I'm reading Max Hillebrand's Praxeology of Privacy (#1489281) and would very much enjoy the Stackers' opinions about the things inside. Your commentary is welcome even if you don't have time to read the book. Part I - #1501602;, Part II - #1507762;, Part III - #1515488;, Part IV - #1519389
This part is called Technical Implementations, and Hillebrand casts a wide net, covering everything from PGP to ZCash to Bluesky. I suppose it is necessary to discuss all these things, but the survey felt a little too broad to me. Books feel more and more time-bound (they get published and not necessarily updated), and I don't know the value of talking about specific products: the role a book can play in this hyperconnected era seems to be to discuss principles and concepts, not necessarily specifics of technical implementations. Still, Part V is a pretty massive summary of privacy tooling and you will likely learn about some new tools and technologies.
I did appreciate a few points Hillebrand made along the way, though:
Notably, Hillebrand has a nice discussion of the permissionless nature of Bitcoin consensus:
A consensus rule in Bitcoin is not enforced by the protocol in the way a contract is enforced by a court. There is no authoritative copy of the ruleset. Every full node runs its own software, holds its own consensus rules, and validates every block against those rules independently. Any operator can modify their own rules, run a fork that accepts blocks the rest of the network rejects, and produce an alternate chain on that basis. Nobody can compel another operator to do the same. The rules persist because independent validators have converged on them and refuse to recognize chains that violate them. The cap, the issuance schedule, the signature rules, the block subsidy, and every other consensus rule discussed below holds the same way: as a Schelling point on which validators have coordinated, where unilateral deviation produces a chain with no economic value because no other validator will accept it.
I believe we all are still getting used to the difference Hillebrand describes here between court-enforced contracts and Bitcoin consensus rules, and it has become especially clear during the debate around the upcoming BIP 110 fork. Any person can run a node with any rules they like. No one can force you to run rules you don't like -- and every can ignore you. So the only way for you to really enforce the rules you want is to reject payments:
The block reward and transaction fees are worthless unless counterparties accept them as payment. Since economically relevant nodes accept bitcoin only from the valid chain with most accumulated work, miners are economically compelled to produce valid blocks on that chain.
It's wrong to say that miners control the protocol, but neither is it correct to say that nodes control the protocol. While nodes do specify what they consider a valid block, nobody has to agree with them. But if nodes demand coins that follow certain rules and reject coins that do not, they create an incentive for others to pay attention to what rules the node follows.
When people talk about nodes running BIP 110 or Core 30, it's not a meaningful measure of much of anything. What matters is merchants who are saying they will accept coins that follow one or the other rule set.
Hillebrand doesn't mention BIP 110 or the filter debate, and he really doesn't spend too much time on the topic of consensus rules at all, but I found it produced some interesting thoughts.
The Bitcoin chapter also has a helpful discussion of some of the on-chain heuristics that are used by chain analysis companies (or anyone looking at the chain) to create wallet clusters, including:
- common input ownership heuristic
- reused address heuristic
- round-number heuristic
- unnecessary-input heuristic
- Script-type matching
- fee-bumping behavior
It's sad to me that bitcoiners don't talk about coin control like soccer/football players talk about ball control: there is some amount of defensive action a Bitcoiner can take by skillful use of labels and choosing your utxos to use wisely. But I suppose such things are not very popular because they feel like moving backwards. Users want solutions that are easy and telling them to watch their p's and q's is not very satisfying.
Hillebrand discusses the state of decentralized social media such as nostr, the fediverse, and bluesky, pointing out how important such things are:
In August 2018, Apple, Facebook, YouTube, and Spotify removed Alex Jones and InfoWars in a coordinated 12-hour window; Jones lost a YouTube channel with approximately 2.4 million subscribers and over 1.5 billion archived views simultaneously with his removal from every other major platform.4 In January 2021, Twitter removed over 70,000 accounts following the Capitol breach, and Amazon Web Services terminated Parler’s hosting, taking the entire platform offline and wiping account data for its roughly 15 million registered users in a single infrastructure action.
I had forgotten the way Parler got nuked from the internet. I'm surprised we don't talk about it more. Also, I was reminded that the Twitter Files kind of vanished from the collective discussion far more quickly than they should have.
There is a short little subsection with the title: "Moderation as a market service" but sadly Hillebrand doesn't mention Stacker News. He mostly discusses the way users can switch between relays in nostr. I suppose at the time of writing, SN hadn't gone fully no-trust and so perhaps it didn't feel as much like a market.
There is a whole chapter on ZK proofs which made me wonder why I have the impression that Bitcoiners are generally against ZK proofs. Some of it may be the added complexity, which certainly is a problem. A zero knowledge proof does put more trust on the math: if something goes wrong, you sometimes cannot tell. It is also possible that ZK Proofs are associated with shitcoins by many Bitcoiners. I doubt this will change in the future.
Hillebrand also includes a brief discussion of quantum computers, which had this interesting paragraph listing some of the post quantum cryptography already deployed by popular software:
The transition from standardization to deployment has moved faster than any previous cryptographic transition. Signal deployed PQXDH (a hybrid combining X25519 and Kyber) in September 2023 before the NIST standard was finalized. Apple shipped iMessage PQ3 in iOS 17.4 and macOS 14.4 in February 2024. Google enabled hybrid Kyber-based key exchange by default in Chrome 124 in April 2024 and migrated to the standardized X25519MLKEM768 later that year. Cloudflare reported by mid-2025 that more than thirty percent of Transport Layer Security handshakes at its edge used hybrid post-quantum key exchange. The deployment pattern is consistent: mix the new primitive with a proven classical primitive so a break in either one does not compromise the session, and migrate the entire internet before the threat materializes.
As usual, the footnotes are excellent. You could enjoy the Praxeology of Privacy simply by reading the chapter summaries and the footnotes.
- Julian Assange, with Jacob Appelbaum, Andy Müller-Maguhn, and Jérémie Zimmermann, Cypherpunks: Freedom and the Future of the Internet (New York: OR Books, 2012)
- Claude E. Shannon, “Communication Theory of Secrecy Systems,” Bell System Technical Journal 28, no. 4 (1949): 656–715, https://www.iacr.org/museum/shannon/shannon45.pdf, established cryptography as a mathematical discipline and articulated the “enemy knows the system” principle
- Ronald Rivest, Adi Shamir, and Leonard Adleman, “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems,” Communications of the ACM 21, no. 2 (1978): 120–126, gave the first practical public-key scheme
- Phillip Rogaway, “The Moral Character of Cryptographic Work,” IACR Distinguished Lecture (2015)
- David Kahn, The Codebreakers: The Story of Secret Writing, rev. ed. (Scribner, 1996; original 1967)
- Steven Levy, Crypto: How the Code Rebels Beat the Government, Saving Privacy in the Digital Age (Viking, 2001)
- Matthew Green, “Zero Knowledge Proofs: An Illustrated Primer,” A Few Thoughts on Cryptographic Engineering (2014)
- “Attacks on Tor” repository maintained by security researchers, available at https://github.com/Attacks-on-Tor/Attacks-on-Tor.
- Alma Whitten and J. D. Tygar, “Why Johnny Can’t Encrypt,” USENIX Security Symposium (1999)
- Moxie Marlinspike, “The Ecosystem Is Moving” (2016)
- Bruce Schneier, Data and Goliath (2015)
- William Feller’s An Introduction to Probability Theory and Its Applications (1957)
- Nick Bilton, American Kingpin: The Epic Hunt for the Criminal Mastermind Behind the Silk Road (Portfolio, 2017)
- Hugo Nguyen, “Proof-of-Stake & the Wrong Engineering Mindset” (2018)
- Hugo Nguyen, “Work is Timeless, Stake is Not” (2018)