Our final piece of the program today on the main stage is Proof of Privacy, Proof of Human Rights panel with a privacy focus which is going to be led by Mikaela Souskou of Web 3 Privacy and joining him will be Jameson Lopp, Mr. Lopp, Jameson Lopp, and Jared Hope will be joining him. And the third person was Matthias Tarsius from Riyadh. Mikaela? Welcome on stage, please. Guests, we will have in a moment. Yes, our panel will be dedicated to privacy and human rights. We have wonderful guests that could really elaborate the complexity beyond those subjects. And I guess that our goal today is not just to repeat each other, but to expand narration within the privacy and not fall into a trap of privacy's normal. There's kind of a banal saying. And what I was thinking that many people keep asking like since when you were on Bitcoin, since when you were in crypto, but I was thinking that no one is asking like since when you're into anti-surveillance. Like when it was because Jameson, there are many things written on how surveillance kind of tapped into his life. I think you also mentioned a lot about American politics and importance of them, but I would ask you can elaborate on privacy but from another perspective. When the surveillance knocked on your personal door and you thought that, okay, now I need to do something. Let's start with you, Matthias. Yeah, it's a very good question. I think it's different for a lot of people because I think if you're raised in a western country where there is like democratic values and not in a country where there is like oppression, you might not think about that at a super early age. So I would say for me this was definitely, I mean I was thinking a lot after reading the cyberpunk mailing list in the 90s being around 40 and 15 or so. And I was a lot influenced by people around me that also were maybe a bit paranoid. So I think like for me this started pretty early, so I would say mid 90s to 1995 or so. And especially because I mean back in the days like also before that being a gamer, like people always feared that this is, you know, you're doing something illegal, you might be tracked or something so this as kids do, I think that's how I got into, that's when I got thinking about privacy issues. Although like all things considered looking at today, the situation today, it was not a lot of surveillance happening at least in my context. Jameson? Right, so I was well aware and focused on corporate surveillance because I was on the other side of the privacy spectrum. For the first decade of my career I worked as an engineer for an internet marketing company and it was my job to actually take the petabytes of raw analytics data that we collected and to help people analyze it in order for marketers basically to better target selling stuff to people. So I was well aware of just how much data was being collected on a day to day basis as you go about doing your regular activities on the internet. So I had mostly been focused on, you know, running ad blockers and VPNs just to keep as much of that data from getting hoovered up and resold. But it wasn't until I got into Bitcoin that I learned about cypherpunk history to start going down that rabbit hole and then it wasn't until I had a SWAT team show up at my house after a few years that I really started thinking about the physical ramifications of privacy and then started having to go down the rabbit hole of how do I protect my physical location and that turned out to be by far the most difficult thing to do. Jared? I mean there's multiple different threads so I guess the earliest I could probably trace that is just having a strong anti-authoritarian streak when I was a child and then I started towards authority figures that I viewed as incompetent or wrongly applying their authority. I got into the cypherpunk scene through piracy at flea markets or SWAT meets on the weekend. They got me into BBSs and that's where I started getting into the scene from there. But I think, like James and I also worked in performance marketing and we used to work with data brokers such as BlueKai and they were very proud of showing how they could use anonymized data and de-anonymize your profile and they were doing this directly in front of me and I was mortified. But when I decided to become fully active was through the 2008 financial crisis and Occupy Wall Street and I was like, okay, this is something that I want to spend my time on. It's interesting because I also worked in the advertising industry and that kind of sells itself as the new cool place for young kids to perform shine. They had lots of hipster things around like cool offices, cool colleagues and then many people even don't even think about sort of like the conscious decisions about scraping data, let's say, and using this data. But then linking it to Matthias' talk on values, what kind of values that you manifest within your change, your anti-surveillance personal choices, you would like to pass to people sort of like who are just starting the journey, whether it's a cyberpunk or privacy or like just anti-surveillance in general. I would say it was particularly challenging for me, especially once I really decided to go fully committed to privacy because and I also get some flack for this is some people say, you're not a real cyberpunk, you're not a real privacy advocate because you're still out here with your face and your real name. And I'm like, well, yes, unfortunately, if I had done things the right way, I never would have revealed my face and my name, but I had to make a decision. Do I go completely underground and really go full privacy and never communicate with anyone using my real identity again, or do I try to retain my reputation and continue using that to do what a cyberpunk does, which is to advocate for the use and proliferation of strong privacy tools. So from my perspective, I ended up taking a more difficult path because I'm still trying to be private while exposing myself on a regular basis. Yeah, I think to that point, what Jameson is doing and what we're all doing is trying to increase the anonymity set. The more people we get using these protocols, then the more people can be secured by them. And if people like Jameson aren't advocating for these, it won't happen. People will not get exposed to these ideas or values in the first place. But then the question is like, he was linking that scalability or technological proficiency is not enough. We need to embed certain values, so when people discovering those tools, they will understand what's the deal there, especially if UI or UX is so-so or latency is slow and stuff like that. Maybe you can share stories that happened in your life when you advocated and converted people into privacy users through certain narratives that were simplified, maybe not that scary or paranoid in how you connect with people. It really worked beyond just, you know, like, sometimes I think that we keep repeating the stories that happened 30 years ago, but if they are still relevant now, and if you use the same vocabulary, it won't just work. Very good question. I'm thinking of a good example, but I just remembered and maybe it's not so much related to the question that I was actually, the first time I was doing some, I created some format with some students some time ago. It was actually, it's actually more than, I think, almost 20 years ago of something like that, I don't think maybe 18 years, which was called dark net safaris. So we went through, like, I was showing the students, they got, like, some specific tasks and they would actually serve the dark web and then try to, like, in a safari, do screenshots on specific pages and then actually see what they have found and they had to discuss it. And what I found interesting in this context is, like, nobody was thinking that this is actually, like, nobody took a lot of these things serious because, for example, if you remember, one of the most popular websites that were also in the beginning, Bitcoin-related, were these kind of hitmen sites on the dark web where you could actually hire a hitman, like one Bitcoin and no questions asked and so on, and this became a meme to some extent that everyone had this, every of these sites had the same text. So what I found interesting though at this time was that all of the students, nobody was really scared to serve the dark web and I can see a tendency these days where people start to being afraid of even starting TOR and doing some shenanigans with it and the reason is, in my opinion, the anonymity set. So, for example, if we have not enough people that are using TOR in a country, like a country where I'm from, Austria, it's really so little people using it, it becomes actually a problem. You're becoming actually targetable by the amount of, by the type of data, by the fingerprint of data that you're creating. So we have to actually counter that by somehow teaching also people that they shouldn't be scared about privacy or private technologies. I feel that's the biggest issue we have these days, that people feel like, okay, they're doing something wrong if they're using some encrypted communication. I think this is something that's important to me to counter. So I have tried and failed to advocate for a number of important technologies over the years, especially the first few years I was in Bitcoin. I was telling everybody I knew, you should check out this alternative money because your current money is going to get debased and yada, yada, yada, and that argument fell flat on people's ears because I was preaching to people living in the United States who were not experiencing the pain. So I think it's one thing when you have to know your audience, it's one thing if you're in a country where people are experiencing the pain of, for example, an authoritarian regime that is actively hunting them and threatening them. In those cases, I think that you can sell security and privacy because they can see the threat right in front of them. But me being in America, the threat is much more abstract. I'm sure a lot of people would disagree because we think about these threats a lot more and we understand that they're real, and the average person is far too abstract to try to pitch security, to try to pitch privacy. So what I found is that it's more important to know what your audience's pain points are. So, for example, if I tell people what you should do is you should install these ad blocker extensions or you should use Brave Browser because it has a lot of ad blocking built in and they're like, why should I do that? Well, don't you find those ads really annoying? And your page will load faster because it's not loading all these ads. So that is an incentive that people might actually care about. On the flip side of security things, it's even more difficult if someone is not being actively attacked in some way. But I see both privacy and security as being flip sides of the same coin, so sometimes you can start to edge people over into understanding that it's all actually related. And it's just really a matter of talking to the person to understand what their incentives and their pain points are. If I go out and preach stuff based on what's going on in my head, it's going to fall flat on most people's ears. Yeah? Yeah, 100%. Like, I mean, every time I've done any direct advocacy, it hasn't really worked, right? But the times that has worked is through NEAT. And I think the first time I really saw that working was when some friends of mine wanted to use the Silk Road, right? And then they became a lot more interested in these ideas as a consequence of the utility that Silk Road was providing them at the time. The thing that probably stands out most in terms of the experiences I could probably relate to me was just someone had sent me a link to a poll thread on 4chan, which had a status general during COVID. And it had a link there to a status open chat, which is just a pub-sub topic, where people were coordinating their protests against the COVID restrictions in Australia, which is something that I hold quite dear to me being Australian. So it was just amazing to see that something that I created actually had some utility in the real world, right? And it comes down to this real need of when this actually matters. Yeah, I mean, look at WhatsApp. My understanding is that WhatsApp became incredibly popular because SMS in a lot of third-world countries was just way too expensive. And now you could get the same functionality, and you're using the data instead of the SMS. And basically tricked people into having stronger privacy. So I think in a lot of cases, you need to offer some other incentive and just kind of shove the privacy and the security under the hood. Yeah. Five cents about WhatsApp because it has been developed in Ukraine. And at that time, even there were sort of political turmoil, but sort of normal, like communists versus some shady oligarchs and stuff. There was no end to encryption at that time because people were just chasing capitalism. Like, let's make more money. Let's build a unicorn the next one or the next one or the next one. But with a fairly small team, which is super great for engineering purposes, they sold out. And then it's interesting that the whole security side came later from the States. Maybe someone from the regional team played an important role. But by default, there was no deaf consciousness embedded in the game. I was also interested that in 2017, there was this thing of public change versus private change. And it was sort of a joke, like private change. It's IBM game, hyper ledger stuff. It's a joke. Everything should be transparent. But this year, I met Wasabi guys on Pizza Day in Prague. And they said, like, sometimes we think that Bitcoin is just transparent for a reason in that sense. And even today, there was talk on privacy that many people who at first encountered Bitcoin, they were thinking, wow, this is for privacy, for anonymity, ultimate greatest tool. And also, I know that many people from CCC were sort of rejecting crypto in a bigger sense. Why this mental misconception of Bitcoin happened within the wider public that it's sort of private anonymous transactions? I think because definitely there was some miscommunication happening at some stage that Bitcoin is entirely private and people started to catch up on that. Although as Francisco Artigman really nicely put in a talk that he presented during MoneroCon, it was not intended for us to throw around our public keys and make it available to everyone. So we are in a way also feeding the dragon like that. So I find this always a bit challenging because I see this a lot in marketing activities, that people, especially on X, I'm quite sure you've seen this as well, like drop your wallet here to get some airdrops or something like that. So that's insane. These are the practices we need to somehow change, in my opinion. Yeah. A, I think almost nobody knows the difference between pseudonymous and anonymous. And B, I would argue that in the early days it was anonymous and that Bitcoin could still be anonymous if not for the fact that we created all of these centralized providers that were doing AML KYC. If Bitcoin had remained a purely peer-to-peer system where we were just directly interacting with each other, it would be much harder for analysis entities to go through and docks wide swaths of Bitcoin users because there would just be a lot more doors to kick down, so to speak. Yeah. I mean, they basically said what I was going to say, certainly the pseudonymity aspect was it. I guess one thing that comes to mind, given your talk on values, is that Bitcoin could also be seen associated with the cypherpunk movement. And so there may be even the cultural propagation around the cypherpunks being associated with Bitcoin might bleed off in a similar way that Telegram is considered to be a private messenger, where it clearly isn't. Well, they're partially connected. I will connect two things right now. You made a talk on Honey Badger years ago on this kind of hardcore privacy, which is like even the obfuscate, the car plate and stuff like hardcore ones that majority people just don't do at all because they think sometimes that privacy is just one app, let's say, private messenger. And that's it. That's the privacy. While you are proposing the whole stack of technologies from sort of like one big umbrella that proposing different privacy percentages from the messaging protocols to the private storage and stuff like that, how you would sort of like navigate the privacy stack on chain, off chain as like healthy balance for the general public? Because your talk was about we should bring these values to society, which means not just by one individual who is hyper-protected, but everyone else failed to. Like how you are choosing which tools and off chain and on chain to combine and also maybe lifestyle choices? Okay, that's a big question. I guess I would counter that like for me what's concerning about say public blockchains today is the sort of attacks or new attacks that we are starting to see from state level adversaries, right? And so for me it's a matter of like how can we strengthen these protocols and the implementations of these protocols in such a way that they become more resistant to those kinds of attacks, right? And then by extension of doing that, I mean I also view blockchains as like these Lamportian part-time parliaments, right? That's because I have a very specific application of them. But that's completely separated from like the lifestyle aspect of that. And again like you want to find some kind of utility where you, as James has said, like you shove the, you know, you kind of sneak this sort of stuff in the back end, right? So for me it's like okay, how can we actually create like parallel societies or parallel institutions? And for me that's like through creating a community organization development, like local neighborhood communities like circular economies and so on. And it just so happens that that completely separate parallel organization just happens to use this technology. And I think that's why you can build out a volunteer group that doesn't have to be so dialed in to how the technology works. But you can also use that as a way of generating shared narratives that lends legitimacy to these privacy protocols while getting away from like the darkness or like the scary vibes that privacy offers conjures in people's minds. I don't know if that's the answer to your question, but that's how I'm thinking about it. I know I like the circular economy aspect because it kind of relates to what I was saying with the centralized AML KYC providers is that I think one of the most effective ways to improve people's privacy is stop telling people to buy cryptocurrency. You should earn cryptocurrency. You should be selling your goods and services for cryptocurrency. And that's how we create the alternative economy. Absolutely. Yeah, when I add to that, I think like one way how to tackle that is also to get out of our comfort zone because I feel like there's always this debate and I try to also make this point in my talk. There's this old saying like you can either choose a convenience system, but it won't be that private. It won't be that secure or you can choose a convenience. And I think that the problem is not that statement because that's definitely true. That's what all the software is that is out there. But personally, my own experience and how I learned to use computers and use technology is by using them the hard way. So learning the hard way, opening up things, understanding what's going on. And the problem I feel is like this is getting harder and even really to the extent that I would say I need some formal education or more information than I would actually get these days in school or so. So we have to really rethink this and also maybe define and create new educational formats. Open source hardware is one aspect of that or open source culture can help us with that. Of course, it's just the first step because in my opinion, also open source culture gets commodified, becomes some kind of marketplace for developers. So we have to constantly fight battles on different sides of the war. But to some extent, I think it starts with not becoming too convenient with the technologies around us and questioning every single bit of it. There's even a notion that hackers word has been hijacked by just funny developers who are not hackers at all. And we've seen a lot of those. So as you know, WikiLeaks has been really supported by Bitcoin. It was in the center of the self-funding, let's say, mechanisms. And we were talking about Michael about that, where is the next Snowden. And if you would see leaks around the world, they're happening within the Guardian. And when people are leaking directly to journalists, the civic journalists, then maybe even there's no need of that service or the anonymous organization in that sense, because they should move somewhere else in the sense of inventing new tooling. But in this new tooling, there's a big challenge how to collaborate with traditional institutions, organizations because they're hyposkeptical towards crypto. Even the fellow hackers are skeptical towards crypto. How do you build the bridges within the skeptics or the one who never experienced crypto? Well, it's a very good question. I think only by showing true use cases that matter to people. Which one you're showing? Me personally, I'm failing often to excite people about crypto, whether it's Bitcoin or blockchain part of crypto. In my experience, secure communication or these types of things are much more tangible to a lot of people that don't buy the complete crypto stuff. Yeah, so I guess we need some very, very simple and low-hanging fruits to show. I'm also struggling to identify those now. James? It's tough. There's a lot of haters, especially in the cybersecurity community, kind of as you've alluded to. A lot of people inject their politics into it. And I've seen, I think a large swath of the cybersecurity community is very anti-Bitcoin due to ESG narratives and a lot of the standard arguments against why it's terrible. So I don't even try to convince the haters anymore. Kind of like I said before, the easiest way is to find the people who actually need it the most. And I think that that's just going to happen organically. And I'm always amazed by seeing what all of the many advocates who are going out there across the world in finding new use cases in ways that Bitcoin, crypto, currency, cryptographic protocols can completely change people's lives. And especially people's lives who are nothing like mine, who I couldn't even have envisioned, have certain problem sets. Oh, just quick fast sense here. Why Zikesh Foundation once has been interested in like tweet that I made, because just by drinking beer with the Russian guy in Barcelona, he told me that he sent a shielded Zikesh to his friends in Ukraine. So they could buy a SUV for territorial defense forces. They're just simply like 2K or whatever. And Zikesh was like, oh, such use cases exist. We want to know more because they're practical and there's sort of embedded emotional story behind it. Exactly. Unfortunately, bad things have to happen in order for people to realize the utility of these protocols. I haven't gotten too much opposition except for like one strong one that comes out, comes to mind. So I had a side project working on the Wayland compositor for Linux to extend it for mixed reality. So you'd have like 3D applications running in the compositor. And we're working with a very prominent open source developer in that field. He was strongly against with even working with us or with me because we were a crypto company, right? And it took a long time for him to kind of start seeing that there was a humanitarian and social aspect to this or like my worldview around that. Because for his perspective, there's this sort of screen of scammers. And if you're outside of the field, you see a lot of these digital asset types or centralized exchange sort of nefarious action going on. So there's that kind of buffer between the core of the community and like the periphery that I think that needs to... I don't know how to solve that, but it exists, yeah. Since we're running a bit out of time, I would like at the end focus on the tooling and practical advices. But one thing first to the previous speaker that there's a collective in Berlin working on reproducible build called poetic technologies. They wrote tea manifesto. They want to propel tea, create source consortium. So people would exchange knowledge. And right now there are lots of name dropping around. BGP, full homomorphic encryption, TE, MPC. And everyone is dropping these things into there, I guess in many cases to raise more money. But what are the practical technologies that you sort of want to see developed or implemented in the future? And or the tooling that appeared the recent years that you are having big hope in terms of privacy enhancing or anonymity empowerment? I think we need to really fix first that a lot of the open source projects are maintained, thanklessly, sometimes out of Nebraska, but also sometimes out of other places. This is really a problem. So most of the software out there we are using to secure organizations, people we love and so on, are maintained by people who are not really getting well paid. I think this is something that we need to fix first. I honestly think that most of the internet could use rearchitecting. Especially any of the extremely popular services out there that effectively are operating as data warehouses, especially the major social media companies, almost any free service that's out there. Because basically what people are paying for is they're paying with their data. So there's a variety of social networking protocols that are being worked on underway. And also that may hopefully eventually get us to a point where we actually come to a solution for digital identity, whatever that is, because the dystopian future is that digital identity is a state sanctioned identity. Whereas cypherpunks, I believe, would say that it should really be some sort of cryptographic self attestation or web of trust attestation. And I see that digital identity as being a big missing piece of the puzzle to rearchitecting a lot of the other internet-based services that we're using. Especially analogous. I guess one way to view the privacy is it enables more freedom or more self-sovereignty. And on that front, I would actually probably move away from protocols in terms of what I would want to see and more towards open hardware, both specifically in terms of compute for consumers, but also in terms of networking, like better availability for ad hoc Wi-Fi, P2P and mesh nets or something that we're really good to see for local communities. Michael, do we have two minutes? Yes. Perfect. Then I would ask you to tell. In our work, we found out that people don't know how to do research if a project is prior to it or not. But it's important to test new tools at the same time. Especially for sort of knowing what's happening, testing UX UI, the same way that you were testing status with me several days ago. What kind of several new tools that appeared recently you would recommend people to test and explore apart from the tools everyone knows, the fresh ones. It could be hardware in your case. Good question. What to suggest to people to explore? It's in sync with your playful education mode when you're saying, okay, you're not in the game. Just try it. Just play with it. President, I think people should look. I like to also respond to what you said about open hardware. I think it's really easy to get into tinkering with hardware these days. And this is partially because it's a market out there. So people start to play with Raspberry Pi. Unfortunately, it's not the most open of systems. So I'm not a huge fan of it, but it did a lot into education of people. And it's great to see that stuff like this exists. But this is a big problem that I see in a big hurdle for people to get started with hardware. If you want to run embedded Linux, basically you have to learn a lot of things before you can really build your own systems. But open hardware and these type of things, I think a good starting point because it gets you back to the roots of all sorts of things, of cryptography of the normal processes or the interaction or other things, smart devices, for example. This is also usually a security nightmare, but if you start to understand what can be interesting there, for example, to build up a different communication network based on Lora or some other technology that's interesting. That's maybe a bit too much to ask of a lot of people to start with, but maybe open hardware is the best. There are all names, like brands or websites. But Lora? No, just in general for open hardware. I look at play around. Right now there's the open source hardware month. So the Oshawa, the open source hardware association, is organizing a lot of events around that. You can tap into that. It's at Oshawa.org. You can find it online. There's a lot of educational material there. I think that's a good place to start. For me, I would focus on the low hanging fruit in terms of usability. Usability is what we focus on at CASA. Even though our fundamental thing is offering super high security, the way that we do that is try to make it as easy as possible, like iPhone, iOS style, UX. And so the basic things that I would suggest that people try out would be operating system. Try out Linux. Not any Linux, but something like POPOS. It's like a very user friendly version of Linux that's also quite secure and private. Stop using Google services. Use proton based services. They're just as easy to use. That will get you a better level of privacy and security. If you want to go a little further down the rabbit hole, try out a completely different phone architecture. I've been using Graphene for a number of years, and it has greatly improved. It no longer requires command line usage to install on a Pixel phone anymore. It's literally just USB plugged into your browser. And there's a lot of improved tooling around it, so it's actually fairly easy to use as a daily driver. There are now completely parallel alternative systems that you can use as a basis for your digital life that are about as user friendly as the mainstream stuff, and it's worth checking out. Yeah, I guess once you've done POPOS, try out cubes and see how you're doing. I wouldn't go that far. Yeah, I guess I also covered it for most people. For me, I'm lagging behind on the latest developments on MPC and the homomorphic encryption, so I'd like to take this sabbatical and play around with that, some of the advancements there, and catch up to speed. Yeah, that's what I would like to play with. What helped with the Graphene is that once I installed it and put it publicly, many people came and recommended lots of applications, and I found it super helpful that random people were saying, it's not alternative for pocket, alternative for VLC, or no, VLC players there, but for like a YouTube client and stuff like that. That was super helpful, but I hope that people will stay that helpful and not fall into the paranoid boogeyman conversations because they're not that helpful. Thanks, Michael, for giving time. Thanks, speakers, for joining the panel, and I hope that everyone enjoyed the homie feeling of the whole two days of POV Summit. Thank you.