Linktr
RRSS
Resources
Donate
GitHub
Free services!

NYM mixnet

This project is in a testing phase, which means that it could fail on numerous occasions and in cases of use, be conscious of this before starting this guide

The NYM mixnet technology ensures enhanced privacy and anonymity for online communications. It utilizes a decentralized network to encrypt and route data, ensuring that the origin and destination are concealed. By implementing the NYM mixnet, users can protect their online activities and sensitive information, safeguarding their privacy from surveillance and censorship. This advanced networking technology provides a secure environment for transmitting data and maintaining anonymity.

Difficulty: Intermediate

The technology involves two key components: the Network Requester and the SOCKS5 Client. The Network Requester acts as an intermediary, encrypting and routing data through a decentralized mixnet network to enhance privacy and prevent surveillance. The SOCKS5 Client establishes a secure connection to the mixnet, enabling users to route network traffic and enjoy improved privacy.

Implementing these components empowers users to protect their online activities and sensitive information. Service providers, such as the network requester and mix nodes, offer services that leverage data mixing, identity protection, and traffic routing, further enhancing privacy in the NYM network.

Together, these components and service providers create a decentralized infrastructure within the NYM network, safeguarding user anonymity and protecting online activities.

Requirements

Preparations

Install dependencies

  • With user admin, update and upgrade your OS

sudo apt update && sudo apt full-upgrade

  • Make sure that all necessary software packages are installed

sudo apt install pkg-config build-essential libssl-dev jq

  • Check if you already have Rustc

rustc --version

Example of expected output:

> rustc 1.71.0 (8ede3aae2 2023-07-12)

  • And cargo installed

cargo -V

Example of expected output:

> cargo 1.71.0 (cfd3bbd8f 2023-06-08)

If you obtain "command not found" outputs, you need to follow the Rustup + Cargo bonus section to install it and then come back to continue with the guide

Configure Firewall

  • Stay login with the user admin, configure the firewall to allow incoming requests to the nym-socks5-client

sudo ufw allow 1080/tcp comment 'allow NYM socks5 client from anywhere'

Installation, Configuration & Run

Compile NYM binaries from the source code

  • Now we will go to the temporary folder to create the NYM binaries that we will need for the installation process

cd /tmp

  • Set a temporary version environment variable to the installation

VERSION=nym-binaries-v2024.6-chomp

  • Clone the latest version of the source code from the GitHub repository and go to the nym folder

git clone --branch $VERSION https://github.com/nymtech/nym.git && cd nym

  • Enter the command to compile

cargo build --release

This process can take quite a long time, 10-15 minutes or more, depending on the performance of your device. Please be patient until the prompt shows again

-> Don't worry about possible "warning:..." logs, it is aimed at application developers

-> If the prompt shows you this error:

error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured. help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.

You need to type "rustup default stable" and wait for the process to finish, then try again the command before

Also, that could help Upgrade Rust to the latest version

If you come to update, this is the final step, go back to the Upgrade section to continue

Install network Requester

Create the nym user

  • Create the user nym with this command

sudo adduser --gecos "" --disabled-password nym

  • Staying in the temporary folder, copy to the home nym user the "nym network requester" binary

sudo cp /tmp/nym/target/release/nym-network-requester /home/nym/

  • Assign the owner of the binary to the nym user

sudo chown nym:nym /home/nym/nym-network-requester

Init network requester

  • Switch to the user "nym"

sudo su - nym

  • Init the network requester for the first time with gateway based selection flag to choose a gateway based on its location relative to your device

./nym-network-requester init --id bitcoin --latency-based-selection

If you want to select the gateway that your network requester will be connected to, you could add the flag --gateway <gatewayID> replacing the <gatewayID> with someone on this list and delete the --latency-based-selection flag

Example of expected output ⬇️
      _ __  _   _ _ __ ___
     | '_ \| | | | '_ \ _ \
     | | | | |_| | | | | | |
     |_| |_|\__, |_| |_| |_|
            |___/

             (nym-network-requester - version 1.1.21)


Initialising client...
 2023-06-17T20:28:30.210Z INFO  nym_client_core::init::helpers > choosing gateway by latency...
 2023-06-17T20:28:49.963Z INFO  nym_client_core::init::helpers > chose gateway 2xU4CBE6QiiYt6EyBXSALwxkNvM7gqJfjHXaMkjiFmYW with average latency of 42.730304ms
Registering with new gateway
 2023-06-17T20:28:50.244Z INFO  nym_gateway_client::client     > the gateway is using exactly the same protocol version as we are. We're good to continue!
 2023-06-17T20:28:50.252Z INFO  nym_config                     > Configuration file will be saved to "/home/nym/.nym/service-providers/network-requester/bitcoin/config/config.toml"
Saved configuration file to "/home/nym/.nym/service-providers/network-requester/bitcoin/config/config.toml"
Using gateway: 2xU4CBE6QiiYt6EyBXSALwxkNvM7gqJfjHXaMkjiFmYW
Client configuration completed.

Version: 1.1.14
ID: bitcoin
Identity key: 
Encryption: Cfc67agMVw6GRjPb7ZyEfZSwLeVSvYtqKCKmATewYJa5
Gateway ID: 2xU4CBE6QiiYt6EyBXSALwxkNvM7gqJfjHXaMkjiFmYW
Gateway: ws://194.182.172.173:9000
Address of this network-requester: 84K1SPBsSPGcCGQ6hK4AYKXuZHb5iU3zBc9gYb3cJp6o.Cfc67agMVw6GRjPb7ZyEfZSwLeVSvYtqKCKmATewujajT@2xU4CBE6QiiYt6EyBXSALwxkNvM7gqJfjHXaMkjhdjywS

Take note of your network requester address <requesteraddress>

Example ->Address of this network-requester: 84K1SPBsSPGcCGQ6hK4AYKXuZHb5iU3zBc9gYb3cJp6o.Cfc67agMVw6GRjPb7ZyEfZSwLeVSvYtqKCKmATewujajT@2xU4CBE6QiiYt6EyBXSALwxkNvM7gqJfjHXaMkjhdjywS

  • Check the correct installation

./nym-network-requester -V

Example of expected output:

> nym-network-requester 1.1.24

  • Exit from the nym user session

exit

Create network requester systemd service

The system needs to run the network requester daemon automatically in the background, even when nobody is logged in. We use "systemd", a daemon that controls the startup process using configuration files.

  • As user admin, create the service file

sudo nano /etc/systemd/system/nym-network-requester.service

  • Paste the following configuration. Save and exit

# MiniBolt: systemd unit for nym network requester
# /etc/systemd/system/nym-network-requester.service

[Unit]
Description=Nym Network Requester
Requires=network-online.target
After=network-online.target

StartLimitInterval=350
StartLimitBurst=10

[Service]
ExecStart=/home/nym/nym-network-requester run --id bitcoin

User=nym
Group=nym

# Process management
####################
Restart=on-failure
RestartSec=30
KillSignal=SIGINT

# Hardening Measures
####################
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

(Optional) You can add --fastmode attribute to the ExecStart parameter to enable this feature, this means the connection will not mixed up as much, but you will still be covered by the same privacy standard/minimum that NYM provides:

ExecStart=/home/nym/nym-network-requester run --id bitcoin --fastmode

  • Enable autoboot (optional)

sudo systemctl enable nym-network-requester

  • Prepare “nym-network-requester” monitoring by the systemd journal and check the logging output. You can exit monitoring at any time with Ctrl-C

journalctl -fu nym-network-requester

Running network requester

To keep an eye on the software movements, start your SSH program (eg. PuTTY) a second time, connect to the MiniBolt node, and log in as "admin"

  • Start the nym network requester service

sudo systemctl start nym-network-requester
Example of expected output on the first terminal with journalctl -fu nym-network-requester ⬇️
Jun 25 20:43:00 minibolt systemd[1]: Started Nym Network Requester.
Jun 25 20:43:00 minibolt nym-network-requester[1774351]:  2023-06-25T18:43:00.402Z INFO  nym_network_requester::cli::run > Starting socks5 service provider
Jun 25 20:43:00 minibolt nym-network-requester[1774351]:  2023-06-25T18:43:00.592Z INFO  nym_client_core::client::base_client::non_wasm_helpers > creating fresh surb database
Jun 25 20:43:00 minibolt nym-network-requester[1774351]:  2023-06-25T18:43:00.644Z INFO  nym_client_core::client::replies::reply_storage::backend::fs_backend::manager > Database migration finished!
Jun 25 20:43:00 minibolt nym-network-requester[1774351]:  2023-06-25T18:43:00.718Z INFO  nym_client_core::client::base_client                                          > Starting nym client
Jun 25 20:43:01 minibolt nym-network-requester[1774351]:  2023-06-25T18:43:01.104Z INFO  nym_gateway_client::client                                                    > the gateway is using exactly the same protocol version as we are. We're good to continue!
Jun 25 20:43:01 minibolt nym-network-requester[1774351]:  2023-06-25T18:43:01.104Z INFO  nym_gateway_client::client                                                    > Claiming more bandwidth for your tokens. This will use 1 token(s) from your wallet. Stop the process now if you don't want that to happen.
Jun 25 20:43:01 minibolt nym-network-requester[1774351]:  2023-06-25T18:43:01.104Z WARN  nym_gateway_client::client                                                    > Not enough bandwidth. Trying to get more bandwidth, this might take a while
Jun 25 20:43:01 minibolt nym-network-requester[1774351]:  2023-06-25T18:43:01.104Z INFO  nym_gateway_client::client                                                    > The client is running in disabled credentials mode - attempting to claim bandwidth without a credential
Jun 25 20:43:01 minibolt nym-network-requester[1774351]:  2023-06-25T18:43:01.155Z INFO  nym_client_core::client::base_client                                          > Obtaining initial network topology
Jun 25 20:43:01 minibolt nym-network-requester[1774351]:  2023-06-25T18:43:01.581Z INFO  nym_client_core::client::base_client                                          > Starting topology refresher...
Jun 25 20:43:01 minibolt nym-network-requester[1774351]:  2023-06-25T18:43:01.581Z INFO  nym_client_core::client::base_client                                          > Starting received messages buffer controller...
Jun 25 20:43:01 minibolt nym-network-requester[1774351]:  2023-06-25T18:43:01.581Z INFO  nym_client_core::client::base_client                                          > Starting mix traffic controller...
Jun 25 20:43:01 minibolt nym-network-requester[1774351]:  2023-06-25T18:43:01.581Z INFO  nym_client_core::client::base_client                                          > Starting real traffic stream...
Jun 25 20:43:01 minibolt nym-network-requester[1774351]:  2023-06-25T18:43:01.581Z INFO  nym_client_core::client::base_client                                          > Starting loop cover traffic stream...
Jun 25 20:43:01 minibolt nym-network-requester[1774351]:  2023-06-25T18:43:01.581Z INFO  nym_network_requester::core                                                   > The address of this client is: Zq2pc3b7tiSWbjdgvQi9Xw5WLvmVVzfTouSvy8DUws9.HCThYe3mTBHPZDayqH46p73iYLMe3GNEKrgVtoPjjdte@BTZNB3bkkEePsT14GN8ofVtM1SJae4YLWjpBerrKust
Jun 25 20:43:01 minibolt nym-network-requester[1774351]:  2023-06-25T18:43:01.581Z INFO  nym_network_requester::core                                                   > All systems go. Press CTRL-C to stop the server.
Jun 25 20:43:01 minibolt nym-network-requester[1774351]:  2023-06-25T18:43:01.582Z INFO  nym_network_requester::allowed_hosts::standard_list                           > Refreshing standard allowed hosts

All network requester specific configurations can be found in /home/nym/.nym/service-providers/network-requester/bitcoin/config/config.toml. If you do edit any configs, remember to restart the service

Install socks5 client

  • Stay logged in with adminuser, go to the temporary folder

cd /tmp

  • Copy to the home nym user the "nym socks5 client" binary

sudo cp /tmp/nym/target/release/nym-socks5-client /home/nym/

  • Assign the owner of the binary to the nym user

sudo chown nym:nym /home/nym/nym-socks5-client

Init socks5 client

  • Switch to the user "nym"

sudo su - nym

  • Init the nym socks5 client for the first time with gateway based selection flag to choose a gateway based on its location relative to your device and replace <requesteraddress> with the obtained in the Run NYM network requester step before

./nym-socks5-client init --id bitcoin --latency-based-selection --provider <requesteraddress>

If you want to select the gateway that your socks5 client will be connected to, you could add the flag --gateway <gatewayID> replacing the <gatewayID> with someone on this list and delete the --latency-based-selection flag

Example of expected output ⬇️
      _ __  _   _ _ __ ___
     | '_ \| | | | '_ \ _ \
     | | | | |_| | | | | | |
     |_| |_|\__, |_| |_| |_|
            |___/

             (nym-socks5-client - version 1.1.21)


Initialising client...
 2023-06-17T20:32:16.857Z INFO  nym_client_core::init::helpers > choosing gateway by latency...
 2023-06-17T20:32:36.948Z INFO  nym_client_core::init::helpers > chose gateway FQon7UwF5knbUr2jf6jHhmNLbJnMreck1eUcVH59kxYE with average latency of 44.796394ms
Registering with new gateway
 2023-06-17T20:32:37.195Z INFO  nym_gateway_client::client     > the gateway is using exactly the same protocol version as we are. We're good to continue!
 2023-06-17T20:32:37.200Z INFO  nym_config                     > Configuration file will be saved to "/home/nym/.nym/socks5-clients/bitcoin/config/config.toml"
Saved configuration file to "/home/nym/.nym/socks5-clients/bitcoin/config/config.toml"
Using gateway: FQon7UwF5knbUr2jf6jHhmNLbJnMreck1eUcVH59kxYE
Client configuration completed.

Version: 1.1.14
ID: bitcoin
Identity key: GwFEXSpQP1VFZwDdYRkuRTUpQ28v3zvZbq3mtQnNELwr
Encryption: EeAiN8mySPwcFco1hgipD86ymzK8UfShjgdMKkKvbk3a
Gateway ID: FQon7UwF5knbUr2jf6jHhmNLbJnMreck1eUcVH59kxYE
Gateway: ws://116.203.182.89:9000
SOCKS5 listening port: 1080
Address of this client: GwFEXSpQP1VFZwDdYRkuRTUpQ28v3zvZbq3mtQnNELwr.EeAiN8mySPwcFco1hgipD86ymzK8UfShjgdMKkKvghste@FQon7UwF5knbUr2jf6jHhmNLbJnMreck1eUcVH59usta

  • Check the correct installation

./nym-socks5-client -V

Example of expected output:

> nym-socks5-client 1.1.24

  • Exit from the nym user session

exit

Create socks5 client systemd service

The system needs to run the network requester daemon automatically in the background, even when nobody is logged in. We use "systemd", a daemon that controls the startup process using configuration files.

  • As user admin, create the service file

sudo nano /etc/systemd/system/nym-socks5-client.service

  • Paste the following configuration. Save and exit

# MiniBolt: systemd unit for nym socks5 client
# /etc/systemd/system/nym-socks5-client.service

[Unit]
Description=Nym Socks5 client
Requires=network-online.target
After=network-online.target

StartLimitInterval=350
StartLimitBurst=10

[Service]
ExecStart=/home/nym/nym-socks5-client run --id bitcoin --host 0.0.0.0

User=nym
Group=nym

# Process management
####################
Restart=on-failure
RestartSec=30
KillSignal=SIGINT

# Hardening Measures
####################
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

(Optional) You can add --fastmode attribute to the ExecStart parameter to enable this feature, this means the connection will not mixed up as much, but you will still be covered by the same privacy standard/minimum that NYM provides:

ExecStart=/home/nym/nym-socks5-client run --id bitcoin --fastmode

(Optional) You can add --open-proxy true attribute to the ExecStart parameter to enable this feature, this means that there will be no restriction on which sites can be accessed using your network requester, so it is not recommended to share your service provider's address with anyone:

ExecStart=/home/nym/nym-socks5-client run --id bitcoin --fastmode --open-proxy true

-> This one before is necessary to add if you want to use it to proxy Bitcoin Core

  • Enable autoboot (optional)

sudo systemctl enable nym-network-requester

  • Prepare “nym-socks5-client” monitoring by the systemd journal and check the logging output. You can exit monitoring at any time with Ctrl-C

journalctl -fu nym-socks5-client

Running socks5 client

To keep an eye on the software movements, start your SSH program (eg. PuTTY) a second time, connect to the MiniBolt node, and log in as "admin"

  • Start the nym socks5 client service

sudo systemctl start nym-socks5-client
Example of expected output on the first terminal with journalctl -fu nym-socks5-client ⬇️
Jun 25 21:19:30 minibolt systemd[1]: Started Nym Socks5 client.
Jun 25 21:19:30 minibolt nym-socks5-client[1776937]:  2023-06-25T19:19:30.577Z INFO  nym_client_core::client::base_client                                          > Starting nym client
Jun 25 21:19:30 minibolt nym-socks5-client[1776937]:  2023-06-25T19:19:30.947Z INFO  nym_gateway_client::client                                                    > the gateway is using exactly the same protocol version as we are. We're good to continue!
Jun 25 21:19:30 minibolt nym-socks5-client[1776937]:  2023-06-25T19:19:30.947Z INFO  nym_gateway_client::client                                                    > Claiming more bandwidth for your tokens. This will use 1 token(s) from your wallet. Stop the process now if you don't want that to happen.
Jun 25 21:19:30 minibolt nym-socks5-client[1776937]:  2023-06-25T19:19:30.947Z WARN  nym_gateway_client::client                                                    > Not enough bandwidth. Trying to get more bandwidth, this might take a while
Jun 25 21:19:30 minibolt nym-socks5-client[1776937]:  2023-06-25T19:19:30.947Z INFO  nym_gateway_client::client                                                    > The client is running in disabled credentials mode - attempting to claim bandwidth without a credential
Jun 25 21:19:30 minibolt nym-socks5-client[1776937]:  2023-06-25T19:19:30.987Z INFO  nym_client_core::client::base_client                                          > Obtaining initial network topology
Jun 25 21:19:31 minibolt nym-socks5-client[1776937]:  2023-06-25T19:19:31.394Z INFO  nym_client_core::client::base_client                                          > Starting topology refresher...
Jun 25 21:19:31 minibolt nym-socks5-client[1776937]:  2023-06-25T19:19:31.394Z INFO  nym_client_core::client::base_client                                          > Starting received messages buffer controller...
Jun 25 21:19:31 minibolt nym-socks5-client[1776937]:  2023-06-25T19:19:31.394Z INFO  nym_client_core::client::base_client                                          > Starting mix traffic controller...
Jun 25 21:19:31 minibolt nym-socks5-client[1776937]:  2023-06-25T19:19:31.394Z INFO  nym_client_core::client::base_client                                          > Starting real traffic stream...
Jun 25 21:19:31 minibolt nym-socks5-client[1776937]:  2023-06-25T19:19:31.394Z INFO  nym_client_core::client::base_client                                          > Starting loop cover traffic stream...
Jun 25 21:19:31 minibolt nym-socks5-client[1776937]:  2023-06-25T19:19:31.394Z INFO  nym_socks5_client_core                                                        > Running with Mix packets
Jun 25 21:19:31 minibolt nym-socks5-client[1776937]:  2023-06-25T19:19:31.394Z INFO  nym_socks5_client_core                                                        > Starting socks5 listener...
Jun 25 21:19:31 minibolt nym-socks5-client[1776937]:  2023-06-25T19:19:31.394Z INFO  nym_socks5_client_core::socks::server                                         > Listening on 127.0.0.1:1080
Jun 25 21:19:31 minibolt nym-socks5-client[1776937]:  2023-06-25T19:19:31.394Z INFO  nym_socks5_client_core                                                        > Client startup finished!
Jun 25 21:19:31 minibolt nym-socks5-client[1776937]:  2023-06-25T19:19:31.394Z INFO  nym_socks5_client_core                                                        > The address of this client is: GjcMYVkzBmX51e4ZGPknAAgc7Zdk5pn3d9jaAmKMszK9.C82LFDSF6MXfJcZb4rxt3vJSrDBMmSPi2BoAPerthFsg@FYnDMQzT49ZGM23gVqpTxfih14V6wuedNXirekmtIshr
Jun 25 21:19:31 minibolt nym-socks5-client[1776937]:  2023-06-25T19:19:31.394Z INFO  nym_socks5_client_core::socks::server                                         > Serving Connections...

  • Ensure the service is working and listening at the default 1080 port

sudo ss -tulpn | grep LISTEN | grep nym-socks5

Expected output:

> tcp  LISTEN 0  1024  0.0.0.0:1080  0.0.0.0:*  users:(("nym-socks5-clie",pid=3610164,fd=16))

  • Delete the NYM compilation folder to be ready for the next update and free up space

sudo rm -r /tmp/nym

All socks5-client-specific configurations can be found in /home/nym/.nym/socks5-clients/bitcoin/config/config.toml. If you do edit any configs, remember to restart the service

You can get more information about the complete documentation here

Extras (optional)

Proxying Bitcoin Core

So far, we have been routing all clearnet network traffic through Tor. However, it is also possible to proxy outbound clearnet connections (IPv4/IPv6) using the NYM mixnet. Doing this can reduce the traffic volume on the Tor network.

  • With user admin, edit the bitcoin.conf file

sudo nano /data/bitcoin/bitcoin.conf

  • Modify the following line. Save and exit

# Connect to clearnet using NYM socks5 proxy
proxy=127.0.0.1:1080

  • Restart bitcoind to apply changes

sudo systemctl restart bitcoind

  • Check the correct proxy change network connection

bitcoin-cli getnetworkinfo | grep -A 3 ipv

Expected output:

      "name": "ipv4",
      "limited": false,
      "reachable": true,
      "proxy": "127.0.0.1:1080",
--
      "name": "ipv6",
      "limited": false,
      "reachable": true,
      "proxy": "127.0.0.1:1080",

If you have installed the NYM socks5 client installed in a machine inside of your local network, you can point the service to its IP address instead of localhost (127.0.0.1), e.g. 192.168.1.94:1080

NYM connect

NymConnect is an easy-to-use interface that enables you to connect other applications to the NYM mixnet for enhanced privacy. This desktop application allows you to effortlessly run the NYM SOCKS5 client without the need for manual commands.

Simply download the NYM Connect app for your operating system and click the prominent green button in the center of the screen. By default, the app automatically connects to a random gateway from a predefined list and utilizes a random service provider of this list.

These service providers grant access to specific applications such as Keybase, Telegram, Electrum, Monero Wallet, and Blockstream Green Wallet. However, it is worth noting the benefits of configuring your service provider with an "open proxy/exit policy" enabled. The previously configured Nym SOCKS5 client can run in the background as a daemon, commonly used in server operating systems without a desktop interface. Meanwhile, NYM Connect is typically utilized in desktop versions of operating systems.

If you wish to choose your gateway from the provided list or configure your service provider, you can do so by accessing the settings menu. Simply click on the hamburger icon located in the top-left corner -> Settings -> Select your gateway / Select your service provider using <requesteraddress> before configured

Proxying wallets

Electrum

Follow the Electrum Wallet desktop guide. You have 2 options:

  1. If you don't have your node and you want to proxy all connections (The Electrum Servers of the wallet & third-party server connections) using the NYM mixnet

Use this example of a shortcut for Linux to select a public server automatically proxying using NYM mixnet:

./electrum-4.4.5-x86_64.AppImage -p socks5:localhost:1080

Or directly on the interface; on the top menu, go to Tools --> Network --> Proxy tab, check "Use proxy", select "SOCKS5"

Host: 127.0.0.1 or localhost

Port: 1080

  1. If you have your node and you only want to proxy all third-party connections (price servers, Whirlpool, etc.) using the NYM mixnet

Use this example of a shortcut for Linux to select your private server (your MiniBolt Electrum server), proxying through NYM mixnet:

./electrum-4.4.5-x86_64.AppImage -1 -s 192.168.1.147:50002:s -p socks5:localhost:1080

If you have installed the NYM socks5 client installed in a machine inside of your local network, you can point the service to its IP address instead of localhost (127.0.0.1), e.g. 192.168.1.94:1080

Sparrow desktop

Follow the Desktop wallet: Sparrow Wallet until the (Optional) Set up a Tor proxy for external services, which could be used for these 2 cases of uses:

  1. If you don't have your node and you want to proxy all connections (The Electrum Servers of the wallet & third-party server connections) using the NYM mixnet

URL: select one of the public serveres provided for Sparrow

Swich "Use proxy"

Proxy URL: 127.0.0.1 -> Port: 1080

  1. If you have your node and you only want to proxy all third-party connections (price servers, Whirlpool, etc.) using the NYM mixnet

If you have installed the NYM socks5 client installed in a machine inside of your local network, you can point the service to its IP address instead of localhost (127.0.0.1), e.g. 192.168.1.94:1080

Sparrow server

Follow the Sparrow server bonus guide, which could be used for these 2 cases of uses:

  1. If you have your node and you only want to proxy all third-party connections (price servers, Whirlpool, etc.) using the NYM mixnet

Go to Preferences -> Server -> Private Electrum

URL: select your MiniBolt IP address or localhost (127.0.0.1) if running on the same device, and select 50001 (mainnet) / 60001 (testnet) (TCP) or 50002 (mainnet) / 60002 (testnet) (SSL) port

Select "yes" to use SSL, if you use 50002 (mainnet) / 60002 (testnet) SSL connection

Select "yes" to use use proxy -> Proxy URL: 127.0.0.1 -> port 1080

  • Press "Test" or "Done" and wait to connect

You have Sparrow server configured to proxy third parties servers connection using NYM mixnet

  1. If you don't have your node and you want to proxy all connections (The Electrum Servers of the wallet & third-party server connections) using the NYM mixnet

Go to Preferences -> Server -> Public Electrum

URL: select one of the public serveres provided for Sparrow

Select "yes" to use use proxy -> Proxy URL: 127.0.0.1 -> port 1080

You have Sparrow server configured to proxy public Electrum servers and third parties servers connection using NYM mixnet

If you have installed the NYM socks5 client installed in a machine inside of your local network, you can point the service to its IP address instead of localhost (127.0.0.1), e.g. 192.168.1.94:1080

Blockstream Green

Download the Blockstream Greenwallet app for your OS and install it.

Go to App Settings -> Navigate to Network -> switch "Connect through a proxy"

Proxy host: 127.0.0.1

Proxy port: 1080

Bitbox app

Download the Bitbox app for your OS and install it.

Go to Settings -> Advanced settings -> Enable Tor proxy, check "Enable Tor proxy" and type 127.0.0.1:1080 -> Set proxy address

Go to "Connect your full node" -> Check the pre-setted Electrum servers Bitbox app or choose one of your elections, Go to Add a server:

  1. Enter the endpoint: electrum.blockstream.info:50002

  2. Click on the "Download remote certificate" button

  3. Click on the "Check" button, click OK

  4. Finally, click on the "Add" button and click again on the "Check" button, and "OK"

If you have installed the NYM socks5 client installed in a machine inside of your local network, you can point the service to its IP address instead of localhost (127.0.0.1), e.g. 192.168.1.94:1080

Nunchuk desktop

Download the Nunchuk wallet desktop version for your OS and install it.

Go to Settings -> Network Settings -> Enable Tor proxy, check "Enable Tor proxy" and type in the "Proxy address" box:127.0.0.1 and in the "Port" box: 1080. Above, enable "Connect to Electrum server", select "Mainnet server", keep the public Nunchuk address server by default, or click on the "Reset" button. Leave the rest of the boxes blank and finally click on "Save network settings".

If you have installed the NYM socks5 client installed in a machine inside of your local network, you can point the service to its IP address instead of localhost (127.0.0.1), e.g. 192.168.1.94:1080

Proxying other services

Keybase

Download the Keybase app for your OS and install it Go to Settings -> Advanced -> Navigate to "Proxy settings", and check "SOCKS5", type this info:

Proxy Address: 127.0.0.1

Proxy Port: 1080

Save proxy Settings

If you have installed the NYM socks5 client installed in a machine inside of your local network, you can point the service to its IP address instead of localhost (127.0.0.1), e.g. 192.168.1.94:1080

Telegram Desktop

Download the Telegram app for your OS

Use this link to automatically save the configuration, click on "Enable" or go to Settings -> Advanced -> Connection type -> Check "use custom proxy"

Save and close all banners to go back to the running app

If you have installed the NYM socks5 client installed in a machine inside of your local network, you can point the service to its IP address instead of localhost (127.0.0.1), e.g. 192.168.1.94:1080

Browser (Firefox-based browsers)

Download Firefox | Librewolf | Mullvad or any Firefox-based browser for your OS Go to General -> Network Settings -> Settings...

Fill the form with the next data:

Press OK and start the navigation

If you have installed the NYM socks5 client installed in a machine inside of your local network, you can point the service to its IP address instead of localhost (127.0.0.1), e.g. 192.168.1.94:1080

NYM android

At the moment, the Android app is undergoing constant development, and the download link on the GitHub repository is being regularly updated, with some updates being non-functional. The following link is not available on GitHub, but it is a static and functional link, although it is also a pre-alpha version and may have bugs on certain occasions.

Download here or in the future, download here

You could use NYM proxy with the Telegram app for example ⬇️

Scan this QR code, click on "Connect proxy" or manually, go to Settings -> Data and Storage -> Proxy Settings -> switch "Use proxy"

Keep selected "SOCKS5 proxy"

Server: 127.0.0.1

Port: 1080

Save, switch "Use proxy" again

Notice: This app consumes significant data and battery when connected to the mixnet network. Please be aware that prolonged usage may result in increased data usage and reduced battery life. This is primarily due to the constant emission of false packets by the app

If you have installed the NYM socks5 client installed in a machine inside of your local network, you can point the service to its IP address instead of localhost (127.0.0.1), e.g. 192.168.1.94:1080

Other NYM tools

Proxy for using Nostr over Nym mixnet. Nostr-nym is a proxy for using Nostr through the Nym Mixnet. It stands between Nostr users and a specific Nostr relay, preferably on the same machine as the relay, allowing users to connect to this relay without leaking their IP address to it

GitHub

[Unofficial] Swap different tokens <> NYM token

Link

Upgrade

  • First, ensure that you have the latest Rustc version following the Upgrade section of the Rustup + Cargo bonus guide

  • Follow again the entire Compile NYM binaries from the source code section until the "Enter the command to compile" step (inclusive), once you do that, continue with the next steps below:

  • With admin user, stop NYM socks5 client & NYM Network requester

sudo systemctl stop nym-network-requester
sudo systemctl stop nym-socks5-client

Upgrade network requester

  • Replace the network requester binary

sudo cp /tmp/nym/target/release/nym-network-requester /home/nym/

  • Change to the nym user

sudo su - nym

  • Check the correct update

./nym-network-requester -V
> nym-network-requester 1.1.24

Example of expected output:

  • Init again the network requester to update the config.toml file if needed

./nym-network-requester init --id bitcoin --latency-based-selection

  • Exit from the nym user session

exit

  • Start network requester again

sudo systemctl start nym-network-requester

Upgrade socks5 client

  • Replace the socks5 client binary

sudo cp /tmp/nym/target/release/nym-socks5-client /home/nym/

  • Change to the nym user

sudo su - nym

  • Check the correct update

./nym-socks5-client -V
>  nym-socks5-client 1.1.24

Example of expected output:

  • Init again the socks5 client with the same command, this updates the config.toml file if needed

./nym-socks5-client init --id bitcoin --latency-based-selection --provider <requesteraddress>

  • Exit from the nym user

exit

  • Start socks5 client again

sudo systemctl start nym-socks5-client

  • Delete the NYM compilation folder to be ready for the next update and free up space

sudo rm -r /tmp/nym

Uninstall

Uninstall service

  • With user admin, stop network requester and socks5 client services

sudo systemctl stop nym-network-requester
sudo systemctl stop nym-socks5-client

  • Disable autoboot (if enabled)

sudo systemctl disable nym-network-requester && sudo systemctl disable nym-socks5-client

  • Delete network requester and socks5 client services

sudo rm /etc/systemd/system/nym-network-requester.service
sudo rm /etc/systemd/system/nym-socks5-client.service

Delete user & group

  • Delete nym user. Don't worry about userdel: nym mail spool (/var/mail/nym) not found output, the uninstall has been successful

sudo userdel -rf nym

Port reference

PortProtocolUse

1080

TCP

Socks5 client default port

PreviousTor obfs4 bridgeNextStore data in a secondary disk

Last updated