1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
# NymDrop
A modern, Nym-native anonymous submission system — a SecureDrop alternative that
uses the [Nym mixnet](https://nymtech.net/) as its transport instead of Tor.
The source uses an ordinary browser. There is nothing to install, no onion
service to reach, and no client-side configuration. Anonymity protection lives in
the design, not in an obligation on the source to install anything.
## Design
- **Transport:** Nym mixnet only — no Tor. Cover traffic, padding and mixnet
unlinkability protect the server side.
- **Client-side encryption:** submissions are encrypted in the browser with
X25519 + HKDF-SHA-256 + AES-GCM-256 (WebCrypto). The server never sees
plaintext.
- **No-log server:** no IP, no timestamps, no metadata persisted. A blind relay
forwards ciphertext through the mixnet and keeps nothing on disk.
- **No third parties:** no CDN, no Cloudflare, no NIST curves, no tracking
JavaScript.
See [`ARCHITECTURE.md`](ARCHITECTURE.md) for the full threat model and component
breakdown.
## Components
| Binary | Role |
|---|---|
| `nymdrop` | Public-facing HTTP server + blind relay. Embeds a `nym-client`, accepts encrypted submissions on `POST /submit`, forwards them through the mixnet to the reader's Nym address. |
| `nymdrop-reader` | Operator-side inbox. Runs a `nym-client`, receives messages from the mixnet, decrypts them with the operator's X25519 private key, and writes submissions to disk. |
| `nymdrop-source` | Optional SOCKS5-based source helper. |
## Build
The `nym-client` binary is required at build time (embedded via `go:embed`) but
is **not** committed to keep the repository small. Fetch it first:
```sh
./scripts/fetch-nym-binaries.sh # downloads nym-client v1.1.76 (linux/amd64)
go build ./cmd/nymdrop/
go build ./cmd/nymdrop-reader/
```
## Run
```sh
# 1. Start the reader (prints its Nym inbox address and the public key to deploy)
./nymdrop-reader --id nymdrop-inbox --ws-port 1977
# 2. Start the server, pointing it at the reader's Nym address
./nymdrop --journalist "<NYM_ADDRESS_FROM_READER>" --static ./static --listen 127.0.0.1:8080
```
Deploy the reader's public key into `static/crypto.js` so the browser encrypts to
the right key. Put the server behind TLS in production.
## Status
End-to-end verified: browser/client → HTTP server → Nym mixnet → reader →
decrypted submission on disk.
## License
[AGPL-3.0](LICENSE).
|