►
From YouTube: IETF115-HRPC-20221111-0930
Description
HRPC meeting session at IETF115
2022/11/11 0930
https://datatracker.ietf.org/meeting/115/proceedings/
A
Hi
everyone
we're
going
to
get
started
soon,
but
just
in
the
meantime
a
reminder
that
you
should
scan
that
QR
code
and
get
in
the
meet
echo
system.
So
you
can
put
yourself
in
the
queue,
also
a
reminder
to
wear
a
mask
and
just
give
us
a
minute.
While
we
set
up.
A
Oh
downstairs
at
the
registration,
but.
B
A
A
A
A
Okay,
yeah
sorry
I'm,
just
speaking
to
the
meet
Echo
folks,
we've
got
the
slides
that
we
need
in
the
materials
list,
but
then,
when
I
go
to
share
them,
decks
ready
to
be
shared
only
has
three
of
the
five
three
of
the
five
we've
just
had
a
recent
upload
in
the
last
few
minutes,
but
yeah
see,
there's
a
difference
between
data
tracker
meeting
materials
and
decks
ready
to
be
shared.
A
Colin's
fixing
everything
right
now.
Thank
you,
Colin
got
it.
That
is
fantastic.
Thank
you.
Okay,
we're
back
on
track,
folks,
we're
going
to
get
started
and
really
the
stick
to
get
off
this
window.
Okay,
we're
all
set
I'm,
just
gonna,
pull
up,
chair,
slides
and
we'll
go
ahead.
A
So
this
is
the
human
rights
protocol
considerations,
research
group:
this
is
a
two-hour
session.
We
have
a
two
invited
talks
and
some
pre
-loaded
aob,
and
so
this
is
our
agenda.
A
A
Other
things
all
right
so
in
in
that
vein,
I'll
also
just
remind
folks
that
this
is
being
recorded.
A
I'll
again
remind
you
to
scan
the
QR
code
so
that
you
can
get
into
the
meat
Echo
System
put
yourself
on
the
Queue
when
there's
time
for
questions
and
discussion,
and
also
my
last
order
of
business
at
the
beginning
is
to
ask
if
anybody
would
mind
taking
notes
during
the
discussion,
this
will
be
not
capturing
the
talks,
but
rather
capturing
the
discussion.
After
the
talks
and
discussion
about
our
drafts
can
I
get
a
volunteer.
A
Thank
you
thanks.
Very
much
Michaela
appreciate
you
all
right
so
just
in
in
the
introduction.
I
have
to
also
remind
you
of
the
note.
Well,
you've
maybe
seen
this
a
lot,
but
for
those
of
you
that
have
just
come
today,
it's
important
that
you
disclose
any
intellectual
property
interests
when
you're
speaking
at
the
ietf
and
the
irtf.
A
We
also
have
a
privacy
and
code
of
conduct
in
our
note.
Well,
that's
really
important.
If
you
haven't
read
that
or
aren't
familiar
with
it,
you
should
re-familiarize
yourself
and
so
also
I
wanted
to
remind
us
of
the
goals
of
the
irtf,
because
this
research
group
is
within
that.
So
we're
focusing
on
the
long-term
issues.
Specifically
This
research
group
is
looking
at
the
human
rights
considerations
of
internet
protocols
and
the
standardization
of
those
and
and
we
aren't
setting
standards.
A
We
really
are
publishing
informational
or
experimental
documents,
but
a
lot
of
it
is
just
discussion
and
talks,
which
I
think
is
a
really
valuable,
Converse
contribution
to
the
community,
and
so
we're
chartered
to
research
specifically
how
internet
protocols
could
both
strengthen
or
threaten
human
rights,
and
we
use
their
two
main
documents
that
we
rely
on
to
Define
human
rights.
That's
the
universal
Declaration
of
Human
Rights
and
then
that's
also
the
international
civil
and
political
Rights
Convention.
A
We've
continuously
begun,
like
discussed
two
rights
for
the
most
part.
It's
freedom
of
expression.
Freedom
of
assembly
privacy
is,
of
course,
also
a
human
right,
but
that
is
in
a
different
research
group.
Siobhan
is
in
the
room.
He
knows,
there's
plenty
of
overlap
between
our
research
groups.
That's
a
good
thing.
A
And
then
I
think
also
another
wonderful
thing
about
our
objectives.
Is
we
bring
folks
first
in
human
rights
into
this
space
to
also
hope
that
there's
pollination
cross-pollination
and
the
other
reduction,
where
they
become
also
more
familiar
with
the
technical
community
and
the
inner
workings
of
the
ietf
foreign?
A
There
are
other
outputs,
I,
think
that
are
less
easy
to
quantify,
but
tend
to
be
around
sharing
information,
publishing
blogs
that
sort
of
thing,
but
you
really
have
to
sort
of
follow
the
folks
of
us
that
have
been
busy
in
this
group
for
a
long
time,
I'm
wondering
if
aubry's
in
the
room
I
see
Aubry
online
she's,
not
the
previous
co-chair
of
this,
and
does
a
lot
of
that
as
well
so
work
to
date.
A
We
you
know:
we've
been
chartered
since
2015.,
there's
a
film
online
that
you
can
check
out
and
then
we've
had
our
major
work
published
RFC
8280,
which
is
really
lays
out
all
of
the
human
rights
considerations
and
we're
currently
working
on
a
document.
That's
near
publication!
Well,
it's
in
it's
further
in
the
publication
queue
each
and
every
meeting
that
sort
of
takes
8280
and
distills
it
down
into
a
sort
of
more
bite-sized
work.
A
I
would
also
say
that
the
work
to
date
I'm,
including
all
the
talks,
the
invited
talks,
we've
had
the
meetings
we've
held.
We've
held
approximately
23
meetings,
which
is
quite
a
few
at
this
point
and
I'm
just
approximating,
because
I
haven't
actually
counted,
but
we've
we
usually
have
about
two.
Sometimes
three
talks
per
meeting,
so
we've
had
50
invited
talks
on
a
variety
of
different
topics.
A
There's
a
lot
of
discussion
about
censorship,
which
is
going
to
be
a
one
that
we
will
hear
about
today:
privacy
and
encryption,
various
forms
of
digital
security
measures
or
considerations
for
groups
that
are
at
risk
and
most
marginalized
variety
of
emerging
Technologies,
including
blockchain,
based
things
and
environmental
sustainability.
There's
probably
things
I'm
missing,
but
I
just
tried
to
off
the
cuff
remind
like
remember
what
we've
talked
about
in
the
past.
A
We
have
two
current
drafts,
we'll
hear
about
both
of
them
today.
The
updates
on
those
they've
both
progressed
since
the
114
meeting
in
Philadelphia.
This
is
what
I
mentioned
before
the
guidelines
for
human
rights.
Protocol
considerations
is
a
companion
document
to
RFC
8280,
and
then
we
have
a
a
specific
draft
on
free
association.
A
Have
us
pause
there's
an
important
piece
of
the
agenda
right
now,
I'm
going
to
ask
Tara
to
come
on.
If
you
can.
C
Thank
you,
Mallory
yeah.
Thank
you
for
holding
this
space
to
talk
about
Allah
and
his
in
his
mind
of
freedom
in
his
own
words.
First
and
foremost
was
there
is
a
free
and
open
source
developer
He's
a
Part.
It
was
an
important
part
of
our
technical
community,
he's
also
a
writer
a
tireless
Advocate
and
activist
with
people's
rights,
and
also
for
many.
C
He
was
one
of
the
symbols
of
the
twenties
of
an
Egyptian
revolution
last
but
not
least,
he's
a
beloved
colleague
friend
and
member
to
many
and
a
loving
father
to
his
son
khadid,
who
has
been
deprived
from
him
as
he
spent
most
of
the
nine
last
nine
years.
C
As
a
Prisoner
of
Conscious
I
know
it's
a
special
person,
but
his
situation
unfortunately,
is
far
from
special
thousands
of
people,
language
in
Egyptian
prisons,
unfairly,
with
no
access
to
lawyers
tried
under
martial
courts
and
trumped
up
charges,
many
just
for
being
in
the
wrong
place
at
the
wrong
time,
tens
more
dying
because
of
terrible
conditions
in
these
prisons.
In
fact,
a
large
crime
was
sharing
a
social
media
post
about
one
of
those
stories.
C
C
Is
in
prison,
Allah
is
also
being
punished
for
who
he
is
as
a
symbol
for
many
and
for
being
someone
who
always
advocates
for
justice,
even
when
it's
not
convenient
easy
or
popular
I
think
as
a
way
in
order
to
deter
others
from
standing
up
to
tyranny
and
in
a
way
to
teach
him
a
lesson.
C
Allah
has
already
won
his
fight.
He
exposed
the
Tyranny
and
Injustice
he
and
thousands
of
others
are
are
facing
by
the
Egyptian
government
and
helped
share
their
stories
of
the
thousands
and
prisons
on
a
global
platform.
C
C
We
have
heard
no
news
from
him
since
he
went
on
his
full
hunger
strike.
The
Egyptian
government
is
not
giving
access
to
his
lawyers
or
his
legal
comes.
Is
his
Consular
access
since
he's
also
a
British
Citizen,
and
we
have
not
heard
any
news.
The
only
news
we've
heard
is
that
there's
a
fear
that
he's
currently
being
force-fed,
which
is
considered
a
form
of
torture.
C
At
this
stage,
I
would
have
loved
to
have
like
a
call
of
action
for
you
of
any
sort
in
order
to
help
ask
for
your
help
and
and
not
as
struggle
for
freedom,
but
unfortunately,
like
the
options
seem
very
limited
at
this
stage.
I
would
ask
maybe
that
you
look
for
the
freedom
for
Allah
page
on
Twitter
or
and
follow
like
whatever
actions
they
propose
there
at
the
moment.
C
Allah
at
this
point
was
to
share
some
of
his
words
because
I
think
like
as
someone
who
is
really
passionate
for
technology
new
technology
and
as
someone
who's
also
equally
passionate
about
human
rights.
He
would
have
appreciated
the
work
of
this
group
and
would
love
to
have
critically
engaged
with
it.
C
So
I'm
sharing
some
of
the
words
that
he
wrote
that
might
be
relevant
to
the
work
of
of
this
group
that
I
found
in
this
article
written
in
2016
Allah,
was
reflecting
on
platform
economy
and
platforms
like
uber
and
how
they
affect
people's
rights,
and
he
was
reflecting
on
it
from
his
place
in
the
prison
cell,
not
having
access
to
news
on
demand
and
just
whenever
he
could
read
or
hear
from
magazines
that
were
available
to
him.
C
Allah
says
seeing
as
the
standard
cues
of
casting
doubt
on
official
narratives
and
being
an
inverted,
an
advertent
offender
when
it
comes
to
challenging
hegemonic
ideas.
I
find
myself
in
intrinsically
doubting
this
account
of
disruptive
Technologies.
C
For
modernization
advancement
in
technology,
Information
Technology,
most
of
all,
and
despite
the
many
benefits
these
Services
networks
and
Technologies
offer
me.
It
may
be
true
that
the
Industrial
Revolution
brought
widespread
affluence,
but
the
painful
convolutions
that
accompany
that
were
by
no
means
quick
to
subside
and
it
was
Generations
before
things
settled.
C
Which
the
fourth
Industrial
Revolution
is
threatening.
If
industrialized
societies
had
continued
to
allow
Factory
owners
to
employ
children
for
long
hours
in
inhuman
conditions
or
fail
to
introduce
progressive
taxation
based
on
profit,
as
was
the
case
early
in
the
industrial
revolution,
it
would
not
be
possible
today
to
consider
Luddite
as
a
synonym
for
stupidity
and
backwardness.
C
C
To
characterize
the
historical
process
by
the
Industrial
Revolution,
as
temporary
birthing
pains
that
gave
away
to
affluence
and
ease
not
only
obscures
the
details
of
the
class
conflict
within
the
major
industrial
Nations,
but
also
the
differing
ways.
Nations
experience,
those
transnational
transitional
pains
the
Industrial
Revolution
brought
about
Colonial
expansion
and
increasing
Colonial
violence,
as
industrialized
nations
opened
new
markets
and
select
new
raw
materials
and
Savage
competition
between
industrialized
nations
over
the
fruits
of
modernization,
which
resulted
in
the
outbreak
of
World
Wars.
C
In
short,
the
invention
of
new
technologies
may
be
a
given,
but
their
growth
in
dissemination
and
the
structure
of
the
markets
and
power
relations
which
are
based
upon
them
are
far
from
it.
They
are
the
results
of
political
changes
which
are
in
turn,
the
outcome
of
conflicts
within
Society
understanding,
technological
innovations,
analyzing
their
effect
and
cultivating
a
healthy
skepticism,
but
the
propaganda
propaganda
narratives,
which
necessarily
accompany
them,
is
vital.
C
C
C
That
would
be
that's
all
I
have
for
you
today,
please
in
any
way,
if
you
can,
if
you
can
I
know
talk
to
people,
let
them
know
more
about
the
case
help
we
just
want
to
know
what's
happening
to
our
friend
and
colleague,
whether
he's
still
alive,
whether
he's
still
whether
he's
being
force
fed,
and
we
also
want
him
to
get
out
safely
and
I'll-
leave
you
with
his
words.
A
We'll
go
ahead
and
move
on.
We
won't
take
questions
right
now,
but
thank
you
Abdul
Salam,
for
getting
in
the
queue
you
can
feel
free
to
express
in
the
chat
if
you
had
a
question
or
so
on,
but
we
will
now
move
on
to
Dimitri's
talk
so
come
on
up.
Dimitri
I've
got
your
slides
and
you
can
use
this
pointer
but
stand
on
the
pink
X.
B
Yeah,
the
slides
are
loading
I,
just
want
to
say
hello
to
everybody
and
very
difficult
presentation
to
follow
in
the
mica.
Sorry.
B
Plus
that
plus
the
Mask
doesn't
help
I
I,
remember
working
with
Allah
in
early
2000s
on
an
Arabic
translation
of
a
digital
security
reference
manual.
We
were
building
and
it's
been
difficult
to
follow
this
unfortunate
progress.
So
I
do
hope
that
if
you
have
any
means,
you
know,
via
social
media,
by
physical
contact
with
relevant
participants
here
at
the
conference
that
you
do
bring
up
the
case
as
strongly
as
possible.
A
B
I
just
had
a
recent
cover
test,
so
don't
worry,
how
do
I
go
for
the
slide?
So
do
I.
Just
ask
you
all
right,
so
my
name
is
Dimitri
vitalev
I'm,
the
founding
director
of
a
digital
security
firm
out
of
Montreal
called
equality.
We've
been
operational
for
about
13
years
now,
I've
been
working
in
the
space
of
digital
Security
Solutions
for
the
protection
and
promotion
of
human
rights
for
about
20
years.
B
The
name.
Equality
assumes
that
this
is
what
we
want
to
bring
to
the
internet.
We
want
to
kind
of
equal
out
the
playing
field
between
the
users
and
very
often
the
victims
of
this
network
and
the
powers
that
be.
You
know
the
corporations,
the
governments
that
in
large
part,
have
built
and
control
this
network.
B
We
focus
on
web
security
capacity,
building,
sensor
resistance,
I'm
going
to
be
talking
to
you
about
our
work
on
web
security
and
censorship.
Resistance
today
and
I
think
to
mention
right
off
the
bat
that
all
of
the
solutions
that
we
developed
are
released,
free
and
open
source,
and
you
can
find
them
on
GitHub
as
well.
Thank
you
next
slide.
B
All
right,
I'll
mention
briefly.
Four
of
our
projects
today,
a
website
security
infrastructure
deflect
a
machine
learning
framework
that
is
operating
inside
this
infrastructure
in
order
to
help
us
mitigate
malicious
requests
sent
to
our
clients,
a
censorship
circumvention
system.
We
have
built
called
Sino
and
an
emergency
communications
project.
We
have
stood
up
in
Ukraine
since
the
beginning
of
the
war
there,
and
that
is
basically
helping
people
communicate
with
each
other
when
internet
connectivity
is
not
present,
I
think
by
and
large
all
about
Technologies
are
built
in
defense
of
freedom
of
expression
and
Association
online.
B
Thank
you.
Mallory.
Thanks
lab
all
right.
So
since
2011
the
deflect
project
has
protected
numerous
Independent
Media
Human
Rights
group
democracy
movements
from
various
cyber
attacks.
Now
these
can
be
the
sort
of
run
of
the
mill
cyber
attacks.
B
You
know
which
everybody
faces
when
they're
being
online
all
the
way
up
to
a
very
well
coordinated
and
quite
massive
cyber
attacks
with
you
know
sometimes
evident
State
adversaries
behind
them
and
we've
been
doing
this
yeah
for
12
years
now,
so
the
deflect
Network
kind
of
offers
four
Ps
to
its
clients,
obviously
protection
and
performance.
It
is
really
a
reverse
proxy
caching
network,
with
quite
a
lot
of
load,
balancing
and
intelligence
and
elasticity
built
into
the
network
by
a
virtue
of
you
know,
being
in
many
locations
around
the
world
and
doing
caching.
B
B
We
have
criteria
for
the
type
of
content
our
clients
may
not
present
on
their
websites,
including
assignment
to
violence,
hate
speech
so
on
and
so
forth,
and
we
Define
the
processes
for
how
we
go
about
resolving
various
abuse,
complaints
that
come
in
and
they
do
come
in
quite
often,
some
of
them
legitimate,
some
of
them
social
engineering
and
by
and
large.
This
is
a
philanthropic
service.
It
has
a
commercial
arm,
it
has
a
non-profit
arm,
all
profits.
B
You
know
derived
from
offering
the
commercial
Service
channeled
into
supporting
and
offering
a
free
service
to
various
civil
societies
out
there
next
slide,
please
so
yeah.
Just
briefly
how
it's
built,
as
I
mentioned
before,
reverse
proxy
caching
clients
point
the
DNS
to
the
deflect
infrastructure.
B
We
make
sure
various
requests
are
distributed
across
our
servers
in
about
25
different
data
centers
now
and
within
the
infrastructure
itself.
Clients
are
obviously
offered
caching
human
support
in
about
six
different
languages,
various
analytics
on
the
traffic,
both
malicious
and
legitimate,
coming
at
their
web
presence.
B
It
also
offers
secure
hosting
for
websites
developing
the
WordPress
framework
and
machine
learning
about
detection,
which
I'll
talk
about
a
little
bit
later,
being
an
open
source
infrastructure.
We
encourage
third
parties
to
stand
up
their
own
versions
of
the
left
and
they
can
call
it
whatever
they
like
really,
and
this
is
12
years
of
work,
packaged
into
an
easily
provisionable
and
managed
architecture,
and
that
you
know
probably
costs
tens
of
millions
of
dollars
to
rebuild
from
scratch,
so
go
and
get
it.
B
B
There's
a
sum
of
the
attacks
that
deflect
protects
its
clients
from
possibly
none
of
these
are
new
to
you.
We
are
layer,
seven
defenses,
primarily,
and
we
also
protect
our
clients
from
quite
a
few
legal
attacks
which
happen.
You
know
often
enough
several
times
a
month.
You
know
we're
getting
quasi-legitimate
legitimate
to
completely
false
and
erroneous
and
legal
attacks
by
and
large,
without
a
sort
of
an
experienced
partner
protecting
a
website.
You
know
an
invalid
dmca
take
down
request,
just
works,
even
if
there's
no
DMC
content.
B
Now,
in
order
to
get
evenings
and
weekends
off,
you
know,
we've
had
to
develop
quite
a
lot
of
technology
to
help
us
mitigate
these
attacks,
particularly
we
also
delved
into
the
whole
world
of
machine-led
mitigation.
You
know
trying
to
figure
out
how
we
can
train
a
model
to
differentiate
between
legitimate
and
malicious
requests.
B
After
three
years
of
r
d
and
a
lot
of
wrong
turns
and
directions,
we
finally
found
the
approach
that
has
become
basketball,
so
we
basically
trained
the
model
on
recognizing
what
is
human,
behavior
and
thereafter
looking
at
algorithmic,
machine-led
Behavior
as
anomalies.
This
is
an
infrastructure
called
basketball
and
I.
Think
one
of
the
main
advantages
to
it
for
us
and
for
anybody
else
who
adopts
this
kind
of
framework
on
their
own
ends
is
that
a
lot
of
the
pre-processing
happens
at
the
network.
B
B
Basketball
yeah
is
also
open,
source
and
also
I.
Welcome
you
to
take
a
look
at
it
on
GitHub
and
to
try
and
deploy
it.
You
can
deploy
it
either
as
a
SAS
service,
where
you
are
the
client
sending
us
the
vector
features
or
you
can
take
the
whole
framework,
including
the
Clearinghouse,
and
try
it
out
with
yourself.
We
ship
with
the
default
model
not
with
the
deflect
model
next
slide.
Please.
B
Yeah,
on
the
right
hand,
side:
this
is
a
gift
that
obviously
doesn't
give
inside
a
PDF
but
yeah
at
the
moment,
basketball
settings
are
two
minute
sliding
window
it
can
adapt
to
any
web
traffic.
Every
IP
log
entry
generates
a
prediction
and
we
don't
allow
the
machine
to
make
the
final
decision
on
whether
an
IPS
representing
a
human
or
a
bot
anomalies
above
a
particular
threshold,
are
then
challenged
by
the
deflect
system.
B
B
You
can
see
an
attack,
basically
in
action
where,
in
the
last
24
hours,
150
000
IPS
have
breached
the
threshold,
they
were
all
challenged
and,
as
you
can
see
as
well,
you
know
a
thousands
of
those
IPS
had
passed
the
challenge,
meaning
it
was
a
false
positive.
So
again,
I
think
we
feel
it's
important
not
to
let
the
machine
make
the
final
decision
here
on
who's
who,
in
the
network
and
yeah,
send
the
challenge
to
make
sure
thanks.
B
Sly
from
about
a
week
ago,
an
example
of
what
an
attack
looks
like
this
is
a
Ukrainian
media
from
the
town
of
three
various
attack
types,
33
million
malicious
requests.
Quite
a
large
botnet
over
over
a
hundred
thousand
Bots
I
mean
this
is
basically
what
the
day-to-day
on
deflect
looks
like,
because
we
work
quite
a
lot
with
heavily
targeted
websites.
You
know
we're
really
are
I,
guess
a
Honeypot
for
a
lot
of
the
malicious
activity
happening
on
the
internet
today,
next
slide
right.
B
So
moving
from
the
protection
of
freedom
of
Association
and
on
the
internet,
we
feel
that
you
know
bring
down.
A
website
is
another
form
of
censorship.
You
know
you
can
block
a
user
from
accessing
particularly
resource,
so
you
can
destroy
that
resource
as
well,
moving
on
actually
from
destroying
that
resource
and
the
protection
that
deflect
offers.
I
want
to
talk
to
you
now
about
blocking
the
user
from
accessing
particular
resources
or
the
internet
in
general.
Filtering
censorship
and
network
shutdowns
that
we're
seeing
more
and
more
today.
B
I'm
going
to
focus
here
on
the
Ukrainian
use
case,
I
think
it
is
very
much
a
focus
for
my
organization
now
you
can
see
here
quite
an
old
Network
map
of
Ukraine,
with
Crimea
still
connected
to
the
Ukrainian
Network
and
the
donbass,
the
east
of
Ukraine,
also
connected
to
the
Ukrainian
Network.
Now
that
is
not
actually
the
case
anymore.
B
Next
slide
so
I'm
going
to
talk
about
two
types
of
internet
shutdowns
and
what
kind
of
solutions
my
organization
is
bringing
to
bear
to
challenge
these
kind
of
shutdowns,
the
most
prevalent
of
which
that
I
call
scenario
one
in
this
presentation
you
know
and
that
we
see
quite
a
lot
around
the
world.
You
know
from
Russia
to
Belarus
to
Kazakhstan
to
Iran
at
the
moment
you
know
and
to
quite
a
lot
of
countries
in
Africa,
so
on
and
so
forth.
Northern
India
is
the
disconnection
of
popular
internet
services.
B
You
know
the
Internet
by
and
large
is
very
much
dependent
on
a
few
companies
now
and
if
you
can
block
the
IP
space
of
these
companies
of
this
Cloud
providers,
you
have
virtually
blocked
any
usable
internet
from
the
population.
Usually
when
you
implement
a
shutdown
like
this,
you
also
want
to
Target.
You
know
VPN
services
that
people
might
use
to
circumvent
these
blocks
next
slide.
B
So
as
a
solution
for
scenario,
one
we
have
devised,
the
the
Sino
browser
C
knows
an
abbreviation
of
sendship.no
with
the
model
share.
The
web
and
I'll
explain
why
we
shared
the
web
next
slide
so
see.
Now
is
trying
to
kind
of
change
or
introduce
a
new
generation
of
circumvention
technology
which
is
not
reliant
on
connecting
to
sort
of
a
single
Hub
proxy
solution,
whether
it's
VPN
or
something
similar.
B
We
have
actually
built
Cena
to
use
the
BitTorrent
protocol
for
routing
and
for
distributed
storage.
B
It
is
the
first
web
browser
of
its
kind,
which
is
actually
using
the
BitTorrent
Network
in
order
to
fetch
a
particular
resource.
Have
it
inserted
into
the
bittern
DHT
and
then
delivered
back
to
the
user.
Biggest
difficulty
was
really
in
rebuilding
this
web
page
on
a
user's
browser,
you
notice,
so
that
it
shows
you
know
in
the
same
way
as
before,
allowing
for
dynamic
connectivity
with
the
website
as
well.
B
This
means
that
we
have
as
many
nodes
as
many
proxies
if
you
like,
as
there
are
users
now.
This
allows
any
person
here
in
the
UK
wherever
it
is
that
you
live,
that
is
possible
in
a
network
not
being
censored
to
become
a
routing
node
for
somebody
living
in
a
network
that
is
being
censored.
Your
phone's
connectivity
is
automatically
registered
inside
the
DHT,
and
people
in
Iran
people
in
Russia
people
in
other
countries
undergoing
shutdowns
are
able
to
connect
to
the
rest
of
the
network
through
you.
B
This
is
particularly
important
because,
in
a
scenario
number
one
of
Internet
shutdowns,
your
IP
is
not
part
of
a
large
corporate
public
IP
space
urp
is
usually
not
included
on
the
block
lists
of
when
internet
shutdowns
are
being
implemented,
and
all
you
need
to
do
is
install
the
app
and
have
it
open
and
running
a
new
phone.
This
is
what
we
call
Cooperative
browsing
inside
signal
next
slide.
B
Now,
also
by
virtue
of
using
BitTorrent,
we
have
the
ability
to
do
decentralized.
Caching,
now
this
is
very
interesting,
because
what
it
means
is
that
when
you
have
opened
a
page
which
is
censored
in
your
particular
Network
environment,
the
next
person
to
open
a
page
doesn't
need
to
leave
the
network,
the
national
Network
anymore.
They
can
simply
get
it
from
your
phone,
and
this
has
been
you
know
a
huge
Boon
really
for
preserving
the
connectivity
between
IPS
inside
and
outside
the
censored
Zone.
B
B
This
also
allows
us
to
continue
content
distribution
among
people
inside
the
censored
Zone
once
the
internet
has
been
completely
external
connectivity
has
been
completely
switched
up
and
I'll
come
back
to
talking
a
little
bit
more
about
this
next
slide
in
shutdown
scenario.
Number
two
total
disconnection.
B
So
sorry
not
yet
so
total
disconnection
means
that
either
a
cable
connecting
your
particular
Network,
Village
town,
maybe
even
City,
or
the
various
cables
that
connect
you
to
the
rest
of
the
national
network,
which
connects
you
to
the
rest
of
the
global
Network,
are
no
longer
functioning
in
the
Ukrainian
example.
This
is
happening
because
of
military
activity
because
of
bombardments.
You
know
regions
are
being
disconnected
from
the
rest
of
the
Ukrainian
internet
and
the
rest
of
the
global
internet,
of
course,
that
by
default
this
means
that
no
proxy
is
going
to
save
you.
B
Next
slide
so
to
to
deal
with
this
problem,
you
know
we're
using
decentralized
protocols
and
services.
Really
I
mean
this.
Centralized
internet
is
being
pitched
as
number
three
at
the
moment
and
really
I.
Think
it's
you
know,
number
one.
You
know
the
first
internet
plus
you
know
internet
2.0
of
social
media.
The
centralized
internet
has
equaled
the
decentralized
internet
really,
but
I
think
it's
a
future
that
is
actually
revisiting
the
past.
B
B
So
far
in
the
last
20
years
or
so
I
think
now,
with
the
pushes
behind
web
3,
we
are
beginning
to
realize
the
opportunities
that
were
lost
and
what
we
can
regain
once
again
by
bringing
either
the
servers
closer
to
the
users
or
getting
rid
of
this
notion
altogether,
and
considering
that
we
are
all
you
know,
we
can
all
be
service
to
each
other.
Obviously,
email
is
an
old
example
of
this.
As
now
you
know,
growing
popularity
is
the
Matrix
protocol.
B
You
know
decentralized,
Federated
protocol
and
decentralization
is
really
key
behind
a
lot
of
the
technology
that
we're
developing
now
for
censorship.
Resistance
next
slide
so
once
again
back
to
Ukraine
the
project
that
we
stood
up
in
early
March
after
the
second
invasion
began
was
based
really
on
collating
and
presenting
a
readable
menu
and
a
few
user
guides
and
to
the
Ukrainian
population.
We
went
and
sourced
machines
with
as
many
isps
who
actually
still
had
hosting
racks
in
their
vicinity
in
the
locality.
B
At
the
moment,
the
decoms
project
is
in
nine
different
regions
of
Ukraine,
also
inside
occupied
territories,
and
each
of
those
servers
basically
presents
ready
to
go.
Matrix
chat
rooms
actually
next
slide
and
ready
to
go.
Matrix
chat
rooms
with
the
the
new
sort
of
interface
that
the
Matrix
team
is
developing
element
and
that
allows
people
to
have
a
either
web
interface
or
an
app
interface.
In
order
to
talk
on
Matrix
channels,
there
are
public
rooms
where
hundreds,
sometimes
thousands
of
people
are
using
to
communicate
with
each
other.
B
There
are
obviously
private
rooms
where
we
don't
know
what
is
happening
aside
from
metrics
we're
also
offering
them
the
decentralized
micro
blogging
platform
Mastodon,
so
in
nine
different
locations,
also
with
Federation
set
up
and
working
we're
offering
each
of
the
services.
B
Also
a
Delta
chat,
server
and
Delta
chat
is
another
messaging
system
that
is
actually
using
the
SMTP
protocol
for
communications,
with
end-to-end
encryption
by
pgp
and
the
Briar
chatting
system
which,
by
default,
uses
the
tone
Network
as
its
primary
Communications
protocol
and
fails
over
to
Bluetooth
mesh
device
to
device
connectivity
in
the
absence
of
any
internet
altogether.
B
Now
mesh
connectivity,
you
know,
is
not
necessarily
an
ideal
solution
for
every
use
case,
but
when
you
consider
that
many
people
in
Eastern
Europe
are
living
in
large
blocks
of
flats
or
may
find
themselves,
you
know
inside
a
bomb,
shelter
or
you
know,
maybe
even
protesting
or
being
outside
in
the
street.
In
a
similar
space,
you
know,
Mesh
networking
becomes
a
very
useful
tool
in
the
absence
of
any
other
communication
options
and
obviously
we
are
also
offering
offline
downloads
of
some
technology,
including
the
senior
browser
next
slide.
B
Please
now
the
Sino
browser
is
underpinned
by
what
is
essentially
a
core
technology.
We
have
developed
called
winet
so
win.
It
is
the
library
that
is
doing
all
of
the
the
centralized
caching
content
delivery,
bringing
requests
to
the
edge
of
the
network
where
web
pages
are
being
imported
into
the
DHT
signed,
distributed,
delivered
so
on
and
so
forth.
So
we
net
is
available
as
an
SDK
for
the
Android
platform
and
as
an
open
source
library
in
I
think
C
plus,
which
can
really
work
with
any
type
of
traffic.
B
B
Authenticated
content
distribution
next
slide,
please.
So
what
we're
trying
to
do
now
for
networks
experiencing
disconnections
is
not
have
content
imported
to
the
network,
simply
by
user
requests,
but
actually
preemptively
going
to
crawl
an
entire
web
resource.
B
Let's
say
it's
Wikipedia
or
let's
say
it's:
the
Guardian
news
side
or
whatever
and
preemptively,
injecting
that
into
the
network,
so
the
weekroll
tool,
also
in
collaboration
with
web
recorder,
is
now
tasking
itself
with
the
crawling
scraping
whatever
you
like
web
resources
that
we
believe
are
essential
to
people
living
inside
Sunset
Network
and
these
web
resources
are
then
accessible
to
the
user,
as
the
guardian
website
is
normally
via
this
in
a
browser
you
know,
even
if
there's
no
way
to
get
to
the
guardian,
but
we
have
injected
all
of
their
resources
into
the
DHT.
B
B
So
obviously,
this
internet
satellites-
and
you
know
Elon
Musk-
is
had
his
Heyday
in
in
Ukraine
until
recently,
until
some
of
the
latest
outbursts
with
a
promotion,
proliferation
of
The
Styling
system,
internet
satellite
internet
is
a
solution
in
locations
where
it
is
accessible
and
where
it
doesn't
present
a
greater
danger
to
the
users
by
virtue.
B
You
know
being
quite
easily
geolocated
another
thing
that
we're
doing
is
actually
looking
into
placing
data
packets
inside
TV
satellite
streams,
TV
satellite
broadcasts,
which
are
obviously
one-way
Communications,
but
that
is
kind
of
all
we
need.
So
we
can
have
a
overt
TV
channel
and
a
cover
Channel
inside
that
delivering
data
into
a
country
where
there
are
a
lot
of
TV
satellite
dishes
next
slide.
B
B
You
know
which
web
resources
people
living
inside
a
disconnected
Network
want
to
have
present
on
their
Network,
then
scraping
those
resources
turning
them
into
web
cash,
delivering
them
inside
the
sensor
Zone
and
using
the
winet
infrastructure
present
on
people's
devices
on
people's
computers
to
propagate
it
inside
the
censored
Zone
thereafter,
so,
basically,
rebuilding
pieces
of
the
internet
pieces
of
a
static
internet
by
virtue
of
whip
cache
inside
a
sensored
Zone
next
slide.
B
And
this
is
the
penultimate
slide
and
with
the
proposal
for
the
protocol
stack
right
there
at
the
end,
the
ability
for
us
yeah
to
use
this
Sino
Network
as
a
means
to
propagate
a
web
cache
is
efficient,
because
we
only
need
a
few
injection
points.
You
know
we
don't
need
the
entire
population
to
have
the
injected
content.
You
know
we
only
need
a
few
people
nodes
to
be
able
to
receive
it
thereafter,
propagates
peer-to-peer
at
the
moment.
B
We
are
trying
to
come
up
with
a
sort
of
a
multi-thronged
approach
to
see
how
best
to
deliver
this
content
and
not
settling,
maybe
on
a
single
channel
of
delivery,
but
weighing
up
the
pros
and
cons
of
each
different,
Channel
and
I.
Think
a
goal
for
2023
will
be
to
decide
what
to
do
with
a
lot
of
the
web.
Cache
that
we
already
have
by
virtue
of
running
the
deflect
Network-
and
this
is
with
a
protocol
pitch
comes
in.
You
know,
deflect
as
I
mentioned
in
the
beginning.
B
Is
a
web
caching
infrastructure
as
well
reverse
proxing,
creating
web
cache
distributed
to
to
users.
A
million
people
are
generating
cash
on
our
Network
at
the
same
time.
Ideally,
we
would
want
to
have
this
cache
immediately
available
inside
the
winner
Network.
It
just
makes
sense
a
for
us
as
a
company
running
both
infrastructures,
disparate
infrastructures,
both
of
them
dealing
with
web
cache
in
various
ways
and
for
a
similar
goal,
and
that
is
content
accessibility.
B
We
don't
have
a
protocol
that
would
allow
us
to
take.
You
know
web
cache
generated
by
nginx
and
put
it
into
the
BitTorrent
DHT
so
that
it
is
read
in
the
same
way.
You
know
on
the
Firefox
browser.
It
is
something
we're
beginning
to
actually
think
about,
and
hopefully
present
to
you
in
the
upcoming
conferences
of
how
we
can
have
a
interchangeable
web
caching
standard
and
the
final
slide.
Please.
B
Since
you'll
have
the
PDFs
of
this
you'll
be
able
to
come
back
through
this
presentation
that
I
went
through
rather
quickly.
Here
you
have
the
links
to
the
various
projects
that
I
mentioned,
one
I
didn't
mention
I'm,
just
actually
out
of
Kiev.
Now,
where
we
launched
the
naidino
platform,
which
is
a
national
digital
security
helpline
that
is
meant
to
serve
the
entire
population
with
the
most
basic
digital
security
questions,
and
we
are
working
with
the
global
nog
Alliance
on
the
keep
Ukraine
connected
program.
B
At
the
moment
you
might
have
seen
on
the
news.
Power
is
a
huge
electricity
power
generation
power.
Delivery
distribution
is
a
huge
problem
in
Ukraine,
and
many
of
the
isps
cannot
serve
their
clients
during
blackouts,
It
All,
Happened.
Very
suddenly,
of
course,
Russia
targeted
electricity
distribution,
centers
and
although
Ukraine
has
the
electricity
needs,
it
cannot
distribute
it
everywhere,
including
to
these
isps.
They
only
had
UPS's.
You
know
there
as
a
normalized
speed
would
which
lasts
for
about
an
hour,
so
we're
trying
to
import
about
a
tons
of
batteries.
B
Lithium
gel
anything
we
can
get
our
hands
on
the
nearby
region
has
been
kind
of
stripped
of
batteries
and,
through
the
global
nogalines,
deliver
these
batteries
to
various
isps.
So
if
you
do
have
some
time
use
the
QR
code
check
out
the
global
novel
lines
and
cooperate
with
them,
donate
to
them
and
yeah
help
us
keep
Ukraine
connected.
A
We
certainly
do
have
time
for
percussions
I,
think
it's
important
so
I
there's
somebody
in
the
queue
also
a
reminder
to
everyone
to
just
join
the
queue.
If
you
can
through
the
meet
Echo
function
and
yeah,
go
ahead.
Carlin.
E
Colin
Perkins,
with
no
hats,
so
I
think
this
idea
of
the
the
Sino
browser
using
bittorrents
and
the
super
skills
is
interesting.
Obviously,
there's
a
lot
of
personalized
content
in
the
internet.
Do
you
have
measures
of
how
effective
the
web?
Caching
is
given
all
this
content,
because
you
know
clearly
something
personalized
to
me:
can't
effectively
be
cached.
B
Yeah
very
much
so
yeah
I
mean
the
internet
really
at
the
moment
you
know,
isn't
built
to
be
cached
and
recreated
somewhere
else.
So
actually
quite
a
lot
of
the
you
know,
the
five
years
of
trial
and
error
and
that
went
into
Sino
was
to
build
the
intelligence
into
the
Sino
client
itself
to
figure
out
what
to
cash
and
what
not
to
cash.
B
B
Also,
the
user
inside
the
settings
has
the
options
to
switch
on
and
switch
off
whether
they
want
to
Cache
this
content
and
share
it
with
others.
Yeah.
E
Okay
makes
sense.
My
other
question
was:
you
know
this
is
obviously
very
effective
for
providing
connectivity.
Does
it
provide
any
form
of
onion
rooting
or
so
traffic
analysis,
resistance.
B
By
default,
no-
and
we're
very
clear
about
that
in
our
documentations
that
you
know
this
isn't
a
network
anonymity.
This
isn't
really
even
a
network
for
privacy.
It
doesn't
really
add
too
many
I
mean
I,
think
it
kind
of
balances
out
the
primary
properties
it
adds,
and
the
Privacy
properties
that
actually
gets
rid
of
so
yeah.
B
We're
trying
to
be
very
clear
that
this
is
really
content:
delivery
system
for
censorship,
circumvention
having
a
content
sharing
your
content
with
others,
you
know,
allows
you
to
see
who's
requesting
that
content
from
your
device
as
well,
so
yeah
we're
trying
to
be
very
clear
in
our
documentations
of
its
advantages
and
disadvantages
too,
by
not
misrepresenting
what
it
isn't:
yeah,
yeah
sure
sure,
I.
E
Think
it
would
be
interesting
to
explore
to
what
extent
the
the
pin
Network
could
be
used
for
onion
rooting
style.
You
know
to
try
and
provide
some
of
this
resistance.
G
You're,
going
through
the
presentation
and
and
thanks
for
the
interesting
work,
I
had
a
question
that
was
similar
to
what
Colin
asked,
which
is
so
so,
in
addition
to
the
sort
of
risks
of
targeting
a
distribution,
I
mean
we
just
heard
about
the
you
know:
risks
to
people
for
sharing
specific
content.
G
It
seems,
like
your
devices,
can
share
specific
content
through
these
through
something
like
Xeno
even
more
explicitly.
This
is
your
your
device
right,
I
I,
wonder
if
you
have
any
thoughts
about
how
if
there
are
defenses
there
and
then
the
other.
G
Similarly,
with
a
with
sharing
content,
you
know
it
seems
like
this
is
a
Content
distribution
means
of
getting
information
into
censored
areas,
but
it's
not
clear
to
me
how
it
gets
information
out
of
censored
areas,
so
somebody
within
the
censored
area
might
be
interested
in
what
people
are
outside,
because
they're
saying
but
I,
don't
I,
don't
know
from
the
description.
I
didn't
understand
whether
it
was
possible
to
also
get
news
out
from
within
the
firewall.
Can
you
talk
about
that.
B
Yeah,
thank
you
dkg,
so
yeah
on
the
kind
of
guilt
by
connection
or
Guild
by
association,
front
I
mean
what
we've
tried
to
do
is
make
DHT
traversal
very
complicated,
if
not
impossible,
in
a
way
that
we're
using
the
particular
bits
are
in
protocols.
So
you
can't
crawl
the
DHT
to
figure
out
who
is
doing
what
you
can
see
people
connected
to
the
DHT.
You
cannot
see
the
content
that
they're
requesting
a
sharing
inside
the
DHT
itself.
B
Yes,
you
can
be.
You
know,
a
malicious
actor
or,
let's
say
a
law
enforcement
actor
and
download
the
legal
content
to
see
who
connects
to
you
in
order
to
retrieve
it,
but
then
you're
also
guilty
of
downloading
it,
as
the
people,
maybe
unwillingly,
so
connect
to
your
device
to
get
it
from
not
a
very
strong
defense,
but
nonetheless
I
think
that
has
some
legal
footing
to
it.
In
some
instances,
all
PDP
efforts,
I,
believe
you
know
I
have
this
chicken
and
egg
problem.
B
You
know
we
need
a
big
haystack
and
until
there
are
millions
and
millions
of
nodes
and
users
and
a
lot
of
you
know,
content
of
various
origin
and
various
interest
in
the
network.
B
These
problems,
you
know,
are
I,
think
a
lot
more
serious
and
a
lot
more
prevalent
until
then,
when
there
is
a
huge
amount
of
content
inside
the
network
of
all
sorts
and
types,
I
think
the
statistical
probability
that
you're
going
to
figure
out
a
network
of
activists
by
downloading
you
know
the
amnesty
org
page
through
Sino
and
then
seeing
who
connects
to
you
to
share
it
decreases.
G
So
I
I
want
to
understand
how
you
how
house
you
know
is
thinking
about
the
the
authenticity
questions
as
well
right.
So
your
your
description
of
one
of
the
legal
defenses
for
say,
law
enforcement,
seeing
who
connects
to
the
MSC
page
well,
unfortunately
simply
claim
that
they
have
the
amnesty
page
right
inject,
that
claim
into
the
DHT
and
then
the
law
enforcement
wouldn't
themselves
be
retransmitting.
G
B
I
think
I'll
deflect
your
question
a
little
bit
for
the
interests
of
time.
I
will
just
talk
quickly
about
one
type
of
authenticities
that
I
think
I
am
qualified
enough
to
discuss.
B
Maybe
we
can
go
back
to
slide
23
just
quickly,
authenticity
of
content
injected
into
the
network
and
then
delivered
to
the
user
happens
through
content
signatures
which
are
made
by
injectors,
as
you
see
on
the
right
hand,
side
of
that
diagram
run
by
well,
in
this
case
equality,
but
anybody
can
stand
up
their
own
winit
infrastructure
and
if
you
want
to
serve
you
know,
web
content
through
it
run
your
own
injectors.
B
So
injectors
are
signing
the
content
and
this
content
packet
carries
the
signature
throughout
its
life
cycle
inside
the
DHT
signature.
Validation
is
hard
coded
into
the
casino
client,
but
maybe
yeah
on
your
other
question
of
authenticity
inside
the
DHT
I'll
I'll
just
deflect
it
for
I
think
lack
of
ability
to
give
you
a
concise
or
maybe
even
a
correct
answer,
but
please
maybe
post
it
as
an
issue
in
a
censorship,
no
report
on
GitHub
and
we'll
answer
it
there.
If
you
don't
mind.
H
So
I
have
sort
of
a
related
questions
to
Ted
lemon.
First
of
all,
there
it
seems
like
there
are
two
ways
that
you
could
attack
this
in
order
to
by
the
way
this
is
really
cool.
I
don't
want
to
imply.
This
is
bad
I'm.
Just
like
thinking
with
my.
H
How
do
we
defend
it
hat
on
two
ways
to
attack
this
one
would
be:
is
it
possible
for
a
bad
actor
to
put
bad
data
into
the
cache,
simply
by
deliberately
providing
enough
instances
that
are
producing
that
data
that
nobody
else
feels
like
they
need
to
produce
it?
Is
there
a
defense
against
that?
B
I,
what
I'm
saying
yeah?
Okay,
the
request
for
new
data
in
the
current
Sino
architecture
comes
from
the
user
Itself
by
the
URL,
so
the
URL
is
a
really
key
piece
of
addressing
and
routing
in
our
system.
B
This
request
is
communicated
to
the
injector
inject.
Their
IPs
are
also,
unfortunately,
for
the
time
being
hard-coded
into
the
client
and
if
the
injectors
are
not
accessible
because
the
sensor
as
well
can
get
you
know
a
copy
of
the
Cena
browser,
then
you
know
the
entire
network
of
others.
You
know
users
that
have
incoming
connections
become
Bridges
to
that
injector.
B
B
I
H
That
that's,
that
seems
like
a
good
defense
against
that
attack.
The
other
sort
of
obvious
attack
is
if
somebody
manages
to
suborn
your
infrastructure
so
that
they
have
access
to
your
keys
and
potentially
your
infrastructure
and
can
inject
bad
data.
That
way
have
you
what's
your
feeling
about
the
or
what
you
know?
What
are
you
what's
your
thinking
about
that
problem.
B
Look
I
mean
also
not
a
short
answer.
Yeah
also.
We
do
understand
that
in
this
particular
use
case
where
people
want
to
browse
the
web,
because
that's
where
the
content
is,
we
need
to
deliver
the
web.
We
need
to
have
an
interface
between
the
web
and
the
DHT,
which
is
the
injectors.
The
injectors
are
a
point
of
vulnerability.
We
do
do
protect
them
using
just
you
know,
internal
company
experience
and
you
know
best
practices
and
to
protect
them.
B
We
do
have
a
some
experience
because
of
the
deflect
project
on
how
to
do
that,
but
yeah.
There
are
several
points
of
vulnerabilities
in
the
network:
definitely
not
foolproof
and
definitely
yeah
the
more
heads
we
can
use
to
improve
the
system.
The
better
cool.
H
Yeah
I
mean
it
seems
like
there's
an
opportunity,
for
you
know
right
now,
web
web
Publishers,
don't
generally
they
do
provide
authentication
for
web
pages.
But
it's
not
provided
with
this
particular
use
case
in.
H
B
It
and
I
think
this
is
where
the
web
caching
standard
could
come
in
very
handy
yeah,
because,
okay,
if
we
are
moving
to
web
point,
three
we're
gonna
need
to
deal
with
decentralized
content
in
the
centralized
networks.
Again,
you
know
we
can't
assume
that
there's
going
to
be
a
Tillis
connection
to
Twitter
all
the
time,
and
we
don't
want
that
actually
in
web
3.,
so
we
will
need
to
figure
out.
You
know
how
to
deal
with.
B
You
know
with
a
HTML
kind
of
ecosystem
and
decentralized
protocols,
which
I
think
you
know
it's
not
very
difficult.
We
just
need
to
actually
come
back
to
that
space.
H
A
Dimitri
thanks
so
much
and
thanks
for
the
questions,
I
think
they're
really
good.
This
is
part
of
the
reason
why
we
really
wanted
to
invite
Dimitri
here
today,
because
they
I
think
have
a
lot
of
real
world
use
cases
for
this
kind
of
hard
problem,
and
it's
not
the
first
time
it's
been
brought
up
in
the
ietf
either.
So,
hopefully
we
can
continue
that
conversation,
but
yeah
we're
now
going
to
shift
to
Corinne
who's,
giving
the
next
talk
Corinne.
A
A
Think
Korean
is
muted
Corinne.
We
can't
hear
you.
Unfortunately,
you
look
like
you're
unmuted
on
in
Meet
Echo,
but
maybe
oh
no.
She.
A
I
A
F
K
Go
ahead.
Welcome
so
hey
y'all
I
really
appreciate
the
opportunity
to
to
present
some
of
my
research
work
today.
I
really
wanted
to
be
in
the
room,
but
unfortunately
I
had
to
leave
somewhat
early,
so
we're
gonna.
Do
it
like
this?
K
K
So
I
wrote
both
my
master
thesis
and
my
PhD
on
the
ietf,
and
what
I'm
going
to
be
talking
about
today
is
some
of
the
work
in
my
research
which
tracks
what
hrpc
has
been
doing
and
then
raised
some
critical
questions
as
to
like
where
we
potentially
could
go
next
and,
as
I
said
for
those
who
attended
my
anrp
talk,
the
first
slides
will
be
familiar,
but
I
do
promise.
I
will
take
a
hard
left
at
around
slight
10
or
9,
and
really
focus
on
the
human
rights
work.
K
K
K
K
Some
people
might
also
know
me
in
my
role
as
the
VP
of
research
at
the
open,
Tech
fund
I'm,
not
presenting
here
in
that
capacity.
This
is
very
much
me
as
the
left
academic.
K
Some
of
the
people
might
know
me
as
the
person
who
occasionally
gets
quoted
when
there
are
kerfarfels
in
the
iitf
about
what
appropriate
behavior
is.
This
is
a
key
part
of
the
research
that
I've
done
for
my
PhD,
and
if
you
want
to
read
more
about
some
of
the
problems
that
I've
seen
in
the
community,
you
can
find
it
on.
K
In
a
piece
aptly
titled,
what
is
wrong
with
loud
men
talking
loudly
the
itf's
culture
wars
now,
I
always
find
it
easier
when
talks
start
off
with
sort
of
the
one
of
the
key
main
takeaways
also
has
a
bit
of
a
provocation
to
keep
you
engaged
and
for
you
to
start
thinking
of
the
different
ways
in
which
you're
going
to
argue
that
I
am
wrong.
K
So
the
main
takeaway
from
this
talk
is
the
sum
of
controversial
one,
at
least
for
this
community,
and
if
there's
one
thing
that
I
truly
hope
that
sticks
with
you
today.
It
is
that
the
ITF
is
political
inherently
and
that
it
always
has
done
political
and
policy
work
to
different
degrees,
and
the
question
demo
comes
is
that
has
happened
not
just
in
political
explicitly
political
spaces
like
hrpc.
K
So
what
does
that
mean
for
for
this
group's
work
going
forward
and
what
kind
of
an
impact
it
would
like
to
make?
So
I've
been
involved
in
the
hrpc
work
since
its
beginning?
Actually,
since
before
the
group
was
was
founded
and
I,
just
remember
those
early
conversations
really
showing
me
how
much
of
a
fascinating
place
this
community
is
for
anthropologists,
like
myself,
and
to
do
that.
I
have
to
talk
a
little
bit
about
anthropology
as
a
field.
K
Many
people
tend
to
think
of
anthropologists
as
social
science
researchers
who
go
to
like
far
away
islands
and
study
cultures
of
people
who
are
very
different
from
ourselves
to
sort
of
study.
The
Argonauts
of
the
Western
Pacific
to
bring
in
some
really
classic
anthropological
work,
and
this
for
the
longest
time
was
the
focus
of
anthropologists.
But
that
is
clearly
no
longer
the
case.
K
Anthropologists
at
this
point
in
time
are
are
everywhere,
and
especially
since
the
1970s
there's
been
this
real
critical
shift
in
the
fields
where,
instead
of
often
focusing
on
people
who
are
less
powerful
than
the
Anthropologist
studying
them,
we
focus
on
people
who
are
more
powerful.
We
call
that
lifting
The
Gaze
up
at
the
most
powerful
in
society,
and
we
study
our
own
societies
and
not
just
societies
that
are
different
from
ours,
and
that
means
that
we
now
also
study
well-known
tech
companies.
K
I
mean
there
are
anthropologists
in
places
like
Facebook,
Google,
Twitter
godspeed
to
them,
but
also
in
lesser
well-known
Tech
communities
like
the
ITF,
so
a
bit
of
work
about
what
we
do
as
anthropologists.
Now
we
study
human
behavior
and
cultures
through
a
very
distinct
set
of
methods
and
methodology,
so
direct
engagement
with
people
that
that
collectively
make
these
cultures
by
participating
in
their
world.
K
So
in
my
case,
to
make
this
more
concrete
for
my
PhD
I,
essentially
spent
three
years
doing
field
work
within
the
ietf
and
the
irtf
and
I
did
in
the
interviews
field
work
as
well
as
analyzing,
mailing
lists
and
RCS,
and
a
bunch
of
other
documents
produced
by
the
ITF
or
around
the
iitf.
K
And
what
this
type
of
research
really
allows
me
to
understand
is
the
kind
of
cultural
conditions
that
have
shaped
how
Protocols
are
made
and
for
this
particular
talk,
I'm
looking
at
like
what
hrpc
has
done
within
the
ITF
and
the
irtf
and
it's
and
how
to
think
about
the
kind
of
impact
that
the
coup
has
had.
K
K
Some
of
you
in
the
room
might
actually
recognize
the
still
on
this
slide
from
the
net
of
Rights
movie.
That
was
made
in
2015
by
Nielsen
over
and
Joanna
Varon,
for
which
they
interviewed
various
ITF
Engineers
to
explore
the
relationship
between
internet
protocols
and
the
promotion
and
protection
of
Human
Rights.
K
Now
it's
really
tempting
to
start
a
talk
about
the
role
of
Human
Rights
advocacy
within
the
ITF
by
saying
it
all
started
in
2014
when
the
hrpc
group
was
was
started
and
approved
or
started
by
Nielsen
over
avidoria
and
Joanna
farron
and
approved
by
Lars
and
I
will
certainly
get
back
to
that
moment
in
time.
But
I
do
think
as
a
researcher.
It's
also
my
role
to
say.
K
K
That
is
another
starting
place,
but
there's
also
an
argument
to
be
made
that
we
can
point
to
the
publication
of
RFC
6973
on
privacy
considerations,
spearheaded
by
Alyssa,
Cooper
I
know
this
in
2013
as
a
starting
point
of
sort
of
Rights
conversations
in
the
broad
ietf
or
I
could
start
even
earlier,
with
the
participation
of
folks
like
John
Morse
in
the
iitf,
who
wrote
one
of
the
most
sort
of
explicit
IDs
internet
drafts
about
the
policy
implication
of
protocol
Works
in
2010,
or
if
you
follow
the
work
of
Professor
sander
Brahman,
who
is
essentially
done
very
beautiful
and
comprehensive
studies
of
early
RCS.
K
We
can
essentially
Trace
policy,
including
human
rights
considerations.
All
the
way
back
to
the
founding
days
of
the
ietf,
so
I
think
I
have
sufficiently
belabored
the
point
that
I'm
trying
to
make,
which
is
that
political
questions,
including
debates
about
rights,
have
in
one
form
or
another,
always
been
part
of
the
iitf's
discussions
for
one
because
technology.
K
In
many
ways
is
politics
by
other
means:
there's
various
academics
convincingly
shown,
but
more
practically
I
guess,
because
ITF
Engineers
have
always
considered
their
technology,
also
in
the
context
of
its
deployment
in
The
Wider
World,
which
inherently
means
about
thinking
about
politics
in
terms
of
like
the
kind
of
power
relations
in
in
historically
contingent
structures
that
end
up
influencing
how
protocols
get
used.
Now.
This
does
raise
an
interesting
question.
K
If
human
rights
and
policy
considerations
have
always
been
part
of
the
ITF,
why
has
the
work
of
the
human
rights
protocol
considerations
group
been
so
contentious,
upsetting,
so
many
people,
especially
in
its
in
its
early
days,
and
to
do
this
I,
will
now
move
back
to
hrpc
and
give
a
bit
of
an
overview
of
its
trajectory.
K
So,
as
I
mentioned
in
October
in
2014,
three
human
rights,
Advocates
Nielsen
over
avidoria
Navarone,
essentially
came
to
Lars
Eckhart,
the
irtf
chair
at
the
time.
With
with
an
interesting
idea,
they
wanted
to
research
how
internet
standards
would
impact
human
rights
and
related
as
part
of
that
they
were
interested
in
developing
guidelines
that
ITF
Engineers
could
use
to
Think
Through
the
potential
impact
of
their
of
their
document
of
their
Technologies
on
on
rights,
and
the
idea,
in
their
words,
was
to
preserve
the
internet
as
a
human
rights
enabling
environment.
K
Now
to
achieve
these
goals,
they
set
up
the
human
rights
protocol
considerations,
research
group
in
the
irtf
and
then
in
2017.
The
group
published
its
its
first
RC
RC
RFC
8280,
which
is
entitled
Research
into
humanized
protocol
considerations,
and
that
outlines
different
questions
that
one
can
ask
of
the
technology
to
understand
how
it
might
have
broader
implications
for
policy
and
rights.
K
Now,
after
the
publication
of
this
human
rights
document,
it
has
not,
it
has
not
seen
a
lot
of
wide
take
up.
K
So
sometimes
you
do
see
people
say
we
have
a
small
human
rights
consideration
section
in
our
document,
but
not
very
often,
and
on
Wednesday
I
talked
a
little
bit
about
how
that
is
in
part
due
to
the
fact
that
there
is
some
cultural
hesitancy
on
the
part
of
of
many
in
the
ietf
to
explicitly
talk
about
rights,
given
that
they
worry
about
what
kind
of
outside
scrutiny
that
might
invite
or
how
it
undermines
how
the
ITF
does
work,
which
is
not
because
it's
just
not
very
comfortable
with
not
human
rights
as
such,
but
the
different
centralized
institutions
like
the
UN
that
are
tied
into
the
human
rights
people
framework.
K
That
being
said,
the
group
has
had
has
had
influence
and
impact
in
in
very
different
ways
their
work.
Their
presence
is
well
cemented,
not
just
in
irtf,
but
in
ietf.
K
A
number
of
people
who
came
into
the
ietf
myself
included
are
now
present
in
different
ways.
They
are
with
ITF
leadership,
they've
set
up
other
research
groups,
they
participate
in
ITF
working
groups
Etc
and
all
of
this
to
say
that
the
HR
PC
group
might
not
have
had
the
kind
of
narrow
impact
it
had
initially
set
out
for
itself,
namely
getting
ITF
Engineers
to
take
on
our
c8280.
K
K
Part
of
it
obviously
has
to
do
with,
like
the
political,
the
political,
economic
reality
of
protocol
development
and
deployment,
which
meant
that
adding
human
rights
considerations
to
documents
was
seen
as
perhaps
slowing
things
down.
Adding
complexity
doing
all
these
things
when
it
wasn't
clear
like
what
the
benefit
would
be
necessarily
likewise,
you
know
there
were
some
issues
around
potential
mitigation
strategies
for
human
rights
impact
that
were
in
tension
with
economic
considerations
of
latency
or
efficiency,
a
problem
that
is
obviously
well
known
to
the
ietf.
K
We
see
it
come
up
in
in
other
working
groups
as
well,
but
one
of
the
the
concerns
that
I
really
want
to
foreground
today
is
a
cultural
sort
of
conditions
that
shape
the
human
rights
discussions
and
the
worry
that
exists
amongst
the
many
ITF
Engineers
about
making
these
these
impact.
These
political
aspects
of
their
work,
more
explicit,
excuse
me,
so
the
concern
being
that
if
the
ITF
is
more
explicit
about
how
it
work
is
political,
this
might
actually
invite
unwanted
scrutiny
and
outside
regulation.
K
K
Technical
practices
like
undermining
or
backdooring
encryption
scheme,
for
example,
and
the
the
problem
is
that
or
the
apartment
for
the
hrpc
group,
is
that
their
demands
of
human
rights
were
seen
as
being
unwanted
impossible,
even
if
maybe
technically
they
weren't,
and
so,
for
instance,
one
of
my
interviews,
interviewee
said
so,
for
example,
I
agree
that
it
would
be
wrong
for
the
ITF
to
start
taking
positions
on
economics.
Saying
that
we
need
an
anti-capitalist
ITF
will
be
kind
of
stupid
right.
K
K
That
being
said
following
the
Snowden
Revelations,
sometimes
the
political
moment,
trumps.
These
worries
and
ITF
Engineers
do
take
up
political
debates
and
translate
them
in
technical
ways.
As,
for
instance,
we
saw
with
RFC
70
to
58.
Pervasive
monitoring
is
an
attack
that
came
out
after
the
Zone
Revelations.
Now
some
of
the
folks
who
co-authored
that
might
be
in
the
room,
I
mean
obviously
can't
see
if
Stephen
is
there
and
he
and
I
have
been
having
some
conversation
about
the
extent
to
which
this
was
or
was
not
overtly
political.
K
But
I
would
love
to
hear
your
thoughts
on
what
made
that
moment
so
unique
that
it
was
possible
to
actually
get
this
document
published
because
I
do
see
it
as
a
political
stance,
even
though
it's
couch
in
technical
terms
and
for
those
wondering
about
my
choice
of
slight
pictures
here,
I
guess
I
was
going
for
the
message
that
sometimes
politics
are
as
run-of-the-mill
in
the
itfs
as
our
cookies
now
going
back
to
hrpc.
How
do
we
think
about
its
role
in
the
ietf
and
the
irtf?
K
And
if
we
look
at
the
use
of
RFC
8280,
it
seems
pretty
minimal,
but
I
do
think
that
no
pun
intended
this
would
be
too
narrow
a
standard
for
judging
the
impact
of
the
group
and
in
my
PhD
research
I
outline
hrpc's
influence
in
terms
of
its
role
as
a
landing
pad
for
people
who
are
interested
in
the
intersection
between
politics
and
protocols.
K
As
a
bit
of
a
safe
space
for
engineers
who
are
looking
to
repoliticized
protocols
as
a
place
where
people
can
be
mentored
and
grown,
help
to
grow
into
different
roles
in
the
ietf,
including
in
leadership
as
a
number
of
hrpc
folks
have
done
so.
In
other
words,
how
I
have
have
theorized.
K
Your
group
is
really
as
having
various
bridging
function
functions
so
merging
between
new
folks
and
people
who
who
have
been
here
for
a
long
time
between
end
users,
especially
from
the
majority
World,
whose
views
are
not
necessarily
represented
here
in
the
sort
of
technical,
slash,
awkward
interests
that
are
well
represented
at
the
IHF,
but
also
between
activists
who
focus
on
systemic
issues
around
racism
and
sexism
and
those
working
in
the
ITF
to
make
it
more
open
and
accessible
a
bridge
between
the
research
in
the
irtf
and
the
technical
work
that
happens
in
the
ietf
approach
between
political
and
Technical
debates,
etc,
etc.
K
So,
where,
in
the
first
couple
of
years,
many
of
the
people
who
started
in
hrpc
actually
stayed
within
the
Narrow
Lane
that
they
had
carved
for
themselves
in
the
irtf.
That
is
clearly
no
longer
the
case,
and
that's
also
where
some
of
the
strength
of
the
group
really
lies
in
in
its
way
to
provide
a
virgin
function
and
a
landing
pad
and
a
place
for
experimentation
and
contrarian
views
that
you
know
that
the
ITF
tends
to
say
it
really
appreciates.
K
K
It
really
I
truly
do
see
hrpc
as
an
extension
of
the
long
Arc
of
public
interest
representation
within
the
ITF,
but
bringing
in
a
new
and
wider
set
of
concerns,
including
around
issues
like
environmentalism
and
racism,
but
also
by
connecting
the
kind
of
work
that
some
people
do
in
their
day.
Jobs
too.
That
is
maybe
not
as
technical
nature
to
discussions
that
are
happening
here.
K
K
K
Now
there
are
plenty
of
thorny
questions.
I
believe
that
could
benefit
from
the
unique
perspective
perspective
that
this
group
can
can
leverage
together
and
whether
it's
ongoing
government,
repression
and
surveillance,
or
like
the
kind
of
examples
that.
K
It's
not
necessary
for
me
to
say
what
the
best
way
forward
is,
but
I
am
very
interested
as
I
know
you
are
and
having
that
discussion,
so
I
think
I
will
I
will
leave
it
at
that,
and
just
thank
you
for
being
given
the
opportunity
to
present
and
if
you're
interested
in
my
research
there's
a
link
below
to
the
entirety
of
my
PhD
thesis,
I,
wouldn't
recommend
reading
the
whole
19
19
000
words,
but
maybe
skimming
a
bit
here
and
there
if
you're
interested.
Thank
you
so
much.
A
Thanks
thanks,
Corinne
folks
feel
free
to
get
yourselves
in
the
queue
I'm
going
to
cut
it,
though,
because
we
have
to
move
on.
L
Thanks
Quinn,
this
is
Elliot
once
again,
congratulations
on
your
NRP
award.
It's
very
well
deserved,
as
somebody
who's
been
participating
in
this
group
as
an
engineer
from
the
beginning,
with
some
amount
of
trepidation
at
different
points,
a
great
amount
of
trepidation
I
want
to
make
two
comments.
L
The
first
is
I
think
a
lot
of
us,
especially
senior
engineers
struggle
with
this
group
in
in
not
just
the
group
but
the
concept
of
Human
Rights,
because
at
the
end
of
the
day
we
find
that
there's
no
right
answer
for
us
that
anything
we
do
can
be
used
for
great
harm
or
great
good,
and
so
that
brings
me
to
my
second
point,
which
is
where
to
go
from
here.
L
L
One
of
the
things
that
I
would
suggest
is
that
we
figure
out
a
way
and
I.
Don't
I,
don't
think
we
just
means
the
hrpc,
but
we
meaning
the
broader
Community
to
surface
the
presentations,
perhaps
the
ones
that
are
that.
Maybe
this
group
thinks
are
most
important
to
the
broader
Community,
with
maybe
some
suggestions
about
the
ramifications
to
the
ietf
I'm,
not
quite
sure
how
to
do
that.
L
So
I'll
I'll
stop
there
just
to
say
it's
an
inkling
of
an
idea
and
I
think.
Maybe
maybe
the
group
can
pick
it
up
or
not.
E
Hi
Colin
Perkins,
thank
you,
Elliot
I
think
that's
an
interesting
idea.
I
I
think
I.
You
know
thank
you
for
the
talk.
Karen
I
agree
very
much
with
your
your
points.
I
think
hrpc
has
had
a
pretty
wide
impact
in
the
ITF
and
the
irtf
and
I
I
agree.
I.
E
Think
also
that
it's
not
so
much
with
the
documents
it's
worth,
bringing
the
people
in,
let's
bring
it's
with,
be
explicitly
bringing
in
people
with
different
viewpoints
and
bringing
them
to
the
ITF
community
and
exposing
the
community
to
those
viewpoints.
E
I
think
this
is
a
very
good
thing
we
need.
We
need
this
diversity
of
use.
E
We
are
nowhere
near
diverse
enough
in
the
ATF
and
the
artf
and
the
more
we
can
do
an
hrpc
does
that
in
one
small
way
and
in
one
access
of
diversity
and
I
think
that's
a
great
thing
and
I
think
if
we
could
try
and
bring
in
more
people
from
our
proxies
of
diversity,
I
think
that
would
be
a
very
beneficial
thing
for
the
organization,
even
if
there
would
be
growing
pains
with
the
different
viewpoints
and
the
different
clashes
of
view.
E
M
Thanks
Karen,
this
is
Adrian
Farrell,
yeah,
I
I
rarely
managed
to
get
to
these
physical
meetings
because
there's
this
sort
of
agenda
going
on
where,
where
people
are
having
other
working
groups
and
I,
think
that's
part
of
the
issue.
So
when
I
work
on
a
protocol
document,
I
know
I
need
to
have
security
considerations,
but
I
also
know
that
I
don't
know
much
about
security
and
the
ietf
helps
me
with
that.
M
By
providing
a
core
of
people,
I
can
go
and
consult
what
I
think
we're
missing
and
is
probably
the
next
step
is
to
try
to
get
a
human
rights
directorate
I,
don't
like
the
word
directorate
in
this
sense,
but
in
a
review
team
Maybe
who
cannot
tell
me
what
I'm
getting
wrong
in
my
protocol
and
what
I
must
do
that
can
ask
me
the
questions.
M
So
when
I
look
at
the
guidance,
RFC,
I
I
get
to
about
page
three
and
I've
glazed
over
because
I've
got
protocol
work
to
develop
I
need
somebody
who
can
help
me
bridge
the
gap
from
my
protocol
to
what
should
I
be
thinking
about
and
possibly
by
the
time.
I'm.
Writing
a
detailed
protocol.
Spec
in
the
depth
of
a
working
group,
it's
too
late.
M
What
we
need
is
a
kind
of
up
level,
almost
like
a
working
review
of
The
Working
groups,
not
review
the
protocols.
A
J
K
K
K
But
I
think
the
question
in
that
sense
has
answered
itself
because
three
of
the
people
who
just
took
the
time
to
listen
to
my
talk
and
come
up
with
really
interesting
and
considerate
responses
to
it,
we're
all
people
who
have
been
at
the
IHF
for
for
a
long
period
of
time
and
who
all
self-identified
as
Engineers.
So
it's
definitely
a
two-way
street
and
I.
K
Think
again,
like
the
the
point
that
Colin
made,
that
like
one
of
the
one
of
the
strengths
of
this
group,
is
that
it
brings
together
people
and
that
those
people
are
also
taken
serious
is
is
really
key
Beyond
or
in
addition
to
all
of
the
different
documents
that
that
the
group
is
producing.
A
So
I
I
put
myself
in
the
queue
to
kind
of
come
back
in
on
some
of
the
suggestions
and
to
thank
folks
for
making
them
and
also
to
thank
you
Corinne,
because
you've
created
the
space
and
the
discussion
that
really
is
self-reflective
and
helps
us
I
think
as
a
as
a
research
group
grow
and
get
better.
So
some
of
the
suggestions
to
make
that
work
more
visible,
I
I
could
I
couldn't
agree
more
I.
Think
we
need
to
think
about
that
as
well.
A
The
idea
of
a
directorate
I
mean
it's
been
tried,
as
somebody
also
mentioned
in
the
chat
there
wasn't
always
it
wasn't
always
well
received,
but
I
do
think
your
iteration
on
the
model
Adrian
was
useful
and
that
it's
not
about
telling
people
what
they've
got
wrong,
although
that
is
what
directorates
and
the
IDF
usually
do.
Right
I
mean
from
a
security
perspective
or
whatever
that
is.
You
know
what
they're
set
up
to
do.
A
I
think
it
is
more
of
a
come
along
and
let's
try
to
work
out
some
of
these
trade-offs
or
actually
even
expose
that
there
is
maybe
a
trade-off.
So
I
think
that
point
is
well
taken.
I
would
also
say
that's
what
maybe
the
guidelines
draft
is
meant
to
do
as
well
is
to
sort
of
document
that
write
it
down.
Make
people
aware
that
that
work
can
be
done
and
then
come
to
hrpc
for
the
expertise
so
that
all
explicit
goals
I
agree.
A
We
could
all
be
doing
a
better
job,
so
I
think
we
ought
to
move
on
because
actually
we
have,
we
have
to
update
on
drafts
and
and
a
few
pieces
of
aob,
including
which
we
probably
won't
get
to
a
request
to
maybe
recharter
slightly
so
grin.
Let's
thank
her
one
more
time
congratulate
her
for
her
award
thanks
for
coming.
We
wish
you
could
have
been
here
in
person
all
right,
okay.
So
let
me
get
back
to
my
slides.
A
Okay,
well,
the
current
work
we
have
so
I'll
have
folks
who
are
working
on
any
of
the
current
work,
go
ahead
and
throw
yourselves
in
the
queue
we'll
go
sort
of
rapid
fire
update,
but
the
first
one
is
on
guidelines.
This
is
under
irsg
review.
If
I'm
not
wrong,
gershabad
I,
don't
know.
If
you
have
anything
to
add
on
Mike
about
this
yeah
go
for
it.
It
would
be
good
just
hear
where
that's
at.
N
Hello
yeah
the
guidelines
draft-
if,
if
you
don't
already
know
about
it,
is
an
update
to
8280,
it
condenses
guidelines
for
people
trying
to
gauge
the
impact
of
the
protocols
they're
designing
on
human
rights.
It's
a
set
of
guidelines.
This
document
is
under
IRSC
review.
We
received
two
reviews
from
Jane
coffin
and
Brian
Dremel,
and
we
this
week
all
of
the
comments
have
been
addressed
so
yeah
just
I'm.
N
Hopefully
the
draft
will
proceed
after
that,
but
yeah
the
I
I
signed
a
summary
of
the
changes
on
the
mailing
list
yesterday,
just
some
reordering
of
the
sections,
nothing
major
yet
so.
Thank
you.
A
Thank
you
for
that
yeah.
So
you
have
really
appreciate
that
update
and
it's
also
in
the
data
tracker
good
cool
check,
check.
A
Yep
go
ahead,
Nick
on
freedom
of
Association,
so
this
is
I'm
a
co-author
on
that,
so
we've
got
Nick
as
doc,
Shepherd
and
also
Neils,
so
yeah
feel
free
to
give
us
an
update.
Please.
F
Yeah,
just
a
very
brief
update.
Last
IDF
we
talked
about
making
some
edits
Niels
to
that
and
I've
just
finished.
Another
round
of
review
and
I
have
an
open
pull
request
with
some
edits.
There
I
think
we've
addressed
the
sort
of
confusion
about
considering
the
same
protocol
and
different
issues.
I
think
that's
sort
of
clearer
to
read
now
and
so
I'm
I'm
hopeful
that,
after
those
minor
edits,
we
could
go
back
to
the
research
group
for
our
last
call
and
and
progress
from
there.
F
So
no
no
big
changes
but
I
do
think
there
have
been
some
improved
edits
and,
and
hopefully
we
can
make
it
even
more
readable.
A
A
Thanks
for
that,
Niels
I,
don't
know
if
you
wanted
to
respond,
but
I'm
going
to
as
a
co-author,
with
my
hat
on
I'll
need
to
look
over
what
those
are
in
terms
of
what
timeline
I.
Think
that
will
take
okay,
great
Neil
says
thanks
we'll
work
on
it
all
right,
so
we
do
have
one
more
piece
of
work
that
I
would
didn't
put
on
this
slide,
but
is
in
our
agenda.
So
apologies
to
Sophia
for
that
Sophia
come
on
the
mic
and
I
know
you
have
slides
as
well.
A
You
can
you
can
go
ahead
and
share
those
or
I
can
share
them
and
pass
you,
but
I
think
all
right
go
ahead
and
tell
us
all
about
it,
because
I've
not
got
on
the
slides
there.
You
are
perfect.
J
There
you
go
so
hey
everybody.
We
also
wanted
to
talk
a
little
bit
about
upcoming
work.
That
is
happening
right
now.
This
is
not
an
official
draft,
but
there's
some
work
that
has
been
happening
over
at
GitHub,
so
it's
just
kind
of
a
Call
of
our
actions
of
a
call
for
action
on.
If
you
want
to
be
part
of
this
effort
as
well,
so
you
can
involve
yourself
on
it
or
if
you
have
any
other
ideas
or
what
should
be
part
of
this
work,
you
can
give
us
also
a
feedback.
J
So
this
is
a
draft
that
we
have
been
putting
together.
That
was
born
from
the
Las
ietf
ITF
114.
We
had
an
invited
from
Sita
Lana
ramij,
who
gave
a
presentation
about
how
digital
tools
and
different
protocols
and
different
technology
is
used
to
enhance
intimate
partner
violence,
and
in
this
case
we
think
about
intimate
partner
balance
of
any
kind
of
balance
that
is
executed
with
a
partner,
but
also
someone
you
have
a
intimate
relationship
with.
It
could
be
a
caregiver.
J
So
basically,
we
because
of
that
presentation
we
decided
to
create
a
document
that
tries
to
provide
the
standards
with
recommendations
that
that,
if
they
are
put
in
certain
kind
of
protocols
or
systems
or
any
kind
of
technology
that
they
are
describing,
what
kind
of
implications
can
that
technology
have
into
enhance
abuse
in
the
cases
of
domestic
abuse
or,
more
broadly,
in
the
case
of
intimate
partner
violence.
So
we
put
together
already
a
kind
of
a
structure
of
a
draft
there's
already
some
definitions.
So,
for
example,
what
is
technology-based
intimate
partner
balance?
J
What
kind
of
attackers
exist
in
this
place
the
specific
abuse
technology
that
happens
in
these
cases,
some
recommendations
to
protocol
designers
and
we
also
added
security
recommendations
in
case
there's
some
from
security
that
has
to
be
taken
into
account.
So
if
you
are
very
interested
in
this
work,
please
join
us
in
the
GitHub
or
in
the
mailing
list.
If
you
think
this
all
sounds
reasonable,
and
this
is
structure
sounds
reasonable.
J
A
Because
this
is
new
work,
I
do
actually
want
to
open
the
queue
or
invite
folks
to
get
into
the
open
queue
for
any
questions
about
this.
For
folks,
maybe
who
didn't
come
or
didn't
watch
the
114
session,
you
should
it's
a
fantastic
presentation,
and
so
it's
really
wonderful
to
see.
It's
really
wonderful.
When
we
have
speakers
come
and
then
those
speakers
Inspire
work,
that's
actually
the
ideal
case.
It
doesn't
always
happen.
That's
all
right,
but
go
ahead,
Khan
good
to
see
you
in
the
queue.
E
Hi,
so
just
one
quick
question
for
clarification:
first,
this
draft
has
not
yet
been
submitted
right.
It's
in
progress.
J
No,
it's
a
still
in
progress.
We
do
have
the
first
initial
structure
on
some
texts
and
potentially
in
the
next
weeks,
we
mix
with
tracker
yeah.
A
E
I'll
come
back.
I
was
expecting
more
people
to
comment
on
that,
so
yeah
Colin,
Perkins
I
think
this
is
a
really
important
topic.
Obviously,
I
haven't
read
the
draft
since
it's
not
yet
been
submitted,
but
I
I
would
certainly
encourage
work
in
this
space.
E
A
So
I'm
I'm
not
going
to
pull
up
the
chair
slides
again,
but
on
our
agenda
we
have
a
short
amount
of
time
for
cross-pollination
from
another
working
group
in
the
ITF
Adrian.
If
you're
here,
you've
put
yourself
in
the
aob
on
gnat,
oh
good,
you're,
remote,
wonderful,
so
you
can
also
load
your
slides
or
I
can
load
them
and
pass
them
to
you,
whichever
you
prefer.
D
Oh
wait:
I
have
it's.
A
D
Okay,
so
I,
so
how
you
can
go
to
so
yes,
I'm
involved
in
the
ganap
grant
negotiation
authorization
protocol,
which
is
a
successor
to
oauth
the
editors
were
you
know,
editors
and
principals
in
much
of
the
oauth
and
Uma
protocol
work
this
slide
and
I'm
going
to
go
pretty
quickly
because
I
wanted
very
interested
in
feedback
from
the
group,
so
there's
only
five
slides
but
anyway,
so
this
gets
an
authorization
protocol
has
privacy
issues,
of
course
that
are
significant
in
the
next
slide.
D
I'll
talk
about
that,
but
I
am
trying
to
and
I've
been
invited
to
introduce
a
human
rights
consideration
into
the
into
the
document
for
gnap,
where
the
issue
that
difference
from
privacy
is
that
it
doesn't
consider
delegation.
It
ignores
the
power
asymmetry
of
the
participants
in
the
protocol
and
the
hrpc
force.
Association
perspective
is
directly
applicable
here.
D
So
what
I'm
trying
to
do
is
convince
the
work
group.
The
gnap
work
group
that
unrestricted
delegation
to
the
authorization
unrestricted
as
selection
by
the
subject
by
the
resource
owner
should
be
a
must
or
should
next
slide.
Please.
D
Okay,
so
just
a
quick
review
about
what
gun
app
is
about.
It
specifies
an
authorization
server
that
processes
requests
from
a
requesting
party
and
provides
it's
a
token
Factory,
what
they
call
and
provides
access
tokens
authorizations
to
access
a
resource
server.
This
is
a
list
of
the
Privacy
interests
that
all
meet
at
the
authorization
server
and
in
particular,
what
I'm
concerned
about
here
is
to
avoid
lock-in
to
the
resource
server
business.
D
To
avoid
the
ability
to
have
policy
surveillance,
the
resource
owner's
policy
should
stay
either
entirely
to
themselves
or
to
our
surrogate,
a
delegate
that
they
choose
and
to
avoid
the
opportunity
for
traffic
analysis
by
the
buy
and
authorization
server
processing
request
that,
where
that
authorization
server
wasn't
selected
by
the
resource
owner
next
slide,
please.
D
And
I,
the
last
ITF
I
was
asked
to
provide
a
PR
there's
a
bunch
of
discussion
after
that,
it's
a
human
rights
considerations.
Pr
I
proposed
three
mitigations,
but
the
issue
is
technically,
all
three
of
them
are
possible.
The
issue
is
whether
these
must
be
the
human
rights
issue
as
I
frame
it,
whether
it
should
be
a
must
or
should
rather
than
voluntary,
next
slide,
please
the
last
one.
D
So
the
call
to
action
for
hrpc
and
ganap
is
what
you
see
on
this
slide.
First
of
all,
I'm
not
familiar
with
a
lot
of
any
much
of
the
work
in
ietf,
but
it
seems
to
me
like
an
app
is
the
best
example
for
the
concerns
that
are
being
discussed
in
hrpc
at
this
time
and
I'm
curious
if
there
are
any
other
examples
that
might
be
considered
as
good
in
recent
memory
yesterday.
D
At
this
time
there
was
a
discussion
which
there's
a
link
directly
to
about
15
minutes
worth
of
20
minutes
worth
of
discussion
in
the
ganap
work
group.
What's
interesting
here
is
that
the
various
commenters
and
editors
and
chairs
as
individuals
not
necessarily
officially
basically
pointed
out
that
agreed
that
hyperscale
platforms
are
an
unintended
concert,
sequence
of
the
way,
oauth
links
the
authorization
server
and
the
resource
server.
They
discussion
of
the
fact
that
regulatory
capture
is
a
risk
and
I.
D
Think
people
in
this
audience
understand
all
about
that
and
they
mention
how
ganap
is
intended
to
work
with
these
standardized
verifiable
credentials
and
decentralized
identifiers
that
are
coming
out
of
w3c
and
the
Linux
Foundation
as
data
models.
But
standardizing
these
data
models
has
a
huge
potential
for
Mass
surveillance.
D
So
my
claim
is
that
forced
association
with
hyperscale
platforms
is
not
not
no
longer
an
unintended
consequence
as
it
was
with
oauth
and
therefore
it
has
to
be
dealt
with
in
the
nap
by
making
hands
delegation
a
must
or
should.
Thank
you.
A
Thank
you
and
thank
you
for
bringing
this
work
in
to
hlpc.
I
know
that
gnap
or
gnap
met
yesterday
and
I.
Don't
know
if
there
was
also
a
parallel
discussion
in
the
working
group
about
this
issue.
I
I
myself
was
unable
to
go
because
I
had
a
conflict.
Can
you
just
give
us
an
indication
of
how
that
conversation
went
yesterday
or
whether
it
did.
D
Well,
I
can
do
better
than
that.
One
of
the
editors
Fabian
has
agreed
to
and
he's
on
the
Queue.
So
thank
you
I.
Yes,.
I
Hello.
Everyone
thanks
thanks
for
this
Adrian,
it's
a
very
interesting
work,
just
to
say
that
I'm,
one
of
the
creditors
of
nap,
we
are
taking
this
work
very
seriously.
It's
just
as
was
discussed
earlier
in
one
of
your
previous
comments.
We
are
quite
aware
that
we
need
to
do
security
analysis,
where
we
also
need
to
do
privacy
analysis
and
we
are
putting
measures
in
place
and
for
us
it's
it's
kind
of
something.
I
That's
new
for
us
to
actually
put
put
measures
in
place
against
human
rights
consequences,
so
that's
at
least
something
where
I
think
we
would
need
some.
Some
additional
support
and
I
think
that's
kind
of
the
message
from
Adrian,
and
we
we'd
like
to
thank
him
for
that
and
yesterday
it
was
it
was
discussed
in
the
group,
and
actually
it
was
one
of
the
main
points
where
a
debate
was
was
quite
open.
I
The
main
problem
we
have
is
is
really
to
find
actual
technical
ways
to
to
do
that
in
in
practice,
and
so
that's
what
we're
working
on.
So.
Thank
you
very
much.
A
Foreign
thanks
for
that
overview,
I
suggest,
because
we've
run
out
of
time
that
you
engage
both
in
the
hrpc
list
and
asking
for
folks
from
this
group
to
potentially
engage
in
gnap
directly
and
talk
about
that
there.
A
Although
because
this
is
maybe
a
Cross
Research
group
cross
working
group
topic,
I
would
encourage
folks
to
try
to
CC
both
lists
as
the
conversation
progresses,
but
I
don't
think
we
can
get
into
it
too
much
more
now,
although
I
will
wait
just
a
moment
in
case
there
are
folks
in
the
room
who've
not
yet
signaled.
They
want
to
be
in
the
queue
all
right
again,
thanks,
yeah
Colin!
Please
always
it's.
E
Friday
I
didn't
move
that
quickly,
Colin
Perkins,
so
I
I
know
absolutely
nothing
about
the
map
other
than
reading
the
draft
abstract
in
the
last
sort
of
30
seconds,
or
so
from
what
you've
been
saying.
That
there's
clearly
things
that
that
are
worth
discussing
with
this
group
I
think
one
of
the
challenges
is
perhaps
going
to
be
connecting
the
two
sets
of
people
with
very,
very
different
expertise,
and
so
I
think
you
know,
as
Mallory
says,
posting
to
the
lists
is,
is
a
good
way
forward.
E
A
So
just
a
plea
on
the
mic
and
to
the
group,
if
you
are
interested
in
this
you've
engaged
in
hrpc
you're
familiar
with
reviewing
documents,
if
you
can
just
indicate
to
me
at
some
point
or
call
an
event
that
you
want
to
engage
in
this,
be
really
grateful
for
your
help
and
thanks
again
to
the
folks
who
brought
this
both
Adrian
and
Fabian
for
coming
on.
Mike
I
will
just
so
just
to
stop
this
particular
discussion
and
tap
very
quickly.
A
To
the
last
of
my
slides,
there's
been
some
suggestions,
also
coming
from
me
frankly
that
perhaps
we
could
consider
a
slight
recharter.
I
will
also
note
that
we,
the
research
group,
was
recently
reviewed
by
the
IAB
and
that's
a
process
that
happens
occasionally
and
I
I
myself
have
gone
through
two
two
of
those
reviews,
and
it's
just
maybe
a
good
time
to
reflect
so
I've.
Had
some
I've
had
some
of
my
own
thoughts
on
what
a
recharter
might
look
like.
A
I
was
hoping
to
go
through
them
with
you
in
this
meeting,
but
there's
not
really
much
time.
So
again,
like
would
just
say.
Maybe
this
is
a.
This
is
definitely
a
conversation
we'll
take
to
the
list
and
we'll
welcome
your
feedback
in
that
list
discussion.
A
We
can
also,
maybe
make
sure
to
allocate
more
time
to
this
at
the
116
meeting
in
Yokohama
since
you're
not
able
to
totally
read
it
right
now,
of
course,
I
understand,
but
I
think
the
goal
would
just
be
to
take
on
some
of
the
feedback
that
was
delivered
here
today.
A
Even
about
our
ability
to
do
reviews
bring
others
along
into
this
work,
mainstream
it
a
bit
more
in
the
rest
of
the
community
and
also
be
able
to
take
on
a
bit
maybe
what
more
we're
thinking
in
terms
of
policy
discussions,
because
it's
not
a
word
that
we
typically
use-
or
it's
not
even
present
in
the
charter
as
currently,
but
certainly
something
that
we
in
fact
are
are
doing
so
to
to
make
that
and
expose
that
make
it
more
explicit
and
expose
that
I
think
might
be
actually
be
a
useful
exercise.
A
Those
are
just
my
personal
thoughts
as
the
chair,
but
Sophia
and
I
will
do
our
best
to
facilitate
a
conversation
on
the
list
and
then
at
the
next
meeting.
So
I
apologize
that
we
ran
out
of
time.
I
really
want
to
appreciate
our
speakers.
I
think
it
was
worthwhile
taking
the
time
to
hear
them
all
out
and
especially
just
to
take
us
back
to
the
beginning.
A
I
think
it
was
really
useful
to
have
Tara
talk
about
a
lot
of
situation,
because
you
can
turn
on
CNN
and
see
it
in
the
cycle,
and
it's
just
no,
knowing
that
there
is
actually
a
touchstone
in
our
community
to
Allah
and
his
case,
and
it's
not
just
an
abstract
human
rights
abuse
case.
I
hope
has
moved
you
as
much
as
it
has
been
moving
me
to
read
about
the
situation.
All
right
thanks,
everybody
we're
going
to
close
now.