NymVPN’s roadmap for censorship resistance and security

As the Chinese New Year marks the start of a new cycle, we’re taking this opportunity to reflect on NymVPN’s path forward and share our 2025 research and development roadmap. This year, our focus is on advancing privacy, enhancing secure communication, and strengthening resistance to censorship in increasingly complex environments.

• Dragon (Power & Transformation): Making AmneziaWG the default VPN protocol to enhance censorship resistance and performance.
• Ox (Strength & Stability): Hardening APIs, infrastructure, and security for a more robust and reliable NymVPN.
• **Monkey (Adaptability & Cleverness): **Expanding censorship circumvention with advanced obfuscation transport protocols.
• Snake (Wisdom & Protection): Future-proofing privacy and security with post-quantum-safe cryptography.

Here’s a glimpse into what we’re working toward this year:

The arrival of AmneziaWG – Dragon

Our journey begins with the upcoming release of AmneziaWG, a WireGuard fork designed to protect against deep packet inspection (DPI) and protocol blocking by incorporating additional obfuscation techniques. By incorporating subtle but effective tweaks to the WireGuard handshake, AmneziaWG disruptes the simplistic rules often used to identify WireGuard protocol packets. These techniques allow VPN traffic to blend seamlessly into regular internet traffic, making it more difficult for restrictive networks to identify and block VPN connections. At the same time, AmneziaWG retains WireGuard’s simplified architecture and high performance, ensuring that users continue to benefit from the speed and efficiency that WireGuard is known for. With this integration, we strengthen NymVPN’s ability to provide private and unrestricted access to the internet, enhancing its resilience against VPN blocking or throttling on networks with strict filtering policies.

API hardening and infrastructure improvements – Ox

In the first half of 2025, we will focus on strengthening the security and resilience of the NymVPN API, ensuring that it is robust, reliable, and resistant to misuse. This effort will enhance the system's overall security, creating a safer environment for users, especially in challenging network conditions.

A key part of this initiative involves enhancing how the NymVPN client communicates with the network. We are implementing improvements to the way domain lookups are handled, ensuring that sensitive information is transmitted securely and protected from interference. These changes will reduce the risk of connection disruptions and enhance the overall stability of the system, enabling uninterrupted access to secure, censorship-resistant services.

Additionally, we plan to streamline the configuration process by incorporating more secure and efficient methods for obtaining necessary settings, improving overall user experience and making the NymVPN client more resilient during installation and use.

By focusing on these areas, we aim to bolster the privacy and security of our users' connections while ensuring NymVPN remains a reliable tool in resisting censorship and network interference.

Support for censorship circumvention tools – Monkey

In censorship-resistant tools, the most effective high-level strategy is adaptability. To that end, in the second half of 2025, we will shift our focus to integrating a diverse set of circumvention transports within NymVPN. These transports will enhance the VPN’s ability to dynamically respond to censorship, ensuring that people can not only establish a connection but maintain uninterrupted access.

Our goal is to support a robust arsenal of transport protocols, prioritizing those with strong implementation support, research-backed strategies, and a proven track record. This includes VMess — the randomizing protocol underpinning V2Ray, obfs4 — a cornerstone pluggable transport used by Tor, and TLS tunneling techniques similar to those found in XRay and ShadowTLS.

Another critical aspect of our circumvention strategy is the ability to blend seamlessly with regular internet traffic. To achieve this, we plan to incorporate secure commodity transports such as QUIC, WebRTC, and TLS, enhanced with circumvention-specific techniques. By combining these tools, we aim to offer greater flexibility and adaptability in challenging network conditions, enabling users to bypass censorship and maintain privacy even in the most restrictive environments.

This strategic integration of advanced obfuscation and secure transport methods will significantly strengthen NymVPN’s resilience against censorship. By ensuring uninterrupted access to online services, we empower users to navigate the internet freely, regardless of restrictive network policies.

Post-quantum strengthening – Snake

Security doesn’t stand still, and neither does Nym. With the rise of quantum computing, post-quantum cryptography is becoming an essential focus for ensuring long-term security. As our goal is to provide the most secure and private network access, one of our major research efforts this year is to deploy a post-quantum-safe transport protocol.

In the second half of 2025, we plan to strengthen NymVPN with post-quantum enhancements, specifically targeting two key areas: the cryptographic packet format that powers the mixnet and the obfuscation proxy protocol. Working with academic researchers and expert cryptographers, we are implementing an upgraded version of the obfs4 protocol that incorporates a post-quantum public key handshake. This design builds on lessons learned from the last decade of circumvention transports while aligning with the latest standards in post-quantum cryptography. By extending the Obfs4 design to integrate a quantum-safe obfuscated key exchange protocol, we ensure robust protection against future threats posed by quantum computing.

These efforts will ensure that NymVPN stays resilient in the face of future technological advances, while also safeguarding current users against potential threats. By integrating post-quantum cryptography into both the mixnet and the obfuscation proxy, we are preparing NymVPN for the evolving threat landscape and ensuring that our users continue to benefit from robust privacy and security.

---

As we move through 2025, these advancements will significantly enhance NymVPN's ability to provide secure, private, and censorship-resistant access to the internet. By continuously improving our technology, we are committed to staying ahead of evolving threats and ensuring our users have the tools they need to navigate the digital world safely. Stay tuned for more updates as we work toward a more secure and open internet for everyone.