Some criticisms of NymVPN

Hello Community and Nym Technician

I have been using NymVPN for about 2 months. I’m from Mullvad, and I’ve had some criticisms of NymVPN, and I don’t mean any harm. And I’ve been discussing things with support for two months, and I feel like they’re not being taken entirely seriously. When I look at Nym on Twitter, they don’t seem to care much about some things. Instead of just reading about Bitcoin and some promises, which have not been adhered to to date and instead of really taking care of the VPN, they only seem to be interested in some dubious finances.

Where do I even begin, hmm… ?

1. no lockwdown mode!

An absolute fail that Nym has done here and then wants to talk about security. For over 2 months I have been promised, via email and support, that this will be introduced by the end of 2025. Well, what do I need to see in the roadmap? Exactly, it was removed from Map 2025 and postponed to January 2026. Now that’s no longer true, because now it has been postponed on the map to the first quarter of 2026. So it will happen sometime, nobody really knows when and will it even happen? I hardly think so. The Nym doesn’t seem to care and Nym doesn’t seem to care either, instead they want to introduce some dubious payment methods in the app. Instead of focusing on security, they seem to only care about money.

Nym talks a lot about security, but so far it has never been able to reach other VPN providers when it comes to security. Not to Mullvad twice already. Sorry, no offense intended, but that’s the truth.

2. Mixed Node

good consideration, but unfortunately very poorly implemented.

a) more than 3 hoops are absolutely pointless and therefore offer no better protection than a 2-hoop or 3-hoop. So 5 hoops don’t offer any better protection. Even if Nym tells you otherwise.

b) absolutely not usable! Far too slow and absolutely not suitable for surfing! In some cases, pages do not build at all.

c) far too much focus on mixed and fast mode is completely neglected in terms of safety. Hardly anyone will use mixed because it is unusable and extremely slow.

Security should be invested more in the fast mode, which is a huge problem. But more on that later.

3. Fast mode or wireguard mode

They have only built in the simplest security functions, whereas other VPN providers are much further along.
a) Entry server can read your IP address and find out who you are. Other VPN providers offer much more with Wireguard and offer better protection such as RAM servers, where the IP does not stay on the RAM for more than 10 minutes, see Mullvad. Nordlynx obscures the correct IP and cannot be read. This is an absolute security vulnerability and this brings us to the worst mistake.

b) Nobody knows who owns the servers. They may be infiltrated and therefore there is a risk that there will be IP sniffing and it will be possible to find out who you are. There is a risk that authorities, police, the Federal Office for the Protection of the Constitution, ISP, X (know that you use a VPN because they use third-party providers to find out with AI that you use a VPN) offer a server, Nym does not know, nor do the users and are therefore trackable.

c) Quic - I think it’s great that it’s been implemented now, but unfortunately, unlike Mullvad and others, it’s not included with the exit server, but only with the entry server. So Wireguard is still recognized. I absolutely don’t understand why Nym only offers something like this half-heartedly, because then it’s pointless.

d) no daita or white noise in general, like Mullvad and others. Reason from support that the internet speed will be reduced. Sorry, but that’s a cheap excuse in my eyes. If security is really important to you, then you should also include it in the fast connection!

e) no AI protection against AI sniffing. Because that will be the future and will be able to crack encryption.

f) no MAC address protection, the authorities and others will find you through it, see also the article by Tarnkappe:

EU plant einjährige Vorratsdatenspeicherung für Messenger

4. No server change with existing connection

I also think this is a fail by Nym. The connection has to be canceled every time, and every page that is then open recognizes my true IP address. I don’t feel like closing the pages every time just to use a different server. That should also be rectified as a matter of urgency. This is possible with other VPN providers such as Mullvad and Co. Here too, Nym lags far behind other providers and is not making any progress. Many promises are made, by Nym, but hardly anything is implemented or postponed until sometime next year. This is unspeakable.

there are a few more things written. Such as too long response times on Github etc. You wait for answers but they don’t come or are very late. And sometimes you talk so cryptically that you sometimes don’t understand what they mean, or you beat around the bush and you get vague answers to some of the heated questions, so nothing whole and nothing half. You get pretty out of touch with some questions and as a user you stand there and no longer understand the world.

Many promises are made, but little is implemented. I think the main idea of protecting us is commendable, but Nym is sometimes years behind other providers. And I don’t care whether it’s Decentral or not. Nym still has an extremely big job to do. Not just talk, but finally do something. And don’t constantly postpone things like lockdown mode, which probably never comes, or that the entry server knows your IP and can therefore find out where you are, but don’t include protection like Mullvad or NordVPN here.

You pay a lot of money and get very little. The protection is very holey and not secure enough. That is the bitter truth.

And just to be clear, I don’t mean any harm, but I share my concerns here, and Nym should know that, as should the users. A lot of it is completely half-baked and half-hearted, and it’s hard to make any progress.

Maybe less running around at fairs and shows making promises and instead finally letting people see action and taking action.

So that’s it for now. And please no fanboy discussion, but really serious discussions and where serious criticism is taken seriously and not fobbed off with succinct answers.

Thanks for reading this.

Greetings to you!

Just my thoughts:

1. VPN Lockdown mode is notoriously hard to implement correctly, even the native Android and iOS implementations have severe leaks and so do most implementations on other OSes and programs.
2. For strict threat models 4 or more hops can be useful, tor HAS been cracked before by people controlling large amounts of nodes. But yeah, right now it’s horrendously slow, for me it’s arround 0.3 mbps, something needs to be done to make it more usable.
3. I agree fast mode needs noise, I actually made a post about it 2 days ago (please make this happen Nym team!)
4. MAC adress randomization should be done by the OS.
5. I think worries about node operators apply to Tor, I2P, and a lot of VPN servers that companies don’t physically own.

I agree on many things ,also many of your requests are already in the roadmap.

Hello Remun,

thank you for your answer.

Now for lockdown mode. I don’t think it’s that hard. I have used Mullvad, IVPN and NordVPN for years and to this day I have not had a day of leaks, they all worked very cleanly, as well as on Android.

All other VPN providers on the market can do this too, so Nym should be able to do it too, because Nym’s current kill switch is a disaster and an absolute security risk and cannot be used as it is.

4 or more hoops are definitely not useful. Perfekt Privacy did offer it, but they themselves, like others, say it offers absolutely no added value in terms of security. It’s more of a placebo, and they don’t recommend using it. Two or three hoops are absolutely sufficient. The mixed mode is absolutely pointless, extremely slow and unusable.

Exactly, that’s why I also have concerns about the dVPN nodes, because in that sense they don’t offer us security, because none of us knows whether the servers are infiltrated or not, and I also understand why IVPN rejects them too. Tor has proven that their knots are thoroughly infiltrated and therefore no longer highly recommended.

Yes, many requests are in the timetable, but are constantly being postponed. This makes the whole thing very uncertain and, in my opinion, does not give rise to such great confidence.

Greetings to you

The problem I see with Nym is that they promise a lot, but there is little on offer. I find that frightening. I also understand why many users stick with Mullvad, IVPN and Co. because they have everything that users want and it is implemented and not just promised. I want to say one more thing about Mullvad: the police showed up at their door and took servers with them, but nothing was found. I think there was a similar case in Turkey, if I’m not mistaken. Mullvad keeps its promises and they do everything they can to protect their users, including IVPN. But this isn’t about these two, it’s about Nym. And Nym unfortunately delivered too little. That is the problem.

I’m not saying Nym doesn’t do anything. But they have to face these problems!

Just to be clear, I agree that a kill switch should be in place already but I think delays on this particular feature are understandable given how hard it is to make a kill switch implementation that does what it’s supposed to do.

Every VPN on android can leak (especially if not using GrapheneOS), iOS also has many problems, same goes for MacOS, the only kill switch implementations I personally trust are Whonix and GrapheneOS so I hope you’ll see why in my view it’s not true that other VPN providers have fully working switches.

To recap, if there is any feature for which i could understand there being delays or issues it’s the kill switch, but yeah, it kinda sucks it isn’t there already.

3. Fast mode or wireguard mode

a) Entry server can read your IP address and find out who you are. I agree this is an issue, especially when we have no idea who owns the servers. Nym says on Reddit that once you disconnect, there are no logs on entry server and that all node operators must sign TOS agreement, but it seems like NSA or nation state could take advantage of this.

b) Nobody knows who owns the servers. I don’t think I agree with you here. No one knows who owns Tor servers either, and when there are more Nym servers this will be more of a non-issue. Frankly I think that the fact that Nym does not control the servers is a good thing, because they don’t even have access to logs if they exist.

c) Quic - it’s not included with the exit server, but only with the entry server. So Wireguard is still recognized. Are you sure about this?? How do you know this? Quic’s only benefit is at the connection to the website itself, so yes, no Quic from exit node is totally useless. I don’t believe you are right on this and I invite an official response from Nym here.

d) no daita or white noise in general, like Mullvad and others. Yes this should be added. Is it not on the roadmap?

f) no MAC address protection. Mullvad and Nord don’t have this either. NoVPN does. This is a function of the OS, not the VPN.

4. No server change with existing connection. I don’t believe other VPNs do this, do they? Only Tor Browser does as far as I know, and you can use Tor over Nym, so what’s the problem?

The problem with the entry server is that they know exactly who you are and Nym offers absolutely no security here. And how does Nym control everyone adhering to the TOS agreement? Nym can’t do that. And Nym and we don’t know whether the servers are infiltrated and Nym doesn’t do anything about it, it turns out that decentralized servers pose a danger to the user. No logs after separation? absolutely useless, since everything could have been intercepted in the meantime and the user won’t notice anything, so this Nym security is absolutely useless. And the user is fair game.

But Nym has to control the servers because, as already mentioned, it could be infiltrated and thus logs can be intercepted.

QUIC is designed to ensure that Wireguard is not recognized and that the page you are surfing on does not block you or intercept you. It is a censorship protection.

White noise must also be included in Wireguard mode. Unfortunately, I didn’t read or miss anything there.

I can change the server if the connection is already established with Mullvad IVPN etc., then the connection will be briefly dropped during dinner and reconnected with a reasonable lockdown mode.

Nym has a lot of catching up to do. I would like Nym to address my criticism. And what I also noticed is that the server quality on Nym is extremely poor, even though they are supposed to be good. Pages no longer open, page opens sometimes extremely slowly, server outages and everything is then blocked and nothing works anymore.

I had to reinstall Nym today because suddenly nothing worked anymore and I won’t send any logs to Nym because they won’t respond to them or you won’t get a response.

The quality of Nym is very poor. In my experience!

And as for Mullvad, things aren’t going well there either, because suddenly they’ve probably introduced block lists and RT can no longer be opened. And Mullvad is also lying to me here, because they’re blocking him, not RT. And their IP addresses are also very poor.

I don’t have that with Nym VPN, I can open everything there.

This criticism by strykenKN, while well-intentioned, shows a lack of understanding of how the Internet works as well as believing propaganda from various centralized VPN providers. If you really think centralized VPN providers are so secure, please just use them instead of a decentralized mixnet/VPN like Nym. We don’t think centralized VPNs have a threat model that really makes sense more than “trust us” - you are free to disagree, but I would spend some time considering whether your centralized VPN provider can be at the receiving end of a court order or even a hack.

In particular:

1. no lockwdown mode!

What does lockdown mode do? It means you have to connect to VPN before connecting to Internet, and ALL traffic is tunneled over VPN. We have prioritized other features, mostly making sure all traffic is tunneled over VPN wiht kill switch. As lockdown mode requires the VPN to take over before the operating system talks to the Internet quite difficult to implement properly, as others have noticed, due to Apple and Google making it hard to kill all connections at boot. However, what we have done is strengthened the security of the kill switch. That makes tons of sense, and we’ll keep working on lockdown mode.

2. Mixed Node

good consideration, but unfortunately very poorly implemented.

a) more than 3 hoops are absolutely pointless and therefore offer no better protection than a 2-hoop or 3-hoop. So 5 hoops don’t offer any better protection. Even if Nym tells you otherwise.

Again, this is incorrect. There is considerable advantages to having THREE MIX NODES, not an entry and an exit with ONE mix node. You do not include the gateway (either entry or exit node) as they do not do mixing and the entry knows your IP, and the exit knows the IP of where you are going. See the paper by Nym here:

https://arxiv.org/pdf/2107.12172

b) absolutely not usable! Far too slow and absolutely not suitable for surfing! In some cases, pages do not build at all.

Currently, it is not meant for surfing, as said on the interface of NymVPN. It is meant for messaging and cryptocurrency. We are working on speeding it up, but it will always be slower That’s the cost of anonymity. There is another paper you may want to read:

c) far too much focus on mixed and fast mode is completely neglected in terms of safety. Hardly anyone will use mixed because it is unusable and extremely slow.

Actually, this is incorrect. Most work on security (“safety” is an odd term) such as kill switch benefits both modes.

3. Fast mode or wireguard mode

*They have only built in the simplest security functions, whereas other VPN providers are much further along.
*
Incorrect. Very few VPN providers offer Amnezia and no one offers a mixnet, very few offer decentralization and to pay without an identity. No one besides us implements anonymous credentials to allow payments to be delinked from usage, which is a HUGE DEAL as that’s what most data requests by authorities are about. *

a) Entry server can read your IP address and find out who you are. Other VPN providers offer much more with Wireguard and offer better protection such as RAM servers, where the IP does not stay on the RAM for more than 10 minutes, see Mullvad. Nordlynx obscures the correct IP and cannot be read. This is an absolute security vulnerability and this brings us to the worst mistake.*

I am afraid this is a poorly-phrased statement that shows that someone does not undersstand how the Internet works. I have also never seen Mullvad or even Nordlynx say that they can hide your IP from their own servers, if they do, I’d love to see the reference. Every centralized VPN provider can read your IP address when you connect, unless you use ANOTHER VPN provider to reach them. And then you are just replicating NymVPN”s model. If a centraized VPN provider says they don’t know your IP address when you connect to them, they are lying to you. Without an IP address, you wouldn’t be able to route packets over the Internet.

As for claims of having RAM-only servers and so forth, you can never verify these claims and they would not prevent a backdoor from being installed.

b) Nobody knows who owns the servers. They may be infiltrated and therefore there is a risk that there will be IP sniffing and it will be possible to find out who you are. There is a risk that authorities, police, the Federal Office for the Protection of the Constitution, ISP, X (know that you use a VPN because they use third-party providers to find out with AI that you use a VPN) offer a server, Nym does not know, nor do the users and are therefore trackable.

The entire point of decentralization is you don’t trust centralized providers but prefer to use a crowd of strangers to hide in. So this is very much own purpose that we don’t know who runs the servers - that the point of a “permissionless” system like Bitcoin too. Every person that uses a centralized VPN is of course trackable because it’s a centralized organization controlling all the server - an authority just has to ask for their list of servers. This is very basic, and that’s why NymVPN uses the same model of decentralization as Tor and p2p networks here.

c) Quic - I think it’s great that it’s been implemented now, but unfortunately, unlike Mullvad and others, it’s not included with the exit server, but only with the entry server. So Wireguard is still recognized. I absolutely don’t understand why Nym only offers something like this half-heartedly, because then it’s pointless.

QUIC is used to escape censorship, and so it’s VERY MUCH NOT “pointless” if you are in Russia and you use QUIC to get to Austria, and then tunnel from Russia via Switzerland to the US, it’s not even required becase the censor, say Russia, can only see the first hop. That’s why it’s on first hop. We can add it to second hop but it will just slow down connection and offers no security and privacy extras. So again, a basic misunderstanding of how the internet works is again being displayed.

d) no daita or white noise in general, like Mullvad and others. Reason from support that the internet speed will be reduced. Sorry, but that’s a cheap excuse in my eyes. If security is really important to you, then you should also include it in the fast connection!

The Poisson noise offered by NymVPN’s anonymous mode is much more powerful than the subset of DAITA implemented by Mullvad to my knowledge. That being said, it makes Anonymous Mode slow. We can do an empirical test. Fast mode uses some “noise” in Amnezia but its more the randomization of the Wireguard handshake.

e) no AI protection against AI sniffing. Because that will be the future and will be able to crack encryption.

This is just stupid: AI (at least on LLMs) won’t be able to crack encryption, and that claim already shows that strykenKN has no idea what he is talking about. There has been some use of AI on S-boxes, but it can only crack. The real threat is probably quantum computing, which NymVPN is working on defeating by using post-quantum cryptography.

f) no MAC address protection, the authorities and others will find you through it, see also the article by Tarnkappe:

EU plant einjährige Vorratsdatenspeicherung für Messenger

Your MAC address has to re-randomized locally, and a VPN does not have the ability to do it for you. Sure, we can offer a NymVPN OpenWRT package so people can put it in the router, as the MAC is used to ship packets to the router. If a VPN says it is randomizing your MAC is is likely lying to you. Apple devices can randomize MAC, so can Graphene, which we recommend.

4. No server change with existing connection

Tor does this, and we agree it’s good for anonymous mode. In Fast Mode, it would break the connection a lot and slow things down, so while it would be a reasonable option to offer, it would hurt performance. We instead prefer users under serious threat go to Anonymous (mixnet) mode, as in general, Fast Mode is to avoid censorship and go against relatively weak enemies (which is the best any centralized VPN provider can do) while anonymous mode is for anonymity, not just security and IP address hiding.

Hello Harry,

thank you for your answer. I will respond to that later. Just one question for today.

Then you’re actually saying that I’m safer with NymVPN and Wireguard mode than with Mullvad, for example. I would like your honest opinion on that.

Yes, I like the co-founder of Mullvad and consider us all on the same side of the fight FOR privacy. However, I do not trust individuals or organizations, even my friends. Thus, I support decentralization.

Here’s some reasons why we built NymVPN and I suggest it over any centralized VPN: My friend Nick Merrill got hit with a FISA secret court order that didn’t even let him talk about the court-order to surveil users on behalf of US government in public until he challenged it in court, and that took many years. Most EU countries let intelligence do all sorts of things like data requests outside of the court system. A friend of mine (not Mullvad! Another one) that runs a high-security/high privacy VPN once revealed to me that he would give us anything about its users if the police tried to take his kids away.

Why did we build NymVPN’s anonymous mode? Furthermore, even if the person running the VPN is an angel, an adversary like NSA (or Palantir) can simply monitor all the input and output traffic to de-anonymize users. Holds true for Tor as well, which is one reason Assange really supported the Nym design. It’s a hard problem to solve, but Nym mixnet is the best answer we have yet. Over time, we do need to speed it up and it’s pretty unusable today, I agree! This will be a major focus next year.

Of course, no system is perfect. Mullvad isn’t, and neither is Nym. However, if you trust individuals like Mullvad more than Nym, please use Mullvad. If you trust code more than individuals, I think Nym’s decentralization is a better bet.

Was an simulted attack on the infrastructure conducted with an modified malicious node by one one of the audit companies ?

Regards

I would also be interested to know whether the infrastructure and servers can withstand attacks and whether an IP and DNS cannot be filtered out as a result.

But yesterday version 1.21 came and there is something positive to report, you can find and use another server during a connection and the internal kill switch reacts when switching. I think that’s very good. Please test it yourself and report whether your kill switch also reacts and blocks the connection.

KS works as expected.

There is a big problem with NymVPN on Android 15 and 16. It’s strange that you haven’t noticed this in any way and Nym VPN is completely useless.

When working on mobile, Nym VPN works normally. But if you put your phone aside and the screen goes off, NymVPN turns off and cuts off connectivity. And when you turn the screen back on, NymVPN reconnects, and only then do all the messages, etc., come through.

I have reported the problem several times in old emails, but to date the problem has not been resolved!

Finally take care of the problem, because it’s absolutely useless on my phone, so I’ll have to install Mullvad again until you finally solve the problem, if at all. I’m starting to get annoyed by your problems.