Around the beginning of the COVID-19 pandemic, so about the middle of March 2020 I saw a video, Let's Crack Zodiac, where David Oranchak introduced the unsolved Z340 that the Zodiac killer sent to papers years ago as a taunt. He and his team would later famously solve it about a year later. The way Oranchak talked about the study of ciphers and what kinds of things you can determine from them fascinated me. I wanted to know more about ciphers and wanted to crack some myself. I joined the American Crytogram Association and I am a member still today.
These kinds of "pen and paper" ciphers have an old-timey "doing the Sunday crossword" vibe to them. I like the idea of staring at jumbled symbols and letters and the answer locked inside them is just staring back at you, almost beyond my reach. Around the same time I started to want to know how modern cryptography works and it's a completely different subject that revolves around mathematics more than wordplay. I found a platfrom called CryptoHack that's made for learning modern cryptography. Solving cryptography challenges has been one of the harder things I ever tried to do. Finally solving a difficult challenge feels amazing, however I'm the kind of person to easily give up on a problem if I can't figure out an answer pretty much right away. When I hit a particularly difficult challenge my mind goes into a dark and self-defeating thought cycle along the lines of "why am I even doing this?", "I'm just not the kind of person that can do this kind of stuff" and "I could be focusing on something way more useful right now". It's a paralyzing feeling that makes me feel horrible. I have a lot of interests and despite really getting into something, my interest fizzles out and it feels like I haven't achieved anything and likely none of my interests will lead me to anything fulfilling.
Despite going back and forth with getting into cryptography and then something else and something else, the allure of cryptography just kept me coming back. I would find books and read more about it's arcane history and the people who dedicated their lives to it. The amazing thing about reading about the history of cryptography to me was that it felt like I had discovered this secret history that despite being out in the open, I had barely even heard about. Names like Whitfield Diffie and Bruce Schneier were familiar to me but who these people were or why they did what they did was something I never considered. This Machine Kills Secrets by Andy Greenberg got me thinking about the power of secrecy and how people involved in this field had amazingly strong moral convictions.
There's a passage in Crypto by Stephen Levy that really resonated with me. It's about Whitfield Diffie and why he was so interested in cryptography despite not having any professional connection with it at the start of his career. I have to say I feel the same way:
He had an unusual drive for getting at what he considered the bedrock truth of any issue. This led to a fascination with protecting and uncovering secrets, especially important secrets that were desperately held. “Ostensibly, my reason for getting interested in this was its importance to personal privacy,” he now says. “But I was also fascinated with investigating this business that people wouldn’t tell you about.” It was as if solving this conundrum would provide a more general meaning to the world at large. “I guess in a very real sense I’m a Gnostic,” he says. “I had been looking all my life for some great mystery. . . . I think somewhere deep in my mind is the notion that if I could learn just the right thing, I would be saved.”
Over the past year or so I've been reading a lot of books on privacy. I think it all started with stumbling upon The Puzzle Palace by James Bramford. It's an old book but it tells the story of how the NSA got started. It's a deeply creepy and fascinating book. It gave me this glimpse of a world I could barely see, a world where most of us are watched for any signs of abnormality or trouble. I hate the idea that there can be all this data on us being collected without our knowledge and this data is being used to determine out suitability to join a certain strata of society. To be honest, I started reading the book because of the cool name but it hooked me.
At parties and group chats I get labeled as a privacy extremist. People feel I've "fallen down a rabbit hole" and value privacy more than is reasonable or practical to. To me it feels like privacy is just something that ought to be the default. I don't like the feeling that there is a system surrounding us taking notes all the time and I'd imagine that most people don't like that either, but the more I talk about privacy the more I've come to realize that I need to be able to talk from experience and by using concrete examples. Even I know that arguing purely from a place of principle only gets you sidelined. Unless you give people reasons to care about something they profess to not really care about, you are just going to sound like a principled idiot.
To this end I've been trying to read more about the idea of privacy and the laws that ought to govern it. The best book I've found so far is Why Privacy Matters by Neil Richards. It not only gives plenty of examples of privacy violations that would deeply creepy out even the most jaded cynic, it introduces the legal frameworks that most western countries operate under and even discusses how the idea of "Privacy Is Dead" came about and how it was likely framed by the very people who harvest our data the most.
The reason I set up this blog is to have a place to write down some of the thoughts I have about cryptography and privacy and just make sense of it for myself. I would like to write reviews of some of the books I mentioned along with other books regarding cryptography and privacy. Now that I've been getting more into modern cryptography, I would also like to give some practical advice to how people could go about implementing cryptography in their own lives if they want to. I was surprised to see that there really isn't too many good tutorials on how to use PGP or encrypt data out there and I would like to try to write some easy-to-follow guides that take the mystery out of a lot of this stuff.
If you've just stumbled upon this blog, I hope you find some of the things here interesting. My public PGP key can be found in the "Who Is m4ra" page here if you want to send me a message. I don't have a public comment section on this blog but you are bound to find my email on the main site if you really want to reach out. That's all for now, I hope that I'll be writing something interesting soon.