Monthly Archives: May 2014

def_con_logoDEF CON is an annual hacker conference where software developers, security professionals and others come together for talks and events about cracking systems. Although it is attended by many government agents, the community has a healthy contempt for government. Some past speakers have advised on how to improve your chances for privacy in light of state snooping, while others exposed government operations and propaganda.

One particularly interesting presentation was by Moxie Marlinspike, who spoke about freeing the internet from certificate authorities. The Certificate Authority program is currently used as an integral part of how web browsers create secure connections with web sites. This system is flawed because it relies on a single entity to arbitrarily decide who is trustworthy and who is not. Furthermore, it has one-size-fits-all approach that not only takes away individual choice in the present, but prevents people from choosing who to trust in the future as well. Trust, however, is not some innate quality of a person or organization that can be determined independently. Trust is a relationship between people.


Moxie’s solution is called convergence, and it works just like trust and reputation do in the real world. Instead of having a single authority who must be trusted by everyone, each individual can decide whom to trust. Furthermore, that trust is easily revoked if someone proves to be unreliable. Watch the full presentation below.

Continue reading