Amidst all the silliness, flames, and lunacy of this list, there's a tremendous amount of exciting stuff going on. I thought I'd take the opportunity to do one of those self-indulgent look back at the year postings. Cypherpunks write code. One of the best things about 1995 was the volume and quality of cpunk code that was released, and, perhaps equally importantly, existing cpunk programs that continue to be supported and improved. Here's a subjective top 5 list: 1. SSLeay, by Eric Young and Tim Hudson. Ordinarily, I wouldn't consider a crypto library to be all that newsworthy, but SSLeay is clearly an exception. SSLeay's real strength is its ability to be integrated easily into real applications, including Apache/SSL, Mosaic, telnet, etc. I'll go out on a limb and guess that one of the reasons why SSLeay is so good is that Eric has a lot of experience doing this kind of thing. His libdes code dates back at least to 1990, and (I think) even further. 2. Ssh, by Tatu Ylonen. There are a quite a few secure shells around. What sets ssh apart is its dedication to usability. It is one of the few crypto applications that is _more_ usable than the non-crypto version. The transparent X forwarding is fabulous. 3. Mixmaster, by Lance Cottrell. Finally, we have remailers that come close to real cryptographic security. The mixmasters are more reliable, in addition to more secure, than the type-1 remailers. The client is well written with a fairly easy interface. No wonder it's becoming so popular. 4. Alpha.c2.org, by Matt Ghio. The idea of pseudonyms incorporating strong cryptography has long been a cypherpunk dream. Thanks to Matt's work in writing and maintaining this nymserver, it's now reality. There are well over a thousand nyms registered on alpha.c2.org now, and that's likely to increase now that automated tools are becoming available. 5. Netscape, by Jeff Weinstein et al. Netscape Navigator is the first massively popular program to incorporate strong crypto. The email hasn't materialized yet, and there have been some scary statements by top management, but I'm hopeful that this program will become the primary vehicle for acheiving cypherpunk goals. Code, while important, is not the only useful cypherpunk activity. It's also been a great year for getting the word out there. The Net was _the_ hot story this year, and a lot of the coverage had a cypherpunk spin. Much of the credit goes to Sameer Parekh for his PR work. I know some cypherpunks dislike the "interview yourself" style of press release writing, but I'm very glad that we've got someone on our side who's good at it and is willing to put in the work. More broadly, we've found that our viewpoint and opinion matters. People are at a loss for how to think about the Net and its social implications. We've been thinking about that for a while, and have something to add to the discussion, and people are listening. 1995 will surely go down in history as the year that The Great Drive to Censor the Net began. The powers that be will continue pushing ahead with laws restricting speech, increasing liability for speech, and outlawing strong crypto. A short term effect will be to create some real differentiation between service providers. Up to now, the difference between one service provider and another has been an equation with bits on one side and dollars on the other. Starting soon, it will make a difference in what information can be easily accessed. A domain name of compuserve.com now clearly labels its account holder as a free speech inactivist. More cypherpunkish domain names are a sign of not being afraid of information. Over the long term, I agree with Lucky. The powers that be will have some success in censoring the Unwashed Massnet. However, cypherpunks will be able to create an infrastructure where freedom of speech thrives. A large part of this work is the development of censor-resistant protocols. My favorite such protocol is NNTP, even though it contains no crypto. HTTP is also a bit censor-resistant because it's so easy to set up a Web server. However, it still has grave weaknesses from this perspective, because of the need for a full time Internet connection _and_ storage in order to publish on the Web. The Web can become either more centralized or more decentralized, and there are strong forces pushing in both directions. I think the best hope for a cypherpunk Web is to emphasize dual-use techniques, those that advance mundane as well as cpunk goals. For example, distributed caching will make transfers go faster and make "unable to connect to server; try connecting again later" errors much less frequent. If done right, it can also make part-time Web servers feasible, and perhaps make it extremely difficult to delete documents that the publisher didn't want deleted (can anyone say "cryptographic authentication?"). Similarly, the same crypto-enabled filters that keep spam out of Joe Random's mailbox can drive a real public key infrastructure (Web relevance: the Web is the natural home for a pubkey infrastructure. Let's make sure to be there for the housewarming party). The way that the low-tech protocols of the Web have crushed and assimilated corporate Weblike networks is inspiring - it holds out real hope we can win, even against opponents as dedicated and powerful as governments. It will take hard work, tenacity, cooperation, and technical sophistication, though. Remember that Windows took about seven years to become successful. For dud of the year, I'd have to nominate Java. Don't get me wrong, this language shows a lot of potential. But, to a large extent, they've done the easy part, and the hard part remains. Given its existing security model, it's difficult or impossible to do anything really interesting with Java. Yet, fixing the security model _is_ the hard part. Best of luck to the Java people and all javapunks, but I think a strong case can be made that the hype machine went overboard. To all the cypherpunks who helped make 1995 such an exciting year, best holiday greetings and wishes for 1996. Raph