Superbloom

This guest post comes from Dan Hassan, one of the Underexposed 2019 Fellows.

Intro ~ Trust

This is the first in a series of reflections about Simply Secure’s Underexposed 2019 Residency. When thinking about how to frame this reflection an emergent thought was to focus on some of the themes which arose throughout the experience. Trust was one of these themes.

whoami

My name is Dan Hassan (he/him) and I’m a London born queer white-passing descendent of Indo-Caribbean indenture (though my ma is from the West of Ireland) and founder of blockades.org [UK]. I’m an open source hacker with solarpunk tendencies active in autonomous co-operatives, blockchain research/development & big (enough) data analytics. Over the last year I have been building Dark Crystal, a fun decent(ralised) peer-to-peer utility for securing secrets with friends in cypherspace and beyond.

I’m member of dyne.org [NL], a non-profit software house with more than 15 years of expertise in social and technical innovation. I’m a founding member of Public Office [Aus], a collaborative research, design & development practise focusing on the intersection of physical and digital publishing. designing books, exhibitions, websites and identities for cultural, commercial and pedagogical clients.

What is darkcrystal.pw & how does it relate to Trust?

Dark Crystal is a pattern of secure data management fusing an established cryptographic algorithm with new peer-to-peer technologies. A proof of concept application has been built on top of the offline-first scuttlebutt protocol. Said another way Dark Crystal is an app which supports people to back up their secrets using the trust in their social fabric. The ethical enquiry, the seed, at the heart of the project was exploring how to make darkcrystal more inclusive, so that more people can participate as peers in the new decentralised web and attempting to extend who gets to benefit from privacy preserving/enhancing technologies.

This is important because the price of entry into the P2P web is secure management of your private keys, be it PGP, bitcoin, Briar, Beaker Browser (built on DAT) or scuttlebutt. If the new distributed web is to achieve its hopes of becoming a foundational tool in people’s digital lives and society’s civic fabric then we need to reduce the costs of this key data loss. Imagine not only losing your family photos during a hard disk failure but your life-savings and your digital identity - forever. Figuring out this key problem is an open design problem which has yet to be cracked in a meaningful way.

Along which lines of Trust did darkcrystal.pw hear about the residency?

The team behind Dark Crystal have been using the p2p social media protocol scuttlebutt since Jan 2018. We have been organising there in the open since before we spiralled around to private key management as our focus. At that time we were primarily communicating in the #mmt channel (which is short for magic money tree, the handle we’d been referring to the proto-project) on scuttlebutt. Without diving too deep into scuttlebutt it’s worth noting that everything outside of private messages are globally viewable[1] (if you want to learn more about how the protocol works you can look at this excellent protocol guide). This attribute of the system led to our critic-in-residence expressing that organising on SSB had the quality of setting up your office in the middle of a building site, with no walls. Over the course of 2018 the #mmt channel became one of the most subscribed to channels in the scuttleverse. This radical openness of communications, processes and research was experienced differentially. For some it was an overwhelming firehose and for others it was a compost of trust in which different seeds could be planted.

All this is a long way of saying that cameralibre from scuttlebutt was at at the Open Source Design summit in Tirana, Albania met Eileen from Simply Secure who told him about the Underexposed residency and cameralibre trusted the Dark Crystal team enough to pass on the recommendation to apply.

Simply Secure built Trust with our Team even before We arrived in Berlin

After applying and being accepted onto the residency (yay!) the Simply Secure team built trust with our team by accommodating some of our constraints. We’re six people spread over 4 countries in two continents. Two thirds of us have kids under 2. The folx at Simply Secure enabled us to access the residency by offering two members of the team to join so as to allow flexibility around childcare. This introduction to the Simply Secure team established that the concept of design extended well beyond the boundaries of the digital and supported the call for the residency in action:

Responsible technology is about helping. It’s about meeting its users’ needs and making their lives better. It depends on design, co-design, research, and user engagement. It depends on an ethical orientation and values-driven decision making. And these things are only possible in the context of a community that provides insight, feedback, and accountability. /underexposed/

Establishing Trust at the Residency

The opening presentation by Simply Secure laid out some of the ground rules such as Chatham House Rules, anti-harassment and code of conduct rules and how they would be enforced and the vibe care of “if something takes your mind out of the room, then take your body out of the room also”. Food was arranged and most of the other logistics such as expenses were set up. The framework had been established.

Examples of projects working on Trust

Like us there were a number of other projects which were working on themes in and around the neighbourhood of trust. From getting people to back up their secrets during the set up phase for secure cloud computing, to establishing trusted entropy of keys using dice, to 2FA and password managers to resources around PGP and also HTTPS everywhere.

One of the interesting themes which emerged was the distrust and scepticism which can arise when introducing new patterns and approaches to people. This is particularly exacerbated when there is an existing way of doing things (resetting passwords through your email for example) even if they are less secure.

What is clear is that whether there are existing insecure ways of doing things or if there are no existing prior art, patterns or approaches is that many of the design challenges are common in and around these neighbourhoods. Within the P2P space projects are either admitting that private key management are not at the top of their list and that someone else will do it or there are teams all trying to figure this out in isolation.

The value of a residency such as Underexposed is that those of us working in industry or within the open source realm of distributed technologies we rarely get these opportunities to network and collectively put our heads together. This is the first time that Simply Secure have run a residency over a week and were explicit in their communications that this format was an experiment. Having attended our team feels that they are carving out what feels like important common ground to afford participants connections which can persist over distance. From the perspective of an open source distributed team working with open source distributed technologies this pattern feels like a productive one from which we have already derived great value.

Selected Highlights

  • Meeting the rest of the fellows. When I arrived in the Slack group my gut was like: “Oooooh this is where you all are!”
  • Early in the life of Dark Crystal Prof. George Danezis (one of our advisors) gave us a paper which he described as the earliest seminal work in the space. I was speaking with one of the fellows and due to brain fog was struggling to remember the name of the paper. So I went around ham-handedly describing the contents of the paper. The fellow in question had a big smile on their face by the end of my attempt and revealed that they had written that paper. We’ll hopefully get continue the dialogue in an episode of Dark Crystal Diaries (the first episode was with another of our advisors Cory Doctorow).
  • Meeting another Ethereum Foundation Grant recipient working in the same problem domain
  • Having sessions with folx involved in research around Weaponized Design, who have helped with design within Freedom of the Press Foundation (which has their own offering of Sunder) and Briar (we’d actually met around a pub table some 5 or 6 years prior for some early user testing).
  • We had some very impactful sessions with folx from Ura Design in detangling some of the design interface complexity with social backup mechanisms. We’ve actually been able to apply to Open Technology Fund’s Usability Lab to potentially be able to continue this work.

Conclusion

It’s only a couple of weeks since the residency and our team is still riding the ripples. The connections made have been invaluable and we have high hopes that the seeds sown could contribute towards advancing the art of secure data management in the field of distributed systems. Proponents of the distributed web often speak about putting the power of computer networks back into the hands of the people and if we’re going to expand the stakeholders who have a seat at the table as these technologies mature and the cultures and processes within which they come up, then these common problems are best served by people working together. I personally feel that this residency and other efforts in the same spirit lay the common soil in which the mycelial human connections can be woven to strengthen the social fabric being interwoven with these new cypher driven computing patterns and networks.

[1] global in the sense anyone who has downloaded a client could see this data or through portals which expose the content from cypherspace to www