Nym and NymVPN - Next-gen privacy with mixnet and VPN service

Hi everyone,

I’m part of Nym Technologies team. We’re excited to introduce Nym, our mixnet, and NymVPN, our privacy-focused app, to this community. We’re eager to hear your thoughts and discuss the possibility of being featured as a recommended tool by Privacy Guides.

What’s Nym?

Nym is a mixnet, a new-gen anonymization networks similar to Tor and I2P. It’s built upon years of academic research in networking, privacy and cryptography, and is run by a decentralized community of hundreds of operators worldwide. It’s integrated, or in the process of integration, with other privacy-focused projects like Zcash and libp2p.

What’s NymVPN?

NymVPN is our official client for accessing the Nym mixnet. It works just like a VPN app, protecting your device’s traffic on Android, iOS, Linux, macOS, and Windows. It was briefly featured in previous Privacy Guides discussion. NymVPN offers two modes:

• Fast Mode: A dVPN mode using (client-side) AmneziaWG, a censorship-resistant WireGuard fork, perfect for everyday browsing.
• Anonymous Mode: A mode routing your traffic through the Nym mixnet, ideal for high-privacy activities like messaging or crypto transactions.

How does it work?

In the “Fast” mode, your traffic passes through 2 independently operated servers: the first sees your IP but not your activity, and the second sees your activity but not your IP. In the “Anonymous” mode, each packet is encrypted multiple times, mixed with others, hidden among fake trafic and routed through 5 nodes (at the expense of lower speed and higher latency).

Is it secure?

Nym and NymVPN are open-source, and licensed under GPLv3, with the source code accessible on our GitHub. Both have undergone security audits, including cryptographer JP Aumasson, Oak Security, Cryspen and Cure53 (see in our Trust Center). We plan to launch a vulnerability disclosure and bug bounty program in the first half of 2025.

Who is behind the project?

Nym Technologies comprises privacy advocates and researchers dedicated to advancing online anonymity. We collaborate with leading academic institutions (incl. KU Leuven and EPFL).

How much does it cost?

Both the Nym mixnet and the NymVPN app are free to use (for now). We will transition to a paid subscription model for NymVPN in March. Zero-knowledge proof-based access credentials (“zk-nyms”) will decouple payment information from online activity. We also aim to offer privacy-friendly payment options.

How can I get started?

You can download NymVPN and get a 30 days free credential from our website. Check our public NymVPN roadmap (the much-anticipated killswitch will be available by end of Q1). And check the Nym mixnet documentation on how to run a node or play with our SDKs.

We acknowledge that Nym and NymVPN are still WIP, and would love to get your feedback! Please share your thoughts, questions, or any issues. Thanks! Marc cc: @Jayapapaya

PS: This post was limited to 2 links, so we’re adding here:

• Mixnet documentation
• NymVPN public roadmap

Thanks!

I think it would be helpful to users of this forum if you could give a bit of a summary of how Nym looks through the lens of the Private VPN Service Recommendations and Comparison, No Sponsors or Ads - Privacy Guides criteria and what is being done, if anything, to meet or exceed the criteria that it does not currently meet.

Thanks, @Parish2555. Here are some initial responses based on the criteria you provided. The following applies to NymVPN. We’re happy to provide evidence, but are limited in the number of hyperlinks we can include to articles.

Technology

• Protocols: The dVPN mode is based off AmneziaWG, a censorship-resistant fork of WireGuard. NymVPN does not support OpenVPN.
• Killswitch: The Android app relies on the native Android killswitch. By end of Q1 2025, the iOS app will rely on Apple’s “VPN On Demand” rules and the desktop apps will get a basic but robust killswitch.
• Multihop support: The dVPN mode is 2-hop. The mixnet mode is 5-hop.
• Open source: Both the NymVPN app and the Nym binaries are open source, and available on Nym’s GitHub page.
• Censorship-resistance: The use of client-side AmneziaWG allows for basic censorship-resistance. More censorship-resistance features will make their way into NymVPN throughout 2025.
• UX: The NymVPN apps are straightforward, with a switch for the 2 modes, a location selector and a Connect button.
• IPv6: The apps natively support IPv6.
• Remote port forwarding: NymVPN does not support this feature.
• Obfuscation technology: See above.

Privacy

• Anonymous payment options: NymVPN is free to use. By the paid launch, it will support Monero payments. Adding support for Zcash (and cash TBD) is on the roadmap. Note that payments information is unlinked from online activities thanks to a network access based on zero-knowledge proofs.
• Personal information: The access is done via a randomly generated 24-word passphrase.

Security

• Encryption schemes: NymVPN use up-to-date cryptography such as X25519/Ed25519 for handshake, AES-GCM-SIV 256 bits, AES-CTR, ChaCha20 and BLAKE2b for data encryption for the mixnet mode. For the dVPN mode, AmneziaWG / WireGuard encryption applies.
• Forward secrecy: Supported in the dVPN mode with IKpsk2 Noise pattern. Partially supported for the mixnet (done for client-gateway; partially implemented for gateway-mixnodes and mixnodes-mixnodes, to be completed in Q2 2025).
• Published audits: See Nym’s Audit page. The mixnet and NymVPN apps have been audited by JP Aumasson (cryptographer), Oak Security, Cryspen and Cure53.
• VPN servers: Nym does not operate servers (as a dVPN / mixnet).
• Quantum-resistance: This is on the roadmap for 2025.
• Bug bounty: Also on the roadmap for 2025.

Trust

• Ownership and leadership: Nym is owned by its founders and employees. See the nym.com About page for info about Nym’s leadership.
• Jurisdiction: Nym is based in the canton of Neuchâtel, in Switzerland.
• Transparency report: On the roadmap for 2025. In the meantime, detailed info is available on the “Trust Center” on nym.com.

Marketing

• Analytics: nym.com relies on a self-hosted Matomo instance.
• Language: Nym uses responsible language, and makes fair comparison between NymVPN, other dVPNs and Tor’s properties.
• .onion: nym.com does not have a .onion version for the time being.

You must already have an idea of what kind of prices you’ll be charging when you add pricing.

What kind of price ranges are you considering? You must already have an estimate now in the middle of February if you are adding pricing in March.

I’m not crazy about the idea of paying for a separate VPN for my phone when I’m already paying for a multi-device VPN for my home router, laptop for home and outside, and phone for everywhere.

NymVPN will be launched on 13 March 2025 in London!

Is NymVPN going to have a more global launch at some point?

My question is: why should I use NYM if I’m already a customer of another VPN provider and Tor? Is there any specific usage case benefits from utilizing Nym?

Of course, most VPNs are centralized and don’t provide anonymity. I also could just launch Tor via Whonix if that is something I need

Just wanted to add about marketing
on nym.com this is what you present on this:

Which honestly not only is it very vague and reminds me of a project called Playtron that did similar marketing:
Playtron OS
which after it seems backslash they have toned it down a little
Playtron OS
(the windows comparison is still scummy im suprised they havent fixed it)
The point with all due respect maybe adding something like a genuine comparison to mullvad vpn could help out to become honest marketing.
probably adjusting a bit on the FAQ too but it’s like fine for the most part.
but the rest of the parts are actually fine and working on tool suggestion to see PG’s staff and community stances as it seems to meet the criterias.

Pricing will be announced soon, but expected something in line with other “privacy VPNs”. The subscription will cover for up to 10 devices, incl. Android, iOS, Linux, macOS and Windows (no router yet).

What do you mean? Additional launch events in other regions? Nym and NymVPN are globally available. Note that the Android, Linux and Windows apps are already localized in 10 languages thanks to our community.

With NymVPN, we aim to offer an easy and very secure VPN-like experience. I.e. one app, one connect button, always on, capturing all your device trafic, and routing that to the best mode for each of your use case (via split tunneling). Built on a modern tech stack (Rust), using up-to-date cryptography, and backed by academic research. All caveats on what’s already in Nym / NymVPN vs. what’s on the roadmap apply.

Thanks I will get back to you on this one. We’ll split between “mainstream VPNs” and “privacy VPNs” and update the categories.

Oh I misread it I think.

Your domains
strapi-www-nym-com-production.sos-ch-dk-2.exo.io is blocked by Hagezi TIF and ControlD’s Malware filter.
https://snippet.maze.co/ blocked by Hagezi Pro
and https://matomo.nymtech.net blocked by Brave’s Shield

Maybe you can talk with them to explain why they shouldn’t be blocked?

What’s the connection between the VPN/Mixnet and the Nym Token/Wallet? Is this meant to be a way to “pay” random people to provide you with their servers and bandwidth for the mixnet?

Hi, NYM is a utility token that is used to operate the decentralized Nym mixnet. It has 2 main purposes:

1. Reward/compensate the node operators that run the servers powering the Nym mixnet and dVPN (so they can pay for their server costs)
2. Act as a reputation mechanism (users can support the nodes with highest quality of service, ensuring they get selected more frequently for the mixnet hourly “epochs”) and prevent Sybil attacks (i.e. make it expensive for a malicious operator to suddenly operate 50+% of all nodes with a high reputation)

You can find more details in “The Nym Network” article, in particular section 2.2, 3.3. and 6.

As a “mainstream” user of NymVPN, you can (but do not have to) interact with the NYM token.

• You can buy a subscription with a payment card or crypto transfer;
• You can also buy NYM tokens, use them to access the service, actively participate in the network by “voting” for the best nodes (via staking), and even contribute with your own node(s).

Looking at the image @GorujoCY shared above, another question for me arises. The image suggests that Tor does not employ cover traffic, while I know for a fact that this is not the case, see:

It might differ from Nym in the amount of cover traffic thats generated, but to claim that tor does not provide it all together is misleading in my opinion, that is, if it was known by the marketing team that tor does provide padding.

Also would you say that Nyms approach to payments is similar to what Session is doing with their loki network?

@marc how is it going to be possible to subscribe to the service when the free period ends? Using Monero? I hope it is not Zcash only which I’m sure it will be supported looking at your blog posts and Zcash’s forum.

Also, how did you guys afford to get Snodwen on your YouTube channel? https://www.youtube.com/watch?v=YnyscVTygOs

EDIT: While I was checking Zcash’s forum, I came across these posts

Yes, information about the token is geo-blocked in the USA (where ALL tokens except Bitcoin have questionable legal status) and all OFAC-sanctioned countries.

If you want to run a mix node (or even trade NYM tokens), you should not do it from the USA.

Mind elaborating?

Your question has already been answered.

Interesting thread. Thanks for sharing all the info and participating here.

From a tech savvy user POV who likes new such technologies but isn’t capable on evaluating it - I care about about the threshold PG and Techlore have for VPNs and such tools and the stability of the app on the OS. Please ensure of it, soon or in given time by the end of the year at most.

I sincerely hope you will satisfy the descerning users and those who simply want stability that should comes with any VPN like tool.

I’ve asked our Research team, we’ll get back to you.

Same, we need to check into details and get back to you.

Cards payments (via Stripe) + cryptocurrencies (self-hosted BTCPay Server) + NYMs. We’ll start small, but gradually add more payment methods. Monero should be there at launch.

I can’t really elaborate on US regulations and OFAC lists .

Hi! Are you referring to the Blink Protocol developed by Loki? The zk-nyms are quite different than the Blink payments.

For future reference, let me summarise how both work :). Blink is a protocol that allows users to send Oxen transactions instantly, without having to wait for confirmation on the blockchain, as is typical with most cryptocurrencies. My understanding is that when a user initiates a Blink transaction, it is sent to two quorums, each made up of a randomly selected group of Oxen Service Nodes. These Service Nodes are responsible for approving the transaction off-chain. For the transaction to be accepted, both quorums must approve it by signing off. The quorums then check the validity and legitimacy of the transaction. Once both quorums validate the transaction, the coins appear instantly in the recipient’s wallet, and the transaction is then passed to the mempool, where it waits to be added to the blockchain like any other normal transaction. I’m not sure whether Blink utilises the features of Monero like ring signatures, stealth addresses, and ring confidential transactions. If they do, their privacy properties are similar to the ones achieved by Monero (enhanced privacy, it has been shown many times the anonymity set of those ring signatures (where your transaction is mixed with others) is small. Hence, statistical analysis can reduce the effective anonymity.

zk-Nyms on the other hand is a privacy-preserving protocol that enables users to authenticate and interact with the Nym network without revealing their identity or payment details. It leverages zero-knowledge proofs (ZKPs) to create anonymous credentials, ensuring complete unlinkability between payment and service usage.
Users first pay (of their choice, whether in fiat or cryptocurrency) for a NymVPN subscription. After payment, they receive a set of zk-Nym credentials, which is issued by a set of designated issuing validator nodes—this is the part which might look similar to Blink quorums as the issuance is based on signing. However, unlike with Blink, zk-Nyms are not blockchain transactions. The zk-nym credential does not contain any visible information about the payer (not their wallet address, not the type of payment). The issuance—and more importantly, the spending—of zk-Nym credentials is never recorded on any blockchain, ensuring they remain untraceable. Even the nodes that issue zk-Nym credentials cannot track how they are used, as users locally re-randomize them after issuance, making it impossible to link a credential to its original source.
Once obtained, zk-Nym credentials are used to access the Nym network. When accessing the network, entry routing nodes verify credential validity, check for double-spending, and grant access if everything checks out. Since these credentials are not tied to a user’s original payment and exist off-chain, they ensure privacy and unlinkability.

Let me know if you have follow-up questions!

Thank you for the clarification of that part of my question. Are you with the Nym dev team?