There is a very informative post on r/ethtrader about some problems with Mysterium.
Definitely worth reading the whole thread if you're interested in this new token.
To give a little context about where this is coming from; you might want to know a little bit about me. I'm a privacy activist, early adopter of blockchain technology, and run the largest member only hosting provider on the darknet (Tor).
Privacy and decentralization are very important to me. So when a decentralized VPN, powered by blockchain technology, released their whitepaper; it truly peaked my interest. A "distributed, trustless and sustainable network - providing open access and privacy to all Internet users" is an amazing feat. I wanted to do this write-up before the Token Sale but life got a little bit hasty. So here I am now. Buckle up because we are going for a ride down this rabbit hole.
The Mysterium Network is trying to build a decentralized VPN that incentives network participants to participate in the network. This removes the central authority from the VPN equation thus giving individuals more privacy and a network which will never go down due to its decentralized nature. All payments are done using Ethereum tokens which, due to the Ethereum's fully transparent design, are pseudo-anonymous. It's supposed to provide anonymity, decentralized traffic routing, possibility for end-to-end encryption, a low honeypot risk, and other magical things which makes it a no-brainer to go with them instead of the yucky privacy destroying centralized VPNs.
However, there are fatal flaws the mysterium network can not address in it's currently proposed design. Man In The Middle (MITM) attacks, government censorship or takedown, spam service announcements which will break service discovery, and the horribly inherent pseudo-anonymous nature which can remove any given privacy.
So let's start with the elephant in the room, MITM attacks. This setup is a MITM's wetdream. The MITMer can publically announce any system without any limitations on the blockchain. It will be stored there forever with the only limitation that I will need to re-announce the server after a predefined number of blocks. There is no central authority controlling who can get in or them getting kicked out. Even if the mysterium foundation made a way for the contract to invalidate a proposal there is nothing stopping the MITMer from announcing another one automatically. Everything is transparent so they could see if one of their servers were invalidated in real time. So now that the MITMer has a sure unstoppable way to announce their system on the network they can proceed to get connections from the unknowing victims. These connections are stupidly simple to man in the middle.
Let me give you the run down. The victim connects to one of the MITM's servers. This connection is, of course, all encrypted with amazing butterflies floating towards a rainbow. It is done in a way that all traffic is done over the MITM's server (to prevent IP leak). When the victim goes to connect to, say, any http site the connection is MITMed with ease. Anything and everything can be recorded without the victim knowledge. Best of all, because the network detects there is traffic, the MITM will get paid to do it. Now, of course, any smart™ individual will always use https. But that isn't always a fool-proof solution. TLS is routinely broken (BEAST/CRIME/DOWN attacks for example). Take SSLStrip for example. If the site doesn't have HSTS (which the large majority doesn't) it is completely possible to strip the https and just MITM the connection anyway. Of course, this won't work on all https sites but for the large part, it opens the door.
However, this is the same risk with centralized VPN providers. They can try to MITM your connection. Which is why reputation plays a very large part in the purchasing habits of VPN consumers. VPN providers have a large incentive to keep true to their promise or all that money and time they invested in infrastructure goes to waste.
Moving on to Government censorship or takedown. They have a table in the white paper which compares Tor (its Tor not TOR btw) to the Mysterium network. It's not far-fetched to say that governments don't like me. Multiple whistleblowers sites and information networks are hosted in the cluster. Tor is really good at protecting privacy and anonymity. The Mysterium network's design will not protect privacy or anonymity in it's current for. Once the server is announced on the blockchain, everybody knows about it. That includes government which might not want their citizens bypassing their firewall (cough China cough). Due to blockchain's transparent nature, it would be effortless to block the systems attached to the mysterium network. Also being that it's a one hop direct connection (unlike Tor's three hop system) if a government gained control of the system they would be able to find who exactly is using it. Maybe finding some unsuspecting citizens looking for a way around the firewall. This system is not at all private and will not protect journalists communicating with whistleblowers.
Spam announcements with service discovery is a big attack surface which will cripple the entire discovery process. Here is a simple idea. The attacker want's to cripple the mysterium network. So they announce thousands of fake nodes. Some might be up for a couple moments, others might be just ghosts nodes, and some, I assume, are good people. The simple fact is there is nothing preventing a ton of spam announcements that the Mysterium nodes will pick up and use for the discovery. Now not discounting the gas cost to make all those announcements but god this service discovery is going to be a disaster. There are some things that blockchains are really good for; service discovery of nodes, which can come and go over short times, is not one of them.
We are almost done. Now let's talk about the horribly inherent pseudo-anonymous nature of all this. The white paper didn't go that far into how privacy is protected with the payment system. On the Mysterium network, you are identified by your node key. This node key seems to be attached to all payments you do which are then recorded on Ethereum. Due to this, wouldn't it be possible for anybody to see when anybody is on? All the sessions with their duration, time started, data transferred, is recorded. It is the ultimate logging policy. The moment someone finds out your node key they will be able to look at every session you made using that node key. That is not at all great for privacy. If you wanted to completely destroy the user privacy all you would need to do is setup a node to accept connections, record the IP of the ones who connected with you, and see who is the one started the connection and paid you. Boom, you know now the IP of that node key. You want to target a specific IP for your MITM attack, you now have the method knowing about who everybody is. This goes the same for governments or sites that want to block everybody that participated in the Mysterium network. When you announce you want to join the network you have already lost the privacy Mysterium is trying to keep. How's that for irony.
Now it's not all bad. Mysterium is in its very very early stages. Some of the problems (like spam announcements) can be countered by a good reputation & trust mechanism. How you can do that on a distributed network built on blockchains is still up in the air. They also might turn off reporting of traffic statistics but the payment systems still remain. A new identity could be made on each new connection which might separate sessions (payment systems are still there though...). The Mysterium foundation might do routine testing on systems and see if any nodes are acting up, invalidating them if they do. Potentially they could ask for the nodes to lock some tokens to participate. If they get invalidated, then the tokens would be lost.
But one thing is for sure. If I wanted to MITM people, Mysterium's network is where it is at.
TL;DR Mysterium has 99 problems. MITM attacks are one of them.