Podcast Episode Details
Back to Podcast Episodes
S16 E33: Liz Steininger on Least Authority & Auditing Open Source Software
Season 16 Episode 33
Liz Steininger is the CEO of Least Authority: a company which specializes in auditing open source software since 2014. Originally founded by Zooko Wilcox, Least Authority has conducted more than 100 security audits in the space. Some of the best known contractors who requested an expert review include the Ethereum Foundation, the Electric Coin Company, Metamask, the KeyStone hardware wallet, and Avalanche. Least Authority also builds products that make use of Zero Knowledge Proofs: PrivateStorage (a cloud storage system that's designed to make the host unaware of the files being stored), ZKAPs (Zero Knowledge Access Passes, an authorization system that separates the payer from the data on the items being bought), and Winden (a file-sharing service that's encrypted and requires no identity from the sender and receiver). In a space which often defers to "check the code, it's open source", companies such as Least Authority offer high quality verification which makes it easier for the average non-technical person to trust that something is safe. Also, it helps builder have the peace of mind that what they're working on will not bring any unforeseen consequences. Time stamps: 00:00 - Intro and Sponsor Mentions Introduction to the podcast and sponsors: Sideshift, Bitcoin.com News, EdgeWallet, LayerTwo Labs, Citrea, NoOnes.com, and HODLING.ch. 01:17 - Guest Introduction: Liz Steininger Liz Steininger, CEO of Least Authority, is introduced. Discussion begins about the company’s focus on security, privacy, and auditing in the crypto space. 1:57 - Irony of "Least Authority" Having a CEO Liz addresses the irony of a company named Least Authority having a CEO, explaining their non-hierarchical approach and balance of leadership. 03:04 - Least Authority Philosophy and Nick Szabo’s Influence Discussion on the principle of least authority, referencing Nick Szabo’s 2005 paper and its connection to Zooko, founder of Least Authority. 05:19 - Liz’s Tech Background Liz shares her journey into tech, from early internet experiences to open-source and privacy-focused technologies. 09:36 - Role of Auditing Firms in Open-Source Exploration of why auditing firms like Least Authority are necessary despite open-source code being publicly verifiable. 11:45 - Surprising Audit Findings Liz discusses instances where Least Authority found unexpected issues during audits and the value of helping clients fix them. 12:16 - Notable Clients and Audits Overview of Least Authority’s clients, including Zcash, MetaMask, Ethereum Foundation, Filecoin, Polygon, and Keystone hardware wallet. 14:35 - Predicting the Ethereum DAO Hack Liz reflects on Least Authority’s 2015 Ethereum audit, which identified vulnerabilities that later contributed to the 2016 DAO hack. 17:43 - When to Conduct Audits Discussion on the optimal timing for audits, depending on project roadmaps and feature development. 19:51 - Auditor Liability and Security Guarantees Liz explains that no system can be 100% secure and discusses the limitations of auditor liability. 22:25 - Social Engineering and Security Exploration of how social engineering can bypass even the most secure systems, with examples like SIM swapping and Pfizer leaks. 29:55 - Least Authority’s Products: Private Storage, ZKAPs, Winden Overview of Least Authority’s products: Private Storage (client-side encrypted storage), ZKAPs (zero-knowledge access passes), and Winden (anonymous file transfer). 36:45 - ZKAPs Applications Beyond Storage Liz discusses potential uses of ZKAPs for other services requiring privacy in payments, like VPNs or electricity. 43:53 - Winden’s Features and Use Cases Detailed explanation of Winden’s end-to-end encrypted, identity-free file transfer, ideal for secure peer-to-peer sharing. 46:21 - Destiny: Mobile Version of Winden Introduction to Destiny, a mobile app version of Winden using the same magic wormhole protocol. 50:00 - HRO Cloud for Human Rights Organizations Discussion of HRO Cloud, a f
Published on 1 month, 3 weeks ago