From the earliest days of technopolitics, the role of technology in resisting authoritarianism was unclear.
-
That is to say, if you pull out your distraction rectangle, fire up the camera, and tap the shutter button, in the ensuing eyeblink instant the image you've captured will be scrambled so thoroughly that it could never be unscrambled without the secret key unlocked by your passphrase or biometrics.
2/
Even if every hydrogen atom in the universe were converted into a computer, and even if all those computers spent all the time between now and the end of the universe trying to guess what the key was, we would run out of universe and time long before we ran out of possible keys.
3/
-
Even if every hydrogen atom in the universe were converted into a computer, and even if all those computers spent all the time between now and the end of the universe trying to guess what the key was, we would run out of universe and time long before we ran out of possible keys.
3/
What's more, this extremely robust form of scrambling and descrambling can be combined with other techniques to block tampering with the encrypted data, and to allow parties to reliably identify who scrambled the data and also to restrict who may *unscramble* it. These remarkable technological facts have inspired many excited debates about what they mean for our politics, most notably among a group of people who called themselves "cypherpunks":
https://web.archive.org/web/20151102012232/https://www.wired.com/1993/02/crypto-rebels/
4/
-
What's more, this extremely robust form of scrambling and descrambling can be combined with other techniques to block tampering with the encrypted data, and to allow parties to reliably identify who scrambled the data and also to restrict who may *unscramble* it. These remarkable technological facts have inspired many excited debates about what they mean for our politics, most notably among a group of people who called themselves "cypherpunks":
https://web.archive.org/web/20151102012232/https://www.wired.com/1993/02/crypto-rebels/
4/
One cypherpunk faction believed that modern cryptography could enable a kind of technological secession: by allowing ordinary people to communicate, transact and collaborate without the possibility of state interception or control, crypto could make states themselves obsolete.
5/
-
One cypherpunk faction believed that modern cryptography could enable a kind of technological secession: by allowing ordinary people to communicate, transact and collaborate without the possibility of state interception or control, crypto could make states themselves obsolete.
5/
But another faction pointed out that no amount of mathematics could help you if an agent of the state - or a criminal the state failed to protect you from - tortured you until you revealed the secret passphrase needed to unlock your secrets. This was (ironically) called "rubber hose cryptanalysis" (as in "Tell me your passphrase or I'll hit you with this rubber hose again").
6/
-
But another faction pointed out that no amount of mathematics could help you if an agent of the state - or a criminal the state failed to protect you from - tortured you until you revealed the secret passphrase needed to unlock your secrets. This was (ironically) called "rubber hose cryptanalysis" (as in "Tell me your passphrase or I'll hit you with this rubber hose again").
6/
Later, this became known as a "wrench attack" after a famous XKCD comic about $1m worth of security technology being defeated by hitting someone with a $5 wrench until they divulged the password:
Once you stipulate to the problem of wrench attacks and rubber-hose cryptanalysis, it becomes apparent that your cryptography is only as good as your physical defenses.
7/
-
Later, this became known as a "wrench attack" after a famous XKCD comic about $1m worth of security technology being defeated by hitting someone with a $5 wrench until they divulged the password:
Once you stipulate to the problem of wrench attacks and rubber-hose cryptanalysis, it becomes apparent that your cryptography is only as good as your physical defenses.
7/
What's more, the most effective physical defenses we have come from a strong rule of law, because even the thickest safe door benefits from the threat of prison for anyone who breaks into the safe, and the most effective tool for preventing a cop from hitting you with a rubber hose is the existence of a judge who can send that cop to prison for abusing your civil rights.
8/
-
What's more, the most effective physical defenses we have come from a strong rule of law, because even the thickest safe door benefits from the threat of prison for anyone who breaks into the safe, and the most effective tool for preventing a cop from hitting you with a rubber hose is the existence of a judge who can send that cop to prison for abusing your civil rights.
8/
But what do you do if you already live under tyranny? The rule of law is a great defense, but cryptography alone can't bring about the rule of law. What is the role of technology in this foundational struggle?
9/
-
But what do you do if you already live under tyranny? The rule of law is a great defense, but cryptography alone can't bring about the rule of law. What is the role of technology in this foundational struggle?
9/
My technopolitics faction - the faction associated with the Electronic Frontier Foundation, where I've worked for a quarter-century - has an answer: the role of encryption is to provide a measure of privacy and security that is best used to organize *political* struggles to demand the rule of law and respect for human rights.
10/
-
My technopolitics faction - the faction associated with the Electronic Frontier Foundation, where I've worked for a quarter-century - has an answer: the role of encryption is to provide a measure of privacy and security that is best used to organize *political* struggles to demand the rule of law and respect for human rights.
10/
Encryption isn't proof against rubber hoses, but it *is* effective against many other forms of state repression, and it can provide a *technical* edge for those engaged in a *political* struggle.
Another faction - the faction most associated with bitcoin and subsequent cryptocurrency projects - rejects the role of the state altogether, and seeks to replace states (and state-regulated institutions like courts and banks) with mathematics.
11/
-
Encryption isn't proof against rubber hoses, but it *is* effective against many other forms of state repression, and it can provide a *technical* edge for those engaged in a *political* struggle.
Another faction - the faction most associated with bitcoin and subsequent cryptocurrency projects - rejects the role of the state altogether, and seeks to replace states (and state-regulated institutions like courts and banks) with mathematics.
11/
Rather than asking courts to interpret contracts, we can put our trust in self-executing "smart contracts," and rather than asking banks to safeguard our financial integrity, we can use cryptographic software to ensure that money only moves when the person it belongs to tells it to.
This has many problems. Smart contracts are slow, expensive, and unreliable.
12/
-
Rather than asking courts to interpret contracts, we can put our trust in self-executing "smart contracts," and rather than asking banks to safeguard our financial integrity, we can use cryptographic software to ensure that money only moves when the person it belongs to tells it to.
This has many problems. Smart contracts are slow, expensive, and unreliable.
12/
The number of people who understand contracts is small, the number of people who understand the software that embodies smart contracts is likewise small, and the Venn intersection of the two is more of a sphincter. What's more, there is irreducible ambiguity in all but the simplest of contracts, which means that even a "self-executing" contract ends up relying on a human adjudicator (an "oracle") who can be bribed or intimidated into cheating:
https://pluralistic.net/2022/02/14/externalities/#dshr
13/
-
The number of people who understand contracts is small, the number of people who understand the software that embodies smart contracts is likewise small, and the Venn intersection of the two is more of a sphincter. What's more, there is irreducible ambiguity in all but the simplest of contracts, which means that even a "self-executing" contract ends up relying on a human adjudicator (an "oracle") who can be bribed or intimidated into cheating:
https://pluralistic.net/2022/02/14/externalities/#dshr
13/
And when it comes to transactions, crypto proves to be unwieldy, expensive and complex, so that nearly all crypto users end up directing an intermediary (like Coinbase) to hold and move their cryptographic assets for them.
14/
-
And when it comes to transactions, crypto proves to be unwieldy, expensive and complex, so that nearly all crypto users end up directing an intermediary (like Coinbase) to hold and move their cryptographic assets for them.
14/
The upshot: cryptocurrency mostly replaces banks - imperfect, but heavily regulated and insured - with unregulated platforms with murky ownership and often defective procedures, who may or may not be insured (or even locatable) in the event of a collapse or a breach. Consequently, cryptocurrency has become a scam magnet of unprecedented and unstoppable power, and hardly a day goes by without people being ripped off in the most ghastly ways imaginable:
https://www.web3isgoinggreat.com/
15/
-
The upshot: cryptocurrency mostly replaces banks - imperfect, but heavily regulated and insured - with unregulated platforms with murky ownership and often defective procedures, who may or may not be insured (or even locatable) in the event of a collapse or a breach. Consequently, cryptocurrency has become a scam magnet of unprecedented and unstoppable power, and hardly a day goes by without people being ripped off in the most ghastly ways imaginable:
https://www.web3isgoinggreat.com/
15/
For bitcoin maxis and other anti-state cypherpunks, this is just a skill issue. Anyone who doesn't understand how to manage their own keys and turns to a platform to hold and move their crypto is getting what they deserve. As the maxim goes, "Not your keys, not your wallet," which is cypherpunkspeak for "caveat emptor."
16/
-
For bitcoin maxis and other anti-state cypherpunks, this is just a skill issue. Anyone who doesn't understand how to manage their own keys and turns to a platform to hold and move their crypto is getting what they deserve. As the maxim goes, "Not your keys, not your wallet," which is cypherpunkspeak for "caveat emptor."
16/
That's where the wrench attacks come in. Because if you are in possession of keys that can be used to irreversibly and instantaneously steal large sums of money and move it to jurisdictions where the perpetrators are beyond any legal or physical recourse (e.g. North Korea), then there is a massive incentive for your adversaries to kidnap you and hit you with a wrench or a rubber hose.
17/
-
That's where the wrench attacks come in. Because if you are in possession of keys that can be used to irreversibly and instantaneously steal large sums of money and move it to jurisdictions where the perpetrators are beyond any legal or physical recourse (e.g. North Korea), then there is a massive incentive for your adversaries to kidnap you and hit you with a wrench or a rubber hose.
17/
That's precisely what's going on. People with substantial cryptocurrency holdings face grave personal danger, and the physical attacks on their person grow bolder, more violent, and more sadistic by the day:
https://github.com/jlopp/physical-bitcoin-attacks/blob/master/README.md
As crypto critic David Rosenthal writes, this problem is even worse than it seems at first blush:
https://blog.dshr.org/2026/05/wrench-attacks.html
18/
-
That's precisely what's going on. People with substantial cryptocurrency holdings face grave personal danger, and the physical attacks on their person grow bolder, more violent, and more sadistic by the day:
https://github.com/jlopp/physical-bitcoin-attacks/blob/master/README.md
As crypto critic David Rosenthal writes, this problem is even worse than it seems at first blush:
https://blog.dshr.org/2026/05/wrench-attacks.html
18/
For one thing, cryptocurrencies depend on "public ledgers" that indelibly, publicly record every transaction in the network. Cryptocurrency is nothing without these ledgers, and they *have* to be immutable and public to work. This is very bad news for anyone who relies on anonymity as their defense against physical attacks.
That's because "reidentification attacks" (where an anonymous person in a dataset is positively identified) get easier to perform over time.
19/
-
For one thing, cryptocurrencies depend on "public ledgers" that indelibly, publicly record every transaction in the network. Cryptocurrency is nothing without these ledgers, and they *have* to be immutable and public to work. This is very bad news for anyone who relies on anonymity as their defense against physical attacks.
That's because "reidentification attacks" (where an anonymous person in a dataset is positively identified) get easier to perform over time.
19/
You might be represented in a database of hospital prescribing activities by a random number, and that number might be hard to associate with your real identity...at first. But with every subsequent release of data - whether in the form of an anonymized data-set or a breach - it gets easier to cross-reference the facts associated with your record with other facts from other records, such that a detailed, identifying picture of you emerges one fact at a time.
20/
-
You might be represented in a database of hospital prescribing activities by a random number, and that number might be hard to associate with your real identity...at first. But with every subsequent release of data - whether in the form of an anonymized data-set or a breach - it gets easier to cross-reference the facts associated with your record with other facts from other records, such that a detailed, identifying picture of you emerges one fact at a time.
20/
For example, if the taxi company you use suffers a breach that reveals journeys associated with every doctor's appointment at the hospital, now an attacker can pick out the home or work address of the single person who visited the hospital just before you received your prescription. The longer an "anonymized" data-set sits around in public view, the easier it gets to de-anonymize it:
https://www.nature.com/articles/s41467-019-10933-3
21/
-
For example, if the taxi company you use suffers a breach that reveals journeys associated with every doctor's appointment at the hospital, now an attacker can pick out the home or work address of the single person who visited the hospital just before you received your prescription. The longer an "anonymized" data-set sits around in public view, the easier it gets to de-anonymize it:
https://www.nature.com/articles/s41467-019-10933-3
21/
Combine the fact that permanent ledgers make it progressively easier to identify people whom you can torture into revealing their crypto keys with the irreversible, instantaneous nature of crypto transfers and you get some very juicy targets indeed. "Not your keys, not your wallet" means it's "not anyone else's problem" when you get robbed. You can't ask the bank to interdict or reverse the transaction.
22/
