duke
/
presentations
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

update

master
Duke Leto 3 years ago
parent
9b2d022ff2
commit
cd2bcaf209
2 changed files with 548 additions and 16 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. BIN
      2021/fossasia-take-back-your-privacy-with-hush/pres.pdf
  2. 564
      2021/fossasia-take-back-your-privacy-with-hush/pres.tex

BIN
2021/fossasia-take-back-your-privacy-with-hush/pres.pdf
View File

Binary file not shown.

564
2021/fossasia-take-back-your-privacy-with-hush/pres.tex
View File

@ -4,8 +4,10 @@
\usepackage{textcomp} \usepackage{verbatim}
\usepackage{listings}
\setbeamercolor{sidebar}{use=structure,bg=purple}
\usepackage[utf8]{inputenc}
\usepackage[russian]{babel}
\author[@dukeleto]{Duke Leto\\\small{duke.leto.net\\hush.is}}
\author[Duke Leto\\hush.is/privacy]{Duke Leto\\\small{duke.leto.net\\hush.is}}
\date{}
\title[\hspace{2em}\insertframenumber/
\inserttotalframenumber]{Take Back\\ Your Privacy \\With Hush}
@ -43,7 +45,7 @@
\frame{
\frametitle{ What Is Hush? }
\begin{center}
\includegraphics[scale=0.20]{someone-is-trying-to-trace-my-location}
\includegraphics[scale=0.20]{welcome-to-extreme-privacy}
\end{center}
\begin{center}
@ -60,24 +62,123 @@
\frame{
\frametitle{How Is Hush Like Bitcoin?}
\begin{center}
\includegraphics[scale=0.25]{carlos-matos}
\includegraphics[scale=0.30]{hush-code-is-bitcoin}
\end{center}
\begin{itemize}
\item Based on Bitcoin 0.11.2
\item No Company, Decentralized Community
\item 21M Total Supply
\item Halvings every four years
\item Hush extends Bitcoin Protocol
\item Mining+wallets works very similar
\item Mine with ASICs
\item wallet.dat works very similar
\item Compatability at many layers
\item Store-of-Value $\Longrightarrow$ Store-of-Privacy
\end{itemize}
}
\frame{
\frametitle{How Is Hush different?}
\begin{center}
\includegraphics[scale=0.22]{hush-same-as-bitcoin}
\begin{itemize}
\item Alice sends Bob money
\item Alice's address is private!
\item Bob's address is private!
\item The amount sent is private!
\item Encrypted memo field is private!
\item The number of recipients is private!
\item Plausible Deniability
\end{itemize}
\end{center}
}
\frame{
\frametitle{How Is Hush different?}
You must use privacy, it's no longer optional!
\begin{center}
\includegraphics[scale=0.1]{send-in-the-clowns}
\begin{itemize}
\item Everyone must use privacy, no choice
\item Best practices are automated
\begin{itemize}
\item Only can send to a zaddr (z2z)
\item Send to multiple addresses (Sietch)
\item P2P encryption mandatory (TLS 1.3 Only!)
\end{itemize}
\item How much money was sent?
\item How many people received funds?
\item Was encrypted additional information sent?
\item "Herd immunity" to metadata attacks
\end{itemize}
\end{center}
}
\frame{
\frametitle{Zcash "Privacy"}
\begin{center}
\includegraphics[scale=0.20]{zec-clown}
\end{center}
Invented new Zero-Knowledge math but don't use it!!!
}
\frame{
\frametitle{Sietch}
attackingzcash.com
\begin{columns}
\begin{column}{5cm}
Zcash z2z (optional)
\includegraphics[scale=0.2]{zec-graph}
\end{column}
\begin{column}{5cm}
Hush z2z (always)
\includegraphics[scale=0.12]{sietch-graph}
\end{column}
\end{columns}
An underground fortress for every transaction!
}
\frame{
\frametitle{If You Are Not Paying For Privacy...}
You Don't Have Any!
\begin{center}
\includegraphics[scale=0.20]{no-rhythm}
\end{center}
}
\frame{
\frametitle{How Is Hush different?}
\begin{center}
explorer.hush.is
\includegraphics[scale=0.20]{recent-explorer}
\begin{itemize}
\item Extreme Privacy Block Explorer
\item No Javascript (client or server)
\item No Images (web bugs)
\item Tor Hidden Service Available
\item Doesn't doxx you
\end{itemize}
\end{center}
}
\frame{
\frametitle{How Does Hush Build Upon Bitcoin?}
Hush is at Layer 2, with Lightning Network and Bisq
\begin{center}
\includegraphics[scale=0.25]{carlos-matos}
\includegraphics[scale=0.15]{protection-for-all}
\end{center}
\begin{itemize}
@ -98,7 +199,25 @@
HushChat is an encrypted chat messaging protocol and decentralized platform.
It's ideas are based on Signal Protocol, but without all the bad stuff.
\includegraphics[scale=0.25]{hushchat-screenshot}
\includegraphics[scale=0.4]{hushchat-screenshot}
\end{center}
}
\frame{
\frametitle{What Is HushChat?}
\begin{center}
\includegraphics[scale=0.2]{hush-comparison}
\begin{itemize}
\item HushChat Protocol is an encrypted chat messaging protocol and decentralized platform.
\item Inspired by Signal Protocol, without the bad stuff.
\item We don't use Signal code.
\item Proud libsodium user! Unlike Zcash...
\end{itemize}
\end{center}
}
@ -141,23 +260,407 @@
\frame{
\frametitle{Who Profits From Surveillance?}
\begin{center}
\includegraphics[scale=0.30]{faraday}
\end{center}
\begin{itemize}
\item FAANG (Facebook,Amazon,Apple,Netflix,Google)
\item Facebook = WhatsApp = Instagram
\item MFAANG (MSFT,FB,Amazon,Apple,Netflix,Google)
\item Surveillance Valley (Silicon Valley)
\item Governments
\item Militaries
\item Advertisers
\item Insurance companies
\end{itemize}
}
\frame{
\frametitle{Privacy}
\frametitle{Who Spies On You?}
Depends on your GPS coordinates...
TLDR: Too many people, alphabet soup.
\begin{center}
\includegraphics[scale=0.25]{its-free-hush-coin}
\begin{columns}
\begin{column}{5cm}
Country
\begin{itemize}
\item Australia - ASIO
\item Canada - CSE
\item China - MSS
\item England - GCHQ
\item France - DGSE
\item Germany - BND
\item USA - NSA
\item Russia - FSB (ФСБ)
\item Singapore - ISD
\item Spain - CNI
\item Switzerland FIS
\end{itemize}
\end{column}
\begin{column}{5cm}
Global Networks
\begin{itemize}
\item Five Eyes (FVEY)
\item Nine Eyes
\item 14 Eyes
\item FATF (China+USA+Russia!)
\end{itemize}
\end{column}
\end{columns}
\end{center}
}
\frame{
\frametitle{Surveillance Devices}
Most tech is designed to surveil and eject metadata in all directions.
You give it for free and it's sold back to you and others.
\begin{center}
\begin{itemize}
\item "Party Lines"
\item Fax machines
\item Email
\item Mobile Phones (SMS especially)
\item Web browsers
\item Web servers
\item Social Media
\item Every for-profit tech company
\end{itemize}
\end{center}
}
\frame{
\frametitle{Hush Is Human Rights}
United Nations
Universal Declaration of Human Rights
Most governments have not signed this into law.
Code is law on the HUSH blockchain!
\begin{center}
\includegraphics[scale=0.25]{un-article12}
\end{center}
No government or company can see inside your encrypted data!
TODO: seems crazy meme
}
\frame{
\frametitle{ Silicon(?) Valley}
Actually, it's Surveillance Valley.
Started by two Stanford professors who encouraged students to start companies
\begin{itemize}
\item Best academic research was monetized
\item Students invented efficient spy planes
\item Spy planes prevented deaths
\item Spy submarines don't require boots-on-the-ground
\item Some PhD theses were Top-Secret!
\item These students went to form the first SV companies
\item Example: Hewlitt-Packard
\item Now these few companies own all your data
\end{itemize}
}
\frame{
\frametitle{Hush Is Privacy}
Hush delivers privacy in a world of surveillance
\begin{center}
\includegraphics[scale=0.25]{fire-ox}
\end{center}
}
\frame{
\frametitle{What Data Do They Want?}
Stop helping the surveillance companies!
\begin{center}
\begin{columns}
\begin{column}{5cm}
Used To Be...
\begin{itemize}
\item GPS
\item IMEI
\item IP address
\item Browser details
\item Website URLs
\item Emails
\item Facebook messages
\end{itemize}
\end{column}
\begin{column}{5cm}
But now it's...
\begin{itemize}
\item GPS
\item IMEI
\item Financial records
\item Shopping preferences
\item "encrypted" chats
\item 24/7 camera feeds
\item Voice recordings
\item Genetic samples + Medical records
\end{itemize}
\end{column}
\end{columns}
\end{center}
}
\frame{
\frametitle{Hush Is Privacy}
Must trust the hardware and software!
\begin{center}
\includegraphics[scale=0.25]{phones}
\end{center}
}
\frame{
\frametitle{Always-On Privacy By Default}
\begin{center}
Bleeding-edge Peer-to-Peer (p2p) Encryption
\begin{itemize}
\item Transport Layer Security (TLS) 1.3 only!
\item Unencrypted connections disallowed
\item Advanced peer banning tech
\begin{itemize}
\item Feeler connections
\item test-before-evict
\item REFERENCE
\end{itemize}
\item Erebus Attack mitigation via ASN map
\end{itemize}
\end{center}
}
\frame{
\frametitle{Erebus Attack}
https://erebus-attack.comp.nus.edu.sg
Muoi Tran, Inho Choi, Gi Jun Moon
Anh V. Vu, Min Suk Kang
\begin{center}
Recent Attack against Bitcoin
\begin{itemize}
\item Research by National University of Singapore
\item Bitcoin Core realizes it's important
\item Code remains unmerged on Github for 1.5yrs
\item Likely never turned on by default
\item Hush protects all users by default already
\item Very first cryptocoin (and privacy coin) to do this
\end{itemize}
\end{center}
}
\frame{
\frametitle{Attacks That Molded Hush}
\begin{center}
Every attack makes Hush stronger.
\begin{itemize}
\item Cryptopia 51\% attacker $\Longrightarrow$ DPoW
\item Sprout Inflation Bug CVE $\Longrightarrow$ Sapling
\item KMD malicious DPoW Attack $\Longrightarrow$ Hush DPoW
\end{itemize}
\end{center}
}
\frame{
\frametitle{Delayed-Proof-of-Work}
\begin{center}
Big blockchains can protect little blockchains.
It only makes sense to be protected by the strongest: Bitcoin
\begin{itemize}
\item HUSH injects blockhash data into HUSH+BTC
\item This costs HUSH+BTC, constantly
\item HUSH is protected by hashrate of BTC
\item Any other coin can jump in our wagon
\item Drastically easier/cheaper than doing it yourself
\item Cost is \$1K USD in BTC or XMR per month
\item Solves "Double Spend" attacks on exchanges!
\end{itemize}
\end{center}
}
\frame{
\frametitle{Delayed-Proof-of-Work}
DPoW enforces censorship-resistance.
Without DPoW, a mining attacker can rewrite history, like politicians.
\begin{center}
\begin{itemize}
\item DPoW means your data cannot be removed
\item DPoW means an attacker needs to attack BTC
\item Attacks are extremely costly
\item Attacks are less likely to succeed
\item Attackers cannot profit so go elsewhere
\end{itemize}
\end{center}
}
\frame{
\frametitle{Hush + Tor}
Evolving greatly in 2021
\begin{center}
\begin{itemize}
\item Tor Network is under Attack
\item v2 Hidden Services being DoS'ed
\item Migrating from v2 to v3 Hidden Services
\item Tor turning off v2 in Oct 2021
\item Bitcoin recently enabled v3 support
\item Currently being ported to Hush
\end{itemize}
\end{center}
}
\frame{
\frametitle{zaddr opsec}
\begin{center}
\begin{itemize}
\item One zaddr per
\begin{itemize}
\item Exchange
\item Mining Pool
\item Online Seller
\end{itemize}
\item When in doubt: new zaddr
\item Don't post publicly
\item Only senders need to know a zaddr
\item What about donation zaddrs?
\end{itemize}
\end{center}
}
\frame{
\frametitle{Donation zaddr opsec}
This mitigates attacks from those that know your zaddr
and require your wallet online to be attacked.
\begin{center}
\begin{itemize}
\item Create a brand new wallet
\begin{itemize}
\item SDP is best (most isolated)
\item Or SD, then SDL
\end{itemize}
\item Keep donation zaddr offline!
\item Make viewkey if desired
\item Only put wallet online to spend
\item NEVER use a public donation address for anything else
\item BIP47 $\Longrightarrow$ HIP47 will greatly improve this
\end{itemize}
\end{center}
Or just \#yolo
}
\frame{
\frametitle{Erebus Attack Prevention}
\begin{center}
\begin{itemize}
\item Hush filters peers by ASN
\item Bitcoin uses Class B (/16)
\item 65000 vs 7.4M buckets
\item SilentDragon Peers Tab show ASN
\end{itemize}
\end{center}
}
\frame{
\frametitle{Privacy: Consensus Layer}
\begin{center}
\includegraphics[scale=0.20]{optional-zcash-privacy-stolen-frame}
After 4 years...
\begin{itemize}
\item Zcash (optional) - 6\%
\item Hush (4 months after z2z) - 41\%
\end{itemize}
\end{center}
Zcash (ZEC) mainnet is a privacy disaster.
}
\frame{
\frametitle{Privacy: Consensus Layer}
\begin{center}
\includegraphics[scale=0.25]{optional-zcash-privacy-butterfly}
\end{center}
Zcash optimizes for profit, not privacy.
}
\frame{
\frametitle{Privacy: Consensus Layer}
\begin{center}
\includegraphics[scale=0.25]{zcash-sarah-connor}
\end{center}
Multiple Analysis companies now support Zcash!
}
\frame{
\frametitle{Use Cases}
\begin{center}
\begin{itemize}
\item Censorship-resistant Will + Testament
\item Medical billing
\item Lawyer-client secure chat
\item Censorsed Journalist
\end{itemize}
\end{center}
}
\frame{
\frametitle{Hush Finds Exploits and Bugs Constantly}
If we make fun of your favorite things, it's probably
because it's trivial to exploit or has no privacy.
\begin{center}
\includegraphics[scale=0.19]{you-got-a-bug-problem-maam}
\end{center}
}
\frame{
\frametitle{Hush Finds Exploits and Bugs Constantly}
\begin{center}
\begin{itemize}
\item "Attacking Zcash Protocol For Fun And Profit"
\item attackingzcash.com
\item CVE-2019-11636 (Sapling Woodchipper)
\item CVE-2019-16930 (PING/REJECT)
\begin{itemize}
\item Discovered by Dan Boneh (Stanford)
\item Reported privately to Zcash
\item Zcash created update with no explanation or binaries
\item I reverse engineered from code
\item It was trying to be hidden
\item Zcash CEO/CTO/CSO blocked me on Twitter
\end{itemize}
\item CVE-2021-????? (OPIP)
\end{itemize}
\end{center}
}
\frame{
\frametitle{How To Get Some HUSH?}
@ -165,41 +668,70 @@
\includegraphics[scale=0.20]{carlos-matos}
\end{center}
From most privacy to least privacy.
\begin{itemize}
\item Join our community, do work, get paid in HUSH
\item Mine HUSH via renting hashrate
\item Purchase on Decentralized Exchange (DEX)
\item Mine HUSH via purchasing ASICs
\item Mine HUSH via renting hashrate
\item Purchase on Centralized Exchange
\item Purchase on Decentralized Exchange (DEX)
\begin{itemize}
\item HushDEX
\end{itemize}
\end{itemize}
}
\frame{
\frametitle{Join The Hush Community}
Most types of Hackers and Cypherpunks welcome
\begin{columns}
\begin{column}{5cm}
%\includegraphics[scale=0.25]{letolabs}
\includegraphics[scale=0.15]{types-of-hackers}
\end{column}
\begin{column}{5cm}
\begin{itemize}
\item We already abandoned Slack+Discord
\item Official Telegrams
\item English: hush.is/tg
\item Russian: hush.is/tgru
\item Chinese: hush.is/tgzh
\item Spanish: hush.is/tges
\item \includegraphics[scale=0.20]{tg-qr}
\end{itemize}
\end{column}
\end{columns}
}
\frame{
\frametitle{Join The Hush Community}
If you know about this stuff $\Longrightarrow$ earn HUSH
\begin{columns}
\begin{column}{5cm}
\includegraphics[scale=0.35]{console-cowboys}
\end{column}
\begin{column}{5cm}
\begin{itemize}
\item Linux/BSD servers
\item C/C++
\item Rust
\item Docker
\item QT5
\item Android/Kotlin
\item Tor/i2p/Mix networks
\item \includegraphics[scale=0.20]{tg-qr}
\end{itemize}
\end{column}
\end{columns}
}
\frame{
\frametitle{Mahalo!}
\frametitle{Thanks!}
Vintage Duke meme
\begin{center}
\includegraphics[scale=1.5]{pdxgit}
\end{center}
In Zdust We Trust
}
\end{document}

Write Preview
Loading…
Cancel
Save