NymVPN (Nym)

Hi Jerm.

Apologies, I’m not quite sure by what you mean by “can’t a AI/ML algorithms just be able to strip out these packets and be left with real packets that are transmitted” in this context. I’ll try to answer your question with an explanation …

As you (and I) said, Nym sends/receives a fixed number of packets per second (200 or so). These packets may be dummy or real packets, but it’s not possible to know because their content is encrypted. Nym also makes all packets the same size [1] so that a ML algorithm cant use this information to classify which communications people are using [2]. Sending dummy packets (or sending a constant flow or them in Nym’s case) along with padding packets (or making them the maximum size) is a common technique done used by both TOR and Mullvad, as well as Nym.

If by “strip out” in this context you mean actually go inside the packet and see if its dummy or real - that’s not currently possible because of encryption (AI/ML cant break encryption). However, if you mean an ML algorithm is able to observe the network and distinguish between the real ones and the dummy ones - Nym makes it very difficult for this to happen because of its mixnet and the techniques they use within the mix nodes e.g. packet-based routing, packet shuffling etc.

They could, but it’d be much easier to view the entry nodes on their publicly available server list server list lol (at least that’s what I’d do if my name were FBI-laracan988 instead). Publicly available entry nodes/server lists with associated IP addresses are also available for TOR and Mullvad on their websites. The way I see it is, if I’m using Nym I assume my government knows I’m using it because I’m connecting to a IP address which is publicly associated with its network.

Yes, I get the “it must stand the test of time” argument along with the Skiff problem. However, Skiff wasn’t some new revolutionary technology which changed the game [3]. On the other hand, Nym provides clear advantages over technologies people have been using for decades i.e. TOR and VPNs. This is through the use of a commercial mixnet and other privacy enhancing technologies e.g. constant cover traffic (which seems like it is super necessary for evading AI/ML systems and not a feature in TOR/other VPNs).

Nym’s founders also seem quite into this whole privacy thing. One of their founders describes himself as a “crypto anarchist” [4] Harry Halpin on “The Hated One”. It doesn’t seem like he’s gonna sell out for some cash like Skiff, but that’s just my opinion. They also have Chelsea Manning and Snowden as partners who have both promoted the product and done talks/promotions on their YouTube channel [5]. If Manning and Snowden were involved in the next “big Skiff sellout”, I’d find that totally wild lol (I’d also loose faith in humanity).

[1] By filling them with some dummy content as I understand it
[2] I would only assume this packet-size content would be a great predictor for a ML model
[3] That being said I dont know too much about Skiff, so maybe it did in some way
[4] Crypto-anarchy, crypto-anarchism, cyberanarchy or cyberanarchism is a political ideology focusing on the protection of privacy, political freedom, and economic freedom, the adherents of which use cryptographic software for confidentiality and security while sending and receiving information over computer networks.
[5] Can’t link the Snowden interview (ran out of links) - you can view a 1 hour interview of Snowden on their YouTube channel (talking about Nym to some extent)

Yes, as fuse2 is highly vulnerable.

May I ask when the 50% crypto offer ends? Asking as I want to test and review Nym, but I need a month or so as I’m currently busy.

Thank you!

Likely for a few more weeks (+/- end of April).

@nym-product Hoping Nym is everything it claims to be, and appreciate your official presence here to earn user trust and answer specific questions. In that vein of things:

1. In terms of real world performance, what are the maximum download and upload speeds currently attainable both for Fast Mode and Anonymous Mode?

2. What security protocols and accountability layers are in place to ensure that decentralized user nodes can’t be compromised by bad actors?

3. Does Nym work with firewall applications like Portmaster and Simplewall for Windows? Portmaster offers system wide DNS filtering and per-app entry and exit node control via the SPN, but doesn’t play well with most third party VPN’s. NymConnect doesn’t support many apps and looks neglected on the Github page. Is there a way to use Nym on Windows and Android having it protect internet traffic for ALL apps, not just the web browser?

4. In terms of parity, Mullvad VPN with Obscura and DAITA v2 and Portmaster’s SPN (soon to be integrated with IVPN) both offer multi-hop/decentralized/anonymized services. In what ways is Nym better or worse or justifiably different than these other players in the market?

5. With the uncertain future of privacy in Switzerland, what plans or options does Nym have if the proposed changes to the OSCPT pass? Worst case scenario, are all Nym users immediately compromised or highly vulnerable once the law goes into effect if Nym hasn’t changed jurisdictions or protocols by then?

6. In a market that’s increasingly consolidated, any written reassurances of no future Skiff-like exit plans/acquisition buyouts? If not, why not?

Yes, NymVPN!

Nym is a mixnet not an MPR or VPN. Fast Mode in NymVPN is a MPR but it is not really the main reason Nym exists. Mixnets are strong privacy tools that provide unlinkability and sender or recipient anonymity, and Nym fills the gap left when you want to use an anonymity network but don’t mind higher latency.

Real anonymity for sensitive communications and transactions, with technology that offers protection from advanced threats and surveillance. Best for: email, messaging, banking, and crypto.

Mullvad VPN is not a multi-party relay. Obscura is but I am not sure you can use it with DAITA v2 because you will be using Obscura’s client or configuration rather than Mullvad’s.

Where have you seen this integration being specified?

Hi @Wings

The performance will depend on multiple factors. Remember that 1.NymVPN is designed with privacy in mind, and 2. is multi-hop by default (2 or 5 servers). Thus it can’t offer the same performance as 1-hop centralized VPNs. With a good connection and good choice of nodes, you can expect 200 to 300 Mbps on the dVPN mode, with reasonable latency. With the mixnet, speeds are lower than 1 Mbps. This mode is intended for maximum privacy and best-suited for use cases such as messaging.

Nodes can (and will be) compromised by bad actors. Limiting bad actors is done by actively managing our community of operators, and making full use of the staking mechanisms described in the “Reward sharing for mixnets” article (“costs” to setup a node + reputation system based on staking). Limiting the impact of bad actors is done by being multi-hop (so one node doesn’t see both your IP address and the destination of your traffic – which is not the case of single-hop VPNs). Users can also limit that by frequently rotating the nodes they use.

In the future we plan to include mechanisms to detect active attacks and penalize/exclude nodes found to engage in active malicious behavior, as well as to limit opportunities for passive (undetectable) malicious behavior through the use of secure hardware.

I’d need to get back to you on this one.

As shared by @privacyisconsent, NymConnect (which worked with a short app allowlist - Telegram and a few crypto wallets) is deprecated. It is now replaced by NymVPN (which provides a multi-purpose VPN-like experience covering your full device traffic).

These are all great services which we vastly respect. While they offer a multi-hop solution, they are more multi-party / “bi-centralized” than decentralized (as in, both entry and exits are centralized, and you need to trust them not to collude). We don’t believe they are “anonymized” either, unless you pay with cash (paying with a crypto doesn’t provide anonymity). Nym aims to unlink users payment data from their network usage, thanks to the “zk-nyms” (zero-knowledge access credentials, which are already live). This property is valid across all payment methods! I.e. one may know that you are a NymVPN user, but cannot trace that to your online activities.

You can check Nym’s position on our Blog: Online privacy and digital integrity under threat / Nym Our Ops / Legal people are actively following the matter together with Proton, Threema and others.

There are no such plans. The goal is to get the network self-sustainable, with various apps (starting with NymVPN) and SDK integrations paying for its usage.