Five years ago, from her prison cell, trans whistleblower Chelsea Manning sketched out a new way to protect online privacy. Now, she is helping an MIT-affiliated cryptographer bring the next generation of privacy software online.
Chelsea Manning’s long blonde hair catches in a cool summer breeze as she turns the corner into Brooklyn’s Starr Bar, a dimly lit counter-cultural haunt in the heart of the hipster enclave of Bushwick. The 33-year-old best known for leaking hundreds of thousands of top-secret government documents to Julian Assange in 2010, then coming out as a transgender woman, walks past a poster depicting sea turtles, humans and geese merging to form the outline of a dove. Beside the image are the words, “Your Nations Cannot Contain Us.”
Dressed in a black suit and wearing a silver Omega watch, she makes her way to a small wooden table illuminated by a shaft of sunlight. She orders a Coke. Contrary to what one might expect, this whistleblower turned trans icon looks uncomfortable in the hip surroundings. A fan reverently approaches her and welcomes her back. “This is my life,” she says after he leaves, expressing gratitude for the well wishes and lamenting the loss of her privacy. “I’m not just famous—I’m in the history books.”
While serving the longest sentence ever doled out to a whistleblower after she used the privacy-protecting Tor Network to anonymously leak 700,000 government documents, she used her time in incarceration to devise a better way to cover the tracks of other online users.
Knowing that the nonprofit Tor Project she used to send files to Wikileaks had become increasingly vulnerable to the prying eyes of intelligence agencies and law enforcement, she sketched out a new way to hide internet traffic using blockchain, the technology behind bitcoin, to build a similar network, without troublesome government funding. The entire plan was hatched in a military prison, on paper.
Fixing the known weaknesses of these networks is about more than just protecting future whistleblowers and criminals. Private networks are also vital for big businesses who want to protect trade secrets. The privacy network industry, including the virtual private networks (VPNs) familiar to many corporate users, generated $29 billion in revenue in 2019 and is expected to triple to $75 billion by 2027.
Manning thinks that not-for-profit efforts like Tor, which relies on U.S. government funding and a worldwide network of volunteers to run its anonymous servers, aren’t robust enough. “Nonprofits are unsustainable,” says Manning casually, sipping from her Coke. “They require constant upholding by large capital funds, by large governments.”
By January 2017, she was 7 years into a 35-year sentence at Fort Leavenworth, home to the likes of former Army Major Nidal Hasan, who killed 14 fellow soldiers in 2009. As President Barack Obama prepared to leave office, he granted Manning an unconditional commutation of her sentence. Newly tasting freedom, she was contacted by Harry Halpin, the 41-year-old mathematician who worked for World Wide Web inventor Tim Berners-Lee at MIT from 2013 to 2016 helping standardize the use of cryptography across Web browsers.
Halpin asked Manning to look for security weaknesses in his new privacy project, which eventually became Nym, a Neuchâtel, Switzerland-based crypto startup. Halpin founded Nym in 2018 to send data anonymously around the Internet using the same blockchain technology underlying Bitcoin. To date, Nym has raised some $8.5 million from a group of crypto investors including Binance, Polychain Capital and NGC Ventures. The firm now employs ten people and is using its latest round of capital to double its team size.
Halpin was impressed by Manning’s technical knowledge. More than just a famous leaker who happened to have access to secret documents, Manning struck Halpin as someone with a deep technological understanding of how governments and big business seek to spy on private messages.
“We’ve very rarely had access to people who really were inside the machine, who can explain what they believe the actual capabilities of these kinds of adversaries are, what kinds of attacks are more likely,” says Halpin. “She’ll help us fix holes in our design.”
Born in Oklahoma on December 17, 1987, Manning had her first exposure to what’s called network traffic analysis in high school. She and her Welsh mother, Susan, had moved to Haverfordwest, Wales, in 2001, when Manning was 13. In a computer class there, in 2003, she first learned to circumvent blocks put in place by the school to prevent students downloading certain files—and got caught pirating music by Linkin Park, Jay-Z and others.
The headmaster had been watching remotely. “It was the first moment where it dawned on me, ‘Oh, this is a thing. You can do this.’ By 2008 Manning’s interest in network traffic analysis first brought her to The Onion Router (Tor), a volunteer network of computers that sits on top of the internet and helps hide a user’s identity. The nonprofit organization leveraged something called “onion routing,” which hides messages beneath layers of encryption.
Each message is only decipherable by a different member of the network, which routes the message to the next router, ensuring that only the sender and receiver can decipher it all. Ironically, the network colloquially known as the “Dark Web,” used by Manning to send classified documents to WikiLeaks, was developed by the U.S. government to protect spies and other government agents operating online.
At around the same time Manning discovered Tor, she joined the U.S. Army. As a young intelligence analyst her job was to sort through classified databases in search of tactical patterns. After becoming disillusioned with what she learned about the fighting in Iraq and Afghanistan, she plugged into her computer, put in her headphones, and loaded a CD with music from another of her favorite musicians, Lady Gaga.
Instead of listening to the album, though, she erased it and downloaded what would eventually be known as the largest single leak in U.S. history, ranging from sensitive diplomatic cables to video showing U.S. soldiers killing civilians, including two Reuters journalists.
In prison she studied carpentry, but she never stopped exploring her earlier vocation. “I’m a certified carpenter,” she says. “But when I wasn’t doing that, I would read a lot of cryptography papers.” In 2016, she was visited in prison by Yan Zhu, a physicist from MIT who would later go on to become chief security officer of Brave, a privacy-protecting internet browser that pays users in cryptocurrency in exchange for agreeing to see ads.
She and Zhu were concerned with vulnerabilities they saw in Tor, including its dependence on the goodwill of governments and academic institutions. In 2020 53% of its $5 million funding came from the U.S. government and 27% came from other Western governments, tax-subsidized nonprofits, foundations and companies. Worse, in their opinion, the technology being developed to break privacy was being funded at a higher rate than the technology to protect it.
“As the Dark Web, or Tor and VPN and all these other services became more prolific, the tools to do traffic analysis had dramatically improved,” says Manning. “And there’s sort of been a cold war that’s been going on between the Tor project developers, and a number of state actors and large internet service providers.” In 2014, the FBI learned how to decipher Tor data. By 2020 a single user reportedly controlled enough Tor nodes to steal bitcoin transactions initiated over the network.
Using two lined pieces of composition paper from the prison commissary, Manning drew a schematic for Zhu of what she called Tor Plus. Instead of just encrypting the data she proposed to inject the information equivalent of noise into network communications. In the margins of the document she even postulated that blockchain, the technology popularized by bitcoin, could play a role.
Then, this February Halpin woke her up late one night with an encrypted text message asking her to take a look at a paper describing Nym. Developed completely separately from Manning’s jailhouse sketch, the paper detailed an almost identical system disguising real messages with white noise. A hybrid of the decentralized Tor that relies on donor support and a corporate-owned VPN that requires trusting a company, this network promised the best of both worlds.
Organized as a for-profit enterprise, Nym would pay people and organizations running the network in cryptocurrency. “The next day I cleared my schedule,” she says. By July she’d signed a contract with Nym to run a security audit that could eventually include a closer look at the code, the math and the defensive scenarios against government attacks.
Unlike Tor, which uses the onion router to obscure data sent on a shared network, Nym uses what’s called a mix network, or mixnet, that not only shuffles the data, but also alternates the methods by which the data is shuffled, making it nearly impossible to reassemble.
“Imagine you have a deck of cards,” says Manning. “What’s really unique here is that what’s being done is that you are taking essentially a deck of cards, and you are taking a bunch of other decks of cards, and you are shuffling those decks of cards as well.”
And, as it, turns out, not every government is comfortable using a privacy network largely funded by the U.S. government. Despite Halpin’s commitment to build a network that doesn’t require government funding to operate, in July Nym accepted a €200,000 grant from the European Commission to help get it off the ground.
“Knowing that Wikileaks had become increasingly vulnerable to prying eyes from intelligence agencies and law enforcement, she sketched out a new way to hide internet traffic using blockchain, the technology behind bitcoin.”
“The problem is that there was never a financial model that made any sense to build this technology,” says Halpin. “There was no interest from users, venture capital and big companies. And now you’re seeing what we consider a once-in-a-lifetime alignment of the stars, where there’s interest in privacy from venture capital. There’s an interest in privacy for users.
There’s interest in privacy from companies. And most of the interest from the venture capital side and the company side and the user side has been driven by cryptocurrency. And this was not the case even five years ago.”Even Tor itself is exploring how to use blockchain to create the next generation of its software. After receiving 26% of its total donations in cryptocurrency last year, the Tor Project received a $670,000 grant from advocates of the Zcash cryptocurrency and sold a non-fungible token (NFT) representing the first .onion address for $2 million in May, 2021.
Now, Tor cofounder Nick Mathewson says the Seattle-based nonprofit is exploring some of the same techniques developed by cryptocurrency companies to create Tor credentials that let users develop a reputation without revealing their identity. What he calls an “anonymous blacklistable credential.”
“If you’ve got a website, and somebody does something you don’t like, you can ban them,” says Mathewson. “You can ban the person who did that activity without ever finding out what other activities they did or figuring out whom you banned.”
Though Mathewson is interested in the possibility of using blockchain to upgrade Tor itself, he warns that making for-profit privacy infrastructure could lead to more money being spent on marketing than product development. “Our mission is to encourage the use of privacy technology,” says Mathewson. “I don’t really care whether that privacy tool is the one I made or not.”
Ironically, the same cryptocurrency culture Halpin says brought so much attention from investors, deterred Manning from getting involved earlier. Though she counts herself among the earliest bitcoin adopters, claiming to have mined cryptocurrency shortly after Satoshi Nakomoto activated it in 2009, she sold her bitcoin last year for decidedly nonmonetary reasons.
“I am not a fan of the culture around blockchain and cryptocurrency,” she says. “There’s a lot of large personalities that are very out there, like your Elon Musks and whatnot,” she says. “And it‘s very, like, ‘Oh, we’re going to get rich off of blockchain.’ It’s very nouveau riche. Like a new-yuppies-bro-culture that’s surrounded it. It has gotten a little bit better in some corners. But I think that culture is what I’m talking about. It’s like Gordon Gekko, but blockchain.”