Review of Mullvad VPN(x41-dsec.de) |
Review of Mullvad VPN(x41-dsec.de) |
https://x41-dsec.de/static/reports/X41-Mullvad-Audit-Public-...
Titles of issues they found:
4.1.1 MLLVD-CR-24-01: Signal Handler’s Alternate Stack Too Small
4.1.2 MLLVD-CR-24-02: Signal Handler Uses Non-Async-Safe Functions
4.1.3 MLLVD-CR-24-03: Virtual IP Address of Tunnel Device Leaks to Net- work Adjacent Participant
4.1.4 MLLVD-CR-24-04: Deanonymization Through NAT
4.1.5 MLLVD-CR-24-05: Deanonymization Through MTU
4.1.6 MLLVD-CR-24-06: Sideloading Into Setup Process
All pretty straightforward IMO. They lean on "DAITA" aka Defence against AI Traffic Analysis pretty heavily, which I don't fully understand yet, but is probably worth some further reading.
Even OpenSSH has had issues with it [1].
It seems very difficult to build good abstractions for it in any programming language, without introducing some function colouring mechanism explicitly for this. Maybe a pure language like Haskell could do it.
[1]: https://blog.qualys.com/vulnerabilities-threat-research/2024...
Yup: see https://hackage.haskell.org/package/ghc-internal-9.1001.0/do... where it is clear that setting a handler simply writes to an array inside an MVar. And when the signal handler is run, the runtime starts a green thread to run it, which means user Haskell code does not need to worry about signal handler safe functions at all, since from the OS perspective the signal handler has returned. The user handler function simply runs as a new green thread independent of other threads.
But I like the fact that you brought up this idea. Haskell can't do it but in a parallel universe if there were another language with no runtime but with monads, we can actually solve this.
Another option is to use a proper OS that includes the ability to receive signals as a part of your main event loops: https://man.openbsd.org/kqueue.2#EVFILT_SIGNAL
I believe you can also do something similar with epoll() on Linux but not sure the semantics are quite as nice as kqueue.
Non async functions - pretty common problem but difficult to actually exploit. Every developer who has worked with signal handlers has probably made this mistake at some point because the issues it causes are extremely difficult to reproduce (some incredibly unlucky timing is required)
Arp leaking addresses - Not really a Mullvad issue and only exploitable on the local network
Deanonymization attacks - these work against all VPNs and you can always anonymize traffic more but it has a cost to do this.
Sideloading - Yeah this is probably the worst one but is not exploitable on it's own.
But: they found a triggerable heap corruption vulnerability in a Rust program, which is a nice catch.
I do think giving the vulnerability that follows that one a sev:hi, despite it being both theoretical (I don't think they have a POC) and not corrupting memory, is grade inflation though.
https://mullvad.net/en/blog/fourth-infrastructure-audit-comp...
Too bad because they were good for a long time.
My sense is that there's a lot of BS going on. Including the fact that "cool" VPNs are supposed to be coming from Scandinavian countries (but most of them aren't).
Mullvad states they're based on Sweden -- are you claiming they aren't? They list where all there servers are located and who owns them, if that's your concern.
They seems to have extensive information about why you'd want to use a VPN or not. They don't log customer data and moved to a RAM-only infra. They're cheap with one flat rate.
So what exactly would you call BS? What would you like to see them do different?
I don't understand what you are implying. Neither why are they supposed to, nor why it isn't true. To be fair, the only "strong privacy", etc VPN I know that is not Scandinavian is ProtonVPN. Is there something else?
I occasionally run this just to make sure, especially when using an unfamiliar service:
curl ipinfo.ioAnd of course prefer that they are in a jurisdiction that isn't a haven for shady companies.
In short: I like them because there is little bullshit and they seem to be OK. I don't think I could ever trust PIA or all of those companies.
I have the suspicion the IP blocking is somewhat coordinated between Youtube and Reddit, to maximize annoyance and discourage VPN usage, since I frequently find exit server working for either one of them, but not both. Disrupting the ping pong of social media for VPN users, seems like an effective strategy to influence their behavior. And since they are natural monopolies respectively, they hardly risk alienating anyone doing so. Similar to how cookie banners are abused to modify people's sentiment on privacy regulations in favor of data mining. Even many tech people believe annoying cookie banners are the EU's fault, when common practice is either malicious compliance, unwarranted or straight illegal.
That said, it is actually fucking annoying. Then again, just a nuance in the greater enshittification and rapidly growing dissatisfaction with the web overall for me.
FTFY (added scare quotes)
I don't see blocking tracking and data mining as a problem at all, but rather a very good thing.
Many captchas are just bans but they are hoping for some free training
There isn't a lot Mullvad can do about it. Not all providers of hosting are willing to tolerate VPN endpoints in the same way they don't like hosting tor exit nodes.
... isn't randomizing the virtual IP address makes the situation worse? sounds like the best solution would be just give every user the same boring static IP address like 169.254.199.1/30.
Personally I don't really get their multi hop when you connect on a predefined port on an ingress server to get redirected to egress in a different region. Easy guessable for a powerful observer.
Anyway any VPN is only an encryption tool, not an anonymizer.
I'm not suggesting a conspiracy, but is the VPN business that good? Are they funded by a privacy group?
If money is no concern, use Astrill. Easy of software, number of countries, GFC, circumvent geoblocking, it is one of the best, if not the best, but it comes with a big price tag attached. I think 300 USD/2 years if I remember correctly.
If you don't need the best, AirVPN has often deals for 50USD/2 years. But the servers are very "spammy" (tons of captchas for you to solve).
Doesn't this make it kinda pointless? If the target has a say in how they should perform their audit/attack, how does that not produce results biased to the targets favor? Wouldn't the most unbiased way to do such a thing would be for the target to have zero idea what the auditor would be doing?
> which opens up room for misinterpretation of the findings
If Mullvad dictated how to do things or imposed limits on the reach of the testing, the results are worthless anyway
It's mostly just a matter of having a defined scope. They could of course say "You can only attack this one exact thing" that makes them look good, but this is true of many things.
Defining the threat model is standard in the infosec auditing/pentest world, FWIW.
> If Mullvad dictated how to do things or imposed limits on the reach of the testing, the results are worthless anyway
That's only true if your threat model is "literally every possible thing that could ever happen", which is so broad to be meaningless and impossible to test anyway.
Computer programmers also do not typically design their programs under the assumption that someone stuffed newspaper between their CPU and heatsink and it caught on fire. They work on the assumption the computer is not on fire.
That's the whole point of a threat model: Mullvad has a threat model, and they build a product resistant to that. When someone audits the product, they should audit it against the threat model.
For example, this X41's threat model only supposes that an attacker could execute code on the system as a different, unprivileged user. They don't consider the situation where an attacker might have an administrative account on the system.
For my personal devices today, this matches my threat model. If an attacker has an administrative account on my machine, I assume that my VPN isn't going to be able to protect my traffic from them. There's no need to worry about laying out all the ways this could impact Mullvad's client.
> We believe the reason these vulnerabilities exist is because gocryptfs doesn’t have a clearly spelled-out threat model. Some of the attacks seem hard to avoid given gocryptfs’s performance goals and may have been introduced “by design” to meet these goals. We suggest writing down an explicit threat model and updating the website to better communicate the security guarantees that gocryptfs provides. This way, users are less likely to rely on it in ways which would make them vulnerable.
Later established: https://nuetzlich.net/gocryptfs/threat_model/
If I ask a person to do a audit I will tell them what the scope of their audit is, e.g. check the physical security measures of our server rooms. Otherwise they would have to take literally everything into consideration (what if the accountant is a malicous actor, what if the server rooms are attacked by a military, what if our hardware is swapped out during delivery, what if..) and they would never be able to stop.
If you take security seriously you try to defend against likely attack scenarios first. Your way to control that is by choosing the scope of audit.
So, first you have to determine what the target says.
Then you look around to see if that seems accurate.
Then you look around to see what are the systems and controls that are in place to keep things in a controlled state in the future.
To do an audit you have to audit against some sort of pre-established criteria. That is how audits work. In security, that will typically be a standard (or set of standards) alongside a threat model. In finances, you audit against what is legal in the areas you operate.
>[...] zero idea what the auditor would be doing?
That's a practical impossibility. From the client side you want to be able to evaluate quotes, stay within a budget, etc. You don't want to pay good money (audits are really expensive!) for areas that you are works-in-progress, or non-applicable threat models (e.g. lots of security software explicitly does not protect against nation-state actors, so they don't do audits from the perspective of a nation-state actor).
From the auditor side, you want to know what staff to assign (according to their expertise), how to schedule your staff, etc.
>If Mullvad dictated how to do things or imposed limits on the reach of the testing, the results are worthless anyway
Not at all. The company says "This is the set of standards we are auditing against and our threat model. This is how we performed". The results are useful for everything covered by those standards and threat model. By explicitly stating the threat model, you as a consumer can compare your threat model to the one that was audited and make an informed decision.
Their reasoning is "they will be able to focus their resources where they can make a difference". Whatever that means.
It works much better and more reliabily as a site-to-site VPN on my router for some reason.
I'm not sure if this can be done without the app or not.
When did this happen? I was still able to use it within the last couple of weeks, whenever I last tried it.
Bitcoin isn't anonymous. Am I misunderstanding something?
Fun fact: you can just mail Mullvad some cash in an envelope. No need for any cryptocurrency
Who owns that wallet can absolutely be an unknown - although practically with 99% people buying through coinbase this isn't the case.
- use coinjoin with something like wasabi wallet(https://wasabiwallet.io/)
- purchase BTC with cash
IMO, most VPN users are normal people, like me, who just want privacy from online advertisers and data aggregators. I do not want or expect privacy from the VPN provider. After all, I connect to their VPN service from my home ISP (which has an IP) that has an account in my name too.
No matter how you try to hide your payment for the VPN service, they know who you are.
IMO, technical people often 'go too far' and become unreasonable about these things (especially security people). They have lost touch with real-world threat models and use cases. James Mickens has a good short paper on this called 'This World of Ours' https://www.usenix.org/system/files/1401_08-12_mickens.pdf
maybe he is using tor on top of it
who knows
reCAPTCHA is the GoDaddy of CAPTCHA services. It doesn't achieve its purpose and the CAPTCHA task is often just a time waster. It's already decided whether you're a bot or not - which is not based on your mouse movements, but rather your IP address reputation and whether you're signed into Google. It only still exists because of brand inertia. I'd like to see a Google executive put before Congress and forced to complete a reCAPTCHA over Tor.
This alone can be worth it for many people. I trust Mullvad significantly more than I trust my ISP.
https://mullvad.net/en/blog/2023/5/29/removing-the-support-f...
Discussion of the audit of TFA on the Privacy Guides forum:
https://discuss.privacyguides.net/t/mullvads-2024-security-a...
One of my use cases for VPN is to watch free, legal anime on YouTube from Muse-Asia. I use a VPN to connect to Indonesia, which allows me to watch anime like Dandadan. a US IP won't show anything on their Youtube page. I'm using Mullvad VPN.
You are probably aware of the "Great Firewall of China" that blocks access from mainland China to Google, Meta, etc... Which means that if you are a westerner in China and want to access the internet as you know it, or if you are Chinese and access the rest of the world, then you need some kind of VPN to bypass the restrictions.
The Great Firewall is quite advanced, and you need some layers of stealth not to be detected and blocked. Furthermore, they actively search for VPN endpoints and block their IP addresses. It limits your choice of VPNs, and Mullvad is one of the good ones for that purpose, along with Astrill and LetsVPN.
And knowing that mullvad doesn’t come close to the mainstream marketing others (well in essence one) VPN providers, your comment comes of as malicious.
But, it's not white label. White label implies it would be Tailscale VPN (or similar) with no reference to Mullvalad in their docs or marketing. But that's not what is happening with their offering.
From their customers.
Mullvad has had multiple public audits and even contributed to other security-related open source projects. You don't have to create an account and they even take cash by mail. It can't be more anonymous than that.
Astrill on the other hand has had no public audits, and costs more than twice as much. It is not worth the price, since their security can't be checked by normal users. Also they require an account. Furthermore even in their FAQ they don't say that they wouldn't give the data to a court. They ask the question, but don't really answer it.
I would never buy a VPN from a company like that.
Just use the best programming language. Ups? For what application? Yes, everything depends on the application. Honestly, I doubt that many VPNs are better then Astrill if it comes to the GFC. I mentioned, it comes at a price. But if you are price sensitive, Mullvad is still nearly double the price of AirVPN....
"Mullvad has had multiple public audits and even contributed to other security-related open source projects."
Well, airvpn has also interesting roots. https://airvpn.org/aboutus/
"You don't have to create an account, and they even take cash by mail. It can't be more"
Well, I dont think any of my recommendations takes cash by mail, but that may take bitcoin. And for the applications you are hinting at, it is much more important that you connect via Tor to your VPN. One thing gives anonymity, the other privacy.
"Furthermore even in their FAQ they don't say that they wouldn't give the data to a court."
ROTFL. Every company will give data, or the data they have, to a court. At least in their own jurisdiction. Yet, there are (or were) VPNs that were cyberspace only. No corporation, just a website. A business that is not incorporated and only exits in cyberspace may indeed have a lot of leverage. At this point, you may ask yourself what you are doing. But if it is really so important, I would start setting up my own servers and selling my own VPNs. A tree you can hide best in a Forrest.
"I would never buy a VPN from a company like that." If everything you have is a hammer, every problem becomes a nail. Everything depends on your application and what you want to achieve.
I trust Mullvad because it does security audits like this. And it stores no data and has a history of police showing up without any data compromised [1].
[1] https://mullvad.net/en/blog/mullvad-vpn-was-subject-to-a-sea...
If you want a Mercedes of VPNs, likely Astrill is the choice. If privacy is your main concern, there are many options. Dont mistake privacy for anonymity. If in doubt, pay with Bitcoin and use TOR to connect to your VPN.
For my current application, AirVPN is more than enough. Two years: are 79 €, if they have a special, it is 49 euro. If you are cost sensitive, Mullvad is double the price already, but at least only less than half of the Astrill price.
There is an issue for torrents with so few peers that no one is connectable, and therefore there is no one to hole-punch for everyone else.
The implementation will be super simple. Set up your local IP address or IP address range (if you are on a dynamic IP address connection). Consistently call 'ipinfo.io/ip' every 5 seconds to check if the IP address is changing from your home IP address. You will get an alert if the IP address changes. So, when you turn on your VPN, this notification should alert you that your IP address has changed.
I would recommend using the 'ipinfo.io/ip' with a public IP address-based implementation as you can get a virtually infinite amount of queries. With just an 'ipinfo.io' query which gets you the location information as well, you get 1,000 queries without a token. This could work if you reduce the API call rate to a higher interval (not at a second level but only at a minute-level interval). But you do get the location information, which validates the VPN's location information.
Port forwarding works and you can get a raw wireguard config to dockerize it.
For general use in e.g. open hotspots I still use mullvad/mozilla vpn as I trust them more. (And can pay cashfor mullvad)
Monads being ergonomic is another question, but probably solvable.
What am I missing?
If handling a signal was equivalent to handling concurrency then it wouldn’t be as much of a problem.
IIRC a signal can take over execution of a running thread, so it will completely invalidate any critical sections etc. You cannot access any shared resource easily, cannot allocate memory and a lot more restrictions of this form.
This means having no port-forwarding shouldn't be much of an issue on private trackers (because most people have it to improve their ability to seed) but on public trackers some torrents might not download.
I never said I was against their AFK advertising. The EU chat control advertisement was great. The NYC stuff is pretty meh. Advertisement is was on my brain. I mostly treat it like that.
I just find it weird that there seems to be so many companies spending a seemi gly infinite amount on affiliate advertisement (through bought reviews) and on influencer ads.
Signalfd can mostly be implemented on any platform using a pipe (if you don't have to mix 32-bit and 64-bit processes, or if you don't need the siginfo payload, or if you read your kernel's documentation enough to figure out which "layout" of the union members is active - this is really hairy). Note however the major caveat of running out of pipe buffer.
A more-reliable alternative is to use an async-signal-safe allocator (e.g. an `mmap` wrapper) to atomically store the payloads, and only use a pipe as a flag for whether there's something to look for.
Of course, none of these mechanisms are useful for naturally synchronous signals, such as the `SIGSEGV` from dereferencing an invalid pointer, so the function-coloring approach still needs to be used.
Every 'nix can do that. Your signal handler just writes a byte to a pipe and your main loop reads the pipe or fifo. The pipe/fifo is your event queue, which your main loop reads.
Seems kinda limiting.
If I've got a slow file download going on in one thread, and my program gets a Ctrl+C signal, waiting for the download to complete before I exit ain't exactly a great user experience.
If you have multiple threads, you start one just to mind signals.
Signal handlers are extremely limited in what they can do, that’s the point. They are analogous to hardware interrupt handlers.
Just make sure it's non-blocking or with a relatively short timeout.
I am not aware of any firewalls that enforce the rule 'only attempt to connect to massively-shared cloud IPs that can't be easily subject to a reverse DNS lookup'.
https://www.amazon.com/Mullvad-VPN-Windows-Android-SCRATCH/d...
Edit: I realized they accept Monero. That is probably about equally anonymous.
You're just not trying very hard if you're using your immediate next door neighbor.
Yes, a neighbor may not realize they're sharing their network, however, interpreting their "next door" comment as a literal unit of proximity doesn't make your comment look as intelligent as you may think it does.
Fuck, even some technically illiterate people I know do this to watch various shows.
I am pretty sure the sheer quantity of VPN ads on YT are also good evidence that they work and people are signing up. It wouldn't make sense to scale up a marketing approach to those levels unless earlier, smaller campaigns had positive returns.
[0] It's worth calling out explicitly the crazy lengths people will go to to both (a) find a free stream of a sports match; and (b) find a way to watch a match when they're travelling and can't access whatever service they usually watch it on.
There are no central repositories as to the location of arbitrary banknote serial numbers.
Lets assume, for the sake of argument, that a cash-paying user were to make the mistake of paying every single time to renew the same suspicious Mullvad account using cash which was always newly withdrawn from cash machines from a banking institution which meticulously tracks them and is able to report from which location they originated (maybe even the card which withdrew them!).
In that case, if Mullvad were to be compromised (or if the targeted user was such an absolute threat to humankind that Mullvad were to agree to collaborate in his or her capture), it would only be possible if Mullvad's mail receivers were to either a) actively keep track of either banknote serial number and link it to a customer, or b) be fully aware of the requirement to make a note of it only of received to renew the target account.
Anything short of that and even the perfectly traceable banknote serial number just becomes one of hundreds? thousands? deposited by Mullvad in their bank accounts — assuming they don't even use some of them as petty cash if needed.
If a user of Mullvad were to reach that level of a threat model I would argue they would be much more likely to be caught by tracking of their sent mail, in the style of Ted Kaczyński.
But practically speaking an afternoon of shopping, exchanging coins for banknotes, breaking those into coins and back again will make it as untraceable as possible.
Especially since we're talking about 60 euro per year
The problem with safe signal handling is that you need to verify that your entire signal handler call stack is async safe. Assuming purity is a stronger property, signal handling is a safe API without any more work.
The inflexibility due to the purity might cause other issues but that’s more a language level concern. If the signal handling API is safe and inflexible, it still seems better for a lot of use cases than an unsafe by default one.
If you just want to grab the latest blockbuster it's no problem no.
I've never thought of getting a seedbox, i always thought the amount of storage required would be prohibitively expensive for a VPS. Also, I'd still want to use a VPN so the VPS provider isn't the only protection layer.
Personally, I do it because of the "Netflix effect". Movies and series don't exist if they're not on Netflix (or your chosen streaming platform). And with my kids growing up, I want them to see the good shows and movies I grew up with just as they share the shows they enjoy now with me. I can comfortably say that 99.9% of that media is never offered on Netflix.
Screw Netflix, it's been captured.
Why do you say that?
All that's needed is banks tracking serial numbers and associated persons as cash leaves the bank and enters it. The serial numbers on American cash seem machine readable, and on each bill they are printed in two places near opposite corners - as if they are designed for automated reading.
It doesn't have to be perfect, logically infallible, alibi-proof evidence. You could build a pretty good graph of who is doing business with whom, especially by examining repetitions of the same edges. At worst, it seems useful for intelligence tasks and to obtain worthwhile leads to pursue.
There main slogan is "Fast, Secure & Anonymous VPN"
meanwhile they require name and email unlike Mullvad which pioneered the concept of random account IDs for login years ago.
>If in doubt, pay with Bitcoin and use TOR to connect to your VPN.
Bitcoin is not and never will be private or anonymous. Use monero or cash.
Not true. There are enough places where you can buy BTC for cash. In Austria, you can buy at gas stations or in the post office. As long as you use a fresh wallet and only one time, I don't see who this could identify you. It may be backtracked to Austria, of which I am not a citizen.
When I was in China I would use my own VPN using ec2 and the now defunct Streisand (which uses stunnel). First few requests were always fast but as you use more bandwidth your requests would start to slow down considerably.
Oddly a foreign sim gets uncensored internet, so that's what I've recommended to travelers, but haven't been back since COVID so that might be outdated info.
Imagine a scenario where the original thread state is in a critical section, in the middle of allocating memory (which may need a mutex for non-thread local allocations) etc.
The code within the signal handler can’t guarantee access to any shared resource, because the previous execution of the thread may have been in the middle of the critical section. With normal concurrency, the thread that doesn’t hold the mutex can just suspend itself and wait.
However, because the thread has been hijacked by the signal handler, the original critical section cannot complete until the signal has been handled, and the signal handling cannot yield to the original code because it is not suspendable.
As a example, if the preempted code grabs a lock for a resource, then signal handler completion can not depend on grabbing that lock because that lock will never be released until the preempted code runs again and the preempted code can never run again until the signal handler completes.
A correct signal handler can never wait for a resource held by regular code. This precludes coordination or sharing via normal locks or critical sections.
You need a minute on their website to see that they have a very simple approach to funding their business. No "life time subscription" exclusive offers, no BS privacy claims...
Also this is HN, not a comment section on something like Yahoo news, really hard to consider people commenting here as being detached from tech trends and news.
I've only seen VPN ads from one company actually plastered in metro stations and inside subway cars: Mullvad. I've never seen physical ads for any other VPN provider.
I've seen lots of horribly annoying ads (or "sponsor segments") from various other VPNs, and I'm sure I've blocked orders of magnitude more of them by using SponsorBlock. But for real, in-person ads? Only Mullvad.
I'm not criticizing Mullvad here. In fact, this is probably a smart strategy on their part: if you're too clueless to use an ad-blocker online, you're not going to see other VPN providers' ads very much. But if you're highly privacy-focused, you'll already be using an ad-blocker and probably SponsorBlock too if you watch YouTube videos, so you really won't see other companies online ads much. But you can't miss physical ads on your subway ride. Their ads are also cute and clever, pointing out that a piece of paper stuck to the wall isn't tracking you the way most internet advertising does.
If the person above frequents certain torrent trackers, reads Torrent Freak, or travels in other small VPN adjacent circles then it's no stretch to imagine they have seen Mullvad mentioned a great deal, both through ads and through unsponsered forum members ranking Mullvad high on their HOWTO safely do {X} guides.
> Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith.
So, not Mullvad ads being blocked but actual Mullvad themed content positioned as of direct interest to the target demographic.
So I can see the reasoning, though anyone who considers this: I've heard years ago that they're not sure whether VPN-in-Tor or vice versa improves or degrades the anonymity, there are apparently reasons for either way, please read up on it before you feel safe using whatever solution in a regime without freedom of speech or something
1) Monads used to restrict the computation available in the context of a signal handler (or function coloring etc, basically a way for a compiler or static checker to determine that a block of code does not call unsafe functions)
2) The actual process of handling a signal received by the signal handler
I think me and the parent are referring to 1). 2) is also important, but it is not a signal specific concern. Even without a signal handler, if you want to write an application which handles async input, you have to handle the case of processing the input to do something useful (eg. let’s say you are writing an HTTP server and want to have a network endpoint for safely killing the thing).
I think the generally recommended way to represent 2) in a pure way is to model the signal as a state machine input and handle it like all other communication.
Obviously, this stuff is merely geo-locked. There's nothing illegal about using a VPN to get around stupid geo-locking restrictions.
Some ppl on these sites seed over 500 TB
But to answer your question, for 25TB I've seen packages that cost 20euro, which is pretty much the same as what Netflix premium charges in the US.
Trust me, I looked at the page of my provider just now and that's what they offer.
Comparison: https://seedboxgui.de/seedbox/