00:00welcome to the a 16z podcast I'm Michael
00:03Copeland as more and more of what we do
00:05for fun and work happens online
00:07establishing identity becomes ever more
00:10critical whether it's for dating or
00:12sending money you want to trust that not
00:14only are you interacting with the person
00:16you think you are but that your messages
00:18or money are in fact reaching the right
00:20person and only them sounds simple but
00:23with an internet and computers in
00:25between a lot can go wrong whether by
00:27accident or malicious design a 16 ZZZ
00:31Chris Dixon and max Crone co-founder of
00:35the encryption startup key base examine
00:37the problem in this segment of the pod
00:39what makes cryptography so hard to use
00:42what approach Krohn and the key based
00:44team are taking and why crypto key
00:47parties are not what you might think
00:50Chris Dixon starts us off
00:52so you and Chris co-founded Cubase and
00:55part of that you guys were the
00:56cofounders of OkCupid and sparknotes can
00:58you just tell us a little bit about your
01:00background and how you started Cubase a
01:04little bit over a year ago just because
01:06we were convinced that in the future
01:09people would really need from mapping
01:12what they considered notions of identity
01:15that computers could understand Chris
01:18and I got together and we some had a
01:20pretty good background between the two
01:22of us for tackling this problem it's a
01:24problem that on the on the one hand has
01:26some cryptographic and security
01:28components to it as you can imagine but
01:30on the other hand it also has a lot of
01:33social networking and social engineering
01:36aspects to it as well and obviously as
01:39co-founders and longtime engineers and
01:42product designers that OkCupid we
01:44thought we got a lot of exposure and in
01:46the past running math side of the
01:48business and that side of hope we
01:49thought would be important in making PKI
01:52or or public key and usable for more
01:55people and you know @a okay keep it
01:58though it seems so obvious now at the
02:00time there was a lot of coercing people
02:03and more or less asking them to use our
02:05product because they didn't think it was
02:07right for them that could have been
02:08because attitudes for difference back
02:10then or it could have been because the
02:12site when we started it was too small
02:13so we've actually spent about nine years
02:15you know he keep it getting the site so
02:18it would be big enough and work as a
02:19dating website more or less fighting
02:21with people the whole way because it was
02:24hard to attract users for a lot of
02:26OkCupid history if you look at Crystal
02:29apps a lot of the same things are at
02:31play I mean obviously people should be
02:33using them stuff and it will definitely
02:35make their lives better the question is
02:37do they understand that and it can it be
02:40motivated to use to use the products so
02:42in that respect we think that our
02:44experience ago can keep it was very
02:46helpful for moving into something like
02:49I'm like getting crypto to be popular
02:51for more people and there's a lot of
02:53common elements of user recruitment and
02:56user onboarding and and making people
02:59like the product even though maybe they
03:02thought it wasn't for them when I first
03:04heard about it so you said it's about
03:06you know obviously encryption and social
03:08identities can you describe for people
03:09that don't know just what that means
03:11exactly like in specific terms yeah sure
03:14things there are two things you really
03:15can do it with this technology that's
03:17that's really fundamental and and and so
03:20deep in terms of what people might do
03:22online but let's deal with one of them
03:24first so one of them is just idea in
03:26Krypton so let's imagine I want to send
03:29you a message over the internet and I
03:31didn't want anyone to be able to read it
03:33in between your computer and my computer
03:35so it doesn't matter what application
03:37I'm using it doesn't matter or video
03:39conferencing or sending email but what
03:41really has to be done before we get off
03:43the ground and I need to convince my
03:45computer that is talking to to you and
03:48then someone who's pretending to be you
03:50and this is this is a big problem it's a
03:53social problem and that you know you
03:55could have a lot of people pretending to
03:56be you online and it's also a
03:58technological problem and that is if
04:00someone had unpacked any of the social
04:03media accounts you owned or any of the
04:05things you used to prove who you are I
04:07mean that would be a way that that
04:09person could receive messages for you
04:11even though they're intended for you so
04:13so the first thing that any crypto
04:15really need for me to have a person in
04:18my head who I want to talk to you and
04:19then tell my program that whatever
04:22computer program I'm using to talk to
04:24that person and not someone else out
04:27that's what he did oh and before there
04:30were social networks people would do
04:32this in with these so-called key signing
04:34parties can use really it sounds very
04:36primitive now but it's but it's funny
04:39because it was the best practice until
04:40we had Twitter and reddit in Facebook
04:43absolutely and so I think I'm the first
04:45attempts that public key crypto got off
04:47the ground in the nineties when there
04:49was the first iteration of the so-called
04:51crypto Wars and I think back then there
04:54was a lot of distrust of any sort of
04:56infrastructure that wasn't just a
04:58computer you ran in your own home and so
05:01what this means is that if people wanted
05:03to exchange identities they would show
05:06up in person with a bunch of random
05:07strangers and check each other and
05:09stronger Sciences and also in all kinds
05:11of conclusion at the 20 people in the
05:12room of them were the 20 people that the
05:14drivers license so you see the drivers
05:16license and then you get the and then
05:18that person shows your driver's license
05:19gives you their public key and then you
05:21take the public key with you and then
05:23you know from then on whenever you want
05:24to send a message to the person that you
05:26met in person with the driver's license
05:27if you encode it with that the message
05:29with that key only that person can read
05:31it yeah right because the whole basis of
05:33all this is you have to pair a person to
05:35a public key right and so the old days
05:37are you know being the 90s there was no
05:39way to to it or to people trust it
05:41except for physic in person driver's
05:43license kind of parties parties yeah and
05:52the first kind of level of the graph and
05:56if you go up a couple of levels you'd
05:58say that well you know Chris and I you
06:00are an ass and he's signing party but
06:01you know we know someone who comment who
06:03was and so in a way it's a little bit
06:05the friend of a friend type of graph and
06:07in that that's no cause that's so
06:09obvious now and in terms of Facebook for
06:11trying to recreate that offline through
06:13these key signing parties I think in
06:15retrospect it was a really cool idea
06:16that just never hit critical mass it's
06:19probably one believed that's why I
06:20failed yeah and so so going back to you
06:23were describing key base the idea then
06:25is that now I know you as you know as
06:28Max taco on Twitter or is that your
06:31Twitter handle or let's say I want to
06:34communicate with a journalist who I
06:35follow on Twitter and I know his or her
06:40I want to share a file with someone I I
06:42met I'm read it or I want to or Facebook
06:44as an obvious one etc you know in some
06:47ways now the Twitter handle is is almost
06:50more verification than their driver's
06:53license and so a lot of these people I
06:54interact with at least on Twitter and
06:55other places all the time and I might
06:57read their articles in New York Times
06:58I've never met them in person yeah I'm
07:00not sure how much medium person would
07:02really add to the verification right
07:04yeah you're totally right and as these
07:06online communities got bigger and more
07:07important to just the way to communicate
07:09the notion of identity is changing and
07:11so it's it's almost more important now
07:14what you're online it's not gonna be
07:15used more so than what put your you know
07:18wallet says what your driver's license
07:19absolutely and so we're seeing more and
07:21more in the press it seems like almost
07:24on a daily basis there's a massive
07:26security issue yeah you know everything
07:29from the Sony hack which was Sony
07:31Pictures had all their email stolen and
07:33published online Apple iCloud hack with
07:36a bunch of celebrities had their private
07:38photos stolen and put online yeah the
07:40target breach it just goes on and on but
07:43can you talk more broadly about what you
07:44think's happening and like why is that
07:46happening and what do we need to do to
07:48yeah I think for the last 10 years and
07:51last 15 years since the Internet has
07:52really caught on we've been just
07:54building systems in the most obvious way
07:56possible and the most obvious way
07:58possible is to just put a bunch of
07:59servers somewhere in a closet somewhere
08:01and to do your best to make sure no one
08:04breaks into those servers and just put
08:05all the important data in those servers
08:07and then trust you'll make the right
08:09decisions that's true to send the data
08:10back out to on the other end and that's
08:12the way you know all of the major social
08:14networks are built that's the way almost
08:16everything online that we use today is
08:18built and if you were to tell people 40
08:21years ago that's where we're building
08:22system they would have probably not been
08:24able to believe it they would have said
08:25that is madness that was not the way you
08:28should build any system if you care
08:29about what's actually being put onto the
08:31server and being judiciously relief to
08:34people who are authorized to see it so
08:36the way we should be building systems is
08:38that if the server doesn't need to see
08:41the data or access the data that you're
08:43putting on to it and then it just
08:45shouldn't there's no reason why I have
08:46to see it then the data should be not
08:48available to the server and in plain
08:50text yeah basically the assumption has
08:52it's so-called perimeter defense right
08:54which is as you say put it in the closet
08:55it's a big mess and once you get in the
08:57closet it's you know you get everything
08:59but we hopefully will have the perimeter
09:01defended enough meaning you know just
09:03sort of like the building you got these
09:05giant piles of gold sitting there but we
09:07have some security guards around the
09:09building and as long as they can do
09:10their job we're great that was a model
09:13up until now and it turns out that
09:15there's people inside the building that
09:16they're stealing the gold that there's a
09:18whole bunch more ways inside than you
09:20think you know one of the big things
09:22changes now is that a lot of the
09:24perimeter defenses were built under the
09:26assumption that people would be using
09:27kind of replicated attacks like viruses
09:30as opposed to customized attacks which
09:32is what we're seeing now where people
09:33are you know a gang of hackers are
09:36mapping out an organization and doing
09:38spearfishing and all these very
09:39customized attacks to get through the
09:40perimeter and then ones they get in
09:41there boom you know it's game over
09:43yeah right it's a perimeter with about a
09:45thousand different gates on it where
09:47maybe they're you know 30 people manning
09:50a hall thousand of those gates and it's
09:52a tough problem I mean the more data you
09:54have the more specimens you probably
09:55need to run the service and the more
09:57likely one of those system in suspended
09:58to fall down and not see their task well
10:01so it's you know it's nothing I don't
10:03think the big services the big cloud
10:04providers have the best intentions
10:06because in general I think they do it's
10:07just that they've chosen to do a job
10:09it's basically impossible said that no
10:11one couldn't it can really do we all
10:13listen to all the threats that are lined
10:15up against with key bases architecture
10:16so if I am a key base user and you're
10:18we've talked about this publicly you're
10:20building some apps some native you know
10:21client apps for mobile and for desktop
10:23they let people do text messaging and
10:25file sharing and things like this if I
10:27use if I use your service and you guys
10:29get hacked what happens and can you
10:31explain how that's different with key
10:32base versus kind of the traditional
10:34architecture yeah the key base is that
10:39whenever I send data to other people and
10:42I want the other people to receive it
10:44and known in between then all the
10:46infrastructure in between just was not
10:47able to see the plaintext data they just
10:49get to see be encrypted data and so what
10:52that means if I want to send a file to
10:53you Chris as I first look up your public
10:55key I and encrypt the data with your
10:59public key and then put that encryption
11:00on the server so therefore if anyone
11:02ever breaks into the server all they
11:04really get is a bunch of encrypt
11:06and unlike with other systems the key
11:09you need to dig trip the data is just
11:11the only person has a key it's like it's
11:13a phone in your pocket or the desktop in
11:16your office and so therefore there's
11:18nothing you could do in the server
11:20infrastructure or anywhere in between to
11:22recover that message the Diceman
11:24tries to send you unless you've broken
11:26the crypto which we believe is basically
11:29not it's not done yet but no one's been
11:31able to break the crypto this is a
11:33totally other way of building the system
11:34we're in the worst case scenario if
11:36everything about Kiva infrastructures
11:38blown wide open there's really limited
11:41damage and in fact we don't think
11:42there'd be any damage and that's the way
11:43we're designing this system that's one
11:45aspect of it now if you have a more
11:48advanced attacker who broke into key
11:50base and starts doing sophisticated
11:51things in our infrastructure like let's
11:53say you know Chris decided to throw away
11:56your iPad and add an added a new iPhone
11:58or something and the server was supposed
12:00to propagate that message to other
12:01people and a sophisticated attacker
12:03might say well I can't read the data
12:05that Max was trying to send Chris but I
12:07can mess with other people so that they
12:09don't have the right idea after what
12:11Chris's devices are right now so that
12:13would be a slightly more sophisticated
12:14attack that someone could do if they
12:16younger four servers but we're also
12:18designing countermeasures for those
12:20types of attacks as well so once he'd
12:22eliminate the basic attack we have to
12:23also eliminate these more subtle attacks
12:25but that's also part of the architecture
12:27that was building there's often and one
12:29of the reasons things that security
12:31online fails is that it's hard to use
12:33right I just think about my passwords
12:35right like people should be using strong
12:37passwords two-factor authentication I
12:39think most people have been told that
12:40and know that a lot of people don't do
12:42and that's because it's a pain you know
12:44you can't remember these passwords
12:45they're hard to tie if you have to login
12:47all the time do you think is just a
12:48fundamental tension there I guess
12:50between usability and security and it's
12:52it feels like a lot of the security
12:53community tries to push these the burden
12:56onto users and say well it's the users
12:57fault for not doing all these
12:59complicated measures when in fact you
13:01know of course the users mostly aren't
13:02technical and aren't security experts
13:04what do you think about that well I
13:05think you're totally right I limit about
13:08my condemnation to the password system
13:10that probably many other people have
13:12have mentioned does until now the idea
13:14that you type this string and that's
13:17what identifies you is really a
13:20old ideas that probably isn't robust
13:22enough to deal with the current level of
13:24stress that we have and also to be very
13:26useful on your iPhone right when you're
13:27typing on a keyboard and after type of
13:2912 letter count range you're probably
13:30not very happy at all when I was going
13:32on so one solution to the feasibility
13:35problem is just first off to harness the
13:39power of the devices that we're using
13:40more and more so I think the agile
13:42business product 1password is really the
13:43job of this where you know there's the
13:45unlock your your path raises or your
13:48passwords for all the syphon use which
13:50that's your thumbprint on iphone and
13:52that's especially a really good solution
13:54because it means that for someone to
13:56steal all your passwords they have to
13:57feel your phone and also be able to hack
13:59your your thumbprint so I think
14:01solutions like that are really good and
14:03potentially a solutions to the password
14:04problem I think a key feature of such a
14:07solution is them to take advantage of
14:09the technology that the devices are
14:11giving you and not to pretend the
14:12devices are like kind of like a small
14:14version of your computer so I think
14:17that's one thing that's going on I think
14:18that in a world in which key Bay has a
14:21lot of penetration you know we might say
14:23the passwords are so the wrong idea
14:24altogether but you ought to be doing is
14:26signing a statement saying on Macs and I
14:29wanted to log into the service and the
14:32service would just have your public key
14:33if you know max was identified with this
14:35public credential and as long as he's
14:38able to sign the statement with the
14:40corresponding private key I'll let him
14:41into the service and so that's actually
14:43a far superior way to log into a system
14:46and you know programmers use SSH I've
14:48been doing this for years they don't
14:50type passwords anymore they just do
14:52private key signing when they sign it
14:53the servers and this is something that
14:55everyone should have access with you not
14:56just programmers so that's one of the
14:58real promises of getting public key
15:00crypto in the hands of more users that
15:02you know something that's just because
15:04password should now become no longer
15:06important and hopefully I'll sanitation
15:08becomes a lot easier that's one of our
15:10many hopes for keep it you're planning
15:12to release your applications as open
15:15source and let other people build apps
15:18on top of key Bay's can you talk about
15:19kind of how you think about that and how
15:21you think about sort of the open source
15:22community and developer use cases the
15:25first thing that's really important for
15:26us was that because we're building
15:28software that we think people need to
15:29trust there's no possible way that
15:31people can trust us unless they get to
15:33what the code actually is and how the
15:36software we're writing is using crypto
15:38and is using the various things we
15:39talked about you know verifying your
15:41public identities and unless people have
15:44the ability to look inside the software
15:46and verify that it's doing what we say
15:48is doing there'd be no reason for anyone
15:50to trust those so I think for that one
15:53reason alone it's crucial that as we
15:55build key days or as people build
15:57security apps that they're able to look
15:59inside the application and see exactly
16:00how it works so I mean that's just one
16:03thing I can say for the philosophy that
16:05we have him on the team in terms of
16:07building he did the other thing is that
16:09I mean he thought in really good
16:11response so far with just our little
16:13demo app that we've been running from
16:14open source contributors and people who
16:16use open source tools all day and and
16:18obviously would like to contribute and
16:20would like to look into how our code is
16:22working and build their apps on top of
16:24it and if we were to just kind of do the
16:26old-fashioned thing of just distribute a
16:29closed source binary that people
16:31couldn't really cry into we'd be cutting
16:33off all that goodwill and all the
16:34willingness for people to experiment
16:36with the software and build snot on top
16:38of it so that's the second thing and I
16:40guess you know to be little bit more
16:42specific what people want to build with
16:43key base I think there's so much work
16:46that we're putting into getting this
16:47thing to work properly both in terms of
16:49verifying your public identities and
16:51managing your secret key is that this is
16:53just basic plumbing that you need
16:55nowadays to build a good application and
16:57so we really hope that a lot of other
16:59app developers can exploit all the work
17:01employed in idea it's the wrong word but
17:03benefit from all the work that we've
17:05done without having to reinvent it
17:06themselves and I think the status quo is
17:09now I mean a good analogy would be like
17:11you know hey you want to write Photoshop
17:14but with photo sharing you know you
17:16first have to implement tcp/ip before
17:18you can get that done I mean that's kind
17:20of the world we live in right now with
17:21regard to Christo's so if you wanted to
17:23you know make a Photoshop plug-in where
17:25potentially you want to share photos
17:27secretly with your friends then you'd
17:30basically be up another level of having
17:31to reimplemented on't care about that
17:34doesn't make any difference to you in
17:36terms of an application developer so we
17:38want that to be available a service or a
17:40library we spent a lot of time just
17:42doing what's probably being called now
17:44growth hacking and so you know a lot of
17:46the ideas we had towards
17:47BLT cubed had very little to do
17:49with dating we had to do with all social
17:51other things that we could entice people
17:53to show up at okay keep it and then kind
17:55of route them into a different part of
17:58the service they were using that turned
18:00out to be dating but that was a key
18:01OkCupid experience that's basically what
18:03we did for four six years before people
18:05had heard about us we have to come up a
18:06lot of different independent growth
18:08hacks and you know what suffocates you
18:11got a crypto or security into more
18:13people's pipelines well or workflows I
18:17think the first thing that you got to
18:19get right and you have to have a
18:21software you know and work well even if
18:25the person you're trying to communicate
18:27what hasn't signed up yet and I think
18:30that's where a lot of crypto software
18:31just dies it's like basically step one
18:34and we have to get that experience right
18:37and we have to get that experience
18:38common enough for people to use that
18:41they wind up bringing the people
18:42recruiting people for us by way of the
18:44application and I think there's just no
18:47other way to get a service like this to
18:48get good adoption and so that's been one
18:50of the huge problems with PGP up until
18:52now that the typical experience is you
18:55try you say okay this week I'm going to
18:56move all my email to PGP and you know
18:59Monday at 9:30 they say oh man the first
19:02person I want to email it doesn't use
19:03PGP what do I do now need to say well I
19:06guess this experiment failed and so
19:07that's something we can't have happen we
19:10have to really allow the operation to go
19:11through as far as possible as far
19:13offenders concerned and then if the
19:15receiver on-boarded also with minimum
19:18friction and I think unless an
19:20application does that it's doomed to
19:22fail yeah that's part of the challenge
19:23and it's going to where the usability
19:25experience from OkCupid is really is
19:27really coming in in terms of what we're
19:30I think we're intending for the first
19:32users of this product to be programmers
19:35and technical types and that's not our
19:38long-term vision just to be limited to
19:39that audience but we think as a primary
19:42set of users and we already you know
19:44have a small set of users of our current
19:46kind of trial products online now it
19:48tend to be security professionals crypto
19:51professionals programmers but we think
19:53there's tens or hundreds of millions of
19:55people who meet that description people
19:57who know that they should be using
19:59crypto and they know that they should be
20:01but just don't have the first idea or
20:03don't the first clue that's where to
20:04start and you can ask anyone who's
20:07program before like you know have you
20:09ever used GPG and you ever have you ever
20:10at the man page for GPG and they'd look
20:12at you like no of course not I mean are
20:14you kidding me and it's not because the
20:16software's like this offer does this job
20:19really well but it's just it's not for
20:21anyone but the most sophisticated
20:23computer practitioners now and so we
20:25wanted to bring that bar way way way
20:27we're laying it down so even if you know
20:29you should be using PGP or something
20:30like it we're gonna do all the heavy
20:32lifting for you and you're just going to
20:33basically use the tools you used to use
20:36much the same way you did before so
20:37that's part of the mission right there
20:39to try to go after people who are you
20:41know technologists are slightly
20:43technically savvy and from there we
20:45think there's obviously the possibility
20:47to go out a lot further but that's
20:49that's definitely a group we want to try
20:50it so to start with all right max thanks
20:52a lot for your time thank you Chris I