![]() How do you take this information? As with everything. This commentary would be true regarding any VPN provider. The bottom line is that the only way to know what Mullvad logs or doesn't log is through a third party audit or actually hacking their systems.Īs a systems engineer "managed to prove" is not language I'd associate with "evidence". So it would be nice if people stopped talking about VPN services being "more secure".Īt worst they are so many dollars a month wasted while providing false security. So for a journalist sending sensitive information either of these options work fine.įor criminals. Which I believe is now more or less "supposedly" Quantum resistant. But you'd never be able to prove the content of the information sent without breaking it's encryption. A correlation attack could be used against it if you know the hop count. I'm unaware of any time I2P was compromised. I2P on the other hand is a Cadillac if you want to send information point to point anonymously. ![]() But that assumes the information sent is small enough to avoid a correlation attack. It's pretty good at hiding the identity of parties exchanging information. Tor has been compromised a bunch of times on it's own for drugs and porn things. Running these things on Windows already compromises you. And even then you need to have significant skill to lock down a *NIX box. on a Java enabled UNIX-like operating system. Conversely, I2P shouldn't really be attempted without significant computer skills AT THE COMMAND LINE. If you want to hide your identity on the internet there's only two real choices: (It actually is a little bit more difficult that than, but not by much, because you have to be able to deal with a server crashing and restarting without the server being able to decrement the counters of every user connected to that server) All done with no "logging", just counting number of times connecting and disconnecting. When a user tries to connect, the counter is retrieved, and if it is 5 (or whatever), or 5 flags are on, the user is told "sorry too many connections". You just flip a flag or increment a counter in the central user database when a user connects and flip it off or decrement it when the user disconnects. The way you keep track of number of connections is simple. The reasonable way is that when a user connects, the central database is queried to validate the user credentials. You also wouldn't push the user database to the VPN servers because if one server was compromised, you would have a copy of database. ? This wouldn't be stored on each VPN server - if nothing else, keeping them all in sync would be a pain. If nothing else, you can be connected and not sending or receiving data, which, in the authors version, would mean you are not using a connection - even though you are.Īlso, every VPN provider has a "central database" - how else are they going to keep track of accounts, payments, etc. Such logging actually is not useful to tracking how many devices you have connected to the service at one time. That is what would be required to show someone used a web site - you would have to be able to tie a user to either the web site's own logs or a network capture. To me, in the context of this sub, logging means recording sufficient detail to be able to authoritatively say "user x connected to web server y with suchandsuch IP Address and suchandsuch port number at suchandsuch a time". Or if they do, isn't very good at it.įirst, logging is a very broad term and is not really defined. I'm inclined to believe this is outright lies but could there be truth? I've championed Mullvad as the top tier providers for years Therefore, the reports that no log files are stored that could lead to the identity of the users are simply lies." In practice, this information is sufficient to be able to answer requests from authorities satisfactorily. In addition, the amount of data that is transferred. So Mullvad stores log data of the users, which includes the real IP address as well as the used VPN IP addresses and the start and end times. In our tests we were able to prove the use of central databases that are also supposed to prevent usage on unlimited devices at the same time. "One of the main criticisms we had in our test was that Mullvad VPN recommends itself as being for “anonymisation” and pretends that they don’t use log files. Under the privacy section they posted that their tests have proven Mullvad stores real IPs in their databases. I was reading this review of Mullvad on which covers speed, privacy, features, support and price. ![]()
0 Comments
Leave a Reply. |