This startup is working to bring full anonymity to the internet
Nym is using mixnets to make it impossible to follow the path of any individual as they move around the web
Canadian developer Dave Hrycyszyn was recruited to Facebook’s Libra team but left after just one month and later joined the privacy startup Nym
Dave Hrycyszyn had never used Facebook, until Facebook hired him. “At Facebook, your office login is your Facebook account,” says Hrycyszyn. “I’m probably one of the very few people who ever had to create a Facebook account in order to work at Facebook.”
Hrycyszyn, a Canadian coder expert in computer security, had joined the social media behemoth in February 2019 alongside several other members of the team of Chainspace, the London-based startup he had co-founded a year earlier. Four out of five of Chainspace’s other co-founders were computer science researchers at UCL, including George Danezis, the head of the university’s famed Information Security Research Group – and Hrycyszyn’s best friend, groomsman, and neighbour. The company’s focus was blockchain technology, the digital pipeline used to exchange cryptocurrencies like Bitcoin and Ether. Why on Earth would Facebook, a social network, acqui-hire a blockchain firm?
The answer arrived five months later, when the corporation unveiled plans to launch its own cryptocurrency, Libra, by 2020. Backlash ensued: countless thinkpieces appeared accusing Facebook of planning to use this new tool to harvest financial information about its users, while governments, parliaments, and central banks warned the tech giant against undermining countries’ monetary policies.
Hrycyszyn was not there to take the heat: he had left Facebook following just one month working in the company’s blockchain division. “I looked around, and thought: ‘I’m not a big organisation person’,” Hrycyszyn says. Now, in what seems almost a riposte to his former employer’s data-hungry approach, he is trying to bring full anonymity to the internet, and make cryptocurrency transactions inscrutable even to the most powerful identifying techniques. What’s more, the technical backbone of the project was created by his friend – and current Facebook blockchain researcher – George Danezis.
Hrycyszyn had planned to take some time off after resigning from Facebook. But Harry Halpin started badgering him straight away: will Hrycyszyn join his company, and help implement Danezis’s vision of a free, surveillance-resistant internet? A researcher at MIT and Inria Paris, Canada-born Halpin was a roving, larger-than-life figure wedding expertise in cryptography with a crusading attitude about privacy and its role in propelling political dissidence.
In the 1990s, he had driven his van to Mexico to bring computer equipment to a pro-Zapatista group; during the Arab Spring, he had flown to Tunisia and Egypt to support protesters; recently, he has held privacy workshops in Rojava, the Kurdish-controlled autonomous region in northeastern Syria besieged by the Assad regime, Turkey, and islamist militants. “I always wanted to build technology that enabled radical social change,” Halpin says. For him, Edward Snowden’s revelations, in 2013, of the US National Security Agency’s mass surveillance campaign – the harvesting of millions of internet communications and mobile phones metadata – had been a call to arms. He had joined two EU-funded research projects devising stronger privacy-enhancing technology.
Harry Halpin is a roving figure combining cryptographic expertise with a crusading pro-privacy agenda
Also working on those projects was Danezis, whom Halpin had first met at a barbecue in Cambridge over a decade earlier. Halpin was captivated by Danezis’s design for an internet protocol able to shield communications from eavesdroppers by shuffling information packets – and proposed that they spin the idea out as a startup. In late 2018, they launched Nym, a Switzerland-registred company whose initial slogan was “Surveillance is Over.” Mere months after the launch, Danezis was recruited by Facebook, an event that Halpin recalls as “a disaster.” But he did not despair: he hired Claudia Diaz, a professor of privacy technology at Belgium’s KU Leuven university, as chief scientist, and Danezis’s former PhD student Ania Piotrowska as head of research; when Hrycyszyn joined the company in mid-2019 Halpin felt that he had all he needed to accomplish Nym’s mission. “We went from nearly being killed by Libra to having a fully fledged team that was better than the team we had before, with George,” Halpin says.
Nym’s plan hinges on an internet protocol called mix network, or mixnet. First proposed in the 1980s, a mixnet jumbles and randomly reroutes internet communications through a series of proxy servers – or “nodes” – thus covering the tracks of each message before it is delivered to its recipient, making it harder for snoopers to understand who is talking to whom.
Mixnets, Hrycyszyn says, are an old passion of Danezis, who as a PhD student had told him about his dream to build a way of exchanging information online such that not “even God watching the network would be able to tell that we’re communicating”, let alone the subject of that communication. Danezis’s fixation might have sounded purely theological back then, but today adversaries and governments often rely on bulk collection of internet metadata – information such as one’s IP address, location, and contacts, as opposed to the actual content of emails and texts – for surveillance. As former CIA and NSA director General Michael Hayden once said: “We kill people based on metadata.”
Claudia Diaz, a professor of privacy technology at KU Leuven, took over as Nym’s chief technologist
Nym built on Danezis’s research to bolster the original mixnet architecture: their system adds stronger layers of protections, a more sophisticated way of mixing and relaying the packets, and the injection of fictitious traffic into the network to further confound malicious observers. The end result is something that Hrycyszyn describes as akin to a crowded street in which hundreds of identically disguised passersby jump in and out of tens of tents at irregular intervals: it is just impossible to follow the path of any one of them.
One downside of those precautions is that Nym’s mixnet is relatively slow at sending data compared with other network architectures, which makes it not ideal for web browsing or video streaming. “Nym is best suited for applications that send moderate amounts of data, have some latency tolerance and are suited for message-based (rather than connection-based) communications,” Nym chief scientist Claudia Diaz explains. That includes emails, file transfers, texts and – crucially – cryptocurrency transactions. And, inevitably, cryptocurrency users seem to be what Nym is banking on in order to succeed.
“We’re going to start off by making alliances with different people in the cryptocurrency community and try and drive adoption through that community first,” Hrycyszyn says. “The first step on the ladder is cryptocurrency.”
People in crypto, either out of a privacy-minded spirit, or, less frequently, because they engage in illicit activities, value anonymity to a fault; yet, the last few years have seen the advent of a budding industry of blockchain analysis firms – such as Chainalysis or Elliptic – leveraging Artificial Intelligence to track, link, and in some cases deanonymise transactions. Nym says its technology would change that: any blockchain running on its mixnet would be armoured against snooping.
The company is also going to use cryptocurrency tokens as a payment system to access the mixnet, and as an incentive for people running the nodes – the physical servers through which data packets bounce back and forth – to ensure that the network can rely on a large infrastructure. Nym already has set up a smaller network, and plans to launch its final implementation by the end of 2020. The mixnet also supports zero-knowledge proofs, a technique, dear to the crypto-elite, that allows people to disclose minimal information when verifying their identities.
Will all this work? Not everyone is convinced things will be simple. Among them is Stephanie Whited, communications director of The Tor Project, the developer of Tor, a software currently used for anonymous communications and web browsing. While Whited concedes that Tor’s architecture is not resistant against eavesdroppers able to monitor the whole network – as some governments are – she suggests that Nym might also struggle to keep those adversaries at bay in the long run. “Over long periods of time, an adversary can work out who is communicating with who by simply seeing who is always connected to the network at roughly the same time,” she says.
Ben Laurie, a principal engineer at Google Research, and one of the creators of key internet security protocol OpenSSL, thinks that Nym’s technique of inundating the network with dummy traffic to camouflage users’ communications might be one of the main snags. “You have to have ‘cover traffic’, in other words generate traffic even when you’re not actually doing anything,” he says. “The effect of that on the total amount of bandwidth that the internet requires is drastic – could easily be ten times of the current bandwidth.” Still, Laurie says that advances in network architecture might make the problem less dramatic in the future. As of March 2020, he was in talks to join Nym as an advisor.
One of Nym’s strong suits seems indeed its ability to command the support of figures associated with different waves of security and privacy technology – spanning from Laurie to British bitcoin developer and ideologistAmir Taaki, currently working on developing a product for the company’s mixnet. What about the person who inspired it all, George Danezis? “I met him two nights ago,” Hrycyszyn tells me of his neighbour in late February 2020. “We’re not going to stop talking about privacy. But he’s not directly involved in the project anymore.”
Gian Volpicelli is WIRED’s politics editor. He tweets from @Gmvolpi