IETF 104 was last week, and I’ve been trying to find the time and (mental-)space to do a mind-dump about it. Now that my ig is basically a Prague travelgram, the number of test failures/bugs assigned to me have been made peace with, beer/goulash/jet-lag have been recovered from and the Sunday after has lazily rolled around, I have no excuses left.

As a co-chair, my focus was the second (or third, depending on who you ask) meeting of PEARG - the Privacy Enhancements and Assessments Research Group (aka the privacy research group). Our group’s charter aims to bring in privacy researchers from diverse backgrounds - open source, industry, academic - to the IETF. Last meeting, we had presentations by folks from the Electronic Frontier Foundation, The Guardian Project, Off-the-Record v4 messaging protocol and Princeton University. This time, we had presentations by Iain R. Learmonth who works on Metrics at the Tor Project, Ryan Guest from, Nick Sullivan from Cloudflare, Amelia Andersdotter (ARTICLE 19) / Christoffer Långström (Uppsala University), and Martin Schanzenbach from Fraunhofer AISEC (hyperlinks are to their slides). You can also watch the whole meeting on YouTube.

Overall the meeting went well, I think. Turns out that there are some interesting overlaps between the work that Salesforce is doing around log anonymization and Tor’s safe metrics collection principles. Cloudflare’s Privacy Pass is a great piece of work around privacy-preserving cryptography - using zero-knowledge proofs to let users prove that they’re not bots to an Internet plaftorm without enabling tracking. Read Nick’s blog post about it. Nick’s presentation at PEARG was a fantastic example of motivating and explaining involved math in a 15-minute presentation. Amelia and Christoffer gave a well-received presentation on the principles behind differential privacy as well as its shortcomings, generating some buzz that I overheard for most of the week around how it could be applied to the Internet protocols that the IETF develops. Martin’s work around re:claimID sparked a discussion around the UX of identity provider services is what is important, perhaps even more so than the protocol itself. We lucked out with our meeting slot; 9 to 11 am on the very first day (Monday) which worked perfectly because a) we could invite academic-folk who could club the free one-day academic pass with the hackathon that takes place immediately before the IETF week and thus save on hotel costs + not have to pay the exorbitant IETF fee, and b) no clashes. Perhaps because of the latter, we had a full house - 108 people signed the attendance sheet!

Overall PEARG (pronounced pear-g: Sara ran a Twitter poll around the pronunciation and it’s offical now) seems to be heading in the right direction, I think. We graduated from being a proposed research group to being an official research group at the IRTF. Sofia Celi who we invited to the previous PEARG meeting to talk about her group’s work with OTRv4 is now involved with messaging protocol development at the IETF. She gave a talk on Deniability in Group Messaging Protocols at the Messaging Layer Security session. We’d like to keep bringing in smart people working on privacy to the IETF, because for better and (sometimes) for worse, the Internet protocols that we develop at the IETF have an impact of people’s privacy, and it is clear that we do not understand privacy as well as we would like to.

This IETF meeting was my last as an Internet of Rights fellow at ARTICLE 19. I’m not being hyperbolic when I say that my fellowship was life-changing - to a large extent, the Digital team at A19 helped me find what I want to work on for the immediate future. I’m going to miss the Digital team!