Jennifer Raiford

ENX live x.com/i/broadcasts/1…

Many IRL engagements in the pipeline for which we will be presenting Enigma protocol, will be posting outcomes of the respective events on an ongoing basis. $ENX

When Governments Go to War, Digital Control Follows Russia's full-scale invasion of Ukraine in 2022 confirmed something that has repeated in every major conflict since: information control and military action now run on the same timeline. VPN demand in Russia surged by orders of magnitude within 72 hours as the Kremlin restricted Facebook and Twitter the same week it deployed forces. The simultaneity was not incidental. When states mobilize, controlling what their populations can see and communicate becomes a parallel objective. What has developed since is a broader pattern. Digital control is no longer purely defensive. Governments restrict their own populations during conflict, but they also attempt to shape the information environments of other nations, export their regulatory architectures to partner states, and treat connectivity as leverage in geopolitical contests. The tools and precedents circulate. Each conflict cycle expands the range of governments that have deployed them. In that context, privacy infrastructure is not a product category responding to consumer demand. It is the primary technical domain where individual agency and expanding state control remain in direct contest. Iran: Precision Shutdown as Operational Capability Iran is where the current ceiling of state-level internet suppression is being tested under real conflict conditions. Approximately 86 to 93% of Iranians use VPNs as a default mode of internet access, according to the Tehran E-Commerce Association. This is not an edge behavior. It is the documented baseline because unfiltered access to the global internet is not available. The government formally prohibited unauthorized VPN use in February 2024, requiring state approval for international connectivity. Usage increased. The filtering infrastructure operates at the protocol layer. Deep packet inspection systems inspect TLS SNI fields, DNS queries, and HTTP hostnames. Non-whitelisted protocols, including standard VPN configurations, are dropped silently at the network edge. The system does not block by IP address. It filters by traffic signature, which defeats standard VPN architectures regardless of server location. This is documented in research by OONI and analyzed in detail by Lange et al. (2025). The June 2025 shutdown, executed during the twelve-day conflict with Israel, introduced a further capability. Prior shutdowns withdrew BGP routes — a blunt mechanism visible to external network monitors. In June 2025, researchers at the Miaan Group, ASL19, and IODA documented a different approach: BGP routes remained announced globally, so Iran appeared connected from outside. Domestically, access to international resources had collapsed. Standard outage detection tools registered nothing unusual. Identification required active in-country probes measuring application-layer reachability. The operational implication is specific: a government can sever its population's access to international information during active conflict while remaining, from an external monitoring perspective, a connected and reachable network. Proton VPN's general manager David Peterson noted that usage spiked in the hours immediately before the blackout as Iranians attempted to reach international news about Israeli strikes, then dropped as the infrastructure rendered those tools below functional thresholds. Eleven million people ended up relying on Psiphon bridges. Others covertly activated Starlink dishes, the one link outside the filtering layer. By January 2026, the architecture had a name: "Filternet Plus." A domestic intranet routing all traffic through state-controlled endpoints while the network externally appears intact. This is relevant beyond Iran's borders. The FREEDOM Act, introduced in the US Congress in December 2025, acknowledges that Iranian citizens' access to international information during conflict is a US foreign policy variable. When a government can execute a precision shutdown invisible to standard monitoring, the capacity of external parties to support civil communication collapses with it. Other governments are studying this model. The design is replicable. Mexico: Institutional Compromise as the Attack Vector Mexico presents a structurally different failure mode. The privacy threat is not a government severing international connectivity. It is an environment where the institution designated to protect journalists and the organization targeting them may share the same information. Reporters Without Borders ranked Mexico third globally for journalist deaths in 2024, behind Palestine and Pakistan. The number of journalists killed in 2025 surpassed the full-year 2024 total before mid-year, according to OCCRP. Freedom House documents persistent "zones of silence": regions where covering organized crime carries a credible physical consequence, producing measurable self-censorship across local media. The digital threat model here is not protocol-level filtering. Cartels monitor platforms systematically to identify anonymous accounts and cross-reference behavioral patterns with physical location data. Investigative journalist Humberto Padgett's 2024 case is representative: enrolled in Mexico's government journalist protection program, his security assessment and personal contact details were transmitted through that program to the parties threatening him. The exposure was not a technical failure. It was an institutional one. Mexico then eliminated the two oversight bodies responsible for accountability in this domain. The Federal Telecommunications Institute and the National Institute for Transparency were both disbanded through constitutional reform in November 2024. Documents released in a 2025 NSO Group legal case confirmed that Mexican authorities used Pegasus spyware against over 450 individuals in a two-month window in 2019, directed domestically at journalists and civil society. The US designation of several Mexican cartels as foreign terrorist organizations in early 2025 made digital communication across the US-Mexico border an active surveillance surface for multiple parties simultaneously. Privacy tools designed for government-surveillance threat models provide incomplete coverage in an environment where the adversary may be non-state, may have institutional access, and is tracking behavioral patterns rather than intercepting packets. The UK and Europe: A Third Model Iran and Mexico represent recognizable types: authoritarian shutdown and non-state targeting. The United Kingdom and the European Union represent a third, less obvious one: democratic governments using domestic security rationale to expand state access to communication infrastructure in ways that compress the operational envelope of privacy tools. The UK's Online Safety Act, implemented in phases from January 2024 through mid-2025, requires platforms to proactively remove illegal and harmful content under threat of fines up to 10% of global turnover and personal criminal liability for senior managers. The act includes provisions for client-side scanning, inspection of message content before encryption applies, which Apple described publicly as a direct threat to end-to-end encryption. The European Court of Human Rights ruled in February 2024 that requiring degraded end-to-end encryption is incompatible with the European Convention on Human Rights. The UK proceeded. The behavioral response from UK users was immediate. When mandatory age verification came into effect on July 25, 2025, requiring identity documentation for access to a range of platforms, VPN apps became the most downloaded applications on the UK Apple App Store within days. A petition calling for repeal of the act reached over 400,000 signatures. The Electronic Frontier Foundation noted that the UK had demanded backdoor access to Apple's encrypted storage systems, a demand that applied to British users globally. The EU's Digital Services Act operates on a parallel architecture. Platforms with over 45 million EU monthly active users are required to remove broadly defined illegal and harmful content or face fines of up to 6% of global annual turnover. The EU Commission's May 2025 internal workshop, documents from which were obtained under subpoena by the US House Judiciary Committee, classified a hypothetical post stating "we need to take back our country" as illegal hate speech requiring removal. The Code of Practice on Disinformation, previously voluntary, was formally integrated into the DSA in July 2025, making compliance with EU-defined standards on political content a legal obligation. The EU issued its first DSA non-compliance fine in December 2025, €120 million against X. The US State Department responded by issuing visa restrictions against European officials involved in DSA enforcement. The European Commission's Technology Roadmap on Encryption, published in 2025, describes mechanisms for law enforcement access to encrypted data, which the EFF assessed as a direct threat to end-to-end encryption architecture. The mechanism here differs from Iran's in implementation but not in direction. The UK and EU are not executing wartime shutdowns. They are constructing regulatory frameworks that require platforms to weaken encryption, grant state access to communication content, and enforce government-defined speech standards under liability structures that create strong incentives for over-compliance. The threat model for users in this environment is not deep packet inspection at a national border. It is platform-layer enforcement, compelled by law, that achieves the same reduction in communication privacy through a different path. A Common Direction Across Different Systems Iran blocks at the protocol layer. Mexico corrupts the institutional layer. The UK and EU reshape the platform layer. The adversary in each case is different. The direction of movement is the same. Each conflict, each civil disruption, each security rationale generates policy responses that expand the state's operational surface in communication infrastructure. Those responses accumulate and travel. Iran's filtering model is studied by other authoritarian governments. Europe's DSA framework shapes platform behavior globally. Regulatory decisions made in response to local conditions propagate outward, affecting populations and threat surfaces far beyond the originating jurisdiction. Payload encryption, what most consumer privacy tools lead with, addresses one layer. Routing metadata, session persistence, endpoint observability, and traffic timing continuity are a separate layer. State-level adversaries are now specifically engineered to extract information from that second layer. So are the compliance architectures being constructed in democratic jurisdictions, which achieve access to communication content not through technical interception but through legal compulsion of the platforms handling it. What the Future Holds The conditions producing this dynamic are not stabilizing. Geopolitical contestation across multiple regions, accelerating militarization, and the domestic political instabilities driving restrictive legislation in democratic countries all point toward more regulatory and technical pressure, not less. Each cycle produces governments more practiced at digital control, surveillance architectures more capable of defeating current circumvention tools, and regulatory frameworks that travel across borders more efficiently than the civil liberties protections meant to constrain them. Privacy is not a permanent condition. It is a variable maintained or lost depending on whether the infrastructure supporting it keeps pace with the systems designed to defeat it. In a period defined by geopolitical instability, that variable is under pressure from more directions simultaneously than at any prior point in the history of the public internet. For individuals, privacy tools represent the only domain where that pressure can be practically addressed. The gap between what is currently deployable and what current threat models actually require is the defining technical condition of the next decade. It is not narrowing. $ENX

Development Update: March 13th 2026 Current work is focused on stabilization, performance verification, and platform parity ahead of the next testing round. Client Stability & Performance Final stability tests are being conducted on the macOS client. These tests focus on connection persistence, recovery behavior after network interruptions, and general runtime stability. Network throughput diagnostics are also ongoing. The objective is to confirm that routing and encryption overhead do not materially reduce achievable internet speeds under normal usage conditions. In parallel, we’re ensuring a user centric solution for ReCAPTCHA interactions on certain websites. The goal is to determine under which routing or IP conditions these challenges appear and adjust exit node behavior where appropriate. Platform Parity Work is nearing completion on aligning the Windows client with the current macOS build. This includes feature parity, consistent network behavior, and matching configuration logic across both operating systems. Network Deployment Additional exit nodes are currently being deployed across the United States and the European Union. This expansion supports regional routing diversity and allows further measurement of latency and throughput across multiple geographic paths. Next Testing Phase Application packaging for both desktop clients is underway. Once packaging and deployment checks are complete, invitations for the second round of beta testing will be issued. Further updates will follow as testing data becomes available.

We are proud to announce that Enigma has partnered with Syngenity, a global leader in TISAX consulting, an elite cybersecurity standard for the global automotive industry. Enigma will work with customers that wish to upgrade their networks to meet the rigorous TISAX cybersecurity requirements related to zero trust network access. Existing clients for Syngenity include: Google J.P. Morgan Mercedes-Benz BMW Volkswagen Texas Instruments Continental $ENX

Honored and excited to be speaking at FutureConHQ in Chicago on 1/29/26. $ENX

RAVID is at the very core of the Enigma Protocol. Contrary to traditional network infrastructures, RAVID provides a fluid network infrastructure. It continuously randomizes routes, nodes and session characteristics by distributing traffic across adaptive tunnels that change over time based on network conditions and risk models. There is no permanent topology to observe and no single point that exposes the whole network when discovered by attackers. The RAVID framework allows for creating customized and future-proof privacy applications with zero metadata leakage. $ENX

Thrilled to have our CISO and Chief Digital Privacy Officer, @JenniferEnigmaX in Tel-Aviv for the 2026 Cybertech Global Conference. Enigma on track to scale globally. cybertechisrael.com/speakers $ENX

I am excited to announce my upcoming trip to Tel-Aviv, where I have been personally invited to join the Global CISO panel as a speaker representing Enigma at the 2026 Cybertech Global Conference. The discussion will primarily revolve around Al governance, national cyber resilience, and the deployment/expansion of Enigma. cybertechisrael.com/speakers $ENX

ENX live x.com/i/broadcasts/1…

Episode 4: Enigma Private Network (EPN) Technical Deep Dive. Presented by our Chief Architect and members of the Development Team Live Stream: Saturday, January 10th at 3:00 PM EST Join us for an in depth exploration of Enigma Private Network (EPN) Enigma’s revolutionary private connectivity solution powered by the RAVID foundational network layer. EPN redefines secure access by replacing traditional VPNs with identity based private connectivity, where access is governed by verified identity rather than IP addresses or network location. $ENX

ENX live x.com/i/broadcasts/1…

Enigma Private Network (EPN) Introducing EPN - the Private Network that never stops moving. No Public IPs. Constantly changing routes. No attack vectors. $ENX

@engma_io Welcome Renata!!

We’re proud to welcome Renata Spinks-McNeal as an Advisor to the Enigma team. Former CISO of the U.S. Marine Corps. Renata is a nationally recognized cybersecurity executive, U.S. Army combat veteran, and former Senior Executive Service leader with decades of experience securing some of the most complex government and enterprise environments. She served as Chief Information Security Officer for the U.S. Marine Corps, along with senior leadership roles across the Marine Corps, DHS, Treasury, and IRS, where she drove enterprise-level cyber strategy, risk management, and digital transformation. As Founder and CEO of CyberSec International, Renata continues to shape global conversations around cyber resilience, workforce development, and operational readiness, bridging public and private sector innovation with mission driven leadership. Renata’s leadership philosophy and deep operational experience make her an invaluable addition to Enigma as we continue building technology with purpose and impact. $ENX linkedin.com/in/rcsm21 linkedin.com/posts/engma-io…

Invisibility Through Motion: Our take on a16z's 2026 Privacy Trends @a16z’s privacy thesis for 2026 points to a deeper convergence: Privacy can’t be an app feature, a ZK add-on, or a data policy. It has to be infrastructural. As Ali Yahya put it, “crossing the boundary between a private chain and a public one (or even between two private chains) leaks all kinds of metadata like transaction timing and size correlations.” That observation shows up across all the examples, from messaging, to secrets-as-a-service: even when cryptography is strong, the surrounding infrastructure remains observable. Relays, nodes, endpoints, and transport paths can still be mapped and correlated, allowing metadata leakage through timing, routing patterns, and infrastructure discovery; even with perfect encryption. Encryption makes static targets harder to crack. But with the help of Enigma’s underlying privacy layer the target is removed from the map. To quote @EmanAbio : “Who controls sensitive data? How does it move? And who (or what) can access it?” This is the exact issue we have identified and are tackling with RAVID, the underlying privacy layer behind our products. We believe that in a future where quantum computers and advanced AI will be able to decrypt the data traces we leave today, true privacy can only be guaranteed by ensuring that the footsteps we leave lead to nowhere. When @alive_eth says “bridging secrets is hard” it’s because the infrastructure bridging those secrets is visible. Instead of better bridges, the solution has to be dynamic, constantly moving. We need to move to a world where your data still lives on-chain, in databases, and in apps, but the network infrastructure that it flows through can’t be effectively targeted as it never stays still. The next phase of privacy begins now - and Enigma is building it.

We have dropped the taxes to 0/0 for the next phase of Enigma $ENX

Enigma is pleased to announce a technical exchange partnership with @SecretNetwork We look forward to sharing the synergies and integrations we’ll be collaborating on to strengthen privacy across Web2 and Web3. $ENX

Enigma's Regulatory Compliance Document is now live. engma.io/compliance Operating in Cyber Security on a commercial level goes hand in hand with one major hurdle: countless region-specific regulatory and safety requirements. To ensure flawless legal operability in most jurisdictions, all of Enigma’s products, such as EPN, Vault and Echo, operate within these necessary legal frameworks while providing you with unmatched privacy and data security. Learn more about how Enigma operates in compliance with major global regulatory standards such as the CRA (EU Cybersecurity Resilience Act), NIST 800-207, CJIS, HIPAA, PCI, FIPS 140 and more on our website. Invisible Security. Absolute Sovereignty. Impeccable Compliance. Powered by Enigma.