Website fingerprinting on Nym: Attacks and Defenses
Authors: Eric Jollès (EPFL), Simon Wicky (Nym Technologies), Ania M. Piotrowska (Nym Technologies), Harry Halpin (Nym Technologies), Carmela Troncoso (MPI-SP & EPFL)
Volume: 2026
Issue: 2
Pages: 436–451
DOI: https://doi.org/10.56553/popets-2026-0055
Abstract: Website fingerprinting (WF) enables a passive eavesdropper to infer which web page a client is visiting, even when communications are encrypted or anonymized. In this paper, we study the vulnerability to website fingerprinting of Nym, a mix network based on the Loopix design that enables users to browse the Web. We show that although Nym adds delays and cover traffic to change packet patterns compared to Tor, it still leaks features that website fingerprinting attacks can exploit in both closed‑ and open‑world settings. We carry out an in-depth analysis of the effectiveness of Nym's obfuscation mechanisms, originally designed to provide anonymity in messaging, in thwarting website fingerprinting. We show that mix delays, counterintuitively, not only fail to protect against website fingerprinting but actually make the attack more effective as the mix delays make it easier to distinguish incoming from outgoing packets. We also demonstrate that the current cover traffic strategy of Nym is not effective in thwarting website fingerprinting attacks unless it imposes a large overhead. To address these limitations, we design two new WF defenses based on Nym's existing obfuscation mechanisms that significantly reduce WF effectiveness. The first defense introduces cover traffic to match the bursty nature of real-world web traffic, reducing the F1 score to 0.39 (compared to 0.65 obtained by similar defenses applied on Tor) at moderate overhead increase. The second defense plummets the F1 score to 0.06 by channeling web traffic via Nym's constant traffic capabilities, at the cost of bandwidth.
Keywords: website fingerprinting, mixnets, anonymous communication
Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.
