Hey, you should hire me.

Hi, I'm Zach, a full-stack usability engineer.

ICE Stonewalling Domain Seizure FOIA

Nine months ago, I wrote a blogpost outlining the exponential increase of domain name seizures by the US government and calling for a site to track these abuses.  One disturbing element of this was that there is no list of domain name seizures, so I put in a FOIA request to ICE.  Nine months later, I’m still waiting. (more…)

Continue Reading →

End-To-End Web Crypto: A Broken Security Model

End-to-end encryption of web services is increasingly popular: Mailvelope aims to bolt a PGP client onto webmail and both Yahoo and Google are working to add support directly. However, the fundamental nature of the web and the limits of human cognition make web-based E2E encryption susceptible to MITM attacks.  While still potentially useful, such systems should not be used by high-risk populations such as journalists and human rights workers. (more…)

Continue Reading →

Namecoin: A Decentralized Trusted Base

Introduction I’ve been thinking a lot about transport-dependent DNS settings (BIND, http, tor, and i2p) and the architecture the original Domain Name System and applied encryption. After long talks with Ryan-C and Mark of EasyDNS, I believe we need to recast Namecoin’s purpose as a decentralized trusted base which offers secure delegation, not as a generic key->value datastore. A Trusted Base The real innovation offered by the blockchain is the ability to have trusted transactions between untrusted parties. Public-key cryptography

Continue Reading →

DNSChain vs Real Interop

In the dustup generated in my article on DNSChain’s broken security model, some argued that there is a need for a trusted solution. I agree with this, my criticisms of DNSChain are that it misrepresents its security model and introduces the worst kind of third party trust without any gains in usability or interoperability. I’m working on a more secure trusted server solution that provides backward compatibility with the existing domain name system. (more…)

Continue Reading →

The Road to Universal .p2p Resolution

I came to BitShares with the express purpose of convincing them to reinvigorate their .p2p efforts.  Thankfully, I was pleasantly surprised to find that the .p2p initiative had fizzled not due to lack of interest but of bandwidth.  The core development team liked my overall plan and I would like to present my roadmap for making .p2p a reality for the BitShares community. (more…)

Continue Reading →

DNSChain Routers: Still Broken

Since my original critique, DNSChain has moved to claiming that their client/server model does not rely on third party trust because they think that they can get Namecoin installed into home routers and personal PlugPCs which “everyone” will configure their clients to connect back to.  This is infeasible and unnecessarily ties their security model to a regressive form of third party trust. (more…)

Continue Reading →