fid02 I agree and I don't want to stir any waters, but they avoid answering questions about the audit, while still using it during their sales pitches.

    nym-product Ok, so I have read the white paper, and once you get through the initial "we are bestest" sales pitch, we get to some technical details, which on paper sound good. But this is just on paper and I am not really convinced, I've seen way too many "great on paper, useless in prod" solutions, so I'd like to ask again about the audit report, will you share it with us?

        argante I think one question @0xsigsev is asking is why isn't the audit report written by Cure53 available on the official Nym website and why do you have to search on web.archive.org to find it, this also assumes you already know about the audit, I doubt a new user looking to find out if Nym VPN has received an audit will go looking for it on web.archive, they will just assume there hasn't been an audit.

        As far as I know, Mullvad has always published its audits on its website, even those with critical flaws, of course, I don't know everything by far.

            argante it's funny that it's you who answered instead of the project account..

            I know the report is available via other methods. I want the project account to answer simple question. You again prove my point that it's you are shilling for them, and bash other providers. Come to think of it, you seem to be associated with them in some way.

                Xtreix As far as I know, Mullvad has always published its audits on its website, even those with critical flaws, of course, I don't know everything by far.

                If you look at cure53 reports there's quite a few from other VPNs even some small ones. Yet this one is not there and the project is avoiding this question.

                  0xsigsev You again prove my point that it's you are shilling for them, and bash other providers. Come to think of it, you seem to be associated with them in some way.

                  I have no connection with Nym. I'm not their client either (but I don't know how it will be in the future). I also pointed out the weaknesses of Nym's approach, repeating what Nym's CEO admitted.

                    Xtreix I don't know why the report isn't available. The link on the Nym page is consistent with the structure of the address to other reports. A question for Cure53 why this report is not available. I don't want to speak for those companies though.

                        argante this could be happening through a simple error which seems unplausible or the auditor through their mutual dealings does not wish their work to be recognized in regards to mentioned product. Just my opinion.

                          0xsigsev One of my allegations to VPN pointed to data centers. Here you have one proof, and here is Mullvad. At the same time, network traffic in such a data center is monitored. Even if VPN ensures that it does not save logs, the Data Packet or M247 can do it discreetly. CDN limits the network traffic at the same data center, so this increases the possibility of network traffic analysis. And VPN is a valuable target for such analyzes. So what do you disagree with? And this is only part of the problems with VPN's anonymity, because we still have a fingerprint and Cloudflare.

                              My post on 18th Feb, still seems relevant.

                              Where has NYM-PRODUCT gone, are you still reading this post?

                                fid02 I think a relevant question is why the audit report is still referenced on Nym's websites with a summary highlighting the positive aspects of the report, but with no explanation of why Cure53 unpublished their audit report. I'm guessing only Nym and Cure53 can answer that.

                                Hi, thanks for raising this, it was on Cure53 website (as shown by the Web Archive link posted) - let us get in touch with them. I'll see if we can also self-host the report. Other reports (Oak Security, JP Aumasson) are available.

                                0xsigsev Ok, so I have read the white paper, and once you get through the initial "we are bestest" sales pitch, we get to some technical details, which on paper sound good.

                                The whitepaper is the theoretical outline of the Nym mixnet idea, which was written in 2021. For practical implementation, the best is to check our server and client code, which is open source: https://github.com/nymtech

                                area51 Where has NYM-PRODUCT gone, are you still reading this post?

                                I'm here!

                                      argante I know You will find yet another strawman argument but this is why I like mullvad. I use owned by them servers only and do not care what middleman will do.

                                      And while you can't stop praising nym, while arguing how VPNs are bad you miss the biggest flaw in your "everyone spies" logic. Your ISP.

                                        argante It's no a secret that the data centers where VPN servers are hosted can collect data, and they need to monitor the network.

                                        Data Packet and M247, to which you often refer, are useful if you're resident in the USA or Canada, because Mullvad has a lot of servers in its geographical areas that use this hosting providers, that said, if you're an EU resident like me, just opt for hosting providers like Blix or 31173 Services AB which host some of Mullvad's proprietary VPN servers, so it depends on the use case, I don't use Data Packet and M247 with Mullvad personnaly, anyway, hostings providers don't have access to Mullvad's servers, even for the servers Mullvad rents.

                                            Xtreix M247 is a major provider in EU, they have one of the biggest number of servers and while some of them are not directly 'showing' as M247 they still belong to them.

                                            But I agree, just do your research and chose appropriately instead of complaining they XYZ party may have access to your data..

                                                0xsigsev M247 is a major provider in EU, they have one of the biggest number of servers

                                                I don't think I'm worried about this honestly, besides I don't know what exactly the problems are with M247, my only source that would indicate a problem with them is that they don't use BGP securely, but I don't know the risk to the user behind a VPN.

                                                I simply choose to use Mullvad's proprietary servers because I can and in an blog post, Mullvad themselves recommended the hosting providers Mullvad uses for their proprietary servers, for example for speed optimization, so I followed their advice.

                                                0xsigsev some of them are not directly 'showing' as M247 they still belong to them.

                                                It's not clear.

                                                0xsigsev just do your research and chose appropriately instead of complaining they XYZ party may have access to your data..

                                                I'm not complaining and I don't know what the “XYZ party” is :)

                                                        Xtreix My reply was in agreement with you, rather than saying you complain or anything of the like.

                                                        As you said, with mullvad you have options you can pick from to circumvent certain 'issues' raised by others in various threads here. Hence what I said about doing a research based on the ones needs instead of complaining that VPNs are bad.

                                                            8 days later