Go Beyond

Only read if you don't mind being offended.


Project Hedron

I find that reading Craig Wright's blog is rather inspiring. He could have kept a lot of things in the dark, but instead decided to take numerous things head on.

I was quite nervous when I released the Vagabond Workstation (.onion). It was a couple years of work, combined with years of prior experience and thought on similar subjects. I made what I believe to be something very powerful. I thought releasing it might bring me new opportunities, get me into trouble, or both. I debated releasing it anonymously, but there was no real way to. My fingerprint is all over it. That is because it is mine. It would have taken a lot of time and duplicated code to take my prints off of it. Even then, with machine learning it might be possible to match. I do feel that there is a good place for being public with unpopular things and anonymous with such things. For me, for better or for worse, I have chosen the public road. I put my face on things that make me unhireable to a number of people. It is a blessing and a curse. And the workstation certainly has its own questionable elements.

In the end, releasing it did nothing. There has been no fanfare, no real usage that I'm aware of. It's pretty disappointing as it's probably my greatest technical achievement by a long shot.

Anyway, it was not entirely my idea. The spark was not mine, and many of the toolstack choices were not, either. My sponsor was a brilliant person who I learned many things from. Unfortunately, I was fired from further work after posting links to the Brenton Tarrant manifesto and video here on my blog. This sponsor was a friend of mine for a couple of years and it's sad to have lost him so suddenly.

He told me quite a while ago that I could publish this. It's quite the cypherpunk manifesto and I like it a great deal. The Vagabond Workstation is a derivative of these ideas, sharing a common platform in solving the other aspects. I have worked on most of the problems outlined.

I hope you enjoy the read as much as I did.

Project Hedron

Background Context

Logic of Violence

The logic of violence has shaped human interactions from the beginning of our species.

Prior to the invention of farming violence was fairly primitive in that hunter gather groups would compete for territory claims but since the stored possessions of either group was minimal the loot gained was never the primary objective.

The invention of farming dramatically changed the logic of violence. The harvest was a physical item which represented a significant increase in stored value for humans. This lead to many human inventions around the logic of violence including languages and governments that arouse to provide order and protection.

Simple developments such as an improved horse saddle would change the logic of violence during the middle ages and ushering in the age of mounted nights. Gunpowder, warships and cannons would give rise to the colonial empires. The assembly line, the combustion engine, and the radio would allow the nation state to assert it's position as the dominate force of violence in the world.

A student of the cypherpunks should be able to see clearly that a new phase in the logic of violence has now developed with the digital age. The nation state is beginning its slow collapse. Digital violence can reap high rewards. The invention of crypto-currency is the trigger for a dramatic re-organization of human social structures but just as in the past, the new structures that will emerge are from far from obvious.

Project Hedron is about incrementally developing tools to defend against digital violence. The improved horse saddle that birthed the powerful Medieval knights was an incremental improvement and combined with an integration of existing tools and technologies, the story for colonial empires and nation states is the same.

Digital Guilds

While the exact structure is obviously unknown there are some hints that we can look back into history to find.

The nation state will soon be unable to provide digital protection of any form. For example, currently if a business is hit by ransomware and the business owners are told that unless they pay the ransom with crypto-currency their digital property will be destroyed, they receive little if any protection from either their nation state or any other local law enforcement. First hand accounts indicate that when contacting the FBI they are advised to pay the ransom and that the FBI is not able to "trace" the aggressors and enforce a rule of law.

The nation state itself is being overwhelmed with digital violence. It is unable to protect secrets and soon will be increasingly unable to collect taxes.

Intellectual property is begin stolen from every organization imaginable. The enforcement of copyright, patents, and all forms of digital property or intellectual property laws will be effectively impossible.

The cypherpunks and crypto-anarchists of the 70s, 80s, and 90s had some ability to imagine the world would look like if the technologies they helped to invent and implement where to become widespread.

From "The Crypto Anarchist Manifesto":

The State will of course try to slow or halt the spread of this technology, citing national security concerns, use of the technology by drug dealers and tax evaders, and fears of societal disintegration. Many of these concerns will be valid; crypto anarchy will allow national secrets to be trade freely and will allow illicit and stolen materials to be traded. An anonymous computerized market will even make possible abhorrent markets for assassinations and extortion. Various criminal and foreign elements will be active users of CryptoNet. But this will not halt the spread of crypto anarchy.

Interestingly the medieval guilds are also mentioned:

Just as the technology of printing altered and reduced the power of medieval guilds and the social power structure, so too will cryptologic methods fundamentally alter the nature of corporations and of government interference in economic transactions.

Project Hedron is based around the idea that much of the logic that allowed Guilds to be perhaps the single economic structure in human economic organization with the most longevity and cultural universality to likely rise again in a slightly modified form for the digital age.

Guilds are most simply:

an association of people for mutual aid or the pursuit of a common goal

Since the nation state will no longer be a viable structure to provide protection. Guilds will be reborn in the digital world offering their members important services and protections and their customers important guarantees. Guilds can be distinguished from corporations in that they will not receive protection from nation states and operate more as partnerships, coops, or unions with an emphasis on membership and status over ownership and employment.

Open source and "free" software

Open source operating systems and software have forever changed the world. The open source development model will continue to grow and form the foundation of the technical infrastructure for the digital economy.

Declaration of Digital Independence

A critical tipping point has almost been reached. The combined growth of ToR (a.k.a. CryptoNet) and Bitcoin (digital cash) has brought the world closer to a declaration of independence of cyber space. Nation state governments will be hard at work to stop this development because having a new free space economically, especially for digital commerce, will be a big threat. The coming guilds will be a necessary development for an economic sphere in which actors can be disconnected from physical world identities.

The focus of large technology corporations and governments on "identity verification" is very telling. The true threat to them is not SPAM, CP, or even terrorism, those are false narratives so that the population is willing to surrender their anonymity. The true threat is that their services and products can be replaced by the coming new digital guilds at eventually very low prices. Currently missing and required for a growing digital economy are effective decentralized reputation and trust systems.

Unless governments and corporations are successful in their collaborations to prevent these coming changes and institute global totalitarianism the human species will eventually reach and perhaps even formally declare, Digital Independence.

Perpetrators of Digital Violence

Just as physical violence has many shapes and forms so does digital violence. In particular the types of the perpetrators is important to identify. This allows for appropriate defenses to be assembled. Individual serial killers, gang members, warlords, secret police, special forces, ground forces with tanks, naval forces, and aerial forces all have different approaches to physical violence requiring a collection of defenses. Digital violence is no different.

At the highest level, some possible types of perpetrators to think about:

  • Insider or mole
  • Cybergangs and terrorists
  • Competitors
  • Governments

Additionally each of these can have:

  1. Digital access
  2. Physical access
  3. Both digital and physical access

Starting Simple

The common population may not conceive that a complex problem is solvable. However most people never conceived of the steps need to become a knight in the medieval period either. Success in attacking complex problems is found by breaking them into its parts.

Phase I: Zoned Workstation Desktop

The first phase of Hedron is to design and implement a workstation desktop for the members of a digital guild which can effectively defend against the insider with only digital access.

All the tools needed to construct a properly zoned workstation desktop exist today, however, they need proper testing and integration.

Zones

The zoned workstation desktop will have three zones:

  1. Green
  2. Blue
  3. Yellow
  4. Red

Information flow between the zones will be properly regulated with automated processes and procedures. Green will be a public zone in which users will operate as a "typical" member of the population. Blue will be a "corporate" zone which will have a routability and services and restrictions common to corporate networks. Yellow will be a pseudonymous zone from which user will be able to interact publicly but without the ability to trace them back to their identity. Red will be the highly secure internal zone of the guild.

Tools

The following collection of technologies and tools will be utilized:

  • debian, ubuntu, and centos
  • Virtual machines (QEMU)
  • Containers (LXC)
  • Xpra
  • lightdm
  • systemd
  • Tinc and OpenVPN
  • iptables
  • fwknop
  • ToR
  • VPS
  • ID/tripwire tools

Design summary

The overall design has been researched and tested. It has the following core features:

  • Each zone will have a dedicated virtual machine running on the workstation
  • Tinc and OpenVPN will be used to construct tun/tap network devices for private networks
  • Within the VMs containers will also be utilized to manage userspace
  • Components on the native host OS will be isolated with containers
  • Xpra will enable desktop level integration of the zones
  • lightdm and systemd modifications to ensure an integrated experience

Languages

Python will be the preferred glue language. C++/C are viewed as lasting the tests of time and peered for any lower level code needed. Bash shell code can be used in prototyping work but should be replaced with formalized python scripts whenever possible.

Future Phases

After the secure Zoned Workstation is operational, future phases of Project Hedron will address increasing levels of digital aggression. Phase II will focus on defending against an insider with physical access. Extensive research for phase II has already been done and prototype devices and tools that might be utilized are currently under construction by multiple organizations.

A future highly advanced future defense against digital violence might involve developing the capability to secure and remotely trust a computing resource. On the face of it this capability would seem perhaps intractable. However it may not be as impossible or as far away as people would think. Open firmware, embedded hardware level memory encryption, and reproducible builds appear to be potential building blocks for defining advanced protocols that would allow for construction of a decentralized remotely trusted computing model.