Nym Mixnet: privacy theater

I’ve been seeing Nym* shilled somewhere - on usenet and blog posts comparing it to tor. The pitch: 5hop mixnet (your traffic is split into fixed-size packets, encrypted in layers, and bounced through five nodes), Poisson delays, cover traffic, economic “Sybil” resistance, 684 nodes in 74 countries. So I tried it. Built nym-socks5-client from source, initialized the client, picked exit gateways from the explorer. Pointed curl at the local SOCKS5 proxy. Nothing. Every time: “Starting proxy for example.com:80” in the logs, then silence. Zero bytes. Timeout. Tried --fastmode, tried HTTP, tried waiting 3 minutes. Dead. The client logs say “disabled credentials mode” and “managed to claim testnet bandwidth” so I assumed it was working. It wasn’t. I didn’t catch this at first, but it turns out exit gateways now require zk-nym credentials - which you only get through a paid subscription. So the packets go into the mixnet fine, but the exit node just drops them. The socks5 binary still compiles and still “connects” it just doesn’t actually reach the internet anymore. Then I started reading more about the project and it got sad. I don’t have a problem with paying for privacy - privacy isn’t free, someone has to run the infrastructure. The problem is the structure itself. The code is GPL-3, the nodes are run by the community, the research was funded with EU grants and public universities (KU Leuven, EPFL). But one Swiss company backed by a16z and Binance Labs controls the only working access point. They raised ~$18M in VC, sold $25M in tokens, set up a $300M “innovation fund” - and the token went from $5.88 to $0.02 while node operators keep staking and paying for electricity. What bothers me isn’t the ~$2/month. It’s that a single corporation can gate the entire network. If Nym Technologies SA decides tomorrow to change their terms, raise prices, comply with a court order, or just shut down - all those 684 community-run nodes become useless overnight. I’m not a cryptographer but I suspect there are privacy implications too, when all credentials flow through one entity.