layout | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
The NYM mixnet technology ensures enhanced privacy and anonymity for online communications. It utilizes a decentralized network to encrypt and route data, ensuring that the origin and destination are concealed. By implementing the NYM mixnet, users can protect their online activities and sensitive information, safeguarding their privacy from surveillance and censorship. This advanced networking technology provides a secure environment for transmitting data and maintaining anonymity.
{% hint style="warning" %} Difficulty: Intermediate {% endhint %}
The technology involves two key components: the Network Requester and the SOCKS5 Client. The Network Requester acts as an intermediary, encrypting and routing data through a decentralized mixnet network to enhance privacy and prevent surveillance. The SOCKS5 Client establishes a secure connection to the mixnet, enabling users to route network traffic and enjoy improved privacy.
Implementing these components empowers users to protect their online activities and sensitive information. Service providers, such as the network requester and mix nodes, offer services that leverage data mixing, identity protection, and traffic routing, further enhancing privacy in the NYM network.
Together, these components and service providers create a decentralized infrastructure within the NYM network, safeguarding user anonymity and protecting online activities.
- Others
- With user
admin
, make sure that all necessary software packages are installed
$ sudo apt install pkg-config build-essential libssl-dev jq
- Check if you already have Rustc
$ rustc --version
Example of expected output:
> rustc 1.71.0 (8ede3aae2 2023-07-12)
- And cargo installed
$ cargo -V
Example of expected output:
> cargo 1.71.0 (cfd3bbd8f 2023-06-08)
{% hint style="info" %} If you obtain "command not found" outputs, you need to follow the Rustup + Cargo bonus section to install it and then come back to continue with the guide {% endhint %}
- Stay login with the user
admin
, configure the firewall to allow incoming requests to the nym-socks5-client
$ sudo ufw allow 1080/tcp comment 'allow NYM socks5 client from anywhere'
- Now we will go to the temporary folder to create the NYM binaries that we will need for the installation process
$ cd /tmp
- Clone the latest version of the source code from the GitHub repository
$ git clone https://github.com/nymtech/nym.git
- Enter to the nym folder
$ cd nym
- Enter the command to compile
$ cargo build --release
{% hint style="info" %} This process can take quite a long time, 10-15 minutes or more, depending on the performance of your device. Please be patient until the prompt shows again {% endhint %}
{% hint style="info" %} If the prompt shows you this error:
error: rustup could not choose a version of cargo to run, because one wasn't specified explicitly, and no default is configured. help: run 'rustup default stable' to download the latest stable release of Rust and set it as your default toolchain.
You need to type "$ rustup default stable"
and wait for the process to finish, then try again the command before
Also, that could help Upgrade Rust to the latest version {% endhint %}
{% hint style="success" %} If you come to update, this is the final step, go back to the Upgrade section to continue {% endhint %}
- Create the user nym with this command
$ sudo adduser --gecos "" --disabled-password nym
- Staying in the temporary folder, copy to the home nym user the "nym network requester" binary
$ sudo cp /tmp/nym/target/release/nym-network-requester /home/nym/
- Assign the owner of the binary to the nym user
$ sudo chown nym:nym /home/nym/nym-network-requester
- Switch to the user "nym"
$ sudo su - nym
- Init the network requester for the first time with
gateway based selection
flag to choose a gateway based on its location relative to your device
$ ./nym-network-requester init --id bitcoin --latency-based-selection
{% hint style="info" %}
If you want to select the gateway that your network requester will be connected to, you could add the flag --gateway <gatewayID>
replacing the <gatewayID>
with someone on this list and delete the --latency-based-selection flag
{% endhint %}
Example of expected output ⬇️
_ __ _ _ _ __ ___
| '_ \| | | | '_ \ _ \
| | | | |_| | | | | | |
|_| |_|\__, |_| |_| |_|
|___/
(nym-network-requester - version 1.1.21)
Initialising client...
2023-06-17T20:28:30.210Z INFO nym_client_core::init::helpers > choosing gateway by latency...
2023-06-17T20:28:49.963Z INFO nym_client_core::init::helpers > chose gateway 2xU4CBE6QiiYt6EyBXSALwxkNvM7gqJfjHXaMkjiFmYW with average latency of 42.730304ms
Registering with new gateway
2023-06-17T20:28:50.244Z INFO nym_gateway_client::client > the gateway is using exactly the same protocol version as we are. We're good to continue!
2023-06-17T20:28:50.252Z INFO nym_config > Configuration file will be saved to "/home/nym/.nym/service-providers/network-requester/bitcoin/config/config.toml"
Saved configuration file to "/home/nym/.nym/service-providers/network-requester/bitcoin/config/config.toml"
Using gateway: 2xU4CBE6QiiYt6EyBXSALwxkNvM7gqJfjHXaMkjiFmYW
Client configuration completed.
Version: 1.1.14
ID: bitcoin
Identity key: 84K1SPBsSPGcCGQ6hK4AYKXuZHb5iU3zBc9gYb3cJp6o
Encryption: Cfc67agMVw6GRjPb7ZyEfZSwLeVSvYtqKCKmATewYJa5
Gateway ID: 2xU4CBE6QiiYt6EyBXSALwxkNvM7gqJfjHXaMkjiFmYW
Gateway: ws://194.182.172.173:9000
Address of this network-requester: 84K1SPBsSPGcCGQ6hK4AYKXuZHb5iU3zBc9gYb3cJp6o.Cfc67agMVw6GRjPb7ZyEfZSwLeVSvYtqKCKmATewujajT@2xU4CBE6QiiYt6EyBXSALwxkNvM7gqJfjHXaMkjhdjywS
{% hint style="info" %} Take note of your network requester address <requesteraddress> {% endhint %}
Example ->
Address of this network-requester: 84K1SPBsSPGcCGQ6hK4AYKXuZHb5iU3zBc9gYb3cJp6o.Cfc67agMVw6GRjPb7ZyEfZSwLeVSvYtqKCKmATewujajT@2xU4CBE6QiiYt6EyBXSALwxkNvM7gqJfjHXaMkjhdjywS
{% hint style="warning" %} Important! It is strongly advised not to share the address of your NYM service provider with anyone. Sharing this information could potentially involve you in illicit activities carried out by others using your network requester as a router. Please bear in mind that we operate in open proxy mode to avoid centralizing connections to concrete nodes of Bitcoin and servers of the other services. Safeguarding the confidentiality of your service provider address is essential to protect yourself and prevent any legal implications
Additionally, you can use the exit policy feature to avoid malicious connections using your network requester, by following the Use the exit policy feature {% endhint %}
- Check the correct installation
$ ./nym-network-requester -V
Example of expected output:
> nym-network-requester 1.1.24
- Exit from the nym user session
$ exit
The system needs to run the network requester daemon automatically in the background, even when nobody is logged in. We use "systemd"
, a daemon that controls the startup process using configuration files.
- As user
admin
, create the service file
$ sudo nano /etc/systemd/system/nym-network-requester.service
- Paste the following configuration. Save and exit
# MiniBolt: systemd unit for nym network requester
# /etc/systemd/system/nym-network-requester.service
[Unit]
Description=Nym Network Requester
Wants=network-online.target
After=network-online.target
StartLimitInterval=350
StartLimitBurst=10
[Service]
ExecStart=/home/nym/nym-network-requester run --id bitcoin --open-proxy true
User=nym
Group=nym
# Process management
####################
Restart=on-failure
RestartSec=30
KillSignal=SIGINT
# Hardening Measures
####################
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
- Enable autoboot (optional)
$ sudo systemctl enable nym-network-requester
- Prepare “nym-network-requester” monitoring by the systemd journal and check the logging output. You can exit monitoring at any time with Ctrl-C
$ journalctl -f -u nym-network-requester
To keep an eye on the software movements, start your SSH program (eg. PuTTY) a second time, connect to the MiniBolt node, and log in as "admin". Commands for the second session start with the prompt $2
(which must not be entered).
- Start the nym network requester service
$2 sudo systemctl start nym-network-requester
Example of expected output on the first terminal with $ journalctl -f -u nym-network-requester
⬇️
Jun 25 20:43:00 minibolt systemd[1]: Started Nym Network Requester.
Jun 25 20:43:00 minibolt nym-network-requester[1774351]: 2023-06-25T18:43:00.402Z INFO nym_network_requester::cli::run > Starting socks5 service provider
Jun 25 20:43:00 minibolt nym-network-requester[1774351]: 2023-06-25T18:43:00.592Z INFO nym_client_core::client::base_client::non_wasm_helpers > creating fresh surb database
Jun 25 20:43:00 minibolt nym-network-requester[1774351]: 2023-06-25T18:43:00.644Z INFO nym_client_core::client::replies::reply_storage::backend::fs_backend::manager > Database migration finished!
Jun 25 20:43:00 minibolt nym-network-requester[1774351]: 2023-06-25T18:43:00.718Z INFO nym_client_core::client::base_client > Starting nym client
Jun 25 20:43:01 minibolt nym-network-requester[1774351]: 2023-06-25T18:43:01.104Z INFO nym_gateway_client::client > the gateway is using exactly the same protocol version as we are. We're good to continue!
Jun 25 20:43:01 minibolt nym-network-requester[1774351]: 2023-06-25T18:43:01.104Z INFO nym_gateway_client::client > Claiming more bandwidth for your tokens. This will use 1 token(s) from your wallet. Stop the process now if you don't want that to happen.
Jun 25 20:43:01 minibolt nym-network-requester[1774351]: 2023-06-25T18:43:01.104Z WARN nym_gateway_client::client > Not enough bandwidth. Trying to get more bandwidth, this might take a while
Jun 25 20:43:01 minibolt nym-network-requester[1774351]: 2023-06-25T18:43:01.104Z INFO nym_gateway_client::client > The client is running in disabled credentials mode - attempting to claim bandwidth without a credential
Jun 25 20:43:01 minibolt nym-network-requester[1774351]: 2023-06-25T18:43:01.155Z INFO nym_client_core::client::base_client > Obtaining initial network topology
Jun 25 20:43:01 minibolt nym-network-requester[1774351]: 2023-06-25T18:43:01.581Z INFO nym_client_core::client::base_client > Starting topology refresher...
Jun 25 20:43:01 minibolt nym-network-requester[1774351]: 2023-06-25T18:43:01.581Z INFO nym_client_core::client::base_client > Starting received messages buffer controller...
Jun 25 20:43:01 minibolt nym-network-requester[1774351]: 2023-06-25T18:43:01.581Z INFO nym_client_core::client::base_client > Starting mix traffic controller...
Jun 25 20:43:01 minibolt nym-network-requester[1774351]: 2023-06-25T18:43:01.581Z INFO nym_client_core::client::base_client > Starting real traffic stream...
Jun 25 20:43:01 minibolt nym-network-requester[1774351]: 2023-06-25T18:43:01.581Z INFO nym_client_core::client::base_client > Starting loop cover traffic stream...
Jun 25 20:43:01 minibolt nym-network-requester[1774351]: 2023-06-25T18:43:01.581Z INFO nym_network_requester::core > The address of this client is: Zq2pc3b7tiSWbjdgvQi9Xw5WLvmVVzfTouSvy8DUws9.HCThYe3mTBHPZDayqH46p73iYLMe3GNEKrgVtoPjjdte@BTZNB3bkkEePsT14GN8ofVtM1SJae4YLWjpBerrKust
Jun 25 20:43:01 minibolt nym-network-requester[1774351]: 2023-06-25T18:43:01.581Z INFO nym_network_requester::core > All systems go. Press CTRL-C to stop the server.
Jun 25 20:43:01 minibolt nym-network-requester[1774351]: 2023-06-25T18:43:01.582Z INFO nym_network_requester::allowed_hosts::standard_list > Refreshing standard allowed hosts
{% hint style="info" %}
All network requester specific configurations can be found in /home/nym/.nym/service-providers/network-requester/bitcoin/config/config.toml
. If you do edit any configs, remember to restart the service
{% endhint %}
- Stay logged in with
admin
user, go to the temporary folder
$ cd /tmp
- Copy to the home nym user the "nym socks5 client" binary
$ sudo cp /tmp/nym/target/release/nym-socks5-client /home/nym/
- Assign the owner of the binary to the nym user
$ sudo chown nym:nym /home/nym/nym-socks5-client
- Switch to the user "nym"
$ sudo su - nym
- Init the nym socks5 client for the first time with
gateway based selection
flag to choose a gateway based on its location relative to your device and replace <requesteraddress> with the obtained in the Run NYM network requester step before
{% code overflow="wrap" %}
$ ./nym-socks5-client init --id bitcoin --latency-based-selection --provider <requesteraddress>
{% endcode %}
{% hint style="info" %}
If you want to select the gateway that your socks5 client will be connected to, you could add the flag --gateway <gatewayID>
replacing the <gatewayID>
with someone on this list and delete the --latency-based-selection flag
{% endhint %}
Example of expected output ⬇️
_ __ _ _ _ __ ___
| '_ \| | | | '_ \ _ \
| | | | |_| | | | | | |
|_| |_|\__, |_| |_| |_|
|___/
(nym-socks5-client - version 1.1.21)
Initialising client...
2023-06-17T20:32:16.857Z INFO nym_client_core::init::helpers > choosing gateway by latency...
2023-06-17T20:32:36.948Z INFO nym_client_core::init::helpers > chose gateway FQon7UwF5knbUr2jf6jHhmNLbJnMreck1eUcVH59kxYE with average latency of 44.796394ms
Registering with new gateway
2023-06-17T20:32:37.195Z INFO nym_gateway_client::client > the gateway is using exactly the same protocol version as we are. We're good to continue!
2023-06-17T20:32:37.200Z INFO nym_config > Configuration file will be saved to "/home/nym/.nym/socks5-clients/bitcoin/config/config.toml"
Saved configuration file to "/home/nym/.nym/socks5-clients/bitcoin/config/config.toml"
Using gateway: FQon7UwF5knbUr2jf6jHhmNLbJnMreck1eUcVH59kxYE
Client configuration completed.
Version: 1.1.14
ID: bitcoin
Identity key: GwFEXSpQP1VFZwDdYRkuRTUpQ28v3zvZbq3mtQnNELwr
Encryption: EeAiN8mySPwcFco1hgipD86ymzK8UfShjgdMKkKvbk3a
Gateway ID: FQon7UwF5knbUr2jf6jHhmNLbJnMreck1eUcVH59kxYE
Gateway: ws://116.203.182.89:9000
SOCKS5 listening port: 1080
Address of this client: GwFEXSpQP1VFZwDdYRkuRTUpQ28v3zvZbq3mtQnNELwr.EeAiN8mySPwcFco1hgipD86ymzK8UfShjgdMKkKvghste@FQon7UwF5knbUr2jf6jHhmNLbJnMreck1eUcVH59usta
- Check the correct installation
$ ./nym-socks5-client -V
Example of expected output:
> nym-socks5-client 1.1.24
- Exit from the nym user session
$ exit
The system needs to run the network requester daemon automatically in the background, even when nobody is logged in. We use "systemd"
, a daemon that controls the startup process using configuration files.
- As user
admin
, create the service file
$ sudo nano /etc/systemd/system/nym-socks5-client.service
- Paste the following configuration. Save and exit
# MiniBolt: systemd unit for nym socks5 client
# /etc/systemd/system/nym-socks5-client.service
[Unit]
Description=Nym Socks5 client
Wants=network-online.target
After=network-online.target
StartLimitInterval=350
StartLimitBurst=10
[Service]
ExecStart=/home/nym/nym-socks5-client run --id bitcoin --host 0.0.0.0
User=nym
Group=nym
# Process management
####################
Restart=on-failure
RestartSec=30
KillSignal=SIGINT
# Hardening Measures
####################
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
{% hint style="info" %}
(Optional) You can add --fastmode
attribute to the ExecStart
parameter to enable this feature, this means the connection will not mixed up as much, but you will still be covered by the same privacy standard/minimum that NYM provides:
ExecStart=/home/nym/nym-socks5-client run --id bitcoin --fastmode
{% endhint %}
- Enable autoboot (optional)
$ sudo systemctl enable nym-network-requester
- Prepare “nym-socks5-client” monitoring by the systemd journal and check the logging output. You can exit monitoring at any time with Ctrl-C
$ journalctl -f -u nym-socks5-client
To keep an eye on the software movements, start your SSH program (eg. PuTTY) a second time, connect to the MiniBolt node, and log in as "admin". Commands for the second session start with the prompt $2
(which must not be entered).
- Start the nym socks5 client service
$2 sudo systemctl start nym-socks5-client
Example of expected output on the first terminal with $ journalctl -f -u nym-socks5-client
⬇️
Jun 25 21:19:30 minibolt systemd[1]: Started Nym Socks5 client.
Jun 25 21:19:30 minibolt nym-socks5-client[1776937]: 2023-06-25T19:19:30.577Z INFO nym_client_core::client::base_client > Starting nym client
Jun 25 21:19:30 minibolt nym-socks5-client[1776937]: 2023-06-25T19:19:30.947Z INFO nym_gateway_client::client > the gateway is using exactly the same protocol version as we are. We're good to continue!
Jun 25 21:19:30 minibolt nym-socks5-client[1776937]: 2023-06-25T19:19:30.947Z INFO nym_gateway_client::client > Claiming more bandwidth for your tokens. This will use 1 token(s) from your wallet. Stop the process now if you don't want that to happen.
Jun 25 21:19:30 minibolt nym-socks5-client[1776937]: 2023-06-25T19:19:30.947Z WARN nym_gateway_client::client > Not enough bandwidth. Trying to get more bandwidth, this might take a while
Jun 25 21:19:30 minibolt nym-socks5-client[1776937]: 2023-06-25T19:19:30.947Z INFO nym_gateway_client::client > The client is running in disabled credentials mode - attempting to claim bandwidth without a credential
Jun 25 21:19:30 minibolt nym-socks5-client[1776937]: 2023-06-25T19:19:30.987Z INFO nym_client_core::client::base_client > Obtaining initial network topology
Jun 25 21:19:31 minibolt nym-socks5-client[1776937]: 2023-06-25T19:19:31.394Z INFO nym_client_core::client::base_client > Starting topology refresher...
Jun 25 21:19:31 minibolt nym-socks5-client[1776937]: 2023-06-25T19:19:31.394Z INFO nym_client_core::client::base_client > Starting received messages buffer controller...
Jun 25 21:19:31 minibolt nym-socks5-client[1776937]: 2023-06-25T19:19:31.394Z INFO nym_client_core::client::base_client > Starting mix traffic controller...
Jun 25 21:19:31 minibolt nym-socks5-client[1776937]: 2023-06-25T19:19:31.394Z INFO nym_client_core::client::base_client > Starting real traffic stream...
Jun 25 21:19:31 minibolt nym-socks5-client[1776937]: 2023-06-25T19:19:31.394Z INFO nym_client_core::client::base_client > Starting loop cover traffic stream...
Jun 25 21:19:31 minibolt nym-socks5-client[1776937]: 2023-06-25T19:19:31.394Z INFO nym_socks5_client_core > Running with Mix packets
Jun 25 21:19:31 minibolt nym-socks5-client[1776937]: 2023-06-25T19:19:31.394Z INFO nym_socks5_client_core > Starting socks5 listener...
Jun 25 21:19:31 minibolt nym-socks5-client[1776937]: 2023-06-25T19:19:31.394Z INFO nym_socks5_client_core::socks::server > Listening on 127.0.0.1:1080
Jun 25 21:19:31 minibolt nym-socks5-client[1776937]: 2023-06-25T19:19:31.394Z INFO nym_socks5_client_core > Client startup finished!
Jun 25 21:19:31 minibolt nym-socks5-client[1776937]: 2023-06-25T19:19:31.394Z INFO nym_socks5_client_core > The address of this client is: GjcMYVkzBmX51e4ZGPknAAgc7Zdk5pn3d9jaAmKMszK9.C82LFDSF6MXfJcZb4rxt3vJSrDBMmSPi2BoAPerthFsg@FYnDMQzT49ZGM23gVqpTxfih14V6wuedNXirekmtIshr
Jun 25 21:19:31 minibolt nym-socks5-client[1776937]: 2023-06-25T19:19:31.394Z INFO nym_socks5_client_core::socks::server > Serving Connections...
- Ensure the service is working and listening at the default
1080
port
$2 sudo ss -tulpn | grep LISTEN | grep nym-socks5
Expected output:
> tcp LISTEN 0 1024 0.0.0.0:1080 0.0.0.0:* users:(("nym-socks5-clie",pid=3610164,fd=16))
- Delete the NYM compilation folder to be ready for the next update and free up space
$ sudo rm -r /tmp/nym
{% hint style="info" %}
All socks5-client-specific configurations can be found in /home/nym/.nym/socks5-clients/bitcoin/config/config.toml
. If you do edit any configs, remember to restart the service
{% endhint %}
{% hint style="info" %} You can get more information about the complete documentation here {% endhint %}
Recently, NYM has introduced an option to publicly share your network requester (service provider address) and disallow all connections, minimizing the risk of your network requester being used to do malicious things. To achieve this, NYM uses a URL with an upstream source of the exit policy, to which a connection should be refused if trying to certain addresses (publicly recognized as malicious by different public reputation database sites). Important advice: this list could be deprecated and not include all of the malicious known addresses, so you could be allowing connections to malicious sites not included in it, acting under your responsibility.
- With user
admin
, stopNYM socks5 client & NYM Network requester
$ sudo systemctl stop nym-socks5-client
$ sudo systemctl stop nym-network-requester
- Edit the
config.toml
of the network requester
{% code overflow="wrap" %}
$ sudo nano /home/nym/.nym/service-providers/network-requester/bitcoin/config/config.toml
{% endcode %}
- Change
use_deprecated_allow_list
=true
tofalse
. Save and exit
use_deprecated_allow_list = false
- Edit the network requester systemd service
$ sudo nano /etc/systemd/system/nym-network-requester.service --linenumbers
- Delete the
--open-proxy true
parameter on the line13
ExecStart=/home/nym/nym-network-requester run --id bitcoin
- Start the
Nym network requester & Nym socks5 client
again
$ sudo systemctl start nym-network-requester
$ sudo systemctl start nym-socks5-client
{% hint style="info" %} Now you can share your previously obtained service provider (network requester) address publicly, without exposing you so much as using the open-proxy feature {% endhint %}
So far, we have been routing all clearnet network traffic through Tor. However, it is also possible to proxy outbound clearnet connections (IPv4/IPv6) using the NYM mixnet. By doing this, we can reduce the volume of traffic on the Tor network.
- With user
admin
, edit thebitcoin.conf
file
$ sudo nano /data/bitcoin/bitcoin.conf
- Modify the following line. Save and exit
# Connect to clearnet using NYM socks5 proxy
proxy=127.0.0.1:1080
- Restart bitcoind to apply changes
$ sudo systemctl restart bitcoind
- Check the correct proxy change network connection
$ bitcoin-cli getnetworkinfo | grep -A 3 ipv
Expected output:
"name": "ipv4",
"limited": false,
"reachable": true,
"proxy": "127.0.0.1:1080",
--
"name": "ipv6",
"limited": false,
"reachable": true,
"proxy": "127.0.0.1:1080",
{% hint style="info" %}
If you have installed the NYM socks5 client installed in a machine inside of your local network, you can point the service to its IP address instead of localhost (127.0.0.1), e.g. 192.168.1.94:1080
{% endhint %}
NymConnect is an easy-to-use interface that enables you to connect other applications to the NYM mixnet for enhanced privacy. This desktop application allows you to effortlessly run the NYM SOCKS5 client without the need for manual commands.
Simply download the NYM Connect app for your operating system and click the prominent green button in the center of the screen. By default, the app automatically connects to a random gateway from a predefined list and utilizes a random service provider of this list.
These service providers grant access to specific applications such as Keybase, Telegram, Electrum, Monero Wallet, and Blockstream Green Wallet. However, it is worth noting the benefits of configuring your service provider with an "open proxy/exit policy" enabled.
The previously configured Nym SOCKS5 client can run in the background as a daemon, commonly used in server operating systems without a desktop interface. Meanwhile, NYM Connect is typically utilized in desktop versions of operating systems.
{% hint style="info" %} If you wish to choose your gateway from the provided list or configure your service provider, you can do so by accessing the settings menu. Simply click on the hamburger icon located in the top-left corner -> Settings -> Select your gateway / Select your service provider using <requesteraddress> before configured {% endhint %}
Follow the Electrum Wallet desktop guide. You have 2 options:
- If you don't have your node and you want to proxy all connections (The Electrum Servers of the wallet & third-party server connections) using the NYM mixnet
Use this example of a shortcut for Linux to select a public server automatically proxying using NYM mixnet:
$ ./electrum-4.4.5-x86_64.AppImage -p socks5:localhost:1080
Or directly on the interface; on the top menu, go to Tools --> Network --> Proxy tab, check "Use proxy", select "SOCKS5"
Host: 127.0.0.1 or localhost
Port: 1080
- If you have your node and you only want to proxy all third-party connections (price servers, Whirlpool, etc.) using the NYM mixnet
Use this example of a shortcut for Linux to select your private server (your MiniBolt Electrum server), proxying through NYM mixnet:
{% code overflow="wrap" %}
$ ./electrum-4.4.5-x86_64.AppImage -1 -s 192.168.1.147:50002:s -p socks5:localhost:1080
{% endcode %}
{% hint style="info" %}
If you have installed the NYM socks5 client installed in a machine inside of your local network, you can point the service to its IP address instead of localhost (127.0.0.1), e.g. 192.168.1.94:1080
{% endhint %}
Follow the Desktop wallet: Sparrow Wallet until the (Optional) Set up a Tor proxy for external services, which could be used for these 2 cases of uses:
- If you don't have your node and you want to proxy all connections (The Electrum Servers of the wallet & third-party server connections) using the NYM mixnet
URL: select one of the public serveres provided for Sparrow
Swich "Use proxy"
Proxy URL: 127.0.0.1 --> Port: 1080
- If you have your node and you only want to proxy all third-party connections (price servers, Whirlpool, etc.) using the NYM mixnet
{% hint style="info" %}
If you have installed the NYM socks5 client installed in a machine inside of your local network, you can point the service to its IP address instead of localhost (127.0.0.1), e.g. 192.168.1.94:1080
{% endhint %}
Follow the Sparrow server bonus guide, which could be used for these 2 cases of uses:
- If you have your node and you only want to proxy all third-party connections (price servers, Whirlpool, etc.) using the NYM mixnet
Go to Preferences -> Server -> Private Electrum
URL: select your MiniBolt IP address or localhost (127.0.0.1) if running on the same device, and select 50001 (mainnet) / 60001 (testnet) (TCP) or 50002 (mainnet) / 60002 (testnet) (SSL) port
Select "yes" to use SSL, if you use 50002 (mainnet) / 60002 (testnet) SSL connection
Select "yes" to use use proxy -> Proxy URL: 127.0.0.1 -> port 1080
Sparrow server using Electrum Server testnet mode in localhost and proxy NYM mixnet
- Press "Test" or "Done" and wait to connect
{% hint style="success" %} You have Sparrow server configured to proxy third parties servers connection using NYM mixnet {% endhint %}
- If you don't have your node and you want to proxy all connections (The Electrum Servers of the wallet & third-party server connections) using the NYM mixnet
Go to Preferences -> Server -> Public Electrum
URL: select one of the public serveres provided for Sparrow
Select "yes" to use use proxy -> Proxy URL: 127.0.0.1 -> port 1080
{% hint style="success" %} You have Sparrow server configured to proxy public Electrum servers and third parties servers connection using NYM mixnet {% endhint %}
{% hint style="info" %}
If you have installed the NYM socks5 client installed in a machine inside of your local network, you can point the service to its IP address instead of localhost (127.0.0.1), e.g. 192.168.1.94:1080
{% endhint %}
Download the Blockstream Greenwallet app for your OS and install it.
Go to App Settings -> Navigate to Network -> switch "Connect through a proxy"
Proxy host: 127.0.0.1
Proxy port: 1080
Screenshot showing a proxy connection using NYM mixnet
Download the Bitbox app for your OS and install it.
Go to Settings -> Advanced settings -> Enable Tor proxy, check "Enable Tor proxy" and type 127.0.0.1:1080
-> Set proxy address
Go to "Connect your full node" -> Check the pre-setted Electrum servers Bitbox app or choose one of your elections, Go to Add a server:
- Enter the endpoint:
electrum.blockstream.info:50002
- Click on the "Download remote certificate" button
- Click on the "Check" button, click OK
- Finally, click on the "Add" button and click again on the "Check" button, and "OK"
{% hint style="info" %}
If you have installed the NYM socks5 client installed in a machine inside of your local network, you can point the service to its IP address instead of localhost (127.0.0.1), e.g. 192.168.1.94:1080
{% endhint %}
Download the Nunchuk wallet desktop version for your OS and install it.
Go to Settings -> Network Settings -> Enable Tor proxy, check "Enable Tor proxy" and type in the "Proxy address" box:127.0.0.1
and in the "Port" box: 1080
. Above, enable "Connect to Electrum server", select "Mainnet server", keep the public Nunchuk address server by default, or click on the "Reset" button. Leave the rest of the boxes blank and finally click on "Save network settings".
{% hint style="info" %}
If you have installed the NYM socks5 client installed in a machine inside of your local network, you can point the service to its IP address instead of localhost (127.0.0.1), e.g. 192.168.1.94:1080
{% endhint %}
Download the Keybase app for your OS and install it
Go to Settings -> Advanced -> Navigate to "Proxy settings", and check "SOCKS5", type this info:
Proxy Address: 127.0.0.1
Proxy Port: 1080
{% hint style="success" %} Save proxy Settings {% endhint %}
{% hint style="info" %}
If you have installed the NYM socks5 client installed in a machine inside of your local network, you can point the service to its IP address instead of localhost (127.0.0.1), e.g. 192.168.1.94:1080
{% endhint %}
Download the Telegram app for your OS
Use this link to automatically save the configuration, click on "Enable" or go to Settings -> Advanced -> Connection type -> Check "use custom proxy"
{% hint style="success" %} Save and close all banners to go back to the running app {% endhint %}
{% hint style="info" %}
If you have installed the NYM socks5 client installed in a machine inside of your local network, you can point the service to its IP address instead of localhost (127.0.0.1), e.g. 192.168.1.94:1080
{% endhint %}
Download Firefox | Librewolf | Mullvad or any Firefox-based browser for your OS
Go to General -> Network Settings -> Settings...
Fill the form with the next data:
{% hint style="success" %} Press OK and start the navigation {% endhint %}
{% hint style="info" %}
If you have installed the NYM socks5 client installed in a machine inside of your local network, you can point the service to its IP address instead of localhost (127.0.0.1), e.g. 192.168.1.94:1080
{% endhint %}
At the moment, the Android app is undergoing constant development, and the download link on the GitHub repository is being regularly updated, with some updates being non-functional. The following link is not available on GitHub, but it is a static and functional link, although it is also a pre-alpha version and may have bugs on certain occasions.
Download here or in the future, download here
{% hint style="info" %} You could use NYM proxy with the Telegram app for example ⬇️ {% endhint %}
Scan this QR code, click on "Connect proxy" or manually, go to Settings -> Data and Storage -> Proxy Settings -> switch "Use proxy"
Keep selected "SOCKS5 proxy"
Server: 127.0.0.1
Port: 1080
{% hint style="success" %} Save, switch "Use proxy" again {% endhint %}
{% hint style="warning" %} Notice: This app consumes significant data and battery when connected to the mixnet network. Please be aware that prolonged usage may result in increased data usage and reduced battery life. This is primarily due to the constant emission of false packets by the app {% endhint %}
{% hint style="info" %}
If you have installed the NYM socks5 client installed in a machine inside of your local network, you can point the service to its IP address instead of localhost (127.0.0.1), e.g. 192.168.1.94:1080
{% endhint %}
{% tabs %}
{% tab title="Paste NYM (UC)" %}
An adaptation of pastebin.com, using NYM mixnet, to protect users and their data but especially their metadata
Link | GitHub
Paste NYM-CLI -> GitHub
{% endtab %}
{% tab title="NYM chat" %} A simple chat client that sends its traffic through the NYM mixnet
{% tab title="Nostr-NYM Proxy" %} Proxy for using Nostr over Nym mixnet. Nostr-nym is a proxy for using Nostr through the Nym Mixnet. It stands between Nostr users and a specific Nostr relay, preferably on the same machine as the relay, allowing users to connect to this relay without leaking their IP address to it
GitHub {% endtab %}
{% tab title="NYM Nostr client" %}
A Nostr client connected to a Nostr-NYM Proxy
Link | GitHub
{% endtab %}
{% endtabs %}
{% tabs %} {% tab title="NYM Swap" %} [Unofficial] Swap different tokens <> NYM token
Link {% endtab %}
{% tab title="NYM Network Explorer" %} Explorer to get information on the NYM network components
Link {% endtab %} {% endtabs %}
- First, ensure that you have the latest Rustc version following the Upgrade section of the Rustup + Cargo bonus guide
- Follow again the entire Compile NYM binaries from the source code section until the "Enter the command to compile" step (inclusive), once you do that, continue with the next steps below:
- With
admin
user, stopNYM socks5 client & NYM Network requester
$ sudo systemctl stop nym-network-requester
$ sudo systemctl stop nym-socks5-client
- Replace the network requester binary
$ sudo cp /tmp/nym/target/release/nym-network-requester /home/nym/
- Change to the nym user
$ sudo su - nym
- Init again the network requester to update the
config.toml
file if needed
$ ./nym-network-requester init --id bitcoin --latency-based-selection
- Check the correct update
$ ./nym-network-requester -V
Example of expected output:
> nym-network-requester 1.1.24
- Exit from the
nym
user session
$ exit
- Start network requester again
$ sudo systemctl start nym-network-requester
- Replace the socks5 client binary
$ sudo cp /tmp/nym/target/release/nym-socks5-client /home/nym/
- Change to the nym user
$ sudo su - nym
- Init again the socks5 client with the same command and service provider, this updates the
config.toml
file if needed
{% code overflow="wrap" %}
$ ./nym-socks5-client init --id bitcoin --latency-based-selection --provider <requesteraddress>
{% endcode %}
- Check the correct update
$ ./nym-socks5-client -V
Example of expected output:
> nym-socks5-client 1.1.24
- Exit from the
nym
user
$ exit
- Start socks5 client again
$ sudo systemctl start nym-socks5-client
- Delete the NYM compilation folder to be ready for the next update and free up space
$ sudo rm -r /tmp/nym
- With user
admin
, stop network requester and socks5 client services
$ sudo systemctl stop nym-network-requester
$ sudo systemctl stop nym-socks5-client
- Delete network requester and socks5 client services
$ sudo rm /etc/systemd/system/nym-network-requester.service
$ sudo rm /etc/systemd/system/nym-socks5-client.service
- Delete nym user. Don't worry about
userdel: nym mail spool (/var/mail/nym) not found
output, the uninstall has been successful
$ sudo userdel -rf nym
NYM is currently in development and may experience occasional issues.
Example of issues with a nym socks5 client
If you encounter any issues, they may be related to the gateway. To resolve this, you can attempt to change the gateway by deleting the data folder.
Case NYM network requester issues:
- With user
admin
, stop the network requester
$ sudo systemctl stop nym-network-requester
- Change to the nym user
$ sudo su - nym
- Init again network requester, by following the Init NYM network requester section, this time with
--force-register-gateway
and--gateway
flags (remember deleting--latency-based-selection flag
). Choose one gateway from this list, using its ID key
{% hint style="info" %}
Example: ./nym-network-requester init --id bitcoin --gateway 2xU4CBE6QiiYt6EyFCSALwxKNvM7gqJfjHXaMkjiFmYW --force-register-gateway
{% endhint %}
{% hint style="warning" %}
Take note of the new "Address of this network-requester:..."
to refresh it on socks5 clients are using this network requester ("--provider"
flag)
{% endhint %}
- Exit the nym user session to go back to the admin user
$ exit
- Start network requester again
$ sudo systemctl start nym-network-requester
Case NYM socks5 client issues:
- With user
admin
, stop the socks5 client
$ sudo systemctl stop nym-socks5-client
- Change to the nym user
$ sudo su - nym
- Init again the socks5 client by following the Init NYM socks5 client section, this time with
--force-register-gateway
and --gateway
flags (remember deleting--latency-based-selection flag
). Choose one gateway from this list, using its ID key. Remember to change the network requester address (service provider) if you change it at any moment
{% hint style="info" %}
Example: ./nym-socks5-client init --id bitcoin --gateway 2xU4CBE6QiiYt6EyFCSALwxKNvM7gqJfjHXaMkjiFmYW --provider 84K1SPBsSPGcCGQ6hK4AYKXuZHb5iU3zBc9gYb3cJp6o.Cfc67agMVw6GRjPb7ZyEfZSwLeVSvYtqKCKmATewujajT@2xU4CBE6QiiYt6EyBXSALwxkNvM7gqJfjHXaMkjhdjywS --force-register-gateway
{% endhint %}
- If you want to change only the service provider of your nym socks5 client connected, edit the config file and replace the
provider_mix_address =
parameter with the new one. With usernym.
Save and exit
$ nano /home/nym/.nym/socks5-clients/bitcoin/config/config.toml
Example ⬇️
[core.socks5]
# The mix address of the provider to which all requests are going to be sent.
provider_mix_address = '84K1SPBsSPGcCGQ6hK4AYKXuZHb5iU3zBc9gYb3cJp6o.Cfc67agMVw6GRjPb7ZyEfZSwLeVSvYtqKCKmATewujajT@2xU4CBE6QiiYt6EyBXSALwxkNvM7gqJfjHXaMkjhdjywS'
- Exit the
nym
user session to go back to theadmin
user
$ exit
- Start socks5 client again
$ sudo systemctl start nym-socks5-client
Port | Protocol | Use |
---|---|---|
1080 | TCP | Socks5 client default port |