Every hype cycle in the technology industry continues a steady march towards a shitty future that nobody wants.

CMYKat

Note: I know this isn’t unique to the tech industry, but I can’t write about industries I don’t work in, so this is what’s being covered.

The Road to Hell

Once upon a time, everyone was all hot and bothered about Big Data: Having lots of information–far too much to process with commodity software–was supposed to magically transform business.

How do you build technology that can process that much information at scale? Well, obviously, you just need to invest in The Cloud! (If you’re using the Cloud to Butt Plus Chrome extension, this entire blog post may be confusing to you.)

But don’t scrutinize the Cloud too long, you might miss your chance to invest in blockchain.

meme via Tony Arcieri

Blockchainiacs practically invented an entire constructed language of buzzwords. Things like “DeFi”, “Web3”, and so on. To anyone not accustomed to their in-signaling, it’s potent enough cringe to repel even the weirdest of furries.

CMYKat

But the only thing to know about blockchain is its proponents they like it when the line goes up, and every “innovation” in that sector was in service of the line going up.

https://youtu.be/YQ_xWvX1n9g

Blockchain, of course, refers to cryptocurrency. The security of these digital currencies is based on expensive consensus mechanisms (e.g., Proof of Work). The incentives baked into the design of these consensus mechanisms led users to buy lots of GPUs in order to compete to solve numeric puzzles (a.k.a. “mining”).

For a while, many technologists observed that whenever the line actually goes down or a popular cryptocurrency decides to adopt a less wasteful consensus mechanism, the secondhand market gets flooded with used GPUs.

That all changed with the release of ChatGPT and other Large Language Models.

https://www.youtube.com/watch?v=AaU6tI2pb3M

Now GPUs are a hot commodity even when the price of Bitcoin goes down because tech company leaders are either malicious or stupid, and are always trying to appease investors that have more money than sense. It’s not just tech companies either.

“Our vision of [quick-service restaurants] is that an AI-first mentality works every step of the way.”

Joe Park, CEO of Yum Brands (Taco Bell, Pizza Hut, KFC)

Of all these hype cycles, I suspect that the “AI” hype has more staying power than the rest, if for no other reason than it provides a hedge against the downside of previous hype cycles.

• Not sure to do with the exabytes of Big Data you’re sitting on? Have LLMs parse it all then convincingly lie to you about what it means.
• Expensive cloud bill? Attract more investor dollars by selling them on trying to build an Artificial General Intelligence out of hallucinating chatbots.
• Got a bunch of GPUs lying around from a failed crypto-mining idea? Use it to flagrantly violate intellectual property law to steal from artists with legal impunity!

This “AI” trend is the Human Centipede of technology.

(Yes, there are some valid use cases for the technology that underpins this hype. I’m focusing on Generative AI exclusively for this blog post, since that’s what a lot of the hype is centered around.)

Art: CMYKat

So you can imagine how I felt when I went to add an image to a blog post draft one day and saw this:

Generate with AI? Fuck you.

There is no way to opt out of, or disable, this feature.

WordPress is not alone in its overt participation in this consumption of binary excrement.

Tech Industry Idiocy is Ubiquitous

Behold, Oracle’s AI innovation. Source
EA’s CEO called generative AI the “very core of our business”, which an astute listener will find reminiscent of the time they claimed NFTs and blockchain were the future of the games industry at an earnings call.

Nevermind the fact that they’re actually in the business of publishing video games!

Mozilla Firefox 128.0 released a feature (enabled by default of course) to help advertisers collect data on you.

Per 404 Media, Snapchat reserves the right to use AI-generated images of your face in ads (also on by default).

At this point, even Rip Van fucking Winkle can spot the pattern.

CMYKat

Investors (read: fools with more money than sense) are dead set on a generative AI future, blockchain bullshit in everything, etc. Furthermore, there are a lot of gullible idiots that drank the Kool-Aid and feel like they’re part of the build-up to the next World Wide Web, so there’s no shortage of willing new CS grads to throw at these problems to keep the money flowing.

So we’re clearly well past the point that ridiculing the people involved will have any significant deterrence. The enshittification has spread too far to quarantine, and there are too many True Believers in the mix. Throw in a little bit of Roko’s Basilisk (read: Pascal’s wager for arrogant so-called “rationalists” who think they’re too smart to be Christian) and you’ve got a full-blown cargo cult on your hands.

What can we do about it? Beats me.

CMYKat

Sanity Check

I’m going to set aside the (extremely cathartic) attempts at shame and ridicule as a solution. Fun as they are, they fail to penetrate filter bubbles and reach the people they need to.

What’s your Bullshit Tech Score?

One way we could push back against this steady march towards a future where everything is enshittified, and the devices you paid for (with your hard-earned money) don’t respect your consent at all, is to turn the first of the buzz words we examined (Big Data) against these companies.

I’m proposing we could gather data about companies’ actual practices and build score-cards and leaderboards based on the following metrics:

1. Does the company strategy involve generative AI?
2. Does the company strategy involve selling NFTs?
3. Does the company strategy involve stitching other unnecessary blockchain bullshit where it doesn’t belong?
4. Does the company make questionable claims about quantum computers?
5. Does the company choose default settings that hurt the user in the interest of increasing revenue (i.e., assuming consent without explicitly receiving it)?
6. Does the company own any software patents?
   
   • This includes purely “defensive” patents, in industries where their competitors abuse intellectual property law to stifle competition.
     While these circumstances are understandable, we should be objective in our measurements.

   
   

7. Is the company completely bankrupt on innovation tokens?
8. Does the company suffer from premature optimization (e.g., choosing MongoDB because they fear a relational database isn’t web-scale, rather than because it’s the right tool for the job)?
9. Have any of the company’s leaders been credibly accused of sexual misconduct or violence?
   
   • Sorry not sorry, Blizzard!

   
   

10. Does the company routinely have crunch time (i.e., more than one week per quarter where employees are expected to work more than 40 hours)?
11. Does the company enforce draconian return-to-office policies?
12. Has the company threatened a security researcher with lawsuits in the past 10 years?
13. Does the company roll its own cryptography without having at least one cryptographer on the payroll?
    
    • (Okay, this one is purely for my own sanity, and probably not broadly applicable.)

    
    

A passing score is “No” to each of the above questions.

This proposal is basically the opposite of SSO Tax. Rather than shaming the losers (which there will assuredly be many), the goal would be to highlight companies that are reasonably sane to work for.

I’m aware that there are already companies like Forrester that try to do this, but with a much wider scope than the avoidance of bullshit.

Furthermore, they’re incentivized to not piss off wealthy businessmen, so that they can keep their research business alive, whereas I don’t particularly care if tech CEOs get mad at being called a hypocritical hype-huffer.

I mean, what are they gonna do? Downvote me on Hacker News? I don’t work for them anyway.

In Over Our Heads

There may be other solutions available that will improve things somewhat. I’m not immune to failures of imagination.

Some solutions are incredibly contentious, though, and I don’t really want the headache.

For example: I’m sure that, if this blog post ever gets posted on a message board, someone in the peanut gallery will bring up unions as a mechanism, and others will fiercely shoot that idea down.

It’s possible that we, as an industry, are completely in over our heads. There’s too much bullshit, and too many perverse incentives creating ever-increasing amounts of bullshit, that escape is simply impossible.

Perhaps we’ve already crossed the excrement horizon.

Maybe Kurzweil was right about a Singularity after all?

CMYKat

Closing Thoughts

The main thing I wanted to convey today was, “No, you’re not alone, things are getting stupider,” to anyone who wondered if there was a spark of sanity left in the tech sector.

Art: AJ

It’s not just the smarmy tech CEOs that are the problem. The rot has spread all the way to the foundations of many organizations. Hacker News, Lobsters, etc. are full of clueless AI maximalists that cannot see the harms they are inflicting.

It is difficult to get a [person] to understand something, when [their] salary depends on [their] not understanding it.

Original quote by Upton Sinclair.

Though I am at a loss for how to tackle this problem as a community, acknowledging it exists is still important to me.

On WordPress and Generative AI

Years ago, I wrote on Medium, but got tired of the constant pressure to monetize my blog, so I decided to pay for a WordPress.com account. I write for myself, after all, and don’t expect any compensation for it.

Many of you will notice the “adblocker not detected” popup. That sums up how I feel about the adtech industry.

It’s disheartening that WordPress is pushing Generative AI bullshit to paying customers with no way to opt out of the feature. (Nevermind that it should be off-by-default and opted into.)

For now, I just refuse to use the feature and hope a lower adoption rate causes a project manager somewhere in Automattic to sweat. They’re somewhat notorious for being led by stubborn assholes who don’t listen to critics (even on security matters).

I’ll also continue to credit the artists that made the furry art I include in my blog posts, because supporting artists is the exact opposite of supporting generative AI.

If you’re looking for a furry artist to commission, first read this, and then maybe consider the artists whose work I’ve featured over the years.

New Avenues of Bullshit

If I may be so bold as to make a predication: In the distant future, I expect to see more Quantum Computing related bullshit.

Though currently constrained to the realm of grifters, NIST’s recent standardization of post-quantum cryptography is likely to ignite a lot of questionable technology companies.

Whether any of this quantum bullshit catches on at the same scale as tech industry hype remains to be seen.

If any does, I promise to handle each instance with the same derision as the bullshit I discovered in DEFCON’s Quantum Village.

https://soatok.blog/2024/09/18/the-continued-trajectory-of-idiocy-in-the-tech-industry/

#Cryptocurrency #Society #Technology

Dhole Moments

2021-04-19 10:21:00

Normally when you see an article that talks about cryptocurrency come across your timeline, you can safely sort it squarely into two camps: For and Against. If you’re like me, you might even make a game out of trying to classify it into one bucket or the other from the first paragraph–sort of like how people treat biological sex–and then reading to see if you were right or not. Most of the time, you don’t even have to read past the headline to know where the author stands.

Unfortunately, the topic of cryptocurrency is complicated in ways only nerds could envision. And I’m not even talking about the cryptography involved when I say that.

(Art by Khia.)

Cryptocurrency is one of those cans I keep kicking down the road, lest all of its worms escape. I’m neither an enthusiast who wants to pump dogecoin to the moon, nor a detractor who thinks that the idea of digital cash is inherently stupid.

https://twitter.com/FiloSottile/status/1380576100888281094

The “crypto means cryptography” trope exists because, after Bitcoin’s first price hike, a shitload of speculative investors flooded cryptography forums and drowned out the usual participants’ discussions. I’ve previously said that some gatekeeping is necessary for the maintenance group identity, and that the excess of this minimum amount is what creates toxicity. Unfortunately, this trope has far exceeded the LD50 for healthy discourse.

Some of my friends make their living working on cryptocurrency projects–as researchers, mathematicians, programmers, security engineers, and so on. A lot of the interesting cryptography breakthroughs we’ll see in the next 10-15 years will be, at least in part, the result of cryptographers working in the cryptocurrency space. It’s difficult to talk about zero-knowledge proofs without acknowledging some of the kick-ass research the Electric Coin Company has done in order to launch their privacy-preserving cryptocurrency, and that’s only one example.

Here’s cryptographer Jean-Phillipe Aumasson, whose employer is launching a regulated cryptocurrency marketplace:

https://twitter.com/veorq/status/1384045994413678598

If you’re not familiar with JP’s work, he wrote several cryptography books (including Serious Cryptography), contributed to several hash functions (SipHash, BLAKE2, and BLAKE3), and initiated the Password Hashing Competition that resulted in Argon2.

However, there’s also a lot of bullshit in the cryptocurrency space.

• Years of securities fraud enabled by “Initial Coin Offerings” (ICOs) on the Ethereum blockchain. Most famously: Bitcoiin (yes, with two I’s) whose spokesman was bad movie star, Steven Seagal.
• The plague of hacked Twitter accounts pretending to be Elon Musk, perpetuating a “give me some $ and I’ll give you more back” scam that’s sadly effective.
• The whole cryptoart / NFT debacle.
• Litanies of startups trying to “use blockchain to solve X problem” without ever asking if the problem warrants a blockchain in the first place.
• Every microgram of drama related to John McAfee.

And those are just the items I can list off, off the top of my head. The awfulness surrounding cryptocurrency is like a fractal: The deeper you look at it, the more shit you see.

Cryptocurrency Subculture: A Tale of Too Shitty

The world’s most successful cryptocurrency to date, Bitcoin, was created in 2008 by an anonymous cryptographer who liked to be known as Satoshi Nakamoto and distributed on metzdowd.com, a mailing list created by a group of cryptoanarchists that called themselves “cypherpunks”.

At the risk of being overly reductive, cryptoanarchists are people who believe strongly in a right to privacy and therefore the right to use cryptography to protect communications from others–be it governments, corporations, or jealous ex-lovers. The cypherpunks were a group of cryptoanarchists that also wrote code. It’s a wordplay on “cyberpunk”.

It’s difficult to speculate about the intentions or politics of Satoshi Nakamoto, considering they said very little of substance about their private beliefs, and no longer answer emails from random strangers. However, given their presence on metzdowd, it’s reasonable to propose they were at least sympathetic to the cypherpunks’ cause.

Most outspoken cryptocurrency enthusiasts today are not like Satoshi Nakamoto. They don’t understand or frankly give a shit about complex, nuanced points about privacy and the government machinations underpinning public safety–let alone how that intersects with the racist history of the institutions charged with keeping the public safe. They’re largely anarcho-capitalists who want to make as much money as they can and, in turn, pay as little as possible in taxes.

How do you make money in cryptocurrency?
By obtaining some amount of a coin, then convincing other people to buy it to drive up the demand, and therefore the price, and then sell at a later date. Then you can sell your coins at a higher price than you paid (either directly, or through energy costs from “mining”) and pocket your profits.

Don’t let the name fool you: anarcho-capitalists (a.k.a. ancaps) aren’t anarchists (and furthermore, cryptocurrency-manic ancaps aren’t cryptoanarchists). Here’s a helpful video to disambiguate the terms involved:

https://www.youtube.com/watch?v=OOTlxsn8tWc

If I said that large swaths of the cryptocurrency community was generally shitty, I would not be the first to make this observation. The earliest Bitcoin events were caricatures of the kind of toxic sexist excess that dominates chauvinistic power fantasies. (“When lambo?”)

It’s not just the bad politics or the stark contrast between cryptocurrency in practice and cryptocurrency as envisioned by the earliest architects on the metzdowd cryptography mailing list.

Last year I wrote about a dumb attack against the second hash function used by the cryptocurrency, IOTA. After I wrote this story, my Twitter mentions and DMs were flooded with astroturfing attempts by IOTA enthusiasts. Nearly a year later, most of those have been deleted–presumably because of an account suspension.

https://twitter.com/HapaRekk/status/1283485380004597760

Before IOTA, Monero enthusiasts used to engage in bad faith with anyone that dared criticize their favorite cryptocurrency project on Reddit or Hacker News.

To be clear: I don’t think that cryptocurrency projects or their developers are ever necessarily responsible for the behavior of their users. Sometimes you find toxic assholes like Sergey Ivancheglo (the IOTA developer that threatened security researchers) at the helm, and then immediately jettison it until they leave (to great fanfare of the non-toxic part of their community).

I don’t want to overstate my case here. A lot of blockchainiacs are just downright awful people. The absolute worst. But I’ve found over the years that, the less a person talks about cryptocurrency as a financial endeavor (e.g. speculative trading), the less likely they are to be shitty. It’s not a law of the universe, but it’s a useful measuring stick.

But with all that in mind, an obvious question emerges.

If there’s so much awful shit surrounding cryptocurrency, why would furries (a subculture that constantly receives endless helpings of flak from society at large) ever venture near cryptocurrency?

The Politics Inherent to Furry Identity

Art by Swizz.

A lot of Americans like to think of themselves as “Free Speech” proponents. Some of them get all sweaty over whether or not they should be allowed to broadcast, and profit from, bigoted or hateful content laden with slurs.

And yet, the most censored people in American society are, without a doubt, sex workers. And you rarely hear any so-called “Free Speech” proponents give an iota of shit about the plight of sex workers. They can’t even freely engage in commerce here.

Sex work is explicitly banned by most financial service providers, such as PayPal. It’s exceedingly difficult for sex workers to make ends meet without constantly having to worry about their accounts being frozen and funds inaccessible.

There are a lot of reasons why the plight of sex workers is so bad in America. At the top of the list is the intersection of conservative politics and evangelical Christianity, which overall condemns healthy and consensual expressions of human sexuality. (Ever noticed how the only people who think they have a “sex addiction” are religious or right-wing? Not a coincidence.)

Do you know who else is a target of evangelicals and conservatives?

Furries, as you might know, are widely considered an LGBTQIA+ subculture (although not all of us are LGBTQIA+; only about 80%). But we’re more than just an LGBTQIA+ subculture. We’re also a vibrant community filled with skilled artists. Some of this art is pornographic in nature. It turns out, when queer people aren’t forced into the closet, they tend to embrace shameless authenticity and celebrate their romantic and sexual attractions with pride.

https://twitter.com/Pinboard/status/992819169593716737

A few years ago, the Death Eaters in Congress passed two bills (FOSTA and SESTA) that were advertised as an attempt to crack down on “sex trafficking”.

In practice, these laws killed Pounced.org–the only furry “dating” site at the time that wasn’t a sketchy cash grab (FurryMate, FurFling, etc.). Pounced.org died because the cost to avoid being criminally prosecuted under these laws was so exorbitant that they couldn’t sustain the website anymore, and it probably wasn’t the only small dating site to be killed by poor legislation. Only the big players could really have front-loaded these costs.

Which leads to the meat of this issue…

Why Furries Might Be Interested in Cryptocurrency

Cryptocurrency can be very attractive to members of the furry fandom because of the bullshit baked into the societies and cultures we exist in.

Cryptocurrency promises to be permissionless and decentralized; to bank the unbanked. If you make your living filling up someone else’s spank bank, the idea of creepy rich white men not being able to exercise targeted censorship against you or your family is, frankly, irresistible.

“Can’t use PayPal for your trade? Just setup a cryptocurrency wallet and give a different address to each of your clients, and instructions on how to access some vaguely reputable cryptocurrency exchange.”

Granted, most furries aren’t sex workers or porn artists, but some of our friends are, and we want to see them protected. But there’s another threat that cryptocurrency promises to alleviate: Chargeback fraud.

The prevalence of chargeback fraud is why I always tip artists. It helps to offset some of the harm caused by shitty behavior.
(Art by Khia)

This is the usual story (although exceptions do exist) I heard from my artist friends:

Someone under 18 decides they want to commission an artist they cannot personally afford, so they steal their parent’s credit card and use it to pay for a commission. Later–often after the work has been completed and delivered to the client–their parent notices the unauthorized charge on their credit card, and issues a chargeback.

Not only does this steal from the artist, but it incurs a $35 fee and increases the risk of their account being permanently suspended by their payment provider–thereby preventing them from accessing the funds paid to them by legitimate customers.

“Thanks for the free art! Now you’re at least $35 poorer and maybe lost your only lifeline out of perpetual poverty.”

— Assholes

And thus, the Siren Song repeats once again!

Cryptocurrency doesn’t prevent chargeback fraud, but it does shift the risk from independent artists that have no capital or political power and onto billion dollar financial institutions like Coinbase.

Once the cryptocurrency has been transferred from the Coinbase wallet to the furry artist, it cannot be unspent. Bad faith behavior might still happen, but the artist doesn’t risk their livelihood because of it.

And that’s why, when furry auction site The Dealer’s Den announced a plan to rebuild with “Blockchain Technology”, I didn’t even bat an eye. It seems like an obvious solution to a pervasive unsolved problem to me.

Sure, it’d be great if we could solve this problem with sensible civil policy. But when is that going to finally happen? After all, we’re talking about the same governments that bungled COVID-19 last year, and the AIDS crisis last century, and so on…

https://www.youtube.com/watch?v=aJtvKSUPICA

However, and this bears emphasizing, the CryptoArt / NFT trend is not a valid reason to get involved in cryptocurency! As I said on Twitter:

https://twitter.com/SoatokDhole/status/1370045499122843654

https://twitter.com/SoatokDhole/status/1370046285798064128

https://twitter.com/SoatokDhole/status/1370047071949033472

https://twitter.com/SoatokDhole/status/1370047509314297862

So, super long preamble aside, what I thought I’d do today is talk a bit about cryptocurrency and how to engage with the topic responsibly, especially if you’re trying to mitigate the damage of the systems we inherited.

Cryptocurrency For Furries

I’m going to be very light on technical jargon, in the interests of accessibility, but at the risk of being imprecise.

No two cryptocurrencies are created equal. If you’re hoping to use one to mitigate systemic harms to our community, I implore you to learn the technical details in depth.

Decentralized Consensus

Cryptocurrencies can be classified by something called their consensus mechanism, which is how they can maintain a consistent ledger without being centralized. It doesn’t really matter, for the purpose of this article, how any of them work. I’m happy to dive into that in a future blog post, should anyone want it.

What you need to know is that Proof-of-Work (PoW) consensus algorithms are designed to maximize energy waste across the entire cryptocurrency network. That’s how it maintains its security against different kinds of esoteric-sounding attacks.

When you “mine” a Proof-of-Work cryptocurrency, what you’re doing is solving a computationally hard puzzle (e.g. find a number that, when combined with the previous block’s hash and your address and hashed, produces a specific number of leading 0 bits determined by an algorithm to ensure this happens at a set average frequency of time), which results in the entire network agreeing that your address gets the “block reward” (a fixed amount of whatever currency) plus transaction fees.

Cryptocurrency discussions frequently invite conversations about the environmental impact of mining. Proof-of-Work is the cause for this excess energy use which certainly contributes to global climate change.

So, if you’re going to get involved with cryptocurrency without contributing to global climate disaster, you’re going to want to avoid Proof-of-Work cryptocurrencies. There are several other options to choose from.

Proof-of-Stake is popular among my cryptocurrency nerd friends, although it receives a fair bit of criticism from experts (especially the “nothing at stake” problem). Ask your cryptographer. It’s probably not me.

On-Chain Privacy

The vaunted “blockchain” is a public, transparent record of all transactions.

When you use a cryptocurrency like Bitcoin, it’s sort of like tweeting your financial activities for the world to see.

“But nobody knows who owns this address,” Bitcoin maximalists might argue. To which I point out: Nobody is supposed to know your sockpuppet Twitter accounts either, but when you use them to harass someone right after they block your main account, we know it’s you.

The people whom this applies to know who they are, and should stop.
(Art by Khia)

Some cryptocurrencies, like Zcash, try to provide something like TLS for your transactions. When you use shielded Zcash addresses, the transaction amounts and recipients are encrypted, and this ciphertext is accompanied by a zero-knowledge proof to ensure the total amount in the shielded and unshielded pools remains consistent.

I highly implore you to choose a cryptocurrency that has on-chain privacy, especially if your target audience includes queer people and/or sex workers.

Mainstream Appeal

Finding a privacy-preserving cryptocurrency that doesn’t equate to Global Warming Bucks is a tall order, but if you want people to actually use a cryptocurrency, it needs to be accessible.

By accessible, I mean available on all the mainstream cryptocurrency exchange platforms (Coinbase, Binance, Bitfinex, etc.).

This might sound like pointless gatekeeping, but remember: They have the money and lawyers to negotiate with the economic powerhouses of the world, while sex workers and furry artists do not.

Cryptographic Security

Any regular reader of Dhole Moments probably saw this section coming a mile away, but an important consideration for a cryptocurrency to build upon is whether or not it’s actually secure.

This is where things get tricky. Weird or poor choices in cryptographic algorithm don’t seem to matter much.

Bitcoin uses ECDSA over Koblitz curves. IOTA shipped two broken hash functions, threatened researchers, and then tried to claim the first broken hash function was backdoored for “copy protection”. The CryptoNote currencies (n.b. Monero) tried to build on EdDSA but introduced a double spend attack.

I’m certainly not qualified to audit an entire cryptocurrency and say “yes/no” on its security. But any cryptocurrency you consider should at least pass a smoke test from your cryptographer.

Which Cryptocurrency Should I Choose?

If you’re looking for a cryptocurrency that’s secure, accessible, privacy-preserving, and doesn’t waste a fuck ton of energy all the time, the short answer is that there is none. You’re going to have to make a trade-off.

Shocking, I know.
(Art by Khia)

I’m sure there are cryptocurrency projects that use privacy-preserving technologies without a Proof-of-Work algorithm, and their design and implementation might even be secure! But, to date, I’m not aware of any such projects that also have mainstream accessibility on large exchange platforms.

You’ll notice that I didn’t mention price volatility in my list above. There’s two reasons for that:

1. I’m not a financial expert. For all I know, price volatility might be something you want out of your cryptocurrency, especially if you’re LARPing a day trader.
2. It’s hard enough to make this choice without adding more complications to the formula.

If Zcash ever adopted a consensus algorithm that wasn’t Proof-of-Work, it’d be a shoe-in for me to recommend. It checks all the other boxes neatly and is one of the most interesting cryptography projects on the Internet, after all.

In the meantime, maybe some other project will fill this niche and become widely accessible for everyone. There’s a lot of exciting and/or scary things happening with cryptocurrency research.

If you’re stuck with a hard decision, honestly, just do the best you can and be very transparent about the trade-offs you’re making and why you’re making them. Then ask a friend or expert to check your reasoning before you commit to it. “Do nothing” also needs to be publicly considered, no matter how absurd it might seem.

Disclaimers and Other Remarks

I do not work with cryptocurrency in my dayjob. I’d like to say that, consequently, I don’t have a conflict of interest, but all humans have subconscious biases, and a lot of my favorite people in cryptography do work in or with cryptocurrency. I want my friends to be able to continue to do awesome work without feeling ashamed.

https://twitter.com/cryptolexicon/status/1331712883403722752

Thus, I don’t care if you invest in Bitcoin or Dogecoin or whatever. Shoot for the moon while you awoo at the moon. Just be careful; for every winner, there’s at least one loser.

Fact: Dholes are also known as “Whistling Dogs”
(Art by Khia)

I’m a fan of transparency logs–which are often compared to blockchains, but without the currency aspect. If you’re not familiar, read up on Trillian and Chronicle. Notably, Trillian is the backbone of Certificate Transparency, which helps keep the CA infrastructure honest and consequently makes HTTPS safer for everyone.

https://soatok.blog/2021/04/19/a-furrys-guide-to-cryptocurrency/

#Cryptocurrency #furries #furry #furryArtists #FurryFandom #Politics #Society

Normally when you see an article that talks about cryptocurrency come across your timeline, you can safely sort it squarely into two camps: For and Against. If you’re like me, you might even make a game out of trying to classify it into one bucket or the other from the first paragraph–sort of like how people treat biological sex–and then reading to see if you were right or not. Most of the time, you don’t even have to read past the headline to know where the author stands.

Unfortunately, the topic of cryptocurrency is complicated in ways only nerds could envision. And I’m not even talking about the cryptography involved when I say that.

(Art by Khia.)

Cryptocurrency is one of those cans I keep kicking down the road, lest all of its worms escape. I’m neither an enthusiast who wants to pump dogecoin to the moon, nor a detractor who thinks that the idea of digital cash is inherently stupid.

https://twitter.com/FiloSottile/status/1380576100888281094

The “crypto means cryptography” trope exists because, after Bitcoin’s first price hike, a shitload of speculative investors flooded cryptography forums and drowned out the usual participants’ discussions. I’ve previously said that some gatekeeping is necessary for the maintenance group identity, and that the excess of this minimum amount is what creates toxicity. Unfortunately, this trope has far exceeded the LD50 for healthy discourse.

Some of my friends make their living working on cryptocurrency projects–as researchers, mathematicians, programmers, security engineers, and so on. A lot of the interesting cryptography breakthroughs we’ll see in the next 10-15 years will be, at least in part, the result of cryptographers working in the cryptocurrency space. It’s difficult to talk about zero-knowledge proofs without acknowledging some of the kick-ass research the Electric Coin Company has done in order to launch their privacy-preserving cryptocurrency, and that’s only one example.

Here’s cryptographer Jean-Phillipe Aumasson, whose employer is launching a regulated cryptocurrency marketplace:

https://twitter.com/veorq/status/1384045994413678598

If you’re not familiar with JP’s work, he wrote several cryptography books (including Serious Cryptography), contributed to several hash functions (SipHash, BLAKE2, and BLAKE3), and initiated the Password Hashing Competition that resulted in Argon2.

However, there’s also a lot of bullshit in the cryptocurrency space.

• Years of securities fraud enabled by “Initial Coin Offerings” (ICOs) on the Ethereum blockchain. Most famously: Bitcoiin (yes, with two I’s) whose spokesman was bad movie star, Steven Seagal.
• The plague of hacked Twitter accounts pretending to be Elon Musk, perpetuating a “give me some $ and I’ll give you more back” scam that’s sadly effective.
• The whole cryptoart / NFT debacle.
• Litanies of startups trying to “use blockchain to solve X problem” without ever asking if the problem warrants a blockchain in the first place.
• Every microgram of drama related to John McAfee.

And those are just the items I can list off, off the top of my head. The awfulness surrounding cryptocurrency is like a fractal: The deeper you look at it, the more shit you see.

Cryptocurrency Subculture: A Tale of Too Shitty

The world’s most successful cryptocurrency to date, Bitcoin, was created in 2008 by an anonymous cryptographer who liked to be known as Satoshi Nakamoto and distributed on metzdowd.com, a mailing list created by a group of cryptoanarchists that called themselves “cypherpunks”.

At the risk of being overly reductive, cryptoanarchists are people who believe strongly in a right to privacy and therefore the right to use cryptography to protect communications from others–be it governments, corporations, or jealous ex-lovers. The cypherpunks were a group of cryptoanarchists that also wrote code. It’s a wordplay on “cyberpunk”.

It’s difficult to speculate about the intentions or politics of Satoshi Nakamoto, considering they said very little of substance about their private beliefs, and no longer answer emails from random strangers. However, given their presence on metzdowd, it’s reasonable to propose they were at least sympathetic to the cypherpunks’ cause.

Most outspoken cryptocurrency enthusiasts today are not like Satoshi Nakamoto. They don’t understand or frankly give a shit about complex, nuanced points about privacy and the government machinations underpinning public safety–let alone how that intersects with the racist history of the institutions charged with keeping the public safe. They’re largely anarcho-capitalists who want to make as much money as they can and, in turn, pay as little as possible in taxes.

How do you make money in cryptocurrency?
By obtaining some amount of a coin, then convincing other people to buy it to drive up the demand, and therefore the price, and then sell at a later date. Then you can sell your coins at a higher price than you paid (either directly, or through energy costs from “mining”) and pocket your profits.

Don’t let the name fool you: anarcho-capitalists (a.k.a. ancaps) aren’t anarchists (and furthermore, cryptocurrency-manic ancaps aren’t cryptoanarchists). Here’s a helpful video to disambiguate the terms involved:

https://www.youtube.com/watch?v=OOTlxsn8tWc

If I said that large swaths of the cryptocurrency community was generally shitty, I would not be the first to make this observation. The earliest Bitcoin events were caricatures of the kind of toxic sexist excess that dominates chauvinistic power fantasies. (“When lambo?”)

It’s not just the bad politics or the stark contrast between cryptocurrency in practice and cryptocurrency as envisioned by the earliest architects on the metzdowd cryptography mailing list.

Last year I wrote about a dumb attack against the second hash function used by the cryptocurrency, IOTA. After I wrote this story, my Twitter mentions and DMs were flooded with astroturfing attempts by IOTA enthusiasts. Nearly a year later, most of those have been deleted–presumably because of an account suspension.

https://twitter.com/HapaRekk/status/1283485380004597760

Before IOTA, Monero enthusiasts used to engage in bad faith with anyone that dared criticize their favorite cryptocurrency project on Reddit or Hacker News.

To be clear: I don’t think that cryptocurrency projects or their developers are ever necessarily responsible for the behavior of their users. Sometimes you find toxic assholes like Sergey Ivancheglo (the IOTA developer that threatened security researchers) at the helm, and then immediately jettison it until they leave (to great fanfare of the non-toxic part of their community).

I don’t want to overstate my case here. A lot of blockchainiacs are just downright awful people. The absolute worst. But I’ve found over the years that, the less a person talks about cryptocurrency as a financial endeavor (e.g. speculative trading), the less likely they are to be shitty. It’s not a law of the universe, but it’s a useful measuring stick.

But with all that in mind, an obvious question emerges.

If there’s so much awful shit surrounding cryptocurrency, why would furries (a subculture that constantly receives endless helpings of flak from society at large) ever venture near cryptocurrency?

The Politics Inherent to Furry Identity

Art by Swizz.

A lot of Americans like to think of themselves as “Free Speech” proponents. Some of them get all sweaty over whether or not they should be allowed to broadcast, and profit from, bigoted or hateful content laden with slurs.

And yet, the most censored people in American society are, without a doubt, sex workers. And you rarely hear any so-called “Free Speech” proponents give an iota of shit about the plight of sex workers. They can’t even freely engage in commerce here.

Sex work is explicitly banned by most financial service providers, such as PayPal. It’s exceedingly difficult for sex workers to make ends meet without constantly having to worry about their accounts being frozen and funds inaccessible.

There are a lot of reasons why the plight of sex workers is so bad in America. At the top of the list is the intersection of conservative politics and evangelical Christianity, which overall condemns healthy and consensual expressions of human sexuality. (Ever noticed how the only people who think they have a “sex addiction” are religious or right-wing? Not a coincidence.)

Do you know who else is a target of evangelicals and conservatives?

Furries, as you might know, are widely considered an LGBTQIA+ subculture (although not all of us are LGBTQIA+; only about 80%). But we’re more than just an LGBTQIA+ subculture. We’re also a vibrant community filled with skilled artists. Some of this art is pornographic in nature. It turns out, when queer people aren’t forced into the closet, they tend to embrace shameless authenticity and celebrate their romantic and sexual attractions with pride.

https://twitter.com/Pinboard/status/992819169593716737

A few years ago, the Death Eaters in Congress passed two bills (FOSTA and SESTA) that were advertised as an attempt to crack down on “sex trafficking”.

In practice, these laws killed Pounced.org–the only furry “dating” site at the time that wasn’t a sketchy cash grab (FurryMate, FurFling, etc.). Pounced.org died because the cost to avoid being criminally prosecuted under these laws was so exorbitant that they couldn’t sustain the website anymore, and it probably wasn’t the only small dating site to be killed by poor legislation. Only the big players could really have front-loaded these costs.

Which leads to the meat of this issue…

Why Furries Might Be Interested in Cryptocurrency

Cryptocurrency can be very attractive to members of the furry fandom because of the bullshit baked into the societies and cultures we exist in.

Cryptocurrency promises to be permissionless and decentralized; to bank the unbanked. If you make your living filling up someone else’s spank bank, the idea of creepy rich white men not being able to exercise targeted censorship against you or your family is, frankly, irresistible.

“Can’t use PayPal for your trade? Just setup a cryptocurrency wallet and give a different address to each of your clients, and instructions on how to access some vaguely reputable cryptocurrency exchange.”

Granted, most furries aren’t sex workers or porn artists, but some of our friends are, and we want to see them protected. But there’s another threat that cryptocurrency promises to alleviate: Chargeback fraud.

The prevalence of chargeback fraud is why I always tip artists. It helps to offset some of the harm caused by shitty behavior.
(Art by Khia)

This is the usual story (although exceptions do exist) I heard from my artist friends:

Someone under 18 decides they want to commission an artist they cannot personally afford, so they steal their parent’s credit card and use it to pay for a commission. Later–often after the work has been completed and delivered to the client–their parent notices the unauthorized charge on their credit card, and issues a chargeback.

Not only does this steal from the artist, but it incurs a $35 fee and increases the risk of their account being permanently suspended by their payment provider–thereby preventing them from accessing the funds paid to them by legitimate customers.

“Thanks for the free art! Now you’re at least $35 poorer and maybe lost your only lifeline out of perpetual poverty.”

— Assholes

And thus, the Siren Song repeats once again!

Cryptocurrency doesn’t prevent chargeback fraud, but it does shift the risk from independent artists that have no capital or political power and onto billion dollar financial institutions like Coinbase.

Once the cryptocurrency has been transferred from the Coinbase wallet to the furry artist, it cannot be unspent. Bad faith behavior might still happen, but the artist doesn’t risk their livelihood because of it.

And that’s why, when furry auction site The Dealer’s Den announced a plan to rebuild with “Blockchain Technology”, I didn’t even bat an eye. It seems like an obvious solution to a pervasive unsolved problem to me.

Sure, it’d be great if we could solve this problem with sensible civil policy. But when is that going to finally happen? After all, we’re talking about the same governments that bungled COVID-19 last year, and the AIDS crisis last century, and so on…

https://www.youtube.com/watch?v=aJtvKSUPICA

However, and this bears emphasizing, the CryptoArt / NFT trend is not a valid reason to get involved in cryptocurency! As I said on Twitter:

https://twitter.com/SoatokDhole/status/1370045499122843654

https://twitter.com/SoatokDhole/status/1370046285798064128

https://twitter.com/SoatokDhole/status/1370047071949033472

https://twitter.com/SoatokDhole/status/1370047509314297862

So, super long preamble aside, what I thought I’d do today is talk a bit about cryptocurrency and how to engage with the topic responsibly, especially if you’re trying to mitigate the damage of the systems we inherited.

Cryptocurrency For Furries

I’m going to be very light on technical jargon, in the interests of accessibility, but at the risk of being imprecise.

No two cryptocurrencies are created equal. If you’re hoping to use one to mitigate systemic harms to our community, I implore you to learn the technical details in depth.

Decentralized Consensus

Cryptocurrencies can be classified by something called their consensus mechanism, which is how they can maintain a consistent ledger without being centralized. It doesn’t really matter, for the purpose of this article, how any of them work. I’m happy to dive into that in a future blog post, should anyone want it.

What you need to know is that Proof-of-Work (PoW) consensus algorithms are designed to maximize energy waste across the entire cryptocurrency network. That’s how it maintains its security against different kinds of esoteric-sounding attacks.

When you “mine” a Proof-of-Work cryptocurrency, what you’re doing is solving a computationally hard puzzle (e.g. find a number that, when combined with the previous block’s hash and your address and hashed, produces a specific number of leading 0 bits determined by an algorithm to ensure this happens at a set average frequency of time), which results in the entire network agreeing that your address gets the “block reward” (a fixed amount of whatever currency) plus transaction fees.

Cryptocurrency discussions frequently invite conversations about the environmental impact of mining. Proof-of-Work is the cause for this excess energy use which certainly contributes to global climate change.

So, if you’re going to get involved with cryptocurrency without contributing to global climate disaster, you’re going to want to avoid Proof-of-Work cryptocurrencies. There are several other options to choose from.

Proof-of-Stake is popular among my cryptocurrency nerd friends, although it receives a fair bit of criticism from experts (especially the “nothing at stake” problem). Ask your cryptographer. It’s probably not me.

On-Chain Privacy

The vaunted “blockchain” is a public, transparent record of all transactions.

When you use a cryptocurrency like Bitcoin, it’s sort of like tweeting your financial activities for the world to see.

“But nobody knows who owns this address,” Bitcoin maximalists might argue. To which I point out: Nobody is supposed to know your sockpuppet Twitter accounts either, but when you use them to harass someone right after they block your main account, we know it’s you.

The people whom this applies to know who they are, and should stop.
(Art by Khia)

Some cryptocurrencies, like Zcash, try to provide something like TLS for your transactions. When you use shielded Zcash addresses, the transaction amounts and recipients are encrypted, and this ciphertext is accompanied by a zero-knowledge proof to ensure the total amount in the shielded and unshielded pools remains consistent.

I highly implore you to choose a cryptocurrency that has on-chain privacy, especially if your target audience includes queer people and/or sex workers.

Mainstream Appeal

Finding a privacy-preserving cryptocurrency that doesn’t equate to Global Warming Bucks is a tall order, but if you want people to actually use a cryptocurrency, it needs to be accessible.

By accessible, I mean available on all the mainstream cryptocurrency exchange platforms (Coinbase, Binance, Bitfinex, etc.).

This might sound like pointless gatekeeping, but remember: They have the money and lawyers to negotiate with the economic powerhouses of the world, while sex workers and furry artists do not.

Cryptographic Security

Any regular reader of Dhole Moments probably saw this section coming a mile away, but an important consideration for a cryptocurrency to build upon is whether or not it’s actually secure.

This is where things get tricky. Weird or poor choices in cryptographic algorithm don’t seem to matter much.

Bitcoin uses ECDSA over Koblitz curves. IOTA shipped two broken hash functions, threatened researchers, and then tried to claim the first broken hash function was backdoored for “copy protection”. The CryptoNote currencies (n.b. Monero) tried to build on EdDSA but introduced a double spend attack.

I’m certainly not qualified to audit an entire cryptocurrency and say “yes/no” on its security. But any cryptocurrency you consider should at least pass a smoke test from your cryptographer.

Which Cryptocurrency Should I Choose?

If you’re looking for a cryptocurrency that’s secure, accessible, privacy-preserving, and doesn’t waste a fuck ton of energy all the time, the short answer is that there is none. You’re going to have to make a trade-off.

Shocking, I know.
(Art by Khia)

I’m sure there are cryptocurrency projects that use privacy-preserving technologies without a Proof-of-Work algorithm, and their design and implementation might even be secure! But, to date, I’m not aware of any such projects that also have mainstream accessibility on large exchange platforms.

You’ll notice that I didn’t mention price volatility in my list above. There’s two reasons for that:

1. I’m not a financial expert. For all I know, price volatility might be something you want out of your cryptocurrency, especially if you’re LARPing a day trader.
2. It’s hard enough to make this choice without adding more complications to the formula.

If Zcash ever adopted a consensus algorithm that wasn’t Proof-of-Work, it’d be a shoe-in for me to recommend. It checks all the other boxes neatly and is one of the most interesting cryptography projects on the Internet, after all.

In the meantime, maybe some other project will fill this niche and become widely accessible for everyone. There’s a lot of exciting and/or scary things happening with cryptocurrency research.

If you’re stuck with a hard decision, honestly, just do the best you can and be very transparent about the trade-offs you’re making and why you’re making them. Then ask a friend or expert to check your reasoning before you commit to it. “Do nothing” also needs to be publicly considered, no matter how absurd it might seem.

Disclaimers and Other Remarks

I do not work with cryptocurrency in my dayjob. I’d like to say that, consequently, I don’t have a conflict of interest, but all humans have subconscious biases, and a lot of my favorite people in cryptography do work in or with cryptocurrency. I want my friends to be able to continue to do awesome work without feeling ashamed.

https://twitter.com/cryptolexicon/status/1331712883403722752

Thus, I don’t care if you invest in Bitcoin or Dogecoin or whatever. Shoot for the moon while you awoo at the moon. Just be careful; for every winner, there’s at least one loser.

Fact: Dholes are also known as “Whistling Dogs”
(Art by Khia)

I’m a fan of transparency logs–which are often compared to blockchains, but without the currency aspect. If you’re not familiar, read up on Trillian and Chronicle. Notably, Trillian is the backbone of Certificate Transparency, which helps keep the CA infrastructure honest and consequently makes HTTPS safer for everyone.

https://soatok.blog/2021/04/19/a-furrys-guide-to-cryptocurrency/

#Cryptocurrency #furries #furry #furryArtists #FurryFandom #Politics #Society

Dhole Moments

2021-04-02 11:30:22

If you’ve somehow never encountered an Internet meme before, you may be surprised to learn that the number 69 is often associated with sex (and, more specifically, a particular sex act).

This happens to be the 69th blog post published on Dhole Moments, since I started the blog in April 2020.

You could even go as far as to say it’s the 4/20 +69th post, for maximum meme potential.

42069, get it? (Art by Khia)

However! I make a concerted effort to keep my blog safe-for-work, so if you’re worried about this post being flooded with furry porn (a.k.a. yiff art), or cropped yiff memes, or any other such lascivious nonsense, you won’t find any of that on this blog. (Sorry to disappoint.)

Instead, I’d like to take the opportunity to correct some public misconceptions about human sexuality, identity, and how these topics relate to the furry fandom.

Is Furry a Sex Thing?

I find it difficult to overstate how often people assume the “furry is a sex thing” premise. Especially on technical forums.

But let’s backtrack for a second. What isn’t a sex thing?

Art by Khia.

This turns out to be a difficult question to answer. Even Wikipedia’s somewhat concise list of paraphilias doesn’t leave a lot of topics off the table.

Are shoes a sex thing? Are cigarettes? Poetry?

Comic from Saturday Morning Breakfast Cereal.

Hell, one might be tempted to cry foul on the header image used in this blog post for including tentacles, hypnotic eyes, and footpaws in the same image. (Scandalous!) But if you look at the uncropped versions of these images, you’ll quickly realize they aren’t yiffy.

Top Art by AtlasInu.
Bottom: Created by FlashWhite_. Fox is Kiit Lock.
The more you read about this topic, the more you’ll realize this question is inert. Anything can be a sex thing. Humans are largely a sexual species, and sex is deeply ingrained in our culture (which can make life awkward for asexual people).

Instead, the question of whether or not the furry fandom is sexual becomes a bit of a Rorschach test for one’s cognitive biases.

If you’re chiefly concerned with public image–especially when fursuiting in public, where kids can see–you’re incentivized to double down on the fact that the furry fandom is no more inherently sexual than anything else can be. And this is true.

If you’re concerned with cultivating a sex-positive environment where people can live out their sexual fantasies in a safe, sane, and consensual manner, you’re incentivized to insist that furry is a sexual thing. “We have murrsuits for crying out loud! Stop kink-shaming! Down with puritan ideologies on sex!” And this is also true.

Humans are largely sexual, so any activity humans engage in will inevitably involve people sexualizing it. Even tupperware parties, for fuck’s sake! Anyone who believes there is a “Rule 34 of the Internet” tacitly acknowledges this fact, even if it’s inconvenient for a narrative they’re trying to spin.

So while this might be a meaningless question, one has to wonder…

Why Does Everyone Care So Much If Being a Furry (In Particular) Is Sexual or Not?

To understand what’s really happening here, you need to know a few things about the furry fandom.

1. Approximately 80% of furries are LGBTQIA+ (source).
2. Early anti-furry sentiments were motivated by queerphobia, especially on forums like Something Awful–and the influence of early hateful memes can still be seen to this day.

https://twitter.com/spacetwinks/status/728349066178998274

One of the Something Awful staff eventually acknowledged and apologized for this.

Archived from here. To corroborate, an Internet author named Maddox once parodied SomethingAwful’s hateful obsession with furries.

There was even a movement within the furry fandom history (the “Burned Furs“) that aimed to excise queerness and sex-positivity from the community. It’s no coincidence that a lot of the former Burned Furs joined with the alt-right movement within the furry fandom.

The alt-right is explicitly queerphobic; especially against trans people. But it’s not just queerphobic; it’s also an ableist and racist movement.

Regardless of sexual orientation, a lot of furries are neurodivergent, too.

Simply put: The reason that most people care whether or not furries are sexual is rooted in the propensity of anti-furry rhetoric in Internet culture, which was motivated at its inception by mostly queerphobia with a dash of ableism.

Art by Khia.

The notion that furries are “too sexual” originated as a dog-whistle for “too gay”, and caught on with people who didn’t know the hidden meaning of the idea. Now a lot of people repeat these ideas without intending or even knowing their roots, and many more have internalized shame about the whole situation.

Unfortunately, this even precipitates into the furry fandom itself, which leads to an unfortunate cyclical discourse that takes place largely on Furry Twitter.

Original tweet unavailable

Furry Isn’t a Sexuality. There is no F in LGBT!

If you publicly state “anti-furry rhetoric is largely queerphobic dog-whistles”, you will inevitably hear someone try to retort this way. So let’s be very clear about it.

Furry isn’t its own sexual identity, and I would never claim otherwise.

Unlike transgender people, furries do not experience anything like “species dysphoria” (although therians/otherkin do report experiencing this; don’t conflate the two).

What’s happening here is: Most furries (about 80% of us) have separate sexual/gender identities that deviate from the heteronormative. A lot of queerphobia is easier to sell when you convey it through dog-whistles. So that’s what bigots did.

Polite company that wouldn’t partake in queer-bashing is often willing to laugh at the notion of “Beat A Furry Day“.

Anyone who tries to twist this acknowledgement to mean something ridiculous like an LGBTF movement is either being irrational or a 4chan troll.

Art by Khia.

For related reasons, you shouldn’t ever feel the need to “come out” as a furry.

https://www.youtube.com/watch?v=ZG2DRLimBSM

It’s okay to just really like Beastars, Zootopia, or even the Furry aspects of the Minecraft and Roblox communities. It doesn’t make you a sex-freak.

What’s the Take-Away?

It doesn’t really matter if the furry fandom has a sexual side to it. Everything does! The people who proclaim to care very much about this care for all the wrong reasons. Don’t be one of them.

Art by Swizz.

And remember: Lewd furries aren’t furry trash; we’re yiff-raff!

Sex Isn’t Well-Defined Either

While we’re talking about sex, did you know that biological sex isn’t neatly divided into “male” and “female”? This isn’t an ideological position; it’s a scientific one. Just ask a biologist!

https://twitter.com/JUNIUS_64/status/1054387892624285699

Trans and nonbinary people change gender (which is about your role within society) from what they were assigned at birth, but even sex itself isn’t so concrete.

The next time someone tries to appeal to “science” when talking about trans rights and then vomits up some unenlightened K-12 explanation of human reproduction and biological sex, remind them that science disagrees with their oversimplified and outdated mental model–and they might know this if they kept up with scientists.

Where Can I Learn More About the Sexual Side of the Furry Fandom?

Important: If you’re under the age of 18, you should stay out of adult spaces until you’re old enough to participate. No excuses.

If you’re looking for pornographic furry art (also called “yiff”), most furry art sites (FurryLife, FurAffinity, etc.) have adult content filters that you can turn off when you register an account.

If you’re looking for something more interactive, there’s a swath of furries that develop private VR experiences for 18+ audiences. One of the most well-funded Patreon artists makes adult furry games.

If you’re curious about why and how people express their sexuality when fursuiting (also called “murrsuiting”), there’s a subreddit for that.

It’s really not hard to find. This is one of the advantages of furry being a largely sex-positive community.

Furry YouTuber Ragehound even has a series about Furries After Dark if you want to learn more about these topics.

https://www.youtube.com/watch?v=nGOlQJDO5no

Finally, similar to how 69 is a meme number for sex, furries have an additional meme number (621) that comes from the name of an adult furry website (e621.net).

You now have enough knowledge to navigate the adult side of the fandom. Just don’t come crying to me when you develop the uncanny knack for recognizing which r/furry_irl posts are actually cropped yiff versus wholly worksafe art.

https://soatok.blog/2021/04/02/the-furry-sexuality-blog-post/

#furries #furry #FurryFandom #LGBTQIA_ #Society

Historical Context of Iota’s Hash Functions

Once upon a time, researchers discovered that the hash function used within the Iota cryptocurrency (Curl-P), was vulnerable to practical collisions. When pressed about this, the Iota Foundation said the following:

https://twitter.com/durumcrustulum/status/1083859956841889792

In response to this research, the Iota developers threatened to sue the researchers.

https://twitter.com/matthew_d_green/status/965731647579664385?lang=en

Iota replaced Curl-P-27 with a hash function based on Keccak-384 they call Kerl. Keccak, you may recall, is a sponge function that went on to become SHA-3.

At its face, this sounds like a conservative choice in cryptography protocol design: Migrate from a backdoored hash function to one trusted and respected by cryptographers around the world.

https://twitter.com/cybergibbons/status/1283065819300331520

Iota even offered a bug bounty for attacks against reduced round variants:

https://twitter.com/durumcrustulum/status/1083860482866343936

Kerl isn’t Keccak-384 though. It’s Keccak-384 with a bit of an odd twist: They encode the input bytes into ternary ({0, 1} -> {-1, 0, 1}) before hashing. Apparently this weird obsession with ternary encoding is part of Iota’s schtick?

Practical Kerl Collisions

As a consequence of their weird ternary obsession, the following inputs all produce the same Kerl hash:

• GYOMKVTSNHVJNCNFBBAH9AAMXLPLLLROQY99QN9DLSJUHDPBLCFFAIQXZA9BKMBJCYSFHFPXAHDWZFEIZ
• GYOMKVTSNHVJNCNFBBAH9AAMXLPLLLROQY99QN9DLSJUHDPBLCFFAIQXZA9BKMBJCYSFHFPXAHDWZFEIH
• GYOMKVTSNHVJNCNFBBAH9AAMXLPLLLROQY99QN9DLSJUHDPBLCFFAIQXZA9BKMBJCYSFHFPXAHDWZFEIQ

This is a consequence of always zeroing out the last “trit” before passing the input to Keccak-384.

Since this zeroing was an explicit design choice of Iota’s, I decided to helpfully submit a pull request adding these inputs as test vectors to their JavaScript implementation.

Why It Matters

These are the facts:

• Kerl is intended to replace Curl-P-27 within the Iota cryptocurrency.
• The Iota Foundation previously admitted that Curl-P-27 was a “copy-protection backdoor”.
• The ternary encoding in Kerl allows three different inputs to produce the same hash output (which is not true of Keccak-384).

Given the past behavior of the Iota developers, there are three possible explanations for this:

1. It’s a bugdoor (a backdoor enabled by a bug) intended to be exploited by the Coordinator–possibly as another copy-protection backdoor in the spirit of Curl-P-27.
2. They made a critical design mistake in Kerl, which may or may not be exploitable in one or more of the places they use Kerl.
3. Their alleged justification for zeroing out the last trit is sound, and there’s no way to exploit this collision vulnerability within Iota.

The last explanation is the one that Iota fanboys will probably cling to, but let me be clear: Even if this isn’t exploitable within Iota, it’s still a huge fuck-up in the design of Kerl.

I’ve lost count of the number of projects I’ve encountered that used secp256k1 as their elliptic curve choice simply because it was also the curve Bitcoin used. These are protocols doing ECDSA for JSON Web Tokens, or ECDH for use in ECIES schemes.

The probability of someone eventually using Kerl outside of Iota is 1, and they will be vulnerable to collisions because of that choice.

Takeaways

Iota is a cryptocurrency project that threatens security researchers, intentionally backdoored the cryptographic hash function in their original design (for “copy-protection”) and admitted to it, and designed a replacement cryptographic hash function (Kerl) that is vulnerable to trivial collision attacks (but the underlying hash function, Keccak-384, is not).

I don’t need to connect the lines on this one, do I?

It’s really freaking obvious.

Since this attack also works on “reduced round” variants of Kerl, I guess I win their bug bounty too!

If the Iota developers are reading this, please remit payment for your promised bounty to the following ZEC address: zs1lwghzjazt4h53gwnl7f24tdq99kw7eh9hgh3qumdvcndszl7ml4xmsudcmm60dut2cfesxmlcec

That being said, I never got an answer to my question, “Should I report the security reduction in bits or trits?” I’m feeling generous though. Given the cost of a collision is basically 1 trit, this is a 242-trit security reduction against collision attacks in Kerl.

https://soatok.blog/2020/07/15/kerlissions-trivial-collisions-in-iotas-hash-function-kerl/

#collision #cryptanalysis #Cryptocurrency #cryptographicHashFunction #hashFunction #iota #kerl #kerlission

Dhole Moments

2020-07-15 08:05:45

Historical Context of Iota’s Hash Functions

Once upon a time, researchers discovered that the hash function used within the Iota cryptocurrency (Curl-P), was vulnerable to practical collisions. When pressed about this, the Iota Foundation said the following:

https://twitter.com/durumcrustulum/status/1083859956841889792

In response to this research, the Iota developers threatened to sue the researchers.

https://twitter.com/matthew_d_green/status/965731647579664385?lang=en

Iota replaced Curl-P-27 with a hash function based on Keccak-384 they call Kerl. Keccak, you may recall, is a sponge function that went on to become SHA-3.

At its face, this sounds like a conservative choice in cryptography protocol design: Migrate from a backdoored hash function to one trusted and respected by cryptographers around the world.

https://twitter.com/cybergibbons/status/1283065819300331520

Iota even offered a bug bounty for attacks against reduced round variants:

https://twitter.com/durumcrustulum/status/1083860482866343936

Kerl isn’t Keccak-384 though. It’s Keccak-384 with a bit of an odd twist: They encode the input bytes into ternary ({0, 1} -> {-1, 0, 1}) before hashing. Apparently this weird obsession with ternary encoding is part of Iota’s schtick?

Practical Kerl Collisions

As a consequence of their weird ternary obsession, the following inputs all produce the same Kerl hash:

• GYOMKVTSNHVJNCNFBBAH9AAMXLPLLLROQY99QN9DLSJUHDPBLCFFAIQXZA9BKMBJCYSFHFPXAHDWZFEIZ
• GYOMKVTSNHVJNCNFBBAH9AAMXLPLLLROQY99QN9DLSJUHDPBLCFFAIQXZA9BKMBJCYSFHFPXAHDWZFEIH
• GYOMKVTSNHVJNCNFBBAH9AAMXLPLLLROQY99QN9DLSJUHDPBLCFFAIQXZA9BKMBJCYSFHFPXAHDWZFEIQ

This is a consequence of always zeroing out the last “trit” before passing the input to Keccak-384.

Since this zeroing was an explicit design choice of Iota’s, I decided to helpfully submit a pull request adding these inputs as test vectors to their JavaScript implementation.

Why It Matters

These are the facts:

• Kerl is intended to replace Curl-P-27 within the Iota cryptocurrency.
• The Iota Foundation previously admitted that Curl-P-27 was a “copy-protection backdoor”.
• The ternary encoding in Kerl allows three different inputs to produce the same hash output (which is not true of Keccak-384).

Given the past behavior of the Iota developers, there are three possible explanations for this:

1. It’s a bugdoor (a backdoor enabled by a bug) intended to be exploited by the Coordinator–possibly as another copy-protection backdoor in the spirit of Curl-P-27.
2. They made a critical design mistake in Kerl, which may or may not be exploitable in one or more of the places they use Kerl.
3. Their alleged justification for zeroing out the last trit is sound, and there’s no way to exploit this collision vulnerability within Iota.

The last explanation is the one that Iota fanboys will probably cling to, but let me be clear: Even if this isn’t exploitable within Iota, it’s still a huge fuck-up in the design of Kerl.

I’ve lost count of the number of projects I’ve encountered that used secp256k1 as their elliptic curve choice simply because it was also the curve Bitcoin used. These are protocols doing ECDSA for JSON Web Tokens, or ECDH for use in ECIES schemes.

The probability of someone eventually using Kerl outside of Iota is 1, and they will be vulnerable to collisions because of that choice.

Takeaways

Iota is a cryptocurrency project that threatens security researchers, intentionally backdoored the cryptographic hash function in their original design (for “copy-protection”) and admitted to it, and designed a replacement cryptographic hash function (Kerl) that is vulnerable to trivial collision attacks (but the underlying hash function, Keccak-384, is not).

I don’t need to connect the lines on this one, do I?

It’s really freaking obvious.

Since this attack also works on “reduced round” variants of Kerl, I guess I win their bug bounty too!

If the Iota developers are reading this, please remit payment for your promised bounty to the following ZEC address: zs1lwghzjazt4h53gwnl7f24tdq99kw7eh9hgh3qumdvcndszl7ml4xmsudcmm60dut2cfesxmlcec

That being said, I never got an answer to my question, “Should I report the security reduction in bits or trits?” I’m feeling generous though. Given the cost of a collision is basically 1 trit, this is a 242-trit security reduction against collision attacks in Kerl.

https://soatok.blog/2020/07/15/kerlissions-trivial-collisions-in-iotas-hash-function-kerl/

#collision #cryptanalysis #Cryptocurrency #cryptographicHashFunction #hashFunction #iota #kerl #kerlission

I've now received 3 separate emails asking me to sell my potential share of the upcoming Fluence Network cryptocurrency airdrop. This project aims at rewarding the "~110,000 developers who contributed into open source web3 repositories during last year" according to the project webpage. In order to do this "Public keys of selected Github accounts were added into a smart contract on Ethereum" which they stored in a single file hosted on AWS that their own "install" script fetches in order to generate proof of GitHub account ownership.

So you can check any GitHub account eligibility on the Fluence website, of course, but you can also obtain the conveniently complete list of 108,615 eligible GitHub accounts to spam with your stupid cryptocurrency acquisition request. I've pulled down my email address from my public profile in the hope that it will stem the tide, but that's yet another possibly well-meaning Web3 project that ends up abused within seconds of its inception because of poorly thought-out process.

Also I never contributed to any web3 repository, so I'm vaguely curious how they compiled this list of accounts but not that much either.

#Web3IsGoingGreat #Web3 #Cryptocurrency

• Most popular global payment systems blocked Russia which was bad enough itself but what was even worse it became almost impossible to pay for services which remained operational but had no other forms of payment.
• SWIFT bank transfers mostly stopped working and what remained became very expensive.
• Some foreign investment accounts were frozen. So much for investing in US shares. Poof.
• EU now forbids exporting euros to Russia and some countries (like Finland) can actually confiscate² cash on border.
• Local accounts in foreign currency are restricted by the government which means you can't withdraw cash from them in substantial amount.
• At the same time now they have negative interest rates so if you just leave them they will get depleted anyway. The only way is to convert them to rubles at shamelessly low rates.
• Ruble, local currency, has about four very different rates towards other currencies (depends where, how and in which direction you convert) and suffers from high inflation (which again is very different depending how you calculate but significant no matter what).
• Local government as well as just about everyone else tightened all kinds of financial regulations, restrictions and tracking.
• Looks like everyone declared cold war on cash. I have some money in 500 and 200 euro notes which apparently are next to impossible to use in EU now because are you drug dealer, gun runner or child trafficker as no one else has use for these notes? Locally it is a bit better but clearly not for long.