Comment by linkregister
10 hours ago
Then why complicate it by being publicly insecure? If Mullvad were wanting to defeat anonymity, they could simply log the traffic metadata while falsely advertising they aren't.
Their ads on San Francisco's public transit are good.
Good VPNs tout the fact that they had nothing to give in response to a subpoena, or that there was nothing a law enforcement agency to find when they seized a server. For mullvad to be effective as a honey pot it needs to survive these events with its reputation in tact.
If it were a true honeypot by a state agency, they'd be able to just lie about having nothing too.
Not when people get arrested and the investigative techniques, sources, etc are made public. They would have to intervene in the legal process to make sure mullvad's role was kept secret. Presumably this isn't always feasible across jurisdictions.
1 reply →
"public insecure" JFC
Security is always a balance. Always
AI is showing that everything has a weak spot (wondering where are the "I don't make mistakes with C" now people are - but that's for another discussion)
There's another commenter mentioning this makes sense because exactly it avoids them keeping information on which customer is matched to which server. You know, one of the things you don't want to log
Could it be done better? Probably.
Here's a better idea, logging off is 100% safe
Meanwhile 99% of the normies will go for NordVPN