The volume of cypherpunks’ “creation,” and the nature of those creations, varies. As privacy activists through cryptography, many cypherpunks have written different types of code; sometimes just one piece, sometimes several. Others have written books, shared websites, or founded companies and organizations. A few others have done all of these. Bruce Schneier is one of those few.
He was born in 1963 and grew up in New York (US). He studied physics at the University of Rochester, earning his bachelor’s degree in 1984. Later, he pursued a master’s in computer science from American University, completing it in 1988. In the early 1990s, after being laid off from a job, Schneier started writing for computer magazines. This led him to publish his first major book, Applied Cryptography, in 1994, which helped establish him as a leading expert in security. His growing reputation allowed him to start consulting and working on security-related projects. Besides, he started participating in the cypherpunk mailing lists in 1996.
Around that time, he co-founded Counterpane Internet Security, where he served as Chief Technology Officer. The company was later acquired by BT Group, and Schneier continued working in security. In 2016, he joined IBM after it acquired Resilient Systems, where he was CTO until 2019.
Since at least 2013, he has been a Fellow at Harvard’s Berkman Klein Center for Internet & Society and a Lecturer in Public Policy at the Harvard Kennedy School. He also serves on multiple advisory boards related to privacy and security, including at the Electronic Frontier Foundation (EFF – founded by another cypherpunk). More recently, Schneier took on the role of Chief of Security Architecture at Inrupt, a company focused on data privacy and control, founded by the World Wide Web inventor, Tim Berners-Lee.
As we’ve mentioned above, Schneier has been a prolific professional. He’s been involved in the creation of hash functions, stream ciphers, pseudo-random number generators, and block ciphers —security tools, all of them. One of the more curious ones is Solitaire, which was featured in Neal Stephenson’s novel Cryptonomicon. This cipher was created for field agents needing secure communication without electronics and was designed to be solved by using just a deck of playing cards.
Schneier is also known for the “fish” series of block ciphers, including Blowfish, Twofish, and Threefish. Blowfish was widely adopted in the past, but its 64-bit block size has made it obsolete for modern encryption. Twofish, a finalist in the Advanced Encryption Standard (AES) competition, remains secure but is less commonly used than the current AES version (Rijndael). Threefish, developed as part of the Skein hash function, also built by Schneier, was a candidate for SHA-3 (Secure Hash Algorithm by NIST). It introduced innovative cryptographic techniques and remains a useful building block in niche applications.
Another key contribution is Fortuna, a secure random number generator that improves upon earlier methods. Fortuna has been adopted in operating systems like FreeBSD and Apple’s OSes, showing its reliability in generating cryptographic randomness. It helps ensure secure encryption by providing strong and unpredictable random numbers, which are essential for secure communications and cryptographic protocols.
A fundamental lesson from Schneier’s crypto work is captured in the so-called “Schneier’s Law,” which states that anyone, even a “clueless amateur” can create an encryption system they cannot break—but that doesn’t mean it’s secure. True security comes from rigorous analysis and peer review.
Books by Schneier
Schneier has also had time to write. A lot. He’s been sharing his insights on security through his blog, Schneier on Security, since 2004, and his monthly newsletter, Crypto-Gram, since 1998. Both platforms serve as spaces for discussions on cybersecurity, privacy, and cryptography, with the blog allowing for more immediate engagement from readers. His content ranges from analyzing emerging threats to critiquing security policies, often shaping public debates on digital safety. Alongside these, Schneier has written numerous essays and research papers, contributing to academic and industry discussions on encryption, trust, and risk management.
His first major book, Applied Cryptography (1994), became a foundational text in the field, explaining cryptographic protocols and their real-world applications. This success led to further publications, such as Secrets and Lies (2000), which expanded beyond cryptography to examine broader security challenges in a connected world. In Beyond Fear (2003), he broke down complex security topics for a general audience, teaching readers how to assess risks logically. Later, Liars and Outliers (2012) explored how trust and security interact in society, bridging technology with social science concepts.
Schneier has continued to address evolving security concerns in books like Data and Goliath (2015), which exposed the extent of mass surveillance, and Click Here to Kill Everybody (2018), which warned about potential vulnerabilities in the Internet of Things (IoT). His 2023 work, A Hacker’s Mind, examined how people in power manipulate rules to their advantage, applying hacking principles to societal structures. With around 17 books published, Schneier remains a crucial voice in the cybersecurity landscape, helping both experts and the general public navigate the complexities of digital security.
On Privacy and Control
The widespread belief that security and privacy are inherently in conflict has been challenged by Schneier, who argues that they should work together rather than be treated as trade-offs. Governments and corporations often push the idea that stronger security requires giving up privacy, but this is misleading.
True security isn’t about constant surveillance or restricting freedoms—it’s about ensuring protection without unnecessary control. Policies that justify mass monitoring or invasive data collection in the name of security tend to create systems of control rather than real safety. Instead of increasing protection, these measures often erode trust and limit personal freedoms, making citizens less secure in the long run.
In the corporate world, the same logic is used to justify restrictive security measures that are really about control. Companies like Apple and Microsoft implement digital locks and other security mechanisms not just to protect users, but to keep them dependent on their platforms. This concept, known as “lock-in,” makes switching to alternatives costly or inconvenient, ensuring customers stay within a company’s ecosystem. Such restrictions are often marketed as necessary for safety—such as preventing malware or unauthorized modifications—but in reality, they limit user choice and enforce corporate dominance over technology.
Cryptographic tools offer a way to challenge both corporate and government control by giving individuals direct ownership over their data and assets. Technologies like encryption, decentralized networks, and digital signatures allow people to secure their communications and transactions without relying on centralized authorities. Instead of being forced to trust companies or governments to protect privacy, users can implement their own security measures.
Against Blockchains
Despite his freedom inclinations and being considered a cypherpunk, Schneier has been vocal against blockchains and cryptocurrencies. He even wrote to the US Congress in 2022, urging its prompt regulation and calling them “useless.” He also argued that blockchains aren’t as decentralized as they claim to be, because they still have middlemen in the form of miners and “validators.” He sent a challenge about it through his blog: “Someone, please show me an application where blockchain is essential. That is, a problem that could not have been solved without blockchain that can now be solved with it.”
Speaking of freedom inclinations, it seems like Schneier might be overlooking the main point of truly decentralized and open Distributed Ledger Technology (DLT): offering freedom and control to people, instead of governments and corporations. An application where this technology is essential has been widely proven in hostile environments, where vulnerable people have used cryptocurrencies and decentralized networks to fight against financial censorship and currency inflation by tyrannical and/or negligent governments. DLT has also been able to protect data and preserve their privacy.
On the other hand, the claim about lack of decentralization in blockchains is still completely fair —as we’ve seen in cases like the censorship of Tornado Cash transactions.
It’s true for blockchains but not true for all crypto ecosystems, though. Obyte, for instance, isn’t a blockchain, but a Directed Acyclic Graph (DAG) without miners or “validators,” where only users post and approve their own transactions, and nobody can censor them. This way, Obyte is a cryptographic tool that empowers users with full control over their funds and data, ensuring autonomy and security for anyone, everywhere.
Read more from Cypherpunks Write Code series:
Featured Vector Image by Garry Killian / Freepik
Photograph of Bruce Schneier by Simon Law / Flickr
