Is “Orion” by Crown Sterling Legit? Nope!

Categories Post-Quantum Quackery

In May 2023, Robert Edward Grant published a “Litepaper” titled Empowering Decentralized Communities & Data Sovereignty about something they called Orion.

This document is intended to convince investors, but its content is so hilariously bad that, to security experts, it’s a veritable gold mine for memes.

The sales pitch of Orion is straightforward to understand: A messaging app for a world with quantum computers. By itself, this might be a noble goal. Privacy matters a lot!

Aside: If you’re genuinely interested in the work that real experts are doing to provide private end-to-end encrypted messaging in the event that a Cryptography Relevant Quantum Computer (CRQC) is developed tomorrow–especially if you’re considering investing money into this space–look no further than the open documentation that the Signal team produces. An alternative design to Signal, Messaging Layer Security, is published as an 132-page Internet Standard and clearly explains how it works and why what it’s doing is actually secure.

You don’t need to be a computer geek to grasp the biggest takeaways for good cryptography papers:

  1. Everything is clearly specified. Experts are not vague about the details of their protocols. It leaves nothing to the imagination. It’s not just a lack of, “Just trust me, bro!” but rather, any under-specified detail today may become a security vulnerability tomorrow, and security experts are deeply self-conscious about this risk.
  2. There are no grandiose claims about the authors or their backgrounds. You don’t need to even care who wrote the paper to evaluate if it’s credible or not.

Orion isn’t a credible cryptography or privacy paper. We will explore this observation in detail as we crawl through the 16-page PDF that Grant published and examine its every claim. Buckle in, you’re in for a wild ride downhill straight into sheer madness.

Before we get into that, we should introduce ourselves.

RazeHer is a cryptographer in the security consulting biz. She has worked for the DoD, for multiple security firms, and has delivered catty bitchiness at events all over the world.

Geyblade is an applied cryptography expert that works for a security consultancy firm. He has delivered technical talks at the Crypto & Privacy Village at DEFCON.

When one of us wants to make a specific personal quip, we will color it appropriately.

And yes, our pseudonyms are a riff on Razer & Blade from Hackers (1995).

Background – Who is Robert E. Grant?

Robert Edward Grant is better known to the security industry through his company name, Crown Sterling, LLC.

In 2019, Crown Sterling delivered a Sponsored Talk at a security industry professional conference, Black Hat USA, about something he called TimeAI.

JP Aumasson from Kudelski Security live-tweeted the TImeAI Black Hat USA talk:

If you cannot read the slides from this tweet, don’t worry. You’re not missing anything of value, and we will put alt text on our screenshots so you can suffer with the rest of us.
Quick quack: Neither Diffie-Hellman nor “all encryption” is based on factorization. Of the mainstream cryptography algorithms used today, only RSA is. This claim fails the barebones basics of information security knowledge.
“Constants are not constant” — shorter Robert E. Grant, 2019
It doesn’t get any better. You can watch the entire talk on YouTube, if you’d like to punish your curiosity.

Even Bruce Schneier joined in on the fun of dunking on Crown Sterling for their clownery, while noting they claimed to factor a 256-bit prime number in 2019. Schneier notes that cryptographers set the 256-bit prime factoring record in 1999.

As cryptography blogger Soatok noted in 2021:

But Crown Sterling doubled down and published a press release claiming the ability to break 256-bit RSA keys.

Amusingly, their attack took 50 seconds–which is a lot slower than the standard RSA factoring attacks for small key sizes.

(For those who are missing context: In order to be secure, RSA requires public key sizes in excess of 2048 bits. Breaking 256-bit RSA should take less than a minute on any modern PC.)

Crackpot Cryptography and Security Theater – Dhole Moments

(Just to double-check, I generated a 256-bit RSA modulus on a laptop from 2018 and then factored it on the same machine using readily available software from the internet. It took about a minute and a half, including tracking down my old number theory library and generating the key.)

RazeHer

And we haven’t even gotten to the subject of today’s discussion yet!

Wack meme. Caption: "When someone claims constants are not fixed values before pitching a security or cryptography product."
The TimeAI Talk was a wild, and very stupid, time

You might be tempted into thinking, “Okay, he was utterly ridiculous in 2019. But maybe he learned in the intervening four years and produced something of value by May of 2023?”

So without further ado, let’s examine Crown Sterling’s 2023 Litepaper in detail. We’ve uploaded a copy here for your convenience, if you’d like to follow along with the source material. We’ve included screenshots (with alt text for accessibility) too.

The Crown Sterling 2023 Orion Litepaper Dissected By Actual Experts

  1. Preamble: Personal Data Sovereignty & Data Bill of Rights
  2. The Quantum Threat
  3. Orion’s Inception
  4. Orion Commitment
  5. Proof vs Trust
  6. Data Exploitation
  7. Security
  8. Orion
  9. First Epoch – Bellatrix
    1. Quantum-Secure Encryption
    2. File Sharing
    3. Community
  10. Second Epoch – Betelgeuse
    1. Decentralized Data Streaming
    2. Decentralized Data Storage
    3. Ecosystem
  11. Third Epoch – Orion’s Belt
    1. Post-Quantum Blockchain
  12. Target Markets
    1. Influencers and Content Creators
    2. Web3 Early Adopters & Practitioners
    3. Privacy, Rights, and Security Advocates
  13. Crown Sterling’s Conclusion

The first thing you are greeted with, after the title/cover page (which doesn’t really contain anything of note), is an all-caps legal disclaimer.

So, y’know, we’re definitely off to a good start.

NOTHING IN THIS WHITEPAPER CONSTITUTES LEGAL, FINANCIAL, BUSINESS, OR TAX ADVICE AND YOU SHOULD CONSULT YOUR OWN LEGAL, FINANCIAL, TAX OR OTHER PROFESSIONAL ADVISER BEFORE ENGAGING IN ANY ACTIVITY IN CONNECTION HEREWITH. NEITHER CROWN STERLING LIMITED LLC (“CROWN STERLING”), ANY OF THE PROJECT TEAM MEMBERS WHO HAVE WORKED ON THE ORION MESSENGER PROJECT IN ANY WAY WHATSOEVER (THE “CROWN STERLING TEAM”) NOR ANY THIRD PARTY SERVICE PROVIDER SHALL BE LIABLE FOR ANY KIND OF DIRECT OR INDIRECT DAMAGE OR LOSS WHATSOEVER WHICH YOU MAY SUFFER IN CONNECTION WITH ACCESSING THIS LITEPAPER, MATERIALS PRODUCED BY CROWN STERLING, OR ACCESSING THE WEBSITE AT [HTTPS://WWW.CROWNSTERLING.IO/] OR ANY OTHER MATERIALS PUBLISHED BY CROWN STERLING.
This is generally not how you begin a conversation about solving a security problem.

Seems legit!

In fact, the entire second page of this 16-page PDF is a rambling attempt at a legal disclaimer. The preamble begins on Page 3.

Yes, “Preamble.” Not abstract. Not introduction. Preamble! Like this guy thinks he’s writing a new Constitution.

Geyblade

Preamble: Personal Data Sovereignty & Data Bill of Rights

Headline: Personal Data Sovereignty & Data Bill of Rights Personal Data Sovereignty refers to the concept that individuals should have full control over their personal data, including how it is collected, used, and shared. To understand its importance, picture this: you are a customer of a popular social media platform, and you regularly share personal information about yourself, including your interests, location, and online behavior. At some point, you start to notice that this platform is using your data in ways that you feel you did not consent to, such as selling it to advertisers or using it to manipulate your online experience. Sound familiar? This is where Personal Data Sovereignty comes in – it empowers individuals to take ownership of their data and protect their privacy. And while privacy can be challenging to protect, original ownership is something that can be protected as an intrinsic right, which is why we established the Data Bill of Rights on the Genesis Block of our chain: “We believe that digital assets are the intangible personal property of the original producer and therefore are protected by the United States Constitution, including the 4th and 5th Amendments, and the United Nations Universal Declaration of Human Rights, including Articles 12 and 17.” Freedom of speech as the basis of the Bill of Rights seems to have been an intentional declaration by the Founding Fathers of the United States. We believe freedom of speech to be a fundamental tenet of any successful governance and democratic system, which is why the First Amendment of our Data Bill of Rights declares: “Freedom of speech, in all of its forms, is a foundational pillar of human liberty; and therefore, an unequivocal human right that must be upheld regardless of race, color, gender, religion or national origin.” You don’t have to be an “influencer” or content creator to be an original producer of data. You’re creating data every day when you do just about anything on your digital devices, and in some cases just by having the device near you when you are speaking. Data has become the world’s most valuable asset. You might think, if we’re creating more data every day, how could its value continue to increase if there is no scarcity associated with it? It is the control of data that generates its value. Our goal is to decentralize that control and put it back in the hands of original producers. Controlling your data today is controlling your identity, and perhaps even your behavior, tomorrow. We believe that the key to sovereignty is maintaining your proof of self through encryption and blockchain technology.

This is a lot of words, but the takeaway is simple:

The author clearly believes that words are magic and rights only exist when your invoke the correct magical incantation.

which is why we established the Data Bill of Rights on the Genesis Block of our chain

Orion Litepaper

We aren’t lawyers, but we’re confident in saying that nobody cares what’s in your Genesis Block.

Unless it’s something gross, but they probably won’t care the way you want them to care.

Geyblade

The contents of the Genesis Block for any blockchain product simply isn’t legally binding or meaningful to anyone outside of your own imagination. You could fill it with “My Little Pony – Friendship is Magic” fanfiction and it wouldn’t make an iota of difference.

God, I did that one time, and you just won’t leave it alone, will you?

RazeHer

If it’s any consolation, at least–unlike Iota–you didn’t write your own hash function, too!

Geyblade

The Quantum Threat

Headline: The Quantum Threat While there is a constant debate about quantum computing, the ifs have now become whens. In May of 2022, the White House issued a memorandum requiring agencies to inventory their IT systems' cryptography and set milestones accordingly, “the United States must prioritize the timely and equitable transition of cryptographic systems to quantum-resistant cryptography with the goal of mitigating as much of the quantum risk as is feasible by 2035.” That decision and announcement says a lot about the vulnerability of today’s encryption. It’s also worth noting since the National Institute of Standards and Technology (NIST) announced the selection of four encryption algorithms to become part of the post-quantum cryptographic standard in July 2022, one by one, these algorithms are being cracked by teams around the world. Everyone is a runner in the race to post-quantum cryptography, as the very real risk coined “harvest now, decrypt later,” represents the threat that a bad actor maintains a copy of your [encrypted] data until quantum computing power becomes available, and then it’s time to harvest. While the exact when remains unknown, it’s clear that the solution is beyond any number-theory based encryption protocols, which are vulnerable to brute force attack as computational capabilities advance. There is a solution – and it is geometric. Crown Sterling’s journey began with Founder Robert Edward Grant’s discovery of a prime number prediction pattern published alongside colleague Talal Ghannam, PhD in 2018. This led Grant to take a closer look into the risk of quantum computing, as well as the geometric approaches to face it head on. This paper was just the beginning of his work exploring information-theory solutions related to challenges like cryptography and compression.

We’re going to set aside the author’s flare for the dramatic this early into the litepaper (n.b., “the ifs have now become whens” is laid on a bit thick).

This portion is a frustrating mix of fact and crap. Yes, the White House did issue a memo about moving to post-quantum cryptography. Yes, NIST has been engaged in a post-quantum cryptography standardization effort. Yes, the “harvest now, decrypt later” model is something that cryptographers are thinking about, and it’s one of the big motivations behind the current push toward post-quantum cryptography.

But the NIST algorithms haven’t been cracked. Bobby G is confusing some critical facts. RAINBOW and SIKE (which were not selected for standardization, but did make it to the final round of analysis) were broken. None of the algorithms selected for standardization (CRYSTALS-Kyber, CRYSTALS-Dilithium, FALCON, and SPHINCS+) have been shown to be insecure.

As for the “prime number prediction pattern“, the intelligible portion of the paper deals with digital roots (repeatedly summed digits of numbers) and the apparent “discovery” that no prime will have a digital root of 3, 6, or 9. There’s also some discussion of the fact that the square of any prime modulo 24 has to be 1. These are both well-known facts. The first fact is called casting out threes. A similar technique called casting out nines was described in Leonardo of Pisa’s Liber Abaci, and known to ancient Greeks well before that. Proving the second theorem is an exercise that college math students would be given in any introductory number theory class.

The paper is absolute gobbledygook, and at least one brutal academic takedown of it was published nearly five years ago.

Thank God computers work in base 10 and base 24, instead of some other crazy numeric system!

RazeHer

My favorite remark in this section is, “There is a solution — and it is geometric.”

Geyblade
Aquaman meme (referencing Team Four Star's DBZ Abridged series) "I have an idea!" "We can use Shapes!" "SHAPES! [drawn out]"
“There is a solution — and it is geometric.”

Unfortunately, the only shapes I see in the future of anyone swindled by this Litepaper are pyramids. Not sure how that will help against quantum adversaries, though.

This entire paper is a hedged bet that the reader isn’t formally trained in mathematics.

Geyblade

Orion’s Inception

Note: This screenshot cuts off mid-sentence. We will move the final sentence to the next screenshot's alt text for easier readability. Headline: Orion's Inception Blockchain answers a fundamental question, “what is value?” and it has proven value is not simply fiat currency that a government says is worth value. It can be many things. Value is found in the content and data of an original producer. So the question remains, how to protect that value? An original producer cannot maintain Data Sovereignty without sufficient protection, and in the digital realm, the solution is encryption. Encryption underlies the very ability to extract value from original data. Not only do we believe that this encryption must be quantum-secure, but we’ve also spent the last five years researching and developing its cryptographic protocols and integrating it into solutions, including the Orion™ Messenger. Our “Founding Father,” was inspired to create Orion after a series of personal experiences as a content creator himself. One day, he was censored on a popular social media platform after a bot mistakenly flagged a post featuring “Isis” (as in Isis and Osiris, ancient Egyptian deities) erroneously flagging it as a reference to the “Isis” terrorist group. This error caused a steep decline in his account activity and exposure, causing him to reflect on the possibility of being deplatformed.

There has never been a more memeable vapid quote from a litepaper than, “Blockchain answers a fundamental question, ‘what is value?'” but my first thought was actually, “Why is ‘Founding Father’ in scare quotes?”

Geyblade

Also: what the hell is it about a Twitter post being taken down that suddenly makes rich white guys think all of human civilization is going to collapse? And how the hell does it convince so many of them that they’re cryptography geniuses?

RazeHer

This steaming pile of words is meant to build rapport with an intended audience that’s chiefly concerned with social media de-platforming and algorithmic censorship.

It makes sense, right? If you’re a financial investor who’s confused why Twitter mobs want to cancel them so bad after they humblebrag about investing millions of dollars into–say, Machine Learning solutions for laundry logistics? Silicon Valley is funny sometimes–then you’re likely receptive to the proposition that this section offers. It’s intended to lower your guard and make you think Bobby G is on your side against “them”; maybe even make it easier to part with your money because you believe in his vision.

Take note: Any logical connection between social media de-platforming sophisticated adversaries equipped with Cryptography Relevant Quantum Computers is absent from this section of the paper. You’re expected to fill in the blanks yourself, rather than have it spelled out for you.

This isn’t a bug. This kind of rhetoric is intended to keep the logical part of your mind busy rationalizing their arguments for them after they’ve convinced your emotions that you’re on the same side.

This is how some, but not all, grifts work at a fundamental level. It’s bait-and-switch. We see the same shit with snake-oil salesmen of every variety.

The section continues:

(Continued from previous screenshot) He realized how his social media accounts serve as a chronological archive and storage mechanism for thousands of posts and how easily it could all be erased by a third party. This led him to consider what kind of platform and features he would want: an uncensorable, decentralized communication platform with quantum-secure encryption and compression capabilities - a platform where sovereign communities can thrive. Most commonly used private and group messaging apps, at best, rely on the same route encryption protocols. Most large group chats specifically, are not even encrypted. Furthermore, many of these companies are the world’s leading data miners. Siphoning, consolidating, and monetizing their user’s data for corporate gain. The looming threat of quantum computing creates an immediate need for a new and stronger encryption protocol built on a platform that values user rights and privacy. Combined with the slow erosion of our most fundamental freedoms of speech, assembly, and ownership, discerning, rights and privacy-oriented community leaders need Orion.

Here, the author asserts a conclusion, without any logic or evidence for it:

an uncensorable, decentralized communication platform with quantum-secure encryption and compression capabilities – a platform where sovereign communities can thrive.

Orion Litepaper

Almost every single term in this sentence is either trivial, horribly short-sighted, or so lofty a goal that, independent of the other terms in said sentence, would warrant a breakthrough in computer science, networking, cryptography, and economics. To wit:

  • Uncensorable. What do you mean by this? Legally uncensorable (i.e., Constitutional rights?) or technically uncensorable?

    Is anything truly technically uncensorable if every country, corporation, and private citizen except its publisher decided to coordinate, in lock-step, to censor that specific content in particular? What’s the threat model?

    Let’s play Devil’s Advocate and say that Crown Sterling somehow pulls such a feat off, even against a ludicrously powerful adversary, which is something that anonymity researchers have been working towards for decades.

    How would a technologically uncensorable network deal with CSAM? The paper doesn’t say.
  • Decentralized communication platform. What do you mean by decentralized? Peer-to-peer? We had that in the 1990s. XMPP still exists today.

    Or is the idea to shove all of your messages on a blockchain and store everyone’s encrypted conversations publicly? If so, you’d have to pay transaction fees to the blockchain miners to send messages to your friends.

    Why is this true? Because without transaction fees, how would you incentivize the decentralized nodes to publish your encrypted messages? Game theory teaches that the incentive structures dictate the behavior that endures over time.

    If it’s less work to just silently drop messages and focus on a more profitable activity, such as mining empty transactions that save on storage space locally, nodes will do that. The ones that don’t will be outperformed by the ones that do.

    Also: Scaling any software architecture that relies on mutable global state is an engineering nightmare.
  • Quantum-secure encryption. AES-128 in Galois/Counter Mode, like most HTTPS traffic uses today, is quantum-secure!

    The part that’s not quantum-secure is key management, not the encryption. We would expect anyone who’s proposing anything post-quantum to understand this nuance.
  • Compression capabilities. This is where the sentence just gets plain wacky.

    Combining encryption and compression is generally a bad idea, no matter how you try to order the operations.

    Encryption then Compression
    Secure encryption produces an output that is indistinguishable from a sequence of random bytes if you don’t know the correct key, so it’s not possible to compress the output of an encryption algorithm. The compression algorithms will not consistently reduce the size of the message.

    Compression then Encryption
    Compressing before encrypting is also dangerous because compression errors can become a decryption oracle under the conditions of a chosen-ciphertext attack–which is table stakes for the threat model of any encryption proposal in the past 20 years.

    The inclusion of compression in this context makes the whole thing seem like the pilot episode of Silicon Valley.

The real clencher, though, is how this fetid rollercoaster of a sentence wraps up: “a platform where sovereign communities can thrive.”

Say what?

The section continues:

Most commonly used private and group messaging apps, at best, rely on the same route
encryption protocols.

Orion Litepaper

The term “route encryption protocols” is certainly novel.

Google: No results found for "route encryption protocols"
Search Engines have no idea what “route encryption protocols” are.
The paper doesn’t elaborate, either.

Most large group chats specifically, are not even encrypted. Furthermore, many of these companies are the world’s leading data miners. Siphoning, consolidating, and monetizing their user’s data for corporate gain.

Orion Litepaper

This part is actually true. That’s the frustrating part about grifters: They sometimes make true statements to keep your guard down.

However, it’s worth noting that Signal and WhatsApp groups are end-to-end encrypted with state of the art cryptography, and many other encrypted messaging apps are adopting the Messaging Layer Security standard. In both cases, this even applies to group conversations.

Additionally, cryptography experts the world over have been actively researching ways to make Signal post-quantum secure without sacrificing any of the important features of the classical cryptography, such as “deniability” in their authenticated key exchange design.

(Ask a cryptographer to explain why deniability matters here; it would be too much of a tangent for this post.)

Furthermore, there is active research by the cryptography community into Non-Interactive Key Exchange (NIKE) algorithms that are secure even against quantum computers. Two such academic proposals are CSIDH and Swoosh. With any luck, more researchers will focus on the problem and we may one day get a standardized algorithm that’s both secure and performant that solves this use case.

Security experts are not asleep at the wheel here, by any means.

Geyblade

The section continues:

The looming threat of quantum computing creates an immediate need for a new and stronger encryption protocol built on a platform that values user rights and privacy. Combined with the slow erosion of our most fundamental freedoms of speech, assembly, and ownership, discerning, rights and privacy-oriented community leaders need Orion.

Orion Litepaper

That last line can be a difficult sentence to parse because Bobby G got a little overzealous with the commas, but the first one is the one you want to pay attention to. As security experts, it tells us a lot.

Here’s the rub: Encryption protocols are not built on platforms. It’s the other way around.

Encryption protocols are composed of cryptographic algorithms and secrets (n.b., typically random numbers represented as byte strings rather than human-memorable passwords).

These algorithms are, themselves, often stitched together from simpler building blocks commonly referred to as cryptographic primitives.

The whole notion of any cryptographic protocol being built “on a platform” is a huge red flag.

Orion Commitment

Headline: Orion Commitment Before our era, knowledge was guarded by the privileged few who wielded it to maintain an iron grasp on positions of influence. The inception of the internet (Web 1.0) represented a commendable endeavor to establish a more equitable world by democratizing access to a vast array of information. This provided opportunities for individuals to attain considerable influence. Web 2.0, however, was a corruption: mega platforms took ownership of the data and used it to exert power and control, ultimately monetizing your data. We are committed to the digital transformation represented by Web3, which embodies key principles of data sovereignty and the protection of our fundamental and inalienable rights. Data belongs solely to its creator, and they alone maintain the right to its value. Decentralization, security, and blockchain technologies denote the humble beginnings of Web3. These are the critical means to end the era of Web 1.0. A world in which the parasitic, ad-driven, personal datamining scheme of Web 2.0 is shunned by the people. Instead, data represents knowledge, and thus power, to be democratized and harnessed by the human collective.

What this section clearly shows is that Crown Sterling believes that “Web 1.0” and “Web 2.0” marketing was actually a technical term used by engineers rather than SEO spammers in the early 2010s trying to make money blogging online by writing posts about making money blogging online.

Most of the blockchain companies that jumped on the Web3 bandwagon didn’t even bother with embellishing on Internet History the way Crown Sterling does. They just went, “Yeah, web 2.0 was nice, but web 3.0 is Monkey JPEGs on the blockchain!

Oprah meme: You get a blockchain! And you get a blockchain! Everybody gets a blockchain!!
h/t Tony Arcieri

Proof vs Trust

Headline: Proof vs Trust Though information technology is a branch of computer science, the players dominating the industry have not earned their place through the meritocratic process of the scientific method. Instead, the hard science aspects underlying the industry have been overshadowed by political and financial interests. The largest software providers on Earth did not rise to the top by creating battle hardened software that has not been properly and publicly peer-reviewed. Such a process would have weeded out those whose intentions were not aligned with their user base. To our detriment, the opposite has occurred. Through efficient promotional campaigns, monopolistic tendencies and other strategies designed to maintain market share, the winners of Web 2.0 enjoy a high degree of trust from their users despite demonstrable evidence of their adverse actions and interests.

This is the kind of thing someone would write if they were totally ignorant of the role of open source software (which, yes, is usually peer-reviewed) on building the titans of the tech sector today.

It also conflates two orthogonal concepts:

  1. The transparency and scientific rigor through which a product or service was developed, to establish experts’ trust in its correctness and security.
  2. Popularity, which is a function of marketing and public relations.

Of course the largest software providers on Earth are popular. That’s tautology. But just because they are problematic doesn’t imply they lack scientific rigor.

It’s totally possible to follow best practices and still get an undesired result. Has the author never heard of the alignment problem?

We’re building a trustless system. One in which your data is provably encrypted, provably decentralized and definitively your own. The collective will be our auditors, the decentralized system will be our safety, and encryption our security. We recognize that building and launching three distinct products - Bellatrix, Betelgeuse, and Orion's Belt - will take time. Our philosophy and core values demand our commitment to precision in the development of next-generation technology. We invite you to join us on this journey.

The only thing trustless about this litepaper is the opinion of security researchers after reading it.

Geyblade

Data Exploitation

Headline: Data Exploitation The term "Cloud" evokes a gentle and secure environment. However, this perception is misleading. In the past twenty years, the swift expansion of highly sophisticated social media platforms and user-friendly cloud storage systems has engendered a collective lack of awareness regarding the hazards associated with entrusting our entire online activity to cloud-based infrastructures. Before we knew it, it was too late. Most of humanity became—in the best case—addicted and—in the worst case—financially and professionally dependent upon low cost and free cloud based services. With the personal data of millions of users, platforms can transfer, process, upregulate, modify and sell this data as they see fit. There’s nothing free or freeing about this scheme. We’ve all been deluded and charmed by the concept of free but the painful truth is that if you aren’t paying for a product, you are the product. It doesn’t stop there, as advancements in Big Data and artificial intelligence capitalizes on the reduced hardware costs attributable to Moore's Law, the decision to employ algorithmic analysis of this data has become a straightforward technical choice. Consequently, these algorithms have managed to capture our attention and manipulate our cognitive processes, transforming us into predictable consumers of superfluous products and sensational content. Within the span of a few short years, algorithms leveraged our data to influence elections, predict stock prices and influence the behavior of billions of people. The technologies employing these algorithms then competed to be the first private entities with Trillion-dollar market caps. As this situation reached global systemic proportions, no laws existed to sufficiently regulate and control these entities.

Personally, the word “Cloud” evokes fond memories of installing Cloud to Butt Plus and making tech journalism somewhat bearable for a brief few months.

Geyblade

Security

Headline: Security The growth of a centralized software solution scales linearly with the internal list of known, unresolved security vulnerabilities. As platforms are closed and employees contractually obligated to protect company secrets and incentivized through equity and option plans to protect the company's future, these vulnerabilities remain unaddressed until it is too late. Cyberattacks. Data leaks. And yet, we continue to willingly hand our private data over to these centralized platforms for lack of a better choice. The fact is that our privacy is not their priority. Additionally, well known security issues currently threaten entire industries, yet are difficult to rectify without rebuilding critical infrastructure from the ground up. The scientific research into cryptographic algorithms has led to the creation of new protocols, however deploying these new protocols at a global scale comes with huge costs for tech giants. Due to this, the financial interests drive the narrative and security issues are misrepresented or downplayed. After all, the entire system is based on encouraging user adoption through blind trust. Our team looks to take a different approach. We have implemented modern security best practices while focusing our research and development efforts toward building flexible solutions that can quickly incorporate tomorrow’s tools.

The first paragraph sounds like the sort of thing a mildly intoxicated security engineer would say when commiserating about the difficulty of their job at a mid-sized security conference. So, props to the author for eavesdropping on a real hacker bitching about work at some point in his life.

We (RazeHer and Geyblade) have each been on both sides of probably hundreds of vulnerability disclosures in our careers, and can therefore pull age, rank, and experience in saying, “[citation needed], motherfucker!”

Cyberattacks and data leaks happen because technology is incredibly complex and evolving fast, and humans make mistakes.

Whether or not your privacy is a given company’s priority doesn’t actually matter here. Even unethical companies still have incentives in play to stop cyberattacks.

In fact, they probably view their hoard of harvested data as some sort of “secret sauce” they can use to more effectively extract revenue from their users.

Why would they want to risk giving that up to a competitor or losing access to it because of ransomware?

Geyblade

The security industry has its problems, but the solution isn’t the absolute mess that Crown Sterling is proposing, as you’ll see in detail soon.

Orion

Headline: Orion Orion aims to solve each of these pervasive issues one at a time, systematically and thoughtfully implementing the software as three distinct phases: 1. Bellatrix: Orion’s revolutionary messenger application, supporting [autonomous/sovereign] communities through quantum-secure end-to-end encrypted messaging. 2. Betelgeuse: Orion’s decentralized storage solution facilitating data sovereignty for all. 3. Orion’s Belt: Orion’s migration onto a post-quantum blockchain optimized for decentralized value transmission into the quantum age.

This was actually somewhat benign as an overview of the rest of the paper, but it doesn’t prepare you for the next page:

I'm not sure how to describe this one. It's a visual cacophony of color gradients, with a bunch of 3D clipart including one that looks like a Uranium nucleus in the middle, with an outer space background. It's all style, and no substance.

Who wants to bet that Bobby G blew half his budget on this diagram?

Geyblade

Since the Orion paper is divided into three “epochs”, we will similarly follow this format as we continue to analyze its claims.

First Epoch – Bellatrix

Headline: First Epoch - Bellatrix The first stage in achieving secure personal data sovereignty is Bellatrix, an end-to-end encrypted chat application, protected with post-quantum algorithms and integrated with Ethereumcompatible wallets. The app supports the creation of sovereign communities and gives managers the necessary tools to administer their community as they see fit. Core efforts within this stage center around encryption and, secondarily, creating a modern and customizable interface with a smooth user experience–whether through desktop or mobile devices.

Post-quantum algorithms integrated with Ethereum-compatible wallets. This doesn’t actually mean anything coherent, but it does remind us of our favorite genre of Ethereum meme:

Domino meme. Small domino: "Blizzard nerfs the Warlock's Drain Life spell in WoW" Big domino: "You can put two Slurps on your Ape"
If you need context, read this.

All this talk about giving “managers” the necessary tools to administer their “sovereign” communities centered around encryption is oddly reminiscent of another technological solution that fits the bill. One with independent managers that administer their communities (which implies some degree of centralization), communicate with their members using encryption, and exist entirely on the Internet–often out of the reach of government censorship.

Websites. They’re called websites.

Quantum-Secure Encryption

Headline: Quantum-Secure Encryption With privacy concerns on the rise, software solutions that provide heightened levels of security are gaining significant traction as individuals seek to safeguard their personal information. As part of our approach, we have created a flexible and agile software architecture that allows us to easily switch between encryption protocols. This gives us a unique edge, as our modern coding practices allow us a degree of flexibility that is not available to legacy solutions, which have already committed to a direction, before defining the correct architecture. We are focused on delivering the application to an educated group of users that understand the importance of security and have designed the entire solution for this purpose. Additionally, this allows us to stay up to date with all advances in cryptography, and to outmaneuver new threats as they arise. As part of the initial phase of the project, we have invested significant time and resources researching, testing and integrating modern post-quantum algorithms, including Kyber, Dilithium, NTRU, XMSS, OTP and QuEME, an iteration on AES EME which increases its quantum security. IT departments worldwide are striving to integrate post-quantum encryption into their infrastructure; however, they still have a long and expensive way to go. We, on the other hand, strive to incorporate encryption that is future-proofed and not merely a combination of RSA or Ed25519 for asymmetric cryptography and AES for symmetric cryptography. To do this, our encryption leverages the in-house knowledge of cryptography specialists and a dedicated development team focused on the low-level details of quantum-secure best practices, alongside a robust IP portfolio. We believe that the owner of the platform should never be able to covertly eavesdrop on what users are sending each other. Therefore, we currently utilize AES256 to encrypt communication and NTRU cryptography to exchange secrets and we are working on adding OTP and QuEME for the communication and Kyber and Dilithium for key exchange. Users own their data by locally securing their secrets on their devices–not servers. Thus, they are given absolute ownership and responsibility of their own cryptographic secrets. We ensure the unwavering strength of our security measures by mandating the use of end-to-end encryption for all communications, including group chats. This approach cultivates a culture of robust security that users cannot opt out of, which underscores our steadfast commitment to protecting user data.
We use two independent cryptographic systems–on for identity, and another for communication. This makes the system thoroughly resilient against damage from the theft of user secrets. And finally, it is necessary to ensure that the application incorporates the benefits of Web3 without overcomplicating the interface. For those who may find Web3 unwieldy, we provide a legacy authentication option: username password login.

Speaking as professionals in the cryptography community who frequently review the designs and implementations of the protocols that large enterprises use to protect their most sensitive data, this entire section is so full of red flags that it’s almost impressive.

First, it name-drops a bunch of algorithms, but doesn’t describe at all how they’re composed. This is basically the cryptography equivalent of a car salesman answering a question about a vehicle model’s safety rating with, “The screws holding it together are made of the highest grade steel! Did I mention it comes with seatbelts?” and refusing to elaborate further.

Next, it mentions OTP (One-Time Pads). You almost certainly don’t want a One-Time Pad. Anyone who is trying to sell you One-Time Pads is full of shit and probably doesn’t understand symmetric cryptography.

The idea behind One-Time Pads is you get information theoretic security as long as your key is random and never reused. This requires a key that is at least as long as the sum of every message you will ever send, some mechanism to synchronize your position in the key, and enough sense to never encrypt more than one byte with the same position in the key. So if you want to send gigabytes of encrypted data using a One-Time Pad, you need to first transmit gigabytes of key securely (i.e., without it being intercepted by an adversary). This is a catch-22 that you can easily resolve by just using an authenticated stream cipher instead of a One-Time Pad and then spending the rest of your time on key management–the actual hard problem.

The simplest technique for avoiding cryptographic charlatanism is to listen for the phrase “one-time pad”, and run screaming in the other direction when you hear it.

RazeHer

Even the Washington-Moscow hotline (the most famous current example of a system using a one-time pad) doesn’t use the method because it offers information-theoretic security. The US and the (then) Soviet Union settled a one-time pad because it meant neither side had to share any cryptographic algorithms with the other. It’s easy for large governments to do “key management” by handcuffing locked briefcases to junior officers and shoving them onto fucking planes.

We’re not done with this section, though. Pay attention to the emphasis on cryptography algorithm agility:

As part of our approach, we have created a flexible and agile software architecture that allows us to easily switch between encryption protocols. This gives us a unique edge, as our modern coding practices allow us a degree of flexibility that is not available to legacy solutions, which have already committed to a direction, before defining the correct architecture.

Orion Whitepaper

As if rapidly switching encryption algorithms is a normal operational decision that makes sense to do.

Do you know what else has maximum algorithm agility? JSON Web Tokens. And that’s an unmitigated disaster.

Algorithm agility: it’s how we enabled “export-grade” cryptography in two-thousand-goddamn-fifteen!

RazeHer

A lot of idiocy that crops up in the post-quantum space emphasizes algorithm agility, because a lot of non-technical people don’t understand an important lesson of real-world cryptography engineering: You don’t want high agility, you want to tread carefully.

File Sharing

Headline: File Sharing Offering a high degree of security only for messaging is not enough, as most users want to share other types of sensitive data, including documents, images, audio and videos. All data transferred through the Orion messenger application is end-to-end encrypted, whether a direct message, group chat, or attachment. We leverage a microservice architecture that offers easy expansion and regular implementation of new features. All services are stateless and can be easily scaled horizontally, which allows service at a global scale. We also benefit from using well defined interfaces, protocol buffers for service to service communication, and swagger for client-server interactions. To accelerate the system, we added a websocket signaling system to deliver instant notifications to users, which allows the application to fetch data faster and ensure a better experience. The data authenticity is protected by our cryptographic identification system. Our Web3 vision and long-term goals, driven by decentralization and industry best practices regarding tokenization and fee distribution, protects us against malicious actors, as it disincentivizes their most common attack patterns.

The right way to convince your intended audience that you’re serious about decentralization is to talk about microservices and client-server interactions.

(This is sarcasm.)

Geyblade

Serious question: If all the servers are stateless and can be scaled horizontally, where is the data actually stored?

Community

As proponents of free speech, both in communications and in the assembly of communities, Bellatrix offers a modern set of tools for leaders and content creators to organize groups of people, schedule events and create connections with other communities, forming a federated web of independent organizations.

They’re really trying to clench that aspiring cult leader demographic in this section.

Second Epoch – Betelgeuse

Headline: Second Epoch - Betelgeuse The second product of Orion, Betelgeuse, consists of a decentralized storage node network which offers the streaming and storage of encrypted data. The release of this product marks the beginning of a new epoch in the history of Orion when users will be able to directly participate in the protection and conservation of their data. The nodes in the network will guarantee the quality of their service through escrow mechanics, and will achieve a consensus that validates the quality of all participants by consistently verifying the Proofs created by each node.

How you know that “the release of this product marks the beginning of a new epoch in the history of Orion” is that the headline of the section is literally “Second Epoch”.

This is a total word salad. Escrow mechanisms?

What Proofs are involved? Are they zk-SNARKs? Are they simple attestations provided by a TPM or HSM?

Who knows? Crown Sterling sure isn’t telling!

Decentralized Data Streaming

Headline: Decentralized Data Streaming When creating a global service offering storage and social media features, performance is a major concern for Web2.0 projects. The conventional approach is to outsource the data transfer to cloud providers that offer PubSub services. To bring this level of user experience into the Web3 era, similar performance must be achieved through a decentralized system. We have designed and tested a decentralized PubSub, that welcomes anyone to participate and incentivizes them to offer highly efficient data streams. A decentralized version has other advantages over its Web2.0 counterpart. With decentralization, a mesh network of independent contributors will be working hard to deliver the data from content creators directly to the consumers. This ensures that there is no such thing as a single owner of the platform; thus, no one will have the capability to cut you off from your data.
TL;DR “We tried to reinvent IPFS with NFTs.”

Decentralized Data Storage

Headline: Decentralized Data Storage Similar to the data transfer, the storage network must be decentralized. This way the data can be randomly replicated across multiple independent participants. This increases security, thus reducing the ability of hackers to breach the system and steal private data. Furthermore, a Web3 native storage network provides users better control over who is able to access their data. To ensure data persistence, storage providers will be able to contribute their storage to a storage liquidity pool of the network and will be properly incentivized for long-term retention.

Does “Web3 native storage network” mean “We reinvented Amazon S3 on Ethereum”?

Ecosystem

Headline: Ecosystem Betelgeuse, our decentralized encrypted storage solution, presents other developers with an opportunity to use our system to deploy their own applications. They can leave centralized Web2.0 storage behind. This will create an ecosystem of applications that will increase the volume of the network, incentivizing additional nodes, and thereby strengthen long term stability. At this juncture, content creators may prefer to make the transition to Web3 identities or maintain a Web2.0 authentication. Apart from enabling software providers to consume the network, this stage also includes the development and migration of all Orion-related services (including communication systems, data protection services, password managers, wallets and other security and privacy services) to the Betelgeuse network.

Password managers.

Oh boy, I cannot wait to store all of my passwords on the blockchain!

Third Epoch – Orion’s Belt

Headline: Third Epoch - Orion's Belt The third phase, Orion’s Belt, is our migration of Bellatrix and Betelgeuse onto a decentralized Layer-1 blockchain that meets post-quantum security requirements and is optimized for supporting the streaming and storage of data. The blockchain selected will be EVM enabled to allow consumers to run custom applications on a familiar interface that still leverages best-inclass post-quantum security.

Wait. I thought they were epochs, not phases?

Current Orion litepaper status

Post-Quantum Blockchain

Finally, 3/4 of the way into this quagmire of a paper, they synthesize the buzzwords into “post-quantum blockchain”!

Continuing with the previous section: If the Ethereum Virtual Machine (EVM) provided post-quantum security, then it wouldn’t need any further development in order to check this box. But since the EVM doesn’t have post-quantum security today, even if your build a post-quantum protocol atop EVM, you’re building on a foundation that quantum computers can successfully attack. Being “EVM enabled” seems like a pointless or counterproductive decision.

Anyway, let’s read on:

Headline: Post-Quantum Blockchain The importance of having a decentralized blockchain that can’t be broken–even if the attacker possesses quantum computers–should not be underestimated. With the inevitable march of technology, the threat of quantum computers will only increase until classical encryption algorithms can no longer promise “unbreakable” security. To mitigate this, we must embed post-quantum cryptography not only into our messenger but also into the underlying ledger. There are two reasons why accounting and messaging must be supported by outstanding security: 1. The data must be publicly available 2. The data must be kept for a lifetime Combination of these two traits guarantees that attackers will have sufficient time to crack any encryption. Thus, we must not only take advantage of today’s most secure post-quantum algorithms, but also ensure that the security of the system is easily upgradeable.

until classical encryption algorithms can no longer promise “unbreakable” security.

Orion Litepaper

The scare quotes around unbreakable are curious. Who in our industry has ever said cryptography was “unbreakable”?

A secondary, but equally crucial aspect of selecting a blockchain specialized to supporting data streaming is that it must be extremely fast. To ensure we select a chain that is as fast as possible, we’ve researched the best consensus protocols in the industry for a solution that will easily allow for latency sensitive functions. The low-level implementation of the protocol must be optimized to further accelerate functions, for example by giving them direct access to the transactions pool. Migrating Bellatrix and Betelgeuse onto a post-quantum blockchain is the final step to ensure network resiliency and user sovereignty. By the third epoch, the entire software stack–from messaging through storage and right down into value transmission–will be decentralized and quantum encrypted. It’s at this stage that our true vision will be realized, and we have raised the collective consciousness and the bar for decentralized quantum security. Additionally, we will build and nurture a new generation of trustless platforms, security conscious norms and the next evolution of Web3 security developers by offering our platform to anyone who wishes to innovate atop Orion’s Belt. As you can see from our genesis story, our motivation is clear, and the threats are real. Our vision and technology are groundbreaking while our competitors have proliferated a dangerous and misleading illusion. They’ve done it well; however, they’ve gotten greedy, and their true character is showing. We’re all getting wiser and realizing free isn’t value - that it actually comes at a significant cost. The world is slowing but surely learning that if you aren’t paying for a product, you are the product. Below you will discover there are millions of powerful creative thinkers, influencers and fellow humans that will be freed and thrive with Orion.

To ensure we select a chain that is as fast as possible, we’ve researched the best consensus protocols in the industry for a solution that will easily allow for latency sensitive functions.

Orion Whitepaper

Okay, dude, why not come out and tell us what Consensus Algorithm you chose, then? What’s the point in being coy or talking about having “researched” the topic?

Which is it? Proof of Stake? Proof of Burn? Proof of Transfer? Raft?

Surely not Proof of Work?

When someone writes “we’ve researched [problem]” instead of telling you their proposed solution to said problem, you know they’re full of shit. Why say you’ve researched anything? If you hadn’t, why would you be proposing a solution in the first place?

Target Markets

Headline: Target Markets Our go-to-market strategy is based on numerous business factors driving the immediate need for Orion. We’ve identified several potential audiences with a strong affinity for privacy, anticensorship, verified identities, free speech and community engagement. Below we outline some of the prospective audiences we’re actively pursuing:

This is the only part of the document where you’d expect some modicum of honesty that isn’t solely intended to obfuscate the bullshit in close proximity.

Influencers and Content Creators

This is, by far, the largest section in the entire document–which is clearly a symptom of thinking more about “How to sell?” than “How to create?”

Warning: This is a doozy. Big Headline: Target Markets Our go-to-market strategy is based on numerous business factors driving the immediate need for Orion. We’ve identified several potential audiences with a strong affinity for privacy, anticensorship, verified identities, free speech and community engagement. Below we outline some of the prospective audiences we’re actively pursuing: Medium Headline: Influencers and Content Creators In addition to the concerns defined throughout this paper surrounding the slow decline of our fundamental rights, we believe content creators face several more growing concerns spreading across social media and messaging apps severely impacting their brand, reach, and audiences. Small Headline: Algorithmic Manipulation The algorithms used by social media platforms are deliberately crafted to keep users engaged for as long as possible. This often results in a prioritization of sensationalism, clickbait, and emotional manipulation over substantive content. These algorithms exploit content creators by forcing them to produce material that adheres to these superficial standards, thus stifling their creative expression. Small Headline: Platform ownership of communities When social media platforms exert control over the communities built and nurtured by influencers, it can have several negative consequences for both the creators and their audiences. In essence, their followers are loaned to them by the company. Some of the key issues arising from this power imbalance include a loss of creative control, vulnerability to platform changes, platform lock-in, monetization constraints, censorship, and content removal, and data ownership and privacy concerns. Small Headline: Monetization challenges Influencers and content creators often struggle to monetize their work on social media platforms. These companies take a significant cut of any revenue generated, and stringent guidelines can result in demonetization or removal of content altogether. The everchanging monetization policies create an unstable income stream for creators while the platforms continue to profit from their labor. Small Headline: Follower Exploitation Social media platforms are known to employ psychological tactics that prey on users' innate desires for validation and social approval. Influencers, by virtue of their large followings, are particularly susceptible to this exploitation. They are incentivized to prioritize the growth of their audience and engagement metrics above all else, which can lead to a focus on shallow content, ultimately doing a disservice to their followers.
(Continued from previous image) Small Headline: Fake Followers and Bot Accounts The proliferation of fake followers and bot accounts on social media platforms is a concerning issue that skews the perception of engagement and success for influencers, followers, and any external parties viewing the content. These inauthentic accounts not only inflate engagement metrics but also foster a false sense of popularity, leading creators to make misguided decisions about their content and brand partnerships. This deception can also result in inflated advertising costs for companies that rely on accurate engagement data for their marketing campaigns. Furthermore, fake followers erode trust in the influencer ecosystem, making it increasingly difficult to discern genuine engagement and organic growth from artificially manipulated numbers. Small Headline: Influencer Copycats and Financial Scams The rise of influencer copycats and the promotion of financial scams have detrimental effects on both the original content creators and their audiences. Copycats, who mimic the style, content, or persona of successful influencers, dilute the creator's unique brand identity and divert attention from their original work. This can result in lost income, reduced growth, and diminished credibility for the genuine influencer. Moreover, when these copycats promote financial scams, such as fraudulent investment schemes or counterfeit products, they exploit the trust that audiences have placed in the original influencer. Unsuspecting followers may fall prey to these scams, losing money and suffering from a sense of betrayal. This tarnishes the reputation of the authentic influencer and erodes the trust that is so crucial to the influencer-follower relationship. Furthermore, the financial scams themselves contribute to a negative perception of influencer marketing as a whole, casting doubt on the legitimacy and ethics of creators operating in the space. Small Headline: Data Collection and Privacy Breaches Social media platforms collect massive amounts of personal data from users, including influencers and their followers. This data is used to create targeted advertising, which generates revenue for the platform. Users rarely have control over how their data is used, and these practices are often veiled in obscure terms of service agreements, leaving both influencers and their followers vulnerable to privacy infringements. It is essential for influencers and their communities to be aware of how their data is being scrapped, packaged, and resold. Small Headline: Exploitation In conclusion, social media and messaging platforms are designed to maximize profits for the companies that own them, often at the expense of content creators and their followers. The exploitation of influencers and the commodification of their work should not be taken lightly. It is vital to push for increased transparency, fair compensation, and greatly improved encryption and data protection rights within these digital spaces to ensure the well-being and creative freedom of those who rely on them for their livelihoods.
We’re reaching influencers by developing a compelling incentive program and offering exclusive features (including a robust loyalty and engagement point system, promotional tools, and monetary rewards) to motivate influencers to actively promote and use Orion. We also collaborate with influencers on content creation, events, and campaigns to enhance community engagement.

As security experts, and not marketers, we don’t have a lot to say about their go-to-market strategy.

However, it is deeply ironic that there’s a section dedicated to “Financial Scams” in this litepaper.

Web3 Early Adopters & Practitioners

Headline: Web3 Early Adopters & Practitioners This audience is already familiar with decentralization, Web3, and tokenization concepts. They are early adopters of new technologies and can quickly understand Orion's innovation, benefits, and timelines. They inherently value their privacy and fundamental rights and support the numerous benefits of decentralized frameworks such as DeFi, DeSci, and DeComm. We’re reaching them by engaging with the crypto and blockchain communities through social media, forums, and discussion platforms. We also attend, and sponsor industry conferences, meetups, and events to build relationships and exchange thought leadership around improving security, privacy, and protecting our rights as free thinkers.

I’m starting to wonder how much Crown Sterling, LLC investment is responsible for the weird X/Twitter cryptocurrency spam bots.

Geyblade

Privacy, Rights, and Security Advocates

Headline: Privacy, Rights, and Security Advocates This audience is a direct reflection of our core values and beliefs. We collectively are very concerned about data privacy, security, censorship, and government surveillance. This audience, like us, has experience using privacy-oriented messaging apps and we appreciate the added benefits of Orion’s quantum security and Crown Sterling's strong ethos in data sovereignty and our inalienable human rights. We’re reaching more of them by sharing informative content and highlighting the importance of privacy, security, and later decentralization. We also connect with privacy and security influencers, experts, and thought leaders. Along with the core audiences above, we also align strongly with digital nomads, remote workers, activists, and journalists. To serve and nurture the Orion community, it is crucial to provide these communities with increased security through advocating and building robust verification processes and a seamless integration of novel encryption technologies. Moreover, we will provide compelling incentive structures to honor the influencers, their creative work, and the integrity of their own communities. Our team and Orion will do that. We, too, are creators, privacy and rights advocates, and worldclass cryptographers, building a platform for our fellow creators and their audiences. We believe it’s crucial to advocate for a more equitable distribution of power, revenue and control between platforms and influencers, enabling creators to speak and assemble freely while maintaining their autonomy and protecting the interests of their communities.

Gee, I wonder what Security Advocates think of Crown Sterling, LLC–the authors of this Litepaper?

Let’s ask some of them!

Oh. Well what if we ask someone else?

Crown Sterling is complete and utter snake oil. The company sells “TIME AI,” “the world’s first dynamic ‘non-factor’ based quantum AI encryption software,” “utilizing multi-dimensional encryption technology, including time, music’s infinite variability, artificial intelligence, and most notably mathematical constancies to generate entangled key pairs.” Those sentence fragments tick three of my snake-oil warning signs—from 1999!—right there: pseudo-math gobbledygook (warning sign #1), new mathematics (warning sign #2), and extreme cluelessness (warning sign #4).

Bruce Schneier

Oops.

Well, surely Crown Sterling wouldn’t do anything to damage the goodwill of the Security Community, like, say, sue the company that runs Black Hat USA after being criticized for spewing easily debunked bullshit in 2019 (PDF mirror)?

With all this talk about being against censorship and de-platforming, being a litigious fuckwad would be a bad look, wouldn’t it?

Crown Sterling’s Conclusion

Centered at the top: We will not sell your data We will not censor protected free speech Algorithms will not up or down regulate your content No spam bots and copycat accounts Your platform, your community, your content By creators for creators Headline: Conclusion We’re living in a world where our data is an extension of who we are, so it must be protected and its value reclaimed by you, its rightful owner. The evolution of boundary conditions and borders is happening at a rapid pace, primarily due to the accelerated evolution of the digital space. We believe that boundary conditions for new sovereign communities will be based on quantum-secure encryption. Within those communities, new economies will emerge; and within those economies will be money systems - barter, trade, collective bargaining - everything we see in functioning economic systems. We see content creators and influencers as pioneers - leaders of microeconomics, and we envision Orion as the platform that will support these decentralized sovereign communities in creating their own mechanisms of economy, able to interact with each other and not have to worry about censorship from a centralized function. We’ve built and continue to develop solutions and applications driven by our mission of Personal Data Sovereignty rooted in our Data Bill of Rights and will continue to advance with new features and tools to meet the demands of the evolving digital world.

What does “the evolution of boundary conditions and borders is happening at a rapid pace” mean? This doesn’t connect to anything discussed in the document!

I re-read this damn thing eight times trying to find some connection to any of the previous prose, and nothing. It’s nonsense.

Geyblade

Our Conclusion

Crown Sterling, LLC answers the question, “What if Time Cube had a profit motive?

To fully understand how much deeper this madness goes than the Orion litepaper can elucidate, look no further than Robert E. Grant’s YouTube channel, where he talks about Pyramid magic and other such New Age gobbledygook.

We’re not joking. (We mirrored this video in case it gets taken down.)

The Orion Litepaper continues the tradition of TimeAI by pitching an encryption protocol, an encrypted messaging app, a social media platform, a blockchain, decentralized storage, and an application development framework.

The Orion Litepaper claims that the titans of the software industry lack peer-review and imply they have too much attack surface, so the obvious solution is a platform that’s all of those things in the previous paragraph at once, and more. Who’s going to peer review all that code, Bobby?

As fun as it is to dunk on Clown Sterling, the sad reality is that nobody would bother investing the time or energy into such obvious lies if they weren’t effective that fooling innocent people into parting with their money. Though we can laugh, remember that there are almost certainly victims who didn’t have the benefit of knowing technical people they could trust to vet this bullshit.

Geyblade

It is our opinion that Robert E. Grant is a purveyor of top-quality horseshit, Crown Sterling, LLC is deeply untrustworthy, and Orion is vaporware intended to separate naive investors from their money.

The only possibility more horrifying than a rug-pull is if he actually plans to build a poorly conceived product like Orion and other people mistakenly trust it to keep their data secure. Grant is not a cryptography or privacy expert. An ex-NSA chief has admitted that the US government kills people based on metadata. Privacy tech isn’t a fucking game.

1 Comment

  • Clown Sterling
    February 20, 2024
    Reply

    You’re going to want to see this. It has the entire history of Crown Sterling analyzed, including a skim of a yet unreleased Orion WhitePaper that someone tricked the company to share on Telegram: https://rationalwiki.org/wiki/Crown_Sterling

Leave a Reply