π― Goal
Understand and implement metadata-resistant communication using modern mixnets, Sphinx packets, and anonymous relaying. Explore how tools like Nym and Loopix provide traffic analysis resistance, and how they go beyond Tor in obfuscating who talks to whom, when, and how often.
π§ 1. What is Metadata Resistance?
π¦ Metadata = Surveillance Goldmine
Even when content is encrypted (e.g., Signal):
- Who you talk to
- How frequently
- Message size and timing
- Patterns of interaction
β¦can be used to deanonymize you.
π― Goal of Metadata Resistance
- Obfuscate traffic patterns
- Prevent network-level linkage
- Break passive surveillance models
π 2. Mixnets & Sphinx Packets
π Mix Networks (Mixnets)
- Packets are encrypted in layers (like Tor)
- Routed randomly through mix nodes
- Delays + decoys (cover traffic) break timing analysis
π¦ Sphinx Packets
- Compact, efficient mixnet packet format
- Conceals routing info and payload
- Used in Nym and Lightning Network
π 3. Tool: nym Mixnet
Nym provides full-layer network privacy via mixnet relays, credentials, and anonymous messaging.
π¦ Install nym CLI
π§ͺ Linux binary:
curl -L https://nymtech.net/.well-known/install.sh | bash
Or see: https://nymtech.net/download
Test install:
nym --help
π 4. Create a Nym Identity
nym client init --id mynym
This generates:
nym-mixnet-identity.keysnym-api-credentials.json
π Send anonymous messages (via mixnet)
nym client run --id mynym
This will connect you to the Nym mixnet.
You can now receive anonymous replies via a reply SURB (Single Use Reply Block).
βοΈ 5. Send a Mixnet Message
Nym supports various apps:
- Anon chat
- Email bridge
- VPN tunneling
- Credential-based services
π¦ Example: Sending a test packet
Use the testnet mixnet explorer or connect to a known recipient (usually via the Nym wallet or webmail).
Or use:
nym-network-explorer # opens web UI
Look up valid nodes and mix providers to simulate metadata-resistant delivery.
π§ͺ 6. SphinxCLI (Low-Level)
For lower-level Sphinx packet interaction:
git clone https://github.com/nymtech/sphinx
cd sphinx
cargo build --release
This builds a Rust crate that supports raw Sphinx packet encryption, padding, and routing.
Explore by constructing fake packets with:
./target/release/sphinx-demo --help
You can simulate a mix route and time delays manually.
π‘ 7. Mixnet vs Tor vs VPN
| Feature | VPN | Tor | Mixnet (Nym) |
|---|---|---|---|
| Encrypts content | β | β | β |
| Hides IP | β | β | β |
| Timing resistance | β | β οΈ (weak) | β |
| Metadata defense | β | β οΈ | β β |
| Decoy traffic | β | β | β |
| ZK credentials | β | β | β |
π§ͺ 8. Bonus: Nym ZK Credentials
Nym supports anonymous access via zk-Nym Credentials, similar to privacy passes:
nym credential init --id mynym
nym credential get --id mynym
Use this to access Nym services without proving your real identity, IP, or wallet address.
π 9. Journal & Git Commit
βοΈ Reflect on metadata resistance
echo "Bonus 3: Explored mixnets and Sphinx packets via Nym CLI. Learned how to create anonymous identities, send traffic-resistant packets, and simulate mix routes. Compared VPN/Tor/mixnet strengths." >> notes/bonus3_mixnets.md
π¦ Git Commit
git add .
git commit -S -m "Bonus 3 β Metadata-Resistant Messaging with Nym and Sphinx"
β Bonus 3 Checklist
- Installed the Nym CLI
- Created a mixnet identity and ran the client
- Sent/received anonymous packets via mixnet
- Learned about Sphinx packet structure and timing obfuscation
- Compared metadata resistance across tools
- Wrote a journal entry and committed the session
π§ Up Next Bonus Options
- Bonus 4: Zero-Knowledge Proofs (zkSNARKs, Semaphore)
- Bonus 5: Privacy-Centric Smart Contracts (DarkFi, Aztec, Noir)
- Bonus X: Encrypted OS-Level Routing with I2P + Garlic Routing
π Notes
- Mixnets are not low-latency like Tor β they prioritize privacy over speed
- Perfect for whistleblowing, anonymous credentials, metadata-free email, voting, and petitions
- Nym integrates cover traffic and decentralized incentives (node staking, token rewards)