Whistleblower and security engineer Chelsea Manning has joined privacy startup Nym as a security consultant, focusing on auditing their mixnet.
A mix network or “mixnet” (taking its name from the proxy servers it employs, called “mixes”) obscures the metadata left behind when data passes through a network, providing a higher level of privacy when it comes to network-level surveillance.
Manning’s audit will be completed before the Nym network launches on mainnet later in the year.
“As methods for network traffic analysis have dramatically improved in the last decade, I have frequently called for research (since 2016) into alternative methods to Tor that avoid exposing the data within the network to such analysis,” Manning said in a statement. “Nym is one such viable alternative worthy of research and developmental implementation.”
Manning was imprisoned for leaking documentation regarding military operations in Iraq and Afghanistan, which included the U.S. targeting of civilians.
Nym’s initial testnet, launched in April 2020, was the victim of a Sybil attack. A Sybil attack is when a single actor tries to take over a network by spinning up multiple nodes that validate data and transactions on the network. If one actor has a disproportionate amount of control over the system, it compromises the system’s underlying integrity because the nodes under the attacker’s control could refuse to receive or transmit blocks on a blockchain.
“While trusting software with their money is one thing people are learning to do with Bitcoin and DeFi, brave whistleblowers and revolutionaries like Chelsea Manning have to trust software with their lives,” Nym CEO Harry Halpin said in a statement, adding:
“So rather than ‘YOLO’ and launch only to wreck their users, we’re working with the best people alive to keep our users safe and secure.”
Over the next month, Manning is tasked with discovering new privacy leaks and setting parameters for “cover traffic” on Nym’s mixnet. Cover traffic is traffic that can help confuse an internet service provider or other centralized entity that can attempt network-level surveillance.
Building on joint research with École Polytechnique Fédérale de Lausanne, Manning is working on parameters for cover traffic that help protect Nym against statistical disclosure attacks, Halpin told CoinDesk.
A statistical disclosure attack is when adversaries watch a network and can determine who is online at “roughly the same time” and then use that information to de-anonymize transactions.
“This attack also works on Tor,” said Halpin. “Let’s say you hypothesize I send messages to a reporter even over Tor with a chat app like ‘Off the Record Messaging.’ If the reporter is regularly online and using Tor to chat me, and we’re both online together at the same time, maybe it won’t get caught by an adversary the first time, but it will eventually get caught.”
Halpin said he was pleasantly surprised to discover Manning is keeping track of research into post-quantum cryptography.
“We’d be happy to have her stay on after the audit in whatever form she wants, but right now we need everyone laser-focused on securing our code,” said Halpin.
UPDATE (Aug. 25, 15:32 UTC): Adds further commentary from Nym’s Harry Halpin.