My Argument against Nym

How does the new technology work?

The “new” technology is actually quite old. The concept of mix networks has already been introduced in 1981, before onion routing and Tor were even a thing yet. The concept is similar though: a message is sent over a series of mix nodes before it arrives at the recipient. Unlike the low-latency onion circuits however, each mix node keeps the messages for a while and shuffles the outgoing messages, therefore protecting against timing correlations.

Mix networks have been implemented before, for example in the Mixmaster or Mixminion projects. Those projects however were made to send single mails, and caused delays of many hours. The network built by Nym aims for much lower latencies to improve usability, for example to serve as the basis for a VPN:

[…] we believe well designed incentives can also enable the use of Nym as a general purpose decentralized VPN.

(Nym vs Other Systems – Nym Docs)

What are the incentives?

Unlike Tor, which provides its service based on volunteers, Nym incentivizes its node operators by giving out cryptocurrency. The idea is that users need to buy NYM tokens in order to pay for traffic, and mix nodes will get NYM for providing their service. However, Nym distances themselves from scammy Web-3 applications:

I really do view Nym as being a part of what, in three to five years from now, will be a renaissance in the post-cryptocurrency blockchain space.

(Chelsea Manning dances with the crypto devil)

This argument seems to fall a bit short. Either NYM is not a cryptocurrency, exists only in the context of NYM and can only be used to pay for traffic (which probably leads to other problems), or NYM is a cryptocurrency that must be valuable in order to provide proper incentives – but then it is no longer post-cryptocurrency. And nothing screams post-cryptocurrency more than being backed by a lot of blockchain and crypto capital.

The need for NYM also leads to another problem: while their mission states that they want to “enable digital privacy for all humanity”, they are locking their privacy behind a paywall that requires users to first acquire cryptocurrency. This is a hurdle especially for people that might not have the funds or the means to pay, e.g. people that are living in countries with restrictive or authoritarian governments, who might benefit from privacy or censorship resistance the most.

A similar question has been asked by Daniel Hugenroth in a discussion with Nym’s CEO, with a twofold response: first, many people that want privacy in countries like China do have a lot of money, and second that in the future, the network should have the ability to allow a certain number of “free riders” [1].

Strong promises, but not always

Nym prides itself on its mix network, which – unlike Tor – hides traffic patterns and user activity. However, in actual deployment, users are offered the choice of a speedy mode:

To achieve the breakneck 10x pace of Speedy Mode, the cover traffic feature of the regular mixnet, where dummy data packets are mixed in with real data, has been dropped.

[...]

To whizz data along faster, Speedy Mode does not delay these packets, optimising for speed instead.

(Introducing Speedy Mode on NymConnect!)

Without those features, the mix network “degrades” in its privacy guarantees to basically the same thing that Tor offers. While Nym does call it a “trade-off between speed and privacy” (which is correct), it feels disingenuous to advertise the strong privacy guarantees of Nym, only to then offer a vague “reduced privacy” description for their speedy mode.

A similar thing happens with their SOCKS proxy. The client initialization features a special flag --use-reply-surbs, which is vital for the promises of the mix network to hold [2]. In the documentation they state:

The --use-reply-surbs field denotes whether you wish to send SURBs along with your request. It defaults to false, we are explicitly setting it as true. It defaults to false for compatibility with older versions of the Network Requester.

(Socks5 Client)

Since their main goal is privacy, it feels like this default option should definitely be changed. Not using it is actually severely degrades the privacy guarantees against a malicious network requester.

Nym focuses on the network layer

For web browsing, browser fingerprinting is likely better to track users than plain IP addresses. Tor takes steps to reduce this attack surface:

Tor Browser is specifically engineered to have a nearly identical (we’re not perfect!) fingerprint across its users.

(Tor Browser | Tor Project)

Nym, while promising strong privacy, does not consider this angle of attack. This might be due to the fact that they initially focus on more constrained use cases like blockchain transactions, but at least with the introduction of NymVPN, which enables general purpose browsing, this seems like a big oversight.

Nym didn’t have the time to become secure

Tor has been around for twenty years. During this time, the security of Tor has been subject to a lot of analysis and research, and the implementation of Tor has been as well. While this is in no way a guarantee of security, we can assume that many attacks and bugs have been found and fixed already, and we have seen Tor being used in practice by whistleblowers (e.g. via SecureDrop).

For Nym, it is unclear how well their promises actually hold up. While some of the discovered attacks are prevented by their mixnet design (like timing analysis), other attack vectors might open up, such as tagging attacks on the underlying cryptographic format [3] or flow matching attacks [4].

We have also found an implementation mistake that reduces privacy against malicious recipients, and we have notified the Nym team about it circa ten months ago. This bug however has not been fixed yet.

Those issues suggest that Nym needs more time to become secure, to fix problems in the implementation, and to analyze the underlying protocol.

Conclusion

It is exciting to see new privacy technologies being built, especially when it promises advantages over existing tools like Tor. However, in the case of Nym, it seems like their promises are stronger than their delivery.

Tor is pretty transparent over its weaknesses. They talk about them in the FAQ (“What attacks remain against onion routing?”, “Am I totally anonymous if I use Tor?”), and while Tor is not fully secure, its limitations are known.

Nym on the other hand promises privacy “even in the face of adversaries capable of monitoring the entire network”, so-called global adversaries. So far, I would say this is a huge overstatement of their capabilities, and products like NymVPN are likely less secure than Tor. With their professional branding, this can leave users in a false sense of security.