Nym Secures $6M Funding for Anonymous Mixnet Privacy Service

Nym Technologies Secures $6 Million in Series A Funding

Switzerland-based Nym Technologies, a privacy-focused startup, has successfully raised $6 million in a funding round categorized as Series A. This investment will propel the continued development of its network infrastructure.

Prior to this, Nym had secured $2.5 million in seed funding back in 2019. Furthermore, the company benefited from grant funding received from the European Union’s Horizon 2020 research initiative during the initial research and development stages of its network technology.

Developing a Decentralized, Anonymous Network

The newly acquired funds will be allocated to the ongoing commercial development of network infrastructure. This infrastructure uniquely combines the established concept of Mixnets – which obfuscate data packet metadata at the transport network layer – with a novel, crypto-inspired reputation and incentive system.

This system is designed to ensure a high quality of service and support a resilient, decentralized infrastructure. Nym’s core proposition is the creation of “an open-ended anonymous overlay network that works to irreversibly disguise patterns in Internet traffic”.

Investment and Future Users

Investors in this Series A round demonstrate a strong affinity for cryptocurrency, aligning with Nym’s expectation that its initial user base will emerge from the crypto community. The round was led by Polychain Capital, with participation from several European investors, including Eden Block, Greenfield One, Maven11, Tioga, and 1kx.

Will Wolf of Polychain Capital stated: “We’re incredibly excited to partner with the Nym team to further their mission of bringing robust, sustainable and permissionless privacy infrastructure to all Internet users. We believe the Nym network will provide the strongest privacy guarantees with the highest quality of service of any mixnet and thus may become a very valuable piece of core internet infrastructure.”

Addressing the Internet’s Privacy Shortcomings

A fundamental flaw in the internet’s original design was the lack of built-in privacy considerations. Consequently, the complexity inherent in Mixnets – involving the shuffling and delaying of encrypted data packets to shield sender-to-recipient metadata from network-wide adversaries – may have seemed excessive during the web’s early development.

However, the emergence of Bitcoin, the crypto boom, and the Snowden revelations in 2013 dramatically shifted the landscape. Edward Snowden’s disclosure of the NSA’s mass surveillance programs brought network-level adversaries into sharp focus, and internet privacy became a paramount concern.

Growing Momentum for Privacy Technology

Since Snowden’s revelations, there has been a steady increase in momentum for privacy technology. This growth is fueled by rising consumer awareness and the use of services like end-to-end encrypted email and messaging applications. Momentum often spikes in response to data breaches and privacy-compromising policy changes by major tech companies.

Legal conflicts between surveillance laws and data protection rights are also creating challenges for businesses, particularly U.S.-based cloud service providers. Furthermore, the expansion of cryptocurrencies is driving demand for secure infrastructure to support crypto trading activities.

Nym’s Approach: Mixnets and Decentralization

In essence, the opportunity for privacy technology, both for businesses and consumers, is expanding. The team at Nym believes that the conditions are now favorable for general-purpose, privacy-focused networking technology to gain traction.

Tor currently stands as a well-known anonymous overlay network, utilizing onion routing to conceal the origin and destination of traffic. Nym’s network shares the node-hopping characteristic with Tor. However, Nym differentiates itself by employing packet mixing, which it contends provides even stronger network-level privacy.

Differentiating from Tor

Nym argues that Tor’s anonymity can be compromised by entities monitoring its ‘entry’ and ‘exit’ nodes. This vulnerability stems from the lack of “timing obfuscation” or “decoy traffic,” which are crucial for obscuring patterns that could be exploited to deanonymize users.

“Although these kinds of attacks were thought to be unrealistic when Tor was invented, in the era of powerful government agencies and private companies, these kinds of attacks are a real threat,” Nym suggests. It also highlights a key architectural difference: Tor relies on a centralized directory authority for routing, while Nym is fully decentralized.

Acknowledging Tor and the Evolution of Privacy

Demonstrating the validity of this claim will be a significant undertaking. Nym’s CEO acknowledges the strengths of Tor, stating it remains the best technology for securing web browsing currently available.

“Most VPNs and almost all cryptocurrency projects are not as secure or as private as Tor — Tor is the best we have right now for web browsing,” says Nym founder and CEO Harry Halpin. “We do think Tor made all the right decisions when they built the software — at the time there was no interest from venture capital in privacy, there was only interest from the U.S. government. And the internet was too slow to do a mixnet. And what’s happened is, speed up 20 years, things have transformed.”

A Shift in Perspective

“The U.S. government is no longer viewed as a defender of privacy. And now — weirdly enough — all of a sudden venture capital is interested in privacy and that’s a really big change”, Halpin added.

Given the complexity of Nym’s undertaking, continuous demonstration of the network protocol’s robustness against attacks and vulnerabilities is essential. This includes identifying and mitigating attempts to spot patterns, detect dummy traffic, and relink packets to their senders and receivers.

Open Source and Independent Audits

The technology is open source, and Nym plans to use a portion of the Series A funding for independent audits of new code. The company also emphasizes its commitment to hiring skilled professionals, with plans to more than double its headcount, including cryptographers, developers, and privacy marketing specialists.

Focus on Research and Development

The primary motivation for the funding round, according to Halpin, is to invest in further research and development. This will allow Nym to explore and potentially solve specific use cases beyond simply shielding user traffic, similar to Tor’s functionality.

Nym’s white paper proposes potential applications, such as enabling users to prove their right to access a service without revealing their identity to the service provider.

A For-Profit Approach to Privacy

A key distinction between Nym and Tor is their business models. Tor is a non-profit organization, while Nym aims to build a for-profit business around its mixnet technology.

Nym intends to charge users for access to the network, offering obfuscation as a service by mixing their data packets into a crowd of shuffled, encrypted, and proxy node-hopped traffic. The company is also exploring bespoke services, such as providing a “super VPN” for the banking sector to protect transactions or a secure conduit for AI companies to process sensitive data without exposing it.

Demand and Future Use Cases

“The main reason we raised this Series A is we need to do more R&D to solve some of these use cases,” says Halpin. “But what impressed Polychain was they said ‘wow there’s all these people that are actually interested in privacy — that want to run these nodes, that actually want to use the software.’ So originally when we envisaged this startup we were imagining more B2B use cases, I guess, and what I think Polychain was impressed with was there seemed to be demand from B2C; consumer demand that was much higher than expected.”

Nym anticipates that the initial use cases and early adopters will come from the cryptocurrency space, where privacy concerns are prevalent in blockchain transactions.

Launch and Future Development

The software is slated for launch by the end of the year or early next year. The initial release will include chat applications compatible with platforms like Signal, as well as a crypto wallet.

“Then over the next year or two — because we have this runway — we can work more on kind of higher speed applications. Things like try to find partnerships with browsers, with VPNs.”

Network Growth and Scalability

As of this early stage of development – with an initial testnet launched in 2019 – Nym’s network has grown to over 9,000 nodes. These distributed providers currently earn NYM reputation tokens, with the potential for future exchangeable crypto value as suppliers of key infrastructure if usage increases.

Why Mixnets Now?

Why haven’t mixnets gained widespread adoption before? The idea dates back to the 1980s. Halpin attributes this to issues with scalability and a key design innovation in Nym’s implementation: the ability to continuously add nodes to scale the network to meet demand.

Another crucial addition is the injection of dummy traffic packets into the shuffle, making it more difficult for adversaries to decode the path of specific messages and bolstering the packet mixing process against correlation attacks.

Incentives and Reputation

The Nym protocol’s crypto-style reputation and incentive mechanism, which ensures the quality of mixing (“via a novel proof of mixing scheme”), is another differentiating component.

“One of our core innovations is we scale by adding servers. And the question is how do we add servers? To be honest we added servers by looking at what everyone had learned about reputation and incentives from cryptocurrency systems,” he tells TechCrunch. “We copied that — those insights — and attached them to mix networks. So the combination of the two things ends up being pretty powerful.”

The Core Functionality of Nym

“The technology does essentially three things… We mix packets. You want to think about an unencrypted packet like a card, an encrypted packet you flip over so you don’t know what the card says, you collect a bunch of cards and you shuffle them. That’s all that mixing is — it just randomly permutates the packets… Then you hand them to the next person, they shuffle them. You hand them to the third person, they shuffle them. And then they had the cards to whoever is at the end. And as long as different people gave you cards at the beginning you can’t distinguish those people.”

General Purpose Privacy vs. Provider-Specific Solutions

Nym also argues that its independent and general-purpose mixnet technology offers advantages over provider-specific privacy solutions. By folding all types of traffic into a shuffled pack, it can potentially achieve greater privacy for users’ packets compared to tech offered by a single provider to its own users, such as Apple’s recently announced privacy relay network.

In Apple’s case, an attacker already knows the traffic originates from Apple users accessing iCloud services. Nym, as a general-purpose overlay layer, can theoretically provide broader contextual coverage and scale privacy as usage increases.

Addressing Historical Challenges

Historical performance issues with bandwidth and latency are other reasons mixnets haven’t gained traction. However, Nym believes these challenges can be overcome with advancements in internet bandwidth and compute power, along with its design tweaks, such as dummy traffic.

Ultimately, Nym contends that the time for mixnet technology has arrived, not only due to technical advancements but also because privacy concerns are unlikely to diminish.

Potential for Government Adoption

Halpin suggests that governments may eventually seek alternative technology solutions to address surveillance concerns, particularly regarding reliance on providers subject to state surveillance regimes. He believes trusting sensitive data to corporate VPNs in such countries is a risky proposition.

(The European Data Protection Supervisor is currently reviewing EU bodies’ use of U.S. cloud services from AWS and Microsoft to ensure compliance with the Schrems II ruling, which invalidated the EU-US Privacy Shield due to concerns about U.S. surveillance laws.)

Focus on Crypto and Beyond

Nym is betting that some governments will eventually seek alternative solutions. In the near term, however, Halpin expects interest and usage to come from the crypto world, where privacy is crucial for protecting transactions.

“The websites that [crypto] people use — these exchanges — have also expressed interest,” he notes, adding that Nym received funding from Binance Labs after participating in its incubator program in 2018.

Protecting Crypto Transactions

The issue for crypto users is that their networks are relatively small, making them vulnerable to deanonymization attacks.

“The thing with a small network is it’s easy for random people to observe this. For example, people who want to hack your exchange wallet — which happens all the time. So what cryptocurrency exchanges and companies that deal with cryptocurrency are concerned about is typically they do not want the IP address of their wallet revealed for certain kinds of transactions,” he adds. “This is a real problem for cryptocurrency exchanges — and it’s not that their enemy is the NSA; their enemy could be — and almost always is — an unknown, often lone individual but highly skilled hacker. And these kinds of people can do network observations, on smaller networks like cryptocurrency networks, that are essentially are as powerful as what the NSA could do to the entire internet.”

Decentralization and Privacy: A Nuance

There are numerous startups seeking to decentralize various aspects of internet infrastructure. While many tout increased security and privacy as benefits of decentralization, Halpin argues that this claim is often misplaced. (He co-authored a paper on this topic, entitled “Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments”.)

“Almost all of those projects gain decentralization at the cost of privacy,” he argues. “Because any decentralized system is easier to observe because the crowd has been spread out… than a centralized system — to a large extent. If the adversary is sufficiently powerful enough to observe all the participants in the system. And historically we believe that most people who are interested in decentralization are not experts in privacy and underestimate how easy it is to observe decentralized systems — because most of these systems are actually pretty small.”

Nym’s Differentiated Approach

He points out that there are “only” 10,000 full nodes in Bitcoin and Ethereum, and newer decentralized services often have even fewer. While Nym’s network has a similar number of nodes to Bitcoin, it’s also a mixnet, incorporating multiple layers of encryption and traffic mixing.

“We assume the enemy is observing everything in our software,” he adds. “We are not what we call ‘security through obscurity’ — security through obscurity means you assume the enemy just can’t see everything; isn’t looking at your software too carefully; doesn’t know where all your servers are. But — realistically — in an age of mass surveillance, the enemy will know where all your services are and they can observe all the packets coming in, all the packets coming out. And that’s a real problem for decentralized networks.”

A Movement Towards Privacy

Post-Snowden, there’s been growing interest in privacy by design, with startups like DuckDuckGo, Protonmail, and Brave gaining momentum. Apple has also successfully marketed its hardware with a focus on privacy.

Halpin aims for Nym to be part of this movement, building privacy technology that can reach the mainstream.

“Because there’s so much venture capital floating into the market right now I think we have a once in a generation chance — just as everyone was excited about P2P in 2000 — we have a once in a generation chance to build privacy technology and we should build companies which natively support privacy, rather than just trying to bolt it on, in a half hearted manner, onto non-privacy respecting business models.

“Now I think the real question — which is why we didn’t raise more money — is, is there enough consumer and business demand that we can actually discover what the cost of privacy actually is? How much are people willing to pay for it and how much does it cost? And what we do is we do privacy on such a fundamental level is we say what is the cost of a privacy-enhanced byte or packet? So that’s what we’re trying to figure out: How much would people pay just for a privacy-enhanced byte and how much does just a privacy enhanced byte cost? And is this a small enough marginal cost that it can be added to all sorts of systems — just as we added TLS to all sorts of systems and encryption.”