nym-product btw: It is really valuable that Nym's CEO (Harry Halpin) openly admitted that China has such developed network tracking tools that Nym can't find solutions for it and afraid that this type of tools will also be used in the west to track users.

    nym-product thanks for being available here for review. I checked the website again and have some feedback plus a general game theory question.

    Feedback: It's not easy to understand from the website what Nym is about. For fact finders it would be helpful to explain the background or link to a more extensive blogpost, e.g. why you claim that Nym is a trustless network. I also checked out your user experience upon payment and was pleasantly surprised that you offer 50% discount when paying with crypto. This is nowhere mentioned on the main page but a huge USP for privacy and Bitcoin/Monero enthusiasts. I had to click through the checkout process until the last page in order to even get this information. If I were you I'd make this clear on the upper main page.

    As for game theory: In my opinion the only truly decentralized and trustless system out there is the Bitcoin protocol, as it is thermodynamically secured and now at a point where it requires too much energy to break. For this to work, it had to start very weak and under the radar of big threat actors who could have easily attacked it in its infancy. It also needed a good incentive infrastructure for people to come in and secure it with energy, and it had to be without any premining, proof of stake nonsense or intransparencies to build trust. Bitcoin fulfilled all those requirements and is very popular today.

    But this also means such a story can't repeat. Threat actors like governments and big companies are aware of blockchain technology now and will attack any project that starts with similar traits. Also winner takes it all, and most miners wouldn't allocate energy to a secondary network if there's Bitcoin. So assuming Nym has a Bitcoin-like protocol with truly decentralized intentions, it still wouldn't work because of the inherent weakness in the beginning and the pure existence of Bitcoin today. Therefore any new idea that tries to be truly decentralized and trustless has to build on the Bitcoin network (usually as a layer on top of the Bitcoin network, like Lightning, Stacks, Liquid or Merlin). At least this is what I believe.

    So how does Nym plan to create a trustless system based on blockchain technology? It doesn't look like it builds on the Bitcoin Blockchain and would therefore never at its core be decentralized or trustless. And how would it protect itself against threat actors? How would it incentivize individuals to contribute protection? Just like with Monero, the idea and intentions behind the project might be great and honorable, but how does it have a chance to survive in the long term?

        nym-product while we respect Tor a lot, the mixnet is built with a different architecture. Nym is not just "adding another 2 nodes". Packets are onion-encrypted, and also delayed and mixed with cover traffic to further improve the privacy properties of the network.

        Tor is also onion-encrypted and adds padding traffic. But that is not enough to prevent correlation attacks by someone controlling both ends of the tunnel, as they can tag the traffic in means padding cannot mask, such as for example by changing transfer speed etc to introduce a pattern.

          argante Do you have any ideas on how to protect yourself against this?

          Nym's official take on it is https://nym.com/blog/privacy-under-threat-switzerland.

          N1b Feedback: It's not easy to understand from the website what Nym is about. For fact finders it would be helpful to explain the background or link to a more extensive blogpost, e.g. why you claim that Nym is a trustless network.

          Point taken.

          N1b you offer 50% discount when paying with crypto. This is nowhere mentioned on the main page but a huge USP for privacy and Bitcoin/Monero enthusiasts.

          Yes. This is a temporary launch offer, the team didn't want to promote it too much. It will be removed within a couple of weeks.

          N1b So how does Nym plan to create a trustless system based on blockchain technology?

          Let me get back to you with a more elaborate answer.

                    N1b Threat actors like governments and big companies are aware of blockchain technology now and will attack any project that starts with similar traits.

                    It's possible if the project is of interest to them. However, remember that a significant share of Bitcoin is already owned by government-affiliated entities (so-called "US strategic reserve", seized assets, ...) and big companies (funds, ETFs, ...).

                    N1b Therefore any new idea that tries to be truly decentralized and trustless has to build on the Bitcoin network (usually as a layer on top of the Bitcoin network, like Lightning, Stacks, Liquid or Merlin).

                    How do you come to this conclusion? What would make a reputation system more decentralized if it was based on Bitcoin? Wouldn't the above Bitcoin whales have a head start with such a design?

                    N1b And how would it protect itself against threat actors? How would it incentivize individuals to contribute protection?

                    Threat actors can (and will) set up malicious nodes in the network (as acknowledged in a previous post). This is addressed by a combination of a reputation/reward system, active community management, multi-hop network configuration, and the choice given to the user to select and rotate the nodes they use.

                    We also provide extensive documentation on how to run nodes yourself (https://nym.com/docs/operators/introduction), and incentivize operators to run with high performance/uptime. Thus anyone can contribute and "dilute" potential bad actors. How do you see a Bitcoin-based reputation system significantly improving this design?

                    • N1b replied to this.

                            nym-product It's good that you wrote it so directly:

                            A new digital surveillance ordinance in Switzerland is being proposed that would require telecommunication companies in the country, including encrypted email providers like Proton and VPNs like NymVPN, to collect identification from people using their services. Egregiously, it also demands a backdoor on encrypted content.

                            Similar regulations are planned in Sweden. If I remember correctly, Mullvad defended that they are not ISP and do not have to log in user activity. But these regulations can be updated. Next, even if VPN declares that it does not save logs and does not track user activity, such user activity can track monitoring in data centers, where the VPN server is located. CDN will already ensure that all network traffic is as visible as possible. Halpin believes that the Nym services in China are tracked despite the use of Mixnet. In his opinion in China, the network traffic should be as similar as possible to the typical and on the smallest scale. DAITA generates a similar problem - it makes it difficult to track, but it makes such network traffic very distinctive and simply the attack vector will be different. In China OpenVPN instead of Wireguard would be definitely more appropriate, because all traffic is more similar to typical network traffic.

                                argante I somehow get a feeling you're shilling for nym while bashing anything else... Kinda sus, don't you think? And you have yet to provide any evidence for your claims in other threads I did ask about. Obviously we all are entitled to out own opinions, but the way you interact speaks lot more than your words..

                                    0xsigsev I think Nym solved the problem of masking IP very well. They have two options for launching: Fast (Wireguard) and Anonymus (mixnet). This shows that the first option, despite two servers, is not considered by them as anonymous. My negative attitudes to VPN come from the fact that they often have only one server and say to users that they will be anonymous. This is misleading. Nice that there is Mullvad, IVPN or Proton. However, I would like them to declare to users that they are doing what they can to provide users anonymity, but for various reasons they are not able to provide it. I was positively surprised when Harry Halpin openly said that for some time they succeeded in China, but now their solution is no longer effective in this country. And he added a very important thing: tools that were used in China will also be used by other countries.

                                    Mixnet solves half the problem: hiding IP. However, relying on UDP (Wireguard) causes that such network movement becomes much more visible and unusual. This makes it easier to isolate. And this opens the way to a more targeted analysis. The second problem that remains is the fingerprint, but VPN will not help here.

                                    And you have yet to provide any evidence for your claims in other threads I did ask about.

                                    I presented my point of view. Ignore what I write if you disagree. Argumentation with providing precise sources is a lot of work, and not always someone has time to do it.

                                        argante I am all for naming and shaming and I do agree that many VPN providers are just running a proxy network disguising as a VPN and trick users into believing they are 'secure'.

                                        But all the posts I have seen made by you were putting all providers into one bag while naming Mullvad and few others saying they do XYZ and therefore lie to their customers. That part is what I have problem with, and don't get me wrong I am not trying to put Mullvad here as some kind of a martyr or holy grail of VPNs I trust them as much as any other such company which is which is absolutely zero trust, but I did my evaluation and they (for me) are much more trustworthy than something like Proton.

                                        As for nym for now all I see is a buzzword bs bingo. Yes, they say one of the team members is a crypto expert (with PhD and shit) but for now I see them as just a 'face' of the project and not actual SME.. I would also like them to relink the cure53 audit. @nym-product

                                          Xtreix Mullvad and Nym are working on proposals against traffic analysis attacks

                                          Can you help me locate where in their (nym) docs/blog etc this is mentioned?Searching for it does not yield any results..

                                              Xtreix Thanks was thinking that they maybe have some actual documentation but so far just marketing stuff..

                                                  0xsigsev You also have Tobias Pulls' article that I shared above, which I think is already pretty technical, I don't have any another technical doc to provide you and it's a very complex subject.

                                                      Xtreix You misunderstood me, Mullvad shares quite a lot of info, nym does not. My last reply was about nym specifically.
                                                      And to be clear I understand that's a difficult topic hence I want the blueprints so to say. Make for a great bedtime reading ;)

                                                          0xsigsev Okay I see, indeed, there's a lack of concrete information about Nym so let's wait, Nym VPN is a prettty new project from what I understand, Mullvad didn't build its reputation in a short time either.

                                                          in my personal opinion, Mullvad is the one I trust and I don't see why I'd use any other VPN provider, but when I see Nym, well, why not, I say to myself, I'm waiting to see more.

                                                              0xsigsev thinking that they maybe have some actual documentation

                                                              As shared by @argante above. You can also check https://nym.com/trust-center/papers-and-research. Especially "The Nym Network - The Next Generation of Privacy Infrastructure" which will give you an overview of the mixnet design (which powers the "Anonymous mode" toggle in the NymVPN apps).

                                                              The "Fast" mode relies on 2-hop, tunnel-in-a-tunnel, AmneziaWG (client-side).

                                                                  I would like to know what chance an app for this service has to make it to Accrescent because I would definitely like to give it a go, if only for testing.