Ongoing Work

Hypercerts Foundation
Head of Engineering

To solve the challenges we face this century, we need scalable and sustainable financing models for public goods that reward contributors for the positive impact they create.

Hypercerts are a new protocol for funding and rewarding positive impact. Every hypercert is a public claim on a discrete piece of work and impact resulting from that work. Projects can create hypercerts and distribute them to contributors. Funders can own hypercert fractions — and the rights that come with them. Impact evaluators can create value for projects and funders by assessing the quality of hypercerts and offering ratings.

Hypercerts create interoperability by serving as a single, open, shared, decentralized database for impact claims and funding mechanisms. This allows funders and projects to create a scalable, interoperable and transparent funding environment for innovative public goods.

wwwWebsite, codeGitHub, twitterTwitter

MASQ Foundation
Co-Founder and President

The MASQ Foundation exists to build and support security and privacy for the public good. We research, engineer, and promote widely-accessible technologies that protect individual users’ security and privacy in both the digital and physical worlds.

wwwWebsite, codeGitHub, twitterTwitter

Mature Projects

Founding Engineer, Head of Engineering

Plasmic is a visual builder for the web. Non-developers can build pages or parts of pages, and developers can integrate these into any website or app codebase.

The goal is to empower and unblock non-developers such as marketers and designers, while freeing up developers from pixel-pushing. Teams can thus move faster, iterate more, and ship higher quality products.

Plasmic as a page builder and “visual CMS” is its simplest and most common use case. Editors can create and update content in Plasmic without code, and publish this into their production site without needing to block on developers.

Beyond website content, Plasmic can even be used to create frontends for complex web applications (such as Plasmic itself, which was built in Plasmic). This is possible because—despite being easy to start with—Plasmic gives you full visual control and works deeply with code.

wwwWebsite, codeGitHub, twitterTwitter

Co-Founder and CTO

Oasis Labs is building a new platform to use data without liability, easily comply with new regulations, and collaborate on shared data without risking privacy or losing control. With Oasis Labs’ tools your company can confidently share and analyze sensitive data without the risk of accidental leaks or violating privacy.

The foundation also supports the Oasis Network, a layer-1, proof of stake, blockchain that leverages secure computing techniques like secure enclaves to keep data private, and a cutting-edge architecture designed for scalability.

wwwCompany Website, wwwFoundation Website, codeGitHub

Selected Press:

Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts
UC Berkeley Security Research Lab - Raymond Cheng, Fan Zhang, Jernej Kos, Warren He, Nick Hynes, Noah Johnson, Ari Juels, Andrew Miller, Dawn Song,

Smart contracts are applications that execute on blockchains. Today they manage billions of dollars in value and motivate visionary plans for pervasive blockchain deployment. While smart contracts inherit the availability and other security assurances of blockchains, however, they are impeded by blockchains’ lack of confidentiality and poor performance.

We present Ekiden, a system that addresses these critical gaps by combining blockchains with Trusted Execution Environments (TEEs). Ekiden leverages a novel architecture that separates consensus from execution, enabling efficient TEE-backed confidentiality-preserving smart-contracts and high scalability. Our prototype (with Tendermint as the consensus layer) achieves example performance of 600x more throughput and 400x less latency at 1000x less cost than the Ethereum mainnet.

Published in IEEE European Symposium on Security and Privacy (EuroS&P) 2019
Commercialized at Oasis Labs
pdfIEEE, pdfArxiv, texBibTeX

Talek: Private Group Messaging with Hidden Access Patterns
UW Networks Lab - Raymond Cheng, Will Scott, Elisaweta Masserova, Irene Zhang, Vipul Goyal, Tom Anderson, Arvind Krishnamurthy, Bryan Parno,

Talek is a private group messaging system that sends messages through potentially untrustworthy servers, while hiding both data content and the communication patterns among its users. Talek explores a new point in the design space of private messaging; it guarantees access sequence indistinguishability, which is among the strongest guarantees in the space, while assuming an anytrust threat model, which is only slightly weaker than the strongest threat model currently found in related work. Our results suggest that this is a pragmatic point in the design space, since it supports strong privacy \emph{and} good performance.

Published in ACSAC 2020. pdfArxiv, pdfCryptology ePrint, texBibTeX

Share Your Pathway to the Internet
UW Networks Lab and Jigsaw
uProxy is a browser extension that lets users share alternative more secure routes to the Internet. It’s like a personalized VPN service that you set up for yourself and your friends. uProxy helps users protect each other from third parties who may try to watch, block, or redirect users’ Internet connections.
wwwWebsite codeGitHub
Google E2E

For more up-to-date product information, check out the

website and GitHub

Diamond: Automating Data Management and Storage for Wide-area Reactive Applications.
UW Systems Lab - Irene Zhang, Niel Lebeck, Pedro Fonseca, Brandon Holt, Raymond Cheng, Ariadna Norberg, Arvind Krishnamurthy, Henry Levy,
Diamond is a new data management system for wide-area, reactive applications. Reactive applications give users the illusion of continuous synchronization across mobile devices and the cloud server. Diamond simplifies this task by providing applications with persistent cloud storage, reliable synchronization between storage and mobile devices, and automated execution of application code in response to shared data updates.
Published in 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI) 2016
pdfPDF1, pdfPDF2, pdfSlides, texBibTeX
wwwWebsite codeGitHub

Radiatus: a Shared-Nothing Server-Side Web Architecture
UW Networks Lab - Raymond Cheng, Will Scott, Paul Ellenbogen, Jon Howell, Franzi Roesner, Arvind Krishnamurthy, Tom Anderson,
Radiatus is a decentralized web framework for designing more secure web apps. In Radiatus, all application-specific computation running on the server is executed within a sandbox with the privileges of the end-user. By strongly isolating users we protect user data and service availability from application vulnerabilities.
Published in ACM Symposium on Cloud Computing (SOCC) 2016
pdfPDF1, pdfPDF2, texBibTeX
wwwWebsite codeGitHub

a New Baseline for the Web
UW Networks Lab - Will Scott, Raymond Cheng, Arvind Krishnamurthy, Tom Anderson,
freedom.js is a web framework for building peer-to-peer (P2P) web apps. Easily create social applications that work in modern web browsers, Chrome packaged apps, Firefox extensions, node.js, and native mobile apps. freedom.js apps are just JavaScript, so they can be distributed as packages on an app store or hosted on static web servers. We’re bringing peer-to-peer back, baby.
wwwWebsite, codeGitHub
UW CSE Tech Report: pdfPDF1, pdfPDF2, texBibTeX
Hotnets XI: pdfPDF1, pdfPDF2, pdfPDF3, texBibTeX

BladeDroid: User scripting on Android
UW Networks Lab - Ravi Bhoraskar, Michael Ernst
BladeDroid is a system enabling user customization of Android applications, using a novel combination of bytecode rewriting and dynamic class loading. Similar to browser extensions, BladeDroid allows arbitrary customization of Android apps, such as ad-blocking.
APSYS 2014
PDF, Slides, [BibTeX]

Unblock: Towards Blocking-Resistant Network Services
UW Networks Group - Will Scott, Arvind Krishnamurthy, Tom Anderson
Unblock is a privacy preserving overlay network, constructed from an augmented social graph. By leveraging the unique properties of trusted social links, Unblock performs multi-path and multi-hop routing over the social network, providing better performance and routing around failures to support a web browsing workload.
Technical Report (UW CSE) [BibTeX]
Project Webpage

SolocoRank: Social Signals for Local Search Quality
Google - Michael Schueppert, Hila Becker, Mayur Thakur
SolocoRank is a new ranking algorithm that leverages social media to rank
physical establishments such as restaurants and bars.
Technical Report (UW CSE), [BibTeX]

Kineograph: Taking the Pulse of a Fast-Changing and Connected World
Microsoft Research Asia, Systems Research Group - Lidong Zhou, Fan Yang
Kineograph is a new graph computation engine, optimized for processing
real-time social data. Our goal was to enable real-time applications
(such as user ranking and approximate shortest paths), such that new data
is reflected in the computed results within a couple minutes.
Microsoft Research Project Page
Published in Eurosys 2012
PDF, Slides, [BibTeX]

A Secure Peer-to-Peer Communications Platform
MIT CSAIL, PDOS - Prof. Kaashoek, Chris Lesniewski-Laas
WhanauSIP is a peer-to-peer VoIP communications platform that requires no centralized infrastructure. Instead, it uses the Whanau DHT to provide a Sybil-proof rendezvous mechanism among users, securing the system from a variety of attacks.
MIT Master’s Thesis
PDF, [BibTeX], GitHub

Solar Printer
MIT Media Lab, Tangible Media Group - Dr. Fletcher
The Solar Printer is an entirely self-sufficient printer system for the developing world. The system was designed to be low-powered and continuously operable using solar panels. Instead of using ink, the printer magnified sunlight to burn characters into photochromic paper.
Website, YouTube



Issue trackers (e.g. GitHub issues, Jira, Shortcut, etc) are incredibly useful project-management tools for any team. However, they are proprietary closed systems, which means:

  • Difficult to customize: Take it or leave it. As your team grows, your needs evolve. If the tool doesn’t satisfy your needs, you are left with trying to migrate.
  • Annoying to transfer: Migrations are painful. They often require custom scripts and never fully capture all of the metadata from the original system.
  • Proprietary: Open source code deserves open source project management. Projects should be able to move as easily as switching their git remote.

pm-tools is an open source project-management tool with the following goals:

  • Portable: All of the data should exist in a git repository, like your code. In the future, we can consider using standard content management systems as well.
  • Markdown-first: Users should be able to use any editor that supports Markdown, from vim to HackMD.
  • Open-source tooling: Anyone should be able to build visually-rich functionality (like Gantt charts), as a front-ends to the data.



AutoDapp helps developers use existing, mature web stacks to build decentralized apps (dApps), enabling them to switch between a centralized cloud deployment and a decentralized deployment with only a single line of code change. AutoDapp can also be used to instantly convert existing web apps into dApps. Let’s AutoDapp-ify the Web!

wwwWebsite, codeGitHub


Programmable Postgres/MariaDB Proxy for Rust


Fuzhou Food
Fuzhou Food is a blog of recipes, assembled from family and friends from the Fuzhou, Fujian area of China. One of the 8 culinary cuisines of China, Fujian food is light, soft, and flavorful, featuring a wide range of seafood and soups.

Kingdom is an intelligent personal assistant, written to run locally on Node.js. All plugins, including speech recognition, are run locally. This way, you don’t need to send your voice data to the cloud to get simple things done.

Take Turns, Sally. WTF?
Take Turns, Sally is a meeting queue system for speaking order. Everyone opens up the app from their computer/smartphone and joins a common room. Select 1 leader and begin queuing up to speak.

File Drop lets you easily share files with your friends. Just drop the file into the page and your browser immediately become a server for that file. Share your unique URL to serve that file to friends directly in true P2P fashion.
GitHub Terminal
In 2008, before the days of Google powered by knowledge graph and Mozilla Ubiquity, I designed a website that reflected my favorite computing environment, a console interface. RAy SHell = RASH. It’s modular, simple, clean, requires no JavaScript, and certainly not for the faint-of-heart. Written entirely in server-side PHP. Discontinued as of 2013.