In an age dominated by surveillance and data collection, is it truly possible to achieve digital anonymity? On today's episode, recorded live from Web Summit in Lisbon, I'm joined by two trailblazers who are challenging conventional wisdom around online privacy: Chelsea Manning, well-known whistleblower and privacy advocate, and Harry Halpin, CEO of Nym Technologies.
Together, they reveal why traditional tools like VPNs and encrypted messaging apps might not be enough to protect us in a world where advanced AI can mine metadata to uncover our most private activities.
We explore the current state of digital privacy, dissecting the limitations of existing tools and introducing NymVPN, the world's first decentralized VPN powered by a noise-generating mixnet.
With AI's ability to sift through patterns in data, simple encryption isn't sufficient anymore. Manning and Halpin delve into the concept of metadata—the often-overlooked data about data—highlighting its importance in AI-driven surveillance and why it poses a significant threat to our privacy.
In this engaging conversation, we break down how NymVPN's mixnet technology offers a unique approach by obscuring online behavior with noise and mixing up data streams. We also address practical questions: Can this technology be easily adopted by everyday users? How does it stack up against popular tools like Tor? And what role does it play in regions plagued by censorship and heavy surveillance?
Whether you're a journalist, an activist, or simply concerned about your digital privacy, this episode offers a thought-provoking look at the future of online anonymity. Are we truly entering a new frontier in digital freedom, or is privacy becoming an illusion? Tune in to find out—and decide for yourself if it's time to rethink the tools you use to stay safe online.
After listening, I'd love to hear your thoughts. Have your views on digital privacy changed after this discussion? Let me know. Until next time, stay informed and vigilant—because privacy is more than a right; it's a necessity in today's interconnected world.
[00:00:03] In an age where surveillance and data tracking have sadly become the norm, is it still possible to achieve true digital anonymity?
[00:00:13] I think many of us rely on tools like VPNs and encrypted messengers like Signal, believing that they safeguard our privacy.
[00:00:22] But are these measures really enough when advanced AI can sift through metadata and paint a detailed picture of our online activities?
[00:00:31] Well today here at Web Summit in Lisbon, I'm joined by two remarkable guests who are challenging the status quo.
[00:00:39] Because today I'm joined by Chelsea Manning, well-known whistleblower and privacy advocate, and Harry Halpin, CEO of Nym Technologies.
[00:00:49] And together they're here to expose some of the limitations of traditional privacy tools and are also introducing a revolutionary approach with NymVPN.
[00:01:01] The world's first decentralized VPN, powered by a noise-generating mixnet.
[00:01:08] Now I know when you hear those words out loud, you probably hear Doc Brown in Back to the Future shouting,
[00:01:14] Great Scott!
[00:01:14] Well have no fear, we're going to demystify this technology today because in this episode, live at Web Summit,
[00:01:21] we're going to break down what metadata really is, why it's so critical in AI-driven surveillance,
[00:01:28] and we'll also dive into how NymVPN differs from conventional VPNs and tools like Tor in a way that's providing a new level of privacy,
[00:01:39] and something that's accessible to everyone, even in regions where censorship and surveillance are rampant.
[00:01:46] So whether you are a journalist, activist, or someone just concerned about digital privacy,
[00:01:51] today's conversation should shed light on the new frontier of online anonymity.
[00:01:56] So can we truly stay under the radar, or is privacy just an illusion?
[00:02:01] Well, let's find out.
[00:02:03] Well welcome to the show both of you.
[00:02:06] We met on the show floor here at Web Summit, and Chelsea, I know in the past you've spoken about the lack of community in the free world,
[00:02:13] where people no longer talk to each other and suspicious of each other, but here at Web Summit, there's a real community vibe.
[00:02:19] Does this make you more hopeful? What's your Web Summit experience been like?
[00:02:23] I mean, it's the reason why I keep coming. It's because of the community.
[00:02:26] So, yeah, I would say that tech pessimism is still very much the theme from my perspective.
[00:02:33] I am seeing a more general rejection of the idea that we should have more things online,
[00:02:42] but that, you know, still there's going to be innovation, there's still going to be development,
[00:02:46] and there's still going to be an interest in, especially within the commercial and the industrial
[00:02:50] and in the, like, sort of expansive broadband communication space, like globally.
[00:02:57] There's definitely, like, an openness to innovation.
[00:03:01] Oh, and also a rejection of Silicon Valley, right?
[00:03:04] You know, especially, you know, we just, the United States just had its election,
[00:03:09] and it was very much a Silicon Valley-themed campaign that Trump ran.
[00:03:15] So, you know, that's very, that's going to be a very big factor in how the post 2024 election
[00:03:21] and how the United States goes.
[00:03:23] And I think there's going to be more skepticism of the United States policy
[00:03:27] whenever it comes to technology and communications and privacy, you know,
[00:03:31] in that sort of environment where now Silicon Valley is,
[00:03:35] now has a friend in the White House, essentially.
[00:03:38] Such a good point there.
[00:03:40] And Harry, obviously, you've been here too.
[00:03:43] What's been your big takeaways from the Web Summit so far, from the conversations you've been having?
[00:03:48] Yeah, so I just came in from DevCon, which is a more blockchain-focused conference.
[00:03:53] And this is, I would say, Web Summit is still larger and more diverse.
[00:03:59] It is a real, I don't know, I would say AI is obviously a big focus, which is a bit unsurprising.
[00:04:06] But the big question is, is AI a bubble or not?
[00:04:08] And if it is a bubble, when will it burst?
[00:04:11] And one of the reasons I'm excited to get you both on the podcast today is talking about NIM VPN.
[00:04:16] But I think for many people listening to our conversation,
[00:04:19] they might believe that merely using a VPN or Tor is enough to remain anonymous.
[00:04:24] But after seeing you both in the press conference for a few moments today,
[00:04:29] there's a quote that stood out to me.
[00:04:31] I think it was the ex-NSA chief.
[00:04:32] We kill people based on metadata.
[00:04:35] And I'd love to shine a light on this today in a language that everyone can understand
[00:04:39] so we don't lose anyone.
[00:04:40] So can you explain why these traditional methods might be falling short,
[00:04:44] especially in an era of advanced AI-driven surveillance and metadata harvesting?
[00:04:49] It's computation.
[00:04:50] It really comes down to computation.
[00:04:51] So it has become cheaper as we've been able to develop the chips at the process nodes,
[00:04:58] that is the level of resolution in which we can make the circuits.
[00:05:05] We can make them extremely small now down to the layer where there are quantum effects in them.
[00:05:12] And as we've done that, we've sort of been able to have these AI chips
[00:05:15] where you can run a chat GPT, can run Apple intelligence on a mobile device if it ever actually gets released.
[00:05:23] But you're able to do that now.
[00:05:25] And so those tools actually are the same tools that you would use to make intuitions
[00:05:31] or to learn patterns of data.
[00:05:35] So metadata is essentially the patterns about data.
[00:05:38] It is not just the message of the contents of the letter that you've written.
[00:05:44] It is what is on the envelope.
[00:05:46] It is the truck that it traveled in.
[00:05:49] It is the time and place that it was sent.
[00:05:52] It's the time and place it was received.
[00:05:54] It is the people who transferred it and all of the rest of it.
[00:05:58] So, you know, it is the date time group.
[00:06:01] It's all of the data about the data.
[00:06:04] And so you can use metadata with in conjunction with collecting a lot of previous data
[00:06:11] and establishing patterns, patterns of life as they're called.
[00:06:15] And once you establish those patterns of life, you can use AI.
[00:06:18] You can use an artificial intelligence model that's been trained on this data
[00:06:23] to make intuitions about whether or not information is suspect,
[00:06:27] whether or not something looks suspicious or can be flagged for further analysis.
[00:06:31] And this saves the cost of one at one point in time.
[00:06:35] You need an actual human being to make these kinds of intuitions and make these kinds of guesses.
[00:06:39] Now you can do this to scale with just the technology that you have available
[00:06:44] and you don't even have to store it because storage has own costs associated with collecting this data.
[00:06:49] You don't know. You just have to collect this data.
[00:06:50] You have to store it. You have to maintain that storage.
[00:06:53] You have to keep hard drives available.
[00:06:55] Then there's bit rot and a whole it's a whole industry. Right.
[00:06:59] And so you want to make sure with these tools that you're able to keep up with the advances in computation.
[00:07:05] And, you know, obviously we are working on an effort to do that.
[00:07:10] But the reason why this has become a problem is because it's become cheaper and cheaper and cheaper to do very advanced computation.
[00:07:18] Creating the world's first decentralized working MixNet that is easy to use as a VPN is incredibly cool.
[00:07:25] But again, I don't want to lose anyone here who might be unfamiliar with that world.
[00:07:28] So exactly what is MixNet technology and how does it differ from a traditional VPN and tools like Tor in providing digital privacy?
[00:07:37] So most people know what at least have a sense of what encryption means.
[00:07:43] So encryption means that I disguise the content of the message so that only the intended recipient can read it.
[00:07:49] Otherwise, it's secret. So, you know, and I'm sending my my password, my bank account over the Internet or whatever that that password is not readable by anyone who's watching my Internet connection, my ISP or random cyber criminals or data say whoever.
[00:08:07] But the problem is even when data is encrypted, that data still reveals the metadata, who is talking to who, who's sending who a message, what time they're sending it.
[00:08:16] And that kind of reveals the social network and lots of other things which you may not want to reveal.
[00:08:22] So VPNs encrypt data, but they don't.
[00:08:25] They still leak all of this metadata.
[00:08:29] What a MixNet does is it invented in the late 70s to early 80s by David Chalm.
[00:08:35] We it takes the data and it just kind of like spam does what it says on the box mixes that data up, shuffles the data like a deck of cards.
[00:08:44] So the data comes out a different pattern.
[00:08:46] And in addition, we add noise like fake data to the data that you're sending.
[00:08:52] And this makes it even harder to figure out what's going on.
[00:08:54] And this technique is essentially the only thing that we know that can resist large scale mass surveillance and kind of AI algorithm analysis of your data.
[00:09:04] Now, traditionally, I use a normal VPN.
[00:09:07] It's centralized.
[00:09:08] I mean, if that that server maybe outsiders can't see what you're doing, but the server knows exactly what you're doing.
[00:09:14] It decentralized VPN because each packet and MixNet is routed via a separate set of servers.
[00:09:19] Maybe they know what one pack is doing, but they can't figure out what your whole data stream is doing.
[00:09:23] And I think that's a that's very important.
[00:09:25] That's a lot of additional security rather than just trust one big computer and one company you diversify.
[00:09:32] So NIM VPN is set to launch in Q1 of 2025, which is now weeks away and promises true anonymity through a noise generating MixNet.
[00:09:42] So how does that feature work and what are its key advantages for everyday users?
[00:09:47] It could be listening anywhere in the world, various governments, et cetera, compared to those existing privacy tools.
[00:09:52] Anything else you can expand on that?
[00:09:54] Sure. So it exists. It's working. We know it's working.
[00:09:58] I know because I've been managed.
[00:10:01] I've managed to download entire YouTube videos on it and 4K 60 FPS.
[00:10:06] So it is it is working and it is functional and the security is sound.
[00:10:11] It's about making it accessible and easy for people to use.
[00:10:14] Whenever people hear encryption, they think hard.
[00:10:16] Yeah, they think extra stuff.
[00:10:18] They think extra, you know, layers of whatever.
[00:10:20] We've had the signal approach to encryption, which is you don't need to know how it works.
[00:10:26] You just need to know that your data secure, like there should be a green line on and you should know.
[00:10:32] And I think that the VPN industry has made this very intuitive and they've sort of been able to capitalize in on the certainly on the censorship resistance front on making these tools more accessible, making encryption more accessible.
[00:10:48] And we're no different. We just want to be able to ensure that that this tool is as secure as we can possibly make any tool, period, you know, within reasonable like expectations of accessibility and usage.
[00:11:03] As for the Q1 part, I mean, it's late where we know that the project is a little behind schedule in terms of like not just like our own schedule, but in terms of like the world, like the world needs this technology and has needed it for at least, you know, a few years.
[00:11:18] So, you know, we're, we're working really hard to like get it out there.
[00:11:23] We're working really hard on the launch.
[00:11:25] I mean, people are like we have 60 or 70 people working on it every day trying to get this product like shipped out because the underlying thing under the hood is done.
[00:11:33] It's ready to go.
[00:11:33] But actually making it accessible, usable and user friendly and to create the entire ability to have an ecosystem of users and tools and developers that can work on this has been has been difficult to scale up.
[00:11:52] And it's it's taken us a little bit of extra time.
[00:11:55] And and yeah, that's that that seems to be the goal that we have.
[00:11:58] And, you know, that that's been that's been the holdup is scaling and making it accessible.
[00:12:04] And so many big takeaways from takeaways from what you said there, because traditionally, I think you mentioned the 4ks streaming that is almost like that decision between do I want privacy or speed and you can't have both.
[00:12:15] So great to hear that you've solved that problem.
[00:12:17] And also, you mentioned censorship and in regions where heavy censorship and surveillance such as war zones, authoritarian states.
[00:12:26] How can VPN provide a more secure and reliable option for both journalists, activists and everything in between to protect their online communications?
[00:12:37] Because it is increasing important, isn't it?
[00:12:40] It is going to be increasingly important.
[00:12:41] And, you know, obviously, this is this being talked about in the week of the U.S. elections.
[00:12:46] But this is this is this is this is an issue that has existed globally throughout throughout the last 20 years.
[00:12:51] And it's going to be increasingly so.
[00:12:54] We have seen that as we've been moving towards a more politically geopolitically unstable environment that we've gone from, OK, like we're we want to be able to watch BBC videos in the United States to, oh, my God, now we have now we have to like protect my family.
[00:13:11] And I have to be able to send to send information or find out about loved ones in, you know, like ex authoritarian regime country, insert name wherever here.
[00:13:21] And yeah, we've this has been an increasing problem.
[00:13:24] And this is why this is the largest market share of VPN traffic.
[00:13:28] It's the largest reason why people own VPNs or not own, but pay for VPNs.
[00:13:34] And so, yeah, I think that this is this is definitely an area where we see a lot of innovation.
[00:13:40] We're trying really hard to to get the censorship resistance part down.
[00:13:44] We've hired additional people.
[00:13:46] We have some we have some of the best censorship resistance experts in the world.
[00:13:50] I'm not as familiar in this realm.
[00:13:52] I'm my realm of security.
[00:13:53] We have the security realm realm down down pat.
[00:13:56] But ensuring that that we don't not just have a decentralized VPN, but a distributed VPN is, I think, our ultimate goal.
[00:14:04] And a distributed VPN will enable people to be able to access and use the VPN anywhere in the world and be able to, you know, view information from anywhere else in the world.
[00:14:15] And of course, here at Web Summit, one of the big themes is AI.
[00:14:19] So with increasing AI integration in devices and apps, many users are inadvertently granting access to everything from their microphones, cameras and other sensitive data.
[00:14:30] Is it possible to maintain a high level of privacy while still benefiting from these AI driven technologies?
[00:14:36] I appreciate that is a big question.
[00:14:38] If you have VPNs and even the NIM mix that they're not magic.
[00:14:42] So they defend your network connection, your data that defend, you know, what website you're visiting, what app you're using from various data collection in between your device and the rest of the Internet.
[00:14:53] But you can do things on your device that still leak data.
[00:14:57] So if you're using chat GPT over NIM, chat GPT still could, you know, gets your kind of record of the questions you've asked.
[00:15:03] And any cookies aren't necessarily blocked as you're using them with, for example, a privacy enhanced cookie blocking tool or browser such as Brave.
[00:15:14] Therefore, I think, you know, I think the more interesting angle is, is AI changing how surveillance works?
[00:15:21] And it is enabling a lot more data collection and data gathering.
[00:15:24] And an angle that very few people think about is that AI algorithms can run over your data, including your network data, and that can track you to a huge extent.
[00:15:36] And so what NIM does to counter that is if you think about what AI is, AI adds, AI takes noisy data of any type and can discover arbitrary functions or signal inside the data.
[00:15:48] And so what NIM does is the reverse.
[00:15:50] We take whatever you're doing and we add noise to the data in the form of fake traffic, mixing up packets.
[00:15:57] And that makes NIM VPN, unlike any other VPN and even Tor, resistant against high-level AI surveillance.
[00:16:06] And I think the concept of digital privacy can often feel intimidating or complex for the average user.
[00:16:12] And that's something I want to try and change today by talking to you both.
[00:16:16] So isn't NIM VPN, is it designed only for tech-savvy individuals or are there features to make it ultimately accessible to anyone who just wants to protect their online activities?
[00:16:26] Obviously, we're very familiar and aware of the early adoption approach.
[00:16:30] And we are targeting early adopters.
[00:16:32] And we encourage people who might want to use a known entity VPN.
[00:16:39] We encourage them to hold off a bit until we know for sure that it's not buggy.
[00:16:46] It's one of the reasons why we've sort of been delaying launch is because we don't want to launch with a buggy product that has memory leaks,
[00:16:55] that has potential security vulnerabilities, that drops the connection suddenly and doesn't tell you about it.
[00:17:01] Like, these are things that, you know, happen with other products.
[00:17:04] And we want to avoid those things, especially because we bill ourselves so highly, right?
[00:17:10] You know, we have a very clear goal.
[00:17:12] But yeah, we've gone with the early adopter approach.
[00:17:15] We do intend on making this accessible to a wider number of people.
[00:17:19] But we also are fully aware of the fact that, you know, we're going to have to test with people who are just excited to test our product.
[00:17:25] They're excited to play with our tool.
[00:17:27] They're excited to learn something new and to learn about Mixnets and to learn about the next generation of privacy
[00:17:34] that is going to be necessary and needed in this increasingly uncertain world.
[00:17:40] And Google and so many of the big tech companies are known for extensive metadata collection.
[00:17:45] We talked about it a little earlier.
[00:17:47] So can you tell me a little bit more about how Mixnet technology safeguards against that type of data harvesting
[00:17:52] and why metadata protection is just as important as encrypting the content of your communications?
[00:17:57] Because, again, it's something that people don't talk about enough.
[00:18:00] Yeah, and it's hard to talk about it because we already have encryption, right?
[00:18:04] Encryption is here.
[00:18:05] Like, it's been widely adopted.
[00:18:06] Most internet connections now are TLS or TLS 1.2 at least.
[00:18:12] And this is across the world.
[00:18:13] And so we've gotten the encryption part down.
[00:18:16] But, you know, the enemy has learned new techniques.
[00:18:21] It is essentially a kind of an arms race between the individual user and state actors and large Silicon Valley companies.
[00:18:30] And, yeah, they've invested a lot of time and effort and money in this.
[00:18:34] And there hasn't been a lot of investment on the privacy front in the last 15 or 20 years.
[00:18:39] I just want to add one thing.
[00:18:40] So why is metadata so important?
[00:18:43] One reason for it is it's a very good predictor of your behavior.
[00:18:45] So there's very interesting studies done by Sandy Pitlin at MIT, who I used to work with.
[00:18:50] And Sandy showed that if you just kind of watch who's talking who and what order they're talking and how long they're talking,
[00:18:56] but you don't listen to what they're saying, you can actually predict what decisions get made with, like, 70%, 80% accuracy in, like, business settings.
[00:19:03] It's very interesting.
[00:19:04] There's a book called Social Physics that goes quite deep into it.
[00:19:07] And I always try to leave everyone listening with one valuable takeaway.
[00:19:10] So as co-founders behind a tool designed to counteract surveillance and enhance privacy,
[00:19:16] are there any best practices that you'd recommend for reporters or, indeed, individuals who are just concerned about protecting their privacy online?
[00:19:23] Anything that either of you would offer that?
[00:19:25] So specifically for online, I would say use strong passwords.
[00:19:30] Avoid sharing information with sites that you don't absolutely need to.
[00:19:36] And use a lot of common sense.
[00:19:38] And for the most extreme things and the most extraordinary sets of circumstances,
[00:19:43] at this point, use non-electronic means right now.
[00:19:46] Given the state of where surveillance technology is and where data gathering is at this point,
[00:19:52] and there's a lot of uncertainty in the air as to how far these capabilities are going.
[00:19:57] We've seen this recently in Ukraine.
[00:20:00] We've seen this recently in the Levant.
[00:20:02] If it's extremely sensitive, use pen and paper.
[00:20:05] You know, we want to obviously have tools that make electronic communications as secure as possible.
[00:20:10] But in the meantime, you know, you can use pen and paper.
[00:20:13] Yeah, and I would just be very careful also with, like, the MixNet and MVPs you can just download.
[00:20:18] Helps your network connection.
[00:20:19] But you also really think about your device.
[00:20:21] But it's tricky.
[00:20:22] No one's perfect.
[00:20:23] But I think even it's a little bit like martial arts.
[00:20:25] Even doing a little bit makes you much better than 95% of the population.
[00:20:30] Love that.
[00:20:31] And finally, I know you're looking for beta testers at the moment.
[00:20:34] You're looking for people to check it out.
[00:20:35] Where should anybody listening wanting to find out more details go?
[00:20:38] Yeah, you can go to our website, nymvpn.com.
[00:20:42] That's n-y-m-v-p-n, like, dot com.
[00:20:45] And also, you can just go to Apple or Google Play, and it's still in beta, so it's a free VPN.
[00:20:50] You should try it out.
[00:20:51] And just make sure you give us some feedback.
[00:20:53] The only confusing part about using nymvpn is that we don't take your information when you use it.
[00:21:00] So when you download the software, you have to go to the website, give us an email.
[00:21:04] And then that email that gives you a zero-knowledge proof, a sort of large string, which is like a secret login code.
[00:21:10] And then when you start the app, you cut and paste the QR code, scan the login code in.
[00:21:16] And the whole concept is that that allows you to disconnect the payments from your usage.
[00:21:23] And it's still in beta testing, so without payments working yet, but you can still disconnect your email from your usage.
[00:21:29] And we think that's very important.
[00:21:30] It really is.
[00:21:31] Well, I'll add links to everything to make it nice and easy for people to find that.
[00:21:35] And I've seen you both twice in the last two hours at completely different ends of the...
[00:21:41] A lot of walking.
[00:21:43] Steps, there are steps to be up.
[00:21:44] But thank you to both of you for taking the time to speak with me today.
[00:21:47] Thank you.
[00:21:47] Thanks so much.
[00:21:48] I think we covered a lot of ground today, from the risks of metadata collection to the groundbreaking technology behind NIMVPN.
[00:21:56] And as AI advances and big tech companies continue to harvest our data, I think the need for more robust privacy tools have never been more urgent.
[00:22:07] So I cannot thank Chelsea Manning and Harry Halpin for coming on here today and reminding us that true digital freedom requires so much more than just encryption.
[00:22:18] It demands innovative solutions that obscure our online behaviours altogether.
[00:22:23] But that's just my takeaway from the conversation today.
[00:22:26] What about you?
[00:22:27] Are you rethinking your approach to online privacy after hearing this discussion today?
[00:22:33] And will you be trying out tools like NIMVPN, or do you still trust those traditional methods, even after that conversation today?
[00:22:41] I'd love to hear your thoughts.
[00:22:42] So email me, techblogwriteroutlook.com, LinkedIn, eggs, Instagram, just at Neil C. Hughes.
[00:22:49] Until we speak again, stay safe, stay informed.
[00:22:52] And remember, privacy is not just a right.
[00:22:55] It's a necessity in this digital age where we all reside.
[00:22:58] So let me know your thoughts.
[00:23:00] Join the conversation.
[00:23:01] And if you enjoyed yourself, why not come back and we'll enjoy another conversation together tomorrow on a completely different topic.
[00:23:09] But that's it for me.
[00:23:11] So I'm going to get back on the show floor here at Web Summit and find myself some more guests for your listening pleasure.
[00:23:17] So thanks for listening.
[00:23:18] And I will speak with you all tomorrow.
[00:23:20] Bye for now.