 It's the creator of signal and he is going to tell you what he's doing right now, so The next talk is the ecosystem is moving Challenges for distributed and decentralized technology by Moxie Marlin spike have fun hello All right, so these three kids are playing around and they break into the barn of a farmer and They're playing around in the barn and the farmer here's something in the barn and he comes out To investigate so the three kids have to hide and they see these three empty potato sacks in the barn So they all jump in the potato sacks, but as the farmer comes in there's still kind of like moving around a little bit and so the farmer You know is investing in this situation and he starts walking towards one of the potato sacks and the kid inside See what's happening and so he says Yeah, and you know the farmers like oh, there's a cat in there Okay, you know and so he starts looking at the other potato sack and you know the kid inside sees what's going on And so he's like woof And so farmers like oh, okay, there's like a dog in there And so you know the farmer starts looking at the third potato sack and as he gets closer The kid inside says potatoes. I'm like the potato kid right now I all those people who got like six hours of sleep last night. You're doing better than me I'm at like seven percent, you know Jet lag is a crazy thing. I Felt asleep at like six last night Just couldn't stay up any later. And you know, I was like hard to sleep I you know felt like I sleep forever and so I woke up and I was like wow I slept for a long time and I looked at my phone and it said 715 so I was like, oh wow, I'd like slept all night. This is great. You know like I'm waking up at 715 in the morning So I like got up I'm like brushing my teeth and shit, you know, and eventually realize it's 715 at night still I slept for an hour and 15 minutes, you know Okay, so My name is Moxie I work on a messaging app called signal signal is a private messaging app But it is not decentralized Which is to say that there's no like federated mesh p2p blockchain something something But every now and then people are like there should be a federated mesh p2p blockchain something something So I want to talk a little bit about decentralized systems from the perspective of the time I've spent at signal on the work that I've done there and You know what we're trying to accomplish So I think you know at a high level I Should say that you know while I work in software. I Greatly envy musicians writers filmmakers painters These are all people who create things and can really be finished forever you can record an album today and 20 years later you can listen to that album and appreciate it just the same but software is never finished You cannot write a piece of software today like write an app and then 20 years later just You know enjoy that app in the same way Because software is part of an ecosystem and the ecosystem is moving The platform changes out from under it networks evolve security threats are in constant flux the UX language that we've all learned to Speak and understand together really sit still and as more money time and focus has gone into this entire Ecosystem the faster the whole thing has begun to travel The world is now filled with rooms that look like these in buildings that look like these that are packed to the rafters with people who sit in front of a computer for eight hours a day every single day and All of the energy and the momentum behind that means that user expectations are evolving rapidly and evolving rapidly is In contradiction with decentralization How is that possible? What does that mean after all the internet is decentralized that seems like a dynamic evolving rapidly kind of place But when you really look at it like the fundamentals of the internet That's not always the case If for instance if you look at like IP, you know one of the fundamental protocols of the internet How do we get you know how have we done with that? Well, we got to the first production version of IP and we've been trying for 20 years to get to the second production version Without a lot of success You know HTTP. Okay, we got to version 1.1 in 1997 And we've been basically stuck there until now SMTP IRC X MTP DNS. It's all the same. They're all frozen in time Circa the sort of early 1990s Because once you decentralize a protocol it becomes extremely difficult to change You put it out there in the world. There's like many different clients different implementations Different deployments and so making any changes becomes extremely difficult Meanwhile centralizing protocols has been like a recipe for success, you know, it's what's slacked it with IRC It's what Facebook did with email. It's what's apted with X MPP in each case The decentralized protocol is stuck in time But the people who've centralized them have been able to just iterate super quickly and develop these products that are extremely compelling to people So the fact that something like email is decentralized is Cool in the sense that I host my own email. I have since 1996 I wouldn't really wish it upon anybody But I still do it But the fact that email is decentralized is also what means that my email is not encrypted And never will be Because it's it's too difficult to change at this point. It's it's out there in the world and making that change It's probably not gonna happen You know by contrast WhatsApp is centralized, so I don't like run my own WhatsApp server. I don't have my own You know WhatsApp data store or whatever But it's and 10 encrypted for billions of people died by default and they were able to just you know roll that out with a software update So I think this is that sort of the fundamental Problem that we have to deal with right which is so long as decentralization means stasis while centralization means movement That decentralized environments are gonna have a lot of trouble competing with centralized environments But you know, why do we want decentralization? Anyway, you know like people talk about decentralization a lot But what is it that we're actually after I think when you sort of break it down The partisans of decentralization are advocating for you know increased privacy Censorship resistance availability and control these are things that I think people who are into decentralization are really Kind of looking for and and hope to get out of that world So let's look at these in turn because these are things that I'm interested in as well And that I would like you know an app like signal to provide So, you know privacy We've already seen that Decentralized systems are not inherently encrypted. In fact, most decentralized systems in the world are not and 10 encrypted by default and there's nothing about decentralization that makes The things encrypted, you know, and so I think advocates of decentralization Have a different take on privacy, which is one of data ownership the idea that like you can You know run a service yourself and that you maintain ownership of that data and those people You know also point out that that includes metadata Not just, you know the contents of things like messages or something but also the metadata about them And that so in a sense that you know that is better than just some kind of encryption solution But in a lot of ways I feel like this is Somewhat of an antiquated notion that has left over from a time when computers were for computer people You know this You know, I think in the in the 1990s The sort of general thesis for people working in the space was let's develop really powerful tools for ourselves and then teach everybody to Be like us And that's not really how the world developed You know at the time we sort of imagined that the internet would look like this That not only would everyone on the internet be both a producer and consumer of content But also a producer and consumer of infrastructure And neither of those things really bore out In reality the internet looks a lot more like this You know that things sort of seem to naturally roll up and converge into these like super nodes That people are making use of that people aren't all producers and consumers of content or infrastructure So You know given that world while I host my own email You know since the world looks like this I don't actually have any meaningful data ownership even though I run my own mail server I don't actually have any kind of metadata protection or anything like that because every email that I send to receive has Gmail on the other end of it Even though I host my own mail server I might as well just be a Gmail customer because they have a copy of basically every email that I ever send to receive So given that I think that the world has developed in this direction I I I feel like real data protection is more likely to come from things like end-to-end encryption than it is from data ownership and that Things like metadata protection are going to require new techniques and That those new techniques are more likely to evolve in centralized rather than decentralized environments because Centralized environments are where things tend to change So for instance, you know at signal, this is an area that we've been working on a lot so at signal, you know, we have technologies like Private groups private contact discovery sealed sender These are things that Mean that you know the signal service has no visibility into a group communication or even group State or group membership information No visibility into your you know contacts or even your social graph and No visibility into who is messaging whom So, you know looking at something like private groups the way that group state is usually maintained is you know on a server you have a database and in that database you have a record for every group and You know the group needs to contain information like, you know, what's the group title? What's the group avatar, you know, what's the membership, you know, who's in this group? What are their roles? Maybe someone's an administrator or someone maybe someone's a group creator I mean once someone's like a read-only group member and then you know, maybe some group attributes like a pinned message or something like that and you know You know clients can query this database in order to render group information for the user and You know given that It seems unlikely that we're gonna move into a world where everyone is like running their own servers In addition to their own clients that just merely like, you know putting this plain text database in the in the You know on everyone's individual servers is sort of unlikely So, you know one thing you might think about doing is just encrypting it right where you could just have this server-side database and in the database All of the entries are encrypted with a key that is shared amongst group members, but that the server doesn't have any visibility into And so, you know, that seems like a straightforward solution. The problem is that You also need a server to be able to enforce Access control and basic rules right like the server should be able to look at the members of your group and Determine whether you know group members authorized to make changes like to change the title or to add another member to a group or to kick Someone out of the group or anything like that But if the data is encrypted, then how is the server going to do that? So at signal we we developed a anonymous credential scheme that allows the server to store encrypted membership lists, so the server has a you know a record for some random group of It's members, but each you know members in encrypted so the server doesn't know who the members of the group are and then you know let's say Alice wants to add someone to a group Alice can construct a zero-knowledge proof and Authenticate to the server proving that she has a Assigned credential that matches the encrypted contents of one of the group One of the group members will without ever actually revealing what the contents of the of that record are or who she is and Then you know once authenticated Alice could you know add another member to the group like Frank and then you know Once Frank gets out of the group He can come along and do the same thing where he constructs a zero-knowledge proof and is able to prove in Zero-knowledge without revealing who he is or or the contents of this record To the server that he is a group member and he might request a membership list The server you know transmits the encrypted values to him Then he can decrypt them locally with the key that's shared amongst group members and determine who is in the group and display that to the user You know, so this is an example of some you know new cryptography that we Developed in order to solve this problem and you know, it's again like a new technique in order to To offer some privacy preserving Technology in a space that I think is you know more likely to happen in places where we can just make these changes and roll them out super easily All of this adds up to you know a world where I can publish the server side state for my signal account There's nothing in it really You know, even the profile data is encrypted the only you know real Unencrypted values here are the last seen time in in day-level precision that I connected to the signal service and when my account was created There's no group information about like, you know what groups I'm in The titles of those groups to average ours of these groups who the other group members are My contacts, you know aren't stored there. I have my social graph isn't on the service my even my profile data is Visible to the service and you know when people message me or I message people the server doesn't have visibility to that Meanwhile my email still isn't even antennae cryptid and never will be but even if we did live in this world where You know the internet looks differently and everyone is both a producer and consumer of infrastructure this PDP PDP world is not necessarily privacy preserving in itself For instance when we first rolled out voice and video calling and signal We designed it so that it did establish PDP connections between The both parties of a call so you know if I call somebody I would establish a direct connection to that device But when we deployed that people like wait a second wait a second like does that mean that someone could just call me and learn My IP address I don't want that, you know, what about all the metadata here that like, you know my ISP or You know someone on Wi-Fi or whatever on the same network as me can see who I'm calling And who's calling me like that's not what I want Isn't there anything you guys can do about this and yeah, we can just you know route it through a server instead And so that's what we do in many cases so, you know, you know thinking about privacy I I kind of feel like that Decentralized systems aren't inherently going to give us the privacy properties that we necessarily desire And that it's more likely that we can develop Technology to you know offer what it is that people want in centralized environments Thinking about a censorship resistance This is another Area where I feel like the the idea of censorship resistance for decentralized environments Is that many things are somehow more difficult to block than one thing if you have like many servers That it's harder for a sensor to block access to those then it is to block access to one server And again, I feel like this is sort of like an antiquated notion Left over from a different time that in today's world if something is user discoverable that it's also going to be a sensor discoverable in a lot of ways But the basic idea is that like if you're such and such at something comm and something comm gets blocked You could just switch to something else. It's something else comm, you know, and you can just sort of keep moving around like that The problem is that every time you do that you blow up your entire social graph So, you know, if you imagine a scenario where there's a bunch of different, you know users who? You know are affiliated with a bunch of different Servers that if you know one server gets blocked by a sensor that the users who can no longer access that server can switch to different servers But the problem is as soon as they do that they Have to be rediscovered by everyone else in the network because now they have a different address and It's more likely that if you know one server is blocked at any given moment that you know All servers are gonna be blocked in that moment and everyone has to switch to like a whole another thing and at that point You've like really blown up, you know your entire social network Everyone has to rediscover everyone from the beginning. You're basically playing a game of whack-a-mole. That's it's very asymmetric because every day that You know sensors take an action to block known servers is basically like the first day of your entire social network You're starting over from scratch where everyone has to rediscover each other all over again So, you know to the extent that if your strategy is sort of like bouncing around It's actually I think more effective to just have one centralized service with multiple ingress points So, you know if you have a service and there's a bunch of users who are using that service That if access to that server gets blocked to just you know spin up another Ingress point, you know a proxy or even you know a VPN or something like that Everyone can switch to at the moment that people switch there You know, it's the same kind of thing where it's like the switching strategy But you're not blowing up your social network. Everyone has the same Addressing can be identified if I could splocked, you know, you switch to another one, etc. etc, so you're playing a game of whack-a-mole, but it's not as asymmetric because You know the switching cost is very low This is the kind of strategy that apps like what's happened signal have used to resist censorship attempts in Most times that that that they've been attempted so, you know, they'll use strategies like domain fronting Which basically You know when clients Is a Technique where like a client connects to a CDN that's operated by Some large CDN provider and you know does a DNS and SNI TLS connection with one host like you know some large service like Google Maps or something like that But then the HTTP host header includes or specifies a different address, which is like, you know a proxy And so in order to block this like the sense of block access to you know some larger set of services rather than just one specific service or Using techniques like proxy sharding, which is basically like you set up multiple ingress points And you shard access to them to different users. So You know only some users can discover some access points, which means that a sensor can't discover all the access points Very quickly and that as things get blocked you, you know, keep shuffling around These are the kind of things that require moving quickly that like you know as People are trying to block access to a service that you're moving very quickly to respond And again moving quickly is not necessarily something that is Easy and decentralized environments So again when it comes to censorship resistance, I feel like You're sort of more likely to see effective censorship resistance and centralized environments rather than these Decentralized environments and in many cases, that's what we've actually seen And then you know availability so Every time there's like an outage people are like you should decentralize, you know You know you wouldn't have as many outages, but I think the reality is that you would just have more outages, you know like you It's you know if you think about it in terms of like if you have a centralized service And you wanted to move that centralized service into two different data centers And the way you did that was by splitting the data up between those two different data centers You just have your availability Because the meantime between failure goes up since you have two different data centers Which means that it's more likely that there's going to be an outage in one of those data centers at any given moment And since you've split your data between them you have the availability of that data so again, I don't think availability is Necessarily something that you're more likely to see a better availability and decentralized rather than centralized environments And then finally Control so I think this is a really interesting moment the Current sort of sentiment in the world today Has changed a lot now people sort of feel that the internet is this terrible place and ways that I don't think people used to feel that the era of Utopianism and this vision for you know technology providing a better and brighter future is Coming to an end And I think a lot of that comes down to a feeling That we have a lack of control that Technology is not actually serving our needs in the way that we want it to and that we don't have any control over or agency over how that is manifest and So I think you know the strategies that partisans of decentralized environments have For manifesting that control is you know either through this like switching idea Basically, so that it's like if you have a federated environment that different services could behave differently so that you know if you were a subscriber of one service and your provider Started to behave in a way that you felt was inappropriate that you could just switch to a different provider But not lose access to the entire network Which you know I think has a certain appeal but you know if that is true if that is You know a strategy worth pursuing I think we have to ask ourselves. Why do people still use Yahoo Mail? You know it's Hasn't been updated in like ten years. They had like you know a massive series of security incidents It's not clear who even owns it anymore But people are still using drug mail like a lot of people are still using out who mail Why because changing email is hard? and I think We're it's sort of this interesting moment where you know switching from Yahoo to Gmail is Actually harder than switching from WhatsApp to telegram to signal Because again every time you switch email providers you basically blown up your social network Everyone has to rediscover your new federated identifier and then if you use a non-federed identifier like a phone number as the basis for your social network that you know switching between You know different services that aren't actually connected with each other is is is actually easier than switching between federated services and The sort of notifications on your device your desktop becomes like the federating bridge Between those networks in a way that is in some senses more effective than the federated models ever were the other sort of Strategy I think for maintaining or regaining control from decentralized environments is extensibility So this is the idea that what we can do is develop a protocol That is designed to be extended so that different people can Modify this technology in ways that you know It feels like meet their needs and I think you know the best or the But most well-known example of this is a protocol like XMP P Which was a chat protocol to design to be extensible But you know in the end what we ended up was ended up with was this like morass of zeps which were the extensions and There wasn't ever like a feeling of strong consistency which generated a lot of Uncertainty amongst it within the user experience, right? So, you know even today it's like you want to send a video over XMP P like You know, it's like there's a zip for that like does the recipient support that we don't know you want to send a gift like You know, that's a little dicey, you know, it's like I'm sure you know and none of the extensibility that was built into the protocol could actually adapt to You know major changes that needed to be addressed like You know adapting to mobile environments So I feel like in the end like the hold of extensibility thing didn't really provide the control that people wanted because those zeps were Of a little value until they were adopted everywhere Which is hard to do And then you know even in distribute like pseudo distributed kind of models like Bitcoin I think that the control that people have it's sort of interesting that the control that people are seeking has manifested In the form of forks, you know, so that when there's a disagreement People just you know start a new network, you know like, you know, Bitcoin cash or you know various all coins That you know people take like the existing code base and just you know start a different service You know, ultimately, I think that has led to like a lot of confusion in terms of You know users that are engaging with these networks, but to the extent that People are manifesting the control that they would like to see It it's interesting to me that it doesn't seem to have much to do with the decentralized nature of these protocols that it has more to do with the Open-source nature of these projects that because these projects are open source It's very easy for people to take what's there and just change it and you know redeploy it as something else So in a sense, I feel like that, you know, open source is sort of the best tool that we have in terms of manifesting control but even that I think is like it's like a difficult ask because If You know what we want is for technology to better serve us I think we have The larger problem in my mind is that if what it takes if what technology demands is Rooms that look like this and buildings that look like this full of people sitting in front of a computer for eight hours a day every day forever that It's unlikely That we're going to see technology meeting our needs in the way that we wanted to You know all the time people, you know have these ideas where they're like well, what if there was like uber? But it was decentralized So that like, you know, the money goes to the drivers, you know, wouldn't that be cool? I think that would be cool But if what it takes to build that is rooms that look like this and buildings that look like this with people who sit in Front of a computer for eight hours a day every day forever Guess where the money is going to go it's going to go To those places, you know So I think if we're serious about like, you know changing technology so that it better serves us to me the the best thing that we can do To make that happen is to make technology easier to make the deployment and development of technology easier and again decentralized systems Are not the first thing that like pop into my mind when I think of easy You know in a lot of ways, I feel like, you know decentralized systems make everything harder in a world We should be trying to make things easier for people to deploy So, you know on the whole I feel like, you know, these are the challenges for decentralized systems that in a lot of ways, I think that they're You know, we need to like reimagine how it is that we're thinking about technology even the direction that the world has gone And that we can You know Find the solutions to these problems and the things that we're looking for In ways that are perhaps more effective than building decentralized systems So I'm not entirely optimistic about the future of decentralized systems, but I would also love to be proven wrong However, I feel like anyone who's working on decentralized systems today needs to do so Without forgetting that the ecosystem is moving In the words of Marx We can create our own history, but only under circumstances that are directly transmitted from the past. Thank you All right You can see eight microphones in that hall and also we take questions from the internet So if you have a question, please line up on the microphones and the first question goes to the internet, please Twitter wants to know if you can comment anything about post quantum securities So for example, there was a thesis by Ines Duit at the University of Twente about the post quantum signal protocol Okay Yeah, I don't I haven't seen this this thesis so I can't really say anything about it But you know the way that things are sort of headed is is you know, people are trying to develop post quantum Crypto post-quantum key exchanges and stuff like that The situation today is that like as we develop those things, you know, we're developing or as people develop those things You know, we're trying to develop increasing confidence and those algorithms There's also a little bit uncertainty about like whether those are like pre quantum resistance in some ways Just because things are so new so the way that things are going is you know People are trying to like take a new post quantum key exchange stuff and mix them into You know pre-quantum key exchange stuff so that it's like additive security property So that if those things turned out to you know have problems even in the pre quantum world that you're not shooting yourself in the foot So that's sort of the direction of the things are going and you know, we'll probably start looking at that more as those things mature Okay, as we have a lot of questions, please keep your questions short first question to microphone number four Hi, thank you for the talk I was wondering in all this Overview how you perceive the efforts and on the standard of messaging layer security of providing this base layer of Enter and encrypted communication, which is to my knowledge decentralized and in its thoughts Yeah, okay, so I think You know, we're not actually a part of the the MLS process and MLS is like focusing on one specific Scenario which is a specific scenario within just the group messaging I think, you know, there that's like a whole other conversation that I think, you know, that there's a lot of challenges there that They may not be thinking through but I think that the I mean what's interesting is that It is a sort of unique scenario and that it's like a standards process amongst, you know A number of entities that don't actually communicate with each other so it's not It's not entirely clear what having a standard The value of having a standard is since there's no real plan for these entities to like federate or you know have some merging of their networks Other than just, you know agreeing on like a set of principles for cryptography that everyone feels like our you know a solid thing to adopt Okay, thank you. One question for microphone number one, please Hi Thanks for that thought-provoking talk. You said so many things I disagree with it's tough to pick a question but the What I'm going to ask is the features you have about Private groups and sealed sender those seem to be protecting data at rest for when the servers compromised The data that's on it is less useful to the attacker But if the server is already compromised, it's not really providing a traffic analysis protection Your metadata protection is effectively a pinky promise Oriented architecture and you've outsourced the keeping of the promise to a defense contractor owned by the richest man in the world And so my question is How confident are you that Amazon is keeping the promises that you're making? well, I mean, you know the purpose of Projects like signal is to Get to a place where it doesn't matter, you know, like where something is hosted or whatever, you know and so, you know you point out though, you know what we're talking about here is stored data and You know, it's like in attacking this this You know in attacking this Problem, you know, I think you have to you know start from one place and and you know work until you end up where you want to be and you know right now like You know the worst thing that you can have is data and a database, you know because like what? You know what tends to happen on the internet now, it's like when there's data on a database that it just Becomes public. There's like a lot of data dumps out in the world. So like that's the worst possible scenario And you know by design, you know, most systems are Set up so that that in order to function they need to have data in a database that is at great risk I think of you know ending out ending up, you know public out in the world and So, you know the first thing you want to do is design your system so that you don't have to have data in a database And so, you know, then, you know, you know what you're talking about is like, you know Traffic analysis and you know things like that that you know people can you know look at traffic flows in order to figure out other like, you know metadata properties You know, there's things that users themselves can do today to help with that You know they can use tour they can use like VPNs or whatever like that in You know using these systems and then that's also where we eventually want to go It's like, you know to keep working up the stack in order to you know have something that is fully comprehensive All right, we take another question from the internet, please RC wants to know what do you think of pit pit to peer solutions that also hide participants email IP addresses? Sorry, for example by exposing them only through rendezvous points like tornos Yeah, I mean that could be cool. I mean I think you know the challenges Developing, you know The challenge is developing a system like that that is actually scalable that, you know You know large number of people large numbers of people can use and then it counts for the fact that the ecosystem is moving that you can develop a decentralized thing that you're able to Interate on quickly and so I think that is You know in developing decentralized systems I feel like that is the most important question for me just in terms of you know the time that I've spent in the space and The work that I've done there that I'm like much more interested in like unique Approaches to solving that problem Then I am like the specifics of you know IP address hiding with tornos or something like that Okay another question from microphone number eight, please Apart from the US government what countries have you received data requests from and how did you respond? I? Don't we've never the only response that we've ever issued to You know any subpoena or like governmental request is you know on our website We have a section where we post all of the you know requests that we respond to I think signal.org slash big brother And so it's only one request that we've ever responded to Okay, one more question from microphone number three at the end, please Hi Signal has a very big reputation as being good and secure communication tool for activists This is also being pushed in the global self I have the honor to work with some global self organizations. They're very suspicious of the signal Especially due to the fact that you have to provide a phone number So your location can be tracked and all sorts of other problems that everyone here is fully aware of I would like to know Why why is that even still a thing for signal to provide to make people provide? Phone numbers. Yeah while still being hyped as a secure tool for activists I think this contradiction is the important person. Yeah, that's a great question. It's It's a really complicated question. So So, you know any Any social network needs any social app needs a social network? So signal is a social app and it is a social network And so the social network that we've chosen to use is the network that exists on your device already That's user owned that's portable the address book on your phone And so there's a lot of cool things about that, you know if that's your social network it empowers the users in a lot of ways because You can move that network with you as you go from service to service like as I pointed out You know moving from WhatsApp to telegram to signal is is easier than switching from Yahoo mail to Gmail for that reason On the other hand, there are a lot of people who don't want to They don't want to be a part of a portable network, you know that they want to You know be they want to use signal in a way where like people can't figure out how to contact them through other means for Legitimate reasons the challenge is that if you're building your own social network you you need to store it somewhere Well, I think there's two challenges one is that if you're building your own social network, you need to store it somewhere So, you know for instance like you know There there are apps that have successfully built their own social network if you you know look at an app like snapchat or something Like that, you know you can create a username and most people associated with a phone number, but you don't have to But you know you'll notice that like if you uninstall snapchat and you reinstall it Your social network is still there Where was it all of that time, you know if you drop your phone in the toilet and you're in slow snapchat You still have your social network. Where was it? It was on snapchat server, right? They have a full copy of your entire social network social graph etc etc so that You know so the challenge for us because this is you know something that we would like to provide is that If we have this alternate social network, we would need some way to make that persistent That it's bad enough that right now when you you know lose your phone and reinstall signal you lose all of your message data because it only exists on Your phone, but it would be even worse if you lose your entire Social graph at that moment as well and that you have to rediscover what everyone's identifiers are And at the same time we don't want to just store, you know social graph and plaintext that we have access to That entire social graph and that if signal is compromised You know that whoever compromises signal also has access to your entire social graph And so you know the challenge is in developing something that's actually privacy preserving that allows us to you know maintain the social graph every time So we recently, you know published a technology preview of Something that calls secure value recovery that is basically the first step in order to solve this problem the other challenge though is that it depends on what you mean by not provide your phone number because you know there are Plenty of applications that you can use where you like use some alternate identifier That isn't necessarily associated with phone number But the sort of unfortunate reality is that you know in all of those cases your Client needs to provide to the server either an FCM or APN identifier which is used to send post notifications to your device and that Is does uniquely identify your device in ways that could probably use be used to identify your whatever your phone number is So it sort of depends on what your your threat model is there, but Okay, thank you very much. I know there are a lot of more questions But unfortunately time is over if you want to the speaker will be around later on you can gather up here But the talk is now done. So give a huge round of applause for Moxie Marlin spike