Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Privacy

At Blockchain-Based Privacy Infrastructure Startup Nym, Chelsea Manning Says Crypto = Privacy (theblockcrypto.com) 57

Posted by EditorDavid from the pushing-privacy dept.
"I do want to shift the culture away from crypto being associated only with cryptocurrency," Chelsea Manning recently told a digital assets news site named the Block. In a world where celebrities are coughing up more than half a million dollars for a jpeg of a cartoon ape, Manning says that the sector has "unequivocally" been overrun by greed... She says this has resulted in a huge misunderstanding of crypto by critics, drawing it away from its privacy-focused roots.

"Without cryptography, my entire life history wouldn't have been able to take place," she says. In 2010, Manning, then a soldier in the US Army, used encrypted communication services to disclose classified information to Julian Assange, which was later posted on WikiLeaks.

Now, she's a part of privacy blockchain startup Nym as both a security analyst and serving in a hardware optimization role. The Switzerland-based Nym is a decentralized network that uses blockchain technology to mix and scramble packets of metadata — e.g. your IP address, who you talk to, and when and where.... Manning sees Nym as the successor to privacy tech such as the Tor browser and VPNs.

Tor, however, has been used both as a way for people in unstable countries to access information and by bad actors looking to access dark web marketplaces such as The Silk Road. Nym says that there are disincentives put in place to stop such abuse via the validation and verification of actors running the nodes on the network. And while blockchain technology is often associated with transparency as opposed to privacy, Nym says it is only the nodes of the so-called mixnet that are ledger-based — and none of the data itself is stored on the ledger. Manning and her colleagues at Nym hope that its mixnet can act as the infrastructure upon which applications can be built to create a privacy-focused internet.

By doing this, they hope to foster an alternative to surveillance capitalism — a term coined by academic Shoshana Zuboff to describe the tracking and commodification of personal data shared online for profit by big tech.
This discussion has been archived. No new comments can be posted.

At Blockchain-Based Privacy Infrastructure Startup Nym, Chelsea Manning Says Crypto = Privacy More

At Blockchain-Based Privacy Infrastructure Startup Nym, Chelsea Manning Says Crypto = Privacy

Comments Filter:

  • Privacy and anonymity only work absolute or not at all. It's like censorship. There isn't "a little bit". As soon as you have something in place that "disincentivizes" the use for a particular purpuse, aka "abuse", you can trivially redefine what "abuse" means and use it against that as well.

    • I'm reasonably sure that was an attempt to say that it builds in a mechanism to make abuse less profitable. It's always potentially profitable, depending on the potential reward. Making it more expensive stops many actors. But if you're communicating on the internet then there's always a risk that your traffic can be deanonymized, and it's safest to assume that all traffic on all backbone links is monitored and subject to snooping. Clearly nobody is capturing everything, but you can bet every stream (or any

    • Privacy and anonymity only work absolute or not at all..

      Isn't there some sense of defense in depth? Something where even if you somehow get access to my video feed I'm still wearing my animal mask so my identity is still hidden?

      (Particular animal not revealed at this time - privacy.)

      • Have we finally found out who's responsible for Norway's entry for the ESC?

      • Re: (Score:2)

        by gweihir ( 88907 )

        At that time it is pretty much too late. There will be too many clues in the video feed. For example, mains frequency variation and localized distortions are usually not audible but can be detected. Then there can be other clues. Power outlets can be used to localize you within a country or area. Products shown can be used to find out who bought them. Even keyboard sounds can potentially be used to find other instances where the same keyboard was used. You may also give biometric samles like body geometry,

        • The lock on my front door dissuades casual burglars. It does not need to be perfect. It is security.

          • Re: (Score:2)

            by gweihir ( 88907 )

            The lock on your door needs physical access to attack it and that makes it a high-cost geographically local attack. We are not discussing these in this thread.

            • The lock on your door needs physical access to attack it and that makes it a high-cost geographically local attack. We are not discussing these in this thread.

              Do have trouble with analogies?

              The lock on my door sucks against an intruder who really wants in but keeps the casual burglar out. As you pointed out, there are many clues in a video stream that a casual viewer would not notice. If they were obvious you wouldn't have had to list them all, now, would you? Something doesn't need to completely secure me in every way to secure me in some ways.

    • Re: (Score:2)

      by gweihir ( 88907 )

      And that is just it. There is no "somewhat insecure" crypto. It either is secure or it is broken. And given that even the NSA has had its hacker tools stolen, any backdoor will sooner or later become available to criminals. Anonymity is a bit different, as it is less of a yes/no question. Anonymity that can only be broken with very high effort and then only for one target is still fine for most things. Anonymity that can be broken on mass-scale is not anonymity at all, because sooner or later the non-honor,

  • A Blockchain is required in this case, because (Score:4, Insightful)

    by enriquevagu ( 1026480 ) on Monday June 06, 2022 @06:57AM (#62596726)

    ... they want to get VC funding?

    • Re: (Score:2)

      by tepples ( 727027 )

      Just from the summary, my first guess is that the blockchain is used as a directory of commitments to a pseudonym, as in Namecoin, and from there to set up channels through a darknet. Perhaps it gives some sort of reward for running a relay node.

    • Re:A Blockchain is required in this case, because (Score:5, Interesting)

      by AmiMoJo ( 196126 ) on Monday June 06, 2022 @07:55AM (#62596856) Homepage Journal

      At a quick glance they appear to be proposing a network similar to Tor, except that the exit nodes are validated via a blockchain. One of the issues with Tor is that whoever runs the exit node can see all the traffic going in and out of it, and if they control enough of them they can start to do pattern analysis to make the Tor network less anonymous.

      Of course, with this solution you have to trust that Nym does a good job of vetting node operators, and that their values align with yours.

      • Blockchain is also not a guarantee of privacy. Every transaction in a blockchain is publicly viewable by everyone who has access to it. The FBI has demonstrated the ability to track transactions. It's not easy, but it is also not as advertised.

        • Re: (Score:2)

          by AmiMoJo ( 196126 )

          That's why no data goes on the blockchain, only a list of trusted exit nodes.

          You might wonder why they don't just have the list served up via HTTPS with a GPG signature to verify it. I'm sure there is a very good explanation.

          • This brings up a quandary. You need enough data on the blockchain to protect against double-spending, but if you have too much, it becomes a privacy hazard. Some cryptocurrencies do it right, like Monero.

            What a cryptocurrency needs is defense in depth. Tor nodes are one thing (assuming one doesn't burn the network to the ground with added traffic, because exit nodes are rare), but the actual currency needs ring signatures, blinding factors, and other anonymity. This also needs to be combined with a mech

            • Of course, you can trust someone else and use their stored blockchain DB... but that pretty much makes decentralization pointless, and at that point, just use PayPal.

              Which is literally what happens now and will probably always happen, because end the end, the client-server model is efficient and what the vast majority of users want.

              The goal is that if you buy a pack of smokes now with a cryptocurrency, you won't get a letter from your health insurance company a week later wanting a physical with bloodwork, else they charge you smokers rates. Or, 30 years from now, and running for office, people associating the brand of cigs you were using with some unpopular entity. The current blockchain on most cryptocurrencies only invites people to gather data and use the spending habits as a means of blackmail or extortion, so defense in depth is needed. Not just from current day attacks, but from attacks when quantum computers are common.

              This and similar reasons are the correct argument for maintaining privacy using E2E encryption with PFS, but the blockchain has no secrecy whatsoever. Once you are associated with a wallet address, you're pretty much exposed just like when the government subpoenas a bank for your transaction records, only now there is no (in the USA) 4th amen

  • The problem with

    alternative to surveillance capitalism

    is that people actually seem to want it.

    There's apps for everything. There's subscription based services for everything. A lot of the things we have apps and services for simply require paper and a pen.

    • Re: (Score:2)

      by splutty ( 43475 )

      I very much doubt "People want it". People just don't care.

      Apathetic behaviour is so deeply ingrained in the human psyche, that taking advantage of it is incredibly easy.

      • They definitely want it. They want the convenience it brings. That's where their apathy comes in. They care more about the extra bit of convenience than they do about the downsides.

        • It's not unreasonable for people to want both convenience and privacy, though it is for them to expect it. We should be building and promoting systems that let them have both. Your online to-do list isn't a problem if it's encrypted on your device, and the client is FOSS and the server is standards-based. The only info you're leaking is that you're accessing it. Is that harmful?

          What's more, there are organizations giving away storage that they don't prevent you from using with encrypted files, so I'm not sure why this isn't a thing being pushed harder by the privacy-seeking. Yes e.g. Google wants to monetize your use of Google Drive, but they will let you store files in it for free even when they cannot read the contents.

          • Your online to-do list isn't a problem if it's encrypted on your device, and the client is FOSS and the server is standards-based. The only info you're leaking is that you're accessing it. Is that harmful?

            Those pushing for DNS over HTTPS (DOH) and the encrypted ClientHello (ESNI/ECH) extension to TLS 1.3 have probably come up with all sorts of scenarios in which the domain names that you visit can and will be used against you in a judicial or extrajudicial proceeding.

            • Those pushing for DNS over HTTPS (DOH) and the encrypted ClientHello (ESNI/ECH) extension to TLS 1.3 have probably come up with all sorts of scenarios in which the domain names that you visit can and will be used against you in a judicial or extrajudicial proceeding.

              They don't need it for an extrajudicial proceeding because they're sniffing the backbones. Never forget QWest [wikipedia.org].

              It doesn't matter what kind of DNS you're using, unless you're taking extra steps to use one that respects your privacy, you are using one that doesn't.

          • It's not unreasonable for people to want both convenience and privacy, though it is for them to expect it.

            But what they want is convenience and privacy for free which is less reasonable.

            • But what they want is convenience and privacy for free which is less reasonable.

              I for one am willing to put in a not inconsiderable amount of work for free in order to see that they can have it, if it's clear what I'm working for, and it's clear that it's worth it. And I know I'm not alone.

              Further, I don't think it's an unreasonable expectation. It's so very, very cheap to provide it that they really should have it essentially for free. They might have to pay some costs, but there is so much waste that really there's no justification for them not being able to have this.

              To wit, it phys

          • "It's not unreasonable for people to want both convenience and privacy"

            But it is unreasonable for them to expect convenience and privacy and no price tag. You pay, one way or another. People have proven that they prefer paying in privacy than in money.

            • But it is unreasonable for them to expect convenience and privacy and no price tag. You pay, one way or another. People have proven that they prefer paying in privacy than in money.

              People have proven that they don't know shit about shit. Most of them aren't even capable of understanding these issues when you explain them using only short, simple words. Some of them are complicated, so they're rightly confusing; some of them are simple, but people willfully defend their own oppression because they've bought into a lie, and are willing to throw good effort (and money!) after bad.

              Most people now spend all the time in the browser, literally. That means that application compatibility is re

    • Re: (Score:2)

      by jythie ( 914043 )
      Well, sorta. They want part of it more than they dislike another part of it. While I doubt this particular startup will manage it, this is exactly the type of dynamic that looking for alternatives and solutions makes sense. It is esp important to search in this case since the other side of the coin is that there are people that like the surveillance capitalism part but not the free services and are constantly looking for solutions to that dynamic too.
      • Surveillance capitalism will win out in the end because that's where the money is.

        Not enough people will pull out of the surveillance capitalism economy to sink it.

        • Re: (Score:2)

          by jythie ( 914043 )
          Maybe, maybe not. That is where looking for solutions comes in. If someone can develop an alternative that users like better, the profit margins of the other system can quickly become irrelevent.

  • Privacy (Score:3)

    by Retired Chemist ( 5039029 ) on Monday June 06, 2022 @07:24AM (#62596774)
    Privacy is a wonderful concept. Attempts to define or enforce it go back thousands of years (e.g., Talmudic law requiring walls around a flat rooftop that would prevent you looking into your neighbor's house). Governments have never been particularly fond of it, however. The secret police go back to the beginnings of society. I believe that everyone should has the right to privacy in their own home, although in small communities, even that is uncommon (village gossip is an ancient tradition). Expecting privacy when talking on a cell phone in public, where anyone walking by could hear you or sending a message over public communication systems seems a bit unreasonable. Certainly, it is unreasonable that buying and selling on public exchanges should have such an expectation. The simple truth is that there is no written legal right to privacy, only traditional protections and those are breaking down with modern technologies. Perhaps privacy laws could be created, but who would trust the governments that created them to obey them? The only way to get true privacy is go off and live alone and that is neither desirable or practical for most people. If you are a member of society, you live a large part of your life in public and always have. If you do things in public that others object to, live with it.
    • You can live your life out as a social hermit doing little in the public eye and it still does not matter. It's about data now, and the government doesn't want you having data privacy IMO. They need us all using products/services that hoover up our data. It is how they spy on us all without warrants in 2022. See Georgetown Law's Center on Privacy & Technology recent report titled American Dragnet [americandragnet.org]:

      Most Americans probably do not imagine that their information is captured by ICE’s surveillance
  • The entire point of these things is that they're auditable and agreed on by those processing the chain. "e.g. your IP address, who you talk to, and when and where"...sound private to you?

    All they're doing is storing an encrypted form of that in a permanent record. And hoping no-one ever cracks the encryption, because there's no deleting of it later - that's the entire point of blockchain.

    • I haven't looked into it but it seems like if part of their schtick is anonymity for users and the other part is validation of nodes then there's a big WTF in the middle since nothing stops nodes from logging. It's always been a problem for crypto networks that malicious actors could run nodes. [therecord.media] But if the blockchain is used to track and somehow control who can run a node then maybe it makes sense. You don't want that hidden.

  • While I am all for people trying other potential uses for blockchain and maybe actually finding something it is better at than existing solutions.. I doubt this is gonna be one of them.

  • privacy (say it like a brit) and secrets (say it like a yank) are the same concept. place no trust in a convict, no more than you do in trump or his band of bandits, to do anything right. i have spoken.

  • I think we are in need of some clear definitions in the realm of "crypto" because it seems to me that its proponents (very often knowingly) create confusion so they can claim advantages that the tech simply does not have or do away with its disadvantages. This article seems to confound "crypto", i.e., an economy based on blockchain tokens and cryptocurrencies, with "cryptography", i.e., the study of secure communication. Very often you hear people talking about "blockchain", switching its meaning from "a

  • Ok, this guy maybe did something patriotic, or maybe traitorous. Either way, he is clearly mentally ill, is no real expert on anything, and should just be ignored and allowed to live out his pitiful life in obscurity.

  • How in the bloody blue blazes is a permanent public ledger that everyone keeps a copy of supposed to protect privacy? Increasing the expense to trace through the linked-list is a weak form of security-through-obscurity.
  • Comment removed based on user account deletion
  • I think the sole purpose of this article was to shove Chelsea Manning's name back into the light as if we don't remember what he did. Manning isn't Snowden. Snowden tried to help our nation be exposing illegal actions by out government. Manning was just a scumbag who got caught handing over every document he could find to our enemies regardless of the damage it did. Obama forgave Manning. Obama would have had Snowden killed if he could.

  • is an authority on privacy.

Slashdot Top Deals

Experiments must be reproducible; they should all fail in the same way.

Close