this post was submitted on 20 Sep 2023
822 points (98.8% liked)

Privacy

32130 readers
807 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz
822
Mullvad Annouce Removal Of All Disk Infrastructure - Now RAM Only (mullvad.net)
submitted 1 year ago by leraje@lemmy.blahaj.zone to c/privacy@lemmy.ml
126 comments fedilink hide all child comments
 

Today we announce that we have completely removed all traces of disks being used by our VPN infrastructure!

top 50 comments
sorted by: hot top controversial new old
[–] eatham@aussie.zone 137 points 1 year ago

Full article:

We have successfully completed our migration to RAM-only VPN infrastructure

20 September 2023 NEWS SYSTEM TRANSPARENCY

Today we announce that we have completely removed all traces of disks being used by our VPN infrastructure!

In early 2022 we announced the beginning of our migration to using diskless infrastructure with our bootloader known as “stboot”. Completing the transition to diskless infrastructure

Our VPN infrastructure has since been audited with this configuration twice (2023, 2022), and all future audits of our VPN servers will focus solely on RAM-only deployments.

All of our VPN servers continue to use our custom and extensively slimmed down Linux kernel, where we follow the mainline branch of kernel development. This has allowed us to pull in the latest version so that we can stay up to date with new features and performance improvements, as well as tune and completely remove unnecessary bloat in the kernel.

The result is that the operating system that we boot, prior to being deployed weighs in at just over 200MB. When servers are rebooted or provisioned for the first time, we can be safe in the knowledge that we get a freshly built kernel, no traces of any log files, and a fully patched OS.

[–] Onii-Chan@kbin.social 112 points 1 year ago (4 children)

It's a good day to be a Mullvad user. Switched over from Surfshark a while ago, and I love it.

[–] TrustingZebra@lemmy.one 7 points 1 year ago (8 children)

Is it noticeably faster than Surfshark for you?

[–] PeachMan@lemmy.one 36 points 1 year ago (3 children)

You don't use Mullvad for their performance, you use them for their insanely paranoid security and privacy practices.

And for the record, I was never impressed with Surfshark speeds. I dropped them when they bundled a virus scanner into their VPN client, that's sketchy as hell. I don't want my VPN provider scanning my files.

load more comments (3 replies)
[–] Onii-Chan@kbin.social 15 points 1 year ago

I never had any real issues with speed using Surfshark, the reason I made the switch was largely about trust. As another user said, as soon as I saw Surfshark start their YouTube advertising spree, and start to bloat their client with unnecessary features, I started looking for alternatives.

I'm iffy about any VPN company that uses YouTuber marketing as it is, and while my threat model isn't overly paranoid, I believe the VPN company someone chooses to use should have paranoid business practices. After I saw the news on Mullvad's raid, the authorities subsequently finding nothing, and the fact that a user's account is merely a string of numbers, I decided it was the VPN for me.

load more comments (6 replies)
load more comments (3 replies)
[–] minishoemaze@beehaw.org 83 points 1 year ago (3 children)

Why is their logo a Mole when Mullvad is The Goat

load more comments (2 replies)
[–] Hubi@feddit.de 77 points 1 year ago (1 children)

Wow, that is very impressive. I've been a subscriber for a few years and I couldn't be happier with their service.

[–] newIdentity@sh.itjust.works 52 points 1 year ago (6 children)

Except with the removal of port forwarding

[–] Hubi@feddit.de 42 points 1 year ago (2 children)

That didn't effect me much personally and I could understand their reasoning. Still, it's understandable that it lead to some frustration among other users.

load more comments (2 replies)
load more comments (5 replies)
[–] DeathWearsANecktie@lemm.ee 55 points 1 year ago

Mullvad is good, definitely my go-to VPN these days.

[–] mnmalst@lemmy.zip 45 points 1 year ago (7 children)

I find the "Mullvad VPN scratch cards" interesting. If a store near you has them you could buy one and be totally anonymous. What I find a bit odd is that you can buy them on amazon as well but sold directly by mullvad. Doesn't that defeat the purpose? The idea of the card is a decoupling of your real identity from the vpn user but when you buy the card in their store doesn't it negate that?

I am probably just missing something here. Does anyone have more insight?

[–] leraje@lemmy.blahaj.zone 78 points 1 year ago (6 children)

The code on the card is covered so Amazon might know you use Mullvad but they have no way of knowing what your account is.

Mullvad know your acct but they have no way of knowing how it is you paid other than maybe it being a scratchcard which they don't track anyway.

load more comments (6 replies)
[–] Nioxic@lemmy.dbzer0.com 26 points 1 year ago

Well amazon can tell youve bought a card

But not which code you recieved, on the physical card..

[–] SoggyBread@lemmy.world 13 points 1 year ago

Probably not because they still dont know who bought that card since the scratch card is linked to the money but that card could be used by anyone. Nothing stop you from buying them and giving them to a friend

[–] mojo@lemm.ee 12 points 1 year ago (2 children)

Better yet, they employ a guy you can find in an alley who has a bunch of redemption cards in his trench coat. He takes cash or crack.

load more comments (2 replies)
load more comments (3 replies)
[–] mojo@lemm.ee 41 points 1 year ago

Mullvad is such a good company. I just bought another month yesterday, but guess I'll go and add another year to that!

[–] doublejay1999@lemmy.world 40 points 1 year ago (9 children)

Interesting what’s going happening with mullvad. For the best part of 10’years, you hear nothing.

Does anyone know why they are recently noisy?

[–] leraje@lemmy.blahaj.zone 33 points 1 year ago

Going by rate of blog posts by year they don't seem any noisier than usual. The opposite if anything. 18 this year and there's only 3 and a bit months left of the year whereas in 2018 they made 60.

[–] PeachMan@lemmy.one 32 points 1 year ago

You are incorrect. Look through their blog archive (scroll to the bottom): https://mullvad.net/en/blog/

They've been posting steadily for over a decade, maybe the posts just got more popular this year on whatever sites you browse

[–] imgonnatrythis@lemm.ee 13 points 1 year ago

They dropped port forwarding and likely lost a lot of business related to this. They are trying to compensate for the loss I think which is great.

load more comments (6 replies)
[–] jacktherippah@lemmy.world 30 points 1 year ago (1 children)

They're amazing. I don't torrent anymore so I'll definitely be renewing.

[–] mineapple@feddit.de 8 points 1 year ago (2 children)

What speaks against torrents with mullvad?

[–] Azzu@lemm.ee 12 points 1 year ago (1 children)

No port forwarding.

[–] PR_freak@programming.dev 7 points 1 year ago (2 children)

What do you mean? Is that needed for torrenting?

I have been using mullvad for a month and have 2 tb of Linux isos, should I expect a call from someone?

[–] Azzu@lemm.ee 10 points 1 year ago (11 children)

The BitTorrent protocol basically works like this when you download a torrent:

  1. a tracker has a list of clients that have some data of a torrent
  2. you want to download that torrent, so you ask the tracker for this list
  3. after you receive this list, you ask the clients on this list to upload their data to you
  4. repeat 3. until you have the whole torrent

As soon as you have something downloaded, you become a client on the list of the tracker that theoretically has the torrent available for others. So you would become the "client being asked" of step 3 as well.

But how can you be asked? In a P2P networking context, you can only "be asked" if you have a port open that allows connections to it. Otherwise it's as if you gave people your home adress but your mailbox has a hole on the bottom that leads directly to the garbage can beneath it, so all mail is immediately lost. Completely unusable.

In other words, it's (basically) impossible for you to send the torrent data to someone else. You're a leecher, someone that doesn't give back to others. If everyone would act like you, torrents wouldn't work at all.

load more comments (11 replies)
load more comments (1 replies)
load more comments (1 replies)
[–] Carter@feddit.uk 26 points 1 year ago (4 children)

Of only they'd kept port forwarding.

[–] leraje@lemmy.blahaj.zone 78 points 1 year ago (3 children)

Didn't really have a choice:

...Regrettably individuals have frequently used this feature to host undesirable content and malicious services from ports that are forwarded from our VPN servers. This has led to law enforcement contacting us, our IPs getting blacklisted, and hosting providers cancelling us.

Blog post

Big issue there is hosting providers cancelling them. Can't operate a business without that.

load more comments (3 replies)
[–] imgonnatrythis@lemm.ee 15 points 1 year ago

Agreed. Seems like they were in a super tough spot with that and kind of had to drop it. All the sudden they seem to be doing some new cool stuff to try to keep their edge which I really appreciate / respect. That being said, I've dumped them and switched to a service that still port forwards as it gives me better torrenting throughput. Sorry Mullvad.

load more comments (2 replies)
[–] csolisr@communities.azkware.net 24 points 1 year ago (4 children)

From what I read in the article, there is still one part of the boot sequence that does require some sort of storage: the part where the bootloader fetches the network boot image and verifies it against the checksum signature. But I think that can be performed by booting from a pendrive and then removing it. The problem will come if law enforcement gets a hold of said pendrive...

[–] Deconceptualist@lemm.ee 69 points 1 year ago

Why would that be a problem? A boot image should only contain the commands to get the main system started after POST. It shouldn't contain any kind of logs, traffic data, or user data. In fact it should be read-only.

[–] ikidd@lemmy.world 25 points 1 year ago (8 children)

PXE boot will TFTP the boot image into RAM and carry on from there. You shouldn't need any storage on your device.

load more comments (8 replies)
[–] mub@lemmy.ml 14 points 1 year ago

Boot Drive could be immutable and not contain any form of log?

[–] ultratiem@lemmy.ca 8 points 1 year ago (3 children)

Destroy the drive. That’s what Apple does and how they get around the whole “we need a backdoor” problem. When no one can access the server, no more problems.

load more comments (3 replies)
load more comments
view more: next ›