Neuchatel, Switzerland, 25th August, 2021,
The whistleblower exposing US military war crimes in Iraq and Afghanistan is conducting a security audit on this full-stack privacy infrastructure
Former US army soldier, Chelsea Manning, had joined Nym to security audit their cutting-edge code to prevent mass surveillance. The audit will be completed before the Nym network hits “main net” later in the year.
The Nym team is thrilled to have her join as a security consultant to audit the code of Nym for security and privacy flaws. While most security auditors do not know what is at stake in a software bug that can harm privacy and security, Manning is keenly aware that secure software can lead to life-or-death consequences. Chelsea Manning was imprisoned in the US for nearly seven years for leaking documentation from military operations in Iraq and Afghanistan, including the targeting of civilians, before being pardoned by Barack Obama.
Harry Halpin, CEO of Nym, says that “While trusting software with their money is one thing people are learning to do with Bitcoin and DeFi, brave whistleblowers and revolutionaries like Chelsea Manning have to trust software with their lives. So rather than ‘YOLO’ and launch as only to wreck their users, we’re working with the best people alive to keep our users safe and secure. While all software has bugs, people that launch software that endangers their users or doesn’t even work are scammers that could even have blood on their hands.”
While Chelsea Manning is well-known as a whistleblower, what is not so well-known is that she is a talented security and privacy engineer. While most security audits focus only on cryptography, cryptographic bugs are only half the battle for privacy. “Traffic analysis, not cryptanalysis, is the backbone of communications intelligence”, as stated by founder of public key cryptography Whitfield Diffie and privacy expert Susan Landau in their book Privacy on the Line.
Yet no security audits deal with the kinds of powerful traffic analysis attacks that Nym is meant to prevent.
Chelsea Manning states “As methods for network traffic analysis have dramatically improved in the last decade, I have frequently called for research (since 2016) into alternative methods to Tor that avoid exposing the data within the network to such analysis. Nym is one such viable alternative worthy of research, and developmental implementation.”
Manning is uniquely qualified to understand how powerful, even nation-state, adversaries can attack Nym users due to own background in signals intelligence and her personal experiences with repression. Working with other more traditional security auditors, Manning’s mission over the next months is to help Nym resist surveillance via discovering new privacy leaks and setting parameters for cover traffic. Cover traffic is “fake traffic” that can confuse an adversary like a malicious Internet Service provider or mobile phone company, and is sent by Nym but not by Tor or VPNs. Harry Halpin continues, “We’d be happy to have her stay on after the audit in whatever form she wants, but right now we need everyone laser-focussed on securing our code.”
Privacy has since been making a massive come-back, through user demand (private messaging app Signal had over 100 million downloads in May 2021) and through new regulation (exemplified in the European GDPR). So far, Nym is one of the only privacy systems promising metadata protection at the network layer. Nym’s mission is to make privacy an integral part of Web 3. As the recent Pegasus leaks reveal, privacy is under constant attack, posing life threatening dangers to journalists, activists and citizens alike who become vulnerable targets.
Nym is an open-source, decentralized, permissionless and incentivized system providing full-stack privacy. It enables developers to build applications that provide users with strong guarantees against metadata surveillance, at both the level of network traffic (mixnet), and the level of authentication and payments (credentials). Nym’s team is composed of leading research scientists and developers at world-class universities Massachusetts Institute of Technology, KU Leuven and University College London.
- Jaya Klara Brekke
- [email protected]