White Noise is an encrypted group chat application implementing the Marmot protocol. The Marmot protocol combines the MLS (Messaging Layer Security) protocol with Nostr’s decentralized network to provide private group messaging that does not rely on centralized servers. whitenoise-rs is the Rust backend for White Noise client applications. It leverages
“AI won’t replace humans. But humans who use AI will replace those who don’t.” The line is widely repeated, and it has recently been attributed to Sam Altman in mainstream coverage. It also appears in a widely circulated Harvard Business Review framing of the same idea. For security audits, the
Marmot combines the MLS (Messaging Layer Service) Protocol with Nostr’s decentralized network to provide private group messaging without relying on centralized servers or legacy identity systems. MDK is the Marmot Development Kit and consists of four crates. White Noise is the Rust backend of the Flutter application, and the whitenoise
Data protection laws, such as the EU’s General Data Protection Regulation (GDPR), establish a comprehensive framework of individual rights intended to give data subjects greater control over the processing of their personal data. Together, these data protection rights aim to empower individuals while restricting how organizations use and process that
Privacy depends on more than promises or compliance. This blog explains how policy creates obligations, but system architecture determines outcomes, shaping what data can be collected, linked, or exposed. Why Law Creates Obligations—but Architecture Determines Outcomes Privacy failures are rarely the result of a single mistake. More often, they emerge
We performed a security audit of TACEO’s OPRF Noir circuits within their OPRF service, which provides publicly verifiable, privacy-preserving nullifiers via a verifiable threshold OPRF (Oblivious Pseudorandom Function). Our final audit report was completed on January 26, 2026. To read the full report, including our findings, click here: Report
We performed a security audit of the upgraded version of TACEO’s Circom circuits used in their Nullifier Oracle service, which implements publicly verifiable, privacy-preserving nullifiers through a verifiable threshold OPRF (Oblivious Pseudorandom Function). Our final audit report was completed on January 26, 2026. To read the full report, including our
Privacy is often treated as a feature or a promise. Add encryption, write a policy, or comply with a regulation, and privacy is assumed to follow. Our work this past year reinforced our longstanding core principle: privacy holds when it is enforced by system design. When privacy depends on process,