2026-06-25 –, Yoga Studio
Your government publishes data you need to monitor, but searching for it creates a trail you can't afford. In this workshop, you'll build a zero-knowledge notification service from scratch: encrypted queries, fuzzy matching against a live data source, and result delivery where the operator never sees what was searched or who asked. Then you'll flip sides: use Rizin to tear apart a real sheriff's app APK, extract hardcoded secrets and tracking infrastructure, and have an AI agent classify findings against a threat registry. You leave with both the surveillance-resistant alternative and the skills to audit what it replaces. The patterns come from Frio, a live system monitoring county jail rosters for families of ICE detainees, but the architecture generalizes to any public dataset where the act of searching is itself sensitive.
This workshop stands on its own, but pairs with my talk submission covering the surveillance findings that motivated this architecture. The short version: I reverse-engineered the sheriff's apps that families are told to install to check on detained loved ones and found GPS surveillance, ad tracking, and inmate searches routed to a credit bureau. This workshop is the constructive response: you'll build the kind of system that should exist instead.
What you'll build:
- Keypair generation: NaCl sealed-box encryption with dual keys (service key for processing, requestor key for results)
- Encrypted intake: a requestor submits a query that the system can process but never read
- Fuzzy matching: search a simulated data source with privacy-preserving name matching and configurable thresholds
- Encrypted result delivery: matches are encrypted to the requestor's key; the operator sees only that a match occurred, not the content
- Shard decay: data doesn't persist indefinitely; implement time-based expiration classes so the system forgets
- Agent skill: use Claude Code to write a skill that can audit, scrape, or extend your service, then run it against your prototype
- Binary audit (capstone): use Rizin to extract strings, permissions, and hardcoded secrets from a real sheriff's app APK, then have your agent classify the findings against a canonical threat registry. This is the same workflow used to audit 8 OCV sheriff apps in parallel
What you'll take away:
- A working prototype you can extend for your own use case
- Understanding of zero-knowledge service architecture
- Practical NaCl/libsodium usage patterns
- A framework for thinking about surveillance-resistant system design
- Experience using Claude Code skills as a force multiplier — the same approach used to audit 8 APKs in parallel and build scrapers for 55 data sources
- Exposure to Spiritwriter's shard and entitlement model for building governed agent systems
Prerequisites:
- Laptop with Python 3.12+ and Rizin installed (rizin.re — we'll have install instructions for all platforms)
- Claude Code CLI installed (API credits — we'll have a limited number of $10 starter credits available for attendees who need them)
- Familiarity with Python helpful but not required — we'll explain as we go
- No prior crypto or reverse engineering experience needed
Materials provided:
- Starter code repo with scaffolding and test data (built on spiritwriter-core)
- Reference architecture diagram
- Cheat sheet: NaCl sealed-box operations in PyNaCl
- Claude Code skill templates for extending the prototype
- Spiritwriter quick-start guide for turning the prototype into a distributed system
Aaron Markham is a technologist and entrepreneur with two decades of experience in distributed systems, AI/ML, and R&D program leadership. He has built distributed agent systems for content monitoring, real-time video analysis, and privacy-preserving infrastructure. He's currently building Frio (frio.help) and releasing the Spiritwriter agent governance framework as open source.