In this article, I’ll make an overview of what I’ve learned from Alexis Roussel, the COO of Nym, who read the lecture “Nym technologies and how they protect your privacy” for Shipyard Academy students on November, 10.
Privacy is a broad term, but, briefly speaking, it is the ability to share what you want with whom you want and how you want to do it. So, privacy is about the selective disclosure of your personal information.
You may think of privacy as a synonym for seclusion, but there is one interesting thing about it. As Alexis said, in Nym they have a motto “Privacy loves company”, because a lot of people are needed to hide the communication between them. The larger we are, the better anonymity and privacy we’ll have.
Imagine you are alone in the park, speaking to your friend. If someone wants to overhear what you are discussing, they can easily do it, because you are visible and hearable very well. But if there are 10 people around, seeing and hearing becomes more difficult. And what if you are surrounded by 1000 people, all wearing the same clothes and facial masks, and all of them speaking loudly? It’ll become almost impossible to overhear you chatting with your friend.
So, privacy is about making sure that we are hidden in the sea of anonymity. For some people, this is crucial to protect themselves against the threats they encounter in their lives.
One example is women in the US, looking for health advice about abortions, as they are illegal in some states. Also, journalists in places where there is no freedom of speech. Or transgender people, as they are threatened in some cultures. Speaking about organizations, many businesses also need privacy, because when you are doing business, your connections are being looked at. You need private communications with your service providers and other parties.
In fact, all of us need privacy, because the internet, which we are using, is built on surveillance. Large corporations like Google, Meta, Apple, etc. provide free services in exchange for harvesting your personal data and selling them to third parties. That’s why personal data has become “the new oil of the digital era”.
Cryptography is widely used nowadays to hide data via end-to-end encryption, especially in the finance, healthcare, and communications industries. For example, WhatsApp has adopted the Signal protocol to encrypt the data and thus prevent third parties from having plain-text access to messages or calls. Also, SSL certificates have been made compulsory for sites to be considered trustworthy, so almost all the sites on the web use https instead of http.
But encryption of data alone is not enough. Besides cookies (information about pages visited, date of the visit, and even passwords in some cases), which are collected by websites and stored on your hard drive, there is also metadata that needs to be protected. Metadata shows who is communicating with whom at what point, and hiding it is one problem that mixnets can handle with.
Internet is made of layers, OSI model suggests 7 layers, ranging from the physical to the application layer. The network layer is the place where all communications are made when you connect to the website or message your friend. There are packets that go through the network and reach destinations. They proceed on a very precise route that can be monitored.
Mixnet is an overlay network, based on the existing network of packets. Using it, instead of sending packets on the internet in a normal way, we are sending them through another network, built on top of this system. On their way, the packets are encrypted, mixed, and proceed to a lot of different hubs on their way. In the end, no one knows what is happening, as the message is sent in a completely disorganized way.
Surprisingly, mixnets are one of the oldest concepts on the Internet, dating back to 1981, when David Chaum, the famous engineer, published a paper about them.
The first significant usage of mixnets, their first implementation is called Mixmaster, an anonymous remailer, which appeared around 2000. But it has a problem - using it opened doors to tons of spam. Spammers wanted to hide and find computers allowing them to send emails freely. To prevent this, the remailers, who were using mixnets, had to protect themselves. That’s why Adam Back, who was maintaining an anonymous remailer, invented proof-of-work, which is used today by Bitcoin and other blockchains.
Nym is building a decentralized mixnet, providing privacy through anonymity tools. It’s important to note that Nym is not another VPN. VPNs are good for bypassing geolocalization, but bad in terms of privacy because VPN company stores data about you and your actions. Nym can’t collect this info, and it hides not only your IP, but metadata as well. It’s a network of computers, just sending packets to each other. They don’t record any packets, just mix and resend them.
Tor is also a mixnet, but it uses very old technology, and its design was meant to hide only IP addresses. Also, Tor does not protect you from “the god view”, as corporations may pay for the data collected by it.
Unlike Tor, Nym has created a token economy by introducing its utility token, which is used to pay for services. It also helps to fight against attackers, as there is a reputation system, incentivizing good actors and punishing the bad. If someone wants to attack Nym, they will need a large proportion of control in the form of tokens.
Nym is like Tor in terms of legality and regulatory space, and Tor has not been subject to legal attacks so far. The thing is, the government may want to destroy privacy, but they need it, too. Think about military or health organizations - they all need their privacy to be protected. If you regulate Nym, you basically regulate something like VPNs, and if you regulate VPNs, many corporations will collapse, because VPNs protect their data. Does the government want to collapse corporations? I don’t think so.