Conference logo

Fighting back against Libra - Decentralizing Facebook Connect - Harry Halpin

camp19 - Security - 8/25/2019

The power of Facebook derives from its control over your digital identity. However, the fundamental technologies behind anonymous (attribute-based) authentication credentials have existed since the mid-90s. This talk will cover new advances in anonymous authentication credentials, how the work was nearly killed by Facebook, and their real-world implementation, including their use in the Nym project's mix-net, cryptocurrency, and decentralized messaging applications.

How do we pratically defeat Facebook and build an anonymous internet? Let's start with the building blocks: Getting rid of Facebook Connect using decentralized and privacy-enhancing technologies, then using that as a lever to build the rest of the system.

Anonymous authentication credentials have existed since early blind signature schemes, but have historically been both inefficient and required centralized (if often blind!) trusted third parties. New advances such as UnlimitID and the Coconut signature scheme have allowed the creation of "Nym credentials" that are both decentralized and privacy-preserving. We'll go into three use-cases:

  • Mix-networks Credentials allow mix-nets, which provide anonymity at the network level in even a stronger manner than Tor, to both avoid spam (sybil) attacks and grow in a robust, decentralized manner, avoiding the need of proof of work algorithms.

  • Messaging In combination with the new IETF MLS (Message Layer Security) protocol to replace Signal, anonymous authentication credentials can enable a more privacy-preserving messenger.

  • Cryptocurrency If Facebook is building Libra, we'll show how we can take their fundamental design and make it - or any other cryptocurrency - privacy--preserving using Nym credentials

  • Lastly, we'll review how we build the initial work using European Commission funding from NEXTLEAP and PANORAMIX, how Facebook nearly killed the project, and now how we are building from both non-profit and private sector sources, including hiring ex-Facebook employees to work on privacy.

    Share this talk: