Comment by dharmab
3 years ago
In Sweden, physical search of the drives is a real concern. The Swedish national police attempted to search Mullvad once, but since there was no data to seize they left empty handed.
3 years ago
In Sweden, physical search of the drives is a real concern. The Swedish national police attempted to search Mullvad once, but since there was no data to seize they left empty handed.
> The Swedish national police attempted to search Mullvad once, but since there was no data to seize they left empty handed.
They were just unprepared. There was plenty of data to seize, but it was in RAM. They just needed the right equipment to do a cold boot attack [0] [1]
[0] https://en.wikipedia.org/wiki/Cold_boot_attack
[1] https://wootconference.org/papers/woot23-paper3.pdf
"just needed" is a simplification. Very few organizations outside the US federal 3-letter agencies have the resources to spend on volatile data recovery in practice. Even the FBI isn't going to bother unless they're confident some extremely valuable evidence is involved.
(Un)fortunately there is a device for these situations: https://wiebetech.com/products/hotplug-field-kit/
"The HotPlug's patented technology keeps power flowing to the computer while transferring the computer's power input from one A/C source (such as a wall outlet or power strip) to another (a portable UPS) and back again."
Realistically, what prevents police from just sticking in a USB device and doing a memory dump? I'm not sure I buy this story since police with a sufficiently strong warrant can always just take over a firm's premises and bring in their own forensic people until they find what they want.
this is such a dumb position, holy shit.
no they haven't built an impregnable system, neither has anyone else in the history of the world.
they have raised the bar very fucking high, though.
normal vpn company: oh yes, Officer, here's their credit card details and a list of all IPs they've ever connected from, and DNS logs from our internal servers
mullvad: OK, I guess you have the corrupted partial contents of memory of one machine that you managed to dump after dawn raiding us with guns and using liquid nitrogen to freeze the DRAM for a cold boot attack where you now have 90 minutes before entropy claims another victim.
one company tried a lot harder and made things a lot better. dumb equivalence arguments are dumb.
I think you need to familiarise yourself with the Mickens Security Model: https://www.schneier.com/blog/archives/2015/08/mickens_on_se...
making yourself resistant to casual subpoena attacks for little cost is valuable thing for a lot of people.
It's not a position, it's a simple question. Given that I can get a lot of information out of a computer to which I have physical access with only middling forensic skills, I'm inclined to think that the police can do at least as well if they're sufficiently motivated.
1 reply →
I could be wrong, but I would think that a conveniently timed power outage would prevent the memory dumping scenario :)
Unless you automate this process to flush all memory periodically, this seems like a good way to get charged for interfering with an investigation or have your assets seized and thrown into legal limbo. Police aren't complete morons, in the real world goofing around like this has consequences.