0:01

Welcome to Zero

0:04

Knowledge Systems. I'm

0:06

your host, Anna Rose.

0:08

In this podcast, we

0:11

will be exploring the

0:13

latest in Zero Knowledge

0:16

Research and the

0:18

decentralized web, as

0:20

well as new

0:22

paradigms that promise

0:24

to change the

0:26

way we interact

0:28

and transact online. with

0:31

my guest Jonathan Wilkins.

0:33

Jonathan was an employee of Zero

0:35

Knowledge Systems back in the year 2000.

0:37

He went on after this to be

0:40

a founding member of Blockstream, a

0:42

company that funded Bitcoin Core development

0:44

from 2014 onwards. I mentioned speaking

0:47

to Jonathan in my episode Back to

0:49

the Future with Zero Knowledge, which came

0:51

out a few weeks ago. In that

0:53

I shared my very coincidental connection to

0:55

the Zero Knowledge Systems Company and what

0:57

that may have to do with this

0:59

show. I definitely recommend listening to that

1:02

one before you jump into this one.

1:04

It's only 15 minutes. I'll add the

1:06

link in the show notes. In this episode,

1:08

I chat with Jonathan about the emergence

1:10

of security culture in the 1990s. What

1:13

Zero Knowledge Systems was building at the

1:15

time he worked there, that is the Freedom

1:17

Network. We talk a bit about

1:19

the office and set up, as well

1:21

as the people who worked in research

1:24

lab and what they went on to

1:26

do after. Jonathan shares a bit more

1:28

about what he has done since, discovering

1:30

Bitcoin, joining Blockstream right at the start,

1:32

and he also shares why for him,

1:34

Bitcoin remains a uniquely secure digital

1:36

asset. I want to thank him again for

1:38

taking the time to go back in time

1:41

25 years to explore this all with me.

1:43

As I stated in my last episode on

1:45

Zero Knowledge Systems, I am on a

1:47

side quest this year to learn more

1:49

about this company, a company which brought

1:52

together amazing technologists working on P2P and

1:54

privacy tech, because honestly the concepts and

1:56

experiments which came out of this research

1:59

lab still resonate. our ZK community

2:01

today. We are working on programming some

2:03

additional interviews around this, so do stay

2:05

tuned and let me know if you

2:07

like it. Now before we kick off,

2:09

I do want to just let you

2:11

know about the ZK Summit. ZK Summit

2:14

13 is coming up. It's happening on

2:16

May 12th in Toronto. This is the

2:18

second time we bring the ZK Summit

2:20

to North America, the first being all

2:22

the way back in 2019 when we

2:24

did one in San Francisco. If you've

2:27

never been to a ZK summit, I

2:29

definitely recommend checking it out. This is

2:31

the spot to find out about the

2:33

latest research, the newest applications, to find

2:35

out who are the most important players

2:38

in ZK today. It's also a wonderful

2:40

way to get to know through the

2:42

larger ZK community. The application to attend

2:44

is now open. If you'd like to

2:46

apply to speak, you can do so

2:48

in the same form. The speaker application

2:51

deadline is March 15th. Generally, I recommend

2:53

applying early. We do expect this event

2:55

to sell out, and tickets are limited.

2:57

Speaker slots are even more limited. So

2:59

do get your application in early, and

3:01

we'll get in touch with you very

3:04

shortly. Links, as always, are in the

3:06

show notes, and I hope to see

3:08

you there. Now, here is my interview

3:10

with Jonathan Wilkins. Today

3:14

I'm here with Jonathan Wilkins. I mentioned

3:16

Jonathan in my episode Back to the

3:18

Future was Zero Knowledge a few weeks

3:20

ago. I had spoken to him in

3:22

prep to be able to tell that

3:24

brief story about Zero Knowledge Systems. But

3:26

I'm so excited to have you on

3:28

the show Jonathan. Welcome. Thanks for having

3:30

me. I'm really hoping through this we

3:33

get to dig a little deeper into

3:35

that project, but I also want to

3:37

hear about you and your story, how

3:39

you got involved in that company and

3:41

what you've done since. So let's start

3:43

this off with a little bit of

3:45

background. What were you doing before joining

3:47

Zero Knowledge Systems? What kind of like

3:49

led you there? I had taken a

3:52

little bit of time off after I

3:54

had done a startup. I was working

3:56

for a company called Secure Networks. It

3:58

was based in Calgary and we built...

4:00

a tool called Bullista, which is one

4:02

of the first vulnerability scanners. So, you

4:04

know, it's a tool that would go on,

4:06

you'd run it on your laptop, whatever, and

4:09

it would go out final hosts on a

4:11

network, and then it would proceed to try

4:13

and break into them. The other, the only

4:15

of the tool in the market was ISS

4:17

internet scanner. It was less aggressive than we

4:20

were. Like, if it would just like grab

4:22

banners, it would see if they knew anything

4:24

about that kind of version of version of

4:26

the software. Ours was a little bit more

4:29

comprehensive and a little bit more of an

4:31

attack tool. It would, you know, send a

4:33

large buffer if it was a buffer

4:35

overflow and see if the service stopped

4:38

responding, for instance. And it was a

4:40

small team led by a gentleman named

4:42

Alfred Uger, who is one of the...

4:44

people I respect most in the industry.

4:47

You know, he had this vision for

4:49

the product and it had done pretty

4:51

well for a small team, a couple

4:54

hundred thousand dollars in investment. It had

4:56

a 25 million dollar exit I think,

4:58

about a year and a half after

5:00

that. And so that was my first

5:03

real computer security job. I'd been doing

5:05

a lot of just hacking prior when I

5:07

was in high school. going up to

5:09

the university and breaking into computer labs

5:11

to get access to the internet that

5:14

way because that was Circa 93, 94,

5:16

95, and at that time there wasn't

5:18

a way to commercially buy access. So

5:20

that was that was what you did.

5:23

Why were you excited about this? What

5:25

was it like? It sounds like computers,

5:27

security. internet, like, how did this come

5:29

to you and why, why were you

5:31

excited about it? Oh, it was just

5:33

something that I just was just drawn

5:35

to. I don't know what exactly it

5:37

was, probably a little bit of, you

5:39

know, exposure to some of the sci-fi

5:41

that I was doing at the time,

5:43

like, all the William Gibson, stuff like

5:45

that. I remember, though, not thinking it

5:47

was a career path back in high

5:49

school. It was just something I did

5:51

for fun. And it was before there really

5:53

was much of an industry. You know, he

5:56

didn't have much in the way of a

5:58

computer security jobs. It was basically. like you

6:00

had a network in men and they

6:03

had to do a little bit of

6:05

security things but I think it was

6:07

circuit the first couple commercial firewalls even

6:09

so it was before that was even

6:12

a really a thing no one really

6:14

had internet access unless you were an

6:16

institution or you know you were Xerox

6:19

Park or something like that so IBM

6:21

you know the people I met who

6:23

were also hackers were all very interesting

6:26

and it was just sort of like

6:28

a niche thing that were people who

6:30

were excited about. Just the thought about

6:33

this, like back then when you would

6:35

hack, I feel like you were dealing

6:37

with sort of the core computer elements

6:40

in it. Like, it feels like you

6:42

were closer to the bare metal or

6:44

something. Oh, yeah, no much. Because if

6:47

there's no security, there's no none of

6:49

those far, none of the protections that

6:51

we now think of with computer systems,

6:54

you're not going around things. You're kind

6:56

of just like. walking into them. You

6:58

were finding things was a big challenge.

7:01

Like a lot of people I know

7:03

from the time, and I caught just

7:05

sort of the end part of this

7:08

part, is hacking X25 networks. So a

7:10

lot of the people we wound up

7:12

hiring as contractors were people that that

7:15

Al had met on some of these

7:17

X25 networks from Argentina. You know, they

7:19

had met. on a system where they

7:22

both realized they'd broken into the same

7:24

place and you know there's someone else

7:26

on it and there was a basic

7:29

talk interface or something like that or

7:31

you know one of the first machines

7:33

I got access to at the University

7:36

of Saskatchewan was it was a fax

7:38

box called Skycat, Sky Fox, and a

7:40

couple of other ones and a person

7:43

who gave me access told me Ellis

7:45

and Man and that was it. So

7:47

I could, you know, get a directory

7:50

listing and then I could find the

7:52

manual pages for whatever I saw there.

7:54

That was enough to get going. Not

7:57

a lot of hand-holding, but, you know,

7:59

I was curious enough and stubborn enough

8:01

and frankly, it was a sketch one.

8:04

The winters there are pretty vicious and

8:06

so... There's not a lot else to

8:08

do. You know, you don't have mountains

8:11

nearby. It's minus 50 and it's flat.

8:13

Wow. Okay, so boredom and a curiosity

8:15

about computers got you there, sounds like.

8:18

Yeah, pretty much that's what it was.

8:20

And this pattern is repeated. I've met

8:22

more than a few people who are

8:25

quite good hackers and have. had a

8:27

similar experience, I spent some time in

8:29

like Minnesota or something for a period

8:32

of time, far recall correctly. So there's

8:34

a winter in a cold place, does

8:36

seem to figure in more than a

8:39

few hacker histories. Okay, so that led

8:41

you then to work on a startup.

8:43

I mean, I just think it's kind

8:46

of cool to imagine a tech company

8:48

in Calgary in the 90s, because I

8:50

just, was there a tech scene? in

8:53

the 90s? Not really. I happened to

8:55

have moved there and a friend of

8:57

mine had gone to a 2,600 meet-up

9:00

and he'd met the gentleman by the

9:02

name of Bruce Lidal who knew Al

9:04

and made the intro when he heard

9:07

that I knew something about Windows because

9:09

I had basically enough Unix experience to

9:11

get into things and I had also

9:14

got enough Windows programming experience from like

9:16

just generally fucking around with Delphi and

9:18

C++ Builder and some other things like

9:21

that to be able to create a

9:23

UI stuff and so forth on Windows.

9:25

So that combination was enough to qualify

9:28

me for a role there. and it

9:30

was just basically like word of mouth

9:32

and I you know sent some I

9:34

showed my denial of service tool that

9:37

I've written for windows that he exploited

9:39

some issue with the the TSP stack

9:41

that killed it back in the day

9:44

so it was you know that was

9:46

all the proof they needed for the

9:48

need to like get hired because there

9:51

really weren't a lot of people who

9:53

had that combination of skills and you

9:55

know the project was way beyond what

9:58

I thought I could possibly do. But

10:00

I was so excited about being like

10:02

a security job, not just like a

10:05

citizenman or something. Yeah. That I was

10:07

like. I'll figure it out. And I

10:09

did. Cool. That's awesome. When did that

10:12

company get sold? It sold in 98

10:14

to network associates, what had been McCarthy

10:16

and so forth, and spent a little

10:19

bit of time down in Mountain View.

10:21

Yeah, and everyone else stayed on. I

10:23

did my few months that they were

10:26

asking me, and then I would just

10:28

went back home, took some time off.

10:30

Nice. Did you do anything else before

10:33

going to Zero Knowledge Systems, or was

10:35

that sort of your next step? I

10:37

basically spent some time, I started record

10:40

label, Mad Science Records, and released some

10:42

music, some friends of mine had been

10:44

working on, got to sort of shepherd

10:47

that through the whole process, which was

10:49

a lot of fun, enjoyed the electronic

10:51

music scene at the time, and quite

10:54

a lot, and did a bunch of

10:56

snowboarding, and that was... exactly what I

10:58

needed at the time because I was

11:01

pretty burnt out from the startup. But

11:03

a friend of mine had seen an

11:05

article about the whole zero knowledge systems.

11:08

I think it'd been something enwired or

11:10

something like that maybe. He pointed me

11:12

there. I sent my resume and not

11:15

really think I'd necessarily hear back. But

11:17

at that time there weren't that many

11:19

people doing security or privacy. you know,

11:22

anywhere, much less, here's another company in

11:24

Canada. So I got a call, went

11:26

out, did an interview, and it was

11:29

for some sort of low-level programming job.

11:31

Halfway through my first interview, they pulled

11:33

someone else and I wound up interviewing

11:36

instead for the research group. Oh, nice.

11:38

And had the title of adversary at

11:40

Zero Knowledge, when I was hired. Cool.

11:43

Which was possibly the coolest job title

11:45

I'd ever heard at that point. Quite

11:47

quite enjoyed it. It sounds like the

11:50

culture in there was kind of like

11:52

perfect for that time and sort of

11:54

like the type of people they wanted

11:57

to attract to. Did you know like

11:59

the name Zero Knowledge? for zero-knowledge systems.

12:01

Like, were you at all familiar at the

12:03

time with what that meant or what it

12:06

stood for? I wouldn't say that I'd

12:08

ever studied that kind of branch of

12:10

cryptography or anything like that. I knew

12:12

what kind of it was from reading

12:15

through probably all the applied cryptography. I'm

12:17

pretty sure one in two or out

12:19

by then, but certainly one was out by

12:21

then. And there was the handbook of

12:24

applied to cryptography as well, which might

12:26

have covered it a little bit. But

12:28

you know, it wasn't something I'd ever

12:30

written code for or anything like that.

12:32

I knew roughly what it was. Basic

12:35

sort of example of it. Do you

12:37

think back then though, like you were coming

12:39

more from security and sort of as a

12:41

hacker, more I guess on the engineering

12:43

front, zero knowledge back then, like I

12:46

don't know if there were like very

12:48

many implementations of that anyway. So it

12:50

may have, I mean, you tell me,

12:52

but was it more in the realm

12:54

of like weird math or was it

12:56

actually like being used in anything? for

12:58

real. Anything that was being used

13:00

in the company at the time,

13:02

not so much, but it was

13:04

certainly something like a protocol element

13:06

that people in the company would

13:09

happily use if it was applicable.

13:11

You know, we had some more

13:13

than handful of first-rate photographers, like

13:15

the research group was was stacked

13:17

without, you know, we had Ian

13:19

Goldberg, we had Adam back, there

13:21

were another handful of, you know,

13:23

PhD photographers. there was no shortage

13:25

of people who had them show

13:27

stack was there. They'd managed to

13:29

bring together a really great solid

13:31

group of people. And so there

13:34

wasn't really much that was beyond

13:36

them as far as protocol design

13:38

and you know, then that was

13:40

also a group of people who

13:42

was more than capable of doing

13:44

the analysis and attacking it. And

13:46

so... There were a bunch of

13:48

other like little side projects that

13:50

got built as well. Like there

13:52

was a new cash system called

13:54

Zorkmids that was essentially a chromian

13:56

bank. They were so much talented

13:58

that they basically... had more bandwidth

14:01

than was required for what was

14:03

being built with the Freedom Network,

14:05

especially given that it was hard

14:07

to make big changes once it

14:10

was, you know, being deployed and

14:12

was actually being run as a

14:14

live service. So they were trying

14:16

to use some of that talent

14:18

to do some consulting work for

14:21

businesses. They had licensed the brand's

14:23

credential stuff and other things like

14:25

that. We're trying to get people

14:27

to start using those things. You

14:30

mentioned like you had this amazing

14:32

group of researchers around you. I'm

14:34

just curious if any of them

14:36

went on to do things we

14:39

might know. I mean, in Goldberg,

14:41

of course, his PhD thesis was

14:43

essentially the freedom network. and I

14:45

knew routed interactive privacy systems. Oh,

14:47

actually, Vitalic was a research assistant

14:50

of Ian's at one point. Yeah,

14:52

I think I've had one of

14:54

his PhD students on the show.

14:56

I've never actually interviewed him here

14:59

though, but yeah, it would be

15:01

fun to do that. Ian also

15:03

invented the Sphinx Mix format, which

15:05

is, or a co-author on that,

15:08

on the paper, and that is

15:10

used in a Bitcoin's lightning network.

15:12

When I saw that come out,

15:14

when I was at Blockstream, I

15:16

encouraged Rusty to adopt that at

15:19

the time, and it was, you

15:21

know, it's, it's been a, lightning

15:23

would not be as good without

15:25

it. Ian has been influential in

15:28

many, many, many ways. I shared

15:30

an office with him when I

15:32

was at zero knowledge. and learned

15:34

a lot from that man. Cool.

15:37

And I'm entirely grateful for that

15:39

time. The number of people who

15:41

then went down to cryptocurrency from

15:43

just that group, you know, we

15:46

had Adam, we had Austin, Austin

15:48

was the original CEO at Blockstream,

15:50

and he and Adam were sort

15:52

of the impetus for that company

15:54

to form and were able to

15:57

get everything off the ground with

15:59

a initial $21 million raise that...

16:01

Austin managed to pull off with

16:03

just a whiteboard essentially. Wow, it's

16:06

a good number. Yep, yeah, exactly.

16:08

That was that was intentional. Nice.

16:10

Yeah, I think they hit like

16:12

15 and he's like, let's go

16:15

for 21. Let's go for 21.

16:17

Nice. Do you remember anyone else?

16:19

Other people who were at zero

16:21

knowledge on that research team. Adam

16:23

Shostak, who had later went on

16:26

to do a lot of stuff

16:28

at Microsoft and so forth. Especially.

16:30

Kent Murphy's on the research group

16:32

if he was he was just

16:35

a cryptography engineer. I believe the

16:37

latter But he was also very

16:39

involved in writing open a cell

16:41

and Mike Shaver was over at

16:44

Netscape at the time that if

16:46

I recall correctly that we hired

16:48

him He was doing like open

16:50

source for them, came over to

16:52

Zero Knowledge to get our code

16:55

out there for freedom to be

16:57

also fully open source and help

16:59

spear that effort. Who else was

17:01

there? I mean obviously Adam Back

17:04

and his, you know, contributions to

17:06

the biggest Bitcoin space are, you

17:08

know, legion. It's worth going through

17:10

and reading some of the old

17:13

Bitcoin talk archives. There's a lot

17:15

of stuff there in some of

17:17

the, you know, theory and so

17:19

forth areas that you'll see a

17:21

thread with him and Greg Maxwell

17:24

going back and forth on something

17:26

or him and Peter and there's

17:28

a lot to learn and there's

17:30

really cool stuff there. So let's

17:33

talk about freedom. When we chatted

17:35

last, you mentioned that freedom had

17:37

been built on the same work

17:39

that led to tour. Not that

17:42

freedom evolved into tour, but that

17:44

they had the same route. So

17:46

what drew you to work there?

17:48

Was it freedom or was it

17:50

the company in general? It was

17:53

the idea of working on a

17:55

system like that. Like something that

17:57

would enable anonymity on the internet.

17:59

Even back then, people knew that

18:02

certain things were going to be an

18:04

issue. It was essentially a great

18:06

idea, just too early. The tour

18:08

network was influenced by things like

18:11

MixMaster, which is a remiller

18:13

system, had similar sort of

18:15

characteristics, but it was a

18:17

non-interactive system, so you didn't have

18:20

to have, you know, real-time traffic.

18:22

So the idea of applying that

18:24

kind of thing to an interactive

18:27

network was... obvious, but Tor was

18:29

definitely influenced by the work that

18:31

was done on freedom. The structures

18:33

are pretty much the same

18:35

when we were putting together

18:37

the Freedom Network as a commercial

18:40

endeavor. The idea was to pay

18:42

the note operators and so that

18:44

you had, you know, reliable, high-bandwidth

18:46

connections and so forth. And Tor

18:48

obviously was just anyone who had

18:50

the code could run it. That

18:52

led to a lot of issues

18:54

over the course of time. Some

18:57

of the bigger problems with Tor

18:59

was it was never really meant

19:01

to be used against any real

19:03

powerful adversary. It was only

19:05

ever intended to be protection

19:07

against your ISP seeing what

19:09

you're doing. Not necessarily someone

19:11

with more view of the

19:13

network. Like when the Snowden

19:15

revelations came out, we found

19:17

out that they'd been able

19:19

to deanimize at least a

19:21

certain set of users. back

19:23

in, I think, far quite

19:25

correctly, the notes dating from

19:27

like 2009 or something that

19:29

was involved in the archives

19:31

that came out in, you know, 2014,

19:34

was it? And so it was

19:36

known that if you had a

19:38

view of the full network, you

19:40

could or enough routers in the

19:42

way of the communication path, you

19:44

could easily see who was communicating

19:46

with who on just timing issues.

19:49

You didn't have to even do

19:51

anything more than that, you know,

19:53

compare it to like a Second

19:55

World War kind of career network

19:57

using motorcycles. If you have a

19:59

satellite network. watching the area. It

20:01

doesn't matter how many stops the

20:03

courier network makes on the way,

20:05

we know where they start and

20:07

where they're lending. You see the

20:09

message go from one place to

20:11

the other. You don't necessarily know

20:14

what it is from just that.

20:16

That's often enough to tell you

20:18

what you need to know. So

20:20

that's essentially what Tor is. It

20:22

does only that. It takes your

20:24

messages, passes it through several hops,

20:26

and it comes out the other

20:28

side. But freedom, was freedom different

20:31

then? Freedom actually had a few

20:33

things at least that were better

20:35

protection. So there was cover traffic.

20:37

So a whole bunch of extra

20:39

packets were getting sent around there

20:41

were extraneous. So you had to

20:43

follow a lot more of these

20:45

superfluous messages in order to see

20:47

the real messages that were intermixed

20:50

among them. So it was more

20:52

secure in that sense It wasn't

20:54

a full mix network that like

20:56

some of the more modern designs

20:58

for this kind of system But

21:00

it was a lot more secure

21:02

than what Toronto on the beam

21:04

the cost to run that cover

21:06

traffic though is it didn't come

21:09

for free It was definitely an

21:11

extra cost that was born essentially

21:13

by zero knowledge from venture capital.

21:15

But what does that mean like

21:17

the servers like there was a

21:19

heavy computational load like oh just

21:21

network bandwidth? Bandwidth back then cost

21:23

a lot more than it does

21:25

now. Okay. So in 2000, if

21:28

you're doing a few extra gigabits

21:30

of traffic a day in cover

21:32

traffic, it added up very quickly.

21:34

Wow. Crazy. Yeah. It sounds very

21:36

ambitious. And sort of, as you

21:38

described it, maybe ahead of its

21:40

time, when you joined how much

21:42

of it was built. It was

21:44

live when I joined. So it

21:47

hadn't been running for that long.

21:49

I think it might have gone

21:51

live maybe between the time I

21:53

interviewed and the time I joined

21:55

even. But it had been live

21:57

for some period of time, but

21:59

a lot of the attacking on

22:01

attacking the network hadn't been done.

22:04

It hadn't been audited properly. It

22:06

hadn't been really beat up in

22:08

any significant way. So the people

22:10

running the security for that came

22:12

out of the internal group doing

22:14

desktop support for CNN Rail. Oh,

22:16

CNN Rail like the Canadian

22:19

National Rail. Canadian National Rail.

22:21

So they did the desktop

22:23

support for the internal people

22:25

there and that was the

22:27

background. And that wasn't really

22:29

the same kind of background

22:31

you'd want to run and,

22:33

you know, publicly facing, privacy,

22:35

focused, and security critical kind

22:37

of resource at the time.

22:39

So we bought it heads

22:41

a little bit. They insisted

22:43

that I'd not analyze these things,

22:45

but obviously that was my

22:48

entire job. Yeah. Wait, what was

22:50

your title again? Adversary. Like you

22:52

were brought on to break it, it

22:54

sounds like. Yeah. do things like that.

22:57

There was a little bit of politicking

22:59

that was involved. I made friends with

23:01

the people who were actually doing the

23:03

work under them and found a bunch

23:06

of bugs. We fixed them on the

23:08

sly and then officially got permission to

23:10

do the work, did things out of

23:13

order, but it was important. And of

23:15

course they had no idea what was

23:17

going on, so that demonstrated again how

23:19

out of... touch out of the loop

23:22

they were. Because, you know, the people

23:24

who were running the systems knew

23:26

exactly why this was important. They

23:28

had no debate about it and

23:30

we basically had to conspire to

23:32

get the work done as fast

23:34

as possible and properly. Sorry, I missed

23:36

it, but were these out external? Were they

23:38

in the company, the CNN rail folks?

23:40

Oh, no. They had come from CNN

23:43

rail, but they were the people who

23:45

were network operations directors or something like

23:47

that. Got it. At the time, were

23:50

there were there any auditing firms? Back

23:52

then, the only people who did

23:54

audits were accountants. There were sort

23:56

of the big five consulting firms,

23:58

and they had very small,

24:00

but rapidly growing groups that

24:03

would do some security auditing

24:05

when they were on site.

24:07

So that was actually the

24:09

big market for the tool

24:11

that we wrote Ballista at

24:14

Secure Networks was we had

24:16

people from Pricewaterhouse were our

24:18

clientele. They were an auxiliary

24:20

kind of group inside the

24:22

financial accounting firms who then

24:24

would do some analysis of

24:27

your network security. It was

24:29

mostly just, you have a

24:31

firewall? Kind of

24:33

soft. Is this why we call

24:35

it auditing today? This almost sounds

24:37

like this is maybe why it

24:40

like the term was borrowed. sure

24:42

that's why. Yeah, that's where

24:44

it sort of flowed from. Yeah.

24:46

That's so funny. I didn't

24:48

know that. Yeah. So you joined,

24:50

you were the adversary. You're working

24:52

in this office where those

24:54

people was, this is actually a

24:56

question I have about zero knowledge

24:58

systems. Like, you know, today

25:00

we're used to very remote work,

25:02

but was everything in an

25:04

office there? Like, did everyone come

25:06

over to work in this office?

25:09

Or did you have colleagues

25:11

that were like in a different

25:13

country? No, was everyone was there.

25:15

Everyone had moved there from,

25:17

you know, all over the world,

25:19

in fact, you know, Alf

25:21

was there from Germany. Adam was

25:23

there from the UK. A whole

25:25

lot of people, you know,

25:27

had moved for this job. I

25:29

had come from Calgary at the

25:31

time. And there was an

25:33

initial office on Saint Laurent. Yeah.

25:35

Yeah. Yeah. And that's something

25:37

that I mentioned in the little

25:39

bonus episode that I recorded a

25:42

few weeks ago. The address was

25:44

3981 Saint Laurent. That sounds

25:46

right. And I think I told

25:48

you this when I met you,

25:50

but this was across the

25:52

street from a bar that I

25:54

had been hanging out at

25:56

the time, which is a crazy

25:58

coincidence. Anyway, I think I told

26:00

you about that. This was

26:02

a workplace ahead of its time.

26:04

There had been some previous office

26:06

before that one, I think,

26:08

or maybe it was they did

26:10

a redesign of the... offices in that

26:12

building at some point. But there'd be a coffee shop on the

26:14

first floor and they just basically adopted the coffee shop, moved

26:16

it into their, you know, fourth or fifth floor offices and

26:18

it was just this is the coffee bar. It's coffee's free

26:20

and but they just all the people who had been previously serving

26:23

their coffee, they liked them so they just brought them in

26:25

house. And you know Austin has always been very at the

26:27

forefront of this kind of thing and you know. work his

26:29

play and a lot of those other things. He

26:31

knows how to create a space

26:33

that people find, you know, effective

26:35

and appealing. And after I'd been

26:37

there for maybe a month or

26:39

two, if I were a clock

26:42

regularly, we've shifted over to the

26:44

new offices, which were on, what's

26:46

that mean, street? Demesenov? Yeah, Demesenov.

26:48

And it was basically right above

26:50

one of the metro line stations.

26:52

I mean, I know this from

26:55

the trademark documents that... led

26:57

me to this company in

26:59

the first place. And it was

27:01

like 888 Damazinov. Right. Yep.

27:03

It was basically at the

27:05

bottom of Cendeney and it was

27:07

interesting office. There was like a

27:10

center atrium that was sort of

27:12

just you could see down to

27:15

the mall levels below. It was

27:17

a beautiful office. A lot of

27:19

light offices enough for everyone. Server

27:22

room there was... Epic. You know,

27:24

it was a kind of thing that you might

27:26

imagine seeing in a movie kind of thing. Amazing,

27:28

like, it would have all been on

27:30

site, right? Like, was there no, like,

27:32

institutional data centers? There were, but they

27:35

were, like, you know, there were

27:37

big data centers down in California.

27:39

In fact, Zero Knowledge for a

27:41

while had its most profitable asset

27:43

was a data center lease down

27:45

in California. and like Mountview or

27:47

something. And I think they'd at

27:49

least more space than they could

27:51

use in the lead up to

27:53

the pinnacle of the dot-com hype

27:55

and they had then sublet some

27:57

of that space to other tech

27:59

companies and the demand had gotten so

28:01

high at that point that it was

28:03

it was a you know millions of

28:06

dollars a month even or something something

28:08

ridiculous I don't remember what it was

28:10

and then that just poof gone so

28:13

it was a it was very feverish

28:15

time for for that whole space I

28:17

think you hear about like the tech

28:19

boom and bust the dot-com bust There

28:22

was pets.com, like everybody was investing a

28:24

lot into startups. Their Super Bowl ad

28:26

was one of those like markers, right?

28:29

But like, was zero knowledge systems then

28:31

kind of one of those companies? Like,

28:33

did it just, did it raise a

28:36

lot at the right moment and like

28:38

took off? It did raise a lot

28:40

at that moment and was, but it

28:42

was, you know, some of these companies,

28:45

it was like, that didn't make any

28:47

sense. It wasn't one of those that,

28:49

you know, someone who had a, had

28:52

studied, had studied. computer science somewhere and

28:54

you know it happened to be in

28:56

the right place the right time just

28:58

saying you know let's do the internet

29:01

of coffee you know whatever anything you

29:03

could at that point you know there

29:05

were people to invest in anything if

29:08

you just said internet yeah you said

29:10

no we've seen that also in blockchain

29:12

and more recently I mean, it happens

29:15

any cycle. Once there's hype, you know,

29:17

we've got it in the AI right

29:19

now. Totally. And the nonsense people are

29:21

going to throw money out on the

29:24

off chance that they get lucky is,

29:26

this always happens. But what's your knowledge

29:28

had built was something that was necessary.

29:31

It was just, at that time, the

29:33

biggest problem was people didn't know that

29:35

they needed it or if they knew

29:37

they thought that those protections should just

29:40

be provided. If I'm paying for my

29:42

internet, I should. Why should I be

29:44

trackable? Like, and you know, of course

29:47

now we know just level to which

29:49

we're being monetized on a daily basis

29:51

and our data sold and resold. So

29:54

you were there for the period that

29:56

it was, that freedom was being built,

29:58

but freedom, like, you say it was

30:00

launched, it was out there. What actually

30:03

happened to that project? Did it ever

30:05

gain any sort of traction? It had

30:07

some traction. There were a lot of

30:10

people using it. It just wasn't enough

30:12

people to support the business that they

30:14

had. When I interviewed, there were maybe

30:16

a couple hundred people in the company.

30:19

Six months later, there were probably about

30:21

a thousand. The HR team was onboarding

30:23

like a few dozen people a week.

30:26

kind of thing. It was that kind

30:28

of hypergrowth thing that venture capital seems

30:30

to demand and expect and encourage. And

30:32

so you're either, if you're following that

30:35

ramp, they push you a certain direction

30:37

and you wind up with a lot

30:39

of people, then they try and get

30:42

you to IPO and if you manage

30:44

to get there, then you know, people

30:46

expect a certain size of company if

30:49

it's going to be IPOing at a

30:51

certain valuation. So they just try and

30:53

make those things match. regardless of other

30:55

factors. What they built was something very

30:58

valuable and something that we still don't

31:00

have a good replacement for. Tor notwithstanding

31:02

never quite made it there. And certainly

31:05

if Zero Knowledge, the company had been

31:07

around and managed to somehow survive, what

31:09

would have been built over the intervening

31:11

years would have looked a lot different

31:14

than what Tor wound up looking like.

31:16

You sort of mentioned these other experiments

31:18

that were being created in this research

31:21

group. Did any of those become anything

31:23

product-day or did they go on to

31:25

be built into something else? I mean

31:28

the brand's credential stuff keeps getting... rebuilt

31:30

or proposed or it's a solution in

31:32

some small products here and there. The

31:34

brand's credentials for those who don't know,

31:37

it's a system by which you can

31:39

reveal only certain aspects of your identity.

31:41

If I've got a driver's license, a

31:44

digital driver's license, I don't need to

31:46

disclose the fact that, you know, here's

31:48

my dress, here's my name, here's my

31:50

gender, height, weight, and picture. If I'm

31:53

going to a PG13-13 movie. All they

31:55

care about is I'm over 13. So

31:57

it was a way of saying, yeah,

32:00

providing it. I'm over 13 certificate to

32:02

that context or I'm over 21 if

32:04

I'm buying alcohol or you know over

32:07

18 in Alberta whatever it

32:09

is. Being able to just have

32:11

that limited disclosure is a valuable

32:13

thing and something that certainly

32:15

our team was trying to persuade

32:18

people to do and limited

32:20

success, unfortunately. It's interesting because that's

32:22

something that's still discussed today. There's a

32:25

bunch of teams today in the ZK

32:27

space. We're using ZKPs to like have

32:29

your passport sort of scanned into a

32:32

proof and you can then prove things

32:34

about that passport to a third to

32:36

another party. And it's funny because like

32:38

now some of the tooling is really

32:41

there that Like, you can make some of

32:43

these things in, like, hackathon project. Like,

32:45

they can be made quite quickly. Back

32:47

then, I guess it was just the concepts

32:49

were still being developed. Like, do you

32:51

know if that was the first time that

32:53

idea was kind of brought to life?

32:56

I mean, Stephen Brands had written

32:58

his book on them, on selective

33:00

disclosure of credentials, but I don't

33:02

think there was an implementation anywhere

33:04

else. I think it was probably

33:06

the first time it was put

33:08

into code outside of Stephen Brands.

33:10

laptop maybe or desktop at the

33:12

time probably. Nice. I want to ask

33:15

you one more question about the Zero

33:17

Knowledge Systems Office and maybe the first

33:19

office you were at and then I

33:21

want to talk a little bit about

33:23

what you've worked on since because I

33:25

know you've had like a big career

33:27

since then and I'm asking you to

33:30

go back to this little sliver of

33:32

time. Roughly 25 years ago. I have

33:34

one last question and this is this was

33:36

something we had talked last time we spoke

33:38

but it was a bit about that building

33:41

I think I told you this that you

33:43

know I had been at the time that

33:45

zero knowledge systems was on similar I had

33:47

actually been hanging out a lot at this

33:50

bar across the street have you did you

33:52

ever hear of a bar called blizzards did

33:54

you ever go there I couldn't say for

33:56

sure if it were across the street

33:59

it's almost certain like we went

34:01

there a couple times. I don't

34:03

really remember the names of any

34:05

of the places I went to

34:07

back then, but I do remember,

34:09

you know, lunch times we go

34:11

to a number of places just

34:13

around the corner from there for

34:15

meals and so forth. So it's,

34:17

I could almost guarantee it was

34:20

there at some point. You're around.

34:22

Yeah, certainly, certainly around, yeah. I

34:24

didn't live very far away from

34:26

there either, so. Cool, yeah. And

34:28

you had also told me that

34:30

there was a sign. So at

34:32

the time, I mean, Zero Knowledge

34:34

was pretty well known in the

34:37

city because the pool of engineering

34:39

talent for software engineering talent in

34:41

Canada was not huge. And a

34:43

lot of it was focused on

34:45

and centralized in Montreal because there

34:47

was a huge 3D modeling software.

34:49

There's like a film industry there.

34:51

So like two or three different

34:53

companies that were doing CGI stuff

34:56

and some of the. cutting-edge stuff

34:58

at the time, like there's a

35:00

soft and massage, there was a

35:02

term with some of the other

35:04

company names. But there were two

35:06

or three, and so if you

35:08

wanted software engineers, you were basically

35:10

poaching them from someone at that

35:12

time. And so Zero Knowledge had

35:15

these trucks that would go around

35:17

the city with like their really

35:19

high gloss, like very well-designed ads

35:21

on a big trailer. they would

35:23

park them outside of some of

35:25

these offices and, you know, have

35:27

people there trying to, you know,

35:29

talk to the people who are

35:32

coming out of the offices and

35:34

trying to steal them away. Giving

35:36

out flyers, like going up to

35:38

them? Stuff like that, yeah, like

35:40

apparently, yeah, there was a pretty

35:42

hard sell. True guerrilla HR recruiting

35:44

right there. Yeah, yeah, definitely. I

35:46

hope I get a chance at

35:48

some point to speak to maybe

35:51

one of the founders like someone

35:53

who might have organized some of

35:55

that because I'd be so curious

35:57

to hear like how effective it

35:59

was or yeah where in the

36:01

city they... I'll definitely put you

36:03

in touch with Austin and he'll

36:05

have a lot to say about

36:07

that. Austin was very creative about

36:10

that kind of thing and he

36:12

enjoyed doing some of these outrageous

36:14

things. I want to now ask

36:16

you a bit about like you

36:18

leaving this project. So you had

36:20

joined because freedom was cool. You

36:22

were you know you were going

36:24

to break freedom. I guess you

36:26

got in there security like at

36:29

first there's some resistance to actually

36:31

fixing the security but then you

36:33

were able to fix some of

36:35

the security. Why did you leave?

36:37

So what happened was It turned

36:39

out that Zero Knowledge Freedom wasn't

36:41

going to pay the bills for

36:43

a company that size. And so

36:46

they got into licensing one small

36:48

part of the freedom system, which

36:50

was there was a personal firewall

36:52

that was basically built as part

36:54

of the... interface to the network.

36:56

So it was, you know, a

36:58

small driver that ran on your

37:00

Windows box and would take the

37:02

packets you were setting up to

37:05

the network and then instead of

37:07

just prevent any other packets coming

37:09

in in the first place, so

37:11

you weren't vulnerable to certain exploits

37:13

at the time, but it meant

37:15

that all that all that code

37:17

there made for a pretty good

37:19

personal firewall. And so they were

37:21

starting selling it as a add-on

37:24

for your internet service, like a

37:26

subscription. thing for like a couple

37:28

of extra dollars a month, for

37:30

like two ninety nine a month,

37:32

you got a personal firewall with

37:34

your internet connection. That turned out

37:36

to be a, you know, a

37:38

fairly profitable thing to do and

37:41

required farless manpower. At the time,

37:43

the idea of just working on

37:45

a personal firewall for a telco.

37:47

Did not appeal? Okay, so it

37:49

had lost a bit of its

37:51

like, like it was so edgy

37:53

and it was so grand, the

37:55

idea. It went from a cypherpunk

37:57

thing to a, you know, yeah,

38:00

a cog, kind of, yeah. Yeah,

38:02

it was basically for Tellus, I

38:04

think, at the time, who was

38:06

buying it. So that just didn't

38:08

appeal. It was also my last

38:10

winter in Canada and after many,

38:12

many winters in Saskatchewan, I did

38:14

a winter in Montreal and tromping

38:16

through that for months on end,

38:19

did me. So I headed to

38:21

Sunnier Climbs in California. Got it.

38:23

So did you part in a

38:25

good way when you left? So

38:27

it was a pretty amusing story.

38:29

So I had gotten sick of

38:31

dealing with the... people who are

38:33

running the IT stuff for the

38:36

company after biting heads with them

38:38

and them resisting any sort of

38:40

real security. And I went to

38:42

Austin and said, look, if you

38:44

make BCSO, chief security officer, I

38:46

will stay and I will do

38:48

that. But since you're ditching the

38:50

whole Freedom Network, that's about the

38:52

only thing that can keep me

38:55

here. And of course he did

38:57

the only same thing he could

38:59

and said, no, we'll see you.

39:01

Enjoy. I wish you your best

39:03

on your future endeavors. But, you

39:05

know, a few years later, when

39:07

Blockstrom was coming together, you know,

39:09

and I'd actually been talking to

39:11

Adam directly about a lot of

39:14

Bitcoin related things with time. I'd

39:16

want to working with Adam at

39:18

Microsoft for a number of years.

39:20

After he left, he'd done some

39:22

storage startup and then I'd gone

39:24

on to a few other companies

39:26

and, you know, we were circling

39:28

back and I was trying to

39:30

do a startup that was going

39:33

to do a personal security proxy

39:35

that would be able to do,

39:37

do man in the middle on

39:39

all your SEL connections and clean

39:41

up headers and make you less

39:43

easy to track and make sure

39:45

that there was anything funny going

39:47

on in those connections. And he

39:50

was getting into Bitcoin more heavily

39:52

at the time and we were

39:54

both trying to recruit each other

39:56

and he wanted to meet up

39:58

with Austin, getting Austin really into

40:00

the whole idea of Bitcoin and

40:02

they then got some money together

40:04

from Austin's. This is pre-founding a

40:06

block stream. So were you into

40:09

Bitcoin at this time? And Austin

40:11

said, we're getting the band back

40:13

together. So I was like, I'm

40:15

in. Cool. This is pre-founding a

40:17

block stream. So were you

40:19

into Bitcoin at this point?

40:22

Like, had you been playing

40:24

with it? A little bit. So

40:27

I had heard about it. It

40:29

was not the first e-cash system that

40:31

I heard of. At that point, if

40:33

you were into that holes, you know,

40:35

cypherpunk kind of seeing these things came

40:37

up every once in a while. And,

40:39

you know, you'd be, oh, well, I'll

40:41

play a lot. I remember with that

40:43

and see what it happens, but, you

40:45

know, it really hadn't caught my attention

40:47

to any great extent. But then Adam

40:49

mentioned that there's something there. He was

40:51

investigating there. He was investigating it down

40:54

in town in town. We met up.

40:56

I had... a meal or two with

40:58

him and some other folks who

41:00

were working in the space. Matt

41:02

Corral was there. I don't remember

41:04

everyone else. That was, you know,

41:06

probably the first time I met

41:08

him. Who's that? Matt Corral, Blue

41:10

Matt. One of the Bitcoin Core

41:12

developers. He's over at Block, now,

41:14

working on the Bitcoin developer kit,

41:16

I believe. Yeah, so I learned

41:18

a little bit about it. It

41:20

was getting into a bit of

41:22

it. And then I... got a call

41:24

to do an interview at Coinbase.

41:27

Oh, and that was already

41:29

there. Coinbase was starting.

41:31

Okay. Yeah, it was basically

41:33

2013. Wow. And I went

41:35

up going interviewing there and

41:37

then did a short contract

41:39

for them when they had

41:41

some security issue. And so I wanted

41:44

to go to the little bit of

41:46

Bitcoin as my payment. I then spent

41:48

a lot of time getting into some

41:50

of the trading stuff with it. I

41:52

was on a combination of bit stamp

41:55

and bit Phoenix, which is in its

41:57

infancy at the time. And I wrote

41:59

a bunch. of libraries for automating their

42:01

their APIs and sort of did a

42:03

bunch of crazy trading stuff that was

42:06

quite psychotic and lever lever leveraged and

42:08

so forth at the time which was

42:10

not a not a good way to

42:12

trade Bitcoin but I learned a lot

42:15

yeah the amount of money that that

42:17

represented at the time was you know

42:19

hundreds to thousands of dollars yeah but

42:21

you know, not quite Bitcoin pizza money,

42:24

but it would have been a substantial

42:26

amount. Wow, certainly. But I discovered this

42:28

book after doing this for months and

42:31

months. It was a book by Richard

42:33

Wyckoff, and it was probably how I

42:35

trade and invest in stocks, or similar

42:37

book like that. And it was basically

42:40

all of the things that he's done,

42:42

or he did at the time, have

42:44

been banned. There were techniques like painting

42:46

the tape. So back then, stocks were

42:49

traded and the news of the stock

42:51

being traded was sent around on a

42:53

ticker tape. And so, you know, every

42:55

tick of the market did it go

42:58

upward, go down. And so there were

43:00

things you could do, like if you

43:02

made the last trade in a tick,

43:04

you would either market red or green.

43:07

So if you got the last trade

43:09

in, it was an up trade, it

43:11

would be green. By timing your trades,

43:13

you could make it look like the

43:16

market was green when it wasn't necessarily.

43:18

You know, these sort of things, if

43:20

you do them on publicly traded stock,

43:22

you would get in trouble. I noticed

43:25

that if I did this, it would

43:27

make people pay attention and probably buy.

43:29

And so essentially, like, I went through

43:32

this book, you know, after doing what

43:34

I was doing for months, and it

43:36

was like, oh. This I mean that's

43:38

why it works. Oh my god. That's

43:41

what it is. That's what it is

43:43

called. Oh shit That's so funny. I

43:45

mean there's so much of that like

43:47

pump and dumps they've been around since

43:50

the 20s Oh for sure because there

43:52

was no regulation there was no laws

43:54

about this stuff back then. Yeah, and

43:56

so much of the stuff you see,

43:59

like binary trading, and they had what

44:01

were called buck chops, which were essentially

44:03

like a lot of these highly leveraged

44:05

exchanges. If you are going to trade

44:08

Bitcoin at 100x leverage, you're going to

44:10

go broke. It's just a matter of

44:12

if it takes hours or days. It's

44:14

too volatile a thing to do that

44:17

way. And the people who are running

44:19

the exchanges, they know that. They're just

44:21

doing it to take your money because

44:24

it's an effective way to do so.

44:26

All of these things, none of them

44:28

are new. But it was, it was,

44:30

I was amused to see how many

44:33

of these things that I'd sort of

44:35

figured out on my own, turned out

44:37

to be, oh, well known from the

44:39

1920s, first of all. And maybe some

44:42

of them even more ancient, like ancient

44:44

markets would have had some sort of

44:46

game that people were playing. I'm sure.

44:48

That's funny. It's just interesting interesting to

44:51

see to see to see. What kinds

44:53

of things and how the laws evolved?

44:55

You know these things were you know

44:57

He wrote a whole book about it

45:00

because he thought it was a legit

45:02

thing to do and people bought that

45:04

book and took and did those things

45:06

for some period of time before the

45:09

SEC existed or You know came and

45:11

cracked down. When is that book from

45:13

is it from the 20s? Yeah, no,

45:16

it's from 2022. Oh, wow. Yeah, interesting

45:18

so you know, these things were the

45:20

things that probably caused the stock market

45:22

meltdown. It was a very interesting way

45:25

to come across that knowledge and to

45:27

have seen markets like evolve from nothing,

45:29

you know, like everyone was learning those

45:31

things at the same time because you

45:34

had a whole bunch of people who

45:36

had never traded. And then you had

45:38

a few people who were just... coming

45:40

in from stock exchanges who were sharks,

45:43

honestly. You know, they knew all these

45:45

tricks. They could never do them on

45:47

the real market because they'd been, they

45:49

went through school, they studied for their

45:52

exams. for the licenses and that was

45:54

basically what those things covered. You can't

45:56

do this because and here was a

45:58

market they could do it on because

46:01

it wasn't banned. So you still see

46:03

it to this day you know every

46:05

time there's a big run-up and there's

46:08

a bunch of leveraged investments on some

46:10

platform you will suddenly see the market

46:12

turning around and dump through that those

46:14

leveraged shares and you know. someone's just

46:17

claiming that money because it's money sitting

46:19

just there wouldn't need to be taken.

46:21

Yeah. So going back to your story

46:23

though, so you were at this time

46:26

playing around with the stuff, but like

46:28

Blockstream had not yet been founded, but

46:30

you'd been approached it sounds like, or

46:32

you had you had done a little

46:35

bit of work in that realm, so

46:37

you were familiar. And I was very

46:39

interested. So the things that the things

46:41

that I struck me about it was

46:44

back then... One of the things that

46:46

you had is a challenge if you

46:48

were doing security, was that people didn't

46:50

really care too much about the security

46:53

of their things. You had these RSA

46:55

secure IDs, for instance. So if you

46:57

were going to log into a secure

46:59

server, you had to have this little

47:02

token that was on your keychain, and

47:04

it would spit out a different number

47:06

every few minutes, every minute. So in

47:09

order to authenticate, you had to provide

47:11

a password plus this code. And... That

47:13

was great. It was an improvement in

47:15

security because it was something you had

47:18

to know and something you had to

47:20

have. If you were trying to break

47:22

into a system like that, you either

47:24

had to steal one of these tokens

47:27

or otherwise gain access to it or

47:29

find some exploit in the actual server

47:31

code. If there wasn't an exploit like

47:33

that available, then this was pretty good

47:36

security. But the problem was that most

47:38

people who had these things, you know,

47:40

citizens, programmers, whatever, they didn't give a

47:42

shit about them. They would leave them

47:45

on their desk while they went for

47:47

lunch. And so the actual security you

47:49

were getting from them was maybe less

47:51

than that should be. But I saw

47:54

when I saw Bitcoin, I was like,

47:56

this is amazing. because this is something

47:58

where if you use the same keys

48:01

that people are using for their money

48:03

for authentication, then they're going to care

48:05

about it. You know, they're not going

48:07

to leave their wallet with cash just

48:10

sitting there on their table when they

48:12

go for lunch. They'll take their cash

48:14

with them. And so it was a

48:16

way to, you know, I hoped to

48:19

build systems that were going to be

48:21

more like an authentication tool that you

48:23

could use in a lot of context.

48:25

What you're saying is because you have

48:28

value attached, like it's so funny, you're

48:30

not, you weren't thinking about it like,

48:32

oh cool, there's digital currency that is

48:34

potentially speculative and that you can send

48:37

it back and forth across the world,

48:39

you were like, now you have value

48:41

attached to these important things, these kind

48:43

of security elements, you won't throw it

48:46

away the way you do with these

48:48

RSA badges or whatever. Yeah. And also

48:50

I saw... a path for those things

48:53

to get more powerful. You know, if

48:55

you have a lot of people using

48:57

them, the cost to make one goes

48:59

down dramatically. Like if everyone has one

49:02

in their pocket of some sort, they

49:04

get so much more powerful. And we're

49:06

starting to see that now. You know,

49:08

compare the early USB-based hardware wallets with,

49:11

you know, about 10 characters of space

49:13

to look at anything, if they had

49:15

anything at all. Like some of the

49:17

early ones. or just a Sim card

49:20

that was running Java card and some

49:22

software that would sign for you. But

49:24

you had no idea what it was

49:26

signing. You just plugged it in and

49:29

it signed something for you. And you

49:31

hoped that it was signing the right

49:33

thing, setting the transaction to the right

49:35

address. Then, you know, we had the

49:38

ledgers and the treasures and they had

49:40

a little tiny screen. and then you

49:42

had coal card with a much bigger

49:44

screen coal card Q finally has a

49:47

decent sized screen and the foundation device

49:49

is passport and the passport prime which

49:51

is coming up soon that's going to

49:54

be a very very cool device and

49:56

has a lot of applicability, not just

49:58

as a Bitcoin wallet, but as other

50:00

things. Like the ledger, when it came

50:03

out, we encouraged them, I had a

50:05

meeting with them to discuss what they

50:07

had, and I was like, you know,

50:09

what you should do, you should do

50:12

a necessary agent for this. And that

50:14

would be amazing. And if you could

50:16

use that key, and it could be

50:18

recoverable key, instead of being like some

50:21

of these other systems like a UB

50:23

key, which. you know you couldn't copy

50:25

but if you had a UV key

50:27

where you could have a seed that

50:30

you could then restore from that would

50:32

be a much better thing and so

50:34

a lot of those things have been

50:36

realized finally. That's cool. You

50:38

know the idea of having

50:40

your PGB key recoverable in

50:42

metal never really caught on right

50:45

but now you can have a

50:47

long-term key store that you can

50:49

plausibly manage over over the course

50:51

of a lifetime and through disasters

50:54

potentially. seems like there's been this

50:56

massive education of like private

50:58

keys and signatures and like just

51:00

knowing that you have this item that

51:02

only you can can ever access and

51:05

how to protect it but then there's

51:07

also this move towards more custodian like

51:09

or I wonder if you see it

51:11

that way like do you think it's

51:13

becoming more in the direction that people

51:15

have their own keys or do you

51:18

think that actually there'll be kind

51:20

of this you know, not centralization, but

51:22

like this, this grab, this kind

51:24

of land grab to bring people

51:26

back under one umbrella where they

51:29

don't have to deal with the key

51:31

themselves. Well, I think it's, it's always

51:33

going to be push and pull, like

51:35

people who are initially exposed to the

51:37

idea of of crypto and a lot

51:39

of them are just like, oh, well,

51:41

that's cool. I can tokenize my, you

51:44

know, art or whatever else it is,

51:46

or land or all these things, but,

51:48

you know. Those things only work if

51:50

Bitcoin is worth a certain value. Like

51:52

if you try to put all of

51:54

the property on a blockchain, all the

51:56

property in the world, you know, if

51:59

ownership of every... single square meter

52:01

of the planet was recorded on

52:03

Bitcoin's blockchain and it was the

52:05

authoritative source for everything. There would

52:07

be some hedge fund that was

52:09

going to spend as much money

52:11

as it took to rewrite some

52:13

of that history and it would

52:15

be a profitable venture so they

52:17

would do it. But you know

52:19

we slowly being growing the amount

52:21

of value in the network and

52:23

as that good value goes up

52:25

the kinds of things that you

52:27

can do with it. because the

52:29

security is so high it starts

52:31

to be harder to corrupt it

52:33

by like the 51% attack actually

52:35

can you you can do that

52:37

in Bitcoin right that's the threat

52:39

the 51% that kind of that's

52:41

the sort of threshold at which

52:43

you can you know plausibly rewrite

52:45

or cause a cause a reorg

52:47

of the chain. You can't rewrite

52:49

something early on or anything like

52:51

that, but you know, you've got

52:53

a chance of winning a reorg

52:55

later on. So it's not a

52:57

super effective attack, but it is

52:59

something that can make money if

53:01

people are making mistakes. So if

53:03

I have a, if I'm depositing

53:06

a million dollars to a Bitcoin

53:08

exchange and they make that available

53:10

in my account after, you know,

53:12

one, one confirmation. And they'll also,

53:14

you know, if I, you know,

53:16

if I, make a trade and

53:18

I can move it off the

53:20

exchange as well, then I could

53:22

do something like move money and

53:24

trade it for some other currency,

53:26

send that currency to myself, and

53:28

then rewrite the blockchain for one

53:30

to block re-org, and that initial

53:32

send to that market is canceled

53:34

out, and I just send it

53:36

to another address that I control.

53:38

That's the kind of thing you

53:40

could do if you have a

53:42

lot of hash rate. And people

53:44

played these games for a while.

53:46

early on when I was just

53:48

sort of getting started. Yeah. Because

53:50

it didn't require that much. And

53:52

people have definitely taken advantage of

53:54

some of the other block chains

53:56

that don't have the hash rate.

53:58

You know, every once in a

54:00

while you'll see Fort Coyne get

54:02

destroyed by this or people get

54:04

trounced. But, you know, this is

54:06

basic blockchain security. If you're going

54:08

to transfer a lot of value,

54:11

you wait more blocks. Did you

54:13

ever get into the Ethereum world?

54:15

Or would you say you stayed

54:17

more on the Bitcoin side of

54:19

things? From day one, I was

54:21

skeptical about Ethereum. It was basically,

54:23

Vitalic had gone to the Bitcoin

54:25

community and some of the forums,

54:27

IRC channels, and he basically ignored

54:29

any advice that was given to

54:31

him. And so there were like

54:33

things about, do you have an

54:35

account or do you have a

54:37

UXTO set? And basically he just

54:39

went, said, I'm just going to

54:41

do it this way anyway. And

54:43

you have the shit show that

54:45

the Ethereum Foundation is. You know,

54:47

it was, they have managed to

54:49

do a lot of stuff. Yeah.

54:51

But the value of that stuff

54:53

that they've done is questionable. You

54:55

had basically. Rug pull after rug

54:57

pull after rug pull of these

54:59

someone releases white paper. It's an

55:01

ICA. No code ever gets written.

55:03

ICA, etc. There's been ponds. It's

55:05

like it's a repeat cycle. Actually,

55:07

it's like the ICA and then

55:09

it was the NFT and then

55:11

it was now the maim coin.

55:13

It's not even on Ethereum anymore.

55:16

It's also on Solana. And the

55:18

maim coin stuff is so ridiculous

55:20

because... You don't even have to

55:22

write a white paper. No, they

55:24

gave that up. You're creating a

55:26

name. You're seeing if like... To

55:28

casino. You know, food is going

55:30

to be popular this hour. For

55:32

sure. And it's gambling, but it's

55:34

entertaining for people, I'm sure, but

55:36

the relationship to anything productive is

55:38

far from clear. What was your,

55:40

I want to kind of go

55:42

back to your story though, so

55:44

we were because like... Blockstream, you're

55:46

part of the founding team. How

55:48

long did you stay there? Because

55:50

you don't work there anymore. No,

55:52

I was there from early days

55:54

when it was before we had

55:56

a name, before we had any

55:58

of that, when we were trying

56:00

to get a team together. So

56:02

I guess it was probably late

56:04

2013 when I'm... at Austin, Adam,

56:06

or maybe very early 2014, and

56:08

when we had that conversation about

56:10

getting the band back a day

56:12

there. We had a few meetings

56:14

where it was like some of

56:16

the core developers who were, you

56:18

know, Greg was working at Mozilla,

56:21

I think, at the time, and

56:23

Peter was working at Google, and

56:25

Matt was finished off his degree,

56:27

and Mark was working at NASA.

56:29

All of these people were doing

56:31

a lot of engineering on their,

56:33

in their evenings. but there was

56:35

no actual anyone really who was

56:37

working on the core protocol who

56:39

had a day job just doing

56:41

that. Everyone working on Bitcoin Core

56:43

at that time had some other

56:45

thing that was yeah yeah exactly

56:47

so Craig was doing Codex for

56:49

media at Mozilla for instance and

56:51

so what Adam and Austin were

56:53

trying to do was get some

56:55

sort of company together that would

56:57

allow Bitcoin to grow from that.

56:59

and Bitcoin didn't have a, some

57:01

fees going to development for the

57:03

project or, you know, there's no

57:05

core team allocation or anything like

57:07

that. So getting Blockstream off the

57:09

ground was sort of like the

57:11

first way to support those engineers.

57:13

Is that what Blockstream is today?

57:15

Like is that what it is?

57:17

Is it sort of like a

57:19

dev shop that's working on Bitcoin

57:21

Core? So initially it was conceived

57:23

of as... Let's get something together

57:26

where the core developers have a

57:28

salary and are focused on building

57:30

stuff for Bitcoin and focused on

57:32

making Bitcoin better. And the number

57:34

of commits that happened in that

57:36

first year to the Bitcoin code

57:38

base was, you know, some multiple

57:40

of what had been done in

57:42

the prior several years. And a

57:44

lot of them were substantial changes,

57:46

not just like, you know, fixing

57:48

a spelling error or something like

57:50

that. And so it was a

57:52

success in that regard, I would

57:54

say. There was a whole bunch

57:56

of projects, Bitcoin Elements, a whole

57:58

bunch of things that were proposed,

58:00

and then... adopted into the core

58:02

protocol a lot of bits written

58:04

things like that that was you

58:06

know good time for Bitcoin I

58:08

think there was a lot of

58:10

criticism directed their way there was

58:12

a lot of suspicion directed the

58:14

way there's a whole bunch of

58:16

conspiracy theories on on read it

58:18

and so forth that I don't

58:20

know if you were around that

58:22

I got into this whole world

58:24

in 2017 so different era So,

58:26

blockchain, block-size wars. Yes. Back then.

58:28

But I think by that point,

58:30

a lot of the battles have

58:33

been won. The shouting wasn't over,

58:35

but it was essentially done. Okay.

58:37

They'd already gotten some of the

58:39

segment stuff in, and the miners

58:41

were resisting it, but when the

58:43

blockchain was actually full, they were

58:45

like, oh shit, well, we do

58:47

have to do something about this.

58:49

When did you leave Blockstream? And

58:51

why did you leave Bloxley? 2018.

58:53

Okay. I lost my fiancé to

58:55

suicide. So I took some time

58:57

off after that and just didn't

58:59

mind up going back to Blockstream

59:01

after that. What have you been

59:03

up to since Blockstream? I joined

59:05

River. I was the founding CSO

59:07

there as well and helped them

59:09

launch and managed their Bitcoin holdings.

59:11

client Bitcoin holdings, which was great.

59:13

One of the last things I

59:15

worked or had any impact on

59:17

before leaving Blockstream was the PSBT

59:19

work. And some of that multi-six

59:21

stuff that was kind of a

59:23

area that was lacking in Bitcoin.

59:25

There were a lot of sort

59:27

of core issues that made multi-six

59:29

not quite so safe to use,

59:31

but coin kite had released the

59:33

cold card and we were able

59:35

to... put together a very secure

59:38

setup that I there was something

59:40

like six or eight thousand Bitcoin

59:42

we were managing with at one

59:44

point didn't lose a wink of

59:46

sleep so no that Bitcoin reached

59:48

that level of maturity that it

59:50

could be managed like that and

59:52

I didn't have to worry about

59:54

the Bitcoin getting lost or getting

59:56

hacked or anything like that because

59:58

it was possible to build a

1:00:00

good setup. Amazing. Do you feel

1:00:02

like a lot of those people

1:00:04

that you worked with, I want

1:00:06

to bring it back to the

1:00:08

zero knowledge system story, but a

1:00:10

lot of those people that you

1:00:12

worked with, did you end up

1:00:14

crossing paths with them later in

1:00:16

the Bitcoin space? Like did a

1:00:18

lot of them end up working

1:00:20

on this kind of stuff? Yeah,

1:00:22

Adam, of course, did other people

1:00:24

from that era. I haven't run

1:00:26

across a lot of them. who

1:00:28

weren't also Austin. Germany, this is

1:00:30

Austin's brother. He was working on

1:00:32

operations and stuff there at Zero

1:00:34

Knowledge. And we now have a

1:00:36

startup together, Cloth Wireless. We're called

1:00:38

Services, one of our products is

1:00:40

Cloth Wireless. And SimSops are an

1:00:43

issue for people in the space.

1:00:45

And we have a system that

1:00:47

is security. It's for SimSops. Given

1:00:49

that you've been in security this

1:00:51

long, when you think about it,

1:00:53

do you feel like, are we,

1:00:55

do you feel safer or less

1:00:57

safe today? This is sort of

1:00:59

actually one of the interesting questions

1:01:01

that we had back in the

1:01:03

day at security networks was how

1:01:05

long are these bugs going to

1:01:07

be a problem? You know, the

1:01:09

idea was that buffer overflows shouldn't

1:01:11

be an issue ten years from

1:01:13

now. Like the industry will have

1:01:15

eliminated this as a bug class.

1:01:17

No, it hasn't. No, okay. And

1:01:19

essentially, there are more people writing

1:01:21

people writing code. and since there

1:01:23

are more people writing code, and

1:01:25

only some subset of them know

1:01:27

how to write secure code, you

1:01:29

have more and more flaws in

1:01:31

the available code out there. So

1:01:33

overall, it's possible to engineer something

1:01:35

very secure, but 99% of the

1:01:37

stuff that gets written isn't written

1:01:39

to that standard. So things are

1:01:41

probably as... secure as they've ever

1:01:43

been and they probably on the

1:01:45

whole haven't gotten any more secure.

1:01:48

One of the first systems that

1:01:50

I got into on the internet

1:01:52

was a NASA computer. It was

1:01:54

the NASA extra galactic database and

1:01:56

it was available on a telnet

1:01:58

system. You just tell it. into

1:02:00

a certain machine and IP address.

1:02:02

And then if you hit control

1:02:04

C, you were presented with a system

1:02:06

prompt. It was just something running

1:02:08

in a shell, loops connect to,

1:02:11

uh, important, and you could do

1:02:13

whatever you want on that system.

1:02:15

And so there are things just

1:02:18

as simple as that today in

1:02:20

other platforms. And there are people

1:02:22

who are writing. friend of mine

1:02:25

has what he calls the Google

1:02:27

test. When someone's describing the architecture

1:02:29

of something, if he bursts into

1:02:32

uncontrollable giggles, that's a complete fail.

1:02:34

And it happens a lot. So,

1:02:36

you know, people are tasked with

1:02:38

things beyond their capacity a lot.

1:02:40

And funny things happen when that

1:02:43

occurs. So, overall, we know how

1:02:45

to write secure code. We know

1:02:47

how to build secure platforms, we

1:02:49

know how to do these things.

1:02:51

Bitcoin's actually a really great proof

1:02:53

of that. You know, the things

1:02:55

that are the core of Bitcoin,

1:02:57

the uptime of Bitcoin is essentially,

1:03:00

it hasn't gone down since it

1:03:02

was launched. And that is something

1:03:04

that would be considered remarkable

1:03:06

to anyone back 20 years

1:03:08

ago. The fact that there's a

1:03:10

system that is distributed and it

1:03:13

just works. And it's money. And

1:03:15

no one's just. you know, broken

1:03:18

that system in a way that

1:03:20

has disrupted the economy that's being

1:03:22

built on it. And that's pretty

1:03:25

fucking good. That's impressive. That said,

1:03:27

you've got all these other chains,

1:03:30

secondary, tertiary, like clones

1:03:32

of things. And it's a circus.

1:03:34

It's just a clown show. So

1:03:37

it depends on the quality of

1:03:39

your engineers. That's the way it's

1:03:41

always being. So, interesting. Jonathan,

1:03:43

thank you so much for coming on

1:03:46

and sharing this story from kind of

1:03:48

your start, breaking into sort of computer

1:03:50

rooms at universities to work in Zero

1:03:53

Knowledge Systems, obviously the project that brought

1:03:55

us to meet each other to the

1:03:57

things you did after. I mean, I...

1:04:00

I joined this space in 2017. I

1:04:02

joined it in Berlin, which is like

1:04:04

an Ethereum hub, more than a Bitcoin

1:04:06

hub. And so I was sort of,

1:04:09

I was introduced to a lot of

1:04:11

this space through Ethereum. I feel like

1:04:13

my Bitcoin history is not that good.

1:04:16

I've had only few people on the

1:04:18

show who really live in Bitcoin land.

1:04:20

So it's really great to get to

1:04:23

hear your. your story and I mean

1:04:25

I do hope to get to get

1:04:27

a chance to also meet with some

1:04:30

of the people who you've mentioned through

1:04:32

this episode who also worked at Zero

1:04:34

Knowledge Systems but also worked kind of

1:04:37

subsequently in the early Bitcoin and and

1:04:39

what happened after. Happy to introduce you

1:04:41

to anyone who I can get you

1:04:44

to Austin seems interested in chatting so

1:04:46

that's another great start. But it's been

1:04:48

a pleasure talking to you and thank

1:04:51

you for having me on. Thanks so

1:04:53

much. And I want to say thank

1:04:55

you to the podcast team, Rachel, Henrich,

1:04:57

and Tanya, and to her listeners. Thanks

1:05:00

for listening.