• Danc4498@lemmy.ml
    link
    fedilink
    English
    arrow-up
    107
    ·
    1 year ago

    Last time I looked at VPNs, mullvad seemed highly recommended for privacy and security. Sounds like it may still be the case.

    • Random Dent@lemmy.ml
      link
      fedilink
      English
      arrow-up
      85
      ·
      1 year ago

      I also like that you don’t have to give them any private info at all to make an account. You can just send crypto and they’ll give you an account code and that’s it, you don’t even need an email address.

      I haven’t tried it but apparently you can even mail them cash. You get a payment token and just send cash in an envelope and they’ll activate it whenever the money shows up!

    • PeachMan@lemmy.one
      link
      fedilink
      English
      arrow-up
      24
      arrow-down
      1
      ·
      1 year ago

      It’s basically the gold standard, audited and proven. I hear good things about IVPN as well.

    • player2@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Be aware that Mullvad recently removed support for port forwarding if that matters to you. They’re no longer a preferred option for torrents for that reason. Other than that I enjoy using their service.

  • nucleative@lemmy.world
    link
    fedilink
    English
    arrow-up
    61
    ·
    1 year ago

    Longtime Mullvad user, always been happy. But when Mullvad was still a small service it was unusual to have any problems when browsing the web with their IPs.

    Recently, many services can detect you’re on a VPN when using Mullvad and block or ban you, which means they’ve become successful enough that there are countrer-VPN databases including all of their IPs.

      • Blackmist@feddit.uk
        link
        fedilink
        English
        arrow-up
        22
        ·
        1 year ago

        Ah, Fextralife. For when you want the top half of the screen taken up by a video advert, and the bottom half taken by a giant consent form.

        The day we strayed from GameFAQs was a dark day indeed.

        • Wumbologist@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          It’s pretty awful but it’s always the first search result for anything souls related. It’s bearable with an adblocker though

          • GenderNeutralBro@lemmy.sdf.org
            link
            fedilink
            English
            arrow-up
            8
            ·
            1 year ago

            This is Bing Chat’s killer feature. Search for a specific game question and it’ll just spit out the answer with no bullshit.

      • PraiseTheSoup
        link
        fedilink
        English
        arrow-up
        9
        ·
        1 year ago

        Pretty sure fextra just rips all their content from other wikis anyway, at least this was definitely my experience in the past. Just try scrolling past the first link in your search engine.

        • Pyro@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          There’s a browser extension that suggests (and optionally redirects to) better wikis when your search results include a Fandom/Fextralife link. I think it’s called Indie Wiki Buddy.

        • Wumbologist@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I can’t speak to the ripping of content, but you have to scroll pretty far depending on the subject to get a better result.

          Searching “Soul of Cinder” on Google is all Fextralife, fandom, YouTube, reddit, ign/Gamespot/etc. Wikidot doesn’t show up until halfway down the first page and it doesn’t show up at all on duckduckgo.

          The answer is probably to add specific sites names to my searches but I’m lazy

          • buran@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            I feel like I have it easy as a WoW player — we’ve got wowhead, which is partially datamining and partially crowdsourced (and has its own newsgathering staff) and it’s always been very helpful when trying to figure something out that isn’t self-evident (quests with erroneous instructions that weren’t corrected during beta testing, stuff like that).

    • prole@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      I’ve just come to accept that constant captchas are a fact of life for browsing on a VPN. Cost of doing business. Worth it for the privacy though imo (VPNs in general, I haven’t used Mullvad).

      • nucleative@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Some are definitely better than others. I’ve used new VPN services that get you through every checkpoint just like a home IP address. And some that, as you mention, throw up every captcha known to man.

  • TWeaK
    link
    fedilink
    English
    arrow-up
    60
    arrow-down
    8
    ·
    1 year ago

    The result is that the operating system that we boot, prior to being deployed weighs in at just over 200MB. When servers are rebooted or provisioned for the first time, we can be safe in the knowledge that we get a freshly built kernel, no traces of any log files, and a fully patched OS.

    But can it run Crysis?

      • nul9o9@lemmy.world
        link
        fedilink
        English
        arrow-up
        26
        ·
        1 year ago

        I assume they mean there are no account credentials. When you “create” an account on their website, you’ll be given a random account number, and no password.

        • killeronthecorner@lemmy.world
          link
          fedilink
          English
          arrow-up
          18
          arrow-down
          1
          ·
          1 year ago

          Yeah this is what I meant. It feels so wrong but also makes complete sense.

          I think I’ve gotten used to the “safety” of setting my own password and always typing it with my email or username.

          But practically speaking they’re very similar and Mullvad’s is arguably safer

          • GenderNeutralBro@lemmy.sdf.org
            link
            fedilink
            English
            arrow-up
            5
            ·
            1 year ago

            I think of it more as “no username, only password”. Realistically, usernames are not expected to be secure or private, so this is effectively the same.

        • Obinice@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          What’s to stop somebody guessing your account number and gaining access? (Honest question)

          • nul9o9@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            There are lots of possible account numbers, much more than there are accounts. So there is a very small chance that you will guess an active paid account.

            And if you do, there’s not much you can get out of it. There’s no personal information tied to the account.

    • sixCats@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      I am surprised that they don’t provide UUIDv4’s, feels like what they provide is somewhat guessable

          • killeronthecorner@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            Nowadays, not so much. In the previous decades before password managers, card vaulting, apple pay and so on: yes, if you were typing it in or writing it on forms frequently, it wasn’t uncommon to just memorize it.

            My point though was that there is a limit to our ability to remember long and random alphanumeric strings, and I find credit card numbers to be that limit. UUIDs are longer and have a much bigger character set.

            • trashgirlfriend@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              I never put my cc in any password manager, but I also mostly just use it for online payments where I don’t mind taking out the actual card to type the number in

    • PixxlMan@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      To be fair, would it matter if someone got access to your account key? There isn’t really any data on your account is there (isn’t that the point)? It’d just let you connect to the VPN

      • killeronthecorner@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        They can use your secondary connection for free. It depends if that bothers you or not. If you’re already using both it could lead to disruption on your part I guess? Not 100% on that though

  • SuperSaiyanSwag@lemmy.zip
    link
    fedilink
    English
    arrow-up
    22
    ·
    1 year ago

    Can someone explain to me what this means? I’m technologically inept when it comes to privacy, slowly getting better day-by-day thanks to Lemmy.

    • lustrum@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      86
      ·
      1 year ago

      What does “without any disks in use” mean?

      • If the computer is powered off, moved or confiscated, there is no data to retrieve.
      • We get the operational benefits of having fewer breakable parts. Disks are among the components that break often. Therefore, switching away from them makes our infrastructure more reliable.
      • The operational tasks of setting up and upgrading package versions on servers become faster and easier.
      • Running the system in RAM does not prevent the possibility of logging. It does however minimise the risk of accidentally storing something that can later be retrieved.
        https://mullvad.net/en/blog/2022/1/12/diskless-infrastructure-beta-system-transparency-stboot/
      • KairuByte@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        31
        ·
        1 year ago

        While mostly true, there are ways to preserve ram if the device is confiscated.

        Your local PD likely couldn’t pull it off, but if one of the larger abbreviation agencies were to get involved, data on RAM isn’t a huge hurdle. Assuming no one flips the power switch, at least.

        • reluctantpornaccount@reddthat.com
          link
          fedilink
          English
          arrow-up
          21
          arrow-down
          1
          ·
          1 year ago

          Yeah, freezing and dumping RAM is a well known attack, even happening at some airports with laptops. But it still requires very recently powered ram, basically still in operation before extraction. It’s a big step toward security at least.

        • lustrum@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          13
          ·
          edit-2
          1 year ago

          I guess it’s going to stop any standard agencies with a warrant. Confiscating the machine for it to sit in a warehouse until some forensic techs get their hands on it.

      • jarfil@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        There are devices that allow moving and confiscating computers without powering them off.

        The rest are true.

          • jarfil@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 year ago

            Sure, but how often does that happen to servers running 24/7? They’d have to set up some sort of dead man’s switch, movement sensors, or something. It’s unlikely they’d get a day’s notice that the servers are going to be confiscated for forensic analysis.

            • DoomBot5@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 year ago

              How long do you think it takes to broadcast a network wide shutdown command over the management network?

              • jarfil@lemmy.world
                link
                fedilink
                English
                arrow-up
                2
                ·
                1 year ago

                How long do you think would you have? Also, any manual action on your part would be obstruction, while an automated system could be defended as anti-theft protection.

    • blegeg@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      1
      ·
      edit-2
      1 year ago

      I’m not an expert but I think : The site you visit only sees the VPNs info. Which is how you maintain some anonymity while browsing. However, if your VPN keeps logs, then you can still be tracked, just at a different place. Some say they don’t keep logs, and you’d have to trust that.

      RAM is considered volatile memory, so each time the server turns off, it loses all data. This is compared to disk (hard drives of whatever type) which retain memory even if the server turns off.

      In theory, this ram only server prevents them from keeping logs (like which user went where) since the server wouldn’t even have a place to store it.

      Edit: lustrums post is more accurate and has info that this doesn’t prevent logging per se, but could prevent accidental logging. I.e. they can’t hire a forensic computer specialist to parse through operating system logs to try to find info they didn’t otherwise log elsewhere.

      • t0m5k1@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        1 year ago

        The site you visit only sees the VPNs info. Which is how you maintain some anonymity while browsing.

        A VPN just changes your IP, all your browser info is still visible to the website.

        • trashgirlfriend@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          It does hide where your traffic is going to the ISP, no?

          Mullvad also has their own browser that has some security features that prevent fingerprinting while also keeping an okay level of usability.

          • t0m5k1@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Yes, all the ISP will see is the vpn tunnel. If you don’t trust the ISP why are you with them?

            When you access a website with https the ISP will not see what happens inside that connection as it too is encrypted.

            If you run your own DNS server that uses root hints the ISP will see even less.

            By using a vpn you’re placing your trust on the provider and there is nothing stopping them filtering the outbound connection from all their VPN endpoints to collect and sell the meta data your hiding from you ISP.

            All VPN providers just talk about logging but nothing about meta data collection, funny that 🤔

      • jj4211@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Some say they don’t keep logs, and you’d have to trust that. Note that this same caveat applies for a VPN provider promising they are running diskless endpoints. Or that they don’t have some third party monitoring their stuff even if diskless. Or that a law enforcement agency can’t come along with a warrant to require them to monitor an account’s activity moving forward, even if logs are not possible.

        If your online activity justifies this level of paranoia, there’s probably no meaningful protection available for your wants in practice. If your provider is operating in a jurisdiction that is problematic for your online activity, they can probably ultimately be compromised. If you are just using it to access a different country’s streaming library, you probably don’t need to be that paranoid. If you are trying to disguise illegal activity that is illegal in the jurisdiction of the VPN endpoint, well you are likely boned with logging or not.

    • mkwt@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      A normal computer is usually constantly writing little bits and pieces of data to disk. But data on the disk might accidentally remain on the disk even if it’s not intended. Then that data could be read later by someone else who is spying on VPN users .

      There’s also a common assumption that data on disk storage may leave behind remnants even after it’s been overwritten. (Magnetic disks may leave behind some magnetic signatures. Flash drives will stop using sectors that are worn out, potentially leaving data there.) And state actors like NSA might have some capability to recover this ghost data if they get a hold of the actual drives.

      There’s a general understanding that data on RAM is irrevocably destroyed within a short time after the device loses power. So attacks on RAM data have to occur in real time while the data is in use. (There may be some attacks that preserve RAM after power down using low temperatures and liquid nitrogen).

    • cel922
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      It means that even though Mullvad already doesn’t log anything about their users activities, there is no persistent storage on the servers, so as soon as it is powered off or raided by The Agencies, there is absolutely nothing to retrieve from it.

    • SpaceNoodle@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      If the computer is unplugged, there’s nothing left on a hard drive to show what state it was in. This means nobody malicious can physically remove their servers and gain information about customers.

    • Aatube@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      1 year ago

      No data is supposed to be readable after you shut it off. There are ways to restore it though but it’s still vastly better in leaving no trace.

  • AlecSadler@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    22
    arrow-down
    3
    ·
    edit-2
    1 year ago

    Anyone pro-Mullvad that can explain to me how it’s better than PIA?

    To my knowledge, which may be wrong, PIA has faster speeds and is also entirely RAM-based.

    That said…I’d gladly switch if that’s untrue and Mullvad is better. On the outset, it sounds like Mullvad triggers search engine captchas less, which would be a nice win.

    edit: Well, you all convinced me. Made the switch.

    • Virual@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      58
      ·
      edit-2
      1 year ago

      PIA and Mullvad should have equal speeds because they both have 10gbps servers and wireguard. Both PIA and Mullvad use ram-only servers exclusively. As for search engine captchas, I never get them with Mullvad. The main issue with PIA is that they were bought by a questionable company that previously developed adware. You can read about that here. Personally, I would never use a privacy tool that is owned by an ad company, even if they claim to have changed. I used them up until the acquisition, then switched and have been extremely happy with Mullvad.

      • scarabic@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        I used PIA for years and dropped them over this. Am now on Mullvad. So far everything’s great.

      • rekabis@lemmy.ca
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        1 year ago

        As for search engine captchas, I never get them with Mullvad.

        That has nothing to do with VPNs, and everything to do with how your browser “leaks” your user behaviour history.

        Captchas go through your browser behaviour history and examine the clicks and pages you have gone through, how long you were on each one and how you scrolled through each page. Stuff like that. If that browser behaviour history reaches a minimum threshold of “human-like behaviour”, there is no test to pass. If it doesn’t, or there is no history to go after, you get a test.

        • Virual@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          The IP address that a request is coming from can absolutely cause captchas to be triggered. If the host is seeing a lot of bot activity from your IP, it’ll do that. That and blacklisting is why Mullvad rotates IPs.

      • t0m5k1@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        Teddy Sagi > Kape Tech > PIA, Cyber Ghost and ZenMate.

        As someone who works in enterprise ISP tech space I always keep the bigger picture in mind, especially with the latest “tech Fads”, VPNs are really easy to sell, especially when you already have other companies and even bigger shell companies.

        Take the following scenario (it might be true it might also be conjecture):

        person1 owns 2 shell companies that are big names in tech.

        shell 1 starts out as a an ISP and soon grows to be a network transit provider.*

        shell 2 starts out as a cyber sec company.

        shell 1 get’s really big and becomes a tier 1 provider that sells transit to BBC and is now peering with the likes of Cogent, Lumen/CenturyLink and others.

        shell 2 get so big it branches out into VPN carrier tech and purchases a well used VPN company that also stands out as having a no logging policy.*

        shell 1 starts providing seriously detailed analytics to it peers on a subscription basis with discounts to peers that repeatedly hit the 95th percentile on billing cycles, all the peers love being able to see detailed info of the traffic flowing over their transit relationships.*

        Shell 2 also purchases another company that deals with adware and advert injection tech.

        later shell 2 becomes so financially liquid it is now breaking out in to gambling and lucrative AIM ventures.

        In the scenario above I’ve marked points with a * that should be red flags to VPN users BUT they have something obvious when laid out in this manner that a user of a VPN would not know. That is that even though the VPN is sold as no-logging the wider company still gets your data as all the traffic is flowing over the wider network owned by shell 1 that you have no idea of the relationship between them.

        All traffic/data can be monetised and ultimately with decent visibility of all comprising parts tied back to you or your account, VPNs are good but just be aware of forced perspective, look beyond T&C’s, look at the company and who owns it and what else they own.

        You all got a hint at this with pirate bay, the feds couldn’t take 'em down so the went to the DC provider and the network transit providers, you should do the same if you value your trust and data so much that you need a VPN for every connection.

        Finally, with or without a VPN, Your IP is only used for 20% of the connection(10% at the start and 10% to the final endpoint), when your data/traffic flows over provider networks it becomes an AS number, a layer tag and even a colour, all of these interchange until it becomes an IP again, hits a website and for the most part all of that is accounted for and can be connected to you.

  • Jeena@jemmy.jeena.net
    link
    fedilink
    English
    arrow-up
    19
    ·
    1 year ago

    Just for my understanding when they boot such a server, where does it get it’s operating system from? Over the network from a different computer which has a hard drive or some read only ROM on the server or what?

    • UFO64@lemmy.world
      link
      fedilink
      English
      arrow-up
      36
      ·
      1 year ago

      This can be handled a few different ways.

      • You can boot from a HDD and then just not ever write data back to it. This would be the most trivial solution, and it’s something people do with their Pi’s a lot to avoid SD card failure.
      • You could network boot, pull the OS from the network at startup. Fun fact, this is how some rockets fly! No onboard persistent storage needed. Everything boots into and runs from ram the whole 10 ish minutes of operation.
      • You COULD do a ROM as you suggested, but that’s a LOT of ROM. Seems odd to do imho.
      • Jeena@jemmy.jeena.net
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I remember that there was a ROM in the Amiga 500 which had the kickstart software on it which you’d load from a diskette on the predecessor the Amiga 1000. This made it much faster to boot because you would not need to switch diskettes in the middle of the boot.

    • Kazumara@feddit.de
      link
      fedilink
      English
      arrow-up
      17
      ·
      edit-2
      1 year ago

      Click the first link in the article, in the older post they talk about their stboot bootloader. It does what you suspect, loads the OS image from a different computer which has signed base images.

  • Concave1142@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    26
    ·
    1 year ago

    I do not use a VPN provider but damn, that’s cool as hell. Now how do I self host it? :D

      • kratoz29
        link
        fedilink
        English
        arrow-up
        17
        ·
        edit-2
        1 year ago

        Not if you want to VPN to your home.

        • sebsch@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          But why would logs you hurt than?

          How to debug and how to do forensic if only the supposed persons are connected to your home, if you don’t have any logs?

          • jarfil@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            VPNs prevent your origin ISP from keeping logs; you may not want your office, school, coffee shop, city wifi, etc. to know which services you’re accessing.

            You can (should) still require identification on your home hosted services, you can log that.

    • vrighter@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 year ago

      You already are. It’s called using your own connection. You don’t need to be your own middleman, shuffling data to/from yourself.

    • KairuByte@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      Self hosting would essentially just be using a ramdisk. If you want to be crazy about it, you could even run a VM with its storage entirely within a ramdisk.

    • jj4211@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Note that the lack of logging probably doesn’t matter when your self-hosting, since it’s all for you.

      Concept of RAM only Linux images with validation and signing is something seen in some datacenters. For example, Lenovo has this in their confluent cluster management (https://hpc.lenovo.com/). A node can network boot or boot from usb (read-only) and all writes go to RAM.

      Alternatively, booting a LiveCD amounts to the same thing without requiring a boot server, you have a local ‘disk’ but nothing writes to it. If extra paranoid you could actually boot it from a burned DVD, but in practice even when booting from USB most ‘live’ images only write filesystem to RAM.