Cassie discusses Quilibrium’s latest updates, including security-focused design decisions, privacy principles, and the integration of S3 and KMS-compatible APIs.
▶️ Watch it on YouTube (English captions): https://www.youtube.com/watch?v=5sCuLEMBh-8
▶️ Watch it on Twitter: https://x.com/QuilibriumInc/status/1893843949661593990
📅 Live-stream date: 23-02-2025
✅ Key topics:
- Apple’s privacy concessions in the UK and their implications
- Quilibrium’s approach to privacy and security
- The dangers of crypto industry nihilism and ethical concerns
- Bybit exchange hack: what went wrong and how to prevent similar incidents
- Demonstration of Quilibrium’s S3 API for decentralized applications
- Updates on Quilibrium’s progress, new hires, and upcoming milestones
Apple’s Concessions to the UK and Their Privacy Implications
Cassie begins by discussing Apple’s recent decision to comply with UK government demands to weaken privacy protections in iCloud’s Advanced Data Protection. She highlights how Apple, as a centralized provider, retains the power to push updates and override privacy settings, making them vulnerable to government pressure.
In contrast, Quilibrium is designed to be resistant to such interventions by ensuring no entity—including Quilibrium Inc.—can compromise user privacy. This aligns with the philosophy of “can’t be evil” rather than “don’t be evil.”
Crypto’s Cultural Problem: Nihilism and Ethics
Cassie then addresses a tragic event in the crypto community, touching on the rampant nihilism surrounding meme coins and the toxic culture on crypto Twitter. Instead of taking accountability, industry leaders deflected attention by discussing Ethereum’s ability to roll back transactions. She criticizes this moral decay and reiterates Quilibrium’s commitment to reviving the cypherpunk ethos—focusing on building real, privacy-preserving technology rather than chasing hype.
Bybit Exchange Hack: What Went Wrong and How to Fix It
Cassie analyzes the recent Bybit hack, in which North Korea’s Lazarus Group stole $1.4 billion in crypto. The core issue was Bybit’s flawed cold storage security:
- Bybit stored massive amounts of assets ($1.4B) in a smart contract wallet (Gnosis Safe), which is inherently not cold storage.
- The same private keys were repeatedly used, violating cold storage best practices.
- Attackers compromised the transaction approval process, tricking Bybit signers into approving malicious transactions.
She contrasts this with proper cold storage practices, such as air-gapped key generation, Shamir secret sharing, and multi-location vault storage. She also explains how Quilibrium’s Key Management Service (KMS) could provide a more secure solution by decentralizing key storage and preventing human error or compromise.
Building Decentralized Apps with Quilibrium’s S3 API
Cassie shifts to a technical demonstration of Quilibrium’s S3-compatible API, explaining how it provides a privacy-preserving alternative to AWS S3. Key takeaways:
- The API mimics S3 functionality for seamless adoption.
- Users can create public or private storage buckets.
- Public buckets require explicit decryption key sharing, ensuring Quilibrium Inc. cannot access private data by default.
- Developers can choose between fully private, self-hosted S3 services or public-facing storage with encrypted access control.
- The system is designed for verifiable encryption, preventing unauthorized access even if the data is stored publicly.
Cassie then demonstrates how to interact with the S3 API using AWS CLI commands, showing how developers can list, create, and modify storage buckets while maintaining full control over their data.
Updates on Quilibrium Development
- New Developer Hire: Quilibrium has expanded its team to accelerate development.
- Quorum Mobile Update: The iOS version is awaiting final approval from Apple before public testing begins.
- Milestone 5 Progress:
- The hypersync system is nearly complete, pending one final bug fix.
- QCL token execution testing is underway, ensuring smooth smart contract interactions.
- The official release of version 2.1 is approaching, with a focus on making it as bug-free as possible.
Final Thoughts and Q&A
Cassie wraps up by addressing audience questions on storage limits, SQLite compatibility, and the future of Quilibrium’s S3 service. She confirms that:
- The initial free storage limit will be 5GB, mirroring AWS Free Tier.
- Users will be able to pay for additional storage with Quill tokens, wrapped Quill, or USDC.
- The team is committed to ensuring version 2.1 is stable before launch, even if it takes a bit longer.
Cassie closes by reiterating Quilibrium’s mission: building privacy-first infrastructure that cannot be compromised by external pressure, poor security practices, or unethical industry behavior.