Tessa Brown 0:00 I'm really excited about Tessa's talk today because it's not necessarily about the technical bits, and she's going to talk to us about how we do consent instead of just relying on things like encryption. 0:13 So thanks so much. Speaker B 0:16 How do I share one screen and not both of them? 0:19 Is that a thing? 0:22 Huh? 0:23 Okay, let's see what happens here. 0:26 Here. 0:34 I want to share this only. Tessa Brown 0:35 Only that? Speaker B 0:36 Oh yeah. 0:36 Window or app? Speaker C 0:37 Window. Speaker B 0:38 App. 0:38 Choose window. Speaker D 0:41 Perfect. Speaker B 0:41 Thank you so much. 0:52 Alright, let's do this. 0:54 Hi everyone, thanks for being here. 0:57 Who's here? 0:58 My friends? 0:59 My colleagues? 1:01 Great, okay. 1:03 I am Tessa. 1:04 I am the CEO and co-founder of Germ Network. 1:08 I'm here with my founding engineer Anna, who I hope many of you will get to meet. 1:13 If you have technical questions, you should really ask her and not me. 1:17 Um, we build an end-to-end encrypted messenger that lets you log in with social handles and instead of a phone number. 1:24 Germ supports multiple identities, and @proto is our first and maybe most important stop. 1:38 Germ now launches from your BlueSky, BlackSky, and other @proto profiles. 1:44 So, thousands of you have used it since we integrated into your BlueSky profiles. 1:50 Thank you for sharing your feedback in the last few weeks. 1:53 And to the app proto developers who are already implementing the Germ button in your app views for your users, thank you. 2:01 We have a lot of work to do, but we are ready to be your secure messaging app for the atmosphere and beyond. 2:08 Come find Anna and I at 9:00 AM tomorrow morning in the lounge, the like round lounge upstairs. 2:15 We're going to play with Germ and we would love to hear your feedback. 2:18 And I have one green Germ hat to give away. 2:22 So my co-founder and CTO, Mark, is watching from home in LA. 2:26 Hey, Mark, we miss you. 2:29 Mark and I met on Twitter. 2:31 I was a social media scholar with a theory about the centrality of messaging to social, and Mark was the ex-Apple iMessage and FaceTime privacy engineer who left to replace the phone number It's hard to believe that a year ago, he and I came to Seattle for ATConf as perfect strangers to everyone here because we had just started integrating App Proto into our messaging app. 3:00 That weekend, we had some exciting conversations about privacy and private data that a year later are bearing so much fruit. 3:08 And even at Germas, we're focused on building end-to-end encrypted channels for your App Proto handles. 3:14 We're also really interested in private data, both as developers who might use it and also as users and as citizens of this ecosystem who care about the future of social networking. 3:27 But today I don't wanna talk about privacy, I wanna talk about consent. 3:34 In this community we talk a lot about openness, self-determination, privacy, and choice. 3:41 These are north star values that orient us around what we're building. 3:46 But these words fundamentally each describe a position of the self. 3:52 I am open or private. 3:54 I have choices. 3:56 But as soon as I tell you what to do, these terms collapse. 4:01 Consent is the missing principle here, because consent is a principle of relationality. 4:08 Relationality is hard because it's dynamic. 4:12 It demands continual negotiation, but it's also strong because it produces consensus. 4:20 Consent is scalable because it extends from a two-person relationship to the relationship of people to their government and to their social rules and norms. 4:32 Caring about consent translates to movement coherence and political durability. 4:38 Building consensual systems is building systems to last, and I think that's what we're all trying to do here. 4:46 It's also simply the price of healthy relating, and I believe that every single person at this conference builds technology to serve human flourishing, choice, and community well-being. 4:58 We're all building the future that we wanna live in. 5:01 So today, I wanna offer us that consent is and should be one of the core guiding values that we unite around to reach our goals. 5:11 I want to offer consent as a resource. 5:14 Consent is a concept that you can return to when you're setting goals, designing products, and engaging with users, also known as other people. 5:28 This talk is not graphic, but I do just want to give a trigger warning that I will mention interpersonal and sexual violence, so please take care of yourself. 5:37 So the internet that most of the world lives in today is characterized by surveillance and control. 5:44 That's why we're building the alternative, right? 5:47 Modern social media is a gilded cage where people trade their information, relationships, attention, and ultimately freedom of thought for a steady drip of content that promises connection like a carrot that you can never quite reach. 6:05 Over 6 billion people are on the internet and 4 billion human beings are using Meta products every single month. 6:14 These are the people that we're trying to recruit to the atmosphere. 6:18 We've lived in meta social internet for 20 years and I thought it would be fun to remind us how it started. 6:27 A Facebook, for the younger folks here, used to be a kind of yearbook that colleges would describe, distribute at the beginning of the school year to help undergrads make friends, because it's always natural for us to look for each other. 6:39 So in the early 2000s, Harvard made these digital. 6:43 There are 12 residential houses on campus, like big dorm complexes, and they each had their own private online Facebook. 6:51 So Mark Zuckerberg, when he was an undergrad, hacked into each one. 6:55 He downloaded every single image of an undergraduate woman at Harvard. 6:59 And fed them into a Hot or Not style website that he then distributed. 7:05 Luckily for him, the president of the school at the time was this guy. 7:10 Zuck received zero discipline for hacking school IT systems and sexually harassing every single undergraduate woman on campus, which probably included minors. 7:21 He was able to build and launch Facebook with campus resources got to drop out of his own free will, and then this guy wired him $500,000. 7:32 In the 12— in the 20 years since, he's built so many beautiful businesses that all of us around the world get to enjoy today. 7:44 I know, goals. 7:50 Today, the way 70 to 80% of Americans feel about how companies and the government handle our data is distrust, lack of control, and confusion. 8:02 This is a picture of authoritarianism that predates our current administration. 8:09 Social media has connected the world, but it has also traumatized the world. 8:14 We wanna talk to anyone, we don't wanna talk to everyone. 8:20 It's time for us to build new products with the love and tenderness that make it safe and easy for people to trust us and depend on us for the rest of their lives. 8:30 Luckily for us, consent is a renewable resource that we produce ourselves. 8:38 Defined simply, consent is agreement to what someone else proposed or is doing that involves you. 8:47 In fact, it's a concept with a 1,000-year history that bridges contract law, political theory, sexual health, human rights, and data policy. 8:58 So whether you're talking about consenting to a contract, to being governed, to sex, to data collection, it's all the same idea. 9:06 So it's obviously a hugely important concept. 9:10 In the 1990s, anti-rape activists on college campuses pushed the theory of consent into affirmative consent, which from there moved into law. 9:21 Affirmative consent has 5 parameters. 9:25 It's voluntary, so of course, it's freely given. 9:29 It's informed, people need to understand what they're consenting to. 9:35 It's revertible, it's reversible, which means it's continually given and you can withdraw it. 9:41 It's specific, so consent is to a specific ask, it's not a blanket permissiveness. 9:48 And finally, it's unburdensome, it's easy to give, otherwise it's not really accessible. 9:56 But in the context of software, consent has remained really shallow. 10:00 Permission screens cloud our access to information and services, and we're coerced into consenting. 10:07 It's not, That's not the deal. 10:11 In 2021, human-computer interaction scholar Jane Im challenged us to apply the most current theories of consent to how we design social media features. 10:22 She has this extraordinary table where she categorizes or generates social media features across the 5 categories of affirmative consent. 10:34 This table is an actual laundry list of the best features that we've been begging platforms for for 20 years. 10:41 It includes a lot of the stuff that we're working on here in the atmosphere, like algorithmic choice and account labels, the ability to disconnect posts from their engagement. 10:53 It is also extremely generative with new ideas for automation and organization and personalization. 11:02 The first line of this chart is DMs. 11:04 It has some really awesome feature ideas that we've talked about at Germ when we think towards group chats, automations, and productivity features. 11:12 And Germ's agentive multi-identity technology is going to make some of this really easy, like automations based on who you're talking to and who they know you as. 11:24 But consent in messaging starts earlier than that. 11:27 Because a DM is the minimum viable product of a digital relationship, the same way a two-person connection is the smallest unit of a community. 11:39 So let's talk about germ. 11:42 We've heard a lot about @proto ethos. 11:45 We also have a germ ethos. 11:48 I resonated so strongly last year to Paul Frazee's talk on Blue Skies Theory of Change. 11:54 Germ is similar to Bluesky in that we are also a product built on top of an open protocol. 12:01 Our protocol will always be interoperable, open source, and free, and we'll build our business through our product or products. 12:10 We also believe that the way to grow how many people we serve is to compete as a consumer startup. 12:16 So we're a public benefit corporation that's using growth capital to build our business. 12:23 But if the AT protocol is locked open, Jerm's protocol is locked consensual. 12:32 Jerm starts from the technological equivalent of a human rights posture. 12:37 That you, each of you, are a self-sovereign individual with inalienable rights to your personhood, which in the digital realm is expressed as data. 12:48 From that foundation, you have the power to identify yourself and to form relationships expressed as sharing data. 12:57 Each relationship you form is unique, is double opt-in and a single opt-out, just like non-abusive relationships in the real world. 13:10 Our protocol is an authentication layer on top of the messaging layer security protocol for end-to-end encrypted messaging. 13:18 So the relationships that you opt into on Germ exist in a completely private session between you and the person you're talking to. 13:27 You choose to talk to someone, also known as sharing data in real time with them, and you're only sharing it with them. 13:35 So this is cryptography in the service of how we really form and dissolve human relationships. 13:44 End-to-end encrypted messaging started off centralized. 13:47 Both parties have to be on the same service and you send encrypted messages addressed to and from the identities of the two parties. 13:56 Historically, those have been phone numbers, but in recent years, those have been things like crypto wallets. 14:03 Germ decentralizes authentication with our novel protocol, which is inspired by double ratchet, Double ratchet is the gold standard of end-to-end encrypted messaging, and it updates encryption keys with each message sent. 14:19 Similarly, our protocol updates identity and transport when you message people. 14:26 This gives us a powerful primitive that breaks free of fixed identities and centralized services. 14:34 Our protocol Oops. 14:36 Our protocol frees end-to-end encrypted communication from phone numbers so that you can communicate as multiple agentive identities. 14:45 So we're building secure messaging beyond phone numbers. 14:49 There's a theory of relationship here. 14:52 If a message is the MVP of a digital relationship, that means we're only connected if we're communicating. 15:01 There aren't inactive follows on Germ. 15:04 The connection starts only when I send you a message. 15:09 Identification is part of communication, not separate from it. 15:13 When I talk to you, I identify myself to you. 15:16 It's the first thing that I share and not before. 15:19 Like Krishnamurti said, "I cannot exist in myself. 15:24 I only exist in relationship." On Germ, you don't exist without your relationships. 15:31 The coercive internet is based on a very dark view of humanity, that we can only be tricked into engaging with each other. 15:41 The history of the world would beg to differ. 15:45 At Jerm, we're idealists, but we're also realists. 15:49 So many of us lately at this conference and online beforehand have been talking about how we need to make our products effortless and inviting. 15:58 Like I used to tell my students, you can't follow your paper around explaining what you meant to say. 16:06 As Toni Cade Bambara says, the role of the artist is to make revolution irresistible. 16:13 At Germ, our goal is to make exercising your autonomy feel effortless and fun, even viral. 16:21 And so the core UX challenge of our app is making it easy and intuitive to talk to your friends with your handle. 16:27 While placing authentic moments of friction in the right places. 16:32 We tried not to reinvent the wheel where messaging works well, but innovate significantly in the context layer with our creation of cards. 16:44 Cards are how we represent your cryptographic identities in Germ. 16:49 You can use cards without @proto. 16:52 You just build one and share a link or a QR code with someone else to chat. 16:57 Under the hood, that is decentralized authentication, but most users don't care. 17:04 You can build multiple cards, and each version of every card you share is operating a separate cryptographic mailbox, all presented to you in one unified inbox. 17:15 As we integrated App Proto, we navigated new dimensions of how our users grant and withdraw consent. 17:22 Germ's burner cards are totally local, but your App Proto card is connected to this busy outside world. 17:29 You pull your profile data in from App Proto, and you can push things back out like blocks. 17:35 We already present your App Proto card differently from your local cards, but I expect that as our app matures, our design system will highlight where your cards and relationships came from. 17:48 All relationships on Germ are two-way, but App Proto doesn't have friends, it has one-way followers. 17:56 If Germ is invite-only messaging, when you link your App Proto handle, you're opening up a wider invitation of who can talk to you. 18:04 But even there, we don't assume. 18:07 We use the logics of consent to reason about how to bring App Proto connections into Germ. 18:13 If you follow someone on @proto, you opted into connecting with them. 18:18 So they can double opt-in back to you by messaging you on Germ. 18:22 And all across the atmosphere, we're seeing the Germ button showing up on your friend's profile. 18:27 Just click it and start chatting with them in an end-to-end encrypted channel. 18:32 And we hear you asking for open DMs. 18:34 You're ready to consent to that, and that's a future feature. 18:39 Because consent is informed, we want to make sure that our users always know what they're sharing with who. 18:46 Because it's specific, we want them to have granular control over how they can be contacted. 18:51 So you decide whether you want the people that you follow on @proto to be able to message you at all, or whether you want to reserve the right to send the first message, and whether a button to Germ DM should display in app views. 19:03 Because it's unburdensome, If you chat with someone, if you wanna chat with someone, if you can chat with someone, excuse me, you see a button on their profile and you simply click it to start chatting. 19:15 And this is the fun part about consent. 19:18 People get mad when they don't have access to your permission to hang out with them. 19:23 But to the people that you consent to be in relationship with, it's the best party in the world. 19:29 Germ relationships are separate from @proto relationships. 19:33 So once you start messaging on Germ via your App Proto cards, you can, for example, unfollow each other out there, and you'll still be connected in Germ. 19:41 You can even disconnect your BlueSky account or your BlackSky account, and you still can keep talking on Germ. 19:49 Right now, you add Germ friends one at a time from another app, but we're working to show your App Proto social graph inside of Germ. 19:58 So that you can have a more complete and easy messaging experience. 20:03 In designing this new feature, we wanted to help people understand that your App Proto connections aren't your Germ connections until you send them a message. 20:11 You can also dismiss seeing people in the app, like in other suggested friends features. 20:17 So Germ is not just a messenger for App Proto the way Signal is a messenger for your phone contacts. 20:23 Instead, our protocol is an invite-only layer with a doorway that you can open to App Proto as wide as you want. 20:31 You're always in charge of who gets the keys to talk to you. 20:36 Messaging has become crowded and spammy. 20:39 We're empowering you to rebuild the network of who you actually want to talk to with the identities that you already know them as. 20:49 I wanna close with a postscript for a Solarpunk future. 20:56 Double ratchet is known as the axolotl algorithm because it is cryptographically self-healing, the way the Mexico City salamander, the ajolote, from Nahuatl, ajolotl, is self-healing. 21:12 When LDF was Tenochtitlan, it was a sustainable city on a lake in a volcanic mountain basin, and ajolotes were extremely plentiful. 21:23 Now, there are more aholotes in captivity for medical research than living in the wild. 21:30 The legend goes that when there are no more aholotes, the world will end. 21:35 There are currently estimated to be between 50 and 1,000 wild aholotes. 21:42 There are entities that we are in relation to on this earth that can't express their consent with language. 21:48 They only register their distress. 21:54 Protocols scale how we relate to each other. 21:57 The GERM protocol scales the granting and withdrawal of consent in relationships with humans and with robots. 22:05 As we continue to rebuild the world through technology, let's never skip the hard work of negotiating consent in all of our relationships. 22:15 Because even if people can leave their app— our apps, if they don't like them, which we talk about a lot in App Proto, we want them to keep choosing App Proto. 22:24 So let's use our interacting protocols to build a future that is truly free, because we are all exactly where we want to be. 22:32 Thank you. 22:48 And I did want to hold like a few minutes for Q&A, so if anybody has any, hit me up. 22:52 Yeah, Gov? Tessa Brown 22:54 Hang on just a sec, we've got folks streaming in, so I'll bring you a mic. Speaker C 22:59 Thank you. Speaker D 23:01 So, well, thank you very much, and I also sent my first Germ DM like right now, so. Speaker B 23:06 As you all should right now. Speaker D 23:08 As you all should. 23:09 But so with E2EE, And also in the context of consent, there's always a tension between privacy and safety from a security perspective. 23:21 And I'm curious what your approach or Jerm's approach is towards that, perhaps in the context of moderation. 23:28 Yeah, pretty much that's my question. Speaker B 23:31 At Jerm, we have a user-centric view of safety. 23:34 So it's all about people being empowered to be in places that they want to be. 23:39 And consent is really central to that. 23:41 And on a kind of organizational level, we have a sense that we're gonna build and ship safety features along with the connective features that we ship. 23:51 So the Germ that many of you are using today is a one-on-one messenger. 23:56 We haven't shipped photos yet, also for safety reasons, 'cause there's tooling that we need to ship once we let people share photos. 24:02 There's tooling that we need to ship also when we let you share link previews. 24:08 Which we all want link previews. 24:09 I've been thinking about that a lot this weekend. 24:12 It's also why we haven't shipped open DMs yet. 24:15 A lot of people have been asking for DMs. 24:17 So we have a lot to build. 24:19 We don't wanna put the cart before the horse. 24:21 We wanna make sure that anywhere that people are, they're able to get help if they need it. 24:28 We also think about scale when we think about safety. 24:32 So we think that people have a right to community, but they don't have a right to, reach and like extensive publishing. 24:42 So, when we envisioned Germ serving extra-large groups, we imagine that perhaps like an automated moderation service that will be required to be an end in your group. 24:52 But that's not something that we'll require in small-scale groups like 20-person groups. 24:58 And, you know, even though we're innovating a lot in terms of the protocol and the identity layer, We are building on top of 10, 15 years of end-to-end encrypted messaging. 25:09 Billions of people are using end-to-end encrypted messaging every day around the world in iMessage and WhatsApp. 25:15 And so there are a lot of best practices there for us to build on. 25:18 Thanks. Tessa Brown 25:20 Here you go. Speaker C 25:24 Thank you. 25:25 What are the requirements for implementing GermDMs into your app view? Speaker B 25:30 We have them written up. 25:31 There's links to them right on our blog, germnetwork.com/blog. 25:35 You should ask— Anna, can you raise your hand, show the people? 25:38 Ask— Anna's my founding engineer. 25:42 What are the requirements? 25:45 Okay, it's complicated. 25:46 I mean, from a user experience level today, we're just on iOS. 25:50 So, you're gonna wanna have an app or a web product that people are using at least on their iPhone sometimes, and we have some splash pages and ways for you to direct folks to information if they're not using an iOS device when they access, but it should be pretty easy. 26:05 Lots of people have done it even in the last few weeks without our help yet, so would love to help you do that. Speaker C 26:09 Great, and are there any pretenses on which you would prevent an app view from implementing GermDMs, like if they became, you know, like an abuser of the technology or something like this? Speaker B 26:21 I think that would be difficult. 26:22 That's an interesting trust and safety question. 26:26 I think there are ways that we can, I'm not actually going to answer that. 26:30 We should chat about that. 26:31 Yeah, thank you. Speaker C 26:32 I'll check out the docs. Speaker B 26:32 Thank you very much. 26:35 Someone throw me an easy one. 26:40 One more, maybe. Tessa Brown 26:41 What was your favorite part of building on adproto? Speaker B 26:44 All of you. Tessa Brown 26:44 Excellent. Speaker B 26:45 No, but to say it like more actually more directly, it's kind of ironic when you're building like a consumer product to build something that's designed to have a cold start problem on purpose. 26:57 Because the whole point of Germ is that you can be alone if you want to and you control the aperture of how available you want to be. 27:04 So somebody might use Germ and only ever want to talk to 3 people in their entire lives. 27:09 But one of the 3 people that they're talking to might want to talk to 50,000 people. 27:13 And that's an affordance that we make possible that the Meta products of the world make simply impossible. 27:20 And I think the last 6 months for us as we've integrated with App Proto, has been about giving you a new aperture and a new set of invitations that you can use to bring your friends into Germ. 27:31 And just seeing those Germ buttons pop up all over your profiles and seeing people use this to have private conversations from their internet friends has been extremely thrilling. 27:41 So thank you for that. Tessa Brown 27:43 Thank you so much, Tessa. 27:44 I think I'm going to wrap up questions now. 27:46 And we've got a panel discussion, so everybody stick around. 27:48 The team from Expo and friends is going to be talking about Building apps on ExpoNet protocol. Speaker B 27:54 Thank you. Tessa Brown 27:55 Thank you so much, Tessa.