top | item 46777133

(no title)

I see you are carefully skipping around the point ....

Where is Obscura's independent audit ? When has Obscura been tested to the same extent that Mullvad was during its court batttle ?

Answer it wasn't.

Therefore Mulvad Multi-Hop mode. Or Mullvad + Tor, if you insist. Is the safer choice.

And the US juristiction of Obscura is not something you can brush under the carpet like it somehow doesn't matter.

With Obscura you are just throwing your first-hop traffic against an unknown. And an unknown that is under US jurisdiction, and hence PATRIOT Act etc.

discuss

fartfeatures|1 month ago

It's open source which means I can trust having the app installed if I build from source (or I can just use Wireguard directly). I then know I'm directly connected to a Mullvad Wireguard node by checking the public key here: https://mullvad.net/en/servers

Other than Wireguard protocol being broken there is no way for Obscura to snoop presuming I check the public key. I'm not saying I trust Obscura, I'm saying with their model I don't need to trust them which is vastly superior. Nor do I need to trust Mullvad.

You keep hand waving around that Obscura are somehow untrustworthy but you have steadfastly refused to address the fact that their model does not require trust. If you trust Mullvad (which you are claiming to) please show an attack that would work to breach this model. You can't.

You would benefit from reading their FAQs and this blog post: https://obscura.net/blog/bootstrapping-trust/

https://github.com/Sovereign-Engineering/obscuravpn-client