Starmer's Online Privacy Act came into force yesterday, driving many people to use VPN's - but who owns your VPN?Right, so Keir Starmer’s Labour government h...
Interpol went around and got everyone to blacklist their exit nodes because mullvad wouldn’t cooperate with their investigation into malware and csam using forwarded ports. A few years ago browsing with mullvad got real tough because of that. They decided to pull port forwarding rather than only be useful for running p2p malware and csam behind and everything’s back to normal except now you gotta use air or proton or something to do port forwarding.
Because proton users don’t just get the vpn, they get some kind of bundle that has a bunch of metadata which can be given up under investigation. So when interpol comes sniffing around with warrants proton can say “here’s all we have” and it’s actually something they can use instead of mullvads “here’s all we have” that’s actually nothing.
And there wasn’t a malware/csam investigation at a dead end involving proton.
The police didn’t go around to a bunch of cdns with papers to try to compel them to blacklist mullvad servers because they hate port forwarding, a dastardly computer psuedocrime only useful for disseminating malware and csam, they got cdns to blacklist mullvad in an effort to flush out nontechnical poi to their investigation. My understanding is that it worked.
Mullvad has open-sourced a lot of their infrastructure, and really it all checks out.
They’ve had multiple independent audits that show that their VPN infrastructure is indeed diskless (RAM only, no permanent storage), and they run what they say they do. Even if they wanted to store all of their logs for the police, it shouldn’t be practical for them to do so.
These auditors specifically are Radically Open Security out of Amsterdam, their website lists their team with names, pictures, and descriptions, I picked one at random and they had a realistic web presence.
There is no way to prove what they are actually running, other than audits. Anything a legit system could send, a malicious one could send too.
Bit concerned you’re asking questions that aren’t just answered by the webpage oscardejarjayes linked to, but by the link itself “completed-by-radically-open-security”.
I 100% get the skepticism, but VPNs inherently require trust on the other side, it’s literally impossible to actually “prove” it’s legit. But this is also true of any means whatsoever to connect to the internet. You cannot be truly anonymous online unless you rely on SOMEONE to obscure your identity for you.
Mullvad have done the best means of building up evidence, if ever got found out as lying, they’d immediately lose 90%+ of their customers.
And to be honest, allowing and actively encouraging customers to pay by cash would make them a pretty shit Fed honeypot, too.
Only thing I hear about them is that they got raided and police walked away empty handed since they genuinely had nothing, but I’d love to hear more what else specifically makes this provider more trustworthy tbh
Mullvad
Proton VPN if you are torrenting, since Mullvad closed off port forwarding… :/
Is there any good reason for them to disable port forwarding?
Interpol went around and got everyone to blacklist their exit nodes because mullvad wouldn’t cooperate with their investigation into malware and csam using forwarded ports. A few years ago browsing with mullvad got real tough because of that. They decided to pull port forwarding rather than only be useful for running p2p malware and csam behind and everything’s back to normal except now you gotta use air or proton or something to do port forwarding.
Why can Proton do it then tho? /gen
Because proton users don’t just get the vpn, they get some kind of bundle that has a bunch of metadata which can be given up under investigation. So when interpol comes sniffing around with warrants proton can say “here’s all we have” and it’s actually something they can use instead of mullvads “here’s all we have” that’s actually nothing.
And there wasn’t a malware/csam investigation at a dead end involving proton.
The police didn’t go around to a bunch of cdns with papers to try to compel them to blacklist mullvad servers because they hate port forwarding, a dastardly computer psuedocrime only useful for disseminating malware and csam, they got cdns to blacklist mullvad in an effort to flush out nontechnical poi to their investigation. My understanding is that it worked.
People were using it to host CSAM and more relevantly to their decision to also run malware C&C servers behind it.
why do people trust this one more? is there any proof more they delete their logs than the others?
Mullvad has open-sourced a lot of their infrastructure, and really it all checks out.
They’ve had multiple independent audits that show that their VPN infrastructure is indeed diskless (RAM only, no permanent storage), and they run what they say they do. Even if they wanted to store all of their logs for the police, it shouldn’t be practical for them to do so.
https://mullvad.net/en/blog/2023/8/9/infrastructure-audit-completed-by-radically-open-security
Other ran the audits how do you know that their running an implementation of what the open sourced? what are the orgs that run the audits?
These auditors specifically are Radically Open Security out of Amsterdam, their website lists their team with names, pictures, and descriptions, I picked one at random and they had a realistic web presence.
There is no way to prove what they are actually running, other than audits. Anything a legit system could send, a malicious one could send too.
Bit concerned you’re asking questions that aren’t just answered by the webpage oscardejarjayes linked to, but by the link itself “completed-by-radically-open-security”.
I 100% get the skepticism, but VPNs inherently require trust on the other side, it’s literally impossible to actually “prove” it’s legit. But this is also true of any means whatsoever to connect to the internet. You cannot be truly anonymous online unless you rely on SOMEONE to obscure your identity for you.
Mullvad have done the best means of building up evidence, if ever got found out as lying, they’d immediately lose 90%+ of their customers.
And to be honest, allowing and actively encouraging customers to pay by cash would make them a pretty shit Fed honeypot, too.
Bit concerned with your VPN evangelism steering people away from actually secure solutions like I2p
Only thing I hear about them is that they got raided and police walked away empty handed since they genuinely had nothing, but I’d love to hear more what else specifically makes this provider more trustworthy tbh
The source for the lack of evidence retrieved being the police themselves?
tinfoil hat on but great way to set up a honeypot