MEMBER SINCE 2022
§01 · EVENT BADGES
5 editions attended.
§02 · TALKS & PANELS
On stage.
From PGP to Marmot: Three Decades of Messaging Protocol Exploits and Defenses
Encryption keeps getting better. Messaging systems keep getting exploited. Each generation of encrypted messaging solved a real problem. PGP encrypted content, leaked every header. OTR added forward secrecy, died if one party went offline. The Signal Protocol solved async delivery and reached a billion users through WhatsApp, on centralized servers. Decentralized projects attacked the server problem: Briar over Tor and local mesh, Session through onion routing, Matrix via federation. Real projects with real users. Each accepted a constraint somewhere else: no group encryption standard, text-only media, metadata visible to operators. So far, every step forward has left a gap. Modern attackers have adapted. The "Careless Whisper" timing attack profiles Signal users through delivery receipts, no decryption needed. FORCEDENTRY compromised iPhones via iMessage with zero clicks. Google Project Zero called it one of the most technically sophisticated exploits they had ever seen. The FBI built ANOM, a complete encrypted phone platform, sold it to 12,000 users, and read every message from a server they controlled: 800 arrests in 16 countries. This talk traces the full arc: what each protocol generation fixed, what it left open, how attackers adapted. The recurring lesson is architectural: encryption protects content, while servers, phone numbers, and centralized infrastructure expose everything around it. Marmot Protocol is the next step in this evolution, built on everything that came before. MLS (RFC 9420) provides group encryption with forward secrecy, post-compromise security, and O(log N) scaling, after five years of IETF standardization, with production deployments at Cisco, Discord, and Google. Nostr removes the central server, and Nostr keypairs replace phone numbers. Users control their own infrastructure, the same principle Bitcoiners already apply to money. The talk covers the full attack surface of encrypted messaging and where Marmot fits.
State of Bitcoin Privacy
What’s missing, what's on the roadmap, and what’s still to build.
Ecash for Other Stuff
The rational, challenges, and optimizations of using ecash in Wasabi Wallet as anonymous api access right management tool.
Autonomous Blockspace Accountants
Wasabi Wallet's Max Hillebrand leads a discussion to try to figure out how to build smart software to autonomously adapt the users utxo set to his preference regarding privacy, speed and cost. Speaker twitter: https://twitter.com/HillebrandMax Event Schedule: https://bitcoincdmx2022.sched.com/event/1EwjN/autonomous-blockspace-accountants btcpp website: https://btcplusplus.dev/ btcpp twitter: https://twitter.com/btcplusplus Recorded at btcpp cdmx, 10 Dec 2023 at the Hotel Benidorm, Roma Norte, Mexico City.