Thank you Jake.

So I was think­ing back about all the var­i­ous mem­o­ries of Aaron, and I want­ed to share three of them with you. Two of them fun and cheer­ful, and one of them a lit­tle bit less fun and cheerful.

The first one was back in 2000, or 2001 or some­thing at an O’Reilly con­fer­ence, and there was this 13 year-old kid and Zucco has promised his par­ents that, I’ll take care of him. He’ll be fine. Don’t wor­ry,” and his par­ents were ner­vous about leav­ing their 13 year-old kid at a big O’Reilly con­fer­ence with 2,000 peo­ple. And in fact it worked out fine. The oth­er mem­o­rable part of that, first he was a total­ly ordi­nary 20-something year-old per­son in a 13 year-old kid. He was talk­ing about all the tech­ni­cal stuff just like we were. Everything was fine. Then we went out to lunch, and every­body’s like, hey let’s go to a Vietnamese place, let’s go to a Chinese place, and Aaron is like, Oh yuck, I don’t like any of that weird food.” So those were some reminders at that point.

So that was the first sto­ry. The sec­ond one, I remem­ber a few years lat­er at CodeCon when Len Sassaman and Bram Cohen were orga­niz­ing at a SoMa venue that was 21+. I went out to get some fresh air at one point, and there was Aaron hang­ing out out­side because he could­n’t get in because he was like 16 years old and they would­n’t let him into the 21+ venue that CodeCon was hap­pen­ing. So I guess that was one of the first sub­ver­sive acts that Aaron and I did togeth­er, where I smug­gled him into CodeCon so that he could inter­act with oth­er peo­ple and his peers. And I guess I won’t spec­i­fy which oth­er sub­ver­sive acts come after that. We can leave them implicit.

But then the third sto­ry that I was think­ing about was when the Tor dev meet­ing hap­pened at MIT quite a few years ago, and Aaron emailed me and said, I’d real­ly love to be there, but I have a restrain­ing order and I’m not allowed to set foot on MIT so can you move it some­where else?” And I thought to myself, Okay, what sort of wild antics have you been up to late­ly that caused that to hap­pen? I mean, geez.” So it was­n’t a total mess in that we met him at Harvard after­wards and talked for a while, but why could­n’t you, Aaron, have told us? Why could­n’t you have explained what was going on? And it turns out (I’ve learned a lot since then) I’ve learned all about grand juries. Jake men­tioned the grand jury dis­cus­sion in the last blurb. It turns out when you get your grand jury sub­poe­na and you find a lawyer and you talk, the very first thing the lawyer tell you is, Don’t tell any­body. Don’t tell any­body that you got this,” because appar­ent­ly the first thing that hap­pens when you go into the grand jury and they ask you fish­ing expe­di­tion ques­tions and they ask you what­ev­er they want to ask you, the first thing is, Tell us every­body you’ve told and why.” 

So the first thing you do when you learn about these things is you pro­tect your friends by not shar­ing, and that’s exact­ly how they tear apart our com­mu­ni­ties. So I would say raise your hand if you’ve got­ten a grand jury sub­poe­na, but many peo­ple here will choose not to raise their hands because they’re tak­ing legal advice. This is ter­ri­ble. This is fucked up. This is the way the Justice Department, the jus­tice world, is rip­ping apart our com­mu­ni­ties by iso­lat­ing us one by one. 

So, I don’t have fix­es for that, but here we are look­ing at the pow­er of the sys­tem and the cor­rup­tion of the sys­tem that it wields against peo­ple like us to try to pre­vent us from hav­ing con­trol over what we’re doing. To try to pre­vent us from being empow­ered or feel­ing empow­ered. So I look at that and I think okay, what can I do against this huge, billion-dollar oppres­sion indus­try? What can I do against these Justice Department peo­ple whose career ambi­tions involve killing my friends? How can I fight back against that? Do I stand up and get noticed and then I become one of their tar­gets also? What do I do?

One answer there is build­ing tools, infra­struc­ture tools like Tor, that then many oth­er peo­ple in the world can use in their prod­ucts and their projects and their goals, like we’ve heard about today, where oth­er folks like SecureDrop and Library Freedom and the list goes on and on, and WikiLeaks and Chelsea and so on. So the goal there is to have an under­ly­ing infra­struc­ture that allows peo­ple to be safe in their com­mu­ni­ca­tion, and that empow­ers them to lev­el the play­ing fields, and that empow­ers them to make the pow­er struc­tures a lit­tle bit less uneven.

So that was my polit­i­cal rant for the day, and let me add in a lit­tle bit of tech­ni­cal stuff, because I know that Aaron would’ve enjoyed that at least as much.

We heard ear­li­er today about Let’s Encrypt, which is real­ly great. The idea is that every web page on the Internet should be able to get an SSL cer­tifi­cate so you can get encryp­tion. That sounds good. Let me throw out an idea there for you. Wouldn’t it be cool if we could, as part of the Let’s Encrypt client so it’s auto­mat­i­cal­ly built in and it just hap­pens mag­i­cal­ly, would­n’t it be cool if every web site could get an onion address along with its SSL cer­tifi­cate auto­mat­i­cal­ly, for free, it just hap­pens. You either press the but­ton say­ing Yes I want an onion address also” or it’s on by default and you don’t unpress the but­ton and when­ev­er you’re sign­ing up to get your SSL cert, it auto-generates an onion address and off you go.

Facebook has an onion address right now, and I was just talk­ing to Brewster ear­li­er about set­ting up an onion address for archive​.org. So if you’re think­ing of set­ting up some­thing like that for your web site, thumbs up, that sounds great. Turns out there are some pol­i­cy, I guess bureau­crat­ic prob­lems there, where the CA mafia does­n’t real­ly want to relin­quish con­trol that much that quick­ly, but we’re patient and stub­born, and I imag­ine over time that will start to work.

But I guess I’ll end with think­ing about onion ser­vices differently. 

Aaron was a huge fan of hid­den ser­vices. You see that in the DeadDrop world. You see that in Tor2Web, which was a project he worked on that lets ordi­nary peo­ple who don’t know what Tor is still be able to reach .onion address­es in the world. So when Facebook set up their web site as an onion ser­vice, I start­ed off, as many peo­ple did, say­ing, I don’t under­stand. Why does Facebook need pri­va­cy for their web site? I know where their web site is. This is stu­pid.” And I’ve come to believe that I was real­ly wrong on that. 

So here’s the way I’ve been look­ing at it recent­ly. You know how ten years ago when you talked to some­body who ran a web site and they said, I don’t need to pro­vide SSL for my web site, because my users don’t need safe­ty” or my users don’t need secu­ri­ty” or my users aren’t impor­tant for that?” And now, ten years lat­er, we know that those peo­ple are self­ish and greedy and they’re not think­ing about their users, because it should be up to the users what secu­ri­ty they want to get. It should be up to the users, Do I want encryp­tion going to this web site? Do I not want encryp­tion? What sort of secu­ri­ty do I want?”

Similarly, right now we hear peo­ple say­ing, Oh I don’t need to run an onion ver­sion of my web site, because my users…” and then they have some similarly-bullshit excuse there. So over the com­ing years, hope­ful­ly it will become total­ly nor­mal and com­mon­place for peo­ple to have more pri­vate ways of reach­ing web sites, and then it will be up to the users to choose, Do I want link encryp­tion? Do I want link encryp­tion plus pri­va­cy? How do I want to access this web site?” And it sure would be cool if the Let’s Encrypt folks could build that in.

Thank you.

Further Reference

The Aaron Swartz Day web site.