What is a mixnet? Unparalleled online privacy with a VPN

Nearly one third of people worldwide are already using Virtual Private Networks (VPNs). That is a huge market. Many users, however, may not realize that the majority of VPNs on the market cannot guarantee our privacy online. In fact, sometimes they may even actively undermine it.

Until recently, traditional VPNs have been centralized and single-hop proxy services. In order to obscure client traffic, a VPN reroutes user data through their own server, replacing user IP addresses with the VPN’s own. Herein lies the problem: metadata logs of user traffic are likely stored on these targettable servers. As long as our data is centralized, it is at risk of data breaches, cyber attacks, and government surveillance, all of which could reveal the histories of what we do online.

A mixnet, short for “mix network,” will probably be a new word for most VPN users. But it addresses this crucial risk by providing an alternative routing architecture under the hood of a VPN service. Instead of routing user traffic through a central server, encrypted user data is instead mixed up with other traffic as it is sent through multiple successive servers, or nodes, before arriving at its final destination. With a mixnet, not only is there no single point of failure for revealing metadata, but traffic analysis is also remarkably stunted.

Research into mixnet technology has actually been going on since the 1970s, beginning with the academic work of David Chaum. But it has only been recently implemented in practice and commercially. With the rise of AI powered surveillance, and the systematic analysis of our metadata and online patterns, a VPN built on mixnet technology couldn’t be more urgent.

Thankfully, the new NymVPN is the first commercially available VPN to run on such a mixnet. Before breaking down NymVPN’s novel privacy features, we will work through the problem that metadata leakage poses for privacy and how a mixnet works to resolve it.

Read this article to discover more about the differences between centralized and decentralized VPNs.

Metadata: The VPN privacy leak

VPNs are digital privacy tools, but most cannot actually guarantee that what we do online will stay private. Part of the problem is architectural: they simply route your traffic through their servers, but provide no protection for the patterns of your communication. Since online communication is usually encrypted twice – once by the HTTPS web service and once again between our device and the VPN server – what exactly would be revealed? Metadata: the glaring problem at the forefront of the online privacy struggles.

So what exactly is metadata? It literally just means data about the data. This could include timestamps (when you connected to something online), frequency (how often a connection is made), duration (length of the connection), and message sizes (how much data was transmitted). Without the content of what you did or said online being itself visible, this might all seem like an irrelevant set of quantitative details. Unfortunately, the opposite is true: it might actually reveal more about you than even the content would.

Metadata can be assembled and used in traffic analysis to trace a message from point A to B, learning who is speaking to who, where transactions are being sent, which websites are being visited, or what article is read. Your IP address is itself a piece of metadata, identifying your device, geolocation, ISP, etc. When all of this information is taken together, it can be used to predict people’s habits, political preferences, social relations, purchasing behaviors, and other intimate details of their private lives and states of mind.

Moreover, metadata does not have legal protections in the way personal data can. Anyone with the technological know-how and the right tools can digitally fingerprint users to harvest or spy on metadata. It is therefore wide open to cyber attackers, governments, data brokers, corporations, and online services to harvest and exploit. Many ostensibly “free” VPN services come with a hidden cost: without client revenue and dedication, they are simply means for VPN companies to collect user data to sell wholesale to data brokers.

Yet even with more reliable VPN services offering user privacy commitments, their physical infrastructures and potential logging practices leave all our metadata vulnerable to breach. This may mask your activity from your Internet Service Provider (ISP) or your IP address from a website, but it does not prevent one successful security failure of the VPN database from putting it in the hands of someone looking to retrace all your digital steps.

Tools like traditional VPNs, proxies, and encrypted messaging services all help for user privacy. But even the strongest existing privacy technologies like Tor cannot address the problem of metadata leakage and tracking.

Mixnets

Over the last few years, Nym’s team of top privacy academics, researchers, and cryptographers (from MIT, UCL, KU Leuven, and EPFL) have worked tirelessly to solve this major problem in online privacy. In a way, it is a problem that stems from the core protocols of the internet itself: they all expose patterns of communication.

As we will see, Nym mixnet, and the upcoming NymVPN running on it, provides a number of breakthrough privacy protections for users. But first, let’s see how mixnets work and where the idea came from.

How does a mixnet work?

There is an old saying: “there are more ways to arrange a deck of cards than there are atoms on Earth.” A mix network takes advantage of this principle by shuffling communication packets just like a deck of cards. Rather than sending traffic from point A to point B, a message is split into identically looking encrypted packets before being sent through a successive series of servers called “mix nodes.” To make things even more complicated, dummy data-packets can even be introduced into the network to further obscure what’s happening across the whole network (what’s called “cover traffic”).

A mixnet architecture makes traffic analysis a nearly impossible task. Moreover, as we will see with the Nym VPN in practice, it solves the problem of metadata leaking from core internet protocols.

The history of mixed networks

Academics and researchers have long tried to fix the metadata privacy problem. In the 1970s, pioneering cryptographer David Chaum, with great foresight, first conceptualized a “mixed network” to protect the patterns of data in transit. Chaum proposed a decentralized network of relays designed to hide metadata in internet communications so that they could not be linked to users.

Traditional mixnets, as Chaum imagined them, arranged servers (or nodes) in a “fixed cascade,” where every data packet is routed sequentially in batches (see visual below).

Every packet is layer-encrypted – similar to Tor’s “onion-encryption” – using public-key cryptography. The encrypted packet is relayed across several hops of nodes that mix the packet. Each node shuffles the order of the packets (mixing), and removes a layer of encryption to get instructions for where to send it next. This delinks the sender from receiver as each hop can only see the next hop, not the original source nor destination. This also prevents any observers watching the network from tracing the data packets by what the order of their binary code – the 1s and 0s that comprise all pieces of data – look like.

There have been attempts to build this design, however they have fallen short for a number of reasons. The primary issue is that the model scales poorly. Each client and mix node must perform public key cryptography, which is time consuming. Latency becomes a real problem.

Over the years, grassroots groups, internet researchers, and academics have attempted to create working mixnets. Some of them did work, albeit with limitations. However, it is not until NymVPN that a working, battle-tested mixnet can deliver both anonymity and scale simultaneously.

More importantly, the so-called “anonymity set” has been limited to the amount of data packets in a single “batch” of data being mixed. But what is an anonymity set, and how has it been improved?

Anonymity set explained

An anonymity set essentially means safety in numbers. Imagine you are being followed and you want to try and lose your pursuer. If it is just you out in the open, you can be easily spotted. Though by moving into a large crowd of people, it gets much harder to identify and follow you. This is the principle of an anonymity set: the more data in a network, the harder it is to deanonymize each individual piece of data. You get “lost in the crowd” so to speak.

One major difficulty with creating a working mixnet is preserving anonymity while also allowing for scale. Chaumian mix networks use a single cascade and “batch-and-reorder” technique, where the total amount of data in the batch is the maximum size of the anonymity set. This limits the size of “the crowd,” so to speak, to a smaller top threshold. The Nym mixnet VPN, however, uses a stratified topology. This provides a much larger anonymity set because the network is designed for scale. Let’s visually compare the stratified model to other mixnet designs:

Credit: Messari/Understanding Nym report

NymVPN mixnet in practice

The Nym mixnet is the only market-ready technology that solves metadata leakage, and it will soon be available at the touch of a button via NymVPN. The Nym mixnet ensures that not only your content is protected, but also your metadata and patterns of communication. This is something that no other existing VPN providers or privacy technologies can provide. Here’s how it works:

Encryption

The NymVPN mixnet mode encrypts user traffic with a multi-layered and onion-like encryption called Sphinx. Sphinx has been designed specifically for multi-hop routing, with all essential routing information contained within the packet itself, thus eliminating the need for other computations. This is a crucial feature compared with the original mixnet design which required each node to add its own encryption, producing latency in the transmission. With Nym mixnet, packet handling occurs within hundreds of nanoseconds, so there’s minimal latency overhead and efficient network performance.

Multi-hop routing

With the mixnet VPN mode, user traffic is routed through 5 hops: an entry gateway, three mix nodes, and an exit gateway. As your identically sized Sphinx packets travel over the 5 hops, they are mixed in with fake, indistinguishable cover traffic to further confuse any observers of the network. The inner three nodes in the 5-hop path perform advanced packet shuffling to ensure that they cannot be correlated back to the user based on timing.

The Nym stratified topology has three layers of nodes for the mix node hops. When a packet is routed, one mix node is picked at random from each layer. As the demand for the network scales, the layers can simply scale horizontally, making sure there is always an optimum anonymity set for any level of usage. The beauty of this system is that the network is designed to scale both up and down. If usage is small, the layers will have less nodes and add dummy traffic so the anonymity set remains strong. If demand increases, more nodes are activated. This inter-linking design allows the mixnet to scale horizontally, meaning network capacity can always be increased by adding more servers.

Nym privacy features

• Encrypts data with novel multi-layer Sphinx encryption
• Protects your data and metadata in transit
• Is a decentralized network, offering unlinkability
• Is powered by an incentivized network and designed to scale
• Has cover traffic ensuring a large anonymity set for robust privacy
• Provides unparalleled protection for high-privacy use cases like sending and receiving sensitive emails, messaging, and crypto transactions

NymVPN: Bringing mixnets to life

After years of research, the Nym team has created an effective mixnet that is not only scalable, but where anonymity actually improves as the mixnet scales. Building a battle-tested, working mixnet with a completely decentralized architecture is an incredible feat. Mixnets offer a vision of a future decentralized internet where people have real control over how their data and metadata is used and managed without falling victim to spying and surveillance.

As we’ve seen, mixnets are prone to latency issues, delaying data transmission. It is also clear to us that not all online traffic has the same privacy priority for users. To this end, NymVPN has been designed to allow users to have the best of both worlds: fast speed and privacy and strong privacy for when you most need it. NymVPN thus offers two modes in one app:

• A 2-hop decentralized VPN mode using the WireGuard protocol, offering best-in-class security and speed for daily internet usage like web browsing, gaming, and streaming.
• A 5-hop mixnet mode for delivering the best possible privacy for the most sensitive use cases like sending and receiving emails, secure messaging, and crypto transactions.

Learn more about how to custom configure your VPN, including NymVPN, with split tunneling to further optimize your speed and security needs.

NymVPN offers unprecedented access to the Nym mixnet for the very first time. So join the NymVPN waitlist right now for early access to unparalleled privacy protection, and play your part in building a more private internet of the future.