 I don't think you really want that. Ooh, a chair. Okay, I'm Ian Goldberg. I'm from Zero Knowledge Systems. And apparently someone's making a quick announcement. Channel 9 is completely up, so anybody who wants to watch this from the comfort of their rooms can do so on Channel 9. Cool. Okay, as I was saying, let's try not to find where those blue things are getting in my face. Okay, I'm Ian Goldberg from Zero Knowledge Systems. We make privacy software for the internet that allows you to go online and use pseudonyms instead of your real name, real email address, real IP address. You can make a bunch of different pseudonyms and use the internet that way. It allows you to pseudonymize a whole bunch of network protocols such as email, web, IRC, DNS, things like that, news reading. And I've talked about this previous DEF CONS. You've probably heard the general overview. There are people who don't know what freedom does that wants me to go over pretty quick. Yes? Okay. Okay, very quickly, the outline of the freedom network. Basically, if you're familiar with the way emailers work, it's a lot like that. There are a number of freedom servers situated around the internet, not run by us, but run by third parties, ISPs, backbone providers, things like that. We've announced various agreements such as with Carrier 1 in Europe that they're going to be running a bunch of nodes and other backbone providers like that. I know a lot of people here run some of our nodes. What happens is the freedom client runs on your own computer. Any time an IP packet tries to leave the computer, it's wrapped up in a bunch of layers of encryption, send off to one of these intermediate nodes that strips off a layer, finds where to send it next, it goes to the next one, strips off a layer, does the next one strips off a layer until at the end, it pops out of the freedom network and onto the real internet, and off it goes to its destination. When the packet comes back, it just gets wrapped up and wrapped up and wrapped up, and then it arrives at your computer with five layers of encryption on it, and the freedom software in your computer decrypts it and hands it on to the IP stack. That's basically what it is. That's basically an anonymous communications mechanism. On top of that we've layered a pseudonymity layer which allows you to have persistent pseudonyms which is useful for things like reputation capital. So you can go on the net under a pseudonym and gain reputation that way. People that go on the net totally anonymously, you don't know if the guy posting anonymously this week is the same guy that posted anonymously last week, and you can't tell whether he's an elite hacksaw dude or a moron. So with pseudonyms you can better gain reputation, and certainly most news readers nowadays can let you even automatically rate posters and move them up and down, but that's pretty independent. So what I would like to really talk about today is basically the current status of the Freedom Network, as well as where we're going in the future. Right off I'm going to say, I'm the Chief Scientist there, and basically the Freedom Network is a commercialization of my PhD thesis, but I have like nothing to do with the day to day business operations of the company. I don't know how many users we have, I don't know the total throughput of the network that's out there now. I can tell you the minute details of the protocol, but not how many people are using it. So where are we today? So over the last couple of years I've come up here sometimes with Austin, the President of the company, he's not here this time, and talked about the status and we said, oh it's coming, it's coming. Well we shipped last December 1.0, we're now on 1.1, you can go to www.freedom.net and go buy the thing. Technically the software is free and you pay for access to the network, it's a service-based model. And we have some number of people out there, as I said, I have no clue what that number is, but we're getting good utilization of the network. People ask what's coming in the future. Basically right now what you can download, you can either be a server operator and download one of these server nodes. Server operators we pay to run nodes, so if you have extra bandwidth, if you want to be part of this freedom network bringing privacy to the internet, the point of this whole software of course is that by using these pseudonyms and pseudonymizing your IP addresses and email addresses, it makes it much harder for web server operators to add things like double-quick to log you and track you. We do clever things with cookies to separate out the cookies belonging to your different pseudonyms. So it shouldn't be possible to tell that pseudonym A is the same person as pseudonym B. And so you can use it for different parts of your life. You can use pseudonym A for posting your resume to a job site and look for a job and you can use pseudonym B to post a different kind of resume to a singles matchmaking site and look for a date. And those two things shouldn't be correlatable together. So right now there's the server operator software. It's Linux-based. There's the client software, which the version you can download right now is Windows 90X-based. And one of my main announcements today is that last week at the Ottawa Linux Symposium up in Canada we're a Montreal-based company by the way, which is a useful thing for avoiding the funny little cryptography and security regulations they've gotten this funny country. We can export our stuff worldwide and always have been able to. So at the Ottawa Linux Symposium, Mike Shaber recently of Mozilla, he used to run the Mozilla open-source project. He signed on with us and now he's running our open-source project. He previewed the Linux client for freedom, which has been long-awaited. And that will be available shortly. Also he showed off open-source.freedom.net, which contains the first bit of source code for the freedom client and server. And more will be added there as time goes on. Right now what's on there is the base kernel module, which is at the heart of freedom that allows the intercepting of the packets and the network stack and all that. And it's our hope that people will look at this and do all the things we like to say about open-source, port it to other platforms. If you find bugs in it, please report them. And make it faster, make it cooler, make it better. We now have it running at something like 45 megabit throughput through the kernel. We think that's pretty good, but if we can do better, we'd love to. Coming up in the future, we have all sorts of other fun things down the line. I'll talk a little later about some of the technology based on Stefan Brandsworth. He's this cryptographer out of the Netherlands who has recently signed on with us. And he has some very interesting protocols that make it possible to do things like electronic cache online, anonymous electronic cache, which is really good. And also the ability to do certain kinds of certificates which allow you to prove things about yourself like I'm over 21 without revealing any other information about you. So the line in the structure of this basically is throw it open to questions in a bit. First, I'd like to introduce Jonathan Wilkins, who has recently signed up with us as the head of our adversary group. And this would seem to be a pertinent crowd to tell us to. And he's going to talk a bit about the adversary group, what they do, and convince you to join us. At least that's my goal. Basically, the adversary group is something that we've been advertising for for about, I think, about eight months or so. And I was the first one who fit the bill, but we're looking to expand the group to buy another few people because my hands are more than full at this point. Currently, the initiatives that we've started are a full code audit on the order that OpenBSD has done it. I'd like to make sure that this product which is designed to protect your privacy is the most secure piece of code that it can be. We've also set up an incident response team and we're looking at ensuring that any security-related incident is addressed within a 24-48-hour period, which I think is necessary with a privacy-related product. One caveat is we are based in Montreal and we would require people to move there. The team is exceptional. I've loved working with everyone since I got there. If you have any questions about this, please come and see me. Essentially, we're looking for people who have co-auditing skills, who know how to write exploits, who know how to examine the network and confirm that the implementation meets the protocol specifications. We have a lot of confidence in Ian and his work, but it's always necessary to perform due diligence and ensure that the implementation meets the protocol. I guess I'll hand it back to Ian for the question-and-answer period, but if you have any questions, please feel free to come and see me. Since I talked to you last, we've grown the company hugely. We're now up to about 260 people working for us. For a while this past year, we were hiring at a rate of two or three people a day. We've slowed that down a bit now, so we're probably not going to hit 400 in the next month. But if you're interested in the adversary positions, the incident response positions, even coding, we have a security team that does crypto coding, we have teams that do UI, QA, all the normal things that software companies do, jobs.zeroknowledge.com, and submit your resume online, and we'll see what we can do. At this point, I think I'll just open the floor up to questions, and that was quick. Let's just start. The question is, he's been using freedom for about two months, and notice is a pretty big performance set when you're using the network. It turns out that this performance set is quite non-deterministic when we test it. It seems some links between the servers that are out around the network are pretty bad, and if your route that you've chosen through the network uses one of these links, you get really high packet loss rates, and so TCP will die a horrible death, and things will slow down. On the other hand, if you miss it, there seems to be very little impact at all. So we're looking at ways to try to isolate these links and improve the performance of the network as a whole. Definitely performance is our major concern. We are working on doing clever things like on-the-fly compression of data that goes through the network, because, for example, your modem, which normally would compress the data before sending it, and decompress it as it comes back, can't do that when the data has already been encrypted before it leaves your computer. Encrypted data can't be compressed. So you lose a lot of the performance you normally see. On the other hand, if we do compression ourselves and compress the data before we send it over the freedom network, then you'll see much, much better throughput, also the addition of caching in the network, and things like this. We do realistically think that we can actually achieve better performance using the freedom network than not, because we can do all sorts of clever things using middleware-type techniques that you wouldn't get otherwise. So the question is why pseudonymity as opposed to anonymity? And there are a couple of reasons. Certainly the network at a fundamental layer is an anonymous network, and we have just tacked on pseudonymity above that. There are good computer science and engineering reasons to do that, and one of which is that if we change our minds later and want to allow anonymity on the network, we just have to not require that you show a pseudonym when you use your network. And in fact, we do allow anonymity for a handful of things, the most obvious being contacting the NIM server to get a NIM. A NIM is a pseudonym. Certainly if you don't have one, how do you get one if you need one to use the network? So we do allow anonymous use of the network in certain circumstances, and we are looking at allowing that list to grow. For example, it's not really useful when you're doing email. You really want the reputation capital associated with pseudonyms for email. But when you're just web browsing, there's an argument to be made that a lot of that could be done completely anonymously. And we're looking at that and we're definitely considering turning off the requirement of pseudonymity for that. So you'll be able to do more things actually completely anonymously. Right, but we want to provide this tool so that it automatically works for users who have no clue how to use PGP. If you look, there's a recent report called Why Johnny Kent and Crypt. And what they, this was from, I believe, CMU. And what they did, they did a user test and they gave PGPs latest and greatest, which was 6.something. They sat down users in front of it and some tiny percentage of users could figure out how to use PGP. With our software, once it's installed in your computer, which admittedly is a tricky thing. Users often can't install software, but we're doing deals of various sorts that hopefully will allow it to just ship with your computer that it'll just be there when you get it. All you do is use your normal mail client. You send normal mail and it just works. All the packets are intercepted under the covers. You don't have to run any special new software. You use your normal Netscape or IE, use your normal Udora or whatever email client you use. And if your mail happens to be going from one freedom user to another, it will automatically encrypt it before it goes. If it's just going out, it'll put a signature in there. That can be read by other freedom users. And it's meant to be really easy to use and transparent and still give you all the features that you might want. So we're trying... That being said, you can still send a PGP-signed message if you want to do that, but we certainly don't want to make you use PGP just to get the benefit of reputation, which we feel is very important. Right. So for cookies, what we do is the application proxy that sits on your computer intercepts web requests and responses. And when it sees a cookie come back, it sticks the cookie in a little cookie jar and you have one separate cookie jar for each pseudonym. And the cookie jar is very controllable. You can say don't accept cookies or accept cookies only from these sites or whatever, but more to the point, if one pseudonym gets a cookie, a different pseudonym won't have it. So when you switch pseudonyms, it's to double click like you're a totally different person. And since you'll come out of the network at a different place, your IP address won't match, your cookies won't match. They have no reason to believe you're the same person at all. Yeah. Okay. So the question is, how do we deal with traffic analysis? And this is a really good question. Traffic analysis, if you're not familiar, is taking the presence of messages, even if you can't read them because they're encrypted, and using that to figure out who's talking to whom or other interesting things. For example, if you see e-mail, PGP encrypted e-mail, suddenly being passed back and forth between the CEOs of two big companies, you might want to start talking to your stockbroker because interesting things could be happening there, even though you totally can't read the message. So the question is, what do we do to keep traffic analysis from happening? And the design calls for a lot of things, not all of which are implemented at the moment, actually not all of which are turned on at the moment, including things like packet padding, link padding, the idea being that an eavesdropper shouldn't be able to tell which clients are talking to which servers out there. The problem, basically, is that traffic analysis today is a lot like block cipher design was about 30 years ago in the early 70s. In the early 70s, block ciphers, that's one of the fundamental building blocks of cryptography, were really well understood by the classified community. They'd been using them for a while. We had no crew. We had not done any public studying of encryption much. We really knew it this. When DEZ came out, it was clear that input from the NSA made it a lot stronger than it would otherwise have been. And it was only 10, 15 years later that we understood why the NSA made the changes they did. It turned out the NSA at the time of the DEZ design knew about this technique called differential cryptanalysis. And we didn't. And only like 15 years later, when we learned about it, did we discover, hey, DEZ is really strong against this. It turns out, however, there's another technique called linear cryptanalysis which DEZ isn't strong against. And it could have been. Certainly DEZ could have been designed strong against both of those. So that pretty much tells us that at the date of the DEZ design, the NSA knew about differential but not about linear cryptanalysis. But they were way ahead of us. We knew like nothing then. Today, with traffic analysis, the situation is pretty much the same. The NSA's job basically is traffic analysis. They monitor communications only outside the country, of course, and not allowed to spy on US citizens. And their goal is to figure out who's talking to whom and what they're saying or even just why they're talking. So they've been doing this for a long time. They're really good at it. We know almost nothing. There's been, you can count like on two hands, the number of publications and papers that have been written about traffic analysis, studying it. We have no real mathematical model for it. We have no way to say the equivalent in the block cipher world, you say this block cipher would take two to the 80 operations to break. We have no way of measuring that kind of thing in traffic analysis. We can say that, well, this is perfect, that there is no information leaked because all the communications look absolutely the same. But if you get any weaker than that, you just say, well, it's not perfect, but we don't know how hard it is to break. So that's something zero knowledge is actually pushing for, which is a push into the science of studying or studying the science of traffic analysis. And we really want to improve that. That being said, what are we doing? We're doing what we can, given that we know in the public community very little about traffic analysis. Things like link padding, packet padding, and other things which would try to keep your adversary from learning what clients are talking to what servers. Now one thing to point out is we don't try to prevent anyone from learning that you're running freedom. Clearly they can look at the encrypted packets coming out of your computer and deduce pretty readily that you're not running a plain old vanilla Windows box. But what we do prevent your adversary, even if it's your ISP, your ISP will see these packets coming out from your computer, they'll know you're running freedom, but they won't know what hosts you're connecting to, they won't know what protocols you're using, they won't know your pseudonym, they won't know what you're downloading or anything like that. And that's the goal is to, as much as we can, prevent people from learning what you're doing. Yeah, right. So there are two levels of padding. It's more like Mix Master to answer your question. There are two levels of padding. One is called packet padding, one of a handful of fixed sizes, so you can't just follow a packet through the network because it's a strange size. The other is called link padding, which is you make sure that you can't just look at the fact that there is traffic, like this guy's quiet for a while, sends a packet, all of a sudden a packet comes over this link, which was previously unused, and you just follow it. So what you do is you put dummy traffic on these packets, and the goal is to make it impossible to tell when actual data is flowing and when not. It turns out that's really hard to do because users log on and log out, right? When their computer's off, there's no traffic going out from them. And so you do have an issue with, well, what happens if one particular user only logs on for five minutes every month, and then this one pseudonym only posts for five minutes every month? It's not hard to correlate those. So there's only a limited amount we can do in cases like that where the user's behavior is kind of weird, but we try to do things right in the common case. Yeah. So we do support SSL. For e-commerce, it's an interesting question. There's a limited amount that pseudonym only can help you if you want to, for example, pay for something with a credit card. Right. So that's really if you give your name to CDNOW, so they know who you are, they know your address to ship to. Really, we can't technologically control them from giving that information to their advertisers. That would just be part of their privacy policy. That having been said, we are working on things with the techniques by Seth and Bruns, who I mentioned earlier, which will allow things like anonymous cash. So you can pay for things online anonymously without using a credit card. So the first use of that would to be able to buy electronic goods that are just sent to you over the internet. In order to send something through the real mail, it's a lot harder. A number of groups, including the U.S. Postal Service, are working on having private mailing IDs. So you get one of these private mailing IDs from the Postal Service and it's just this string of letters and numbers. And you give that to CDNOW. So you just say, I'm not telling you my name or anything. I've somehow sent you money through some anonymous channel. Here's my shipping ID. CDNOW just sticks that ID on the package, drops it in the mail, and it gets to you through the U.S. Postal Service. Except that at PO Box, you have to, it at least tells you where you are. It's a little better because it tells the sender. In fact, there are new laws that restrict what you can do with PO Boxes and say you have to have two forms of strong ID to get a PO Box nowadays. The U.S. Postal Service is saying, well, we don't have to abide by that because we're the Postal Service. So we can give you these numbers and it's okay because we know who you are. So if you do something bad with them, they know. That is a downside that it's not perfectly protected. The Postal Service knows who you are. Of course, if a number of these services start doing that, where, say, FedEx or UPS gets into the game, you just chain it through a bunch of these and you just play the same chaining games. You play with re-mailers on the net and see what you can do. Shipping physical items is going to be a hard problem to work around. That's right. You take your book and you put it in a box this big so you don't know how big the book is and then you pat it with weight so it all weighs the same. Then you wrap that in three layers of envelopes that can only be opened by the right person. I mean, there you go. It's the anonymous pizza delivery problem. Okay, the question is, why do we pass the packet through a number of different servers on its way to the destination and what is the IP address that the actual destination website or whatever sees as the origin of the packet? So to answer the second question first, it's just the IP address of the last Freedom server. So the website operator would get in his logs something.freedom.net is where the packet is coming from and these things are situated all around the globe. The first question, why do we bounce it through all these servers? It's basically for distribution of trust. If we just send the packet directly from your computer to the website while clearly they would know who it came from, that's the way it works today, it's in their logs. If we send it through one guy in the middle, that's the way, for example, the anonymizer works, then the website would see this guy in the middle and the guy in the middle would see you and also the website. So the guy in the middle knows both who you are and where you're going. So he has the keys to the farm. If he is compromised, if either legally or extra legally, either if he's rooted or served with a subpoena or a warrant or someone comes with a gun to his head, he can reveal that information. The point of having multiple hops in the chain is that nobody knows all the data. There's nobody you can go to and say give up the data. Nobody even knows the whole chain except for you yourself. So in order to figure out who you are, you'd have to go to the last guy and get him to tell you who the guy before him is and get him to tell you who the guy before him is and so on all the way back. And this information is only in memory as long as the connection is active. So you have to follow this whole chain in like half an hour or something, however long you take before you psycho you're out, which happens automatically every half hour or hour or so, and you stick one of these sites in Turkmenistan and good luck trying to get them to give up that data. So that's the idea. It's basically distribution of trust and so it looks a lot like the way the remailer network works. So we are having deals cut with groups like that. The question was when we talked about a few years ago, we announced one of the potential applications is for Amnesty International, for example, to get a whole bunch of copies of this and give it out to people so that they can, those people can contact Amnesty without revealing their location, because this is actually a big deal and there's a lot of work on joining the concepts of cryptography and human rights and it's a really important field. It's not obvious when you first hear it, these human rights organizations really need strong crypto and protection against traffic analysis because usually the people in these countries that are being oppressed, the phone companies are government-owned, they watch everything you send over the internet and it's really important for you not to send an email in the clear time as to the international saying, okay, here's the deal, I have this information, come meet me and we'll talk about it because then you'll just tend to disappear. And it's a serious concern. So we are doing deals like that. Nothing has been announced to date but certainly that's the kind of thing we're working on and if you're interested in doing something like that, if you've got an organization that could use anonymous or pseudonymous communications with your customers or your clients, give us a shout and we'll set something up with you. So the question is what's to prevent a potential adversary from setting up a freedom server and using it to form traffic analysis? The idea behind the freedom network and distributing the trust among all these servers in the route is that you don't have to trust them all. Even if only one of those servers is trustworthy, you still win, only if you happen to pick a route consisting of entirely, not only servers that are behaving maliciously but are cooperating together will your privacy be compromised? So for example, even if you know the US government is running this node and you know the Iraqi government is running this node, just run through both of those and they're really unlikely to cooperate. That's like the best possible situation for you. Well, we don't actually run the nodes ourselves, right? All we want, if someone in Iraq is watching this on Channel 9 you're more than welcome to contact us and get the software. We in Canada are in fact allowed to ship software to Iraq and like here, so there's no problem. Yeah, very good question. The question is, once we open source, what's to prevent people from circumventing the controls of use we put on the network? The answer is, well, nothing really except that their server will be the last one in the hop and they'll get the heat for anything that goes through their server. So if you open up so that you don't require pseudonyms, you have totally anonymous packets to go through, our server does things like prevent against IP games like Smurf attacks and things like this. If you remove those restrictions from your server and allow people to use your server as a launching point for Smurf attacks, well, you may as well just open up an account on your server or just run some operating system in security and let people root it and just let them do that. I mean, there's really no difference. You'll get the heat for it. Software to protect the network so that you won't get heat from people abusing the network. So the question is, is the work being done to provide anonymous publishing through the Freedom Network? The answer is not at this time. It turns out there are a number of other projects out there including the Mojo Nation, which they're talking here this weekend, whose goal is precisely that. And we're happy to provide the anonymous communication layer and let other people provide the servers out there that people actually post data anonymously. It's not something that we need to tie in out of really low rate on the protocol. Yeah, in the back. How does, what did you say? Right, so the question is, how do you prevent people watching the server and client and figuring out who's talking to whom? The idea is this traffic analysis protection we said where you pod the link between your host and the first freedom node so that an observer can tell when actual traffic is going over it and when it's just random garbage. Because random data is indistinguishable from encrypted data if you don't have the keys. And through that, the observer can tell when the end web server is being used, but they can't tell which of all the clients using the freedom network right now is the one doing that, that access. Yeah, right, so the question is what angle are we taking to prevent legal liability if someone uses the freedom network to do something bad? Basically, we do things like I mentioned earlier to try to prevent people from doing bad things. We only allow known network protocols through, we try to cut off known attack modes. That being said, obviously that's not perfect. We do claim that using the freedom network is not a hell of a lot different from using PSI's network or Sprint's network. They certainly don't assume legal liability for packets that go over their network. We do have an incident response team that Jonathan mentioned, that if someone is being harassed by a freedom NIM or something like this, we can try to do things. We can't identify the NIM. One important feature is that the name of the company Zero Knowledge Systems comes from the fact that not even we know the identities behind the NIMs. And that's a big difference from all of the other people claiming to be in this space that people like Pravada are putting up press releases saying, yes, be private with us, but we're socially conscious and we'll keep track of who's doing what on the network so that in the event something bad happens we can turn over that information to the FBI. And the press release says that. And I don't understand why people would put their trust in that because now you're basically at the mercy of their policies and processes and people that they won't, if they have that data that they won't just turn it over arbitrarily. We don't have the data. If you come to anyone at Zero Knowledge and force us to turn over the identity of a person behind a NIM, we just don't have it. And we make this very well known so that we don't get bothered by people coming to us and asking us this. But there are other things we can do if there's proof that a NIM is abusing in terms of service or harassing people. We can shut off the NIM, certainly. We can prevent the NIM from working. We don't know who it was, but we can certainly keep it from continuing. Of course, the person can start up a new NIM. Not much we can do about that. We can also put a block list on outgoing mail so that a particular person won't receive freedom mail if they so choose, just like the Remailers Network does today. And there are a number of other things we do. We have an incident team, as I mentioned, if you're interested in joining it. I know a lot of you have instant response experience. Jobs.ZeroKnowledge.com again. Yeah. Well, that's a great question. So I'm always asked this question. The question is, the service is paid. So people have to give us money somehow, usually by credit card, and they use that to buy their NIMs. And how do we avoid correlating these things? So it's a great question. It's not obvious how it works. I'll give you a brief outline. Basically, as the maxim goes, all problems in computer science can be solved with an additional level of indirection. So instead of just buying NIMs, what you do, we add actually two levels of indirection. We need the extra one to handle a legal problem. Instead of just buying NIMs, we buy what's called an activation code or a serial number. And this is what you pay for with your credit card. It's just like a short string of digits and letters. The reason we do that is because the legal requirements that if you ever sell anything with a credit card, you need to keep a record of it for a certain amount of time because of possible chargebacks and things like this. So we certainly don't want to have anything on record to tie you to a NIM. So we just tie your credit card to this activation code. Now, you don't have to pay by credit card. Certainly people send us cash in the mail. People send us money orders, all this sort of thing if you're especially paranoid. That's fine. We're more than happy to take your money. And we are a revenue-generating company now. As I said, freedom has been out for a while. By no means profitable, of course. That would kill our IPO. But we do have revenue. And that's new since last year. So you use the credit card to pay for an activation code. Then what you do is use that activation code to get what are called NIM tokens. I'll skip that step for a minute and just jump to the end. Then what you do is you get those NIM tokens and whenever you want to create a NIM, you spend one of those NIM tokens with us and you get a NIM. Now you'd think, well, I can tie your credit card number to the activation code and the activation code to the NIM tokens and the NIM tokens to the NIM. So what have I gained with these additional levels of interaction? So the answer is, well, I skipped the second step and it turns out you can't tie the NIM tokens to NIMs. At least you can't tie activation codes to NIM tokens to NIMs. And the reason is what we're doing is using this technology I mentioned by Stefan Brands, which does something called blind signatures. And this is similar to another technology. It does almost the same thing as another technology you might be familiar with by David Shulm, which does blind signatures. The idea being with this technique, a server can sign a message and produce a valid signature on a message without ever having seen the message. So what happens is you send us the activation code and you send us these five NIM tokens but blinded. The server checks the activation code that it's valid and it knows that if it receives a valid activation code, it gets to sign five NIM tokens. So it signs those blinded tokens and sends them back to you. You then complete the protocol, which is kind of known as un-blinding. It's not technically correct in the brand system, but we'll let it go. And then you have these sign... you end up with these five signed NIM tokens, which you can spend later. When we get the signed NIM tokens later, we just check the signature on it, and we say, yep, we signed that, but we've never seen it before. We don't know which activation code was used to get those tokens. So we know that somebody spent an activation code to get this token, but we don't know which activation code it was and we don't know who it was and we don't know when it happened. So this technology really allows us to not know what activation code was used to get what NIMs. It has a lot to do with the technique known as zero-knowledge proofs to deal with that part of math and cryptography. And that's another reason we have the name of the company. Yeah. It's over there. Right now, as Jonathan said, the question is, are there any adversary groups that can do something from within the United States? Right now, we're really encouraging people to come to Montreal. We tried doing telecommuting stuff and it didn't work as well as we could. We'll probably try again as the company grows. We'll find we have to have people working outside of Montreal. For now, it's much more, you work much tighter together as a group if you're all in one physical location. Now, having been said, we are opening a second physical location in the Bay Area. And you might have heard of that if you're interested in working in our Bay Area office, which will have all manner of jobs going on there, jobs.zeroknowledge.com again. And it's in South Bay and it's really cool. The real estate works in South Bay. Basically, you buy real estate and if you wait a week, you move miles and miles further from San Francisco. So you just buy a whole lot of real estate and then you wait a week and then people offer to subreddit from you for 60% more than you paid for it. You can make money off real estate even if you're just like a software company. So zeroknowledge internet privacy solutions and real estate. Yeah. How many servers can you work the traffic through is the question. Right now, the deployed software has a sliding bar that lets you put up to five. The version of the protocols we're working on will allow an arbitrary number of servers. We're changing the way the route create works so that's a little more efficient and as a side effect you can route through arbitrary many servers. Yeah. Okay, good. Okay, so two questions. The first is I mentioned the method we use to prevent tying serial numbers to NIMS using this blinding technique and how do you know that we're actually doing that if we don't have like an auditing firm saying that yes, we're running this code. The second is what was the second? Viability of right. There are a lot of anti-anonymity initiatives for accountability purposes. What do we think is going to happen there? So I'll do that question first. We're heavy into lobbying. We do lobbying. We have signed on with us as our Chief Privacy Officer. We were one of the first companies with the Chief Privacy Officer. We're seeing a lot of companies doing that now. But we have Stephanie Perrin who used to be on the Privacy Commission of the Federal Government of Canada. And she's really well integrated into the Canadian political process. So we do do a lot of lobbying to make sure that it doesn't become illegal to be anonymous on the internet certainly not in Canada. We're doing similar kinds of things in the U.S. It looks like France we've lost. But I mean France had it illegal to use encryption for a long time and I mean how many I don't know how many people from France are here. Anyone from France? No. Yeah, France. Do you use PGP? No? So I certainly have previous DEF CONs. I've met people from France who just say, yeah we use PGP. And one of them even said he tried to follow the law which says you have to submit your private keys to the government. No one in the government could tell him like who that was. No one wanted to actually take his key. So what can you do? So the first question is how do we prove that we're actually forgetting or not learning the identity of the system? And the answer is that's the way the math works. Given what you're doing on the client side which you'll have source to and you can look at the math the client is doing, you can mathematically prove that there's no information leaked to us at all about the identity of your client. So there's nothing we could do to extract that information because it's simply not there. So if you're interested in more on this topic you can go to our website. You can find a copy of Stefan Brand's thesis soon to be published by MIT Press in a second printing. The first printing went out like that. So MIT Press will be publishing the second edition. And check that. Looks like they're trying to kick me out here. So what's that? It never kicked me out. That's so nice. I'd rather try to get us back on a closer to correct time schedule. So I'll just thank you. I'll be out in the hall or something if you want to commentate me with more questions.