Nym’s mission is to establish privacy as a default for online communications. Only then can people and organizations make meaningful and secure decisions about what, when and with whom they want to share data.
Reckless data harvesting has dominated Silicon Valley business models over the past decade and has rapidly become the norm for monetizing online activity. Understanding and predicting user behaviour is now the primary business model of the Internet. These data-driven models, collectively known as surveillance capitalism, have produced giant tech monopolies and governments that oversee an unprecedented system of manipulation and control, extracting data and value from society.
It is important to realize just how lacking current technology is with regards to maintaining privacy. Even though a private messenger might encrypt a message’s contents, the metadata (for example identifying the timing of the communications, IP addresses, locations, and lots more) is visible to everyone from the Internet Service Provider (ISP) that delivers the message to the messaging application itself. And in this world of big data, metadata is in many ways more valuable than the content of messages. It can be used by sophisticated and ubiquitous analytic systems to determine the nature of your social relationships and thus predict your personal characteristics and preferences.
The necessary technology to guarantee online privacy has remained underdeveloped - until recently. With progress in computing capacity, networking, research and funding, it is now possible to overcome these limits and deploy technology that avoids trusted third parties and is resistant to surveillance.
Nym was founded in 2018 to build a global privacy infrastructure and contribute to ending the era of surveillance as the default technical and business model of the internet.
Nym is an open-source, decentralized and permissionless privacy system. It provides full-stack privacy, allowing other applications, services or blockchains to provide their users with strong metadata protection, at both the network level (mixnet), and the application level (anonymous credentials) without the need to build privacy from scratch.
The Nym architecture is powered by three main technological advancements: a mixnet, private credentials and incentives.
The Nym mixnet provides strong guarantees against the leakage and harvesting of metadata at the network layer. It is a general purpose privacy overlay network that is agnostic and can interface with almost any other digital application or service, enabling individuals as well as digital service providers to be able to guarantee their privacy or that of their users.
The mixnet improves on existing privacy systems by mixing internet traffic in a decentralized network. First, all packets are transformed by the user into Sphinx packets on their device. The Sphinx packet format renders all data packets a uniform size. Then, nodes in the mix network “mix” the traffic, releasing packets probabilistically in order to ensure timing obfuscation. If needed, at each node cover traffic is added, and multiple hops ensure users do not have to trust a single node.
While the mixnet builds a strong foundation by protecting the network-layer, Nym credentials enable fine-grained privacy at the application layer. Nym credentials allow digital service providers and users to engage securely without the need to compromise on privacy.
Nym credentials advances on the Coconut signature scheme, enabling people to prove their right to access and do things online while retaining privacy. Nym credentials encrypt and embed the data needed for a given service, including zero-knowledge proofs of private data. These credentials are validated in a decentralized and public manner, without revealing any link between the user and the service they want to access.
Nym is sustainable because it uses incentives to decentralize and maintain the quality of service of the network. Inspired by Bitcoin, Nym’s breakthrough proof-of-work system rewards nodes for mixing traffic rather than solving arbitrary Merkle puzzles. Nym node operators are rewarded for proof of mixing, ensuring privacy for all.Nym only uses enough electricity as needed to accomplish the work of mixing packets to meet demand, and so should minimize unnecessary environmental costs.
Nym employs a blockchain to decentralize the operations of the mixnet so that the network has no centralized points of failure: the Nym mixnet is run by nodes across the world as a global privacy commons. A major obstacle for any decentralized network is assembling real-world resources to run nodes. Tor and I2P’s volunteer model works but has limitations. With the logistical complexity of finding trusted and reliable volunteers, global reach is difficult: volunteers tend to be centralized in wealthy Western countries, with the majority of Tor relays in places like Germany and the US. We believe economic incentives can fix this problem so that the entire world can have privacy on the Internet.
The most popular network-level privacy solution currently is the VPN (virtual private network), which provides network-level protection via an encrypted tunnel between a user’s computer and one run by a VPN provider. VPNs are often misconfigured, however, and even when configured correctly, don’t offer real privacy or adequate resistance to censorship.
VPN providers can also fully observe all network traffic between users and the public internet, knowing exactly what services its users are accessing at a given time. The user must trust that the VPN provider is not using their information in a malicious manner or keeping logs.
The Nym mixnet is an anonymous overlay network that provides strong network-level anonymity, even in the face of powerful systems capable of passively monitoring the entire network. The mixnet is decentralized, with no trusted third parties, and so does not require a trusted provider like a VPN. More importantly, Nym provides superior privacy to VPNs and can support high-quality of service and low latency through incentives.
Tor is the best-known anonymous overlay network today. Unlike VPNs, Tor provides a ‘circuit’ of three hops that provides better privacy than single-node VPNs, so any single node in Tor can’t deanonymize traffic. Tor’s onion-routing encrypts traffic between each hop so that only the final hop, the Tor ‘exit node’, can decrypt the package.
However, Tor’s anonymity properties can be defeated by an entity that is capable of monitoring the entire network’s ‘entry’ and ‘exit’ nodes, because while onion-routing encrypts traffic, Tor does not add timing obfuscation or use decoy traffic to obfuscate the traffic patterns which can be used to deanonymize users. Although these kinds of attacks were thought to be unrealistic when Tor was invented, in the era of powerful government agencies and private companies, these kinds of attacks are a real threat. Tor’s design is also based on a centralized directory authority for routing.
While Tor may be the best existing solution for general-purpose web-browsing that accesses the entire internet, it is inarguable that mixnets are better than Tor for message-passing systems such as cryptocurrency transactions and secure messaging, and we believe well designed incentives can also enable the use of Nym as a general purpose decentralized VPN. The Nym mixnet provides superior privacy by making packets indistinguishable from each other, adding cover traffic, and providing timing obfuscation. Unlike both previous mixnet designs and Tor, the Nym mixnet decentralizes its shared operations using blockchain technology and uses incentives to both scale and provide censorship-resistance.
I2P (‘Invisible Internet Project’) replaces Tor’s directory authority with a distributed hash table for routing. How to design a secure and private distributed hash table is still an open research question, and I2P is open to a number of attacks that isolate, misdirect, or deanonymize users. Like Tor, I2P is based on ‘security by obscurity’, where it is assumed that no adversary can watch the entire network. While security by obscurity may have been cutting-edge at the turn of the millennium, such an approach is rapidly showing its age.
Nym’s cutting-edge mixnet design guarantees network anonymity and resistance to surveillance even in the face of powerful deanonymizing attacks. Unlike I2P, Nym adds decoy traffic and timing obfuscation. Rather than a centralized directory authority or distributed hash table, Nym uses blockchain technology and economic incentives to decentralize its network.The Nym mixnet can anonymize metadata even against government agencies or private companies who can monitor network links and observe the incoming and outgoing traffic of all clients and servers.
The Nym credential system decentralizes the functions of systems like Facebook Connect while adding privacy. Personal data has become a toxic asset, even to companies who base their entire business around it, as evidenced by the hack of Facebook’s OAuth identity system in 2018 and the subsequent release of the data of 50 million users.
Unlike Facebook Connect and similar OAuth-based services like Sign in with Google, traditional usernames and passwords, or even public/private key pairs, Nym credentials allow users to authenticate and authorize data sharing without unwillingly revealing any information to a third party. There is no central third party in charge of the credentials, and users remain totally in control of their own data, disclosing it only to those who they want to. A user can store their data wherever they want (including on their own devices), and unlike alternatives like W3C’s DIDs, a user does not store anything on the blockchain, offering better privacy.
As privacy loves company, systems wanting to ensure network-level privacy should scale to millions, if not billions, of users – but existing anonymous communication designs that scale to millions of users are secure only against weak adversaries or otherwise require high latency, while existing systems offering strong anonymity scale only vertically.
Nym’s mixnet design combines strong security properties with horizontal scalability, enabling it to operate effectively even with millions of users. The Nym network increases in speed as more traffic and users are added, as less cover traffic and timing obfuscation are required as the anonymity set grows.
Networks like Tor and I2P suffer for lack of an economic incentive system, leading to poor performance and difficulty scaling. Tor is dependent on crowdfunding and government grants that don’t cover the costs of running and maintaining its own network relays. There are no incentives to run a Tor relay, much less a higher-risk entry or exit node, so Tor has trouble adding the nodes necessary to scale with increased traffic. One sign of Tor’s lack of an incentive model is the geographic uniformity of its relay locations.
In contrast, Nym uses economic incentives to ensure the system always scales to meet any increase in demand.
It’s clear that internet privacy has never been weaker, but it’s not down for the count — and the ground is ripe for change. Our experienced, committed team is excited to be taking the first steps.
We look forward to your code contributions and comments on GitHub.