Not OP, but I sense perhaps a limitation of HN; articles with comments where the comment is the submission get conflated with submissions about the article itself.
Reproducing the subject matter of the submission for discussion's sake:
dionyziz says:
I think Moxie decided not to be recorded for his acceptance speech. He said something very nice during his speech however, and I'll try to phrase it like he did:
If you watch videos of politicians giving speeches in the 1930's, you observe the fascist leaders who gladly accept an applause from the audience because they have earned it. They feel they are responsible for it, that they are the creators of history. On the contrary, if you observe a communist leader, they will applaud with the audience in every chance. This is because they have a different belief system, that of historical materialism, that history is a force of its own, unstoppable and inevitable, that drives what is happening in the world equipped with the momentum of what has happened in the past. These leaders feel they are simply the bearer of history, the tool that history chose to run its course, so they applaud together with the audience for history.
Similarly, today, we have a similar force, and that is technology. I once had the chance to meet Mark Zuckerberg. When I met him, a thought occurred to me: I could, right there... kill him. [audience laughs] I never thought I would get so close. But would that really change anything? Us technologists are the bearers of technological momentum. We make things happen, because the time has come for them to happen. And now is the time for strong encryption and crypto.
Applauding with the audience may have been meant as a sign of humility or marxist fatalism. However, by Occam's razor, it comes across as what it looks like: the speaker applauding himself.
Applauding with an audience is not a part of a communist leader repertoire. Neither Brezhnev, Khruschev nor Stalin applauded with an audience. They always accepted the ovations for themselves. I suspect it might be different in China, but even then it has less to do with a philosophical view on how history unfolds and more with demonstrating fake humility to the crowd.
You might have read it backwards: the message was very humble. Moxie was saying that he didn't deserve credit for what he had built, because if he had not built it someone else would have. So his work was best thought of as a product of history, rather than a product of Moxie.
On the contrary, while it conveys some difficult ideas, I find it quite humble to acknowledge that one's individual contribution to technology is not an act of genius but of inevitability.
I think we must have read two different speeches, because the one I read was Moxie stating that the invention of Signal was an inevitability, not him taking credit for it. But then it kind of sounds like you have an axe to grind on this topic?
The Levchin Award recipients are determined by the RWC Steering Committee, which this year was Dan Boneh, Aggelos Kiayias, Brian LaMacchia, Kenny Paterson, Tom Ristenpart, Tom Shrimpton, and Nigel Smart.
I think we can safely assume Moxie's popularity on HN had very little to do with persuading these people.
Moxie Marlinspike and Trevor Perrin. Most of the novel cryptography in Signal Protocol is Trevor's; it's good for people to know who he is.
Reprising a previous thread:
The prizes went to Joan Daemen, for AES and SHA-3 (on stage, Levchin pointed out that his interest in cryptography had been piqued by a xeroxed copy of DES when he was in school, and that it was an honor to present an award to one of the people who replaced the DES), and --- more notably, I think --- to Moxie Marlinspike and Trevor Perrin for their work on Signal.
Last year's winners were Phil Rogaway (a cryptographer of repute comparable to that of Daemen) and the miTLS team (of Triple Handshake, SMACK, FREAK, Logjam, and SLOTH fame).
Mods: a more appropriate title is "Moxie Marlinspike and Trevor Perrin win 2017 RWC Levchin Prize for Signal", and a more appropriate link would be to pretty much anything but an individual Reddit comment; how about this one?
Moxie was contrasting the different perspectives that communist and fascist leaders had about what caused their success, for the purpose of an analogy. He was not contrasting communism with fascism. Please learn to distinguish the two.
a. "The idea that communist leaders felt any different...". In other words "the different perspectives" they had about what caused their success. I do not believe they had different perspectives, except externally.
b. I think it's pretty clear that Moxie favours what he perceives as the superior point of view of one group over the other and he reinforces that by himself clapping with the audience in emulation of the preferred group.
I'm not for a moment suggesting that he's got simplistic ideas about Communism and Fascism. I actually don't know his politics. I understand that he talking more about the concept of historical materialism, of being part of a movement rather than being a mover. On the other hand I think a reasonable reader would infer that this goes beyond mere analogy.
They're distinguishable at least by their respective utopian conclusions.
A ideological fascist utopia looks very different than a communist one.
One may rightly gripe that in practice there is no difference, or that those in the respective governments did not believe in the ideas they espoused and instead worked towards different ends.
But I can't believe that 100% of those following the ideologies ignored their tenets.
While applauding the stated mission of Open Whisper Systems to make cryptography usable by large numbers of people I think it is fair to hold Moxie & Co. to the same high standards to which they held PGP: https://moxie.org/blog/gpg-and-me/
The journalists who depend on it struggle with it
and often mess up (“I send you the private key to
communicate privately, right?”), the activists who
use it do so relatively sparingly (“wait, this thing
wants my finger print?”), and no other sane person
is willing to use it by default. Even the projects
that attempt to use it as a dependency struggle.
Breaking this up into constituent parts and trying to guess whether those standards are met seems to leave us somewhere in this territory:
1) Journalists communicating with WhatsApp struggle with it and mess up.
Given the confusion around under what circumstances one can communicate securely with WhatsApp ("Is it OK if I have two checkmarks? Is it OK because Facebook would never let a government have access to the RedPhone part?")
2) Activists who use WhatsApp do so relatively sparingly. I have no idea on this one. I hope they're using Signal and/or GPG with all their attendant bother, complexity and confusion though.
3) No other sane person is willing to use WhatsApp by default. Hmmm.. more confusing value judgements. Is someone that uses a communication method open to abuse by corporations and governments "sane"?
4) Dependency struggle. AFAICS no other projects can piggy-back off WhatsApp because it's proprietary and closed. So the user base can't scratch their own itches. OK, so what about Signal? Sounds like the dependency on Google Cloud Messages and Play Services can be hacked around with great difficulty.
I dunno. Fair play to Moxie and Perrin for what they've done, but so far GPG looks like a better bet for actual secure end-to-end communication, using an already existing, widespread distribution mechanism which is widespread and redundant: email.
Reports of GPG's death may have been grossly exaggerated.
Can you find a single practicing cryptographic engineer who will go on the record as saying that PGP (in any of its incarnations) and email is better than Signal Protocol for message encryption?
If one is going to be paranoid, then one should at least be consistently paranoid.
v1 of the internet as used now seems wildly naive of state surveillance.
v2 may be better, but if most traffic goes encrypted, then there are going to be a lot more attacks (both legal and extra-legal) against the nuances of implementations.
v2 is certainly an improvement on v1. But one of the reasons v1 was deployed is because we believed things like "The US government would never tap traffic at the backbone" or "The US government would never tap private links between data centers."
Valuing both, I think it's important to keep eyes on the future so in 10 years we don't look back on statements like "The US government would never compell Google / Microsoft / Facebook / Whisper to distribute a poisoned version of their application" with the same amount of surprise.
I don't understand what this has to do with whether we should use risky, leaky cryptosystems like PGP over things like Signal that were designed specifically to deal with these threats.
I'd agree with the top of Unman's comment about striving for more, while disagreeing with the bottom.
Signal is better than PGP.
Running crypto without PFS in this threat environment is an irresponsible bet to make with data.
My point was that failing to continue to maintain vigilance, even if it sounds paranoid, is also irresponsible. Unless one is willing to be that we have a perfect crypto system, some amount of humility (as evidenced by Moxie's speech) is warranted. Else we'll be talking about Signal in 20 years in the same way we're talking about PGP.
Signal is a system designed always to be encrypted with no plaintext opt-out, with secrets that change automatically over the life of a conversation (which could last years) so that a single point-in-time loss of secrecy has minimized damage, with no exposed message metadata so you can't accidentally betray your conversation with a dumb subject line, and with deniability so that someone wiretapping you can't cryptographically prove you to have said anything.
> 4) Dependency struggle. AFAICS no other projects can piggy-back off WhatsApp because it's proprietary and closed. So the user base can't scratch their own itches. OK, so what about Signal? Sounds like the dependency on Google Cloud Messages and Play Services can be hacked around with great difficulty.
There is a pull request that got some quite thorough code review by moxie recently that gives users the option of _not_ using GCM, but it won't be merged until call/video support is implemented with webrtc (because it can't support calls over websockets, and just not being able to call some users isn't an option.)
And GPG is too hard for people to use. I have helped journalists with GPG, and even intelligent somewhat tech-litterate people struggle with the concepts of it. Look no further than Glen Greenwald, who almost wasn't able to communicate with Snowden.
(EDIT: the submission's URL has now been changed from a particular reddit comment at https://www.reddit.com/r/crypto/comments/5m0zpo/moxie_marlin... to a different announcement about the prize. The rest of my post as it originally stood follows.)
Reproducing the subject matter of the submission for discussion's sake:
dionyziz says:
I think Moxie decided not to be recorded for his acceptance speech. He said something very nice during his speech however, and I'll try to phrase it like he did:
If you watch videos of politicians giving speeches in the 1930's, you observe the fascist leaders who gladly accept an applause from the audience because they have earned it. They feel they are responsible for it, that they are the creators of history. On the contrary, if you observe a communist leader, they will applaud with the audience in every chance. This is because they have a different belief system, that of historical materialism, that history is a force of its own, unstoppable and inevitable, that drives what is happening in the world equipped with the momentum of what has happened in the past. These leaders feel they are simply the bearer of history, the tool that history chose to run its course, so they applaud together with the audience for history.
Similarly, today, we have a similar force, and that is technology. I once had the chance to meet Mark Zuckerberg. When I met him, a thought occurred to me: I could, right there... kill him. [audience laughs] I never thought I would get so close. But would that really change anything? Us technologists are the bearers of technological momentum. We make things happen, because the time has come for them to happen. And now is the time for strong encryption and crypto.
[audience applauds together with Moxie]