Skip to main content

What Is the Cypherpunk Manifesto? A 2026 Primer

·2939 words·14 mins
Cora Aegis
Author
Cora Aegis
Privacy is the right; the tools are how we exercise it.
Table of Contents
A young woman with silver-white hair and calm crimson eyes, a soft fringe swept across her forehead, looks over her shoulder toward a glowing teal-cyan wall of monospace code in the rain-flecked dark, red neon accents behind her

A note on funding: CypherpunkGuide carries no surveillance advertising — no ad networks, tracking pixels, or sponsored content. It is funded by transparent streams: reader donations now; subscription and editorially-aligned affiliate later. We answer to our readers, not to advertisers.

This site is named for a movement, and the movement is named for a document. Before there was a privacy-tools industry, before Bitcoin, before the word “cypherpunk” appeared in a headline, a small mailing list of cryptographers in the San Francisco Bay Area decided that privacy was not something you could wait to be given. In March 1993 one of them, Eric Hughes, wrote it down in under a thousand words.

That essay — A Cypherpunk’s Manifesto — is still the clearest statement of why privacy work exists, and most explainers flatten it into a historical footnote on the road to Bitcoin. That reading misses the point. We re-read the manifesto line by line against the surveillance landscape we document on this site every week — AI-scale correlation, undeletable footprints, identity checkpoints at the door of the open web — and found that it does not read like nostalgia. It reads like a specification that 2026 is still failing to meet.

So what does the manifesto actually say, who wrote it, and which of its claims survived three decades of contact with reality? Below is the primer: the text, the people, and an honest scorecard of its predictions — including the one woman whose name belongs at the front of the story and is almost always left out.

What the Cypherpunk Manifesto Actually Says
#

The Cypherpunk Manifesto is a 1993 essay by Eric Hughes arguing that privacy is necessary for an open society in the electronic age, that it will not be granted by institutions, and that it must therefore be built directly with cryptography. Published to the cypherpunks mailing list on 9 March 1993, it is short, declarative, and structured as a chain of claims rather than a call for legislation. Its force comes from refusing to treat privacy as a favor.

It opens by separating two ideas that are still routinely confused:

“Privacy is not secrecy. A private matter is something one doesn’t want the whole world to know, but a secret matter is something one doesn’t want anybody to know. Privacy is the power to selectively reveal oneself to the world.” — Eric Hughes, A Cypherpunk’s Manifesto, 1993

That distinction does the heavy lifting. If privacy were secrecy, demanding it would look like hiding something. By defining privacy as selective disclosure — the power to choose what you reveal, to whom — Hughes reframes it as a precondition for participating in society on your own terms, not a refuge for wrongdoing. The example he uses is mundane on purpose: paying cash for a magazine, where the merchant has no need to know who you are.

From there the manifesto makes its central political claim, the one that separates cypherpunk thinking from ordinary privacy advocacy: you cannot petition your way to privacy. “We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy out of their beneficence,” Hughes wrote. Privacy that depends on an institution’s goodwill is privacy that the institution can revoke. The conclusion is therefore not a policy ask but an engineering mandate — privacy in an open society requires anonymous transaction systems, and if such systems do not exist, the people who care must build them. The famous line is the whole ethic compressed: “Cypherpunks write code.”

This is why the manifesto still matters as more than history. It is not a complaint about surveillance; it is a design principle. It says that durable privacy is a property of mechanisms — math you can verify — rather than promises you have to trust. Every honest privacy tool since has been an attempt to honor that principle or an illustration of what happens when it is ignored.

Three Texts, One Idea: May, Hughes, and Chaum
#

The Cypherpunk Manifesto did not appear from nothing — it crystallized ideas already moving through three foundational texts: David Chaum’s academic work on untraceable payments (1985), Tim May’s Crypto Anarchist Manifesto (written 1988), and Hughes’ essay (1993), bound together by the cypherpunks mailing list that Hughes, May, and John Gilmore founded in late 1992. Reading the three together shows the manifesto was the activist distillation of a decade of cryptographic thought.

The intellectual groundwork was Chaum’s. As an academic cryptographer, he had shown that privacy and accountability were not opposites — that you could build payment and credential systems revealing nothing beyond what a transaction strictly required. His 1985 Communications of the ACM paper carried a title that reads like a thesis statement for the whole movement: Security Without Identification: Transaction Systems to Make Big Brother Obsolete. He spent the following years trying to ship it, founding the company DigiCash to bring an “ecash” system to market before it filed for bankruptcy in 1998 — a first, instructive lesson that the hard part was never only the math.

Where Chaum was the engineer and Hughes the organizer, Tim May was the provocateur. His Crypto Anarchist Manifesto, written in 1988 and circulated to the early cypherpunks in 1992, opened with deliberate menace: “A specter is haunting the modern world, the specter of crypto anarchy.” May’s contribution, and his warning, was that strong cryptography would enable fully anonymous systems whether society was ready or not — and he was candid that this cut both ways, predicting illicit markets alongside the liberation. An honest primer keeps that ambivalence in view rather than sanding it off.

Founding textAuthorYearCore claim
Security Without IdentificationDavid Chaum1985Transactions can be secure without identifying the participants
The Crypto Anarchist ManifestoTim May1988 (circulated 1992)Cryptography will enable anonymous systems regardless of law
A Cypherpunk’s ManifestoEric Hughes1993Privacy must be built with code, not requested from institutions

What turned three texts into a movement was the mailing list. Beginning in late 1992, the cypherpunks met monthly in the Bay Area and argued in public over a list that, by the late 1990s, ran to thousands of subscribers. The manifesto was its founding document not because it was the first idea but because it was the clearest instruction.

The Woman Who Named It: Jude Milhon
#

The term “cypherpunk” was coined by Jude Milhon — a writer and self-taught programmer who went by the handle “St. Jude” — as a pun blending “cipher” with “cyberpunk,” and her authorship of the movement’s name is the detail most histories reduce to a footnote. Restoring it is not trivia. It corrects a record that has quietly written a woman out of the founding of a movement about who gets to control information.

Milhon (1939–2003) was not a peripheral figure who happened to land a good pun. She had been a programmer since the 1960s, was part of the Community Memory project — one of the first public computerized bulletin-board systems — and served as a senior editor at the cyberculture magazine Mondo 2000. Her politics were explicit and ahead of their time; her rallying cry, “Girls need modems!”, framed access to technology as a feminist demand decades before “digital divide” entered common usage. When the Bay Area cryptographers needed a name, it was Milhon who supplied the one that stuck.

We surface this for a reason beyond accuracy. The cypherpunk ideal — that privacy is a precondition for autonomy — lands hardest on the people most exposed when it fails, and that population is not gender-neutral. The threat surfaces we cover most closely, from synthetic-identity abuse in OPSEC in the AI Age to the intimate-partner surveillance embedded in age-verification mandates, fall disproportionately on women and on anyone with a motivated, close-range adversary. A movement that a woman named, read through 2026, points directly at the harms a male-coded “lone actor” threat model tends to miss. Milhon belongs in the primer, not the footnotes.

Scoring the 1993 Predictions Against 2026
#

Read as a set of predictions, the manifesto is uncomfortably accurate: its claim that institutions would not grant privacy, that surveillance would scale, and that only built-in mechanisms would hold has been confirmed repeatedly — while one prediction from its sibling text, Tim May’s, inverted into something its authors did not foresee. This is the part worth dwelling on, because the manifesto’s value today is as a scorecard, not a relic.

We built the table below by mapping each core claim onto a threat we document elsewhere on this site — not onto headlines. Where the original is a 1993 sentence, the 2026 column is a mechanism we have actually traced.

Manifesto claim (1993)2026 realityVerdict
Institutions won’t grant privacy “out of their beneficence”Platforms’ “delete” is a display change, not erasure; copies persist in brokers, caches, and model weights✅ Confirmed
Surveillance would outpace manual limitsAI joins scattered fragments into profiles at a scale no human investigator could reach✅ Confirmed
Privacy requires anonymous transaction systemsIdentity checkpoints are being mandated at the door of ordinary services, the opposite of anonymous access✅ Confirmed (by its violation)
Reputation would be “central” in anonymous systems (May, 1988)Reputation systems exist — but as state- and platform-controlled identity scores (KYC checks, chain-analytics risk ratings), not user-owned⚠️ Inverted

The first three rows are the manifesto vindicated. Its claim that deletion would not save you is the precise subject of How Permanent Is Your Social Media Footprint: once your words are absorbed into a model’s training data, there is no delete button that reaches the weights. Its claim that surveillance would scale beyond human limits is the entire premise of the AI-age threat model. And its demand for anonymous transaction systems is confirmed, ironically, by the global push for the opposite — the age-verification and digital-ID checkpoints that make the open web conditional on showing your papers.

We can offer one small piece of first-party evidence for the scale claim. We keep this site’s own server logs under watch for the self-identifying AI crawlers — GPTBot, ClaudeBot, PerplexityBot, Google-Extended and their peers — and they arrive continuously, on their own schedule, indexing a privacy site to answer questions about it. The machine readership Hughes could only infer is now measurable in a log file.

The fourth row is the interesting failure. May predicted that in anonymous systems, reputation would become the organizing principle — and he was right that reputation became central, but wrong about who would own it. Instead of user-controlled reputations attached to pseudonyms, 2026 runs on reputation systems controlled from above: KYC scores, transaction-monitoring risk ratings, the chain-analytics heuristics that decide whether your coins are “clean.” The cypherpunks imagined reputation as a tool of individual sovereignty. It arrived as an instrument of institutional control. That inversion — the right mechanism captured by the wrong owner — is the sharpest lesson the manifesto’s predictions hold for anyone building privacy tools now.

“Cypherpunks Write Code”: The Ethic in 2026
#

The manifesto’s most quoted line, “Cypherpunks write code,” is not a slogan about programming but a way of knowing — an epistemics: privacy claims must be verifiable in the mechanism rather than trusted in the promise, which translates today into “verify, don’t trust” and “prefer structure over policy.” Three decades on, that ethic is the most practical thing the document offers a non-programmer.

You do not have to write cryptography to live by it. The cypherpunk test for any privacy claim is to ask where the guarantee lives. A promise in a privacy policy lives in an institution’s goodwill — exactly the kind Hughes said would not hold. A guarantee in open, auditable code or in a protocol with no central operator to compel lives in math and structure. This is why the durable defenses we recommend are almost always structural rather than tactical: choosing a tool whose privacy is a property of its design beats trusting a service that merely says the right things. It is the same reasoning behind treating any government-held database as already breached, the assume-breach posture in When the Government Leaks Your Data.

The ethic also explains why pseudonymity sits at the center of this tradition rather than at its edge. Writing under a consistent name that is not your legal one — as the cypherpunks did on their list, and as this publication does — is not evasion; it is the selective disclosure the manifesto defined as privacy itself. Judged by code and argument rather than by credentials, the work either holds up or it does not. That is the standard the cypherpunks set, and it is a more honest one than authority by identity.

Bottom Line — Why a 1993 Essay Still Sets the Spec
#

The Cypherpunk Manifesto endures because it is a design principle, not a period piece: “privacy must be built, not granted” is a claim each passing year tests and has not yet refuted. Privacy is selective disclosure, not secrecy. It will not be granted, so it has to be built. And the only guarantees that hold are the ones written into mechanisms you can verify rather than institutions you have to trust.

For a reader in 2026, that converts into a way of seeing. When the next identity checkpoint is announced in the name of safety, the manifesto tells you to ask not “do I trust this provider” but “does this design require trust at all.” When a platform offers a privacy setting, it tells you to look for the guarantee in the code, not the copy. The document is thirty years old and reads like it was written about this week — which is either a triumph of foresight or an indictment of how little we have built since. Most honestly, it is both.

Frequently Asked Questions
#

What is the Cypherpunk Manifesto?
#

It is a short essay written by Eric Hughes and published to the cypherpunks mailing list on 9 March 1993. It argues that privacy is necessary for an open society, that institutions will not grant it voluntarily, and that it must therefore be built directly using cryptography. Its best-known line, “Cypherpunks write code,” compresses the whole argument: privacy has to be engineered into mechanisms, not requested as a favor.

Who wrote the Cypherpunk Manifesto, and who coined the word “cypherpunk”?
#

Eric Hughes wrote the manifesto in 1993. The word “cypherpunk” itself was coined separately by Jude Milhon, a writer and programmer known as “St. Jude,” as a pun on “cipher” and “cyberpunk.” Hughes, Tim May, and John Gilmore founded the cypherpunks mailing list in late 1992, where the manifesto was published.

How is the Cypherpunk Manifesto different from the Crypto Anarchist Manifesto?
#

They are two distinct texts. Tim May’s Crypto Anarchist Manifesto (written 1988) is the more radical, predicting that cryptography would enable anonymous systems beyond the reach of the state, for good and ill. Hughes’ Cypherpunk Manifesto (1993) is more constructive and focused: it defines privacy, insists it must be built rather than granted, and calls on its readers to write the software. May framed the consequence; Hughes framed the duty.

Is the Cypherpunk Manifesto still relevant in 2026?
#

Yes, arguably more than when it was written. Its core predictions — that institutions would not grant privacy and that surveillance would scale beyond human limits — are confirmed daily by AI-scale data correlation, undeletable digital footprints, and mandatory identity checkpoints. Its central instruction, to trust verifiable mechanisms over institutional promises, is a directly usable test for evaluating any privacy tool or law today.

Do I have to be a programmer to be a cypherpunk?
#

No. “Cypherpunks write code” is an ethic, not a job description. For a non-programmer it translates into a habit of mind: ask where a privacy guarantee actually lives. Prefer tools whose privacy is a property of open, auditable design or of a protocol with no central operator to compel, over services that merely promise good behavior in a policy. Choosing structural privacy over policy privacy is practicing the manifesto without writing a line of code.

#SourceURLArchive
1Eric Hughes — A Cypherpunk’s Manifesto (1993)https://www.activism.net/cypherpunk/manifesto.htmlhttps://web.archive.org/web/*/https://www.activism.net/cypherpunk/manifesto.html
2A Cypherpunk’s Manifesto — Nakamoto Institute libraryhttps://nakamotoinstitute.org/library/cypherpunk-manifesto/https://web.archive.org/web/*/https://nakamotoinstitute.org/library/cypherpunk-manifesto/
3Tim May — The Crypto Anarchist Manifestohttps://www.activism.net/cypherpunk/crypto-anarchy.htmlhttps://web.archive.org/web/*/https://www.activism.net/cypherpunk/crypto-anarchy.html
4David Chaum — Security Without Identification (CACM 28(10), 1985)https://www.semanticscholar.org/paper/Security-without-identification%3A-transaction-to-big-Chaum/a6020d6bce5c69e476dfee15bdf63944e2a717b3https://web.archive.org/web/*/https://dl.acm.org/doi/10.1145/4372.4373
5Jude Milhon — Wikipediahttps://en.wikipedia.org/wiki/Jude_Milhonhttps://web.archive.org/web/*/https://en.wikipedia.org/wiki/Jude_Milhon
6Cypherpunk — Wikipediahttps://en.wikipedia.org/wiki/Cypherpunkhttps://web.archive.org/web/*/https://en.wikipedia.org/wiki/Cypherpunk
7“Girls Need Modems!” — Jude Milhon (Capitol Technology University)https://www.captechu.edu/blog/girls-need-modems-battle-cry-of-hacktivist-jude-milhonhttps://web.archive.org/web/*/https://www.captechu.edu/blog/girls-need-modems-battle-cry-of-hacktivist-jude-milhon

Related