0xsigsev You also have Tobias Pulls' article that I shared above, which I think is already pretty technical, I don't have any another technical doc to provide you and it's a very complex subject.

      Xtreix You misunderstood me, Mullvad shares quite a lot of info, nym does not. My last reply was about nym specifically.
      And to be clear I understand that's a difficult topic hence I want the blueprints so to say. Make for a great bedtime reading ;)

          0xsigsev Okay I see, indeed, there's a lack of concrete information about Nym so let's wait, Nym VPN is a prettty new project from what I understand, Mullvad didn't build its reputation in a short time either.

          in my personal opinion, Mullvad is the one I trust and I don't see why I'd use any other VPN provider, but when I see Nym, well, why not, I say to myself, I'm waiting to see more.

              0xsigsev thinking that they maybe have some actual documentation

              As shared by @argante above. You can also check https://nym.com/trust-center/papers-and-research. Especially "The Nym Network - The Next Generation of Privacy Infrastructure" which will give you an overview of the mixnet design (which powers the "Anonymous mode" toggle in the NymVPN apps).

              The "Fast" mode relies on 2-hop, tunnel-in-a-tunnel, AmneziaWG (client-side).

                  I would like to know what chance an app for this service has to make it to Accrescent because I would definitely like to give it a go, if only for testing.

                  nym-product However, remember that a significant share of Bitcoin is already owned by government-affiliated entities (so-called "US strategic reserve", seized assets, ...) and big companies (funds, ETFs, ...).

                  I wasn't clear and caused a misunderstanding. The bitcoin network is not attacked by parties that buy and hold substantial amounts, as the inherent information (how many coins there are and what path they took) are still reliably and transparently true. An attack would be trying to change that truth by takinf over the whole mining and verification process. For this, you need too much energy to be possible or at least profitable.

                  Other proof of work networks are too weak and could be taken over by a big company or small government.

                  The Tor network could be taken over by running many nodes and so could Nym if I understand it correctly. A cheap attack for a surveillance state.

                  nym-product What would make a reputation system more decentralized if it was based on Bitcoin?

                  That's the point, a reputation system needs trust. Bitcoin is not a reputation system because it is independently verifiable by everyone. You could check on your own cheap node what hashrate was necessary to mine the last block (and every block before it until the beginning when it was weak). The verification is based in real physical work and thermodynamic laws.

                  I don't know how one would use this for a VPN network, but whenever someone claims to be "decentralized" by using "blockchain technology", it's clear for me that it's either the Bitcoin blockchain or no real decentralization.

                  nym-product This is addressed by a combination of a reputation/reward system,

                  Game theory applied: What would be my reward for running a node? If it is a newly created token or coin, it needs to be valuable and stay valuable over time. But if it's only value is to be sold for fiat money to cover my costs or win, it will quickly become worthless and unsustainable. Therefore fewer people would support the system and it would be more and more vulnerable over time.

                  Thanks by the way to be available and taking the time to answer. Few projects do that and it's good to learn more about Nym. We need more privacy focused tools, they just need to work well so I hope you take all our criticism and questions as constructive feedback and stay around.

                        SgtSurehand I have a strong suspicion what (did not) happen, but I won't say it here because it will quickly get flagged anyway.

                          The Cure53 report was clearly unpublished but is still available from web archives. I took a look at it. Since Nym states that "All identified critical and high-severity vulnerabilities were addressed", I wouldn't see a problem with posting it here. I think a relevant question is why the audit report is still referenced on Nym's websites with a summary highlighting the positive aspects of the report, but with no explanation of why Cure53 unpublished their audit report. I'm guessing only Nym and Cure53 can answer that.

                            fid02 I agree and I don't want to stir any waters, but they avoid answering questions about the audit, while still using it during their sales pitches.

                              nym-product Ok, so I have read the white paper, and once you get through the initial "we are bestest" sales pitch, we get to some technical details, which on paper sound good. But this is just on paper and I am not really convinced, I've seen way too many "great on paper, useless in prod" solutions, so I'd like to ask again about the audit report, will you share it with us?

                                  argante I think one question @0xsigsev is asking is why isn't the audit report written by Cure53 available on the official Nym website and why do you have to search on web.archive.org to find it, this also assumes you already know about the audit, I doubt a new user looking to find out if Nym VPN has received an audit will go looking for it on web.archive, they will just assume there hasn't been an audit.

                                  As far as I know, Mullvad has always published its audits on its website, even those with critical flaws, of course, I don't know everything by far.

                                      argante it's funny that it's you who answered instead of the project account..

                                      I know the report is available via other methods. I want the project account to answer simple question. You again prove my point that it's you are shilling for them, and bash other providers. Come to think of it, you seem to be associated with them in some way.

                                          Xtreix As far as I know, Mullvad has always published its audits on its website, even those with critical flaws, of course, I don't know everything by far.

                                          If you look at cure53 reports there's quite a few from other VPNs even some small ones. Yet this one is not there and the project is avoiding this question.

                                            0xsigsev You again prove my point that it's you are shilling for them, and bash other providers. Come to think of it, you seem to be associated with them in some way.

                                            I have no connection with Nym. I'm not their client either (but I don't know how it will be in the future). I also pointed out the weaknesses of Nym's approach, repeating what Nym's CEO admitted.

                                              Xtreix I don't know why the report isn't available. The link on the Nym page is consistent with the structure of the address to other reports. A question for Cure53 why this report is not available. I don't want to speak for those companies though.

                                                  argante this could be happening through a simple error which seems unplausible or the auditor through their mutual dealings does not wish their work to be recognized in regards to mentioned product. Just my opinion.