← Back to context

Comment by Cider9986

20 hours ago

If you us Mullvad browser, which has built in Mullvad proxies, this isn't an issue because it doesn't use wireguard.

The browser also has a cool feature in the browser extension called Random mode. This gives you a different IP for each site, improving your privacy.

10 comments

Cider9986

Reply
charcircuit  16 hours ago

It's not going to be an issue for most things which have been properly thought out as they will have proper isolation between servers which should have separate identities. Reusing the same VPN for all servers and relying on an eventual expiry before the IP changes is fundamentally not a great approach to rely on for isolation.

stefan_  19 hours ago

Which you absolutely shouldn't use, because just like Tor Browser before, a vulnerability in the browser can be immediately escalated into decloaking your real IP. Ideally the proxying doesn't even happen on the same machine.

  • joskvw  18 hours ago

    "Absolutely shouldn't" is silly.

    - Browser vulnerabilities are non-trivial.

    - Mullvad browser's proxy feature only works if you're connected at the OS level, which helps mitigate browser level exploits.

    Compared to any other off the shelf solution, Mullvad browser provides a good balance of usability & privacy.

    Compared to something like you're describing, I agree it's worse.

  • ranger_danger  18 hours ago

    One possible mitigation might be to run your system (or just the browser/certain apps) sandboxed to only communicate with the IP/ports mullvad uses for VPNs.

    • fc417fc802  12 hours ago

      You absolutely shouldn't do that because a vulnerability in the kernel can be immediately escalated into decloaking your real IP. /s

      (TBF this is presumably why parent specified that proxying ought to happen on separate hardware.)

  • Cider9986  18 hours ago

    What threat model should you use Mullvad browser in? What threat model should you avoid Firefox-based browsers?

    Please talk in terms of specific threats instead of fearmongering. For people wanting to avoid surveillance capitalism, which is a very common threat, I think Mullvad Browser is a fantastic choice.

    For journalists targetted by nation states, perhaps it would be better to use Brave or Chrome inside of Qubes.

    • prophesi  17 hours ago

      > For journalists targetted by nation states, perhaps it would be better to use Brave or Chrome inside of Qubes.

      Curious why Chrome/Brave is recommended? I don't think any modern browser is better for anti-fingerprinting like the Firefox-based ones, including TOR and Mullvad Browser? Don't install random extensions outside the defaults and you're doing a lot better than a Brave/Chrome install if you want a usable internet.

      2 replies →