argante Do you have any ideas on how to protect yourself against this?

Nym's official take on it is https://nym.com/blog/privacy-under-threat-switzerland.

N1b Feedback: It's not easy to understand from the website what Nym is about. For fact finders it would be helpful to explain the background or link to a more extensive blogpost, e.g. why you claim that Nym is a trustless network.

Point taken.

N1b you offer 50% discount when paying with crypto. This is nowhere mentioned on the main page but a huge USP for privacy and Bitcoin/Monero enthusiasts.

Yes. This is a temporary launch offer, the team didn't want to promote it too much. It will be removed within a couple of weeks.

N1b So how does Nym plan to create a trustless system based on blockchain technology?

Let me get back to you with a more elaborate answer.

            N1b Threat actors like governments and big companies are aware of blockchain technology now and will attack any project that starts with similar traits.

            It's possible if the project is of interest to them. However, remember that a significant share of Bitcoin is already owned by government-affiliated entities (so-called "US strategic reserve", seized assets, ...) and big companies (funds, ETFs, ...).

            N1b Therefore any new idea that tries to be truly decentralized and trustless has to build on the Bitcoin network (usually as a layer on top of the Bitcoin network, like Lightning, Stacks, Liquid or Merlin).

            How do you come to this conclusion? What would make a reputation system more decentralized if it was based on Bitcoin? Wouldn't the above Bitcoin whales have a head start with such a design?

            N1b And how would it protect itself against threat actors? How would it incentivize individuals to contribute protection?

            Threat actors can (and will) set up malicious nodes in the network (as acknowledged in a previous post). This is addressed by a combination of a reputation/reward system, active community management, multi-hop network configuration, and the choice given to the user to select and rotate the nodes they use.

            We also provide extensive documentation on how to run nodes yourself (https://nym.com/docs/operators/introduction), and incentivize operators to run with high performance/uptime. Thus anyone can contribute and "dilute" potential bad actors. How do you see a Bitcoin-based reputation system significantly improving this design?

            • N1b replied to this.

                    nym-product It's good that you wrote it so directly:

                    A new digital surveillance ordinance in Switzerland is being proposed that would require telecommunication companies in the country, including encrypted email providers like Proton and VPNs like NymVPN, to collect identification from people using their services. Egregiously, it also demands a backdoor on encrypted content.

                    Similar regulations are planned in Sweden. If I remember correctly, Mullvad defended that they are not ISP and do not have to log in user activity. But these regulations can be updated. Next, even if VPN declares that it does not save logs and does not track user activity, such user activity can track monitoring in data centers, where the VPN server is located. CDN will already ensure that all network traffic is as visible as possible. Halpin believes that the Nym services in China are tracked despite the use of Mixnet. In his opinion in China, the network traffic should be as similar as possible to the typical and on the smallest scale. DAITA generates a similar problem - it makes it difficult to track, but it makes such network traffic very distinctive and simply the attack vector will be different. In China OpenVPN instead of Wireguard would be definitely more appropriate, because all traffic is more similar to typical network traffic.

                        argante I somehow get a feeling you're shilling for nym while bashing anything else... Kinda sus, don't you think? And you have yet to provide any evidence for your claims in other threads I did ask about. Obviously we all are entitled to out own opinions, but the way you interact speaks lot more than your words..

                            0xsigsev I think Nym solved the problem of masking IP very well. They have two options for launching: Fast (Wireguard) and Anonymus (mixnet). This shows that the first option, despite two servers, is not considered by them as anonymous. My negative attitudes to VPN come from the fact that they often have only one server and say to users that they will be anonymous. This is misleading. Nice that there is Mullvad, IVPN or Proton. However, I would like them to declare to users that they are doing what they can to provide users anonymity, but for various reasons they are not able to provide it. I was positively surprised when Harry Halpin openly said that for some time they succeeded in China, but now their solution is no longer effective in this country. And he added a very important thing: tools that were used in China will also be used by other countries.

                            Mixnet solves half the problem: hiding IP. However, relying on UDP (Wireguard) causes that such network movement becomes much more visible and unusual. This makes it easier to isolate. And this opens the way to a more targeted analysis. The second problem that remains is the fingerprint, but VPN will not help here.

                            And you have yet to provide any evidence for your claims in other threads I did ask about.

                            I presented my point of view. Ignore what I write if you disagree. Argumentation with providing precise sources is a lot of work, and not always someone has time to do it.

                                argante I am all for naming and shaming and I do agree that many VPN providers are just running a proxy network disguising as a VPN and trick users into believing they are 'secure'.

                                But all the posts I have seen made by you were putting all providers into one bag while naming Mullvad and few others saying they do XYZ and therefore lie to their customers. That part is what I have problem with, and don't get me wrong I am not trying to put Mullvad here as some kind of a martyr or holy grail of VPNs I trust them as much as any other such company which is which is absolutely zero trust, but I did my evaluation and they (for me) are much more trustworthy than something like Proton.

                                As for nym for now all I see is a buzzword bs bingo. Yes, they say one of the team members is a crypto expert (with PhD and shit) but for now I see them as just a 'face' of the project and not actual SME.. I would also like them to relink the cure53 audit. @nym-product

                                  Xtreix Mullvad and Nym are working on proposals against traffic analysis attacks

                                  Can you help me locate where in their (nym) docs/blog etc this is mentioned?Searching for it does not yield any results..

                                      0xsigsev You also have Tobias Pulls' article that I shared above, which I think is already pretty technical, I don't have any another technical doc to provide you and it's a very complex subject.

                                          Xtreix You misunderstood me, Mullvad shares quite a lot of info, nym does not. My last reply was about nym specifically.
                                          And to be clear I understand that's a difficult topic hence I want the blueprints so to say. Make for a great bedtime reading ;)

                                              0xsigsev Okay I see, indeed, there's a lack of concrete information about Nym so let's wait, Nym VPN is a prettty new project from what I understand, Mullvad didn't build its reputation in a short time either.

                                              in my personal opinion, Mullvad is the one I trust and I don't see why I'd use any other VPN provider, but when I see Nym, well, why not, I say to myself, I'm waiting to see more.

                                                  0xsigsev thinking that they maybe have some actual documentation

                                                  As shared by @argante above. You can also check https://nym.com/trust-center/papers-and-research. Especially "The Nym Network - The Next Generation of Privacy Infrastructure" which will give you an overview of the mixnet design (which powers the "Anonymous mode" toggle in the NymVPN apps).

                                                  The "Fast" mode relies on 2-hop, tunnel-in-a-tunnel, AmneziaWG (client-side).

                                                      I would like to know what chance an app for this service has to make it to Accrescent because I would definitely like to give it a go, if only for testing.

                                                      nym-product However, remember that a significant share of Bitcoin is already owned by government-affiliated entities (so-called "US strategic reserve", seized assets, ...) and big companies (funds, ETFs, ...).

                                                      I wasn't clear and caused a misunderstanding. The bitcoin network is not attacked by parties that buy and hold substantial amounts, as the inherent information (how many coins there are and what path they took) are still reliably and transparently true. An attack would be trying to change that truth by takinf over the whole mining and verification process. For this, you need too much energy to be possible or at least profitable.

                                                      Other proof of work networks are too weak and could be taken over by a big company or small government.

                                                      The Tor network could be taken over by running many nodes and so could Nym if I understand it correctly. A cheap attack for a surveillance state.

                                                      nym-product What would make a reputation system more decentralized if it was based on Bitcoin?

                                                      That's the point, a reputation system needs trust. Bitcoin is not a reputation system because it is independently verifiable by everyone. You could check on your own cheap node what hashrate was necessary to mine the last block (and every block before it until the beginning when it was weak). The verification is based in real physical work and thermodynamic laws.

                                                      I don't know how one would use this for a VPN network, but whenever someone claims to be "decentralized" by using "blockchain technology", it's clear for me that it's either the Bitcoin blockchain or no real decentralization.

                                                      nym-product This is addressed by a combination of a reputation/reward system,

                                                      Game theory applied: What would be my reward for running a node? If it is a newly created token or coin, it needs to be valuable and stay valuable over time. But if it's only value is to be sold for fiat money to cover my costs or win, it will quickly become worthless and unsustainable. Therefore fewer people would support the system and it would be more and more vulnerable over time.

                                                      Thanks by the way to be available and taking the time to answer. Few projects do that and it's good to learn more about Nym. We need more privacy focused tools, they just need to work well so I hope you take all our criticism and questions as constructive feedback and stay around.