A Second Look at Mysterium and the Delicate Balance Between Privacy and Security

A Second Look at Mysterium and the Delicate Balance Between Privacy and Security

By fred_nurk | pragprog | 25 Jul 2021


At first glance I thought of the Mysterium Network to be an excelent Idea. It sort of gives me a feel of the tor network (more on that later. The main perk is that you can not only offer yourself as a node you get paid. Business wise this is a great model not just for their users but for them aswell, it opens a pathway to make a scalable and sustainable "anonymization" network. But the thought that comes to my mind when I (a paranoid) look at their structure and read their whitepaper is the fact that you are running strangers traffic through your personal connection (A.K.A. in strict words you are renting your identity for someone else to use). Now, I beleive in the right to privacy, and I also firmly back the fact that there are legitimant reasons to expect/need privacy especially when it comes to telecommunications. That being said I would still like to analyze how the platform protects you from potential malicious traffic that might flow through your network.

 

As far as I can see, their main defense is the whitelisting feature. Originally back in 2019 when you ran a node with whitelisting activated the only traffic you would receive was test traffic sent by Mysterium. This was in 2019 and I failed to find any updates on their implementation. Reviewing their wiki they have a sort of trial and error approach, where they identify bad actors and flag them. This is where I personally enter in conflict with the delicate line that there is between privacy and the node's security, if you actively monitor the traffic that flows through your node, the user losses their anonymity as you have access to timestamp, bandwidth,  traffic destination and other forms of data that can deanonymize the user; on the other hand, being completely blind to the traffic that follows through your node can be a security risk. HOWEVER, they do cover this in the terms of use for their node software offering support in case you may be found liable for the traffic that flows through your network as a result of running a node, they even provide a contact email: team@netsys.technology.

 

As far as the cryptographic measures that are used, it uses the EVM integrated keccak256 for pretty much everything, even identity management is taken by the hash of the last 20 bytes of your private key. Trafic is quote "shredded"  and sent to the node later to be reconstructed and sent out to its destination ( a node is allowed to monitor this destination for whitelisting purposes). To ensure reliability in the sending of messages between peers it operates a session-based dialogue structure where only one dialogue is can exist between two peers and if the connection is meant to be kept alive when the two peers are not communicating significant information, a keep-alive message needs to be regularly sent, otherwise the dialogue will time out.

 

Now I don't find this project to be perfect, but I do find it quite interesting and I have a node running that I will keep for a while I get a good feel for it. What I find that they got right is that they found out how to mitigate the performance problem that the tor network has had all this time, true they do sacrifice a bit of privacy, this seems like a good trade-off.

How do you rate this article?


6

0

fred_nurk
fred_nurk

I like programming and this whole new blockchain wrold.


pragprog
pragprog

This is a side project from my main blog (termuxuser01.blogspot.com) mainly dedicated to my exploracion into blockchain technology and the new fronteirs it opens. I like learning and sharing what I find in the digital sea.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.