The cypherpunk movement left an indelible mark on the internet and how we use it today by starting a discussion on online privacy and encryption. Each member of the movement contributed with their unique insights to the discussion, moving it ever forward, but none of it would happen without Eric Hughes, the cypherpunk herald who organized the mailing list, organized their in-person meetings, and wrote the first anonymous remailer that bounced emails between users to hide the sender. Most importantly, he was the one who rephrased Timothy May’s crypto-anarchist manifesto into something more palatable to the general public.
Little is known about Eric Hughes’ personal life except three things:
- He studied mathematics at Berkeley
- He was an avid student of computer hardware
- He considered the democratization of access to such hardware a must
A private person by nature, Eric made sure to leave little trace behind that could be used against him. What he did leave are a couple hundred emails sent to the cypherpunk mailing list and a lecture, which we will use to figure out where he was coming from and where he was headed. Please be advised that this analysis is by no means conclusive.
The Cypherpunk Email Archive
Cypherpunks emailed each other a lot, with the archive of the cypherpunk mailing list consisting of sprawling walls of text . The first year was fairly tame, but in 1993 and 1994 their popularity exploded. To give you a rough idea of what we’re dealing with, here are the word totals:
- In 1992, cypherpunks emailed 350,000 words across 1,100 emails to each other.
- In 1993, cypherpunks emailed 3,450,000 words across 10,900 emails to each other.
- In 1994, cypherpunks emailed 5,400,000 words across 17,000 emails to each other.
- In 1995, cypherpunks emailed 4,600,000 words across 14,600 emails to each other.
- In 1996, cypherpunks emailed 9,800,000 words across 30,000 emails to each other.
- In 1997, cypherpunks emailed 9,100,000 words across 26,000 emails to each other.
- In 1998, cypherpunks emailed 4,800,000 words across 13,200 emails to each other.
I counted the number of words and emails by using Notepad++ and by rounding them down, so they might not be 100% correct. Anyway, here are some highlights of Eric Hughes’ involvement in cypherpunk mailing archives sorted by years
The First Remailer and Cypherpunk Social Games
During 1992, Eric Hughes sent 88 emails that provided cypherpunks with instructions for setting up a remailer and discussed defining a social interaction before designing protocols for it; a networking process should make sense and work without encryption. Eric completed the first remailer on September 25, 1992, which was close to the start of the archive. He ran into trouble because the email server configuration prevented him from automating the remailing process.
In October 1992, Eric discussed running simulation games. The cypherpunks would gather in an empty office and play some sort of board or card game that let them test their models. That is certainly not a coincidence and, combined with other hints Eric put in his writings, implies he thought of cypherpunks as an anti-social group that needs to think of other people’s needs and wants.
That month, Eric also hinted at something called “Tempest,” which was apparently a monitoring system that could pick up computer monitor signals from 100 meters away. Even a jury-rigged Tempest made out of old CRT television parts could reliably spy on monitor signals.
1993
During 1993, Eric Hughes sent 268 emails that elaborated on his idea of cooperative processing systems. Instead of the mainframe-terminal hierarchy, this new computer hardware paradigm would see the two sides equally cooperate on some task, such as creating session keys and digital signatures.
He also described weaknesses in encryption, such as PGPs random number generation, which he calls “a hard problem.” In his opinion, making noise is one thing, and making properly random number generators is quite another.
In July, Eric Hughes discussed something called a DAN-card, which was apparently a nationwide payment system that was heavily subsidized by the Danish government. It was supposed to be replaced by a “DAN-coin,” a system that used smart cards and had no online transaction costs.
1994
The end of 1993 and the start of 1994 saw the introduction of spammers and griefers to the mailing list. There was mention of death threats sent to a 15-year-old contributor who pleaded with others to keep the discussion on topic. Eric Hughes sent 131 emails that year, which range from discussing fans and fandom and how they can only carry an idea so far — you need practically useful concepts to get people to try out new stuff — to discussing money and what is “real” value.
By November, there were over 600 email addresses on the list. Eric tried to find different solutions to nudge the members into using encryption or signatures in their emails.
1995
Eric Hughes sent 91 emails in 1995, discussing improvements to the remailer concept, such as padding and mixing messages to discourage traffic analysis. He used a lot of networking jargon that boiled down to trust modeling between machines.
1996
In 1996, Eric Hughes sent 2 emails to the cypherpunk list. One talked about how the FBI performed network analysis using the suspect’s address book. The other, sent in September, has his admission that he had stopped reading the list 18 months ago because it had changed and so had he. Eric stated it was not Timothy C. May’s fault. By that point, the emailing list had around 1,400 contributors.
1997
In 1997, Eric Hughes wrote 2 emails to the list, dealing with trademarking and standardizing the cypherpunk verbiage in line with the ISO standard. There is an email by a different Eric Hughes from Canada on where to get telephone surveillance equipment.
Others referred to real Eric Hughes a few times, mentioning his ideas and solutions. For instance, on January 27, Blanc Weber related to Sandy Sandfort that Eric’s idea to curb email spam was to allow access to the mailing list only to people who paid $20 to him. Those who spammed or flamed others would forfeit their deposit, which would go to the victim; those who left without infractions would get the money back.
1998
There is only one email sent under Eric Hughes’ name in the 1998 archive, but I suspect it was a spoofer, seeing how the “From:” address was an irreverent play on Eric’s last name. It was sent in March and contained a bizarre excerpt from a website called “News of the Weird,” which is still online as of 2024 but under a different name. The email referred to Tupac Shakur’s father jostling for Tupac’s estate in court.
By that time, the mailing list devolved into name-calling, drivel, and advertisement spam. Members of the list started sending each other sarcastic replies, such as to use toaster ovens and etch-a-sketch toys as unhackable com puter hardware. The last 8 emails archived are third-party ads.
Writing the Cypherpunk Manifesto
Eric is credited with coining the phrase “cypherpunks write code,” which appears in A Cypherpunk Manifesto he published in 1993. However, the cypherpunk emails reveal he also coined another phrase, “All cryptography is economics.” That phrase arose in October 1992 during a discussion over the use of one-time pads in encryption, which are unique, disposable messaging templates that prevent message analysis. Though they arguably are the strongest way to encrypt a message, Eric argued against one-time pads because they were too expensive and required having a personal connection or a direct line of communication with the recipient. The idea of one-time pads is close to David Chaum’s idea of disposable anonymous addresses.
Another way to read the phrase “all cryptography is economics” is to understand cryptography will only become publicly acceptable if it deals with money. Urging people to encrypt their messages won’t make them do so, but if someone can steal or copy their messages and sell them, they will suddenly become motivated to use encryption. From there, it’s only a small step before they start considering messages and digital money as one and the same, which is how cypherpunks can establish the cryptocurrency ecosystem. His point was that we’re all ultimately selfish; society can best be improved if that selfishness is leveraged.
There is a rough draft of A Cypherpunk’s Manifesto appearing in the cypherpunk mailing archive around that time. Eric calls it a “statement of purpose” and something he put together to quickly explain to people what they are about, with the first mention of it on October 5, 1992. The statement of purpose will quickly mature into the Manifesto, which is first mentioned by name in a January 27, 1993 email. The final version, the one presented online, is dated March 9 by Eric. There are some interesting differences between the statement of purpose and the Manifesto, most notably this section that appears at the end of the statement:
“Cypherpunks don't care if you don't like the software they write. Cypherpunks know that software can't be destroyed. Cypherpunks know that a widely dispersed system can't be shut down.”
That antagonistic attitude is likely a remnant from Timothy May’s manifesto published in 1988, which all but called for a violent dismantling of barriers that kept people fenced in like cattle. However, the published version of A Cypherpunk’s Manifesto replaced that section with a much more agreeable call to the public to get engaged in network privacy and ask for privacy as part of the social contract. Eric undoubtedly kept refining that idea, which is reflected in his lecture, in which he explored the concept of leveraging selfishness to reshape the social contract and democratize access to computer hardware.
“Putting the Personal Back in Personal Computers”
In 2012, Eric gave the eponymous lecture through Skype at CryptoParty Amsterdam, in which he explained the state of modern computing. You can find the recording of his 74-minute address on Wayback Machine. In short, Eric explained that earlier decades were dominated by a special class of computer technicians who had exclusive access to centralized hardware, i.e. mainframes; Eric called it “priesthood.” During the 1970s, the priesthood was disrupted thanks to the mass production of personal computers. Granted, they were still expensive and bulky, but they allowed each individual to have a mini-mainframe, as it were.
The personal computing power let people network on their terms, and as it kept increasing, so did the level of personal digital freedom. Internet service providers who couldn’t keep up with that pace were left by the wayside, with Eric naming AOL as the best example of what happens when a dominant player doesn’t want to adhere to open networking standards. Eric suggested that imposing open standards on platforms is the best way to deal with their unchecked power, naming Facebook (now called Meta) in particular.
However, it seemed to him that the era of the personal computer had come to an end. Eric stated that there was a worrying trend towards centralization, where the local machine served only as a terminal to connect the user to off-site hardware that does the computation, i.e. the mainframe. He mentioned internet browsers as the best example of how computing power has centralized and how users don’t need apps locally; everything runs in the cloud. That social centralization is bound to lead to political centralization in the long run. If a user is forced to share digital space with others, then that user will eventually be forced to share the political views of the platform provider or be ousted. Eric didn’t mince words here and plainly called that state of affairs fascism.
Smartphones and Peer-to-peer Contact
Eric lamented the fact that smartphones come “pre-compromised” and that their users have little say in how they work. Eric admitted that he still uses a smartphone but said he doesn’t have anything important on it except his address book. The smartphone reports to some computer somewhere, and the user has no way to sever that connection while retaining the smartphone’s full functionality. That idea was marketed to smartphone users as “the cloud,” which Eric called “neo mainframe.”
Two uses of the internet that still somewhat resist being put entirely on the cloud are chats and forums. They provide their users with peer-to-peer contact without necessarily relying on a centralized server, with the two most notable examples of apps with such contact being BitTorrent and Skype. To bring down Meta or someone of that size, people should find ways to attack its functionality in a small number of specific ways and use similarly decentralized apps to “nibble it to death.” But, to do that, people’s selfishness needs to be leveraged.
Personal and Societal Woes
Eric said that people are motivated by their personal woes, such as a disk crash, that cause immediate and palpable harm. To avoid such incidents, people could adopt a solution that seemed reasonable but only compounded the problem, such as putting their data on the cloud and letting it be analyzed, processed, and cataloged by the government. That way, they have avoided a personal woe and instead set everything up for a societal woe. If the cloud was disrupted, that meant there was a society-wide collapse or disruption that would cause immeasurable harm.
Any service or product provider who wants to be an alternative to the cloud must first satisfy a genuine market need and do it at least as well as the companies that provide cloud services do. In short, the alternative needs to have a decentralized approach, which Eric described as hard, especially when it comes to user identification. Eric also noted how cloud service providers, including platforms such as Facebook/Meta, always leverage that allure of convenience to impose restrictions on users: Facebook/Meta uses mandatory identity verification, while Google creates universal dossiers on its users.
Software Hygiene
Another personal woe is what Eric described as “software hygiene.” He retold an anecdote of a hacker who dumpster dived for hard disks and analyzed their contents. According to Eric, the hacker discovered that the majority of those hard disks were encrusted with malware to the point of being unusable. Their owners found it more economically feasible to just discard them and buy a new one rather than try to repair them. That is due to the software hygiene issue, which Eric noted happens during normal software installation, updating, and uninstallation, albeit at a slower pace, thanks to bit rot.
The point is that the cloud provides a high degree of software hygiene — the software on the cloud doesn’t need to be installed, updated, or uninstalled, which is a great benefit to the user. Someone who would try to replace the cloud with a superior product would have to provide a superior level of software hygiene while minimizing centralization and data gathering. That has to be a core part of the software design employed by the challengers, but it also has to promote positive liberties rather than negative ones to make people care about it.
Positive and Negative Liberties
In the final section of the address, Eric noted the distinction between the two kinds of liberties described in the 1950–60s by two philosophers, Erich Fromm and Isaiah Berlin. The two had explained that people are motivated by positive liberties (taking action to improve their lives) rather than negative liberties (restricting others from doing something that might hurt us). Eric noted that the cypherpunks’ biggest failing was focusing on negative liberties, meaning preventing a government or hackers from doing something that might hurt people. We can connect that to Timothy C. May’s cry of “dismantle the barbed wire around intellectual property” from The Crypto Anarchist Manifesto and why Eric removed it from A Cypherpunk’s Manifesto.
Positive liberties require an outgoing state of mind and put the person in the driver’s seat, as it were, giving it individual agency and autonomy. Most importantly, they are not possible without free will and self-determination. An interesting implication that arises from these attributes of positive liberties is that they make people take initiative, which leads them to networking with their peers. They will naturally grow into a collective that makes societal change with ease and without using violence.
What Eric tried to say there is that people can tolerate oppression and constraints to a great degree as long as they get at least some positive liberties out of the situation. Simply stating “we should remove X, Y, and Z because they are bad” is probably not going to take hold in the public discourse, but saying “we should do A, B, and C because they give us more personal freedom” will appeal to the people’s desire to be free and take action. Applied to computing, that means the cloud is exceptionally difficult to replace by stating its negative sides; the alternative needs to promote its own positive sides and not care about what cloud service companies think or do.
Eric also warns his audience not to obsess over cryptography. In his view, cryptography is a means to an end, not the end, because it represents a negative liberty (the user is preventing someone else from reading his or her messages). The product or service that would promote cypherpunk values should ideally have cryptography along for the ride but not in the driver’s seat. In Eric’s view, not even the cypherpunk fundamentals, such as where to store a backup of your encryption data, were properly solved. He also mentioned that he tried inspiring other cypherpunks to think alike, but his view did not take hold.
PlasBit’s Fresh Perspective and Positive Liberties
Eric Hughes contributed to the cypherpunk movement with a fresh perspective, one focused on social hierarchies and networking. He understood that social relationships need to be at the core of any kind of technological paradigm shift. The same way computers can have a rigid mainframe-terminal hierarchy, so can humans, and that liberating one can’t happen without liberating the other. But, he couldn’t fix what he saw as the underlying problem in the cypherpunk movement, which was excessive focus on negative liberties and cryptography. He drifted away in search of something better, and he is apparently still out there trying to find it. To my surprise, I found something close to what he was looking for with PlasBit.
Though I haven’t tried PlasBit’s financial services yet, I did have a chance to look into the company’s internal processes. I discovered an emphasis on building healthy social relationships and positive liberties in a similar vein to what Eric Hughes advocated. PlasBit as a company is a true herald of improved cypherpunk ideals and follows Eric’s vision closer than any company I’ve encountered. PlasBit is earnestly trying to take cypherpunk ideals and evolve them to something better, to a place where they include people’s needs and wants and where technology serves humans rather than enslaves them. To me, that sounds like the kind of place where I want to be.