ChaosPad V1.1
Full screen

Server Notice:

hide

32c3-talk-7432 Latest text of pad 32c3-talk-7432 Saved Jan 12, 2021

 
Hallo Du!
Bevor du loslegst den Talk zu transkribieren, sieh dir bitte noch einmal unseren Style Guide an: https://wiki.c3subtitles.de/de:styleguide. Solltest du Fragen haben, dann kannst du uns gerne direkt fragen oder unter https://webirc.hackint.org/#irc://hackint.org/#subtitles oder https://rocket.events.ccc.de/channel/subtitles erreichen.
Bitte vergiss nicht deinen Fortschritt im Fortschrittsbalken auf der Seite des Talks einzutragen.
Vielen Dank für dein Engagement!
Hey you!
Prior to transcribing, please look at your style guide: https://wiki.c3subtitles.de/en:styleguide. If you have some questions you can either ask us personally or write us at https://webirc.hackint.org/#irc://hackint.org/#subtitles or https://rocket.events.ccc.de/channel/subtitles .
Please don't forget to mark your progress in the progress bar at the talk's website.
Thank you very much for your commitment!
======================================================================
 
 
My proudly present, our next speaker. He's done a lot of exciting things and I will just give you some very brief examples. It's things like running a company communication company in Iraq and Afghanistan, the things about building a data haven on a platform in the Atlantic Ocean and the North Sea. So I'm very proud to have him here. Please give a warm welcome to Ryan Lekki. Thank you very much for the introduction and it's great to be here, C.C.C. is my favorite conference out of all the conferences I go to great crowd first day. It's already really exciting, so looking forward to it. So I'm going to talk about data havens from Haven Koja today. Just a quick overview. Who am I? What's a data haven? Where do they come from? Why would you why have they failed? And then some ways to be successful. I really like this idea of having a conference track on things that have failed because normally people are ashamed to talk about things that have failed or try to minimize how much things and things that have gone wrong. And it's really the only way to learn. The only way to learn is to make mistakes. And it's better for someone else to make those mistakes rather than, you know, rather than making them over and over again. So. So just as background, I've been interested in crypto and cash, specifically anonymous electronic cash since the early 1990s, the cypherpunks mailing list and a bunch of stuff like that started the offshore data Haven Haven, which we're going to talk about in two thousand with some friends of mine, then work in some war zones doing satellite communications, using some of the experience I had from the Haven cooperation. Then I needed a trusted computing startup working on trust and cloud computing. And now I work at CloudFlare, which bought my trust in cloud computing company. So first thing is, what does the data haven? A lot of people use the term. They use it for different things. We're going to talk about the Wikipedia definition, which is now, I w
ould say, the canonical way to find the definition of something, a refuge for uninterrupted or unregulated data. So that's really two parts. And there's a lot of factors that go into it, uninterrupted meaning against natural disaster, against normal service interruptions, things like that, but also against active attacks, censorship, things like that. There's a concept of regulatory arbitrage where you have one set of laws in one place, another set of laws in another place, and you're trying to pick and pick and choose which pieces of law are the best for you and the best for your operation. And there's all sorts of traits that go into a data haven. There's a physical, legal, operational cryptographic data haven could be both a physical data haven or a software, a data haven sort of cryptographic approach or some combination or hybrid approach to those things. So the origin, as with a lot of things before someone but one people have talked about it and thought about what could happen. Fiction, science fiction is generally a great predictor of science fact and science fiction is talked about this for a long time. There's also analogies and some very similar fields that are outside of the data or data processing world that are very similar. And there are some people doing data havens, at least in some sense, before Haven. But Haven is really the first purpose built physical data haven that that I certainly know about. So in fiction, there's some great science fiction. As we move down this list, they get more and more precise. Early on, it was more about the concept of crypto software things. Then it was sort of passing references to it, I would say. Islands in the Net by Bruce Sterling, which is a great book, is probably the first story that really references data havens and multiple data havens and how they interoperate. If you haven't read these, all of these are great books. They're part of the canon of science fiction. So I would definitely read them. Cryptonomico
n has a really interesting history with HEREINTO. It was started probably ninety eight or so who've started writing it. I didn't find out about it until after we'd already started having code, but they were sort of completely parallel evolution and huge numbers of weird parallels like people's names. A lot, a lot of factors about it were very, very similar. So I guess it was just the right place at the right time. And then as you move down this list, Dayman and Freedom are probably my two favorite sci fi books. They're the very persistently referenced the idea of software that can't be terminated. So it solves this uninterrupted problem. But I would say that now data havens are like a concept that, ah, that's used in fiction quite, quite frequently. And then there are some analogies that are outside of the sort of data processing world free trade zones in countries. I think U.A.E is probably the the biggest exponent of these are a great analogy where you have a country that has one set of laws but in a certain geographic area or a certain set of entities, they're allowed to have different laws. And the idea is that foreign businesses will locate there, take advantage of these favorable laws and they wouldn't otherwise have been in the country and it doesn't affect the country. There's also the concept of offshore banking, the whole theoretical Swiss bank account where you are a political leader in some foreign country and you invested so much of money from your country and sent it off to another country, or you live in a country that's horribly repressive and we'll take away all your assets and you store them in a place like this. It's really a value neutral kind of thing, the concept of tax havens. I mean, people talk, at least in America, a lot about the way Apple shelters a lot of their income through foreign entities, even though it's earned over sort of overseas. But these have existed for a long time. And then shipping, I think basically all ships of large com
mercial ships are registered in a small number of jurisdictions that are different from the beneficial owners of that thing, like Liberia. Countries like that have huge numbers of ships but don't really have businesses there for them. And that's just because they have very favorable laws. And then there's gambling centers like McCallan next to Hong Kong. And China is not really catering to the local population. It's people flying there to gamble. So there's that. And then there were some data havens pre have go. So like the late 80s, early 90s, mid 90s, you know, community, there was the sort of like top state system, which these were servers that were relatively well protected by usually being run by an admin on the side or something like that. There was a company, Offshore Information Services Limited, run by Vince Kate, who is one of the top people from the cypherpunks community creating this kind of stuff. He started a business offshore before almost anyone from the US had considered it in. Field in Anguilla, he was actually my next door neighbor while I lived there. He said it was a relatively small business. He had a bunch of, like, car batteries as a UPS and 10 base to connection to me and t one connection or one point five megabit connection. And he had a couple of really big clients. But this was to some extent one of the first data havens because it hosted data from the US that was, under US law, not allowed to be retained for a period of time. It basically was a driver's license database from, I think, the state of Texas, where they couldn't retain the documents longer than a year. But there's this other company that would retain them forever and let people search against them again, value neutral. And then there's the whole, like, dark period of the 90s, which I'm afraid we're going back to, where crypto software was banned from export, or at least you couldn't give it to a foreign nationals. So effectively, you had to do all your crypto development if y
ou wanted to be open outside of the United States. And we're sort of going back in that direction with the exploits world. But in that case, you had to be outside of the US and a non US citizen to do a lot of the development. There was a system that Ross Anderson from Cambridge had Triniti and then a few people, two of whom are on the possibly Satoshi list, created versions of it. And I created a pretty bad version of it. TasRail Weber. These are all software systems at the end. And then of course, there's the concept of availability from a high end data center. You've got great data centers where people spent three sixty five men in San Francisco, two billion dollars building this data center. The idea being that it'll stay up through any sort of disaster. It's isolated from earthquakes. It's got a bunch of diesel fuel onsite. Of course, there's a software bug and all the UPSs. So they all crash at the same time. But, yeah, minor data and there's been uses of this censorship. Resistance is the first thing that most people think of when they think of a data haven. They think of data that someone's actively trying to shut down. But part of it is just uncertainty. Like until very recently, we're still ongoing. We don't really know the legal status of things like Bitcoin. So if you can pick a place that has decided what the legal status is, it's a lot less risky. And there's also just durability and reliability. If you're spending a lot of money to have a service that needs to be up all the time, you probably don't want to host it in your basement. You want to find a physically secure facility for it. And there's a lot of things. And then there's, of course, choice of law like gambling in the US is a super big problem to have any connection to, especially recently purely for protection of the big existing casino industry. There's no moral really issues with it or anything particularly, but you can't have any of that stuff touch the US. You have to pick a jurisdiction w
here you can. So then there's this place called Sealand, so World War two, anti-aircraft anti-aircraft fortress in the North Sea, which if you just take that statement, it's crazy. So during World War two, the British had a problem with German bombers coming in and bombing London. So they decided they wanted to intercept them not over London, but over the North Sea. They started building these floating platforms out in the North Sea. And we're not floating, but they're anchored platforms in the North Sea. And these sort of got left behind at the end of the war. And they were sort of legal curiosities. Most of them got torn down and one of them didn't. The U.K. also did not have commercial radio. So people were doing pirate pirate radio broadcasts from ships. Then they started cracking down on pirate radio broadcasts from ships. And so people started moving farther and farther out and they eventually started looking at places like this. As far as I know, they never actually did pirate radio operations from this particular fort. They did it from other locations. But it was basically this place that was in at the time, international waters occupied by somebody who declared it sovereign. And that if you look at international law, which is kind of crazy, is how you start a country. And so it's probably maybe sort of a country under the technical definition, although the population is very small, territory is very small or some other things. No one really cared about it because it was a relatively upstanding British family that had it. They didn't do anything bad with it. They didn't really cause too much trouble. The British are pretty accommodating of that kind of thing. And it was sort of interesting legal curiosity, but that was about it. And then then we came around, there was this set of people who will name who had done business in various places, Anguilla, various other places, and thought, oh, Sealand will be a great place to do it and having them out there. So t
hat's that's our story. So the founders are Sean and Joe Hastings, who have done crypto software for a long time. And me, we'd worked on crypto software actually in Anguilla about a year apart and worked from there for the Ayata reasons. Samir Parekh, who was the first SSL license vendor in the US in the 90s, and Avi Friedman, who was an early guy working on Internet stuff and then at Akamai to much other places, were very helpful. Early investors and we had experienced first hand with Anguilla, this little tiny country. It's maybe seven thousand people in the Caribbean that didn't really have favorable laws in any way. It just didn't have a lot of laws. And we just moved there because it was sort of a nice place to live, sort of, if you like, Caribbean islands. But there was no Internet, shady legal system, all sorts of stuff like that. So. Purely by accident, basically, we were all there at the same time, so one of the things that happened was, one, it was really boring. I don't really like little Caribbean islands. I'd be much happier in a place with lots of fast Internet. And it's one of those tourist places where you're only busy and, what, one month out of the year, the law was unsettled and a lot of other places we couldn't really go there. We looked at some other countries we might be able to go to. So we left and we left island or we left Anguilla. We rented the house from a government officials brother at above market rate. And then the other political party got elected in and none of our work permits were valid anymore. So we basically got kicked off. It was exactly what you'd expect from a tiny country like that. So we all left and we were all in Oakland again. So Oakland, California. So we were like hanging out, trying to figure out what to do next and like, oh, we can't go to another little Caribbean island or something like that. We have to find some better solution to this thing because we all wanted to build anonymous electronic cash, which is, I wo
uld say, probably the most difficult application to build. It meets all the requirements later in the talk. So we were looking at either existing countries, we could use free trade zones, we could possibly negotiate with certain countries. And then this concept of microstates. So like places like sea land, there's a place in Australia, the river province, all sorts of legal curiosities. We found this book called How to Start Your Own Country, which was Illume Panic's press, which is sort of an alternative. Interesting stuff. Press and they publish it. They mentioned Zealand. We contacted them and did that. But one of our other rejected ideas was to get a bunch of ships except toxic waste from a bunch of countries, put servers on the same barge as the toxic waste such that they couldn't really do anything to the barge without causing like an environmental catastrophe. So, yes. Yeah. Yeah, I'm kind of glad we didn't do that, actually, so we found this place called Sealand and emailed the guy. It was a family that there were like two people living out on the place part time, and they ran a fishing business in the in the coast nearby. So it was it was basically just used it had a lot of stuff left over from World War Two, like they did build it right after the war. So there are no, like, actual useful weapons or anything on it. But it had like tools and a bunch of stuff left over from them. And it was about five thousand, ten thousand square feet falling apart. Lots of lots of issues. All the rooms look sort of like this, if not worse. This was actually one of the cleanest rooms and they did have guns, but they were these like four inch deck guns or something that were like rusted solid and ended up getting cut and thrown overboard. And this is sort of the layout of the thing, it was a structure to cylindrical towers on top of a concrete barge. The whole thing's made out of harassment and a superstructure. There were at one point three hundred people living on this thin
g. The most we ever got on. It was about 20, but usually around two. And it was everything you would fear a 50 or 60 year old sort of abandoned structure would be like, yeah, so they assembled it in place and they sunk it. It was pretty crazy and it was decorated in high British fashion. Yeah. So, yeah. And it's where it is. It's so they changed the law on what, international waters where it used to be three nautical miles and you were international. They changed it with 12, but it was after the declaration of sea land being an independent country. So it's probably OK, but just adds lots of uncertainty. And if you see the town, Felixstowe, we had a six story building there that we beamed our communications using a point to point wi fi shot to. So it was a pretty close to shore, not that far. But the North Sea is not a fun place to be on a boat. So there's sort of stages of the island, Evancho adventure, all the ceiling stuff that happened before I got involved happened, but not a whole lot happened. There was some crazy legal things, but not very much physical infrastructure. During the starting up phase. We did a lot of physical stuff and then we set up a business structure in parallel. And I was like 19 years old at the time. This was also during the first dotcom boom. So we didn't really have a lot of precedent to sort of copy things from. It'd be really easy to do most of the stuff today. And technology was not quite where it should have been. But yeah, this is the structure as we went up to it. This is this is actually an older photo or a newer photo and cleaned up a little bit. But it was this basically bare structure. Getting out to it was on these little rigid inflatable rib boats, and you would lift the entire boat out of the water using a crane, which was an exciting process. I learned to use pelican dry cases because if you don't, then your stuff gets wet. And it's really fun when you have a non backed up sunny via laptop to have to disassemble it, run ev
erything through DNA as ionized water or the closest thing you have, and then like remove the electronic squirt from a hard drive because your only copies of keys were on that because somebody had taken your laptop out of the drive back. But yeah. So things like that. This is what it looks like when you're getting carried up and it's really small from the air helicopter trips out for this thing because it's an officer structure where like three thousand pounds, so about five thousand dollars or so each trip because they have to be twin engine and everything else. So we would only really is a helicopter if the press were paying, if we were doing it. We use these little boats or used a fishing boat. This is sort of the process of getting winched up. In some cases you wear a harness and it would get attached to the back of your head and that. And later we added a 500 pound concrete ball as ballast, which made the whole process even more dangerous because if that thing hit you, also the sea is pitching up and down like 15 feet. So there's a timing aspect to this. It's crazy. Yeah. So the really interesting part is the datalink. So this is the first thing we set up. This was a Teche on one point two meter dish, part of a network which I later worked on that kind of stuff in Iraq and Afghanistan. You could get maybe two megs down, maybe a quarter mag up, and it was a shared network across a lot of networks. The interesting thing about this is I had never really set up a satellite network before. And there's this whole polarization angle thing where you have horizontal and vertical polarization on signals. It turns out that the alternate polarization was actually the credit card processor for like all the gas stations in Europe. And I didn't have the thing turn correctly. So I blocked out satellite credit card processing for like 10 minutes when I first saw this thing up, which was kind of scary. You can do that with like one small satellite dish. But so that was our sort 
of a backup link because VSAT systems go to geostationary orbit and there's about six hundred milliseconds, a thousand milliseconds of latency added, which is not so great for communications. Then at the very top of this, sorry, I didn't have any better photos. I didn't take as many photos back then as I would have as I should have. There was a microwave link. It was originally a wi fi link. I think it was an eight or two eleven B link with a PCMCIA card and a bunch of cables and a bunch of like completely hacked together junk going from this to the building on shore. We later replaced it with a thirty thousand four by one system for no good reason. That didn't work as well. So yeah, the wi fi version works better, way better. Then we had FreeBSD boxes sitting on shore that had E one cards because I was really anti Cisco at the time because I wanted to open source routers. So I ran everything on Xebra and Free BSD boxes and the whole thing was like crazy because you could we didn't have enough redundancy and power cycle. And so there were times where the power would go out in this building or something would crash. And we have to like take a boat to go to a location a bunch of times where I did, like a McWorld upgrade without it working and the machine wouldn't come back up, stupid stuff like that that I would never do again. But you can you can make this work with, like, really crazy stuff today. You could do this with us. You're actually within range of a cell phone, I'm sure. So you can just put a cell phone data card in your laptop and do largely the same thing. The way we set up our network was actually intentionally this way. We had a transport session that went between us and London Telehouse and another appearing facility so that we publicly appeared with people in these high bandwidth locations. We did a lot of filtering and then brought it back to the To Haven CO via links that we control that we could obfuscate because those links were much harder to repl
ace. Something I talked about a little bit. OK, so we did launch. There was this Wired magazine has like a four month lead time on publications. So we were telling them what we were going to do in advance of actually doing it because it had to be ready like we wanted it ready before the the press hit. So there's a lot of speculative stuff. Probably the dumbest quote was the nitrogen filled data center quote, where conceivably you could do that, but we had no money to do that kind of thing. So we had a secret plan to all of this, which was to get a lot of press and using all that press in the peak of the market, be able to negotiate with another country to set up the second version of this, because our thinking was that doing the first one of these would be really hard to have any country say this would be a worthwhile thing to do. But getting another country to say, oh, we'll be the backup site for that would be really easy. So we get like a a more real place like, say, Hong Kong to be our secondary data center. And then once you've got to, you can do like ten of them really easily. So that was a reasonable plan, I think. But we didn't get to that point. We got about three hundred major press articles. We had press flying out there all the time. It was a height of dotcom frenzy. But even at this point, it was team disorganization and stuff. We had like a sales email box that we didn't answer. We just let, like, accumulate because we were arguing over which tech. Getting system we should use, so we just didn't answer it, which was yeah, yeah, so yeah. And this is one of our watch photos and this is me and this is Michael Bates, who was at the time the son of the Prince of Sealants, who's like the second. I don't know what the real thing is, but. Yeah. This is yet more examples of lovely British decor for this place, press corps. So, as you can expect, given as a failed talk, there was there's a crash. So there was the dotcom collapse, which I don't know how many peop
le remember the details of it, but it was multiple things that happened in a row. It was sort of bad in two thousand. And it got a lot bad in 2001 and it was bad for different sectors. There were all sorts of crazy things. The thing I really remember is Nortel stock. Apparently, if you had bought beer in Canada and save the cans for the collection like the deposit, you would have more money than if you had bought Nortel stock because it went to like almost nothing. So we ran out of money. We thought we could raise more money. We didn't have any more money. We were burning two big fifty five gallon drums of diesel fuel every day. We had a lot of staff, all sorts of crazy stuff like that. So we didn't we didn't have the ability to raise money from third parties. So we sort of refinanced. And we originally had a contract where we could buy all of Celan for about five million dollars in six to 12 months after launch, thinking, oh, it'll be really easy to raise whatever number of billions of dollars. And today or in 1999, that would be true. Not true in two thousand twenty one. So and instead we ended up bringing the royal family of Sealand in as a partner. They had run this place since like nineteen sixty six. It was their main asset, their main pride and joy. They thought about a lot. So they thought about this entirely differently than we did. We were willing to push the limits on one data center in order to expand the model to things like that. They were much more conservative, which I can't really fault them for. And then we ran on a shoebox budget, my friend Abby, one of our investors. So he put in, I think, like a million dollars or so originally. And then every time I'd fly to Boston, he'd give me a bunch of cash, like a bunch of cash, like ten grand or something. And I would use that to pay bills. And we didn't really keep track of it. It was like the ultimate thing you don't do with investments of like throwing good money after bad. I just kept it running, whic
h was awesome with him, but yeah, not a good financial decision then. So we basically run out of money. We're spending like 30, 50 K a week or so on renovations. And then we got down to the point where we had to pay for things from our server hosting and we had maybe like a grand left over every month. We had this food which was mostly left over from pre Haven, CODIS, and this was. Yeah, yeah, it was it was exciting of those things. There's some corned beef from Argentina that is actually the most wretched thing I have eaten. And we ate like most of the stuff in the place. So as far as servers go, these are a bunch of Celeron five thirty three boxes. We have this. I think fairly justifiable fear that if people saw how little infrastructure we had, nobody would actually buy anything. This was our showcase data room of what the rest of the rooms would look like. This was, in fact, the only one. So, yeah, it got a little bit more populated. But this is about like two thirds of the peak, very small number of servers, some UPSs. We've got a bigger GPS later, but all basically FreeBSD and Linux stuff. Pretty reasonable, but yeah, very, very small scale. And we never had more than eight megs of bandwidth going to the place. We had aggressive caching and then much more aggressive caching after I left, which is an interesting story. This is about peak capacity, so. Sitting in and the rooms are 20 or they're like six meter cylinders, so you've got a circular set of desks around them in this room. And that was where I spent most of my time, mostly on Iasi, which is the main thing you do when you're on a little island like that. Yeah. So speaking of aggressive caching, so we have this whole model where we would host things where rather we would host things on sea and then we would have hearing sessions and transit purchased in places like London, Telehouse and then a place in New York, and then we bring the transport back. Those boxes are really tempting to use for caching afte
r I left, which wasn't the most friendly of circumstances at the end of 2002, I think they decided it would be a lot cheaper to just not have anything on the island anymore and put everything in those locations and not tell anyone. It was really obvious for two reasons. One, the pink times were zero milliseconds from the edge to this noise, about two milliseconds by speed of light. And then there was a huge fire because the original structure was all like Feresten and everything else. The new generator room, which they stored a bunch of oily rags in, was made of tarpaper. And the predictable thing happened after like five years. I don't know why it took five years, but it eventually completely caught on fire as a huge fire and nothing happened on the server. So, yeah, there's that. So given many, I would say the failure here was overdetermined. So we have lots of reasons why it failed and we need to piece apart why those things are some of them are totally idiosyncratic to a tiny platform. LNC those are less interesting unless you for some reason want to build something on a tiny platform. See, there's other things that are much more general as data haven issues, the core reasons where economics, the product itself wasn't all that great. And to be honest, we were not the greatest team. None of us had any experience running large businesses or even small businesses or really anything. And then we did have the market like it's really lame to blame the market for it, but I think the twenty two thousand one collapse in bandwidth prices was a fundamental driver. So what happened is we had an inherently high cost, which was totally fine in two thousand. There were two reasons for high cost. It was high cost because it was on this little tiny platform. It was also high cost because we didn't have any scale. When you're buying eight megabits of Internet and transporting it over, once you pay a pretty high cost per megabit, if you're buying one hundred and fifty five, which 
is what we'd originally ordered, the cost per megabit is a lot lower. And then we had the issue that in nineteen ninety nine two thousand, the price for I guess Akamai service was like two to three thousand dollars and megabits per second. Effectively transit was one to two K or something, a megabit. Then the market collapsed and people would start selling below their own cost because they had to. Sometimes they sell below their marginal cost, which is crazy, but usually bandwidth doesn't have a marginal cost. So basically, like the market price went to like ten dollars and our cost was five hundred and we built everything on like three thousand. So that was a serious problem. And then there was another more additionally serious problem is we are missing some key components to make this a great product. And then we didn't have any money to do anything differently because we only had only only eight megs. We had to really ration bandwidth. There's a lot of cool stuff you can do that you'd want to have more bandwidth for. This was also pre virtualization. So you had the physical servers and one server per customer was like a crazy thing. The biggest problem I would say is we had no way for our customers to handle payments. If you were a purely cipher space business, you still had to go incorporate somewhere to get a bank account to accept credit card processing. There was no Bitcoin back then, and I proposed the beginning of this thing that we fund building anonymous electronic cash as the first enabler for this thing. Because if you have anonymous electronic cash and a secure place to put your server, you don't actually need to incorporate anywhere. You can just have a key as your your thing. But we didn't do that. And then we never really found a single, really solid application for this thing. So all the things from doing start ups that I know you shouldn't do, we did. And then the team and structure issue. Fundamentally, the issue was that the ceiling people were 
more traditional, much, much more legally averse to risk uncertainty, things like that. And then there was me and I was very willing to push the limits on stuff because I just walk away from it if it failed. So like, I was trying to get to success. There's a whole model in like venture capital where it's OK to fail like one hundred times if you're one success is like a ten thousand times bigger return. So we were pushing for that kind of thing. And that isn't the kind of thing you do if it's your your house, basically. Then we had lots of internal team issues, politics like that. And also it's just boring. Like this place was like five or ten thousand square feet. It was kind of cool when I got to leave every week or two. But there was a period where I was out there for six months because I didn't have any money to go anywhere else. So I was basically living on a tiny little one, tiny little platform. There was one other person there who was like a security guard, like a six year old British guy, a security guard. And I arranged to have like an offset by 12 hour shift from him. So I would not actually see another person for like three months at a time was it was probably not the most psychologically awesome thing to do, but I had irises, so that totally made it better. Yeah. So there's things that you would expect from building a data haven that would be the reasons for failure, and they actually, in our case, were not reasons for failure. We don't know that these things are not reasons for failure in general, but they were not our reasons for failure. Maybe we didn't get to them. Maybe we were lucky. So legal or regulatory pressure never actually was an issue at all. We got some very, very cursory legal threats type things, but they were mostly from civil things. We didn't do anything really bad. We had a very correctly chosen for their risk model. We had acceptable use policy. So no spam, no child porn, no hacking other people's servers. And I think we added no te
rrorism on 9/11. It wasn't really I thought before that. And that was like the entirety of our acceptable use policy. We were sort of in the gray area about copyright. We also had the benefit that our cost was so high for servers that you would not be able to put a file sharing server on it and have it be profitable. If we'd had much lower costs, that would have been an issue. There was no real competition for a physical data haven at the time. There were secure facilities, but there was no data haven as such, and no one had a great software replacement for this kind of thing. No one hacked us. As far as I know, we had very little infrastructure ourselves, so it's unlikely that that got hacked. Some of our customers might have gotten hacked, but we wouldn't know. But there was no like major hacking incident or anything and there were no fundamental technical issues here. Getting bandwidth out to this place would not have been that hard with like five or ten million dollars versus two million dollars, lots of things like that. So these weren't really recent failure. But we don't know if there's these are the things that I'm much more concerned about are is there an actual demand for data center, a data haven type services? I think there is, but we don't really know for sure how can you make a viable product that people will actually be able to pay for? Like there's plenty of people who would love to have a server that could never be shut off. But are they people who will be able to pay for that service at the cost required? And then the biggest problem with this whole thing is it's really easy to have like one or two below the radar. If you got some services that don't attract any negative attention, you're fine until you have like Lavabit or something hosted on you and then legal stuff happens. So basically, the more successful you get, the higher the odds of some horrible incident happening and then having to resist it, which is sort of the opposite of a lot of oth
er models where the bigger you get, the easier it is to be successful. So that's that's a fundamental thing. And there's a question of can you do this better in software if you can ever do something in software rather than spending money on platforms and offshore data havens, it's totally worth it. And then the other question is, even if you can do all the stuff, should we do it like not everything you can do should be done by people. I think free speech trumps the other disincentives to doing those things. I think data havens should exist, but it is an open question and people have different opinions on that. So we're not the only data here. And there have been data havens since then. And based on the earlier definition, there's different ones. So I would say that a conventional great data center, like a Tier one or whatever facility is a data haven in terms of keeping your servers available. You're subject to the laws in whatever country you are. And the nice thing is, like the US has great laws for certain things. Ireland, Germany have great laws for other things and you can pick and choose your application. There's a company called the Bunker and there's a couple other things where they've taken World War Cold War bunkers and refitted them as data centers. They're in the countries that have certain laws, so they'll have either UK law or Swedish law or Swiss law or the things like that. But they're nice facilities. They're generally have weaker network connectivity than the center of town data centers like Telehouse Wood. So there's a trade off there. There's a bulletproof hosting model. So there's this whole world of the other. All we had is no spam. Speaking of bulletproof hosting, the response, you URLs that people go to from Spam get shut down by people all the time. Malware, you URLs get shut down all the time. There's this concept of a bulletproof host that will stay up against this kind of attack. Usually the term bulletproof host is used specifically arou
nd this kind of like nuisance type stuff versus free speech. But you could use it in any way. And there's a famous company in the Netherlands that was rated has some crazy stuff. And then there's distributed software systems and there's application specific systems that are designed around redundancy. So, yeah, this is a two billion dollar data center in downtown San Francisco, which is later got sold for like twenty five million dollars or something. There were the generators going out. This is an awesome facility. Punin Bonlac Data Center, which I've never been to, but I'd love to get a server there someday. Telehouse, the probably the premier Internet Interconnection Center and all of Europe, which is also great. I used to live like five blocks away from that place, which I thought would be awesome. But it's actually more of a pain to move a server five blocks than it is to move it like across town, because you feel bad about taking a taxi that distance and you can't really carry it. So that was not a decision. And this is the bunker. The cyber bunker, sorry, the cyber bunker. So there have been successes. So PAVLENKO not a complete failure. We did accomplish the goal of making things popular ised and things like that. But it was not a commercial success in any way. I lost like a quarter of a million dollars by spending a bunch of money not getting reimbursed on credit card. Which is not awesome, but there have been people who have been successful Bitcoin, as far as we can tell so far, like it's not the finished book, but like it's been a pretty successful Pirate Bay has been successful, sort of like they've moved their servers around and have been relatively successful. BitTorrent has been incredibly successful at keeping things available, but has not been commercially terribly successful. WikiLeaks has remained online despite doing stuff that the most powerful governments in the world don't like. And the really exciting thing they did was it's insurance file co
ncept. Silk Road was I guess there's an asterisk. So was basically successful technically, except for some user admin issues or something. And Tor has been pretty successful, especially hidden services, which are valid in this case. So really, if we so we don't want to just like blindly do the same thing again, we want to figure out what went wrong and fix it. So how not to fail. You want to think about your application model for the technical side of it. You want to think about who your threats are and adversaries. You definitely need to think about your business model and useful technologies that can help you. So as far as application, you want to do as little hard stuff as possible ever. You always want to do easy stuff and you want to make sure it's like the I guess I could use a zip quote or something, but you always want to meet the enemy on the ground where you control, but your advantage, you don't want to fight in your weak spot. So do things that are easy, like static data is pretty easy to keep resistent from censorship. You just make lots of copies and is also resistant against accidental deletion, whatever. So if you have a lot of copies, the cool thing with the insurance file is, is distributing widely and encrypted file and then distributing the small key later because basically they won't censor it because they can't go back in time. So it's kind of awesome. You end up with a lot of general distributed systems problems. Do you need to have immediate consistency, some sort of global lock? Can you do eventual consistency? All these things that like computer scientists deal with and then Web application developers and application developers deal with are super relevant in the data haven world. And then there's the hardest thing possible is to build a legacy so you can't build a custom client. You have to use like a regular Web browser, globally synchronized transaction system. That is the hardest thing to build. So if you can build a data haven that wil
l work with that model, you have one maybe threats and adversaries depending on who your threats are. There's a lot of techniques you can do and they're different against different people. If you're worried about a government in the Middle East, government in Africa or something else going after your community, your global diaspora community for human rights stuff, put your servers in a place like Germany or in the United States because those governments will be happy to stand up to a dictator, at least as far as not giving them the copies of your data. You can split up across jurisdictions. I've seen as I did the work in Iraq and Afghanistan, just doing like satellite Internet for people. But I got to meet some of the law enforcement people and see the trouble they go through when they're trying to deal with servers. They're in multiple jurisdictions and a lot of cases they don't even bother if it's a particularly difficult jurisdiction like, say, Eastern Europe. But if you can make that so it's like the Russian dolls problem of multiple servers, they get bored pretty fast and you can use disposable finance, which has been sort of the WikiLeaks model where the pieces that you have the most of and that you can easily replace, you make those pop up. Those are the only things that are exposed. And then you have servers and back end your big data repository processing. That's much harder to replace. You keep shielded and then you minimize the bulletproof computing base. So it's sort of the inverse of a trusted computing base or sort of related to trusting, committed base where the parts that actually need to be resilient against all these attacks should be as small as possible for application laws and politics. These always change. I know much more about technology than I do about laws, but the issue we had in the nineties was that law wasn't really settled. We had both. I mean, there's a concept, at least in common law, countries like Black Letter Law and then court l
aw or case law. There were lots of cases where there was neither black letter law nor case law. Now, at least there's case law and a lot of cases. There's black letter law about it, but there wasn't a lot of that stuff back in the day then. Well, Saelens was still going on during terrorism. I woke up, I was like asleep. I'd gotten like a weird sleep schedule. So I woke up at local three p.m. or so, which was like an hour after the 9/11 World Trade Center attacks, woke up, saw the TV of, like, these things crashing in and thought one that sucks and too well, they're going to completely ruin like any possibility of doing offshore data and stuff. So I set up anonymous remailer later that day and a bunch of other stuff, like push the limits a little bit more. But it was pretty clear that terrorism was going to get used to beat down any form of anonymity, even for things that are totally unrelated to terrorism. In the nineties, we had the four horsemen of child porn, money laundering, terrorism and tax evasion. And it's a lot easier to scare people with terrorism than it is to scare people with like evil tax evaders or something. So so we were afraid of that. The other thing is you want to have a preemptive, positive legal campaign if you are behind the curve and the first thing anyone hears about you is something negative, like you're used for child porn. You have lost no matter if the law on your side. They'll just change the law or they'll change the interpretation or your funding pool or something like that, you want to make sure that you've got good stories out there of how you're helping people escape horrible situations, things like that first. And then you pick some cases that have really good, good optics. So you help open source projects. You help like the overseas diaspora of a country where the country is monitoring those people's communications, things like that. The other key thing, which I think is these are these are all fairly obvious. That one that I th
ought was the most useful is pick one known main adversary, one threat, and make sure you can defeat that. So in our case, we could pick something like gambling and we could be the the awesome place where you can host your gambling servers. No one really cared about gambling except for the US government. And there were five thousand miles away from us. So we didn't really have to worry about them very much. We would not have picked something that a lot of countries hated or that the British specifically hated because they're much closer to us. So pick one thing to do and just do that thing rather than like and taking on every every other country in the world. Then there's an open question about business model. You really want to have a working business model before you scale up your business. So keep your costs low and building something like this so you can pick a model. A lot of the problems are the interesting customers are usually not really able to pay very much. The boring customers are slow to move. So you can get interesting customers with not a lot of money early on, but you can't really serve them unless you either have a lot of money or have very low costs. And there's that. The non-intuitive thing is to build a system that works really, really, really well for one specific application. So you could build like anonymous retailers or one of the most secure, most effective against very high level threat systems out there because they only dealt with email, whereas TOR has a much harder problem because it deals with arbitrary protocols or an arbitrary date. And as more things so you can build a single application that you know a lot about, it's pretty easy or relatively it's much easier, not pretty easy, and then solve something that's on the efficient frontier of risk and value. Don't put like hundreds of millions of dollars into solving something where you're only like a tiny bit better than somebody else either. Don't spend a lot of money to be a tiny bit
 better or spend a lot of money but be amazingly awesome at it and then cross subsidize. If you build a system for your own application, you might make really high margins on, say, offering email addresses and stuff where the hosting can be higher than it is in other places because you have less cost for other things and then hybrid solutions where you have like a P2P model, a software system and a data haven that are working together or things like that, or an open source thing, or you have something like fact's where it's not an objectional application. You use that to demonstrate your technology and then build something else later. So there's a lot of useful technologies that didn't really exist in the late 90s when we're doing the stuff that do exist now. Tor one of the more useful tools here. We have a lot of people to talk about. There is no point in me talking matau heavyweight clients. There was a period in the early 2000s where it was basically just Web clients. No one wanted to run local software on the machine and it was sort of a JavaScript was at the level where you could run a real client there. Two things have killed that model, one Ajax JavaScript stuff, so you can build a pretty heavyweight client in a Web browser. Even that doesn't require network access. Even better, you have mobile phones and things. We can have an actual application. So we've gotten back to the point where you can build an application, has local state, which lets you do much more interesting protocols and you can build new protocols. You can build a protocol that's much more resistant to censorship than http to a static address. And I'm a big fan of Messers based systems rather than Conexion oriented systems. If your fundamental task is message based, you can pass these messages around like in the U.S. model or the anonymous remailer model rather than opening a pipe. It's much more anonymous, much more secure, much more reliable than that, and use latency in that kind of situati
on here. Advantage, however, there's a bunch of missing technology. So we still have not, I would say, solve the anonymous electronic cash problem. And Bitcoin is a decent system, but is not anonymous, certainly not anonymous against determined effort to find ARBITRATES actions not anonymous by default. So zero coin and some systems like that might be sufficient. I'm still a true believer in Chami and electronic digital blinded cash. It has a long and kind of sad history, but I think someone will eventually do this and I'll be successful. I think we also need to reboot the anonymous remailer network. I mean, one of the sad things was Len Sesemann was the main remailer guy and he's no longer with us. So we don't have a remailer network that is as good as it was in like twenty three. So we need at least get back to that level and maybe build something better and then cloud computing you if you're building on the stuff for Data Haven and then you've got us is your back end for your application, it's really easy to send a subpoena to there or do whatever else. Having a trustworthy cloud where the operator can't modify your computing would be great. And it's not really cost effective to have dedicated physical servers for each machine, especially in an offshore data haven. So there's that and then secure client devices. As we've seen with the Silkroad example, no matter how great your server security is, if your client device is. Captured, unencrypted, or whatever else, you've got serious problems. So, yeah, that's basically I have a bunch of URLs, this will be up on the Web somewhere. A lot of stuff. There's a bunch of articles, some interesting legal analysis of this that has been done by people and that. So, yeah, data humans have existed in concept and practice for. I would I think there's probably examples in the 50s and 60s, certainly from the 70s and 80s and genuinely mixed results. So there's lots of work to do in the future. I'd be very interested in any questio
ns or comments or anyone has. We have about 15 minutes left. Please use. So any questions, anyone? A question from the Internet, in his opinion, a little out of place does the unwanted attention, drugs, politics and poorly supervised business and data redundancy models like Siyabonga outweigh the benefits of a data haven? Please repeat your opinion, does the unwanted attention, drugs and politics and poorly supervised business and data redundancy models like Cyber Bunker outweigh the benefits of a data haven? Yeah, I think the the need for a data haven in nineteen ninety eight was very, very clear because the laws would not allow lots of very legitimate applications in and September 10th. Two thousand. I would probably maybe have answered the other way that laws in the US and in Europe were pretty good at the time. However, Patriot Act or IP in the UK, lots of things have been pushing in the other direction. So while there are severe negatives to spam, abusive use, things like that, I think actual legitimate free speech use is a sufficiently at risk that the value of data havens is, if not absolute, today. Yes, there's a very easy projection where it is. So I think we need the technology, even if we use it for the equivalent of better latency reduction, having servers close to people, we should build that and then. Yeah. Please, if you leave the room now, please leave silent. Thank you very much and take your garbage with you. Thanks, please. On a scale from one to 10, how much bullshit would you say is in the ecosystem around the Bitcoin and coin block and block chain technology right now and also in the startup world in general? Yes, that is a good question. Ten being the most. OK, so I think there is clearly value in both a lot of the startups and in Bitcoin. Bitcoin is an awesome solution to distributed systems problem that has been open for a long time. Bitcoin itself as a currency does not really personally excite me. I own two point three Bitcoin after winnin
g a bet about the North Korea hackers and Sony thing. So I'm not I mean, I think it is not the final system. I don't think Bitcoin as it is today is going to be the system that does everything we wanted to do. But I think some anonymous electronic payment system or some form of value will and that might be block chain. It might be Bitcoin over time. It might change. And yeah, there's a lot of hype with startups, but especially in Silicon Valley, where it seems like everyone does it by default. But there's also a lot of value. The contrary to that is look look at the big companies and how much innovation they have. It seems like they have outsourced all of the innovation to startups other than by. So maybe it's a fundamental shift in how business works. But, yeah, there's a lot there's there's a lot of good and a lot of bad. And we don't really know. I think maybe maybe there's another axis like an axis or something here, but yeah, yeah. Have you considered the benefits of distributing a decentralized conflict set up just like the Pirate Bay did while the servers were taken down from everywhere they popped up? Because I think that superior states like the United States, they would just like Zealand if it was just a great threat to the geopolitical agenda, if it didn't have public support and military to back it up. Yeah, absolutely. The level of protection you can get from a physical location is up to how angry you make people that have the ability to bomb you hosting gambling servers. We never would have gotten to that point. Our most objective, the weirdest thing that I learned was that there's a lot of stuff that's legal and like set of country and then a lot of stuff. It's legal instead of country B, but then there's like the combination of that. I guess I can talk about that now. But like we had a customer that did this weird bidding or betting on porn images. So porn in countries that are OK with gambling is usually bad. So there were very few countries that ha
d both porn and gambling being OK. You'd bet on which of six softcore images would be popular, the most popular among the people that week. And you would then win if it was the most popular thing, which is actually pretty awesome, I think would be a fun thing to recreate. But they couldn't find an acceptable gaming jurisdiction and an acceptable porn jurisdiction. That was all in one. But no one's going to be famous for that. So, yeah. Yeah, I agree that the people like WikiLeaks, I am certain that if the US government could quietly kill the people involved in WikiLeaks and not get caught for it or not be attributable, it would have happened. So the only thing that kept people alive and successful was being distributed. And that sort of system that is the most resistant system against a large that like that or finding a counterweight nation state or something like going to Russia is the solution. They're not going to go to war with Russia over Snowden, but they would have potentially done more pressure against my country. So there's a crazy geopolitical thing involved. But yeah, software crypto that night. I think the thing that got me interested in crypto when I was like 11 or 12 years old was knowing that I was like in a house in a suburban house. And I had like very little resources. I could do something that no one could undo. Like cryptographically the computing power on my machine was enough that with the right algorithm, you couldn't decrypt it, even if you had all the resources of everyone that would ever exist in any part of the universe. So that is a really awesome concept. And if you can use that to your advantage, you go for it. But there's a lot of things you can't do that transaction systems make it much harder to. It seems like in a way to avoid and services has achieved some of what you intended to achieve with a haven. So do you see any other practical alternatives to Tauhid and services right now or things coming up that might be better than to wai
t and services yet? Tor Hidden Services is a great system within the security parameters of the Tor network. I think if you had a sufficiently dangerous application posted on a service or if you made a mistake, you could compromise the entire system. TOR is not designed to resist a really determined, active global adversary and that is the adversary that we face. They're willing to modify packets, they're willing to do whatever. So I don't think you could run a long running tor hidden service with a Tor network as it is today, with something that the US government really, really, really cared about defeating to the point where they would break arbitrary laws for like if the location of Osama bin Laden had been discoverable by defeating all of Tor in 2005 or so, it would have been defeated. So that's a partially a problem with the system as part of the problem of scale. But I think there are systems that you could build with feasible resources that would resist that threat. I think the systems that would be the easiest to build the most principle are message based systems like anonymous remailer. Tim may have this awesome thing, black net back in like the mid 90s where you would send anonymous mail to anonymous remailer. It would then wait like a week or so and do some operation on an email, you back a response or send it to a Usenet posting group that's much more secure against a global passive or global global active adversary, then a connection orated system with connection systems. You can just do crazy stuff like if you think someone is the the list, like ten thousand people that are possible candidates, you look at their travel patterns, you arrest like ten of them. If you thought of their high probability, you see if a service goes offline, you go after servers individually. There's lots of stuff you can do if you're willing to be a bad person to uncover important services. But it's an awesome system and it's like the it's the best practical thing we have toda
y. It's pleas from the Internet. Yes, there's a question, uh, could an established multinational company theoretically build a data haven within itself currently? Yes, so and multinational organizations often do have things that are very close to date havens, like I think I've done a lot of computer security stuff over the past two decades. There's a crazy fact of like if you're a regulated industry that has to meet a certain security objective, like a government contractor, a government entity, somebody who has some external regulation, you will meet that regulation, but you won't go any beyond that regulation. The people who have like an open ended liability if their things are compromised, do actually in some cases an exceptionally good job of security. Pharma companies doing drug discovery work where the molecule is like the most secret thing in the world for them. They have actually good security proprietary trading firms. They keep their algorithms relatively secure against like compared to what I would say any government agency has done. So there are organizations that do a pretty good job of this. Usually those are those are usually static data hosting systems, not transaction processing systems. And they're for internal use. It's a much easier model because you don't really have to worry about censorship or denial of service, attack or other action. You just need to keep integrity and operation. But yeah, corporations internally can build very secure systems. However, most corporations, as everyone is aware, have pretty horrible internal systems. OK. One question. Is there any system you would recommend to watch out for in the future, Zucco is working on zero point zero cash. Well, I think that's public. I hope that's the thing. And I'm personally the most excited about there's. Yeah, I think that's the most exciting system tour, HP will continue development. I think they have to they're on a curve that is not going to get to where you really need to be for
 data haven unless they dramatically change or improve. I think there needs to be some improvement and change. Part of that is coming up with legitimate applications. So if if horrible governments get elected, US, Europe, everywhere else, such that the need for data havens is increased and more people see it as a mainstream thing that we have to have, we'll get great data. However, we'll live in a world that has really shitty US and European governments where people get like abducted and killed in all sorts of stuff like that. It's not really a trade off at once. So what we really want is a data haven that's really secure in an environment where you don't really need them. And that's sort of a fundamental quandary of if you don't need it, what no one's going to spend the money doing it. You're the best people in the world aren't going to work on it. They're going to work on something like delivering faster traffic rather than more secure traffic. So, yeah. OK, one last question from the Internet. Is there a data haven, do it yourself, how to online? If not, would you like to put online? And is there a data haven software as a service? Yes, there is not a good document for this I'm working on, I bought a couple of cabinets of space and I'm building out what I think the best way to build hosting and just sort of like best practice for that will be I'll document all that and put it up. But until we get a virtualization platform that can do remote attestations. So I have this company before I joined CloudFlare Crypto SEAL that was doing cloud computing where you could remotely attest to the integrity of the container and the VM and everything else. There was no market for it. It was very hard to build. Private Core, which got the Facebook, was working on very similar stuff until we have better hardware platforms, until SGX is a start, but a lot of other stuff, we aren't gonna be able to build a virtual virtualize platform that is secure enough for this kind of stuff. An
d without that, it's going to be very hard to make this commercially viable if you have to use dedicated hardware for every single customer. It'll be pretty challenging. So, yeah, maybe. OK, thank you, Ron. OK, for all the others to please, please take your garbage with you and we will continue in 15 minutes, memory corruption, why can't we have nice things?