Playing in Hardcore Mode: Where today's cypherpunk technology falls short

Using technology is often difficult even without security or privacy considerations. Normal or even fairly robust security and privacy requirements make it even harder to effectively use technology. Yet, most of the time, the there are identified vulnerabilities even if those requirements are met -- these attacks are just considered to be uneconomic or beyond the resources or motivations of the attacker.

We will discuss some of the higher-than-normal threat environments, situations where due to extreme value of protected assets, other-than-economic factors, or changing technologies and assumptions, normal assumptions about the lengths an attacker will go to don't hold. This is particularly scary for normal users because threats aren't static: what requires a 15 year long well-resourced development program to exploit today might be a hobbyist project to exploit in a few years, after the system and its protection measures are in production and difficult to update.

While not everyone is operating in hardcore mode, the vulnerabilities exposed can often be addressed by technological or fundamental changes which benefit everyone, and these changes are often cost-effective when applied globally, leaving everyone but the attackers better off.