NYM mixnet
This project is in a testing phase, which means that it could fail on numerous occasions and in cases of use, be conscious of this before starting this guide
The NYM mixnet technology ensures enhanced privacy and anonymity for online communications. It utilizes a decentralized network to encrypt and route data, ensuring that the origin and destination are concealed. By implementing the NYM mixnet, users can protect their online activities and sensitive information, safeguarding their privacy from surveillance and censorship. This advanced networking technology provides a secure environment for transmitting data and maintaining anonymity.
Difficulty: Intermediate
The technology involves two key components: the Network Requester and the SOCKS5 Client. The Network Requester acts as an intermediary, encrypting and routing data through a decentralized mixnet network to enhance privacy and prevent surveillance. The SOCKS5 Client establishes a secure connection to the mixnet, enabling users to route network traffic and enjoy improved privacy.
Implementing these components empowers users to protect their online activities and sensitive information. Service providers, such as the network requester and mix nodes, offer services that leverage data mixing, identity protection, and traffic routing, further enhancing privacy in the NYM network.
Together, these components and service providers create a decentralized infrastructure within the NYM network, safeguarding user anonymity and protecting online activities.
Requirements
Others
Preparations
Install dependencies
With user
admin
, update and upgrade your OS
Make sure that all necessary software packages are installed
Check if you already have Rustc
Example of expected output:
And cargo installed
Example of expected output:
If you obtain "command not found" outputs, you need to follow the Rustup + Cargo bonus section to install it and then come back to continue with the guide
Configure Firewall
Stay login with the user
admin
, configure the firewall to allow incoming requests to the nym-socks5-client
Installation, Configuration & Run
Compile NYM binaries from the source code
Now we will go to the temporary folder to create the NYM binaries that we will need for the installation process
Set a temporary version environment variable to the installation
Clone the latest version of the source code from the GitHub repository and go to the nym folder
Enter the command to compile
This process can take quite a long time, 10-15 minutes or more, depending on the performance of your device. Please be patient until the prompt shows again
-> Don't worry about possible "warning:...
" logs, it is aimed at application developers
-> If the prompt shows you this error:
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured. help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.
You need to type "rustup default stable"
and wait for the process to finish, then try again the command before
Also, that could help Upgrade Rust to the latest version
If you come to update, this is the final step, go back to the Upgrade section to continue
Install network Requester
Create the nym user
Create the user nym with this command
Staying in the temporary folder, copy to the home nym user the "nym network requester" binary
Assign the owner of the binary to the nym user
Init network requester
Switch to the user "nym"
Init the network requester for the first time with
gateway based selection
flag to choose a gateway based on its location relative to your device
If you want to select the gateway that your network requester will be connected to, you could add the flag --gateway <gatewayID>
replacing the <gatewayID>
with someone on this list and delete the --latency-based-selection
flag
Take note of your network requester address <requesteraddress>
Example ->
Address of this network-requester: 84K1SPBsSPGcCGQ6hK4AYKXuZHb5iU3zBc9gYb3cJp6o.Cfc67agMVw6GRjPb7ZyEfZSwLeVSvYtqKCKmATewujajT@2xU4CBE6QiiYt6EyBXSALwxkNvM7gqJfjHXaMkjhdjywS
Check the correct installation
Example of expected output:
Exit from the nym user session
Create network requester systemd service
The system needs to run the network requester daemon automatically in the background, even when nobody is logged in. We use "systemd"
, a daemon that controls the startup process using configuration files.
As user
admin
, create the service file
Paste the following configuration. Save and exit
(Optional) You can add --fastmode
attribute to the ExecStart
parameter to enable this feature, this means the connection will not mixed up as much, but you will still be covered by the same privacy standard/minimum that NYM provides:
Enable autoboot (optional)
Prepare “nym-network-requester” monitoring by the systemd journal and check the logging output. You can exit monitoring at any time with Ctrl-C
Running network requester
To keep an eye on the software movements, start your SSH program (eg. PuTTY) a second time, connect to the RaMiX node, and log in as "admin"
Start the nym network requester service
All network requester specific configurations can be found in /home/nym/.nym/service-providers/network-requester/bitcoin/config/config.toml
. If you do edit any configs, remember to restart the service
Install socks5 client
Stay logged in with
admin
user, go to the temporary folder
Copy to the home nym user the "nym socks5 client" binary
Assign the owner of the binary to the nym user
Init socks5 client
Switch to the user "nym"
Init the nym socks5 client for the first time with
gateway based selection
flag to choose a gateway based on its location relative to your device and replace <requesteraddress> with the obtained in the Run NYM network requester step before
If you want to select the gateway that your socks5 client will be connected to, you could add the flag --gateway <gatewayID>
replacing the <gatewayID>
with someone on this list and delete the --latency-based-selection
flag
Check the correct installation
Example of expected output:
Exit from the nym user session
Create socks5 client systemd service
The system needs to run the network requester daemon automatically in the background, even when nobody is logged in. We use "systemd"
, a daemon that controls the startup process using configuration files.
As user
admin
, create the service file
Paste the following configuration. Save and exit
(Optional) You can add --fastmode
attribute to the ExecStart
parameter to enable this feature, this means the connection will not mixed up as much, but you will still be covered by the same privacy standard/minimum that NYM provides:
(Optional) You can add --open-proxy true
attribute to the ExecStart
parameter to enable this feature, this means that there will be no restriction on which sites can be accessed using your network requester, so it is not recommended to share your service provider's address with anyone:
-> This one before is necessary to add if you want to use it to proxy Bitcoin Core
Enable autoboot (optional)
Prepare “nym-socks5-client” monitoring by the systemd journal and check the logging output. You can exit monitoring at any time with Ctrl-C
Running socks5 client
To keep an eye on the software movements, start your SSH program (eg. PuTTY) a second time, connect to the RaMiX node, and log in as "admin"
Start the nym socks5 client service
Ensure the service is working and listening at the default
1080
port
Expected output:
Delete the NYM compilation folder to be ready for the next update and free up space
All socks5-client-specific configurations can be found in /home/nym/.nym/socks5-clients/bitcoin/config/config.toml
. If you do edit any configs, remember to restart the service
You can get more information about the complete documentation here
Extras (optional)
Proxying Bitcoin Core
So far, we have been routing all clearnet network traffic through Tor. However, it is also possible to proxy outbound clearnet connections (IPv4/IPv6) using the NYM mixnet. Doing this can reduce the traffic volume on the Tor network.
With user
admin
, edit thebitcoin.conf
file
Modify the following line. Save and exit
Restart bitcoind to apply changes
Check the correct proxy change network connection
Expected output:
If you have installed the NYM socks5 client installed in a machine inside of your local network, you can point the service to its IP address instead of localhost (127.0.0.1), e.g. 192.168.1.94:1080
NYM connect
NymConnect is an easy-to-use interface that enables you to connect other applications to the NYM mixnet for enhanced privacy. This desktop application allows you to effortlessly run the NYM SOCKS5 client without the need for manual commands.
Simply download the NYM Connect app for your operating system and click the prominent green button in the center of the screen. By default, the app automatically connects to a random gateway from a predefined list and utilizes a random service provider of this list.
These service providers grant access to specific applications such as Keybase, Telegram, Electrum, Monero Wallet, and Blockstream Green Wallet. However, it is worth noting the benefits of configuring your service provider with an "open proxy/exit policy" enabled. The previously configured Nym SOCKS5 client can run in the background as a daemon, commonly used in server operating systems without a desktop interface. Meanwhile, NYM Connect is typically utilized in desktop versions of operating systems.
If you wish to choose your gateway from the provided list or configure your service provider, you can do so by accessing the settings menu. Simply click on the hamburger icon located in the top-left corner -> Settings -> Select your gateway / Select your service provider using <requesteraddress> before configured
Proxying wallets
Electrum
Follow the Electrum Wallet desktop guide. You have 2 options:
If you don't have your node and you want to proxy all connections (The Electrum Servers of the wallet & third-party server connections) using the NYM mixnet
Use this example of a shortcut for Linux to select a public server automatically proxying using NYM mixnet:
Or directly on the interface; on the top menu, go to Tools --> Network --> Proxy tab, check "Use proxy", select "SOCKS5"
Host: 127.0.0.1 or localhost
Port: 1080
If you have your node and you only want to proxy all third-party connections (price servers, Whirlpool, etc.) using the NYM mixnet
Use this example of a shortcut for Linux to select your private server (your RaMiX Electrum server), proxying through NYM mixnet:
If you have installed the NYM socks5 client installed in a machine inside of your local network, you can point the service to its IP address instead of localhost (127.0.0.1), e.g. 192.168.1.94:1080
Sparrow desktop
Follow the Desktop wallet: Sparrow Wallet until the (Optional) Set up a Tor proxy for external services, which could be used for these 2 cases of uses:
If you don't have your node and you want to proxy all connections (The Electrum Servers of the wallet & third-party server connections) using the NYM mixnet
URL: select one of the public serveres provided for Sparrow
Swich "Use proxy"
Proxy URL: 127.0.0.1 -> Port: 1080
If you have your node and you only want to proxy all third-party connections (price servers, Whirlpool, etc.) using the NYM mixnet
If you have installed the NYM socks5 client installed in a machine inside of your local network, you can point the service to its IP address instead of localhost (127.0.0.1), e.g. 192.168.1.94:1080
Sparrow server
Follow the Sparrow server bonus guide, which could be used for these 2 cases of uses:
If you have your node and you only want to proxy all third-party connections (price servers, Whirlpool, etc.) using the NYM mixnet
Go to Preferences -> Server -> Private Electrum
URL: select your RaMiX IP address or localhost (127.0.0.1) if running on the same device, and select 50001 (mainnet) / 60001 (testnet) (TCP) or 50002 (mainnet) / 60002 (testnet) (SSL) port
Select "yes" to use SSL, if you use 50002 (mainnet) / 60002 (testnet) SSL connection
Select "yes" to use use proxy -> Proxy URL: 127.0.0.1 -> port 1080
Press "Test" or "Done" and wait to connect
You have Sparrow server configured to proxy third parties servers connection using NYM mixnet
If you don't have your node and you want to proxy all connections (The Electrum Servers of the wallet & third-party server connections) using the NYM mixnet
Go to Preferences -> Server -> Public Electrum
URL: select one of the public serveres provided for Sparrow
Select "yes" to use use proxy -> Proxy URL: 127.0.0.1 -> port 1080
You have Sparrow server configured to proxy public Electrum servers and third parties servers connection using NYM mixnet
If you have installed the NYM socks5 client installed in a machine inside of your local network, you can point the service to its IP address instead of localhost (127.0.0.1), e.g. 192.168.1.94:1080
Blockstream Green
Download the Blockstream Greenwallet app for your OS and install it.
Go to App Settings -> Navigate to Network -> switch "Connect through a proxy"
Proxy host: 127.0.0.1
Proxy port: 1080
Bitbox app
Download the Bitbox app for your OS and install it.
Go to Settings -> Advanced settings -> Enable Tor proxy, check "Enable Tor proxy" and type 127.0.0.1:1080
-> Set proxy address
Go to "Connect your full node" -> Check the pre-setted Electrum servers Bitbox app or choose one of your elections, Go to Add a server:
Enter the endpoint:
electrum.blockstream.info:50002
Click on the "Download remote certificate" button
Click on the "Check" button, click OK
Finally, click on the "Add" button and click again on the "Check" button, and "OK"
If you have installed the NYM socks5 client installed in a machine inside of your local network, you can point the service to its IP address instead of localhost (127.0.0.1), e.g. 192.168.1.94:1080
Nunchuk desktop
Download the Nunchuk wallet desktop version for your OS and install it.
Go to Settings -> Network Settings -> Enable Tor proxy, check "Enable Tor proxy" and type in the "Proxy address" box:127.0.0.1
and in the "Port" box: 1080
. Above, enable "Connect to Electrum server", select "Mainnet server", keep the public Nunchuk address server by default, or click on the "Reset" button. Leave the rest of the boxes blank and finally click on "Save network settings".
If you have installed the NYM socks5 client installed in a machine inside of your local network, you can point the service to its IP address instead of localhost (127.0.0.1), e.g. 192.168.1.94:1080
Proxying other services
Keybase
Download the Keybase app for your OS and install it Go to Settings -> Advanced -> Navigate to "Proxy settings", and check "SOCKS5", type this info:
Proxy Address: 127.0.0.1
Proxy Port: 1080
Save proxy Settings
If you have installed the NYM socks5 client installed in a machine inside of your local network, you can point the service to its IP address instead of localhost (127.0.0.1), e.g. 192.168.1.94:1080
Telegram Desktop
Download the Telegram app for your OS
Use this link to automatically save the configuration, click on "Enable" or go to Settings -> Advanced -> Connection type -> Check "use custom proxy"
Save and close all banners to go back to the running app
If you have installed the NYM socks5 client installed in a machine inside of your local network, you can point the service to its IP address instead of localhost (127.0.0.1), e.g. 192.168.1.94:1080
Browser (Firefox-based browsers)
Download Firefox | Librewolf | Mullvad or any Firefox-based browser for your OS Go to General -> Network Settings -> Settings...
Fill the form with the next data:
Press OK and start the navigation
If you have installed the NYM socks5 client installed in a machine inside of your local network, you can point the service to its IP address instead of localhost (127.0.0.1), e.g. 192.168.1.94:1080
NYM android
At the moment, the Android app is undergoing constant development, and the download link on the GitHub repository is being regularly updated, with some updates being non-functional. The following link is not available on GitHub, but it is a static and functional link, although it is also a pre-alpha version and may have bugs on certain occasions.
Download here or in the future, download here
You could use NYM proxy with the Telegram app for example ⬇️
Scan this QR code, click on "Connect proxy" or manually, go to Settings -> Data and Storage -> Proxy Settings -> switch "Use proxy"
Keep selected "SOCKS5 proxy"
Server: 127.0.0.1
Port: 1080
Save, switch "Use proxy" again
Notice: This app consumes significant data and battery when connected to the mixnet network. Please be aware that prolonged usage may result in increased data usage and reduced battery life. This is primarily due to the constant emission of false packets by the app
If you have installed the NYM socks5 client installed in a machine inside of your local network, you can point the service to its IP address instead of localhost (127.0.0.1), e.g. 192.168.1.94:1080
Other NYM tools
Proxy for using Nostr over Nym mixnet. Nostr-nym is a proxy for using Nostr through the Nym Mixnet. It stands between Nostr users and a specific Nostr relay, preferably on the same machine as the relay, allowing users to connect to this relay without leaking their IP address to it
[Unofficial] Swap different tokens <> NYM token
Upgrade
First, ensure that you have the latest Rustc version following the Upgrade section of the Rustup + Cargo bonus guide, or simply exec:
rustup update
command with theadmin
userFollow again the entire Compile NYM binaries from the source code section until the "Enter the command to compile" step (inclusive), once you do that, continue with the next steps below:
With
admin
user, stopNYM socks5 client & NYM Network requester
Upgrade network requester
Replace the network requester binary
Change to the nym user
Check the correct update
Example of expected output:
Example of expected output:
Init again the network requester to update the
config.toml
file if needed
Exit from the
nym
user session
Start network requester again
Upgrade socks5 client
Replace the socks5 client binary
Change to the nym user
Check the correct update
Example of expected output:
Init again the socks5 client with the same command, this updates the
config.toml
file if needed
Exit from the
nym
user
Start socks5 client again
Delete the NYM compilation folder to be ready for the next update and free up space
Uninstall
Uninstall service
With user
admin
, stop network requester and socks5 client services
Disable autoboot (if enabled)
Delete network requester and socks5 client services
Delete user & group
Delete nym user. Don't worry about
userdel: nym mail spool (/var/mail/nym) not found
output, the uninstall has been successful
Port reference
Port | Protocol | Use |
---|---|---|
1080 | TCP | Socks5 client default port |
Last updated