Alexis Roussel: "Metadata is one of the great battles of the 21st century".

Alexis Roussel: "Metadata is one of the great battles of the 21st century".

Deeply involved in the Bitcoin ecosystem, Alexis Roussel now heads up operations at Swiss start-up Nym Technologies. For The Big Whale, he talks about the risk of widespread surveillance and the tools developed by Nym to counter it.

The Big Whale: Why is it important to protect the metadata of our communications?

Alexis Roussel: The reason is quite simple. Even when we don't know the content of a communication, we can get a lot of information about it by analysing its metadata (the time it took place, the geographical position, the interacting IP addresses, editor's note).

To achieve optimum protection of privacy, it is important to hide the content but above all to hide the data surrounding the communication. This is a fundamental issue.

As you say, we are simply talking about the data surrounding a communication and not its content itself... Is this really an attack on freedoms?

The whole economy of what is known as surveillance capitalism is based on this metadata, not on the content of the discussions themselves. This is the sinews of war, one of the great battles of the 21st century.

What techniques are used to identify someone based on metadata?

By using the Internet, everyone creates a "digital footprint". The hardware we use to connect provides the server with a certain amount of information, such as screen size, operating system, time zone, phone model, etc. This is called the "fingerprint". If there is enough of this information, it can be used to distinguish between individuals and track them, as is done with cookies on websites. This explains the extremely well-targeted adverts we are offered after talking about a subject with friends or carrying out an online search. And it works even if you're opposed to tracking.

With Nym, we offer a tool that makes it possible to mask the IP address but also all the metadata surrounding the communication.

Have you considered a police investigation being blocked because the wanted person used Nym?

Yes of course and the authorities will have to find another lead. There are plenty of other ways to catch a guilty person. I remember a manager of an illegal darknet platform who ended up getting caught because he'd left a Yahoo email address with his real name lying around. And yet he was using Tor... Criminals always make a human error and honest people have the right to protect their privacy.

How is it that VPN software, which can change an Internet user's IP address, isn't protective enough?

A VPN can mask an Internet user's IP address. The problem is that it is managed by a centralised player who sees all the connections. This means that the authorities can force it to provide information about an Internet user. It can also be compromised by hackers.

Finally, a VPN does not protect against "fingerprinting", because the IP address is just one element among others that make up your digital fingerprint. Thanks to this technique, your original IP address can even be traced.

In my opinion, using a VPN is effective for bypassing geolocation blocks, such as for viewing the Netflix catalogue from another country. But it's not a very effective privacy protection tool.

What are the limitations of Tor?

Tor was designed to hide the IP address of the server receiving an Internet user's connection, and it works. On the other hand, the tool is unable to resist attempts to de-anonymise those who wish to observe the network. Why is this? Because it doesn't cost anything to attack it, you just need to connect a lot of servers.

Attackers can calculate the connection time between different places on the network and launch what is known as a "timing attack". This can be traced back to the targeted person.

Nym has been designed to withstand this kind of attack. This would be very expensive (around $40 million at present, editor's note). Finally, Nym randomly slows down communication packets, which muddies the waters even more.

Tor benefited from US government funding in its early days. Can we doubt the integrity of this network?

No, I don't think so, because the States also need it. Even if they monitor the Internet, they also need to be able to communicate discreetly, in particular to contact people living in hostile countries. For years, Tor has served this purpose for the US military. This would not have been possible with the traditional Internet or via satellites...

The problem is that Tor is not robust enough. US agencies and private surveillance companies now have the capabilities to punctually take control over the network and de-anonymise exchanges.

The mixnet idea, which is at the heart of Nym, is 40 years old. Why would it work now?

Mixnets haven't succeeded so far, because the system wasn't economically viable. Like Tor, if someone puts a lot of machines on the network, they can see all the traffic and reconstruct communications. Nym offers a system of economic incentives, via the NYM token, which makes the network secure.

How is Nym decentralised?

The Nym network is not maintained by Nym Technologies. It is maintained by the community and their various nodes (currently 250). Admittedly, 99% of the code is currently written by Nym Technologies employees, but this proportion will decrease over time.

Soon, we will be able to offer governance that will be exercised with a second token (the NYX).

Why did you opt for the Cosmos protocol to develop Nym?

We didn't want to spend our energy building a new blockchain from scratch. Our role is to build a mixnet. We tested different protocols such as Ethereum or Liquid, but we chose Cosmos because there was a development kit (SDK) already ready.

We may have worked for two months to launch our blockchain, but no more. So we were able to concentrate on our real added value.

The other advantage of Cosmos is that it has the IBC (Inter-blockchain communication protocol). This has enabled us to represent our tokens in ERC-20 using the Gravity Bridge, to be present in other blockchains in the Cosmos universe, to write smart contracts using the Rust programming language (via CosmWasm), etc. Cosmos is really interesting!

What do you think of the cryptocurrency Monero, which is described as "anonymous"?

Monero manages to hide transactions in the blockchain, but does not hide the IP address of the wallets. This is its main point of vulnerability.

And your opinion of Tornado Cash?

The functionality of Tornado Cash was to specifically mix money online. You took someone's cryptos and mixed them with others, before sending them to the final recipient. I don't think the way the creator was arrested is acceptable, but the project was lost in advance, because it was akin to a financial service.

The structure made its money by mixing financial transactions, so in terms of the law it had an obligation to identify users. Nym simply processes electronic communications, not cryptocurrency transactions.

What is it that allows Monero to escape prosecution, unlike Tornado Cash?

Monero's blending feature is active by default, so any transaction, whether executed for good or ill, uses this functionality. It's available by default.

On the Tornado Cash side, it's different. Someone using this application necessarily wanted to anonymise their funds. If he didn't want to, he would have made a simple transaction on Ethereum.

Could Zcash, another cryptocurrency that offers anonymity, be worried?

There is a risk, because the anonymity function is not active by default. So there is a risk of prosecution. We'll see what happens.

How does Nym differ from these Monero, Tornado Cash or zCash?

They are all money blenders, whereas Nym is a data blender. We have nothing to do with financial services. We operate on a lower layer, which is telecommunications.

Don't you fear that the authorities will still take an interest in Nym?

We've done things the right way. Nym is one of the cleanest projects. We chose to set up in Switzerland, subjecting ourselves to the compliance system, while respecting US foreign securities law.

As far as US users are concerned, only certain accredited structures, such as the venture capital funds that financed us, can use Nym. The others are blocked.

So you're totally protected from possible prosecution?

If the US wants to go after us, they can. But in crypto, it's always a race thing. The regulators will first go after the simplest cases to deal with. It's only when they become more competent that they'll take an interest in the more complex cases. Are we clean enough in the eyes of the American regulator? I'm not sure, but I think so.

All the projects that have problems have a foot in the United States. They have an office there, have sold products to US retail investors and so on. They are not considered "foreign security", because they have real activities in the United States.

Don't you fear arrest as a manager?

We reduce this risk with "over-transparency". Harry Halpin and I are public figures, so we don't hide. We do everything by the book and we have a long public history. If the authorities came to bother us, they might turn us into "martyrs".

Using Nym is paid for (via the NYM cryptocurrency). Do you think people are prepared to spend money to send a communication?

Indeed, there is a charge for using the network. But we consider that many Internet users already pay for a VPN, so there is a market for privacy. The aim is to keep charges very low so as not to restrict usage. We also think that applications like Telegram will be able to cover this expense for their users. In the long run, a lot of people could be using Nym without even knowing it.

Why should messaging services have an interest in this?

Currently, Internet services collect an incalculable amount of data about their customers. Many don't know what to do with it. Some resell it in the form of targeted advertising, but others are faced with the simple cost of managing it, particularly since the European RGPD regulation. The idea is that if they use Nym in their relationship with their customers, they will be able to limit themselves strictly to the information they need to provide the service. They won't have to worry about the rest.

Are there any other use cases?

I think banks could also benefit. Today, your mobile operator can know a lot about you, because banking access is via a mobile application. Google or a telecoms operator knows more about people than their own banks. Banks could therefore use Nym to protect their customers' data from third parties and turn it into a commercial advantage. It's a bit like Apple's approach.

How did you entice VC funds to commit up to $350 million?

I think a lot of them are anticipating the shock that's coming. We are heading for a very important democratic debate on the data economy and the impact of mass surveillance. Privacy-preserving technologies are probably a hedge for some of our investors.

A  US fund like Andreessen Horowitz is well aware of this. But it's quite simple: they have a mandate to invest money and invest in a diversified way to hedge. They are very pragmatic.

What does Chelsea Manning, who is one of Nym's advisers, bring to the table?

During her years in detention, I think she has had time to reflect on the impact of mass surveillance. In the US Army, she had access to an enormous amount of information towards the end of the 2000s. But today there are 1,000 times more resources to monitor people... Hence the interest in joining a project that protects privacy.

Everything that matters in Web3. Each week.
Try insider for free, for 30 days.
All that matters in crypto.
Deciphering, insights, Data. Access the best of the ecosystem.
In this article
No items found.
Read next
No items found.
In this category
No items found.