‘Cryptography remains the weapon of the weak against the strong’

What cypherpunks are up to in 2025

As dystopian plots inch into reality, some still strive to protect their personal data and defend privacy online. ForkLog spoke with cypherpunk Anton Nesterov about the main threats to confidentiality and how to counter them. The interview was first published in our monthly digest, FLMonthly.

“The state has never been the only enemy”

ForkLog: What is today the core of cypherpunk ideology: privacy for an open society, or distrust of authority?

Anton Nesterov: The core of cypherpunk is the idea of broad deployment of cryptography, aimed at anyone who decides to encroach on confidentiality. Cypherpunks trust neither the state nor corporations nor words — they trust only the mathematics embedded in cryptographic protocols.

ForkLog: In his early writings, Julian Assange said that cryptography is the weapon of the weak against the strong. How effective is that weapon today, when the “strong” (states, corporations) possess unprecedented surveillance and hacking capabilities?

Anton: The threat that advances in computing would lead to unprecedented surveillance was understood from the outset. In 1968, packet-network pioneer Paul Baran wrote about the moral responsibility of engineers to protect privacy, calling those who agree to work on its destruction “the whores among us,” while describing this as inevitable and saying such people would always be found.

In 1983, New York Times journalist David Burnham published The Rise of the Computer State, an Orwellian account of the then-nascent practices of mass computerised data collection. We now live in a world where everything in that book is part of daily life.

Cypherpunks emerged against that backdrop and saw protection in cryptography. Surveillance capabilities have grown, but so too has the unprecedented range of cryptographic ways to protect oneself. Cryptography remains the weapon of the weak against the even stronger.

ForkLog: The state used to be seen as privacy’s chief foe. Today we voluntarily hand our data to corporations. Has the main opponent changed?

Anton: The state has never been the sole enemy; opponents are all who wish to violate confidentiality. Corporations can be compelled by the state to hand over information, so the boundary between them is porous. The opponent can also be an individual — and cryptography protects against that, too.

ForkLog: Some claim the battle for privacy is already lost. Mass surveillance, big data — we live in a world of total monitoring. Is there still any point in fighting?

Anton: Totalitarian states exist, but that does not mean the struggle for democracy is lost. This struggle will last forever.

ForkLog: People “accept surveillance” for the convenience of services. How can this be reversed? How do you convince an ordinary person that their privacy matters more than comfort?

Anton: The usual answer is a tirade about a free society and the importance of confidentiality in protecting against authoritarianism and safeguarding free speech. These are correct and important arguments, but many do not care; some even roll their eyes. They avoid politics, try to live simply, keep their heads down, do not work in fields that require heightened confidentiality, and think these issues do not concern them. They do.

They need closer-to-home examples. Right now, hundreds of terabytes of Russian citizens’ data from convenient services lie openly accessible, leaked by Ukrainian hacktivists. This shows what services actually store and how valuable that information is. It is now clear that with a bit of social engineering you can make a person do almost anything — and it works on ordinary people who “have nothing to hide.” Data enables blackmail, identity theft, stalking and many other unpleasant things.

People will have to understand that anyone will use their data against them in any way possible, including ways they do not suspect — and they will not like it. Confidentiality is necessary to guard against this. Cryptography is necessary to ensure confidentiality.

ForkLog: How does the cypherpunk movement respond to challenges that did not exist in the 1990s: facial recognition, predictive analytics, AI censorship, centralised digital currencies (CBDC)?

Anton: You cannot roll back facial recognition; the technology is here — cheap and accessible. In the hands of the state it becomes especially dangerous. The danger lies not only in surveillance itself, but in the fact that facial recognition cannot be perfect. Combined with police power and the heightened trust law enforcement can place in “AI” evidence, this has already led to ugly cases.

Consider the case of Aleksandr Tsvetkov, whom a facial-recognition system at Domodedovo airport mistook for a composite sketch of a serial killer. He was held in pre-trial detention for 10 months and interrogated until he signed a confession.

Such things regularly happen in the United States, too. This is not uniquely Russian, but a consequence of mixing a “magic box” with policing. We cannot stop facial recognition, but we can stop its use by the state through legislative bans, as in some US cities.

Predictive analytics and scoring more broadly have many problems. These are utterly opaque systems. No one can say what exactly the black box does or why it produces a given result. Statistical models can find correlations that exist but lack significance. Rare events are a separate problem.

Data collection itself can contain errors. Yet decisions are then made automatically on that basis — decisions no one can explain — and those decisions affect people’s lives. That is how credit scoring works; it is used to set insurance prices; it determines which ads you see online; it informs governmental and other decisions.

Cypherpunks advocate protecting data with strong cryptography, which solves these problems at the root.

AI censorship differs little from any other big-tech censorship. States force companies to impose restrictions; no one wants to fall under the regulator’s knife. Fortunately, many open large models have appeared, so this problem is partly addressed and AI’s future is not so murky.

CBDCs were discussed by cypherpunks back in 1994, albeit under a different name. Their approach to the technology is no different from their approach to traditional banking; the solution is cryptocurrencies.

ForkLog: If you had to assemble a “modern survival kit” for a cypherpunk, which tools would it include?

Anton: The main tool is your head and an understanding of the subject. Practical confidentiality begins with threat modelling, so it is hard to single out anything universal.

Still, I would name a few underrated basics: free software with the latest updates from a reliable source; full‑disk encryption; authentication via a WebAuthn hardware token (and a hardware wallet for cryptocurrencies); never reusing passwords; and striving always to leave as little data as possible.

A truly private blockchain

ForkLog: Bitcoin, with its pseudo-anonymous and public blockchain, is often criticised for lacking privacy. Are anonymity-focused coins (Monero, Zcash) worthy substitutes? Or does the very concept of decentralised money already fit the movement’s spirit?

Anton: In their current form, Monero and Zcash are hard to call final solutions; they have many usability constraints. They were created when the cryptography was just emerging and many problems were unresolved.

For true mass adoption of cryptocurrencies, a private blockchain is simply essential. Companies’ transactions are commercial secrets; even the modern banking system can preserve that in most cases. One can imagine how this would hit ordinary people, too: a payment at a hotel across the country would signal that no one is at home. Combined with balances, you can imagine automated lists of the most attractive targets for burglars.

These are not the properties we want in new money. The state can request data from a bank, but it is not available to just anyone in real time. Banking has no such public-by-default case and there is legal liability for breaching bank secrecy — yet for some reason this is still considered normal in cryptocurrencies.

Unfortunately, efforts to solve this face immense pressure, especially after the crackdown on Tornado Cash with sanctions and criminal cases. It became clear that a public business model for such projects is off-limits due to risk. zkSNACKs stopped hosting a CoinJoin coordinator, Trezor ended its support, and the developers of Samourai Wallet were arrested.

The entire industry is feeling a huge chilling effect from how others have been treated, yet some research continues nonetheless.

We can have private transactions on Bitcoin. CoinJoin is not perfect, but it exists. Confidential Transactions and Bulletproofs were attempts. ZeroSync is now actively researching the potential of zero-knowledge proofs on Bitcoin.

I think we will follow the same path as with cryptography in general. It was once banned; people claimed it would let terrorists, paedophiles, Soviet spies and other bogeymen communicate undetected — but now we live in a world where TLS is on practically every site, because its absence helped other scary people steal money.

Today the idea of a private blockchain meets resistance from states, citing the same reasons: terrorism financing, money laundering. But we cannot sacrifice banking secrecy because that makes us vulnerable to people who want to harm us.

The limits of paranoia

ForkLog: Encryption tools used to be the domain of geeks. Today Signal, Tor Browser and VPNs are far more accessible. Has this helped popularise the cypherpunk movement?

Anton: Cypherpunks popularised cryptography to the point that it is everywhere; a world without it is unimaginable. Perhaps not to the absolute we would like, but the ideas have permeated. The development of crypto-protocols and the emergence of more user‑friendly software have expanded the user base. The cypherpunk goal is for everyone to use cryptography without noticing it.

Aleksei Yurchak, in “Everything Was Forever, Until It Was No More”, noted an internal contradiction the Soviet state faced. On the one hand, the USSR mass-produced shortwave receivers, set up amateur radio clubs, and the magazine Radio published DIY receiver instructions. On the other, huge resources were spent jamming “enemy voices”, even though the very basis for receiving them — shortwave receivers and radio skills — had been created by the state itself.

The spread of censorship‑circumvention and privacy tools looks similar. The state spends trillions on ТСПУ to limit access to information, but this forces people to use circumvention tools that also render traffic inaccessible to analysis via СОРМ.

Each move by the state turns more people into cypherpunks. They start thinking about traffic analysis when YouTube loads poorly; about confidentiality when they see absurd prison terms for some decade‑old VKontakte images. That is probably the main driver of cypherpunk growth in Russia today.

ForkLog: Where does cypherpunk end and paranoia begin?

Anton: There is a medical boundary. Paranoia is something unrelated to reality. If you think the FSB installs traffic‑interception boxes at every network node, you are not imagining it — it does; that is a fact, and you will have to live with it. If you think the FSB is trying to control you by sending signals through your microwave, see a doctor.

ForkLog: AI can be used both for total surveillance and censorship, and to build stronger tools for cryptography and anonymity. Do you see AI as a threat, a tool, or all of the above?

Anton: The main threat with AI is social. People place too much trust in a large statistical model that merely predicts the next token in a message. Marketers bear some blame for selling it as an infallible supercomputer with all human knowledge, which strongly appeals to those far from technology.

This has many consequences across domains, from AI slop swamping search results to wrong decisions at many levels due to overestimating a neural network’s quality. The effect will diminish once the technology becomes more familiar and society learns to live with it.

I do not think AI will greatly affect cryptography or that there is deep potential for synergy. Perhaps AI will help generate a logo for papers on a new cryptographic protocol. They are, after all, different technologies.

ForkLog: Is it worth an ordinary person starting to fight for privacy if they have already left a digital footprint?

Anton: It will keep them from leaving more.

ForkLog: If you had to update the cypherpunk manifesto, what new theses would you add?

Anton: The cypherpunk manifesto is a finished text; it already says what needed to be said. The task is to follow it.