Thank you Jake.
So I was thinking back about all the various memories of Aaron, and I wanted to share three of them with you. Two of them fun and cheerful, and one of them a little bit less fun and cheerful.
The first one was back in 2000, or 2001 or something at an O’Reilly conference, and there was this 13 year‐old kid and Zucco has promised his parents that, “I’ll take care of him. He’ll be fine. Don’t worry,” and his parents were nervous about leaving their 13 year‐old kid at a big O’Reilly conference with 2,000 people. And in fact it worked out fine. The other memorable part of that, first he was a totally ordinary 20‐something year‐old person in a 13 year‐old kid. He was talking about all the technical stuff just like we were. Everything was fine. Then we went out to lunch, and everybody’s like, hey let’s go to a Vietnamese place, let’s go to a Chinese place, and Aaron is like, “Oh yuck, I don’t like any of that weird food.” So those were some reminders at that point.
So that was the first story. The second one, I remember a few years later at CodeCon when Len Sassaman and Bram Cohen were organizing at a SoMa venue that was 21+. I went out to get some fresh air at one point, and there was Aaron hanging out outside because he couldn’t get in because he was like 16 years old and they wouldn’t let him into the 21+ venue that CodeCon was happening. So I guess that was one of the first subversive acts that Aaron and I did together, where I smuggled him into CodeCon so that he could interact with other people and his peers. And I guess I won’t specify which other subversive acts come after that. We can leave them implicit.
But then the third story that I was thinking about was when the Tor dev meeting happened at MIT quite a few years ago, and Aaron emailed me and said, “I’d really love to be there, but I have a restraining order and I’m not allowed to set foot on MIT so can you move it somewhere else?” And I thought to myself, “Okay, what sort of wild antics have you been up to lately that caused that to happen? I mean, geez.” So it wasn’t a total mess in that we met him at Harvard afterwards and talked for a while, but why couldn’t you, Aaron, have told us? Why couldn’t you have explained what was going on? And it turns out (I’ve learned a lot since then) I’ve learned all about grand juries. Jake mentioned the grand jury discussion in the last blurb. It turns out when you get your grand jury subpoena and you find a lawyer and you talk, the very first thing the lawyer tell you is, “Don’t tell anybody. Don’t tell anybody that you got this,” because apparently the first thing that happens when you go into the grand jury and they ask you fishing expedition questions and they ask you whatever they want to ask you, the first thing is, “Tell us everybody you’ve told and why.”
So the first thing you do when you learn about these things is you protect your friends by not sharing, and that’s exactly how they tear apart our communities. So I would say raise your hand if you’ve gotten a grand jury subpoena, but many people here will choose not to raise their hands because they’re taking legal advice. This is terrible. This is fucked up. This is the way the Justice Department, the justice world, is ripping apart our communities by isolating us one by one.
So, I don’t have fixes for that, but here we are looking at the power of the system and the corruption of the system that it wields against people like us to try to prevent us from having control over what we’re doing. To try to prevent us from being empowered or feeling empowered. So I look at that and I think okay, what can I do against this huge, billion‐dollar oppression industry? What can I do against these Justice Department people whose career ambitions involve killing my friends? How can I fight back against that? Do I stand up and get noticed and then I become one of their targets also? What do I do?
One answer there is building tools, infrastructure tools like Tor, that then many other people in the world can use in their products and their projects and their goals, like we’ve heard about today, where other folks like SecureDrop and Library Freedom and the list goes on and on, and WikiLeaks and Chelsea and so on. So the goal there is to have an underlying infrastructure that allows people to be safe in their communication, and that empowers them to level the playing fields, and that empowers them to make the power structures a little bit less uneven.
So that was my political rant for the day, and let me add in a little bit of technical stuff, because I know that Aaron would’ve enjoyed that at least as much.
We heard earlier today about Let’s Encrypt, which is really great. The idea is that every web page on the Internet should be able to get an SSL certificate so you can get encryption. That sounds good. Let me throw out an idea there for you. Wouldn’t it be cool if we could, as part of the Let’s Encrypt client so it’s automatically built in and it just happens magically, wouldn’t it be cool if every web site could get an onion address along with its SSL certificate automatically, for free, it just happens. You either press the button saying “Yes I want an onion address also” or it’s on by default and you don’t unpress the button and whenever you’re signing up to get your SSL cert, it auto‐generates an onion address and off you go.
Facebook has an onion address right now, and I was just talking to Brewster earlier about setting up an onion address for archive.org. So if you’re thinking of setting up something like that for your web site, thumbs up, that sounds great. Turns out there are some policy, I guess bureaucratic problems there, where the CA mafia doesn’t really want to relinquish control that much that quickly, but we’re patient and stubborn, and I imagine over time that will start to work.
But I guess I’ll end with thinking about onion services differently.
Aaron was a huge fan of hidden services. You see that in the DeadDrop world. You see that in Tor2Web, which was a project he worked on that lets ordinary people who don’t know what Tor is still be able to reach .onion addresses in the world. So when Facebook set up their web site as an onion service, I started off, as many people did, saying, “I don’t understand. Why does Facebook need privacy for their web site? I know where their web site is. This is stupid.” And I’ve come to believe that I was really wrong on that.
So here’s the way I’ve been looking at it recently. You know how ten years ago when you talked to somebody who ran a web site and they said, “I don’t need to provide SSL for my web site, because my users don’t need safety” or “my users don’t need security” or “my users aren’t important for that?” And now, ten years later, we know that those people are selfish and greedy and they’re not thinking about their users, because it should be up to the users what security they want to get. It should be up to the users, “Do I want encryption going to this web site? Do I not want encryption? What sort of security do I want?”
Similarly, right now we hear people saying, “Oh I don’t need to run an onion version of my web site, because my users…” and then they have some similarly‐bullshit excuse there. So over the coming years, hopefully it will become totally normal and commonplace for people to have more private ways of reaching web sites, and then it will be up to the users to choose, “Do I want link encryption? Do I want link encryption plus privacy? How do I want to access this web site?” And it sure would be cool if the Let’s Encrypt folks could build that in.