Decentralized Internet and Privacy
NymVPN: The First Real-World Decentralized Noise-Generating Mixnet for Anonymity
February 1, 2026
10:50 AM – 11:20 AM Add to calendar
10:50 AM – 11:20 AM Add to calendar
UD2.218A
<p>Nym is the first decentralized noise-generating mixnet to provision real-world network anonymity to Internet users even against nation-state adversaries. The aim here is to supersede existing VPNs in order to fight increasingly more powerful authoritarianism and surveillance. Unlike traditional centralized VPNs that can be de-anonymized by a global passive adversary - like the NSA - based on their traffic patterns, Nym adds noise (“cover traffic”) to existing Internet communications. Similar to Tor, Nym routes each packet separately over a decentralized network of servers, but unlike Tor, mixes traffic and adds noise at each hop. It has both a “fast” and “anonymous” mode. The “fast” mode features speeds comparable to centralized VPNs using the same decentralized network as the mixnet, but without mixing. We will also explore the effect on anonymity of fine-tuning cover traffic, mix delays, and the rate of the Poisson distribution. We'll briefly overview upcoming features on censorship-resistance and postquantum cryptographic security on the network-level Via the SDK, the Nym mixnet remains free to use by hackers to build the next generation of privacy infrastructure.</p>
Additional information
| Live Stream | https://live.fosdem.org/watch/ud2218a |
|---|---|
| Type | devroom |
| Language | English |
More sessions
| 2/1/26 |
<p>The Internet landscape is evermore on it’s steadfast course towards surveillance and centralization. Video content and streaming out of CDNs now account for half of all global traffic; splinternets are now a thing, from China to South Korea, from Russia to Iran; mandatory backdoors on communication platforms are just around the conner with EU’s Chat Control. In this scenario, where most Internet connected devices have become tools of imprisonment rather than liberation, reviving the old ...
|
| 2/1/26 |
<p>Can we make the web more decentralized and more private without asking users to switch browsers? For the past five years, the IPFS ecosystem has pioneered multiple approaches to this challenge. This talk shares hard-won lessons about what works—and what doesn't.</p> <p>We'll cover three parallel strategies: (1) pushing for native protocol support in major browsers, (2) driving adoption of critical cryptographic building blocks (such as Ed25519 into WebCrypto API, a three-year standards ...
|
| 2/1/26 |
<p>The massive size of browser engines has concentrated power over the web platform into a few large corporations. Creating a new browser engine that is sufficiently featureful to be an alternative to the Big Three is practically impossible. But what if we could shrink the footprint of a browser's core? What if a browser was little more than a WebAssembly (Wasm) runtime and nearly everything else was an extension? By breaking up the monolith we would have a chance to re-decentralize control over ...
|
| 2/1/26 |
<p>In recent decades, the internet has increasingly become centralized, shifting from its hacker-driven origins into a cartel of advertising companies. It won't get better if we allow these same companies to drive the design of the web browsers and their protocols.</p> <p>Within hacker communities, many solutions have been developed to mitigate centralization, but their adoption has been limited, often because they require specialized expertise to be operated safely.</p> <p>In this talk I'll ...
|
| 2/1/26 |
<p>For over a decade, critiques of OpenPGP and GnuPG have resurfaced in cycles: too complex, too fragile, too old, unfriendly, too “cryptonerd.” Modern messaging apps, "forward-secrecy-by-default" protocols, and crypto tools are frequently presented as decisive reasons to abandon GPG altogether. Yet these arguments often rely on a deeper and more troubling assumption: that ordinary users cannot and should not be expected to understand or control their own cryptographic identity.</p> <p>This ...
|
| 2/1/26 |
<p>TLS has secured the internet for decades, but it has a major limitation: because TLS relies on symmetric encryption, data cannot simply be shared with a third party. As a result, most Web data remains locked inside centralized silos. HTTPS provides authenticity and confidentiality, but not verifiable provenance, leaving applications to rely on screenshots, scraped HTML, or centralized access control mechanisms such as OAuth.</p> <p>zkTLS changes this. Using MPC-TLS and zero-knowledge ...
|
| 2/1/26 |
<p>Public certificate authorities in TLS are a security liability from both a censorship and MITM perspective. Conceptually, DNSSEC's idea of tying PKI to domain names should be a better replacement -- except that in the DNS, relying on the names means trusting the registrars, registries, and ICANN. But what if we had <em>self-authenticating</em> domain names? Could we build a PKI on top of those? Could such a PKI work with unmodified mainstream web browsers like Chromium, Firefox, and Tor ...
|
