Bidya logo
  Crypto Coin Prices and News  

LOKI Price   

Cap | Volume | High | Low | Old | New | Rare | Vs | Blockchains | Exchanges | Market | News | Dev News | Search | Watchlist



LOKI Price:
$419.1 K
All Time High:
Market Cap:
$11.0 M

Circulating Supply:
Total Supply:
Max Supply:


The price of #LOKI today is $0.21 USD.

The lowest LOKI price for this period was $0, the highest was $0.208, and the current live price for one LOKI coin is $0.20773.

The all-time high LOKI coin price was $2.40.

Use our custom price calculator to see the hypothetical price of LOKI with market cap of ETH or other crypto coins.


The code for Oxen crypto currency is #LOKI.

Oxen is 4.4 years old.


The current market capitalization for Oxen is $10,992,582.

Oxen is ranking upwards to #539 out of all coins, by market cap (and other factors).


There is a medium daily trading volume on #LOKI.

Today's 24-hour trading volume across all exchanges for Oxen is $419,103.


The circulating supply of LOKI is 52,918,206 coins, which is 35% of the maximum coin supply.


LOKI has limited pairings with other cryptocurrencies, but has at least 4 pairings and is listed on at least 3 crypto exchanges.

View #LOKI trading pairs and crypto exchanges that currently support #LOKI purchase.


Note that there are multiple coins that share the code #LOKI, and you can view them on our LOKI disambiguation page.



WTF Is Oxen?

ELI5: The Oxen project Are you being spied on? Every day it becomes more and more obvious that technology is being used to keep an eye on everyone in the world. Nobody is safe from surveillance. Oxen is bringing privacy to the digital world through blockchain technology. Oxen allows you to make the things you use every day more private. Things like web browsers, instant messengers, and social media.Level 1: The blockchain OXEN is a fully private, instant, and anonymous crypto — like digital cash. OXEN makes the foundation for the entire Oxen network. Anyone can use their OXEN to get more OXEN, by staking to something called a service node. Service nodes secure the blockchain, power apps, and get OXEN rewards for all their hard work. This creates an enormous decentralised network full of powerful, private servers.Level 2: The apps Thanks to blockchain, we’ve got a huge network of decentralised horsepower. We can use the service node network to power privacy applications you can use every day. Any app in the world can use Oxen to become private. We’ve already gotten started — we’ve made a private messenger, called Session, and private internet access using Lokinet. You could build anything from a private Instagram, to a private Discord, or a private version of AOL.Level 3: The user The users of Oxen are just normal people. It’s obvious that people want privacy, and that privacy has crazy value. People are screaming out for it — but they don’t necessarily want to make sacrifices. With Oxen, you don’t have to. You can use the apps without knowing the first thing about a blockchain. Send a selfie. Play a game. Stream a video. Privately. Originally published at WTF Is Oxen? was originally published in Oxen on Medium, where people are continuing the conversation by highlighting and responding to this story.

Built On Oxen: The Future Of Digital Communication

They say data is the new oil — but privacy is gold. And Oxen has struck gold. The thing that makes Oxen special is that it’s a privacy protocol that can be used by anyone, not just the tech elite. The way the internet has evolved, privacy is a commodity. If you want privacy — you have to pay for it. Whether that cost comes in the form of money, time, or social currency, you’re made to work for your privacy. More and more, people are willing to sacrifice convenience to preserve their privacy, people are aware their data is for sale, and they want to use services that respect their privacy. The sleeping giant of privacy is stirring, and soon its fist will be beating on the head of big tech. Oxen is a privacy protocol built for everyone. And that means everyone. Decentralised applications built on top of the OXEN blockchain are already being used by hundreds of thousands of users — mostly on the hardcore private messenger, Session.The heir to private messaging Messengers are a commonplace technology used by virtually every person with a mobile phone. With over 100,000 active users, Session is gaining a foothold in the enormous private messaging space. The appetite for privacy is growing, and as the most private mainstream messenger, Session is perfectly positioned to grow even more. The biggest tech companies in the world are starting to notice how valuable privacy really is, and some of them are paying attention. We’re seeing privacy become an essential part of the digital world. Having said that, not every tech company actually wants to give up their grip on data. WhatsApp has already been called out by critics who say their new privacy policy shows they don’t really care about privacy. If you’re leaving WhatsApp, you should pick up Session. If you’re using Session, Oxen itself is just one step away. Over the last year, Session has gone from strength to strength. New features, better performance, and improved stability are paving the way for a world where Session sits atop the digital messaging throne. User acquisition, retention, and ratings have all increased thanks to our tireless Session engineers. With onion routing, end-to-end encryption, and a decentralised infrastructure, Session is built like no other mainstream messenger in the world. If you need to have a private conversation, Session is the best way to do it. The word is out. Session is spreading far and wide. Session is already the most simple, private way to have a normal text conversation. And with voice calls right around the corner, soon Session will be the most private way to have any conversation. Forget SMS. Forget phone calls. Forget phone numbers. Session is the future of digital communication — and it’s built on OXEN.Built on Oxen. Built different. Session is just the first step. With Session, Lokinet, and Liblokinet, the private future of the internet will revolve around the applications built on Oxen. These are just the first chapters in the epic tale of the future of technology. The use case for Oxen is clear. It isn’t justpotential, it’s a reality. The power of blockchain is well known in the cryptocurrency space. But projects that actually leverage that power to create real, usable applications that benefit the world are few and far between. Just like the scientists who investigated the mysteries of the atom, the engineers who are able to make use of blockchain’s true power will change the world forever. Oxen is a better, private system for accessing and using the internet. Service nodes are powering the revolution. Developers are putting service nodes to work. People are already using Session, and they will use other applications built on Oxen, too. Originally published at Built On Oxen: The Future Of Digital Communication was originally published in Oxen on Medium, where people are continuing the conversation by highlighting and responding to this story.

Who Let The Doge Out: Why Oxen Should Be The King Of The Kennel

Is the meme power of DOGE really stronger than the fundamental forces of OXEN? Memes are the fuel that makes the internet machine go round. By now, we’re all well aware of the real-world repercussions our silly online jokes can have. In the crypto space, this is even more true. Fortunes are won and lost on the back of image macros, social media storms, and trending hashtags. In 2021, the star of DOGE is shining bright. For a lot of people, DOGE is one of the only coins they know by name, it might even be the first they’ve ever heard of crypto — certainly outside of Bitcoin. If you’ve been around the crypto block a few times, you’ve probably been shaking your head as you’ve watched your parents, hairdresser, and some dude you went to high school with talking, posting, and fawning over the biggest joke on crypto Twitter. For a long time, DOGE was laughed out of the room. All that changed when the Technoking of Tesla, Elon Musk, started talking about the coin. Its meteoric rise brought interest from investors from every corner, and millions of eyes were focused on crypto for the first time ever. Of course, not everyone was pleased by Mr Musk’s antics, with one of the original creators of DOGE calling him out in a now-deleted Tweet. Let’s put the memes down for a second. There has been some chatter about OXEN being the next DOGE… let’s compare the pair.DOGE vs OXEN TL;DR: Despite its relative anonymity (😉) OXEN absolutely wipes the floor with DOGE. Let’s start with the blockchains themselves. One thing DOGE has going for it is its relatively quick, inexpensive transactions. With a 1 minute block-time, you can move DOGE around pretty quickly. But with its one-of-a-kind Blink technology, OXEN can easily beat that. Blink enables INSTANT transactions — something not even DOGE can keep up with. In terms of block time, DOGE edges out with a roughly 1 minute block time, while OXEN has a 2 minute block time. However, DOGE uses the inefficient consensus mechanism known as Proof of Work. This is the same mechanism that has brought Bitcoin under fire due to environmental concerns. OXEN has this under control — it uses a Proof of Stake implementation called Pulse to secure its blockchain. This means the Oxen network is muchmore efficient. On top of that, its staked service nodes give the Oxen blockchain a huge amount of potential. Service nodes can be used to power blockchain-based applications for use by the mass market. There are already applications built on Oxen — like our anonymous messaging app, Session, and our onion-router, Lokinet. DOGE’s design means it can’t do anything with this kind of utility. On top of all this, Oxen is backed by the world-class privacy and anonymity qualities of Monero, with stealth addresses, RingCT, ring signatures, and checkpointing. The reality is this: DOGE was created as a joke. OXEN was created to power the private and anonymous internet. It’s already powering one of the most popular crypto-related messengers and a legitimate Tor competitor.Don’t put DOGE in the doghouse Although DOGE might be a meme — that doesn’t mean it’s useless. DOGE has gotten a whole new wave of people interested in cryptocurrency, and it’s one of the most accessible entry points into the space. With that being said, people who are serious about blockchain will look to projects with an underlying purpose. That’s where projects like Oxen are important. Blockchain is about more than day traders — it’s the future of the web. As more people realise the potential of blockchain, more people will appreciate the power of Oxen. Originally published at Who Let The Doge Out: Why Oxen Should Be The King Of The Kennel was originally published in Oxen on Medium, where people are continuing the conversation by highlighting and responding to this story.

Clean Crypto: Creating A Sustainable Future For Blockchain

The environmental impact of crypto — like Bitcoin — is the worst kept secret in the crypto industry. Everyone in the crypto community knows the harsh reality: blockchain technology (specifically, Proof of Work) uses an enormous amount of energy. Of course, this is by design — computational power is how traditional blockchains are secured. The blockchain world is growing and expanding at a breakneck pace. In 2021, Elon Musk’s fascination with Bitcoin and other cryptocurrencies has poured ample rocket fuel into crypto’s propulsion systems. However, the brakes have been pumped by Musk’s announcement that Tesla is suspending vehicle purchases using Bitcoin due to environmental concerns. If we don’t change, things like this will keep happening.The world will not embrace an environmentally destructive blockchain community. People care about the climate. They care about sustainability. And if crypto doesn’t catch up with that mindset, it’s going to come up against a brick wall. Every year, there are news headlines along the lines of ‘ Bitcoin now uses more power than x country.’ Bitcoin is incredible, it is revolutionary, it is why we’re all here. But cryptocurrencies can’t expect to gobble up the energy equivalent of mid-sized countries without facing serious criticism. Some people in the blockchain world are happy enough with trying to use renewable energy resources for mining — but this is nothing more than a symbolic victory. Even if it is renewable energy, we do not currently have unlimited capacity to create renewable energy. Sinking terawatts of renewable energy into securing proof of work blockchains is not an efficient use of energy, and it leads to dirty power being used down the line in other places. We should be striving to make blockchain more sustainable, more viable, and more appealing for the most amount of people possible. We have to plant the seeds for a green blockchain community. People in the blockchain community have already been thinking about this problem, thinking about answers, and building the solutions.Crunching the numbers on the crypto environmental impact Bitcoin uses more power than 5 million people in Finland. More than 17 million people in the Netherlands. More than 200 million people in Pakistan. It’s 115TWh a year. That’s enough energy to power a 100W light bulb for 131,278,538 years. But if we want to keep the lights on long term, we’re going to need to reduce the amount of energy we are using to secure blockchains. Ethereum is also proof of work (for now), and faces similar energy consumption problems to Bitcoin. But Ethereum has seen the light — and it’s heading towards Proof of Stake. Proof of Stake is a much more environmentally sustainable way of securing blockchains, and it is hoped Ethereum’s transition will cut its energy consumption by 99 per cent. Instead of demanding more and more computational power (and thus, energy), the blockchain is secured economically. At Oxen, we’ve already rolled out our Proof of Stake implementation, Pulse. Thanks to the full removal of Proof of Work, Oxen is more efficient and eco-friendly than ever. With the technical requirements and specifications for a service node, and assuming it is running 24/7, a service node can be expected to chew up about 1,400 KWh per year. With 1,700 service nodes, the network would consume 2,380,000 KWh in a year. Rounding up (just in case), Oxen still only uses 0.0025TWh a year. Oxen uses 0.002% of the energy Bitcoin uses. And only 0.006% of the energy consumption of Ethereum. Elon said he was looking for currencies that use <1% of Bitcoin’s energy/transaction — Proof of Stake is the way to achieve this. Now, you might be saying, ‘wait a minute, way more people use Bitcoin and Ethereum than Oxen! ‘ And you’d be right (for now, at least). But no matter how much the Oxen network scales up, it’s never going to use this much energy. For Oxen to use as much power as Ethereum does now, there would need to be over 30 million service nodes. For it to use as much power as Bitcoin does, there would need to be over 78 million service nodes. With every service node requiring at least 15,000 OXEN staked, it would require 450 billion OXEN to create 30 million service nodes. Given that there is currently less than 55 million OXEN in the circulating supply, this is not possible. It will never be possible. The energy cost of running a network like Oxen will always be a fraction of what Bitcoin and Ethereum currently use. No matter what.Improvise. Adapt. Overcome. Proof of Stake is just one way to make blockchain technology more environmentally sustainable. For Oxen, Proof of Stake makes sense, and it’s a perfect fit. But don’t get it twisted: PoS won’t suit every blockchain under the sun.“ Blockchains of the future with proof of stake and sharding will be thousands of times more efficient” — Vitalik Buterin The blockchain community is full of innovators and out-of-the-box thinkers, and there will undoubtedly be many ideas, solutions, and experiments that emerge over the coming years to try and solve the crypto climate crisis. But the reality is this: crypto is going to have to go green. At the end of the day, it’ll be better for everyone. Better for the people who are already holding heavy bags. Better for the family members you’ve gifted crypto to. Better for the people who haven’t even heard of crypto yet. Oxen has been on this train for a long time. We’ve already made the leap from PoW, to hybrid PoW/PoS, to full PoS. It wasn’t an easy path — but it was the right one. Lots of other projects have done the same, and more are joining all the time. If we want blockchain to go big, we have to make it scalable. And environmental impact is one of the major considerations we have to make. Let’s get moving. Originally published at Clean Crypto: Creating A Sustainable Future For Blockchain was originally published in Oxen on Medium, where people are continuing the conversation by highlighting and responding to this story.

Oxen rebrand rollout: Our roadmap — Loki

Oxen rebrand rollout: Our roadmap — Loki Towards the end of 2020, we announced the biggest change to the Loki Project since launch: Loki is rebranding to become Oxen. There have been plenty of questions about what the rebrand entails, when everything will be happening, and what our users need to do (spoiler alert: Loki users and $LOKI holders don’t need to do anything whatsoever). To minimise uncertainty and confusion, today we’re announcing our roadmap and timeline for rolling out the Oxen rebrand. For an overview of the reasons behind the rebrand, head over to our rebrand announcement blog.What’s happening today (6 Jan 2021, AEDT): Today we’re dropping the first taste of Oxen’s gorgeous new branding: A landing page is now live at Head on over to feast your eyes on Oxen’s logo and a peek at the colour scheme we’ll be using.What’s happening tomorrow (7 Jan 2021, AEDT): Tomorrow is when the rollout really kicks off. Our social media accounts, Telegram community, and contact email will officially switch over to Oxen equivalents. An updated desktop wallet with Oxen branding will also be released tomorrow, and our exchange listings will start swapping from $LOKI to $OXEN ( note: these are cosmetic changes only; $LOKI holders do not need to take any action). All Loki users can continue using their current wallets and services without having to update — everything will continue working as normal. But if you want to see the slick new branding in the wallet, you should update regardless!What’s happening over the coming weeks: Over the following weeks, our listings on other service providers like CoinMarketCap and CoinGecko will make the switch to $OXEN. We’ll also be releasing completely new mobile wallets, rewritten from the ground up to be faster, better, and, of course, with that beautiful new Oxen branding. The older mobile wallets will continue to function, but keep an eye on our social channels for links to the new mobile apps when they’re available — we know you’re going to love them. We’re also hard at work on the full Oxen website, which will be live at in early February, along with fully reworked and rebranded documentation for every part of the project and our tech stack. In the meantime, the existing website will remain live until the rollout is completed. Regarding wLoki: The wLoki transition is going to be a little bit more involved. We’ll make an announcement with more information in the coming days. For now, everything will continue working as usual, under the wLoki (Wrapped Loki) name.How you (yes, you!) can help We’re incredibly excited to begin the rollout of the Oxen branding in earnest. But we know that a staggered rollout like this means that there may be some confusion, especially for newcomers to the Oxen (Loki) community. So we’re calling on you, our loyal community members, to help clear things up. If you run across someone who’s unsure what’s going on or why, don’t hesitate to jump in and explain — or just refer them to our blog.Looking ahead With the Oxen rebrand rolling out, we’re more bullish than ever about the future of the project we’ve built together. The future is bright, and we can’t wait to make this journey with you, our community. It’s time for the Year of the Ox. Let’s go. Originally published at on January 6, 2021.

Major project announcement: A bright future for Loki

Since we started in 2017, Loki has grown exponentially. After beginning as an ambitious Monero fork, our scope has dramatically expanded into a full privacy suite: a private messaging app, an onion routing network, a private PoS cryptocurrency, and a foundation dedicated to building and supporting free, accessible, decentralised, open-source privacy tools. We have proven ourselves to be a community-first, transparent, development-led team. Always have been, always will be. We work for our community, and we’re always adapting to make sure we’re bringing value to the project and providing you with the best applications possible. In recent months we announced our foray into the DeFi space with our support of Chainflip, a decentralised cross-chain asset swapping service being built on Loki. Chainflip has been met with enormous excitement and support from the Loki community, and the initial centralised version (beta) was due to be released this month. However, recent developments in the regulatory landscape have made us pause and consider the best way forward for both Chainflip and the Loki Project. The knock-on effects of those recent regulatory developments are far-reaching, and they’ll have dramatic effects on the crypto space as a whole — so the Chainflip team has been hard at work finding the best way forward for the project. While the Chainflip team has been planning for their future, we’ve also had the opportunity to take a step back and consider our overall strategy at Loki. You might’ve noticed things have been unusually quiet for the last month or so. That’s because we’ve been busy behind the scenes intensely planning the next big step for Loki, and now we’re ready to share it with you. At Loki, we care deeply about what we’re building, the community that has helped make it possible, and the potential of all of the incredible technology already under our belt. The question we’ve been working to answer is: how can we ensure all our projects have the opportunity to reach their full potential? How can we ensure that all of our products and technologies remain relevant and growing, not just for the next year, but for the next 5 years and beyond?What we’re announcing Today, we’re announcing some radical changes that will future-proof the project, our product suite, and our commitment to free, open-source decentralised privacy tools. There’s a lot going on at Loki, and this is quite a dense set of announcements. We’re sure you’ll have questions after this first round of announcements, so please join CEO Simon Harman and CTO Kee Jefferys for a live community roundtable later today (Tuesday November 10) at 4pm AEDT. Simon will also be running additional AMA sessions at 10am AEDT on Wednesday November 11, and at some point on Thursday and Friday (times TBC), to ensure we can answer all your questions and respond to all your feedback throughout the week. Submit your questions through Menti or share them in our community chats and social channels — we’ll be sure to address every question we can. With that, let’s get into the announcements!An evolution for Loki The word Loki is something that means a lot of different things to a lot of different people. Loki has already evolved an incredible amount over the last 3 years. Our technology stack continues to grow, with a wide range of tools and protocols that make developing decentralised secure applications much easier — not just for us, but for everyone. We’ve built Session, Lokinet, and all of the utilities on the Loki Blockchain itself, and in so doing, we’ve also built a number of libraries, protocols, and other tools to make these decentralised applications possible. The answer to the question “What is Loki?” depends on who you ask. Some people are deeply interested in the power of the Loki blockchain. Others see the importance and potential of Session, and will mostly describe Loki in terms of secure messaging. And some love Loki for Lokinet, and can see a bright future for a crypto-backed competitor to Tor and VPN services. Finally, there’s Chainflip — the newest member of the family. Lots of people are super excited about the prospect of Chainflip, and for some it was the first time they’d ever heard of Loki. The Loki Project has so much depth, so many tools, and so much utility that it can be hard to summarise all the things this project does. For those that do their research, it’s a compelling, interesting, and promising project with abundant possibility. But the feedback we’ve received suggests that to most newcomers, the Loki Project comes across as a bewildering array of seemingly unconnected products and features. The same principle applies to our current technology stack: there’s a lot there, but it’s very hard for external developers to understand, contribute to, and most importantly, leverage to their own advantage. Above and beyond this confusion, the Loki brand itself — while beloved in the Loki community — is seen as old and outdated by many key players in the crypto industry. To put it bluntly, this is limiting the project’s growth potential. The wider crypto market seeks out fresh brands with fresh narratives, and our marketing team has gotten bigger, better, and more capable of creating and building more compelling brands than Loki — brands like Session. Now, it’s time for us to convert our branding expertise into market capitalisation. While we love the name Loki, and we are sure many in the community do too, the name carries too many negative connotations in the wider market — connotations that make it difficult for us to reach new network participants. Today’s announcements aim to begin the process of addressing these issues. Loki is growing and evolving, and in recognition of this evolution, the entire project is being renamed and rebranded.OXEN: A new era for Loki As we’ve already said, the network we’ve built has grown, and shown that it’s easily capable of powering applications like Session and Lokinet. But the Loki Network can be a whole lot more than just the applications we’re developing. With everything we’ve built — it’s time to hand over the keys to the Ferrari. The tools, protocols, and libraries we’ve built can power much more than just Session and Lokinet. They can be the building blocks everyone uses to create a new wave of privacy technologies. Of course, we’ll still be hard at work developing Lokinet and Session as well, but all of the late nights and double espressos that go into our work won’t just benefit those applications, but an entire ecosystem of development utilities. Oxen won’t just be the backbone of our products, but the fabric we all use to weave a privacy revolution. Oxen gives developers looking to enhance their products with greater privacy and security a real package to work with. We haven’t widely talked about what we know is possible with the Oxen stack, because until more recently, that stack didn’t exist. But now, we’ve built it. Three years in, it’s mature and robust, and we’re excited to see other technology companies, projects, and communities use the Oxen stack to make things like:A truly encrypted Slack/Mattermost competitorTruly encrypted voice and video call service (Yes, much better than Zoom or Jitsi, which aren’t really that well-secured at all)Peer-to-peer networking replacement library for blockchain projects (much easier to deploy than libp2p, for instance, due to common features with ZMQ)Onion VPN marketplace powered by OxenSecure onion-routed HTTPrequest library (onion requests) used to secure simple web traffic between client and server without requiring a VPN or OS level supportRedundant messaging utilising the swarm protocol (superior protocol to Bitmessage)Virtual LAN functionality to enable private networks to form on the public internet (a more versatile, easier-to-use version of Hamachi) Truthfully, this is much closer to the original vision of Loki — using staked nodes to provide services. The scope of the Oxen network isn’t limited to the potential of Session and Lokinet. While they’re great examples of some of the possible applications of the Oxen stack, so much more can be done. 2020 has made it obvious that there is a demand for privacy in all areas of digital communication and collaboration. Zoom is the most talked-about piece of technology of the year — and it’s been widely panned for its privacy and security failings. Tools like Slack, Microsoft Teams, Discord, WebEx, and Trello have become essential to the daily operations of people around the world. These tools are useful, but their models for privacy and security are lagging behind. The Oxen stack is the answer to this problem. We’re not just talking about a few purpose-built privacy tools. We’re talking about empowering the most-used technologies in the world to become properly private and secure with relatively straightforward implementations and integrations. When we set out to make Session and Lokinet, this didn’t exist. We’ve had to build it ourselves, but now — everyone that comes after can stand on our shoulders. Privacy should be a non-negotiable part of modern technology, but a lot of the time it gets dumped in the too-hard basket. Oxen puts privacy at the fingertips of developers and users alike. And to slingshot adoption of Oxen’s tech stack into the exosphere, we’re spinning up a new business development division to create new opportunities and build relationships with developers and organisations who will benefit from leveraging Oxen’s tech stack. This active stance will radically increase adoption and use of our technologies across every sector we’re involved in, and help to ensure that both the Oxen project and the wider technology ecosystem will benefit from what we’ve built. Over the coming days, weeks, and months, Loki will evolve into Oxen. You’ll start to see the changes rolling in as you get a taste for the new brand, new tickers pop up on places like CoinMarketCap, and a brand-spanking-new website. We’re excited to take you on the journey with us — the journey from Loki to Oxen. As Loki, we’ve already accomplished so much together, and as Oxen we’ll do even more. You’ve probably noticed that we haven’t mentioned Chainflip’s place in Oxen’s bold new plan just yet — and that’s because Chainflip has a bold new plan all of its own. Just like Oxen, there are lots of exciting new developments for Chainflip that we’re sharing with you today.What’s next for Chainflip The Chainflip team’s original plan was for Chainflip to be rolled out in several stages, each with decreasing levels of centralisation. That’s no longer possible, and although the initial centralised version has essentially been completed, releasing it as is would be unacceptably risky. To address this, the first version of Chainflip will now be fully decentralised — but this means extra development resources will be required to deliver Chainflip in a timely manner. Today, we’re announcing some changes which will give Chainflip the resources it needs to grow quickly, while ensuring that our major projects — Oxen, Lokinet, and Session — can continue to be developed without interruption. Chainflip was always going to take significant work to build — and this is doubly true if it’s going to be decentralised from day one. Having said that, completion of the centralised version is still an enormous milestone for Chainflip- it will accelerate testing and development of the decentralised version. The current version has been modularised so that each of the components can be decentralised independently of one another, which means the Quoter and front-end work is already largely finished. With that in mind, the process of building the decentralised version of Chainflip could really benefit from extended resources. The DeFi space is growing quickly, and we think Chainflip is one of the most crucial additions to the ecosystem. At the moment, there is a gap in the DeFi ecosystem — trustless asset swapping services with a positive permissionless user experience. This is a hole Chainflip will patch, and as the DeFi industry matures, it’s a gap that needs to be filled. We want the Chainflip team to have all the resources they need to bring a fully-fledged version of the product to market as soon as possible. Chainflip needs its own blockchain to fulfil its potential. With its own purpose-built blockchain, Chainflip will be delivered more quickly, more completely, and be well positioned to succeed as a long term project. Although it would still be possible, using the Loki blockchain would hold Chainflip back from both a technological and regulatory perspective. We want to deliver the best version of Chainflip, and this is the best way to achieve that. With this plan, both Oxen and Chainflip will thrive. Not only will Chainflip have everything it needs to succeed, but we won’t have to divert any resources away from Oxen or its projects like Session and Lokinet. The Oxen community will be rewarded for all of their support for the project. Further, because the Foundation has already contributed to the Chainflip project, it has negotiated with the Chainflip team to ensure that this new direction for Chainflip will be significantly beneficial for the Foundation, too.Chainflip ICO and OXEN swapping program Now that Chainflip is standing on its own two feet, it’s going to need its own resources. Chainflip will be completing a fundraising round in order to give itself all the tools it needs to rapidly accelerate development timelines and ensure the product is released in a fully decentralised manner with all of the proposed features. This way, the fully realised version of Chainflip will be delivered to your doorstep as soon as possible. Loki has been a huge supporter of Chainflip, and there are plenty of people holding Loki because of their interest in the product. Chainflip wants to recognise those people, and so in order to bootstrap its own community, the project will be offering a token burning program using LOKI/OXEN. As much as 9% of the presale supply will be made available to swap LOKI/OXEN at preferential rates for Chainflip tokens. This program will be rolled out in 3 tranches at decreasing rates in each round, meaning the sooner users participate, the better rate they’ll get per LOKI/OXEN token. There are also plans being put in place to preference current SN operators at the best swap rates in the first round of the burn in recognition of the work they provide. This swap program gives current LOKI/OXEN holders the opportunity to decide whether they want to stay involved with both Oxen and Chainflip, or merely one or the other — without having to buy any new tokens to do so. After the successful issuance of the main Chainflip token, the LOKI/OXEN collected in this program will be publicly burned. Details on the burning program will be released in the coming weeks, as there are still some important legal questions to be answered surrounding the specifics of this program. Chainflip is still in the early stages of fundraising, and while entities are being spun up and legal advice is being finalised, very few details can be shared publicly. Based on early conversations, and with pre-seed funding already secured, lots of work has already been completed that — depending on the outcomes of the legal advice — could allow Chainflip to close the private components of the presale by the end of the year. For the time being, though, the only way to gain exposure to Chainflip tokens is by holding Loki and waiting for the burning program. We believe this fact will stimulate organic demand for Loki as the project makes the transition to Oxen. As for the 6 Loki per block that was earmarked for incentivising Chainflip liquidity, that allocation may be retargeted to support other aspects of the project — like further incentivising Service Node operators or supporting other community projects — or possibly removed entirely. We’ll consult the community in the near future about the best way to utilise this part of the block reward going forward, and your input will be key to this decision.Session and Lokinet: The future is bright Meanwhile, Session and Lokinet are full steam ahead. Lokinet is about to get a rebrand all to itself. We’ve already mentioned this a couple of times over the last few months, but the rebrand is now getting close to being fully released. Over the years, our marketing team has gotten a lot better at building and establishing striking brands — and Lokinet is ready for a new look. On top of a completely overhauled visual identity, Lokinet will be getting a new name — just in time for the much-vaunted imminent release of exit node functionality. We think Lokinet’s exit node marketplace is going to solve a lot of the problems faced by current traffic-anonymising applications. Of course, Tor has long been both a bulwark and a trailblazer in the privacy community, but it suffers from crippling speed and user experience issues due to being an application-layer protocol. You can download Lokinet right now and see for yourself its speed and ease of use. Likewise, while VPNs offer convenience and ease of use — they can only offer so much protection. A plug-and-play onion routing network like Lokinet represents a huge leap forward for anonymous internet usage, and we’re actively seeking out VPN companies to plug their existing VPN infrastructure into the Oxen onion VPN marketplace, which will help bootstrap the network’s capability and bring traffic to the Oxen marketplace. On top of this, Session is already a fully-functioning product that thousands of people are using every day. Earlier this year, we showed that we can drive huge user numbers for Session. We have the data, we know we can do it. Session already has over 400,000 downloads. Our marketing efforts were put on pause to give our Session developers some wiggle room to polish the app — but now it’s ready. Session is in the best place it’s ever been, and we’re just about ready to unleash the marketing budget and strategy that we’ve been building up for the last six months. Session is ready to become a truly mass-market messaging app, with plans in place to grow the user base to over 1,000,000 users in 2021. Oxen will be at the vanguard of a privacy technology revolution. Session and Lokinet are proof of the incredible applications that can be built using this platform, and now the tech stack we’ve spent three years building along the way can be put to work — for the benefit of the entire privacy community. Of course, this is a lot of information to come out all at once. We are extremely excited about these changes, and we invite you to come and speak with Kee and Simon later today (Tuesday November 10) at 4pm AEDT on YouTube — keep an eye on our socials for a link. Simon will also be running additional AMA sessions at 10am AEDT on Wednesday November 11, and at some point on Thursday and Friday (times TBC), to ensure we can answer all your questions and respond to all your feedback. Submit your questions through Menti or share them in our community chats and social channels — we’ll be sure to address every question we can. Welcome to Oxen. Loki, evolved. Originally published at on November 10, 2020.

COVID-19 contact tracing: Getting it done — and making it work — Loki Foundation

COVID-19 contact tracing: Getting it done — and making it work — Loki Foundation On April 16, I published an open letter detailing my thoughts on contact tracing apps in Australia. In it, I talk about how I think it’s a surprisingly well thought through plan, and in my opinion, sufficiently protects the privacy of the public. It seems further explanation is required. Currently, the government is doing an atrocious job of convincing Australians to support what’s actually a very compelling product that could genuinely make a huge difference if enough people use it. I’m going to do my best to explain how the app works, why it’s actually relatively harmless, and lastly, my recommendations on what the government needs to do in order to make this a success.Part 1: Is it okay? There’s so much misleading information about COVIDSafe doing the rounds. It seems like people are imagining what it is based on supposition rather than actually looking at it — so let me explain what COVIDSafe does in simple terms.How it works COVIDSafe uses the BlueTrace protocol. This is great — it’s open-source and, in my opinion, pretty low risk when it comes to user privacy. When you register with COVIDSafe, all you do is enter some basic information for the health system — your name, age range, postcode, and a number you can be contacted on. This is required so the health system can contact you and identify risk factors based on neighborhood and age associated disease. Nothing else. Then you can go about your life with the app running in the background. COVIDSafe uses Bluetooth to communicate with other phones around you — not GPS or any other system. Using Bluetooth, your phone publishes an anonymous key to other devices in your proximity once you’ve been near them for long enough to be considered at risk of exposure (15 minutes, according to global health experts). When it does this, it’ll also collect the other person’s key. Identifying keys are rotated every 2 hours, according to the privacy policy, so you don’t have the same identifier linking back to your device for very long. The app does all this in the background, and keeps a record of all of the keys you’ve come across in the last 21 days. That’s really it. You have no way of knowing who these keys belong to. Nobody else knows your keys belong to you. You don’t automatically upload any keys you collect to the government. Location data isn’t collected or used. At all. Let’s say you then develop flu-like symptoms — you get a test, and you have coronavirus. Then (with your express consent) the encrypted keys your phone has collected in the last 21 days are uploaded to the health system, who possesses the ability to decrypt these keys. Health services can then use the phone numbers provided to them upon registration to get in touch with these people and let them know they’ve potentially been exposed. That’s how it works. Pretty clever. Pretty simple. Pretty not scary so far. Let’s dig a little deeper.Is COVIDSafe a privacy risk? In my opinion, some of the concerns with this approach aren’t worth all that much discussion. Yes, there is potential that the central servers could be hacked (but your phone number has probably been leaked in dozens of places already, and your health records are online now too, so not much additional risk). Yes, there is potential for ‘surveillance beacons’ to be set up by the health system so they can work out who stood next to a fixed position for more than 15 minutes — but this is ridiculous, if the governments want to know where you are, they can just ask your phone company. Realistically, you’re taking a risk every time you download an app. Just owning a phone is a privacy risk. In the age of Google Maps, Siri, Facebook Pixel, Fitbit, and metadata retention, I really don’t think COVIDSafe even deserves a mention in the 2020 Top 500 list of apps and services that seriously expose users to privacy risks. Most of us are running much bigger threats in the background 24/7 without even thinking about it. iOS and Android’s built-in permissions systems should prevent the worst kinds of surveillance anyway. You can prevent COVIDSafe from accessing the phone’s built-in location functionality at the operating system level — this way you guarantee that it can’t access your location. Simple as that. At the moment, TraceTogether and COVIDSafe request location permissions because of a Google policy that I’ll explain shortly — but the app never uses location data.But what about Google and Apple? Google and Apple have been working on contact tracing too, but there’s a lot of confusion and misinformation floating around about what their solution is and whether it’s ‘better’ than COVIDSafe. It’s not a matter of Google and Apple’s solution being better or worse at all — all apps have to interface with the phone’s operating system to work. If an app wants to use Bluetooth, for example, it has to send a request through the phone’s Bluetooth APIs (Application Programming Interface). These APIs are really useful, as they make it easy for app developers to leverage the hardware and functionality of the device without having to know anything about that specific device. So an app developer can use the same Bluetooth API whether you have the latest Samsung flagship phone, or a cheap and cheerful Chinese smartphone from 2017. However, Google and Apple restrict what apps can do with these APIs, particularly Apple’s iOS. This is to prevent inexperienced, incompetent, or malicious app developers from draining the battery, using too much data in the background, and other undesirable activities. However, in order to do this kind of Bluetooth contact tracing, the phone’s Bluetooth has to be always on in the background, actively communicating with all of the devices around it. Typically, iOS and Android don’t want apps doing that, so this would normally be restricted. So Google and Apple aren’t working on a contact tracing app per se — what they’re doing is creating new APIs that will allow contact tracing apps to use normally-inaccessible Bluetooth functionality. They’re also building a contact tracing handshake system into their operating systems, so governments building tracing apps don’t have to — the APIs will do all the hard work for them. However, TraceTogether and BlueTrace jumped the gun — they’re trying to do contact tracing over Bluetooth before these new APIs exist. Turns out that even though iOS and Android make it pretty hard to build out apps with decentralised functionality, there are some ways around it. This is something we’ve had first-hand experience with when building Session, our decentralised secure messaging app, which you should definitely look at if you like privacy. One of the less desirable things TraceTogether and COVIDSafe do is request location permissions on Android. Google forces developers to do this because of a policy created to warn users about the fact that because Bluetooth broadcasts a device’s MAC address, Bluetooth access could potentially be used to reveal your location to hypothetical ‘beacons’ in the area. This has been proven to be a very low-risk threat, but Google still requires that the user is warned regardless. However, some restrictions have proven impossible to overcome, particularly with iOS. Right now, TraceTogether/COVIDSafe only works when the app is running in the foreground, so people have to keep reopening the app periodically (to prevent iOS from stopping it automatically) if they want to participate in contact tracing. Needless to say, this is bad. That being said, it’s all we’ve got while we wait for these fancy APIs. So when the government says ‘We don’t need Apple and Google’, they’re not completely wrong. COVIDSafe can function without using these fancy new APIs, and it’s a good thing it can, because Google and Apple won’t be releasing the APIs until mid-May. But BlueTrace’s reliability is a joke, especially on iOS, so I’d wager that once the shiny new APIs hit the streets, every contact tracing app (including COVIDSafe) will use them. But props to BlueTrace for forging ahead anyway. At least you tried. And in spite of what Google and Apple are building, individual nations have to build and launch their own apps that interface with their own health system, servers, databases, and other infrastructure. It’ll be easier, but they’ll still have to commit the time and resources to doing it. They’ll just have some slick Silicon Valley APIs to help them out. Does this mean Australia jumped the gun by choosing to get BlueTrace’s code to make its own version weeks ahead of the Google/Apple release? I don’t think so. It’s bold, but I’d do it too if it means Australians can get out of their homes a week or two earlier. It’ll take several weeks of strong messaging to get the app installed by a significant percentage of the population, by which time Google and Apple’s APIs might be released, so I think it makes sense to push it now even if it won’t be that reliable out of the gate.Part 2: Making it a success Alright, so that’s the background information on COVIDSafe — now you know what it’s all about. Maybe, like I was, you’re surprised that it actually isn’t too bad in terms of privacy. However, in order for it to be a success, lots of Australians have to download the app. This means:The government needs to properly communicate its plans and implementation to the public.The government must stop violating our trust. Maybe then it would be easier.The tech community put its weight behind this (good) use of technology in the public discourse — but only once we’re happy. I’ll go through these points in greater detail. I don’t know if anyone from the government will ever read these recommendations, but hopefully some of you will be able to help in influencing the conversation. We shouldn’t forget that the whole point of contact tracing is to slow the spread of a virus that has a mortality rate as high as 5% if it’s allowed to overwhelm the health system. If we do contact tracing right, it could literally save lives and help us return to normal life. That’s no exaggeration. Everyone wins. Yes, it may turn out that this app doesn’t end up working very well, but even if it doesn’t, at least we can say we tried. Scepticism is healthy, but we need to be reasonable. When presented with a good solution that adequately addresses criticisms, it’s only rational to accept it — regardless of politics or ideology. People’s lives and livelihoods are on the line, and we can’t let our personal politics or cloud our judgement. Being outwardly dismissive of this plan because you think Stuart Robert or Scott Morrison are incompetent (which you’d have a lot of reason to believe) isn’t helping anyone. So let’s look at the final hurdles to this being a success:1. Trust This whole thing is going to be a major uphill battle because the government has a shocking track record of violating our trust when it comes to digital rights, digital privacy, and really just anything involving technology. 2018’s TOLA (Assistance and Access Bill, 2015’s Telecommunications (Interception and Access) Amendment, Centrelink’s Online Compliance Interventions (robodebt) debacle — the list of tech shambles goes on and on. It’s incidents like these that lead us to believe that the government is not to be trusted with technology. Now the public hears the boy crying wolf once more. They’re having a hard time believing statements like ‘it’s not a surveillance app’, because we’ve been conditioned to expect something like it for years now. As a result, the tech community has been very critical of the app. Not because it’s a bad idea at its core — but because we half expect the government to throw in a crucial detail at the last minute that’ll undermine what we’re advocating for. I have taken a leap of faith by taking a pretty strong position on this, even though I’m still waiting on some details about, and don’t know what the final version will look like. This goes against my instincts but I think it’s important to move on this sooner rather than later so I can do my part in putting an end to this pandemic. I do so because we have direct quotes like “[It] won’t tell us where, because that’s irrelevant, or what you’re doing.” and “We don’t care where you are or what you’re doing.” regarding this app. And we can hold them to that. Even if it’s closed source (I’ll get to that). So if that really is the intention, then we need to make sure the government is doing everything they can to build the trust needed to convince the average joe to install the app on their phone. First and foremost, they’ve got to make the damn thing open-source. It’s going to be a lot harder to get the people who know what they’re talking about — tech people — on board if they don’t. As I’ve already said, computers seem to catch on fire any time a government official walks into the room. Let us, the tech community, take a look at the source code. We can verify that it does what it says it does, and that there are no glaring issues in it that will lead to bad outcomes like hacks and whatnot. But more importantly, you need us on board. Why? When this app launches, every grandparent will ring their grandkids to ask them what they think of the app. Everyone will text their ‘techy’ friend to ask for their 2 cents. And every news broadcast in the country will have a security expert talking about what they think, too. Their answers are crucial to the adoption of the app nationwide. The people who really care about technology in this country will make a judgement call in the coming days and weeks, and if they decide they do not like this app, it’ll go nowhere. Making it open-source is the best possible thing you can do to get the support of this nation’s highest-ranking nerds. Their opinions will influence the rest of the nation. Personally, I have already received calls and texts asking me for my opinion on the app from a couple of not-as-nerdy friends. I expect a deluge to come in the following weeks. We need to do everything we can to make it clear that open-source is the only option. It’s not that hard. This app needs to be open-source. With reproducible builds. Don’t let some jaded public servant tell you it’s too hard, or that some arbitrary policy prevents it. That’s just lazy. We’ve got to apply pressure.2. Communication Empty threats, paper thin details, and rubbish messaging have already damaged this project. Good old Scotty from Marketing has tripped at the first hurdle. The government really needs to shore up its messaging on this app and explain how the app actually works. I explained it in 3 paragraphs. 273 words. That’s about 2–3 minutes of screen time. Sure, not everyone will follow it exactly, but the media will then have a crystal clear understanding of what it does. And so the narrative can then change from ‘Scotty wants to know who you’re hanging out with… spooky spooky’ to ‘how do we get Australians to use it.’ I’ve written most of this article based on information I’ve been able to piece together from occasional quotes and analysis by smart people on the internet. Another huge blunder was to suggest that the government “wouldn’t rule out making the app mandatory.” Firstly, how the f**k can you possibly enforce that? Secondly, if you make it mandatory, you lose all credibility and trust. This app is really easy to sell to people — don’t suck the good out of it by telling people they won’t get a choice. They’ll feel violated. And rightly so. Thankfully there has been some pretty strong backpedaling on this, which I expect will continue. There have also been other issues which instigated waves of panic due to poor communication, such as the decision to use AWS hosting for COVIDSafe. AWS provides cloud service infrastructure, which in this case means that the keys which you generate every 2 hours will be stored on Amazon-owned servers. Using AWS does introduce some hypothetical risks. The most serious concern is that Australian data could be obtained by US law enforcement even if the Amazon servers holding the data aren’t physically in the US (which they aren’t). But the data which will be stored on AWS isn’t that sensitive in the grand scheme of things — if it was, I would have much bigger problems with the app at a fundamental level. I don’t think there is anything surprising here. If I had 2 weeks to ship out an app to service 10+ million Australians, I’d use AWS too. Unfortunately, the reality is that AWS is second to none when it comes to quick and secure cloud provisioning. It’s one less complexity to worry about when rapidly executing a nationwide technology rollout. This wasn’t communicated at all, and it makes selling the app a lot harder. So, with all this in mind, how do you sell COVIDSafe? Real easy. ‘This app will let you know if you’ve been in close contact with an active case of COVID-19. It’ll keep you, your family, and your colleagues safer. It costs nothing and your privacy is protected. You don’t have to trust the government, because it’s backed by (insert respectable tech people here). Get the app now.’3. Accountability Obviously, the government needs to be held accountable by the Australian public if something goes wrong, if they fail to deliver on the finer details, or they don’t actually respect our privacy the way they say they will. The get out of jail free card for them is to make it open-source. But let’s say they don’t do that. What can we do then to validate their claims? We can use meta-analysis to test the following claims without having access to a single line of the source code:The app doesn’t care where you are or what you’re doingThe app doesn’t upload tracing data automatically to central servers By using some clever tools, software engineers and cybersecurity folks will be able to determine a lot of things about the app, including but not limited to:If the app is using GPS or other location servicesIf the app is communicating over the internet or cellular network with anyoneWhere those connections go to, how frequent they are, possibly what they containHow the app uses Bluetooth and what it is saying over it Through this, we’ll be able to test those claims — even if the app is closed-source. If we see that, immediately after a handshake has been conducted with another device, there’s a spurt of internet activity going to some unknown government server, we can quite rightly accuse the government of lying to us. And also, if the app requests location access upon install, the government will have some very big questions to answer. I really hope they mitigate all of this embarrassment and stay true to their word. Or they could make their lives easier and make the thing open source. I honestly believe their intentions are good this time round. I just hope that whoever is working on this app knows what needs to be done.4. Backing Last but not least, this app needs backing. Backing from Australian technology experts, backing from nerds, backing from health officials, and backing from the digital rights community. The wider community needs us to help the government get it right, and needs us to tell all of our family and friends to install this app and to tell everyone they know to do it as well. If it goes well, it might actually be useful for a range of other infectious diseases, which is a conversation I look forward to having if we don’t make a dog’s breakfast of it the first time round. It is in everyone’s interest to make this thing work, and get it right. As I’ve said before, I’ll be opting in. I’ll be backing this. But there’s still room for them to f**k this up, and if they do, I’ll be watching. I hope you will be too. UPDATE, 26th April: This article has been edited to reflect additional information that has come to light after the official launch of COVIDSafe. PS. I’d love to contribute media conversations on this topic, and anything else relating to digital privacy! Reach out to me on twitter, @SimonAHarman Originally published at on April 23, 2020.

COVID-19 contact tracing in Australia and abroad: An open letter from Simon Harman — Loki…

COVID-19 contact tracing in Australia and abroad: An open letter from Simon Harman — Loki Foundation On April 10th, Apple and Google announced their plans to jointly create software infrastructure in Android and iOS for use in contact tracing apps. Separately, the Singapore government’s efforts to develop a contact tracing app have resulted in TraceTogether, and a similar app now being actively developed for use in Australia. This app will have to utilise the APIs being provided by Google and Apple to increase its effectiveness when they become available. Contact tracing identifies people who may have come into contact with someone with an active case of COVID-19. Due to the pandemic, many countries have launched technologies and apps that aim to perform contact tracing, which has understandably given rise to some privacy concerns. Digital rights advocates are naturally sceptical of any apps that track user behaviour through their own devices. This is a healthy attitude to have, but I think it’s more useful to have a nuanced conversation about specific proposals and ideas in the context of countering the spread of the coronavirus. I am a strong advocate for privacy and a staunch supporter of user autonomy. However, I’m actually reasonably impressed by both the designs of the Android and iOS contact tracing APIs, and the Singaporean Government’s application, and I believe they are in fact good uses of mobile technology that adequately protect privacy. The thing is, the kind of tracking being proposed for COVID-19 contact tracing can barely be described as tracking. It’s encrypted, it’s anonymised, and it doesn’t share location data. This is far less invasive than the tracking big tech companies and governments are already doing. Every day, we interact and use technologies and apps that collect data about us, including our location details and contact history. Theoretically, government agencies could work with data analytics companies and tech companies such as Google, Apple, or Facebook to implement contact tracing without our permission. Thankfully, this would be completely unacceptable in our democracy, and our government is rightly offering us something better. Should we decry the government’s efforts to give us an opt-in, open-source, encrypted, peer-to-peer, low risk privacy preserving method of automatically notifying us when we’ve been in close contact with a carrier of a potentially deadly virus? I think not. I’ve always been sceptical about the reliability of bluetooth in any sort of phone-to-phone communication, but in this time of crisis I definitely think contact tracing using bluetooth is a worthwhile experiment. It may not be perfect, but in the battle to contain the pandemic and reduce restrictions, imperfect is better than nothing. Current analysis of contact tracing systems have raised some concerns over the potential discovery of phone numbers or health information through leaks and hacks, but this isn’t actually creating a new privacy risk. Phone numbers are already exposed in dozens of government services, apps, websites, and stores. It’s unreasonable to think that your phone number isn’t already known by all your local government organisations and every major tech company. And guess what? Your public health records are also already vulnerable to hacks and leaks. Don’t get me wrong, we should be concerned about information harvesting, data leaks and centralised data storage, but that’s part of a larger problem than these contact tracing apps.In my opinion, a minor increase in exposure risk is absolutely worth the potential benefits of contact tracing. If you’re able to notify people you’ve come into close contact with that you’ve been infected, you could literally save someone’s life. With their willful consent, anyone in the community can and should use the contact tracing app proposed by our government. This might not suit everyone, and if you’re averse to exposing yourself to any kind of tracking, then the solution is simple — just don’t opt-in. You might want to ditch your iPhone or Google Play powered Android phone while you’re at it though, as they already give up your location and phone number to big tech companies anyway. My only problem with the contact tracing apps arriving in Australia and around the world is that some of them are black boxes — the code can’t be audited. Singapore’s TraceTogether has been made open source, and all contact tracing apps should follow suit. This way, we (the tech community) have the chance to verify its safety and legitimacy and help with any issues that slip through the cracks during a very accelerated development process. And, as a less obvious benefit — the stamp of approval from trusted members of the tech community can help alleviate the public’s concerns. This could mean more people feel comfortable downloading and using a contact tracing app — potentially improving health outcomes across the whole community. Everyone wins. Privacy and security are more important than ever. Even in times of crisis, we must ensure that whatever measures we take as a nation doesn’t undermine our fundamental values. I’ve reviewed the contract tracing API designs from Apple and Google, and I think we should applaud them for enabling something that aims to provide a life saving service while trying to preserve our privacy. But, while I don’t think contact tracing is the world-ending privacy threat some people are forecasting, we’re still going to need some basic safeties. It must be opt-in only. It must be encrypted. It must be open source. Don’t get me wrong, we should be worried about apps and technologies that carry out surveillance and invade our privacy, and must remain vigilant that times of crisis are not used to erode our freedoms. But in my opinion, the potential benefits of the contact tracing app outweighs the slight privacy exposure risk its use may give us. By using the app, an infected person could literally save someone’s life. This technology is impressive, and I would expect nothing less of competent leaders in technology and public health. I’ll be opting in. - Simon Harman, Loki Foundation Chairperson Originally published at on April 16, 2020. COVID-19 contact tracing in Australia and abroad: An open letter from Simon Harman — Loki… was originally published in on Medium, where people are continuing the conversation by highlighting and responding to this story.

Strengthening Article 19 of the Universal Declaration of Human Rights

Tuesday, 10 December marks Human Rights Day — the day the Universal Declaration of Human Rights (UDHR) was adopted by the United Nations back in 1948. The UDHR was a visionary document that provided a ‘terms of service’ for our human rights. I live in Australia, and I tend to take my own human rights and freedom for granted. I have never personally experienced a place or a time where these principles were not a given. But more recently, we have seen a crackdown on free speech with the raids on the Australian Broadcasting Corporation and the persistent erosion of privacy in legislation. The UDHR is composed of 30 principles or articles that were formulated by the United Nations Commission on Human Rights, that describe our rights and provides guide-rails to enable us all to live in dignity, freedom and peace on our shared planet. The work that the Loki team and I do is grounded in the values articulated in the UDHR. Our work aims to strengthen Article 19 — especially in a digital world that is becoming increasingly surveilled and restricted by corporations and governments.Article 19. Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers. We at Loki are building a network and messaging apps that are designed to facilitate communications with the maximum privacy, security and freedom possible. Our work is governed by a not-for-profit foundation and all our code is open source and auditable by third parties. Communicating securely is critical for activists, human rights defenders and journalists in Australia and around the world. Information such as war crimes evidence, news about unfolding conflicts and protests, and revelations by whistle-blowers must be handled carefully and sent to their destination through the most secure means possible to ensure that the risks are minimised. This means going beyond end-to-end encryption, to create an infrastructure that gives complete anonymity to the parties exchanging communications, and that no collectable metadata exists. The network is decentralised, and the security is trustless. The apps we are building will also have features that are important to activists and journalists, such as disappearing messages and the ability for nominated third parties to remotely delete the app if required. We have the utmost respect and admiration for human rights activists and journalists working in some of the most dangerous places in the world, and we hope that our skills in technology and the secure tools we are building can help strengthen Article 19, and the work of activists and journalists in protecting and defending human rights everywhere. Simon Harman Originally published at on December 6, 2019. Strengthening Article 19 of the Universal Declaration of Human Rights was originally published in on Medium, where people are continuing the conversation by highlighting and responding to this story.

Loki Messenger breaks new ground

Multi-device support is one of the most-requested features in modern messaging applications — people want to be able to chat seamlessly across all of their devices. Decentralised chat applications have struggled to implement this crucial feature, leaving their user experience lagging behind messengers that use central servers. The Loki Messenger team has been working on this problem for the last few months, and we’ve finally published our solution. Loki Messenger v1.5.0 puts multi-device into users’ hands for testing.How we did it Unlike many decentralised messengers, Loki Messenger is not a peer-to-peer messaging service. Instead, Loki Messenger uses a network of servers (Loki Service Nodes) to store and retrieve messages, which are operated by individuals and groups in the Loki community. Because Loki Messenger is based on this unique decentralised architecture, it can do things that many traditional peer-to-peer messengers cannot, including storing messages offline and enabling multi-device syncing. When a message is sent to a particular public key (Loki Messenger address), it is received by a ‘swarm’ (a group of 5–8 Service Nodes). The recipient’s Loki Messenger client polls its swarm to check for incoming messages. This polling typically occurs every 3 seconds, but exact intervals can vary depending on the device. If an incoming message is found, the client downloads it. If the receiving client is offline when the message is sent, it will receive the message when it next comes online and polls its swarm for messages. If the client remains offline for an extended period of time, the incoming message is deleted from the swarm (see Time to live below). A record of active Service Nodes can be found here. So, how does multi-device syncing work?Pairing Before you can use multi-device, your two devices need to be paired. This process involves generating a ‘device mapping’ — a cryptographically signed piece of information which links your primary device’s public key to your secondary device’s public key. This device mapping is uploaded to the Loki File Server, which acts as a file storage solution for Loki Messenger. By default, all Loki Messenger clients use the official Loki File Server (hosted by the Loki Project) to upload and store device mappings. However, users will be free to set up and host their own instances of the Loki File Server once multi-device moves out of testing. When someone sends a friend request to your primary device’s public key, the Loki File Server also provides that person with the public key of your secondary device. This allows the friend request to be delivered to both devices. A similar mechanism is used in public chats, to confirm that messages signed by either the primary or secondary device are coming from the same user (as per the user’s device mapping).Sending messages When a message is sent to a multi-device-enabled recipient, the sender’s Loki Messenger client looks up the recipient’s device mapping on the Loki File Server. The sending client collects the recipient’s primary and secondary keys, then sends a message to both keys’ swarms. If the sender also has multi-device enabled, they will send a copy of their outbound message to their other device too, ensuring their sent message logs are synced between devices.Receiving messages The receiving process remains largely unchanged. To check for received messages, your client will ask a node in its swarm if it’s holding any messages for your public key. If you are on your secondary device, your client will ask the secondary device swarm. Since all messages destined for you are sent to both devices’ swarms, your messages are kept in sync across both devices.Further questions and future work While Loki Messenger’s current multi-device implementation offers a novel solution for cross-device syncing, there are a number of changes and refinements we intend to make as we continue to iterate on this new feature.Future plans Although public key storage does not inherently create a privacy risk, we would still like to limit the amount of metadata which is publicly available, including the association between two public keys (i.e. a single user’s primary and secondary devices). There are several changes we aim to make to limit metadata availability, and to improve the overall Loki Messenger UX. — Device pairing. — To eliminate the need for externally-stored device mappings, devices would pair with each other by sending a special control message to the other device. Once the control message is received and the secondary device has authenticated and accepted the request, the two devices would share their private keys. This ensures each device could act completely autonomously without the other device needing to be online. During this process, no device mapping would need to be stored on the Loki File Server or in the recipient’s swarm. — Receiving friend requests. — To add a new friend, you would send a friend request to their primary device. Once the friend request has been confirmed by your friend, their Loki Messenger client would send you the public keys of both their primary and secondary devices. Receiving friend requests under this future system would change slightly, because requests would always be received by the primary device. This means that both primary and secondary device would need to monitor the primary device’s swarm for friend requests. If either device detects an incoming request, they can download and accept it on behalf of the other. The device which accepts the request would then send the new friend the other device’s public key, as described above. — Public chats. — With multi-device implemented, public chats need to be able to ensure that messages from both primary and secondary devices appear to originate from the same person. Currently, every message sent to a public chat is signed by the sending device’s key, and receiving clients determine whether two seperate keys are related by checking the associated device mapping which is stored on the Loki File Server. In future, the primary device’s private key will be given to the secondary device, so that messages from both devices are signed by the same key. This will prevent servers and recipients from having to check device mappings in order to validate that messages from two seperate keys are associated. Instead, servers and clients will simply see messages from someone’s primary and secondary devices as coming from the same person, with no further checks necessary. — Time to live. — When a Loki Messenger client sends a message, it specifies the time to live (TTL) for that message. The TTL is the time that the message will be stored on the receiving Loki Service Node swarm before being deleted (this storage-and-deletion process occurs if the recipient is offline at the time of the message being sent). The default TTL for messages is 24 hours. This means that if your secondary device is turned off (or otherwise offline) for more than 24 hours, its sent message history will become out of sync with the primary device. To get around this, a user’s primary and secondary devices could re-sync using a Lokinet peer-to-peer connection when they are both online. This is something we will look to implement once Lokinet and Loki Messenger are working together successfully. — Overhead. — Multi-device support increases the overhead required to send individual messages. Currently, each public key can only have one secondary device associated with it. However, even with this limitation in place, sending a single message from a multi-device-enabled client can result in at least three messages being sent: one message to the recipient’s primary device, one message to the recipient’s secondary device, and one message to the sender’s secondary device. This is not ideal because it increases the number of messages that need to be stored on Loki Service Node storage servers. It also creates additional metadata that could be used by malicious actors to identify links between devices. A better solution would be to use the Lokinet peer-to-peer layer to sync messages between primary and secondary devices when both are online at the same time. If we combine the existing message sync method (used when one device is offline) with a peer-to-peer sync layer (used when both are online), most cases could be handled without needing to store all messages on the storage server.Conclusion The current multi-device system is only the first in a series of iterations. Over the coming months, significant work will be done on improving multi-device UX, as well as refining the message history sync process to further increase the privacy and usability of Loki Messenger. Originally published at on November 26, 2019. Loki Messenger breaks new ground was originally published in on Medium, where people are continuing the conversation by highlighting and responding to this story.

LOKI vs THETA | A-Z | Topics | ISO 20022

Privacy | Terms | Contact | Powered By LiveCoinWatch