{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreihd4g7jeisusppvkpy2pv6xyr34cwdf7b5fq7w476c4atrjhgycvy",
"uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mmwnfjls4uc2"
},
"path": "/t/analysis-of-nym-vpn-and-its-guaranteed-privacy/38170#post_17",
"publishedAt": "2026-05-28T16:29:46.000Z",
"site": "https://discuss.privacyguides.net",
"tags": [
"Traffic analysis is an emerging threat vector",
"Cure53"
],
"textContent": "DanielM:\n\n> I can’t find any real-world evidence backing up the company’s claims regarding their 5 nodes against high-level adversaries. I don’t want whitepapers or lab results; what I want is proof based on reality\n\nThis is a reasonable goal. Let’s see what we can do\n\nDanielM:\n\n> If they don’t respond, it’s because they are hiding something.\n\nThis is a bold accusation based on no evidence of wrongdoing. I operate on zero-trust: I will assume any service provider _could_ be compromised, but I stop short of baseless accusations\n\nDanielM:\n\n> but forgets that high-level adversaries possess undisclosed, covert weapons\n\nFUD. We threat model against evidence-backed threat vectors. Mitigations against undefined, hypothetical threats are not practical\n\nDanielM:\n\n> Malicious actors (the NSA, the mafia, etc.) will ignore these rules and infiltrate the network, or are already infiltrated; each will operate according to their own agenda.\n\nWise. This is zero-trust architecture. Assume bad actors can/will penetrate wherever possible\n\nDanielM:\n\n> **2 - Advanced patterns detected:**\n>\n> → Not applicable. It is not fundamental to this service.\n\nDisagree. Traffic analysis is an emerging threat vector. Providers like Mulvad are beginning to design mitigation techniques. I assume the intent here is similar\n\nDanielM:\n\n> **3 - Emerging dangers:**\n>\n> Two words - Privacy “guaranteed”.\n\nYou argument here just seems to be a pedantic case against the word “guaranteed”. I do ultimately agree with your premise, but don’t feel it’s a meaningful indicator of their actual services\n\nDanielM:\n\n> Nodes run by “volunteers”.\n\nDanielM:\n\n> Even if the network is difficult for attackers or unfamiliar to them at first, they will learn how it works if it’s something new, and will stealthily counterattack\n\nWe’re back to zero-trust architecture. Good stuff. This is almost identical to issues Tor faces - users can maintain anonymity if a node is compromised, but it becomes difficult to do anything if the whole volunteer node network is assumed to be hostile\n\nDanielM:\n\n> **4 - Deep, multi-level reasoning:**\n>\n> → Not applicable. It is not worth applying a higher level of analysis to this service\n\nI think this is rehashing the same emerging mitigation techniques as section 2\n\n_______\n\nSo far as ‘proof’ goes, it does looknas though they’ve been audited a couple times. For example, I found the Cure53 report here. These are probably a good starting point for assessing the tech",
"title": "Analysis of Nym VPN and its \"guaranteed\" privacy"
}