Data harvesting has dominated Silicon Valley business models over the past decade and has rapidly become the norm for monetizing online activity. Understanding and predicting user behaviour is now core to both old and new media businesses, for example, from the Financial Times to Facebook, who famously sold its users out to its commercial clients like Cambridge Analytica.
These data-driven models, collectively known as surveillance capitalism, have produced giant tech monopolies that oversee an unprecedented system of control. Governments, meanwhile, are fighting to preserve centralized power and manage polarized populations by heavily censoring and controlling the internet, fragmenting it even further.
In this climate, the prospect of having any privacy online is disintegrating. It is important to realize just how lacking current technology is with regards to maintaining privacy. A private messenger like Signal might encrypt a message’s contents, but metadata identifying the timing, sender and receiver is accessible by powerful third parties that monitor the internet and can readily identify users.
In this world of big data, this information is in many ways more valuable than the contents of messages — it can be used by sophisticated and ubiquitous analytic systems to determine the nature of your social relationships and thus predict your personal characteristics and preferences.
The necessary technology to guarantee online privacy has remained underdeveloped until now for reasons related to limitations in computing, networking, research and funding. We believe that it is now possible to overcome these limits and deploy technology that provides strong privacy guarantees, avoids trusted third parties, and is resistant to surveillance.
Last year, a team of researchers and programmers working in privacy-enhancing technology founded Nym in order to create unstoppable privacy infrastructure that could end corporate and government surveillance of personal user data.
While existing blockchain technologies like Zcash can protect user privacy on-chain using zero-knowledge proofs, they still rely, like all internet-facing applications and services, on the network layer itself to transfer data between machines.
Analysis of these patterns in network traffic can deanonymize any internet-based communication, and hence any user. Services and applications also collect data that can be used to violate the privacy of their users.
Nym provides full-stack privacy so any application, service or blockchain can defend its network traffic against even the most sophisticated surveillance systems, pooling resources without the need to build privacy from scratch, while maintaining operational and financial sustainability.
Nym itself is neutral to the technology interfacing with it, providing an open-ended anonymous overlay network that works to irreversibly disguise patterns in internet traffic. The more activity on the network, the more private it becomes — and so users have safety in numbers, just like in the real world.
Nym improves on existing alternatives via mix-networking. The Sphinx packet format renders all data packets a uniform size, the traffic is mixed probabilistically with timing obfuscation, cover traffic is added, and multiple hops ensure users do not have to trust a single node. This mixing defeats the kinds of traffic-analysis attacks that can deanonymize packets on VPNs, Tor and I2P. In addition, Nym uses blockchain technology to decentralize the operations of the mixnet so that the network has no centralized points of failure.
A major obstacle for any decentralized network is assembling real-world resources to run nodes. Tor and I2P’s volunteer model works but has limitations. With the logistical complexity of finding trusted and reliable volunteers, global reach is difficult: volunteers tend to be centralized in wealthy Western countries, with the majority of Tor relays in places like Germany and the US. We think incentives can fix this problem.
Nym uses anonymous authentication credentials based on the Coconut signature scheme to enable privacy-enhanced data transfer and decentralized identity. Nym credentials can embed the data needed for a given service (including zero-knowledge proofs of private data), and these credentials are validated in a decentralized and public manner without linking a user to the service they want to access.
And importantly, Nym is sustainable because it uses incentives to decentralize and maintain the quality of service of the network. Inspired by Bitcoin, Nym’s breakthrough proof-of-stake system rewards nodes for mixing traffic rather than solving arbitrary merkle puzzles. Instead of a proof-of-work system, Nym node operators are rewarded for proof of mixing, ensuring privacy for all.
It’s clear that internet privacy has never been weaker, but it’s not down for the count — and the ground is ripe for change. Our experienced, committed team is excited to be taking the first steps.
We look forward to your code contributions and comments on GitHub.
There currently exists no functioning protocol that can provide strong guarantees against the leakage and harvesting of metadata – for instance, data regarding the timing of communication, and the graph of who is communicating. Nym is an open-source, decentralized, permissionless and incentivized system that provides full-stack privacy, allowing developers to build applications that provide users with strong guarantees against metadata surveillance, at both the level of network traffic, and the level of authentication and payments.
The most popular network-level privacy solution currently is the VPN (virtual private network), which provides network-level protection via an encrypted tunnel between a user’s computer and one run by a VPN provider. VPNs are often misconfigured, however, and even when configured correctly, don’t offer real privacy or adequate resistance to censorship.
VPN providers can also fully observe all network traffic between users and the public internet, knowing exactly what services its users are accessing at a given time. The user must trust that the VPN provider is not using their information in a malicious manner or keeping logs.
The Nym mixnet is an anonymous overlay network that provides strong network-level anonymity, even in the face of powerful systems capable of passively monitoring the entire network. The mixnet is decentralized, with no trusted third parties, and so does not require a trusted provider like a VPN. More importantly, Nym provides superior privacy to VPNs and can support high-quality of service and low latency through incentives.
Tor is the best-known anonymous overlay network today. Unlike VPNs, Tor provides a ‘circuit’ of three hops that provides better privacy than single-node VPNs, so any single node in Tor can’t deanonymize traffic. Tor’s onion-routing encrypts traffic between each hop so that only the final hop, the Tor ‘exit node’, can decrypt the package.
However, Tor’s anonymity properties can be defeated by an entity that is capable of monitoring the entire network’s ‘entry’ and ‘exit’ nodes, because while onion-routing encrypts traffic, Tor does not add timing obfuscation or use decoy traffic to obfuscate the traffic patterns which can be used to deanonymize users. Although these kinds of attacks were thought to be unrealistic when Tor was invented, in the era of powerful government agencies and private companies, these kinds of attacks are a real threat. Tor’s design is also based on a centralized directory authority for routing.
While Tor may be the best existing solution for general-purpose web-browsing that accesses the entire internet, it is inarguable that mixnets are better than Tor for message-passing systems such as cryptocurrency transactions and secure messaging, and we believe well designed incentives can also enable the use of Nym as a general purpose decentralized VPN. The Nym mixnet provides superior privacy by making packets indistinguishable from each other, adding cover traffic, and providing timing obfuscation. Unlike both previous mixnet designs and Tor, the Nym mixnet decentralizes its shared operations using blockchain technology and uses incentives to both scale and provide censorship-resistance.
I2P (‘Invisible Internet Project’) replaces Tor’s directory authority with a distributed hash table for routing. How to design a secure and private distributed hash table is still an open research question, and I2P is open to a number of attacks that isolate, misdirect, or deanonymize users. Like Tor, I2P is based on ‘security by obscurity’, where it is assumed that no adversary can watch the entire network. While security by obscurity may have been cutting-edge at the turn of the millennium, such an approach is rapidly showing its age.
Nym’s cutting-edge mixnet design guarantees network anonymity and resistance to surveillance even in the face of powerful deanonymizing attacks. Unlike I2P, Nym adds decoy traffic and timing obfuscation. Rather than a centralized directory authority or distributed hash table, Nym uses blockchain technology and economic incentives to decentralize its network.The Nym mixnet can anonymize metadata even against government agencies or private companies who can monitor network links and observe the incoming and outgoing traffic of all clients and servers.
The Nym credential system decentralizes the functions of systems like Facebook Connect while adding privacy. Personal data has become a toxic asset, even to companies who base their entire business around it, as evidenced by the hack of Facebook’s OAuth identity system in 2018 and the subsequent release of the data of 50 million users.
Unlike Facebook Connect and similar OAuth-based services like Sign in with Google, traditional usernames and passwords, or even public/private key pairs, Nym credentials allow users to authenticate and authorize data sharing without unwillingly revealing any information to a third party. There is no central third party in charge of the credentials, and users remain totally in control of their own data, disclosing it only to those who they want to. A user can store their data wherever they want (including on their own devices), and unlike alternatives like W3C’s DIDs, a user does not store anything on the blockchain, offering better privacy.
As privacy loves company, systems wanting to ensure network-level privacy should scale to millions, if not billions, of users – but existing anonymous communication designs that scale to millions of users are secure only against weak adversaries or otherwise require high latency, while existing systems offering strong anonymity scale only vertically.
Nym’s mixnet design combines strong security properties with horizontal scalability, enabling it to operate effectively even with millions of users. The Nym network increases in speed as more traffic and users are added, as less cover traffic and timing obfuscation are required as the anonymity set grows.
Networks like Tor and I2P suffer for lack of an economic incentive system, leading to poor performance and difficulty scaling. Tor is dependent on crowdfunding and government grants that don’t cover the costs of running and maintaining its own network relays. There are no incentives to run a Tor relay, much less a higher-risk entry or exit node, so Tor has trouble adding the nodes necessary to scale with increased traffic. One sign of Tor’s lack of an incentive model is the geographic uniformity of its relay locations.
In contrast, Nym uses economic incentives to ensure the system always scales to meet any increase in demand.