0xsigsev I think Nym solved the problem of masking IP very well. They have two options for launching: Fast (Wireguard) and Anonymus (mixnet). This shows that the first option, despite two servers, is not considered by them as anonymous. My negative attitudes to VPN come from the fact that they often have only one server and say to users that they will be anonymous. This is misleading. Nice that there is Mullvad, IVPN or Proton. However, I would like them to declare to users that they are doing what they can to provide users anonymity, but for various reasons they are not able to provide it. I was positively surprised when Harry Halpin openly said that for some time they succeeded in China, but now their solution is no longer effective in this country. And he added a very important thing: tools that were used in China will also be used by other countries.

Mixnet solves half the problem: hiding IP. However, relying on UDP (Wireguard) causes that such network movement becomes much more visible and unusual. This makes it easier to isolate. And this opens the way to a more targeted analysis. The second problem that remains is the fingerprint, but VPN will not help here.

And you have yet to provide any evidence for your claims in other threads I did ask about.

I presented my point of view. Ignore what I write if you disagree. Argumentation with providing precise sources is a lot of work, and not always someone has time to do it.

      argante I am all for naming and shaming and I do agree that many VPN providers are just running a proxy network disguising as a VPN and trick users into believing they are 'secure'.

      But all the posts I have seen made by you were putting all providers into one bag while naming Mullvad and few others saying they do XYZ and therefore lie to their customers. That part is what I have problem with, and don't get me wrong I am not trying to put Mullvad here as some kind of a martyr or holy grail of VPNs I trust them as much as any other such company which is which is absolutely zero trust, but I did my evaluation and they (for me) are much more trustworthy than something like Proton.

      As for nym for now all I see is a buzzword bs bingo. Yes, they say one of the team members is a crypto expert (with PhD and shit) but for now I see them as just a 'face' of the project and not actual SME.. I would also like them to relink the cure53 audit. @nym-product

        Xtreix Mullvad and Nym are working on proposals against traffic analysis attacks

        Can you help me locate where in their (nym) docs/blog etc this is mentioned?Searching for it does not yield any results..

            0xsigsev You also have Tobias Pulls' article that I shared above, which I think is already pretty technical, I don't have any another technical doc to provide you and it's a very complex subject.

                Xtreix You misunderstood me, Mullvad shares quite a lot of info, nym does not. My last reply was about nym specifically.
                And to be clear I understand that's a difficult topic hence I want the blueprints so to say. Make for a great bedtime reading ;)

                    0xsigsev Okay I see, indeed, there's a lack of concrete information about Nym so let's wait, Nym VPN is a prettty new project from what I understand, Mullvad didn't build its reputation in a short time either.

                    in my personal opinion, Mullvad is the one I trust and I don't see why I'd use any other VPN provider, but when I see Nym, well, why not, I say to myself, I'm waiting to see more.

                        0xsigsev thinking that they maybe have some actual documentation

                        As shared by @argante above. You can also check https://nym.com/trust-center/papers-and-research. Especially "The Nym Network - The Next Generation of Privacy Infrastructure" which will give you an overview of the mixnet design (which powers the "Anonymous mode" toggle in the NymVPN apps).

                        The "Fast" mode relies on 2-hop, tunnel-in-a-tunnel, AmneziaWG (client-side).

                            I would like to know what chance an app for this service has to make it to Accrescent because I would definitely like to give it a go, if only for testing.

                            nym-product However, remember that a significant share of Bitcoin is already owned by government-affiliated entities (so-called "US strategic reserve", seized assets, ...) and big companies (funds, ETFs, ...).

                            I wasn't clear and caused a misunderstanding. The bitcoin network is not attacked by parties that buy and hold substantial amounts, as the inherent information (how many coins there are and what path they took) are still reliably and transparently true. An attack would be trying to change that truth by takinf over the whole mining and verification process. For this, you need too much energy to be possible or at least profitable.

                            Other proof of work networks are too weak and could be taken over by a big company or small government.

                            The Tor network could be taken over by running many nodes and so could Nym if I understand it correctly. A cheap attack for a surveillance state.

                            nym-product What would make a reputation system more decentralized if it was based on Bitcoin?

                            That's the point, a reputation system needs trust. Bitcoin is not a reputation system because it is independently verifiable by everyone. You could check on your own cheap node what hashrate was necessary to mine the last block (and every block before it until the beginning when it was weak). The verification is based in real physical work and thermodynamic laws.

                            I don't know how one would use this for a VPN network, but whenever someone claims to be "decentralized" by using "blockchain technology", it's clear for me that it's either the Bitcoin blockchain or no real decentralization.

                            nym-product This is addressed by a combination of a reputation/reward system,

                            Game theory applied: What would be my reward for running a node? If it is a newly created token or coin, it needs to be valuable and stay valuable over time. But if it's only value is to be sold for fiat money to cover my costs or win, it will quickly become worthless and unsustainable. Therefore fewer people would support the system and it would be more and more vulnerable over time.

                            Thanks by the way to be available and taking the time to answer. Few projects do that and it's good to learn more about Nym. We need more privacy focused tools, they just need to work well so I hope you take all our criticism and questions as constructive feedback and stay around.

                                  SgtSurehand I have a strong suspicion what (did not) happen, but I won't say it here because it will quickly get flagged anyway.

                                    The Cure53 report was clearly unpublished but is still available from web archives. I took a look at it. Since Nym states that "All identified critical and high-severity vulnerabilities were addressed", I wouldn't see a problem with posting it here. I think a relevant question is why the audit report is still referenced on Nym's websites with a summary highlighting the positive aspects of the report, but with no explanation of why Cure53 unpublished their audit report. I'm guessing only Nym and Cure53 can answer that.

                                      fid02 I agree and I don't want to stir any waters, but they avoid answering questions about the audit, while still using it during their sales pitches.

                                        nym-product Ok, so I have read the white paper, and once you get through the initial "we are bestest" sales pitch, we get to some technical details, which on paper sound good. But this is just on paper and I am not really convinced, I've seen way too many "great on paper, useless in prod" solutions, so I'd like to ask again about the audit report, will you share it with us?