Utkarsh Roshan
Privacy-focused firm Nym, backed by a16z and other investors, has introduced its zero-knowledge payment system along with a perpetual token buyback model.
Nym’s decentralized DePIN payments system and token buyback are now live for public testing.
The company’s NymVPN, initially unveiled in November 2023, is set for a commercial launch on March 13, 2025.
We spoke to the company’s Chief Strategy Officer, Jaya Klara Brekke, to understand more about the development and the upcoming launch.
Invezz: How does Nym’s zero-knowledge payment system work to ensure that user payments remain unlinkable to their network usage?
Zk-nyms is a cryptographic method to ensure that a user can prove they have paid for a NymVPN subscription, but don’t have to reveal any payment details to network operators. In short, payments are unlinkable to the use of the network.
Use of the Nym network requires possessing authorized access credentials called zk-nyms (or zero-knowledge Nym credentials).
Zk-nyms function as anonymized ticketbooks, as if you purchased a package of multiple passes to ride the metro while vacationing.
Each ticketbook is composed of individual tickets that represent bandwidth.
These ensure that payment details are delinked from credential issuance: no one, not even Nym, will be able to link a user’s payment details with their access credentials and, in turn, their usage of NymVPN.
Here is how they are generated: When a user’s payment is confirmed, a key pair is generated for them on Nym’s native Nyx (Cosmos) blockchain.
One key is held on the user’s device (NymVPN app) and the other on-chain.
This allows the Nym API to communicate between the app and the Nyx chain to validate that a user’s subscription has been paid for and is active, which triggers validators to issue zk-nym credentials associated with that key pair.
Invezz: Can you explain the mechanics behind the perpetual token buyback mechanism and how it creates continual NYM buy pressure?
Nym has a circular, flywheel economy, where everyone contributing to the system benefits as usage grows.
NymVPN is run by node operators across the world who are rewarded in NYM tokens for providing privacy services.
This is the supply side. The perpetual buy-back mechanism is a crucial piece of this wheel as it links demand for NymVPN directly to demand for the token, effectively setting in motion the demand side and completing the flywheel dynamics.
In simple terms, here is how the perpetual buy-back works: when someone buys a NymVPN subscription, this triggers an automatic buy-order for NYM tokens on the market, adding buy-pressure.
This means if more people are buying NymVPN subscriptions, we should start seeing this reflected in the token price, which then makes it more attractive to run Nym nodes and stake in the ecosystem, which in turn services the increasing demand for the NymVPN.
Invezz: In what ways does NymVPN differ from conventional VPN payment systems?
First of all, NymVPN maintains your privacy, not as a promise but through technology.
Normal VPNs basically just route your traffic through their own centralized servers and can see everything you are doing.
This does help to change your IP address from the perspective of the service you are trying to connect to, but everything you do is fully visible to the VPN provider. NymVPN instead is multi-hop and run by independent operators.
This means no one, not even us, can see what you are doing.
Secondly, NymVPN is the first to offer a ‘noise generating mixnet’ off the shelf.
This is a new type of anonymous traffic routing that protects the metadata of your communication, meaning not just the content but also the patterns of your online activity.
Your traffic is mixed with other people’s traffic so it becomes near impossible to trace patterns of communication, even for someone who is watching the entire network.
Invezz: Can you explain a bit about the Mixnet network? Does it hamper the browsing speed?
Here is what happens when using this powerful technology: your communication is first wrapped in what are called “sphinx” packets on your device.
These are a form of layered encryption that make all packets look identical, making it harder to trace them.
Then your device sends this encrypted packet across five hops, along with cover traffic to confuse patterns of communication, before it reaches its destination.
The first hop is a “gateway” that checks that you have permission to use the mixnet.
This first gateway unwraps a layer of your packet to see where to send it to next and sends it to what is called ‘mixnode’, basically a server run by one of our independent operators.
This server cannot see where the packet originated from, nor what its destination is.
This server mixes your packet with other people’s, reordering them before unwrapping a layer to see where to send it to next.
Your packet is then sent to another mixnode, who again mixes, unwraps and sends on to a third mixnode, who does the same, before sending to an exit gateway.
The exit gateway unwraps and sends the packet to its final destination, a person, website, or server that you are trying to connect with.
All of this effectively makes your online activities untraceable and anonymous by default.
It does have an effect on browser speed and is currently best used for things like email, messaging, and cryptotransactions and activities that can tolerate a little bit of latency.
We are currently optimizing the cryptography involved, developing a new packet format as well as looking at hardware optimisation to speed things up.
Invezz: With increasing global insecurity and censorship, what specific features of NymVPN ensure that users’ communications remain secure and private?
Firstly, the fast mode is based on the WireGuard Amnesia protocol, which has censorship resistant properties
Secondly, the fast mode has two hops, which ensures that operators cannot link sender and destination.
Third, the anonymous ‘noise generating mixnet’ mode is possibly the most secure communications method currently out there as it has five hops, sphinx encryption, mixing, and ads cover traffic and timing obfuscation making it near impossible to trace metadata and online patterns of behavior.
Invezz: How does Nym plan to grow its global network of node operators, and what challenges do you anticipate in scaling your decentralized infrastructure?
We have a built in flywheel that is designed to incentivise scaling as demand for network services grows.
To supplement these token economic dynamics, we also run a grants program to bootstrap new nodes in new geographies to match our marketing and expansion plans so we can ensure a timely high quality of service as demands in certain markets grow.
Invezz: Ahead of the commercial launch, what are the competitive advantages that will set NymVPN apart?
We believe the demand for real online privacy, security, and censorship resistance is dramatically growing right now as global instability escalates.
We are one of very few VPN companies that have an easy to use, consumer facing app that provides decentralized services and thereby real privacy and security when we route traffic.
We are also the only company out there that is currently offering a functioning noise generating mixnet to end consumers.
This is incredibly powerful anonymity technology.
Invezz: In an era where governments are ramping up surveillance efforts, how difficult has it become to keep user data private? Do you notice any changes from, let’s say a few years ago?
Governments regularly attempt to break privacy because it is a repeated misunderstanding that surveillance helps to ensure national security.
This is a misunderstanding of some important characteristics of digital communication technology.
It is simply not possible to weaken privacy only for the bad guys. When you weaken privacy, that results in less security for everyone, opening up the population to not just government surveillance, but surveillance by bad actors.
With geo-political instability, this misunderstanding will become more pronounced.
The tech-savvy governments will understand that especially due to instability, they must do everything they can to ensure strong privacy and security and not undermine the integrity of their national infrastructure.
The more naive governments will unfortunately do the opposite, like we see in the UK right now with the demand on Apple to put in a backdoor on their data storage services.
This will have negative ramifications for the security of the users.
Invezz: Following the beta phase, what obstacles were identified, and what refinements can users anticipate at launch?
Main obstacles that we identified in the Beta release and have since fixed include lagging and connectivity issues as well as the speed of network servers.
We have increased the minimum specs for running a Nym node and improved the snappiness of connecting and disconnecting when using the app.
We also found that users want to be able to select specific servers, not just the countries they want to hop through.
This has also been implemented – and means that if someone has a favourite service provider, they can make sure to select that specific server when using the app, but if someone doesn’t really care, they can also just select the country they need and get on with their lives.
Other features that we have completed ahead of launch is also a kill switch, which we wanted to ensure we had in place so people connect and disconnect securely.
The post Interview: ‘No one, not even us, can see what you are doing’ — NymVPN’s CSO ahead of launch appeared first on Invezz
