[POLL] A new Nym exit policy for Exit Gateways and the Nym mixnet is inbound!

Context: the Nym mixnet is meant to become a general-purpose privacy layer for the entire internet. Over past months we developed a new primitive in the field of privacy and anonymity - moving from a message-based mixnet to a general purpose network for routing IP packets anonymously - the Nym network! This general purpose privacy layer needs to be able to connect NymVPN users to as many places as securely possible. A less restrictive Nym exit policy means to open wider range of ports.

During the recent survey and discussion we found general agreement in the operator community about a new, more open exit policy. We also received feedback from some of you that blocking ports on the network level is neither an effective nor a desired approach to minimize risk and abuse.

Accordingly, we propose implementing a new exit policy that opens all ports except for insecure SMTP ports (25 and 2525) and Tor which was contentious with the community. This change is set to come into effect tomorrow, 26th of June end of day (CET). The policy remains a topic for open discussion, so if you have concerns, questions or comments, please share them below in this dedicated forum thread!

New ports proposed to open

  • 22 # SSH
  • 123 # NTP
  • 445 # SMB file share Windows
  • 465 # URD for SSM
  • 587 # SMTP
  • 853 # DNS over TLS
  • 1433 # databases
  • 1521 # databases
  • 2049 # NFS
  • 3074 # Xbox Live
  • 3306 # databases
  • 5000-5005 # RTP / VoIP
  • 5432 # databases
  • 6543 # databases
  • 8080 # HTTP Proxies
  • 8767 # TeamSpeak
  • 8883 # Secure MQ Telemetry Transport - MQTT over SSL
  • 9053 # Tari
  • 9339 # gaming
  • 9443 # alternative HTTPS
  • 9735 # Lightning
  • 25565 # Minecraft
  • 27000-27050 # Steam and game servers
  • 60000-61000 # MOSH

Cast your votes to open the most contentious Tor-related ports, and insecure SMTP ports (25 and 2525)

:green_circle: Open: 2024-07-25T00:00:00Z2024-07-31T00:00:00Z, or until decided

Are you in favour of opening Tor-related ports (9001 & 9030)?
  • I’m against opening these ports
  • I’m not against opening these ports
0 voters
Are you in favour of opening insecure SMTP ports (25 & 2525)?
  • I’m against opening these ports
  • I’m not against opening these ports
0 voters
5 Likes

Sooooo…I am a little bit concerned to have ports 587 and 465 opened. Not sure what ‘URD for SSM’ means but port 465 is often used to secure send emails, same as port 587. This will attract abuse notices.

As I also pointed out during the operator AMA, I would have blocked port 22 since it is not really necessary and many ‘script kids’ are scanning ranges of IPs in order to brute force it. Again, this may attract abuse notices.

2 Likes

I have made a simple explanation of this voting in Russian - Важное голосование - Выходная политика нод

Если Вам непонятно о чем тут речь - проходите по ссылке выше.

3 Likes

Just to give a flavour of why blocking SSH and SMTP ports are very important. I just got a response from one of VPS providers asking to block those ports if I want to run exit gateway. For some reason, this conversation has halted, which is disappointing.