“Privacy for end users, transparency for the infrastructure”

When considering privacy and surveillance, it is easy to get confused and think that either everything is private and no one knows who is doing what, or that some things are visible and therefore the system is vulnerable to surveillance.

In other words, we imagine that either the light is switched on and everything and everyone is under surveillance, or the light is off and we are in the dark: ‘dark web’, ‘endarkenment’ and so on. But this is not how things really work or even should work. What matters is not whether the light is off or on, but who is observing _what _and for which purposes.

In this brief post, I explain what is private in the Nym architecture and what is transparent to ensure security for the people that depend on it.

A good rule of thumb is the cypherpunk privacy ethos:

transparency for the powerful and privacy for the rest of us.

This approach might be easy to understand and agree with when we think of big corporations and authoritarian governments. But when it comes to decentralised networks, who exactly is ‘the powerful’ and who are ‘the rest of us’?

The short answer is the infrastructure and those that run it are in this case ‘the powerful’. Because it is the infrastructure that determines and sets the conditions that the rest of us operate within. This is why it is essential for decentralised infrastructures to be transparent.

Most of the Web3 and blockchain ecosystems have a fairly well established practice of transparency, openly publishing whitepapers, technical papers and code for review by peers. From protocol designs (whitepapers) to the code and algorithms and their governance (open source) to the ledgers (public ledgers and blockchains), a history of open source and information security culture has ensured transparency for the infrastructure.

What is slightly less common is a good understanding of the security issues of too much transparency (publishing data on a public blockchain that really does not need to be there), or too little transparency (not having enough trustworthy information about the nodes that run a network).

Nodes as public entities

In the Nym architecture, nodes are encouraged to publish information about themselves and are also monitored and verified in a decentralised manner. What does this mean in practice? It means that nodes are public entities. There are important social as well as information security reasons for this. Socially, the Nym incentive scheme encourages mixnodes to create a public profile describing themselves, their group or organisation and operating ethos. This allows nodes to gain reputation and attract delegated staking.

The transparency of node operations is also guaranteed by design. Node profiles in Nym also include public keys and addresses, publicly verifiable performance metrics such as reputation and Quality of Service (QoS), and verified location, VerLoc. Public keys and addresses are essential for constructing the messages that are routed through the mixnet. And these also have to be fully public in order to avoid what are called “eclipse attacks” that exploit the fact that users have different views of the network. Performance metrics help the community monitor the quality of service by delegating stake. And VerLoc is an entirely novel technique for verifying node geo-location.

Introducing Verloc

Nym’s Chief Scientist, Claudia Diaz, in collaboration with Katharina Kohls at Radboud University, have developed a method of using the limits of the speed of light to determine and verify the location of nodes in the Nym network in a fully decentralised manner. What is called ‘Verifiable Location’ (VerLoc) sends pings between nodes in the network, determining their relative distance to one another by measuring speed. This can determine a node’s location within a margin of error less than a hundred kilometers.

What are the benefits of Verified Location? Firstly, it makes it possible to verify if the network is decentralised enough. For example, if all nodes were in the USA (or in any single jurisdiction) it would be relatively easy to hit all nodes with requests to log traffic. If connections pass by different jurisdictions, end-to-end tracing by coercing or compromising nodes becomes much harder. Verified Location could in this way also encourage people to support nodes in under-represented regions to ensure the decentralisation and diversity of the network, even if their performance might not be the most competitive. In short, VerLoc improves decentralisation and security because nodes will not be able to lie about where they are located to slow down performance for example. And finally, it makes it possible to optimise the performance and usability of the Nym mixnet, by routing via nodes that are within set proximities.

In short, Nym achieves strong privacy for people by making the infrastructure transparent and verifiable.

• Quote in title from Claudia Diaz, Chief Scientist at Nym