The result is that the operating system that we boot, prior to being deployed weighs in at just over 200MB. When servers are rebooted or provisioned for the first time, we can be safe in the knowledge that we get a freshly built kernel, no traces of any log files, and a fully patched OS.
But can it run Crysis?
I do not use a VPN provider but damn, that’s cool as hell. Now how do I self host it? :D
But why would logs you hurt than?
How to debug and how to do forensic if only the supposed persons are connected to your home, if you don’t have any logs?
Note that the lack of logging probably doesn’t matter when your self-hosting, since it’s all for you.
Concept of RAM only Linux images with validation and signing is something seen in some datacenters. For example, Lenovo has this in their confluent cluster management (https://hpc.lenovo.com/). A node can network boot or boot from usb (read-only) and all writes go to RAM.
Alternatively, booting a LiveCD amounts to the same thing without requiring a boot server, you have a local ‘disk’ but nothing writes to it. If extra paranoid you could actually boot it from a burned DVD, but in practice even when booting from USB most ‘live’ images only write filesystem to RAM.
Anyone pro-Mullvad that can explain to me how it’s better than PIA?
To my knowledge, which may be wrong, PIA has faster speeds and is also entirely RAM-based.
That said…I’d gladly switch if that’s untrue and Mullvad is better. On the outset, it sounds like Mullvad triggers search engine captchas less, which would be a nice win.
edit: Well, you all convinced me. Made the switch.
Does it make sense that a privacy VPN has 4 tracking scripts and 5 third party cookies on their website? https://themarkup.org/blacklight?url=privateinternetaccess.com&device=mobile&location=us
Mullvad has 0.
https://themarkup.org/blacklight?url=mullvad.net&device=mobile&location=us
Teddy Sagi > Kape Tech > PIA, Cyber Ghost and ZenMate.
As someone who works in enterprise ISP tech space I always keep the bigger picture in mind, especially with the latest “tech Fads”, VPNs are really easy to sell, especially when you already have other companies and even bigger shell companies.
Take the following scenario (it might be true it might also be conjecture):
person1 owns 2 shell companies that are big names in tech.
shell 1 starts out as a an ISP and soon grows to be a network transit provider.*
shell 2 starts out as a cyber sec company.
shell 1 get’s really big and becomes a tier 1 provider that sells transit to BBC and is now peering with the likes of Cogent, Lumen/CenturyLink and others.
shell 2 get so big it branches out into VPN carrier tech and purchases a well used VPN company that also stands out as having a no logging policy.*
shell 1 starts providing seriously detailed analytics to it peers on a subscription basis with discounts to peers that repeatedly hit the 95th percentile on billing cycles, all the peers love being able to see detailed info of the traffic flowing over their transit relationships.*
Shell 2 also purchases another company that deals with adware and advert injection tech.
later shell 2 becomes so financially liquid it is now breaking out in to gambling and lucrative AIM ventures.
In the scenario above I’ve marked points with a * that should be red flags to VPN users BUT they have something obvious when laid out in this manner that a user of a VPN would not know. That is that even though the VPN is sold as no-logging the wider company still gets your data as all the traffic is flowing over the wider network owned by shell 1 that you have no idea of the relationship between them.
All traffic/data can be monetised and ultimately with decent visibility of all comprising parts tied back to you or your account, VPNs are good but just be aware of forced perspective, look beyond T&C’s, look at the company and who owns it and what else they own.
You all got a hint at this with pirate bay, the feds couldn’t take 'em down so the went to the DC provider and the network transit providers, you should do the same if you value your trust and data so much that you need a VPN for every connection.
Finally, with or without a VPN, Your IP is only used for 20% of the connection(10% at the start and 10% to the final endpoint), when your data/traffic flows over provider networks it becomes an AS number, a layer tag and even a colour, all of these interchange until it becomes an IP again, hits a website and for the most part all of that is accounted for and can be connected to you.
PIA and Mullvad should have equal speeds because they both have 10gbps servers and wireguard. Both PIA and Mullvad use ram-only servers exclusively. As for search engine captchas, I never get them with Mullvad. The main issue with PIA is that they were bought by a questionable company that previously developed adware. You can read about that here. Personally, I would never use a privacy tool that is owned by an ad company, even if they claim to have changed. I used them up until the acquisition, then switched and have been extremely happy with Mullvad.
As for search engine captchas, I never get them with Mullvad.
That has nothing to do with VPNs, and everything to do with how your browser “leaks” your user behaviour history.
Captchas go through your browser behaviour history and examine the clicks and pages you have gone through, how long you were on each one and how you scrolled through each page. Stuff like that. If that browser behaviour history reaches a minimum threshold of “human-like behaviour”, there is no test to pass. If it doesn’t, or there is no history to go after, you get a test.
Great news! Mullvad is great even if their account security makes you do a double take
To be fair, would it matter if someone got access to your account key? There isn’t really any data on your account is there (isn’t that the point)? It’d just let you connect to the VPN
I assume they mean there are no account credentials. When you “create” an account on their website, you’ll be given a random account number, and no password.
Yeah this is what I meant. It feels so wrong but also makes complete sense.
I think I’ve gotten used to the “safety” of setting my own password and always typing it with my email or username.
But practically speaking they’re very similar and Mullvad’s is arguably safer
What’s to stop somebody guessing your account number and gaining access? (Honest question)
I am surprised that they don’t provide UUIDv4’s, feels like what they provide is somewhat guessable
https://mullvad.net/en/blog/2017/6/20/mullvads-account-numbers-get-longer-and-safer/
As they outline here, there are ~9 quadrillion possible keys, needing around 5.5 million guesses to find an account. I think they hit a nice middleground between decent entropy and still having a number you can memorize (like a credit card).
Very cool, hopefully other companies take note.