this post was submitted on 20 Sep 2023
729 points (99.2% liked)

Technology

60082 readers
3344 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] Danc4498@lemmy.ml 102 points 1 year ago (3 children)

Last time I looked at VPNs, mullvad seemed highly recommended for privacy and security. Sounds like it may still be the case.

[–] CrabAndBroom@lemmy.ml 81 points 1 year ago (1 children)

I also like that you don't have to give them any private info at all to make an account. You can just send crypto and they'll give you an account code and that's it, you don't even need an email address.

I haven't tried it but apparently you can even mail them cash. You get a payment token and just send cash in an envelope and they'll activate it whenever the money shows up!

I personally use this and it works great. Takes like a week to arrive (sending from europe).

[–] PeachMan@lemmy.one 21 points 1 year ago

It's basically the gold standard, audited and proven. I hear good things about IVPN as well.

[–] player2@lemmy.dbzer0.com 3 points 1 year ago

Be aware that Mullvad recently removed support for port forwarding if that matters to you. They're no longer a preferred option for torrents for that reason. Other than that I enjoy using their service.

[–] nucleative@lemmy.world 58 points 1 year ago (5 children)

Longtime Mullvad user, always been happy. But when Mullvad was still a small service it was unusual to have any problems when browsing the web with their IPs.

Recently, many services can detect you're on a VPN when using Mullvad and block or ban you, which means they've become successful enough that there are countrer-VPN databases including all of their IPs.

[–] punkisundead@slrpnk.net 20 points 1 year ago

Soooooo many captchas. And some websites just pretend to have weird errors which stop the moment I shut off the VPN

[–] Wumbologist@lemmy.world 16 points 1 year ago (2 children)

It's the same with Nord. I have to pause my VPN any time I want to access Fextralife wikis

[–] Blackmist@feddit.uk 21 points 1 year ago (2 children)

Ah, Fextralife. For when you want the top half of the screen taken up by a video advert, and the bottom half taken by a giant consent form.

The day we strayed from GameFAQs was a dark day indeed.

load more comments (2 replies)
[–] PraiseTheSoup@lemm.ee 7 points 1 year ago (3 children)

Pretty sure fextra just rips all their content from other wikis anyway, at least this was definitely my experience in the past. Just try scrolling past the first link in your search engine.

[–] Pyroglyph@lemmy.world 4 points 1 year ago

There's a browser extension that suggests (and optionally redirects to) better wikis when your search results include a Fandom/Fextralife link. I think it's called Indie Wiki Buddy.

load more comments (2 replies)
[–] Asudox@lemmy.world 11 points 1 year ago

Should I be happy about that or not.

[–] prole@sh.itjust.works 5 points 1 year ago (1 children)

I've just come to accept that constant captchas are a fact of life for browsing on a VPN. Cost of doing business. Worth it for the privacy though imo (VPNs in general, I haven't used Mullvad).

load more comments (1 replies)
[–] Kekzkrieger@feddit.de 3 points 1 year ago

yeah man prime detects me all the time... rly sad

[–] TWeaK@lemm.ee 47 points 1 year ago (1 children)

The result is that the operating system that we boot, prior to being deployed weighs in at just over 200MB. When servers are rebooted or provisioned for the first time, we can be safe in the knowledge that we get a freshly built kernel, no traces of any log files, and a fully patched OS.

But can it run Crysis?

[–] r00ty@kbin.life 51 points 1 year ago (1 children)

Yes, but you lose your save game every reboot.

[–] TheOneAndOnlyDeath@feddit.nl 12 points 1 year ago

Great for speedrunning then!

[–] killeronthecorner@lemmy.world 30 points 1 year ago (4 children)

Great news! Mullvad is great even if their account security makes you do a double take

[–] jet@hackertalks.com 22 points 1 year ago (1 children)
[–] nul9o9@lemmy.world 22 points 1 year ago (3 children)

I assume they mean there are no account credentials. When you "create" an account on their website, you'll be given a random account number, and no password.

[–] killeronthecorner@lemmy.world 14 points 1 year ago (1 children)

Yeah this is what I meant. It feels so wrong but also makes complete sense.

I think I've gotten used to the "safety" of setting my own password and always typing it with my email or username.

But practically speaking they're very similar and Mullvad's is arguably safer

I think of it more as "no username, only password". Realistically, usernames are not expected to be secure or private, so this is effectively the same.

load more comments (2 replies)
[–] sixCats@lemmy.dbzer0.com 4 points 1 year ago (1 children)

I am surprised that they don’t provide UUIDv4’s, feels like what they provide is somewhat guessable

[–] killeronthecorner@lemmy.world 2 points 1 year ago* (last edited 1 year ago) (3 children)

https://mullvad.net/en/blog/2017/6/20/mullvads-account-numbers-get-longer-and-safer/

As they outline here, there are ~9 quadrillion possible keys, needing around 5.5 million guesses to find an account. I think they hit a nice middleground between decent entropy and still having a number you can memorize (like a credit card).

load more comments (3 replies)
load more comments (2 replies)
[–] sugarfree@lemmy.world 26 points 1 year ago

Very cool, hopefully other companies take note.

[–] jeena@jemmy.jeena.net 18 points 1 year ago (1 children)

Just for my understanding when they boot such a server, where does it get it's operating system from? Over the network from a different computer which has a hard drive or some read only ROM on the server or what?

[–] UFO64@lemmy.world 34 points 1 year ago (2 children)

This can be handled a few different ways.

  • You can boot from a HDD and then just not ever write data back to it. This would be the most trivial solution, and it's something people do with their Pi's a lot to avoid SD card failure.
  • You could network boot, pull the OS from the network at startup. Fun fact, this is how some rockets fly! No onboard persistent storage needed. Everything boots into and runs from ram the whole 10 ish minutes of operation.
  • You COULD do a ROM as you suggested, but that's a LOT of ROM. Seems odd to do imho.
[–] uis@lemmy.world 4 points 1 year ago

16MiB is enough to hold entire Linux distro. Example: OpenWRT

load more comments (1 replies)
[–] SuperSaiyanSwag@lemmy.zip 18 points 1 year ago (7 children)

Can someone explain to me what this means? I’m technologically inept when it comes to privacy, slowly getting better day-by-day thanks to Lemmy.

[–] lustrum@sh.itjust.works 81 points 1 year ago (1 children)

What does “without any disks in use” mean?

  • If the computer is powered off, moved or confiscated, there is no data to retrieve.
  • We get the operational benefits of having fewer breakable parts. Disks are among the components that break often. Therefore, switching away from them makes our infrastructure more reliable.
  • The operational tasks of setting up and upgrading package versions on servers become faster and easier.
  • Running the system in RAM does not prevent the possibility of logging. It does however minimise the risk of accidentally storing something that can later be retrieved.
    https://mullvad.net/en/blog/2022/1/12/diskless-infrastructure-beta-system-transparency-stboot/
[–] KairuByte@lemmy.dbzer0.com 28 points 1 year ago (2 children)

While mostly true, there are ways to preserve ram if the device is confiscated.

Your local PD likely couldn’t pull it off, but if one of the larger abbreviation agencies were to get involved, data on RAM isn’t a huge hurdle. Assuming no one flips the power switch, at least.

Yeah, freezing and dumping RAM is a well known attack, even happening at some airports with laptops. But it still requires very recently powered ram, basically still in operation before extraction. It's a big step toward security at least.

[–] lustrum@sh.itjust.works 12 points 1 year ago* (last edited 1 year ago)

I guess it's going to stop any standard agencies with a warrant. Confiscating the machine for it to sit in a warehouse until some forensic techs get their hands on it.

[–] blegeg@lemmy.world 7 points 1 year ago* (last edited 1 year ago) (7 children)

I'm not an expert but I think : The site you visit only sees the VPNs info. Which is how you maintain some anonymity while browsing. However, if your VPN keeps logs, then you can still be tracked, just at a different place. Some say they don't keep logs, and you'd have to trust that.

RAM is considered volatile memory, so each time the server turns off, it loses all data. This is compared to disk (hard drives of whatever type) which retain memory even if the server turns off.

In theory, this ram only server prevents them from keeping logs (like which user went where) since the server wouldn't even have a place to store it.

Edit: lustrums post is more accurate and has info that this doesn't prevent logging per se, but could prevent accidental logging. I.e. they can't hire a forensic computer specialist to parse through operating system logs to try to find info they didn't otherwise log elsewhere.

load more comments (7 replies)
[–] mkwt@lemmy.world 4 points 1 year ago

A normal computer is usually constantly writing little bits and pieces of data to disk. But data on the disk might accidentally remain on the disk even if it's not intended. Then that data could be read later by someone else who is spying on VPN users .

There's also a common assumption that data on disk storage may leave behind remnants even after it's been overwritten. (Magnetic disks may leave behind some magnetic signatures. Flash drives will stop using sectors that are worn out, potentially leaving data there.) And state actors like NSA might have some capability to recover this ghost data if they get a hold of the actual drives.

There's a general understanding that data on RAM is irrevocably destroyed within a short time after the device loses power. So attacks on RAM data have to occur in real time while the data is in use. (There may be some attacks that preserve RAM after power down using low temperatures and liquid nitrogen).

load more comments (4 replies)
[–] AlecSadler@sh.itjust.works 17 points 1 year ago* (last edited 1 year ago) (3 children)

Anyone pro-Mullvad that can explain to me how it's better than PIA?

To my knowledge, which may be wrong, PIA has faster speeds and is also entirely RAM-based.

That said...I'd gladly switch if that's untrue and Mullvad is better. On the outset, it sounds like Mullvad triggers search engine captchas less, which would be a nice win.

edit: Well, you all convinced me. Made the switch.

[–] Virual@lemmy.dbzer0.com 54 points 1 year ago* (last edited 1 year ago) (5 children)

PIA and Mullvad should have equal speeds because they both have 10gbps servers and wireguard. Both PIA and Mullvad use ram-only servers exclusively. As for search engine captchas, I never get them with Mullvad. The main issue with PIA is that they were bought by a questionable company that previously developed adware. You can read about that here. Personally, I would never use a privacy tool that is owned by an ad company, even if they claim to have changed. I used them up until the acquisition, then switched and have been extremely happy with Mullvad.

[–] serratur@lemmy.wtf 13 points 1 year ago (1 children)

PIA is also a US based company

[–] postmateDumbass@lemmy.world 3 points 1 year ago

Just a bad juju acronymn.

Pain in the ass, CIA.

[–] AlecSadler@sh.itjust.works 10 points 1 year ago

You're awesome. Thank you! Appreciate the info and response. I'll give Mullvad a throw.

[–] scarabic@lemmy.world 4 points 1 year ago

I used PIA for years and dropped them over this. Am now on Mullvad. So far everything’s great.

load more comments (2 replies)
[–] punkisundead@slrpnk.net 11 points 1 year ago

You can send Mullvad cash as payment method

load more comments
view more: next ›