> 00:43:42,000 then it can be listened to and so out of that you know the simplistic like very simple example is 406 00:43:42,000 --> 00:43:48,000 to then say well we'll exchange encrypted um keys before we then send an encrypted version 407 00:43:48,000 --> 00:43:54,000 of the same requests over the network and the intermediaries can't read the data that you're 408 00:43:54,000 --> 00:44:01,000 sending and receiving from this website it's like a basic example um go ahead can i jump in here 409 00:44:01,000 --> 00:44:08,000 because an example that for me also when i was watching your talk at CCC this year um 410 00:44:09,000 --> 00:44:15,000 you brought up an example that i was like kind of shocked by and it feels in hindsight like i 411 00:44:15,000 --> 00:44:22,000 shouldn't have been but it also gave me a really nice perspective to understand how socio socio 412 00:44:22,000 --> 00:44:28,000 technical threat modeling can also discover non-technical security challenges and you brought 413 00:44:28,000 --> 00:44:39,000 up this case that was i think it was uh southeast Asia and uh there was a bank or some large large 414 00:44:39,000 --> 00:44:46,000 collaboration yeah yeah in Hong Kong that was doing a transfer of large amounts of money and then 415 00:44:47,000 --> 00:44:55,000 as far as i remember it correct correct me if i'm wrong um then there was this uh teller or not 416 00:44:55,000 --> 00:45:01,000 teller but like a person working at the bank or company that was supposed to be transferring 417 00:45:01,000 --> 00:45:11,000 the money and then there was deep fakes in like seven different people um who were representing 418 00:45:11,000 --> 00:45:15,000 his co-workers right who were telling him to go through with this transfer right but it was a 419 00:45:16,000 --> 00:45:21,000 false transfer and it became the highest of how much money uh let me i've got that number there 420 00:45:21,000 --> 00:45:28,000 hang on um so to firstly to answer like to to like um you've got a really good memory that is 421 00:45:28,000 --> 00:45:35,000 almost precisely what it was um the idea here is that it was a Hong Kong based firm 200 million 422 00:45:35,000 --> 00:45:42,000 Hong Kong dollars um it's an uh it's a routine it's a it's a it's a routine phone call in a sense where 423 00:45:42,000 --> 00:45:46,000 this is somebody who was able to who has the authority to transfer large sums of money inside 424 00:45:46,000 --> 00:45:53,000 this large company um he's but the protocol is is that this person has to sit down with the CFO 425 00:45:53,000 --> 00:45:58,000 and other senior team members and get the okay and do like a whole procedure where they talk to 426 00:45:58,000 --> 00:46:04,000 each other and then verbally okay it and then they transfer and the idea here was that this 427 00:46:04,000 --> 00:46:09,000 highest of 200 million Hong Kong dollars was completed because the people who were part of this 428 00:46:09,000 --> 00:46:16,000 sort of security ritual which is meant to be you know face to face or over zoom call whatever 429 00:46:16,000 --> 00:46:21,000 where you're verifying each other based on the presence of the other people um all of those 430 00:46:21,000 --> 00:46:26,000 people involved except for the the target who transferred the money were deep faked um that was 431 00:46:26,000 --> 00:46:36,000 in 2024 just over two years just over a year and a bit ago and um and so so getting to the 432 00:46:36,000 --> 00:46:40,000 difference that that's a really good segue into the difference between sort of threat modeling and 433 00:46:40,000 --> 00:46:46,000 socio-technical threat modeling the problem with threat modeling it's descendant from you know 434 00:46:46,000 --> 00:46:53,000 darker department of defense style uh perspectives on seeing the world where you try to organize 435 00:46:53,000 --> 00:47:00,000 the world into systems that you can understand and you eject anything that doesn't fit this model 436 00:47:00,000 --> 00:47:05,000 that you created like the system that you've created cybernetic system as entropy as something 437 00:47:05,000 --> 00:47:12,000 that um is an excess noise right as a something to be discarded from the system and as a result 438 00:47:12,000 --> 00:47:21,000 of that all of the modern threat modeling practices tend to focus on devices on security systems on 439 00:47:21,000 --> 00:47:29,000 platforms um on networks etc like the the actual digital side of things when in reality um the 440 00:47:29,000 --> 00:47:35,000 consequence of that is that the social side of um the threats that emerge the kind of weaponized 441 00:47:35,000 --> 00:47:41,000 design the the issues that I raise in this is fine and in the all the work they've done uh these 442 00:47:41,000 --> 00:47:47,000 are of course intrinsically linked to the use of digital systems but they are fundamentally not 443 00:47:47,000 --> 00:47:54,000 issues of digital systems they are what's known as socio-technical um uh consequences and social 444 00:47:54,000 --> 00:48:00,000 technical issues around how we like the relationships that we have that are intermediated between 445 00:48:01,000 --> 00:48:07,000 um digital devices and the custodianship of data the political downstream consequences 446 00:48:07,000 --> 00:48:15,000 consequences of social ones etc and so what's emerging now which is very exciting is an entire 447 00:48:15,000 --> 00:48:20,000 field which has been around for a while but is I think beginning to really crystallize is a discipline 448 00:48:20,000 --> 00:48:29,000 within I would sort of say the humanities rather than comp sci around um viewing digital systems 449 00:48:29,000 --> 00:48:36,000 in this lens and so for the last I would say seven years so from like 2015-20-2016 450 00:48:37,000 --> 00:48:43,000 2016 was when I was starting to think openly about how to produce what I would call like a 451 00:48:43,000 --> 00:48:48,000 generative framework that is a system in which you start with a handful of questions that then 452 00:48:48,000 --> 00:48:55,000 emerge into your own taxonomy of of risk um but how do you build a system that is accessible that 453 00:48:55,000 --> 00:49:01,000 you can use in lots of different contexts that de-center the system and instead refocus on 454 00:49:01,000 --> 00:49:06,000 on individuals communities and and the social networks the political networks the economic networks 455 00:49:06,000 --> 00:49:14,000 around these individuals um and still produce a working um understanding of the kinds of threats 456 00:49:14,000 --> 00:49:20,000 that are individually experienced or collectively shared around the use or in at the insertion of 457 00:49:20,000 --> 00:49:26,000 digital systems in these spaces and so I started this work I would say just after my clash with 458 00:49:26,000 --> 00:49:32,000 signal and I had been picked up to become the um chief product designer a chief product officer 459 00:49:32,000 --> 00:49:38,000 at a company called Spyderook which at that point was a very famous um end-to-end encrypted drop 460 00:49:38,000 --> 00:49:44,000 box competitor that Edward Snowden had famously said in an interview was unable to be um uh 461 00:49:45,000 --> 00:49:50,000 cracked by the NSA and that like gave them a wave of attention and and funding so it was the 462 00:49:50,000 --> 00:49:55,000 head there of their of designing and helping the product team put things together with the CEO 463 00:49:56,000 --> 00:50:03,000 and this is where this concept of anxiety came from an anxiety is a socio-technical threat analysis 464 00:50:03,000 --> 00:50:08,000 framework that has seven vectors through which infrastructure projects can produce harm 465 00:50:08,000 --> 00:50:14,000 whether through direct action architectural failure or external appropriation and anxiety is an 466 00:50:14,000 --> 00:50:19,000 acronym or is a seven vectors you've got appropriation the capture of identity data or 467 00:50:19,000 --> 00:50:24,000 infrastructure by a third party negligence unexpected governance failures specific to potential 468 00:50:24,000 --> 00:50:29,000 decisions that a designer may reasonably make this is you know everybody from a protocol designer 469 00:50:29,000 --> 00:50:36,000 to a um an app designer exclusion failures to account for material conditions that temporarily 470 00:50:36,000 --> 00:50:41,000 or permanently block access for individuals communities or entire populations out of the 471 00:50:41,000 --> 00:50:47,000 system or downstream from that other services that rely on that system in personation which is a 472 00:50:47,000 --> 00:50:53,000 social engineering attack vector attacks against infrastructure staff or users or that use the 473 00:50:53,000 --> 00:51:00,000 infrastructure itself to impersonate an attacker exploitation which is the abuse and attacks driven 474 00:51:00,000 --> 00:51:07,000 by system based incentives so these are things like um uh where you have like when you add a 475 00:51:07,000 --> 00:51:11,000 a token to a decentralized network and then you get like fraudsters come along this is like 476 00:51:11,000 --> 00:51:16,000 exploitation where the goal is to like the attacks are accelerated as a result of the financial 477 00:51:16,000 --> 00:51:24,000 incentive toxicity direct harms to the social fabric made possible by the project and yielding 478 00:51:24,000 --> 00:51:30,000 attacks that rely on coerced consent anywhere in the infrastructure so anxiety takes these seven 479 00:51:30,000 --> 00:51:38,000 vectors and um through a series of um pedagogical sort of designed and we could this is another 480 00:51:38,000 --> 00:51:45,000 talk for another day there's a whole set of pedagogy um inspirations that I pulled from as part of 481 00:51:45,000 --> 00:51:50,000 this there's different methodologies within that to kind of tease out in in a participatory way 482 00:51:50,000 --> 00:51:55,000 some of the threats that emerge and how they how they interact with each other and then once you 483 00:51:55,000 --> 00:51:59,000 have an understanding with that you can do this as a practitioner or you can like bring communities 484 00:51:59,000 --> 00:52:05,000 into it and work it sort of flexible enough to do both the kind of response to anxiety is a 485 00:52:05,000 --> 00:52:13,000 design framework that we call axilic like exile and axilic um is is a much more looser system because 486 00:52:13,000 --> 00:52:20,000 it doesn't allow you to um it's not like a prescriptive thing like human-centered design but instead 487 00:52:20,000 --> 00:52:26,000 it has nine core tenets so built for post-cope this is the worst case as the worst case scenario 488 00:52:26,000 --> 00:52:31,000 is your central constraint it's an empathetic interface design that prioritizes cognitive 489 00:52:31,000 --> 00:52:37,000 diversity and intellectual sovereignty relationship-based identity a person is a person through other 490 00:52:37,000 --> 00:52:42,000 people collective access to emerging tech this is things like economic justice and resisting 491 00:52:42,000 --> 00:52:50,000 cloud coercion self-hosted infrastructure by default and it uses um you know video game inspired 492 00:52:50,000 --> 00:52:54,000 accessibility so things like how kids can set up Minecraft servers by themselves and bring their 493 00:52:54,000 --> 00:53:00,000 friends in without having a third party involved um no network by default connectivity is seen as 494 00:53:00,000 --> 00:53:05,000 a liability and it requires explicit permission deletion is fundamental right decentralization 495 00:53:05,000 --> 00:53:09,000 is worthless without it even though deletion is one of the hardest things to do in decentralization 496 00:53:10,000 --> 00:53:16,000 break these are systems that break the frame these are inter-processed integrations anti-siloing 497 00:53:16,000 --> 00:53:24,000 of data and connectivity and um uh designs that exist beyond the electron app window things that 498 00:53:24,000 --> 00:53:29,000 can move through a system and kind of the last tenet would be the end of what we would call what 499 00:53:29,000 --> 00:53:34,000 Fukuyama called the end of history the end of the end of history where we consider permanent 500 00:53:34,000 --> 00:53:40,000 instability as the operating assumption rather than the belief that liberalism had triumphed and the 501 00:53:40,000 --> 00:53:46,000 world was a stable place consequently and that the kind of values that axillic ab once again is 502 00:53:46,000 --> 00:53:54,000 an acronym are that an axillic desert an axillic system is one that is ephemeral with graceful 503 00:53:54,000 --> 00:54:00,000 graceful degradation that allows for decay exits with allows for exit reversibility right to 504 00:54:00,000 --> 00:54:07,000 deletion it is intentional with explicit adversarial modeling and non-weaponizable design it is local 505 00:54:07,000 --> 00:54:14,000 is um speeches infrastructure independence human rebuildable systems and pluralism economic 506 00:54:14,000 --> 00:54:22,000 independence informed as in participants understand and have cognitive agency and consensual in the 507 00:54:22,000 --> 00:54:28,000 sense that participants express their own sovereignty and it allows for explicit permission it demands 508 00:54:28,000 --> 00:54:34,000 explicit permission for participation in the system um and what I would call it based on the 509 00:54:34,000 --> 00:54:38,000 work that we were talking with the more broader work that I do is that it's the act of knowingly 510 00:54:38,000 --> 00:54:44,000 building within the the power reel again this idea there's a system designer you're kind of 511 00:54:44,000 --> 00:54:49,000 building between the real world and the digital and that third space is where a lot of I guess 512 00:54:49,000 --> 00:54:54,000 the ideological struggle plays out today these are the things that we use that have been the 513 00:54:54,000 --> 00:55:02,000 bill in in in the in the background I guess since 2016 um to you know over the last year and a half 514 00:55:02,000 --> 00:55:08,000 I've been more formal like formalizing more directly I'm hoping to actually publish this next week 515 00:55:08,000 --> 00:55:12,000 like the first draft white paper for this stuff I hate using the term white paper the first draft 516 00:55:13,000 --> 00:55:21,000 text if you like all these two systems um yeah I'm really looking for a threat because that was 517 00:55:21,000 --> 00:55:27,000 actually my absolutely next question which was how to learn more about this and where to find it 518 00:55:27,000 --> 00:55:37,000 I have the URL in my head and the URL is um newdesigncongress.org slash en slash pub slash anxiety 519 00:55:37,000 --> 00:55:45,000 dash exilic that will be the URL awesome and I will link it in the notes to this episode yeah and 520 00:55:45,000 --> 00:55:50,000 if that 404 is on you then you just go to new designcongress.org and it'll be on the front page 521 00:55:50,000 --> 00:55:57,000 super duper so I'm thinking right we already before we even started interviewing realized that 522 00:55:57,000 --> 00:56:03,000 there was going to be so much part of this like conversation that we could have that could be had 523 00:56:03,000 --> 00:56:11,000 and that we would like to fit in that we kind of honestly knew yeah exactly we already knew that 524 00:56:11,000 --> 00:56:18,000 we were not gonna fit at all in one episode so I'm thinking brainstorming here uh one potential 525 00:56:19,000 --> 00:56:27,000 next episode which I would be really curious and I would love to experience is tackling this 526 00:56:27,000 --> 00:56:33,000 challenge of digital identity but specifically distributed or decentralized identity absolutely 527 00:56:33,000 --> 00:56:41,000 in uh from the perspective of these frameworks what do you think well we've just there's a whole 528 00:56:41,000 --> 00:56:46,000 story there's a whole backstory for this too but we have been sitting on a report that we weren't 529 00:56:46,000 --> 00:56:52,000 able to publish um on digital identity until very recently so that would be a banger of a starting 530 00:56:52,000 --> 00:56:58,000 point I think um there's a lot as a sneak peek I would say the way this would we would be talking 531 00:56:58,000 --> 00:57:04,000 about a four and a half year long uh study that we conducted on the failures of digital identity 532 00:57:04,000 --> 00:57:11,000 plus the parallel track that was emerging uh both of as a set of the learned experiences of certain 533 00:57:11,000 --> 00:57:17,000 protocol design as in developers combined with the this is fine essay and some of the work that 534 00:57:17,000 --> 00:57:24,000 new design congress did in 2021 with incand switch which either directly inspired or validated for 535 00:57:24,000 --> 00:57:32,000 others um the idea of a different kind of identity primitive and sort of five years later four 536 00:57:32,000 --> 00:57:37,000 and a half years later seeing some of the work that has either directly or in parallel emerged 537 00:57:37,000 --> 00:57:42,000 as a result of that there's an entire collection of digital identity systems distributed identity 538 00:57:42,000 --> 00:57:51,000 systems uh that really I think offer an example of this axillic um methodology that can take into 539 00:57:51,000 --> 00:57:56,000 account some of the issues that exist today that historically hadn't been considered important 540 00:57:57,000 --> 00:58:05,000 we could do in a whole episode on that very easily here amazing I'm already excited in sitting here 541 00:58:05,000 --> 00:58:14,000 jumping in my chair but with that said we will have to leave the rest of that conversation 542 00:58:14,000 --> 00:58:22,000 and keep the listeners on a cliffhanger because this is the wrap for today's episode and 543 00:58:23,000 --> 00:58:29,000 greatly looking for us to the next conversation we will have Kate and is there any last notes 544 00:58:29,000 --> 00:58:36,000 where do we find you how do we connect anything any shout outs you'd like to make oh to the team 545 00:58:36,000 --> 00:58:41,000 new design congress uh this is like Lewis Center and Benjamin Royer and all the people who have 546 00:58:41,000 --> 00:58:46,000 worked with us in the past my lawyers that would be a good one that's for tomorrow's next episode as 547 00:58:46,000 --> 00:58:52,000 well and um yeah I mean I should do the shout out to allie Rish for that like the teams that have 548 00:58:52,000 --> 00:58:56,000 been working on stuff uh over the last few years um and I guess if you wanted to find me 549 00:58:57,000 --> 00:59:07,000 I am at post.lurk.org.com at Sheba Computer S-H-I-B-A computer uh and then yeah you can find our 550 00:59:07,000 --> 00:59:15,000 stuff on newdesigncongress.org and finally if you would like to do some pretty heavy duty and very 551 00:59:15,000 --> 00:59:23,000 very helpful um socio-technical threat modeling uh and analysis of your work come talk to me uh 552 00:59:23,000 --> 00:59:28,000 we can apply some of the anxieties framework stuff with you and get some really really good 553 00:59:28,000 --> 00:59:33,000 actionable outcomes as a result of that kind of work so if you're working on something and you want 554 00:59:33,000 --> 00:59:39,000 to um and you want to really analyze it about how it will work in the world let's talk awesome 555 00:59:39,000 --> 00:59:45,000 thank you so much for joining Kate thank you so much for having me I super appreciate it this 556 00:59:45,000 --> 00:59:51,000 has been really fun yes I think it's the same and I don't have a wonderful rest of your day 557 00:59:51,000 --> 01:00:01,000 with your grumpy little Sheba's right now and yeah I go out yeah they're okay yeah as long as 558 01:00:01,000 --> 01:00:08,000 the rain stops we'll have a great one thank you bye 559 01:00:08,000 --> 01:00:11,000 Joe