Comment by foobiekr
3 years ago
The cash thing is awesome and good for them.
That said, I don't know if Mullvad is good or evil, but one of the ways you can evaluate companies is to recognize when they're making sketchy, not-relevant claims to create an air of legitimacy.
This "our servers have no disks" thing is kind of thing is marketing. It is meant to imply something that it doesn't actually demonstrate. Who cares if there are local disks? It doesn't change the threat model at all, it's mostly to convince people who don't know very much about claims which are basically impossible to prove. It's the higher-tier version of "we use military grade encryption."
Lawful Intercept on the public internet does not rely on local hard drives on any node in the network and has not since the 90s, as a specific example of how meaningless this is.
I disagree - while it does not prove they aren't doing something nefarious, I think it is easier to demonstrate that you aren't logging to network calls than it is that you are accidentally spilling something to disk.
In Sweden, physical search of the drives is a real concern. The Swedish national police attempted to search Mullvad once, but since there was no data to seize they left empty handed.
> The Swedish national police attempted to search Mullvad once, but since there was no data to seize they left empty handed.
They were just unprepared. There was plenty of data to seize, but it was in RAM. They just needed the right equipment to do a cold boot attack [0] [1]
[0] https://en.wikipedia.org/wiki/Cold_boot_attack
[1] https://wootconference.org/papers/woot23-paper3.pdf
"just needed" is a simplification. Very few organizations outside the US federal 3-letter agencies have the resources to spend on volatile data recovery in practice. Even the FBI isn't going to bother unless they're confident some extremely valuable evidence is involved.
(Un)fortunately there is a device for these situations: https://wiebetech.com/products/hotplug-field-kit/
"The HotPlug's patented technology keeps power flowing to the computer while transferring the computer's power input from one A/C source (such as a wall outlet or power strip) to another (a portable UPS) and back again."
Realistically, what prevents police from just sticking in a USB device and doing a memory dump? I'm not sure I buy this story since police with a sufficiently strong warrant can always just take over a firm's premises and bring in their own forensic people until they find what they want.
this is such a dumb position, holy shit.
no they haven't built an impregnable system, neither has anyone else in the history of the world.
they have raised the bar very fucking high, though.
normal vpn company: oh yes, Officer, here's their credit card details and a list of all IPs they've ever connected from, and DNS logs from our internal servers
mullvad: OK, I guess you have the corrupted partial contents of memory of one machine that you managed to dump after dawn raiding us with guns and using liquid nitrogen to freeze the DRAM for a cold boot attack where you now have 90 minutes before entropy claims another victim.
one company tried a lot harder and made things a lot better. dumb equivalence arguments are dumb.
I think you need to familiarise yourself with the Mickens Security Model: https://www.schneier.com/blog/archives/2015/08/mickens_on_se...
making yourself resistant to casual subpoena attacks for little cost is valuable thing for a lot of people.
2 replies →
I could be wrong, but I would think that a conveniently timed power outage would prevent the memory dumping scenario :)
1 reply →
> one of the ways you can evaluate companies is to recognize when they're making sketchy, not-relevant claims to create an air of legitimacy.
This is an excellent heuristic. Personally I like to evaluate trustworthiness in terms of integrity and competence - can I trust their values and can I trust that they know what they are doing? Words are cheap of course. Consistent action across several years is much harder to fake. It also overlaps with another heuristic I use to model and predict the behaviour of a company; a company's behaviour will converge on the shareholders' goals over time.
> This "our servers have no disks" thing is kind of thing is marketing.
You are correct that we considered that aspect while writing the blog post, but please read the content before passing judgement. See the section titled "To recap about “no disks in use”" in particular.
On the topic of "air of legitimacy" I'll just leave these here:
* Our apps have been open-source since we launched in 2009
* Our response to Shellshock: https://www.sigsum.org
We're certainly not without fault, but hopefully this helps inform your opinion of Mullvad.
Best regards, Fredrik Stromberg (co-founder of Mullvad VPN, Tillitis, Glasklar Teknik)