If you’re looking to take control over your data and be more private online, you’re probably considering getting one of the best VPN services. Short for virtual private network, such security software promises to keep you anonymous by hiding your real IP address while encrypting all the internet traffic leaving your device.
So far so good, on paper at least. That’s because, contrary to what some marketing campaigns might want you to think, a VPN isn’t a silver bullet when it comes to privacy. For starters, these services can be hacked, seized or blocked. Even worse, not every provider on the market operates according to the same principles and security levels.
That’s why Swiss startup Nym Technology has decided to build a new VPN software, promising to deliver stronger security while solving the problem with providers’ trust. Its CEO and activist Harry Halpin, together with whistleblower and Nym security consultant Chelsea Manning, officially announced NymVPN launch during the Web Summit conference in Lisbon on November 16, 2023. I was there and talked with Halpin to learn more.
A problem of trust
Talking about traditional VPNs, Halpin said: “There’s a danger with that model because I need to trust some other person’s computer with all of my internet traffic. So, one possible danger is that that person is not a nice person.”
We already mentioned how VPNs operate to keep you anonymous. To do so, all the data leaving your device needs to pass through one of the servers owned or rented by the VPN provider before reaching the open web. As Halpin explained, this requires you to move the trust from your machine to someone else’s machine.
He also believes that no-log VPN services—which allegedly never retain users’ data—are just half of the solution. That’s because if there are providers like Mullvad to have proven their no-log policies against authorities’ requests, there have been instances like the infamous HideMyAss! case in which companies have handed over users’ data under court orders despite their no-log claims.
Did you know?
Nym Technology CEO Harry Halpin’s privacy mission comes after experiencing the concrete impact of government surveillance in person. A former climate activist, Halpin has been on a watch list which justifies extra surveillance for almost 15 years, which causes him troubles when traveling across the Schengen zone. “This reminds me continually about why we need better privacy tools,” he told me.
“We would like something that provides the benefits of a VPN with better privacy, what we call trustlessness. You don’t have to trust us or anyone else because we don’t have to collect your data. The best way to prevent problems with personal data is not to collect that data in the first place,” he told me when we talked for the first time, a few weeks prior to meeting in-person at the Web Summit.
At the same time, “decentralization by itself is not a magic bullet.” There are already decentralized privacy solutions on the market, with Tor browser probably being the most famous out there. Here, the servers are all run by volunteers and the traffic data passes via at least 3 of those for extra security. However, Halpin explained, even Tor isn’t enough against powerful agents.
“I use Tor every day for browsing and it works just fine. But if I was under surveillance—and I have been under surveillance in the past—that may not be enough.”
That’s because sufficiently powerful adversaries have the capacity to monitor the traffic coming in and out of a node—the term used for each individual user’s server that traffic is routed through.
The combination of timing and volume forms data patterns, independently of the IP address, which could give away details about the device used, online activities and even the machine’s geolocation.
How NymVPN works
“We do two things that are different,” said again Halpin.
For starters, NymVPN employs something called Mixnet. Based upon the idea of mix networks proposed by the cryptographer David Chaum in the 80s, Chelsea Manning came up with the concept independently while in prison for disclosing classified documents to non-profit media organization WikiLeaks.
Mixnet processes the different data packets entering into the server from different devices together, to allow users to hide in the crowd. The data passes here via 5 of those servers, with the packets getting “shuffled like a deck of cards” along the way. This process ensures that the traffic data gets out completely randomized, scrambling the ability for authorities, hackers and any other snoopers to identify who sends what packet.
This is supposed to be the first scalable real world solution using the mix networks concept. At the time of writing, NymVPN counts over 600 Mixnet servers around the world.
Besides delivering better privacy than traditional security software, the scrambling process happening in the Mixnet inevitably causes some loss of network latency. This translates to slower internet speeds.
To offer faster performance, the company decided to add a second option for carrying out less risky activities like international streaming. Hence, the second component making up NymVPN is a fully decentralized network running on 2-hop servers, and the speedy WireGuard protocol.
NymVPN also differs from competitors thanks to its innovative use of Blockchain technology (the same tech used by cryptocurrencies, for example).
Halpin told me that this tech has several advantages from the security point of view, but also usability. First of all, it decentralizes payments so that the system would keep running even if something happens to the company itself. This type of payment also makes the network purely no-logs, as payment processors are separate from the nodes that route your traffic. Finally, tech is supposed to evade authorities’ control even in the face of potential future regulations affecting encryption.
“That’s the point of Blockchain technology: it’s permissionless. You don’t ask for permission. So, that means that it can’t be shut down. Even if the laws change, it is still very hard to shut down,” he said.
Coming as a more secure alternative to current VPN solutions, NymVPN’s main focus is undoubtedly privacy. However, the company plans to focus on censorship and content unblocking next. Again, Halpin believes that decentralized security software should be better placed to bypass internet restrictions and other blocks.
Concerning how Mixnet works, Halpin believes that NymVPN could also be vital software to cope with issues linked to how AI and large language models like ChatGPT collect and misuse personal data.
He said: “AI models collect a lot of data by finding some patterns in the data. Our VPN does the reverse. We add fake traffic, we mix traffic up, we scramble the pattern. To some extent, what we’re building looks like a VPN, but it’s sort of an anti-artificial intelligence machine.”
What’s next?
Already very popular in Turkey and Ukraine, the company expects NymVPN to grow in popularity, especially across the Middle East and Eastern Europe more broadly. However, they can also see growing interest across South America and Asia already.
What’s certain is that more people using Nym will translate into better security for all. “The larger the crowd gets, the more you’re able to hide,” Halpin explained. “Imagine a crowd where everyone looks the same, it would be very hard to distinguish you. In a very small crowd it’s easier to see people because there are fewer people. So, you want the biggest crowd and for everyone to look the same, be treated the same, and that’s what we do on the network level.”
NymVPN introduces another innovation as, for the first time, users will be able to quantify how anonymous and private their connection is based on how many people are connected to the network at the same time. At the time of writing, this function hasn’t been added to the user interface, but the firm plans to do so soon.
All in all, Halpin told me: “Creating something like a decent VPN will always be an arms race. So, we don’t want to advertise ourselves as perfect, but we will advertise ourselves as a team that will constantly work to minimize the user data collected and maximize the privacy guarantees—these are things that other networks can’t do.”
We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
