CivicPod: the First Device in the World without Backdoors!

In a World where every device is broken -  at birth, by design down to CPU design and fabrication as shown by the recent scandal about Intel and about AMD CPUs - we are building the CivicPod, the first IT device in the World which is provenly without backdoors. 

At TRUSTLESS.AI we are building the CivicPod, a 2mm-thin touch-screen handheld that will the first computing device in the World which any user or its trusted experts can fully and comprehensively verify not to have a backdoor - down to the CPU design, fabrication oversight and standard setting - and which radically exceeds state-of-the-art in its resistance to on-site and remote hacking attempts. 

In fact, critical vulnerabilities - that are scalably exploitable directly or "as a service"  by hundreds or thousands of criminal actors - are present at any given time in every single device in the market today, as it has been unequivocally proven by the revelations of the last 5 years.

Given extremely high plausible deniability, it is virtually impossible to ascertain which of those critical vulnerabilities are backdoors - stockpiled, spiffed by an insider developer or subversively inserted by nations - and which are errors due to hyper-complexity

We should therefore assume that all or nearly all devices and services available today are backdoored and hackable by innumerable actors. As Bruce Schneier said " I assume that all big companies are now in cahoots with the NSA, cannot be trusted, are lying to us constantly," he said. "You cannot trust any company that makes any claims of the security of their products. Not one cloud provider, not one software provider, not one hardware manufacturer. "

By nature of such tools and techniques - impervious to accountability and attribution when skillfully deployed - such backdoors are wildly abused and abusable by nations agents and criminals without due legal process. 

Though perfect security will never exist -  by uniquely implementing extreme transparency, oversight, accountability, and ethical and expert security review in relation to complexity - our CivicNet produces the 1st device in the World that removes any and all unverified trust along the entire supply chain and lifecycle. 

As opposed to all other systems, exploitable by nation and criminals without a proper judicial authorization, CivicNet will only be offered in privacy-respecting EU nations and deploy radically extreme and transparent technical and organizational safeguards - involving even citizen juries in multiple democratic jurisdictions, accountable to an highly ethical international trustworthy nonprofit third party - to vet and manage the legitimacy and constitutionality of lawful access requests.


In this long post we'll argue that demand for endpoint security will explode in 2018 in all IT domains. We'll look at how leading projects like Sirin Labs Finney, Telegram TON and OpenRisc plan to meaningfully mitigate from critical vulnerabilities -  like Spectre and Meltdown - and how TRUSTLESS.AI compares and positions. 

After Snowden revealed in 2013 incredibly pervasive spying by the US and Five Eyes agencies, researchers have increasingly revealed critical vulnerabilities deep down in nearly all mainstream and high-security systems. Vulnerabilities that, apparently, so often the story goes, went unnoticed for years or decades by their makers and by western security agencies.

The public dumping of thousands of CIA hacking tools revealed Wikileaks Vault 7 and that of the source code Hacking Team platform - for the semi-automated scaling of hacking to thousands - reveals not only that state-grade targeted hacking tools are available to mid-level hackers, but also their capability to scalably exploit them.

Meanwhile, over the last 2 years, nearly all media and experts reports how end-to-end encryption apps, blockchain and open source will deliver meaningful protection to the endpoint, but they are wrong.

In fact, more than $4 billions have been raised last year via ICO by blockchain startups to bring unprecedented levels of security and immutability to nearly all economic sectors. Yet, the security that blockchains are increasingly bringing to the database/ledger level is completely lost at the endpoint edges. It is lost by the client devices used to write to it or read from it, which are more broken than ever. Cybersecurity, after all, is as good as the weakest link.

In fact, even after what we’ve learned, media still wildly overestimates the security of current of current and emerging endpoint solutions because of an uncoordinated alignment of IT providers marketing their new products and security agencies pretending that they are“going dark” in order to drive more criminals to use techs they can crack remotely.

Nonetheless, a large number of enterprise CSOs and top executives by now know better about where real costs and threats reside. While they have learned they can easily mitigate from ransomware, and quickly recover their stock valuation from the public dump of a massive user database, they understand that they are practically naked, when it comes to protecting their most sensitive communications, negotiations, trade secrets, and protecting their execs and boards from blackmailing.

This recent news, and other facts listed below, make a strong case that 2018 will be about meaningful endpoint security and that our TRUSTLESS.AI and Trustless Computing Association has a great potential to deliver - initially to all user’ most critical computing - what the World is waiting since Snowden. Let’s look into them in some more detail.


Days ago Telegram, an app-basedsecure” messaging platform with 170M users - fast expanding its features to become a sort of non-Chinese WeChat - announced an unprecedented $500 millions ICO in order to its app-based platform a uniquely private and fast blockchain to "pay for services purely through digital tokens without relying on banks or payment processors, which are often the target of government scrutiny or censorship”.

But they haven’t and won't deliver because they inexplicably use of new obscure non-time-proven encryption protocol and for the simple fact that their security is merely app-based, and therefore completely compromisable in integrity and confidentiality, by a malware easily installed on the endpoint device, by even mid-level hackers. Also, hiding large financial transaction from a legitimate investigation is not only immoral but it will also never be allowed by large states.

MeltDown and Spectre

Last week, the public disclosure of MeltDown and Spectre vulnerabilities revealed how a large majority of modern CPUs - even for high-security scenarios - have been critically comprised in their data confidentiality for over 20 years, allowing any app or VM running on the machine to copy data and encryption key from any other running app or VM.

In a recent post, we clarify not only that our CPU is immune from such vulnerabilities but most importantly, but our overall solution and supply chain is are highly more resistant than state-of-the-art to the iper-complexities, security-through-obscurity, lack of coherent certifications and need to leave backdoors for states, that have lead to Spectre and Meltdown, and the many similar critical vulnerabilities in endpoint stacks - of even systems for high assurance scenarios - that are continuously publicized, will be publicised, and especially those that will never be discovered, or publicised, for years.

Our solution doesn’t rely on SW or HW isolation to protect against less “trusted” applications or virtual machines. It is a self-contained VPN-isolated end-to-end “computing universe” where any app that runs on it would be subject to exactly the same levels of security standards as all other technical and supply chain stacks.

Sirin Labs

Last December, Sirin Labs, the maker 15k$ cryptophone raised 157M$, to address exactly the same user problem that we are addressing. But they keep doing so in trusted way, with plenty of black-box components and processes, rather than uncompromisingly trustless way.

In a way, it is disheartening that startups based on market failed products and old trusted computing approaches are so successful in ICOs, when well funded, but yet it validates the size of the problem, as we outline in this post.


In recent days, an open source CPU and SoC project, OpenRisc - widely-praised in the hacking community and mostly paid lip service by the industry - clarified their immunity to Meltdown and Spectre and stating its claims to be able to provide meaningful endpoint security through the full transparency of its source designs.

Unfortunately, OpenRisc technologies and ecosystem were never conceived to radically increase security but rather to provide for open source alternative to high-performance computing, and therefore plagued by architectural, governance and complexity choices that they made accordingly.

As a DARPA analysis of OpenRisc as a platform for ultra-high assurance computing highlights on page 9 (pdf) the huge funding and effort challenges of trying to reconcile high performance and features, with ultra-high levels of assurance.


Nearly all think that Meltdown and Spectre were just errors by the CPU industry derived from their prioritizing performance over security, and that surely is the main "technical" reason.

Many forget that Bruce Schneier said back in 2014 that, after what we learned with Snowden, "we should assume all mainstream CPUs to be compromised" (minute 32 of

In another instance, he said: "I assume that all big companies are now in cahoots with the NSA, cannot be trusted, are lying to us constantly. You cannot trust any company that makes any claims of the security of their products. Not one cloud provider, not one software provider, not one hardware manufacturer.”

There are reasons to believe that Spectre and Meltdown vulnerabilities were not just discovered 6 months ago but they were known for a long time - by one or more CPU makes and governments - who deliberately inserted or discovered and left them there to allow government (more or less) lawful access.

This is the same exact thing as "inserting" a backdoor. No difference at all. Actually, it is the best and sleekest way to place a backdoor because you have near perfect deniability by all parties involved. In fact, the discovery of this bugs translates in a temporary decline in the stock prices and more orders for Spectre-proof chips from the same vendors, which may be required to enterprise and governments for compliance to GDPR or other rules.

Just very few need to be in the know. For example CPU making executive or senior R&D staff just have to make some architectural choices rather than other ones - or close an eye on a critical bug - and then slip out a word to high-level gov agencies.

Nothing we can do about it?

No, we can remove all unverified upfront trust not only in CPU makers, but in all critical components makers, designs and fabrication processes, and even in standards-setting - and allow an extremely safeguarded offline process to allow legitimate lawful access - as we are doing at TRUSTLESS.AI and the Trustless Computing Association.

EDITED TO ADD 1/11/2018: Our Trustless Computing Paradigms, on page 8 of our Whitepaper Summary (on our site) include since 2015 this assumption, baked into all our techs, governance and supply chain:

D. MEASURE: assumes that xtremely skilled attackers are willing to devote even tens of millions of dollars to compromise the lifecycle or supply chain through legal and illegal subversion of all kinds, including economic pressures; and many tens of thousands to compromise of the individual end-user.






In recent days, most were surprised about the reporting of Spectre and Metldown critical vulnerabilities in nearly all mainstream CPUs for the last 15 years are unfixable to a large extent, even through OS updates.

We are not surprised.

It was 2014, when Bruce Schneier, the World most recognized security expert - in reply to a declaration of Intel CEO that their chips had not been hacked - clearly stated that, after Snowden, we should be assuming all mainstream CPUs to be compromised in undetectable ways, due to design and supply chain complexities or state backdoors. See minute 32.40-34.00 of this video.

Nothing we can do about it? Nearly everyone seems to think so.
But, since 2014, at TRUSTLESS.AI and the Trustless Computing Association, we’ve been promoting an approach to CPU/chip design (and fabrication!) that removes upfront trust, and radically reduces complexity, and enables for an offline in-person privacy-respecting lawful access so states don’t have to backdoor it.

Also, our Kryptus SCuP architecture - the only secure CPU in the world publicly verifiable in HW and SW design according to the Head of Information Superiority of EDA - is immune from such kind of vulnerabilities "as the underlying core does not employ speculative execution".

But we go way beyond, implementing our Trustless Computing CivicFab fabrication oversight processes, that are well in excess in user trustworthiness than even NSA Trusted Foundry Program processes.

Pitch and exhibit in Cannes and Berlin. New advisors and investor traction.

Some updates for the last month and next:

  • On Nov 28-30th, we'll be in Cannes at the TRUSTECH conference attended last year by 13,000 people. We were chosen as 1 of only 4 startups (out of the 44 participating and pitching) for a free-of-charge package including a full stand, a 7 minutes pitch to 200 people, and participation to a closed workshop with VCs and corporate VCs, including, Axa Strategic Venture, P101 Ventures, dPixel, TIM #WCAP Milano, Digital Magics, ICCREA Banca, Innogest, Berlin Innovation Venture.
  • On Dec 7th, we'll be in Berlin hosted as "alumni startup" to BetaPitch INvestor Day, hosted by the Pre-acceleration Program from which we graduated in July 2016.
  • We have great new advisors joining the team - Fabrice Croiseaux and David Drake, and a new cofounder, Ryan Molecke, with great core blockchain expertise.
  • We are making advances in the prototyping, architecture and business modeling of the project, and fundraising strategy: see Overview.
  • We were sought and invited to apply by the MDs of 4 of World's most prestigious acceleration programs. We passed the 1st phase of 3 of them including a call with the team and their MDs:
  • Over the last 6 months, 4-5 leading equity VC investors in the blockchain/crypto domain have been actively interested in investing. We are actively engaged in detail discussions with 3 small pre-seed venture funds.
  • We have been holding off until the closing of the round before pursuing a formalization in Pilot Partner MoUs with 3-4 of the many prospective end-users which had engaged with since us last spring.