Nymble Security FAQ

What are the privacy implications of using Nymble?

Nymble is a research project in its infancy. Do not rely on it for strong anonymity guarantees. That being said, here is what Nymble aims to provide:

Nymble's main goal is to protect users' privacy with respect to the servers they connect to:

  • Client's IP addresses are anonymous to servers, whether they have been blacklisted or not.
Clients must trust Nymble to provide this anonymity against servers.

But why should I trust Nymble?

Nymble has been designed to limit the amount of information that individual Nymble entities can infer, by splitting the trusted functions:
  • The Pseudonym Manager (PM), knows the client's IP address, but not what servers the client intends to access. The client should be aware that the number of Nymble-enabled servers might be quite small at first, and that the PM is aware that the client intends to connect to one of these servers.
  • The Nymble Manager (NM), knows the client's pseudonym assigned by the PM, but does not know the client's IP address. It knows what servers the client intends to access, because it needs to issue the client with a credential to access these sites.
Furthermore, these entities maintain minimal state (a few secret keys, and server-specific information), and "forgets" this state at the end of the day. Nymble is therefore resistant to deanonymization attacks as a result of equipment seizure, for example.

How do I know the PM and NM won't collude and expose my privacy?

Nymble is currently in "test mode", and in fact the PM and NM are hosted on the same machine. In the future, we plan to host the PM and NM in separate domains, and hope to build confidence that the PM and NM cannot collude maliciously. For now, help us make a difference by beta testing Nymble. Once the kinks are ironed out, we will move to the next phase of separating the entities.

(Details for beta testing will be posted soon)

How does Nymble's privacy compare with Tor?

Nymble introduces additional entities that clients of Tor must trust. Clients must trust the PM and NM to not collude with each other, or with servers. Assuming that the PM and NM are not malicious or vulnerable to attack, clients can connect to servers through Tor and enjoy the same level of anonymity against servers as provided by Tor. Nymble does apply a rate limit on anonymous connections. In its current form, Nymble allows only one anonymous connection to a particular server every five minutes. Users are warned that their connections will be pseudonymous if they choose to connect to the same server multiple times within the same five-minute interval.

Why does Nymble apply a rate limit on anonymous connections?

Nymble allows servers to blacklist misbehaving users so that they cannot return and cause further damage. If there were no rate limit on anonymous connections, users could connect 500 times (for example) in 5 minutes, deface 500 pages and disappear for good. The damage is already done, and blacklisting the user is probably less meaningful.

We believe that most "well-behaved" users would find a 5-minute rate limit reasonable to perform anonymous edits on a Wikipedia-like site, for example, and that servers would have enough time to blacklist misbehaving users before they cause too much damage.

Recent News:

Mar, 2011

Journal paper released

Sep 1, 2009

Journal paper preprint released

December 7, 2008

New Technical Report Released.

June 16, 2008

Presentation at MIT Lincoln Lab.

May 9, 2008

Presentation at IBM Zurich Research Laboratory.

May 1, 2008

Nymble code available on git.

April 16, 2008

Presentation at Harvard.

April 3, 2008

Presentation at Rochester Institute of Technology.

March 5, 2008

Apu Kapadia gives Nymble presentation at Dartmouth.