Cypherpunk Values & Philosophy

The Ethereum Cypherpunk Congress 2 (Buenos Aires, 2025) brought together the largest collection of cypherpunk thinkers in the Ethereum ecosystem — and produced a remarkably coherent set of values alongside honest acknowledgment of their tensions. The central insight: privacy is not a technical feature. It is the prerequisite for all other freedoms. (→ [[ecc2]])

Core Principles

Privacy enables freedom (Eva Galperin / EFF, Kurt Opsahl / Filecoin Foundation): Without privacy of thought, expression, and association, other freedoms become theoretically possible but practically unexercisable. Surveillance capitalism and state surveillance are not separate problems — they share the same infrastructure. Cyberfascism is fascism enabled by technology: digital surveillance provides the dossiers; data consolidation provides the targeting; mission creep from “law enforcement” to “population control” follows inevitably.

Historical precedent: IBM’s role in the Holocaust (census data → deportation lists); China’s social credit system; Pegasus spyware deployments against journalists, activists, and politicians.

Code is speech; privacy is a right (Peter Van Valkenburg / Coin Center): Developers have a First Amendment right to write privacy tools. The Tornado Cash prosecution attempts to criminalize tool-building based on potential misuse — a principle that would criminalize lock manufacturers because locks can secure crime scenes. The “John Hancock Project” (privacy-preserving identity alternative to KYC) and legislative safe harbors for developers are the practical political demands.

Decentralization as power distribution, not efficiency gain (Jarrad Hope / Logos, Juan Benet / Protocol Labs): Decentralization matters not because it is more efficient, but because it prevents single points of coercion. The cypherpunk tradition — Diffie-Hellman, the crypto wars, the DES export battles — was always about ensuring no single entity could surveil or control communications. This is a political project, not a technical preference.

The Sapphire Punk Critique

Wassim Alsindi (MIT Media Lab / 0xSalon) argues that cypherpunk values have been captured by libertarian crypto-maximalism:

  • “Code is law” creates algorithmic formalism unchecked by human judgment
  • Bitcoin is an “inhuman monetary system” indifferent to externalities
  • Crypto displaced the cypherpunk ethos with individualist speculation
  • Network states resemble crusader kingdoms — colonization with ideological branding

His counter-proposal: sapphire punk — privacy as commons rather than individual right; sovereignty as relation rather than isolation; care ethics embedded in code rather than indifference to consequences.

The productive tension: Individual rights framing (Van Valkenburg) protects developers legally and creates clear demands. Collective/relational framing (Alsindi) addresses externalities that individual rights ignore. Both are needed.

Developer Moral Responsibility

Sofia Celi (Brave / University of Bristol) — “boring cryptography”: Cryptographers have a moral duty to consider real-world impact. Key arguments:

  • Latin American archives of terror show that data collection enables torture — not hypothetically, but historically
  • Threat models must include intimate partner violence, persecution of minorities, and Global South contexts — not just the “hacker vs. corporation” model
  • ZK age verification proofs still enable surveillance and exclusion if the underlying policy is oppressive. “Zero-knowledge proofs cannot fix bad policy.”
  • Human rights criteria must be embedded at the IETF level, not left to individual developer conscience

Eva Galperin (EFF): “Sometimes the answer is we won’t build that.” IBM built census infrastructure; it was used for genocide. Developers must:

  • Refuse mass surveillance infrastructure
  • Future-proof encryption against democratic backslide
  • Minimize data collection by default
  • Center marginalized communities in design

Joan Arus (Sentinel Alliance): Mercenary spyware (Pegasus, Candiru) is deployed by governments against the exact developers building privacy tools. Intelligence laundered into legal prosecutions. “Terrorism” definitions broad enough to criminalize any infrastructure. The Catalan independence movement: developers surveilled, prosecuted, convicted. Jamal Khashoggi: targeted via Pegasus, then killed. Privacy infrastructure and its builders require explicit legal defense structures.

The Missing: Marginalized Communities

Daira Emma Hopwood (Zcash) makes the sharpest critique of existing cypherpunk manifestos: they were written by privileged people with access to English, money, technical expertise, and legal protection. They systematically ignore:

  • Disabled users (no assistive tech integration, no multilingual support)
  • Migrants and undocumented people (for whom financial privacy enables mutual aid and survival)
  • Trans and queer communities targeted by state persecution
  • Palestinians and other occupied populations for whom digital surveillance is a weapon

Privacy without accessibility is privilege. Concretely: if privacy tools require English, technical sophistication, and legal protection to use, they protect the people who need them least.

ml_sudo: Trustless tech is essential for women and marginalized groups precisely because trusted intermediaries consistently discriminate. Goldman/Apple credit card assigned lower limits to women with identical financial profiles. AI systems trained on biased data reproduce those biases at scale. Women must be involved in building trustless systems, or those systems will replicate male-encoded biases.

Movement Infrastructure

Roger Dingledine (Tor Project) — “cute cat theory”: Anonymity networks succeed via ordinary uses (lawyers, doctors, cat pictures), not just dissidents. Making privacy mundane is strategic:

  • Tor’s majority traffic is legitimate everyday use
  • Allies emerge unexpectedly (FBI agents who value anonymity for undercover work)
  • Community-run infrastructure (Tor’s volunteer relays) creates resilience that profit-maximizing structures destroy

Danny O’Brien (EFF / Filecoin): Privacy movements are cyclical. GDPR succeeded in Europe — then was weaponized by Hungary against journalists. Regulatory victories can be captured. Movements must be built on values + institutions, not charismatic leaders whose personal flaws can be weaponized to discredit the cause. Distributed knowledge prevents single points of failure.

Narrative as infrastructure (Arnaud Schenk / Aztec): Ethereum lost its cypherpunk ambition after the ICO bubble — shame led to ideological retreat. The crypto wars succeeded partly because privacy advocates told a compelling story. Bitcoin maintained value through narrative as much as technology. A movement without a compelling story loses talent and political support.

Funding as infrastructure (Juan Benet / Protocol Labs): Cypherpunk work requires sustainable funding. Tokens enabled research that grants and donations couldn’t. Being “cash-flow positive” — sustaining the infrastructure economically — is not a betrayal of values but a prerequisite for the work to continue. See Ethereum Public Goods Funding for the Protocol Guild crisis.

The Adoption Problem

Seth For Privacy (Cake Wallet): The barrier to privacy adoption is not cryptography — it is UX. Signal’s success vs. PGP’s failure is the canonical example. Both provide strong encryption; one is used by billions, the other by specialists. Tribalism between crypto-FOSS communities and cryptocurrency communities is counterproductive — the problems are shared, the users are different audiences of the same rights.

Roger Dingledine: Tor adoption spread via unexpected paths — people shared it with friends not for political reasons but for mundane privacy. The “cute cat theory”: make privacy tools the normal, convenient option for everyday tasks first. Political use cases follow.

Pavel Zoneff (Tor Project): Privacy is a daily practice, not a product feature. Rejecting cookies is “digital disobedience” — a small act that, aggregated across millions, erodes surveillance capitalism’s data collection. Normalizing the practice is the goal.

Cypherpunk Values vs. Institutional Privacy

Oskarth (EF Institutional Privacy Task Force): These are not opposed. The same cryptographic primitives (commitments, ZK proofs, threshold crypto, selective disclosure) serve both cypherpunks and regulated institutions. The difference is in governance and scope, not technology. Ethereum’s L2 pluralism enables coexistence:

  • Permissionless L2s for cypherpunk use cases
  • Governed/permissioned L2s for institutional compliance
  • Shared L1 settlement providing neutral infrastructure for both

Forcing a false choice between privacy and compliance drives institutions toward centralized systems with zero privacy rather than toward carefully designed on-chain solutions. See Privacy as UX Design for the full institutional-cypherpunk coexistence framework.

Key Frameworks for Wiki Use

Cyberfascism stack (Galperin): Surveillance infrastructure → data consolidation → mission creep from law enforcement to population control → weaponization against dissent. Prevention requires decentralized infrastructure at every layer.

Ethical responsibility scaling (Celi / Galperin): Those with more resources, skills, and legal protection have greater responsibility to contribute to privacy infrastructure — not extract from it.

Privacy as generation (Armor / DarkFi): Privacy-as-defense (“hiding from the state”) reinforces the surveillance state’s framing. Privacy-as-generation (“building new spaces where we want to live”) reclaims agency. Aesthetics and culture shape adoption as much as technical correctness.

d/acc — Decentralisation Accelerationism (Devconnect Buenos Aires, 2025)

A distinct but adjacent intellectual tradition, coined by Vitalik Buterin in 2023 as a response to both AI doomerism and unconditional tech accelerationism. d/acc treats the defensive and decentralized character of technology as its central ethical criterion. The cypherpunk connection: privacy is d/acc by definition (symmetric, defensive, decentralized). Open silicon, open biotech, and open science infrastructure are also d/acc. Surveillance technology, offensive drones, and closed AI are explicitly not d/acc even if decentralized.

The test (Vitalik): “Would you be happy if your worst enemies also had this technology?” Technologies that pass — vaccines, clean air monitoring, open silicon, privacy tools — are d/acc. Technologies that create asymmetric power advantages are not.

The key extension beyond traditional cypherpunk: d/acc explicitly includes physical-world defensive technologies (open-source medical devices, decentralized clinical trials, science integrity infrastructure, air quality monitoring) as part of the same movement. See Decentralisation Accelerationism (d/acc) for the full treatment. (→ [[devconnect-argentina]])

Connections

Open Questions

  • Can the sapphire punk critique (privacy as commons) and the individual rights framework (Van Valkenburg) be unified into a coherent legal and philosophical position?
  • Does making privacy “mundane” (cute cat theory) dilute its political power, or is mainstream adoption the only path to sustainable privacy infrastructure?
  • How do you build privacy tools accessible to communities who lack English, legal protection, and technical resources without inadvertently creating new points of failure?
  • Who funds the legal defense infrastructure for developers building privacy tools — and does relying on that funding compromise independence?
  • Does d/acc remain crypto-native, or does it successfully recruit biotech and hardware communities into a broader coalition?