Remember — (from their own article announcing these servers):
> Running the system in RAM does not prevent the possibility of logging. It does however minimise the risk of accidentally storing something that can later be retrieved.
This doesn’t mean you can’t be logged. Running in RAM just means that any system level logging is transient and largely accidental. But if there were a need to specific logging, data could always be sent to a different node with disks. From Mullvad’s point of view, there is a reliability benefit to having diskless nodes. But from a privacy point of view, your access could still be logged, if required. But it would probably require more “active” monitoring than “passive”/accidental logging.
I get the immediate appeal of “open source servers that run from RAM”… but it’s the same thing as always, you just have to believe your VPN provider.
There is just no saying that they don’t swap gear out for the auditors or for the disk less servers or whatever it is.
I like that they say the right things. But I think the current models of Facebook and Google show just how much money there is in data, so it’s just faith that the VPN provider won’t fall to temptation.
Mullvad is more trustworthy that most, and possibly more trustworthy than all other public VPN providers. They have a good history, and are regularly audited: https://mullvad.net/en/blog/tag/audits/
Don't get me wrong, you still have to believe them. But they're easier to believe than others.
Mullvad is pretty much the only VPN provider saying the right things and doing the right things. They actually publish open source code and articles backing up their statements.
Ontop of that many of us here in Sweden know people at Mullvad and can attest to them being conscious of privacy issues.
Yup. But you can use crypto or mail cash to Mullvad without your name attached, and then just multihop to them as an endpoint, and it's about as secure as a VPN can be.
"fall to temptation" implies they were legitimate actors in the first place.
Most VPNs are run by small and relatively non-transparent private companies. It would be trivial and in fact the obvious thing to do for law enforcement and similar agencies to setup VPN companies and advertise them to their targets.
ISPs are actually more transparent and their business model does not fundamentally relies on exploiting customer data.
I was going to say that theoretically this was something that trusted computing can solve, but then I realized even if you could guarantee that the server was behaving as advertised (ie. diskless, no log), there's nothing preventing the provider from putting a middlebox in front of the server to log all packet flows. From there it's fairly trivial to deanonymize every connection through traffic analysis.
Wouldn't there be a clear performance difference between a RAM based and disk based (even if it's NVMe SSD) machine? If so, isn't that something you can routinely/programmatically authenticate?
I think the only thing that would give more trust is a remote attestation setup similar to GrapheneOS[1] since it's the only way to prove that servers are running the software they publicly say they are.
The configuration would have to be run at the hypervisor level, so that logging couldn't simply occur by nesting the server in a VM then logging that.
I read this differently than intended. For the life of me, I couldn’t figure out why RAIDs were so troublesome. I mean, yes, they can be a little slow, so running in RAM would be much faster.
Then I got it. Raid. Not RAID. Made so much more sense.
Running from memory is no big deal. You gain all and everything like a normal system and can still log persistent to some lokal disk or a remote central log service as it is quite common.
For example, all Ceph storage nodes bootet with croit.io run in RAM and have no OS installed. But you still have all logs and everything available right out of the box.
A trick I've used in the past for secrets on cloud providers: store them in "/dev/shm". Requires init after boot from a trusted source of course.
It's absolutely not foolproof but reduces the odds of them ending up on a SAN somewhere where they might be found by someone scanning free space or gaining direct access to an iSCSI bus or similar.
Adding to this for completeness sake, if using tmpfs such as the default /dev/shm mount, one must ensure that swap is either encrypted or disabled as tmpfs is swap backed and data not being actively accessed/written can end up in swap on disk.
Lets say, hypothetically, that there did exist some trustworthy VPN provider, one that behaved in a way that you would approve (where, if you had unlimited time and access to the internal operation of the provider to evaluate it, then you would eventually be convinced that it's "good", as good as reasonably, humanly possible). So assuming it exists, what would it look like? What would you see that would be positive or negative signs?
Sweden is going to join NATO soon. So do not expect VPNs operating from their teritory and under their law to be any different then the rest of Europe, as it was before.
Meh, I generally agree with the laws of my country and of the EU, so I don’t really care if they can obtain a warrant to wiretap me. I prefer to live in a society where law enforcement can be effective (with checks!) than one where bad things can happen with zero negative consequences.
I would trust real TOR much more than Apple's pseudo-TOR. They control all the entry and exit nodes so correlation attacks are quite viable.
Might as well chain two VPNs if you want a TOR-like experience without slowdowns. Bonus feature is that you can rotate providers.
Not really equivalent. There are possible attacks based on: key generation process, stored data correlation, access patterns, etc. You're much safer if you don't store anything in the first place.
[+] [-] mbreese|3 years ago|reply
> Running the system in RAM does not prevent the possibility of logging. It does however minimise the risk of accidentally storing something that can later be retrieved.
This doesn’t mean you can’t be logged. Running in RAM just means that any system level logging is transient and largely accidental. But if there were a need to specific logging, data could always be sent to a different node with disks. From Mullvad’s point of view, there is a reliability benefit to having diskless nodes. But from a privacy point of view, your access could still be logged, if required. But it would probably require more “active” monitoring than “passive”/accidental logging.
https://mullvad.net/en/blog/2022/1/12/diskless-infrastructur...
[+] [-] gigatexal|3 years ago|reply
[deleted]
[+] [-] badrabbit|3 years ago|reply
[+] [-] voltagex_|3 years ago|reply
[+] [-] rekoil|3 years ago|reply
[+] [-] SV_BubbleTime|3 years ago|reply
There is just no saying that they don’t swap gear out for the auditors or for the disk less servers or whatever it is.
I like that they say the right things. But I think the current models of Facebook and Google show just how much money there is in data, so it’s just faith that the VPN provider won’t fall to temptation.
[+] [-] LeoPanthera|3 years ago|reply
But.
Mullvad is more trustworthy that most, and possibly more trustworthy than all other public VPN providers. They have a good history, and are regularly audited: https://mullvad.net/en/blog/tag/audits/
Don't get me wrong, you still have to believe them. But they're easier to believe than others.
[+] [-] INTPenis|3 years ago|reply
Ontop of that many of us here in Sweden know people at Mullvad and can attest to them being conscious of privacy issues.
[+] [-] COGlory|3 years ago|reply
[+] [-] glowiesvpn|3 years ago|reply
Most VPNs are run by small and relatively non-transparent private companies. It would be trivial and in fact the obvious thing to do for law enforcement and similar agencies to setup VPN companies and advertise them to their targets.
ISPs are actually more transparent and their business model does not fundamentally relies on exploiting customer data.
[+] [-] gruez|3 years ago|reply
[+] [-] hajhatten|3 years ago|reply
https://www.ovpn.com/en/blog/ovpn-wins-court-order
[+] [-] c_o_n_v_e_x|3 years ago|reply
[+] [-] panick21_|3 years ago|reply
[+] [-] hatware|3 years ago|reply
Do you have a better plan...?
[+] [-] ajvs|3 years ago|reply
The configuration would have to be run at the hypervisor level, so that logging couldn't simply occur by nesting the server in a VM then logging that.
[1] https://attestation.app
[+] [-] est|3 years ago|reply
[+] [-] mbreese|3 years ago|reply
Then I got it. Raid. Not RAID. Made so much more sense.
[+] [-] BonoboIO|3 years ago|reply
[+] [-] Mave83|3 years ago|reply
For example, all Ceph storage nodes bootet with croit.io run in RAM and have no OS installed. But you still have all logs and everything available right out of the box.
[+] [-] panick21_|3 years ago|reply
[+] [-] api|3 years ago|reply
It's absolutely not foolproof but reduces the odds of them ending up on a SAN somewhere where they might be found by someone scanning free space or gaining direct access to an iSCSI bus or similar.
[+] [-] LinuxBender|3 years ago|reply
[+] [-] infogulch|3 years ago|reply
[+] [-] unknown|3 years ago|reply
[deleted]
[+] [-] seanw444|3 years ago|reply
[+] [-] agsamek|3 years ago|reply
[+] [-] alrlroipsp|3 years ago|reply
[+] [-] shapefrog|3 years ago|reply
[+] [-] unknown|3 years ago|reply
[deleted]
[+] [-] desperadovisa|3 years ago|reply
[+] [-] aborsy|3 years ago|reply
A better solution would be something like Apple’s private relay.
Also, either you trust the provider or you don’t.
[+] [-] stingraycharles|3 years ago|reply
I wouldn’t bet on it being super secure in case law enforcement comes after you, for example.
[+] [-] jeroenhd|3 years ago|reply
[+] [-] viraptor|3 years ago|reply