Just to note here - with Mullvad you can pay via gift card that you can find at various retailers (to get a one-time code that you can use to create an account). Of course they can see your IP address but there is no payment/contact information on the system.
As a long term user of Mullvad, I appreciate when new companies try to innovate on existing ones while acknowledging their value.
While I have no interest in changing VPNs right now, I will keep an eye on Obscura. Hope you the best
Hey Carl, sorry to hijack the thread but I have a question for you. Being the operator a small website (5M views/month, 200k users), I am often plagued by targeted cyber attacks. Over the years many of these come from privacy enhanced networks (eg Tor, Mullvad, etc). I have approached Mullvad many times with abusive user reports which they seem to simply ignore. How do you plan to address this in your product? Will you simply allow bad actors to abuse the internet via your service? Or do you have some plans to address this issue?
If the abuse is serious enough, pursue legal avenues. Otherwise, these types of companies shouldn't be unmasking users based on a random persons assertion that someone is bad. That would be an abuse vector itself.
I am not asking them to. I am asking them to do a better job of bad actor detection and banning. Their current stance seems to be “ignore all packets, log nothing”. In my opinion they should be doing some amount of AI based abuse detection. This should be possible without violating user privacy.
> I have approached Mullvad many times with abusive user reports which they seem to simply ignore.
What would you like them to do? Considering that AIUI they outright don't log or monitor users at all, I can't think of anything they could do with your reports.
Yes that is the crux of the issue. However many times when I reported bad actors to Mullvad the attacks were multi day attacks that were ongoing. It would have been trivial for Mullvad to add a filter to check for future packets from that VPN ip to my server IP and flag the associated account. However I believe even this approach is far to manual and invasive. I think there would be a better way using AI to analyze abuse patterns, and automatically flag bad users which match these patterns.
The issue is that VPN providers have zero motivation to do this, because a non-zero percentage of their user base is literally paying them BECAUSE they can use the service to attack other servers with a level of anonymity. If the VPN providers were to combat this issue it would negatively impact their revenue.
> It would have been trivial for Mullvad to add a filter to check for future packets from that VPN ip to my server IP and flag the associated account.
In other words, to break the fundamental premise of their product and identify traffic to a user.
> I think there would be a better way using AI to analyze abuse patterns, and automatically flag bad users which match these patterns.
Not without, again, creating an entire system which exists only to record traffic and tie it back to users.
Basically, both of your suggestions amount to "stop providing the product that is their entire business model", because the whole point is that they go out of their way to avoid having the information that you want them to use.
they can't have AI detection or any other thing to help you. Simply put they can't help you.
If they have to , then they aren't that private.
And they are in the business of privacy.
I wonder why threat actors are abusing your website ? I think you have also used cloudflare anti DDOS ? so the problem isn't DDOS , then what exactly is the problem ? are they signing up and abusing your free service or something like that ?
I can understand that concern, and I think in the future some version of [Privacy Pass](https://privacypass.github.io/) will allow for site operators to differentiate between normal vs. abusive users without relying on IP reputation (which is more unreliable anyway since CGNAT is a thing).
We typically don't ban IPs for the very reason mentioned here (CGNAT is a very real thing and we have many users who share IPs). However we do ban IP ranges associated with VPNs that we see an excessive amount of abuse from. I might be an outlier on the internet, but if you take the stance you have outlined above, that you will effectively do nothing to combat the level of abuse from your network, you inevitably hurt your honest users because some web services will be unavailable to them via your VPN.
In theory, there could still be a possibility to track through the retailers who bought which one-time code (or have particular buyers be sent particular codes). But Mullvad also simply accepts cash by mail.
There's a new privacy focused entitlement proving thingy now. The first implementation is by cloudflare I believe but Kagi also just went live with it. The name escapes me at this mobile moment.
Doesn't matter if you use Windows / Mac because it will ping their services before you jump on the VPN and it will know the before IP and the IP after. :)
And with the recent Debacle of Snooper's Law apple e2ee backdoor.
Let me tell you something. A company is asked for a backdoor and they are forced to not tell anybody about it.
The only reason why it was leaked was because of whistleblower. And so , who knows if they have already signed such thing with the NSA or UK already but for their mac's and other devices
Hell, I honestly believe the NSA does not need a backdoor anyway. They have some absolutely frightening people working for them. I believe some of the best of the best.
I do not believe there is such thing as privacy from such organizations. If they want you bad enough, they will get you. Don't have a reason? They'll make one.
Do you remember the "Heartbleed" exploit in SSL many years ago? There were allegations that the NSA knew about and used that exploit for many years before the public ever knew about. However, that is not exactly an easy statement to confirm nor deny.
Edit: I also wanted to add something I remember from a talk I saw with a person who once worked for the NSA. He was intentionally only talking about surface-level concepts, but he did mention that the one thing the NSA has, that most do not, is unlimited time and patience.
He said something along the lines of how they can just sit and watch a server, for example. Say that the server is on version 1.0.0 of whatever. Well, the NSA can find an exploit in version 1.1.0 and keep it under wraps. All they have to do is just wait. The second the server is upgraded to 1.1.0, then boom, they're in.
He also used the example of BYOD ("bring your own device") in workplace settings. Say they cannot can entry into somewhere. Well, if they can compromise someone's personal device, then they can just wait. The second the personal device connects to the network they want/is in close enough proximity to the network they want, then boom, they're in.
Be it one second, one hour, ... 10 years, etc.. They can wait. All it takes is one brief instance of a hole in the defense.
Truly some boogeyman level stuff, but I just hope they use their powers for good when possible. Though, I imagine plenty of other countries also have similar "arms race" abilities, which does complicate matters.
Some days, I just want to get a cabin in the woods, and get away from all this dystopian technology.
You want to live in a cabin in the woods , I kind of am.
While I was writing this message , I was roaming out side in the street , my street isn't developed, so there is a lot of empty space 2 sides of my house.
I saw a peacock flying & sitting in front of my house. It was so majestic. It's wings when they fly , the sound they produce is such majestic that it touches your mind.
The solution isn't a cabin in the woods , the solution is living in such remote area like I live , seriously I am not that far away from the main town , but still this place is so nice I just realized but development would come , and houses would get built. Then there would be no more peacocks flying in.
I really get what you are feeling. But I believe that getting away from dystopian technology is far more easier by degoogling with grapheneos or getting a dumb phone like me & linux with sandboxing each applications ,I do think that we can get far away , like they would need to find a bug in such things like qemu , pledge , flatpak etc. though I think they might already have found a bug in some version and like you said, are waiting.
The only solution I can find is to read the source code of these sandboxing applications on linux and to never update it / it should be such that doesn't require updates , a completely minimal sandboxing solution.
How can we imagine they use their powers for good , when the president has handed things over to oligarchy who want maximum profits. What benefit do they get from using their power for good ? None. I am sure that they are using the power of both good and evil.
Also I had read somewhere about a really strange conspiracy theory which really made me question if we can really be against government and big tech (since "lobbying" is made official)
but if 5 eyes (the billionaires?) really wanted (heck only if UK + australia wanted , australia police is given the ability to remotely plant data in nation's interest and uk also is getting apple to force data to be leaked in the apple ecosystem and who knows what else. Its only a matter of time that they put 2+2 together (or they have?) and use it to plant CSAM (yes NSA has distributed CSAM for the purposes of catching people , so I wonder if such 5 eyes also have these , please hackernews moderators just because I have mentioned CSAM , don't remove this comment I suppose)
and carrying CSAM is a serious offense and you will get into jail for it. and the jail prisoners aren't kind to CSAM convicted prisoners and they would bully them immensely , maybe even cause them to suicide or just make their life hell.
I have friend/old-coworker that left my current employer for our state's version of the FBI. While no worker in his agency handled CSAM cases full-time, they all have to do rotations.
There is a lot he could not tell me about the work he did, and how they managed the detain suspects. But I do remember him telling me that he witnessed things that he thought were not even possible. Considering we were both developers, I take his word for it.
Anyway, I once asked him, "What is stopping you all from beaming CSAM on a person's computer, and then targeting that individual?" He paused for a second and said, "Well, we would never do that..." I asked again, "Sure, but what is stopping you all from doing that?" He said, "Well, nothing... but we wouldn't do that..."
Right then, my heart had this sinking feeling. While he is probably right, it did instill a sense of "Well, you never know..." in me. Do I believe most people convicted of CSAM are guilty? Absolutely. Everyone? Perhaps not. Still, good luck convincing a tech illiterate jury of your peers that "the government did it to me!" As far as I am concerned, once charged with such crimes, one is guilty until proven innocent.
I have always believed that if 'they' want you bad enough, then they will get you. By 'they', I mean any of the powers that be -- government, organized criminals, etc..
Dude , I am not kidding , but this gave me so many goosebumps.
Goosebumps on my f'ing face.
And I was thinking this on 5 eyes level but you are saying a single country can do that?
When I had discovered that conspiracy theory which I now believe is true to some degree.
I then used to think, what if they want you to believe that you hold a chance. They don't want you to know they can get you as you are saying it. They want to give you the illusion of freedom. They will target their opposition , journalists with this if all goes south.
There are also secret courts.
May I ask , if they can always get you why don't they use this in making their opposition go poof. If I am being extra conspiracist now , is it that they want you to give the freedom b/w 2 systems both of which don't change things really that much. Both political parties are kind of the same thing
but dude what the actual fuck.
They can use csam to break general encryption by saying it's bad for children etc, they can use csam to punish those they want.
I am now seriously wondering if I even have real tangible choice in the government.
I am now wondering if I am literally living in 1984. What if these wars and shit are just a distraction , yes they happen but...
Dude I have come to a realisation, I am seriously living in 1984.
Reward is given to those who comply , those who aren't skeptics , skeptics are brushed off as conspiracist.
Interesting concept. The blog has a lot more details[1].
One comment/question about the exit nodes. Can someone correct or validate my thoughts:
It’s a WireGuard tunnel from the user to Mullvad, so while Obscura can’t see the user traffic, couldn’t the Mullvad exit node see the traffic, and using knowledge of the users WireGuard public key, associate all that users traffic with that key? So even if they can’t associate it with an IP, they could still potentially identify and track you.
This assumes they use a customised version of WireGuard to somehow log & associate each decrypted IP packet against the users public key.
This is actually quite an interesting point that we’ve been discussing internally.
Right now Obscura rotates your WireGuard key on every “Connect”, but in a future release we will start caching (persist) your WireGuard keys on your client. When we flip that switch, we will also enable recurring key rotation and add a button in the UI for manual key rotation. This rotation would make it harder for Mullvad to track a user across the same key. (Not that they would anyway)
Hey Carl, good to know is already fixed! While you are at it, please setup wildcard redirects too. Instinctively, I went to /blog assuming it would be a blog page but it isn't.
It's insane to me that this even has to be pointed out with such a relatively simple page, and then I looked at the source; it screams "I'm gonna just bang something out in [popular framework] without knowing basic HTML/CSS and let the world suffer from my <div> rot."
I agree. Its not that difficult to just have a max-width of 90% for the content or just add some padding to the inner container.
I also think people skipping over learning some basic CSS fundamentals also end up skipping over basic UI/UX needed for accessible websites, something every web developer should have some awareness about.
Complete reliance on CSS frameworks does not magically make the websites accessible,it gets you 90% there.
Also /blog leads of 403!? Wildcard redirects are not that difficult to setup either.
Also, Obscura can collect metadata on when you use the service, how much data you send/receive, etc.
Even if Mullvad doesn't do it, someone else might. Mullvad is, I expect, now a valuable target because it is the VPN service of choice for so many people concerned with security. Does Mullvad have the budget and expertise to protect itself against determined, highly-resourced attackers?
Finally, is it possible for a third party, intercepting traffic between Obscura and Mullvad, to identify the public key used to encrypt it? I don't think so - the only way to validate a signature is with both keys; that's kind of the point. But maybe there is an attack I'm unaware of?
Mullvad is near the cutting edge on zero trust deployments; allowing user traffic to pass thru, with guaranteed no logging, assumption of compromise guiding system architecture, etc. Nobody can withstand a nation state, not even other nation states, so I feel like they're doing the best that can be reasonably expected of them
Depends on the payment method. Accounting is mandatory in Sweden.
As a customer of [payment] services, these entities would allow us to request this information if we chose to do so. In short, your payment actions with these two methods are not anonymous and the GDPR and other relevant data protection regulations may apply if you are making a payment by credit card, PayPal, Swish or by bank wire.
The data must be kept for the statutory retention period described in applicable local laws such as the Swedish Accounting Act (some information must be stored for seven years from the end of the fiscal year).
That "some information" according to Swedish Accounting Act (bokföringslagen): "Every transaction, including customer payments, must be supported by proper documentation such as invoices, receipts, and payment confirmations."
Sure, but if privacy matters to you, you have the option of buying credit anonymously and applying it to an anonymized account number. And if your threat model includes nation states, you're definitely not buying anything with a credit card. I also think if you're after payment details, there's more lucrative targets, eg Stripe.
OK. I was just wondering about your "zero trust" (aka "no database of user info etc") comment in the face of those and other Swedish laws that apply to Mullvad, is all.
What you're now telling me is only if I, as a user, don't give Mullvad my info, they wouldn't have to store that. I mean, that's one way or one way of looking at it, alright.
> Finally, is it possible for a third party, intercepting traffic between Obscura and Mullvad, to identify the public key used to encrypt it? I don't think so - the only way to validate a signature is with both keys; that's kind of the point. But maybe there is an attack I'm unaware of?
I had asked this question a long time ago on either a noiseprotocol or wireguard IRC channel, and the answer is no, a third party intercepting traffic between Obscura and Mullvad, WON'T be able to identify the public key used to encrypt it.
hmm. that is interesting , would you mind sharing some solution , what if I add some insane latency (I know unusable but if it prevents timing attacks)
my conspiracy spidey sense is sensing something fishy...
Maybe timing attack is not part of .onion addresses ?
Mixnet would be a solution. Like what you described, have inbound packets held for some period of time and released as a group so that you cannot as easily correlate the inbound and outbound traffic.
The downside is that it gets much slower, and feels 'bad' as an end user. Each packet takes longer.
The only solution I know of is essentially to do "bandwidth burning" where you inject a bunch of fake traffic as noise. I don't know how you'd do that within the constraints of this system.
> somehow log & associate each decrypted IP packet against the users public key.
Mullvad only needs to associate each decrypted IP packet against an assertion that the packet was paid for. I assume each Obscura node would have a public key, but not associated with a user.
They notably offer this service for Tailscale (as an add-on) and I imagine that it works similarly (on the backend)
Yeah my thinking is even if they don’t have the users IP, knowing and seeing all the traffic associated with a specific public key would allow them to build a profile of the user.
Eg based on the specific sites visited, payload sizes potentially, domains looked up, etc you’d be able to characterise the person. Especially so if anything they did was not encrypted, or they have their own vanity domain (for emails or anything else).
> Mullvad only needs to associate each decrypted IP packet against an assertion that the packet was paid for.
The idea of Obscura is by using two middlemen (them + Mullvad) that neither party can figure out who the end user is. So I’m looking at Mullvad from the perspective of: if they were evil, what about this solution are safeguard protecting the end users privacy. And my conclusion is they’d still be able to break the users privacy in the same way as knowing the users IP, just without the IP.
In Tor, individual websites get individual circuits to prevent this sort of profiling, and I think Obscura would need to do the same for the same level of anonymity.
Why do all of these new VPN solutions want some form of Crypto payment that has to go through KYC regulations to acquire... doesn't that somewhat defeat the purpose?
Mullvad with cash seems like a super ideal way to go. Why can't I just mail you $20 and call it a day?
There are a couple of options for acquiring crypto without KYC. One might sell goods and services for crypto (I have done it myself, sold a videogame console P2P through a local libertarian group chat), or buy crypto with cash via P2P or in a country with looser KYC laws, and lastly they could just mine it themselves. Having significant money through mining might seem improbable, but we can't forget the market dynamics, someone might have mined a lot of some altcoin before a big boom (e.g. dogecoin) and ended up rich overnight.
Also, let's not forget Monero. Even if you buy Monero in a KYC exchange, the letterbois can only track if you've bought, but can't track where you send it to next. You could then exchange it for bitcoin with someone or using a non-KYC service, and there you have it, an anonymous BTC reserve. Or you could just bypass BTC altogether and use the much superior Monero to buy whatever you want.
That whole comment is "With a way harder method than going to the ATM".
I understand that it's possible to get crypto through obscure methods. However if you're selling a privacy focused solution, ideally you shouldn't have to spend 3-4 weeks to acquire the funds to purchase it.
I agree cash is currently king, but we need a crypto (or even better, Monero) economy if we are going to maintain financial privacy in the long run. In the event of a full transition to a Central Bank Digital Currency, like the EU is discussing and Brazil has already announced, cash will not be private anymore, as any physical bills will be just tokens for the underlying digital currency, which is tracked by the government.
What happened if some government agency were to order both Obscura and Mullvad to log a certain user or certain activities? Wouldn't it be possible to combine those logs? If it isn't: would that change if Obscura was ordered to also use a separate Mullvad account for a specific user/IP?
Governments do not even need any of the providers to comply, they can access global NetFlow data. This is conveniently not discussed by any commercial VPN provider.
It ultimately depends on your threat model. But assuming a state actor has access to NetFlow data, an attack could work like this:
* State actor determines that an IP belonging to a VPN company had a session on example.com around t1-t2
* You -> VPN server at t1
* VPN server -> example.com at t1+latency
* More traces from both sides until around t2 as you browse the site
By correlating multiple samples, and accounting for latency between you and the VPN server and delay introduced by the VPN itself, they would be able to get decent confidence that it was you.
Basically when you go at the point of state threat actors. Things get real spooky.
The censorship , the what not.
I feel sad that we have given governments such major accesses in the name of unification.
We need more decentralization at the political level & economical level as well (like most money goes to your city , then state , then at the country , very nominal amount)
Let city decide what it wants with major town hall discussions.
Could you protect against NetFlow analysis by pushing a bunch of noise over the VPN tunnel at all times? I'd assume it would at least make the analysis significantly more challenging.
Some of the prior works in this paper[0] address noise in anonymity networks, but in general: you either add noise at the link level which malicious nodes can identify & ignore, or you add noise by injecting fake chaff packets that are dropped somewhere inside the network which are statistically identified when you look at packet density across the network.
This might or might not extend to VPN nodes depending on your threat model - I'd personally assume every single node offered to me by a company in exchange for money is malicious if I was concerned about privacy.
The threat actor most use to talk about this is a global passive adversary: a threat actor who can see all relevant traffic on the Internet but who can't decrypt or adjust the traffic.
This adversary would have the ability to ingest massive amounts of data and metadata[0] it acquires from tier 1 ISPs all over the country[1] and the world[2]. They'll not see raw HTTP traffic because most everything of interest is encrypted, but can store and capture (time, srcip, srcport, dstip, dstport, bytes).
From there, it's a statistical attack: user A sent 700 kilobytes to a VPN service at time t; at t+epsilon the VPN connected to bad site B and sent 700 kilobytes+epsilon packets. Capture enough packet flows that span the user, the VPN, and the bad site and you can build statistical confidence that user A is interacting with bad site B, even with the presence of a VPN.
This could go other directions too. If bad site B is a Tor hidden site whose admin gets captured by the FBI and turns over access, they'll be unmasking in reverse – I got packets from Tor relay A, which relay sent packets at time-epsilon to it, (...), to the source.
There's very little you can do to fight this kind of adversary. Adding hops and layers (VPN + VPN, Tor, Tor + VPN, etc.) can only make it harder. It's certainly an expensive attack both in terms of time consumption, storage, and it requires massive amounts of data, but if your threat model includes a global passive adversary, game over.
I'm bearish on introducing noise[0] to resist traffic analysis, and I'm exceptionally bearish when the only layer managing noise injection is "a for-profit entity that can be legally compelled to do things"
But every layer helps; I'd feel more than happy torrenting over Mullvad alone, and I'd definitely use it as an additional layer of defense with other tools to keep me private if my threat model needed to consider stronger risks.
Synchronous packet transfer only solves the problem if you build a truly constant rate network. Traffic monitoring works when variances exist; your flow has to be fully homogeneous to provably secure against it. That means in your model your users would need to transmit and receive exactly 96kbps at all times when on net, and your nodes would talk to each other at 1024kbps at all times when on net. Otherwise, consider A->onion1->onion2->B – an attacker could potentially see the flow from onion1->onion2 decrease to 1 PPS sec when A isn't talking, and increase when A is.
Truly constant rate anonymity networks dramatically add resistance to passive traffic analysis, but they move users from a low-latency/high-throughput network to 56k dialup speeds :) Not only does this suck so most people won't use it, but the people who do chose to use it will glow neon bright to adversaries. The use of the system will be a strong indicator that, even if you don't know what the user is doing, the user is doing _something_ interesting.
And even if there was desire, these networks are intrinsically limited in size and scale if they want to maintain constant rate. Herbivore[0] is an interesting proposal in this space - use a DC-net partitioned into smaller cliques to give in-group anonymity but mass participation. And most use chaff packets – A has nothing to send so sends encrypted random data to maintain the constant rate guarantee... I'm trying to find the paper I read that suggests a global passive adversary who goes "hands on" in the network could use a combination of watermarks generated through packet dropping/artificial queues + knowledge of which packets are chaff to build a trace, but I'm struggling. If I do I'll drop it here.
It was also developed by the United States Navy and has been criticized for not being as secure as it claims it is. This should come as no surprise since the US military and agencies have a history of demanding backdoors in software, which just means more attack vectors for outsiders to sniff out.
I make no claims that commercial VPNs are more secure, but at least they have some level of interest in keeping their promises if people are paying them, whereas a free service does not carry the same incentive.
The navy backdoor claims are unsubstantiated FUD unless you can point them out in the freely available and accessible code. Not to mention that they created the tool to also use themselves.
They also haven't had any influence or control in the development of todays tor project that has existed for over 20 years and despite a massive amount of attacks and research there has never been found anything.
That does not mean there aren't serious drawbacks that are more worth pointing out such as why bother with a very complex and noisy backdoor when you can just covertly create enough nodes to do traffic correlation.
> That does not mean there aren't serious drawbacks that are more worth pointing out such as why bother with a very complex and noisy backdoor when you can just covertly create enough nodes to do traffic correlation.
I generally agree, but the same thing also happens to Mullvad exit nodes (though not to the same degree.) Imgur is perpetually "over capacity", breaking images across multiple websites. Twitch tells me "your browser is not supported, try Chrome or Firefox" when trying to log in on Firefox. Netflix blocks all regional content, etc. Not to mention the constant Cloudflare captchas. I once had to use Tor because Mullvad was blocked (creating a foreign Steam account)
Google Search comes to mind as the most Tor-hostile website though, and that allows Mullvad just fine.
The point is not opsec but speed, under the GP's assumption that Mullvad exit nodes have better reputation than tor exit nodes. Not sure if the case, I don't use Mullvad.
I was talking about tor + mullvad where you first connect to tor then mullvad instead of obscura for connecting to a website where mullvad is allowed and tor is blocked like google(google's basically useless in tor thousands of captcha and then sorry mate we can't)
so I would argue that tor + mullvad is still a worse opsec than tor and it still has roughly the same / slightly worse speed with tor.
but I would also argue that tor + mullvad is a better model than obscura + mullvad for opsec but not for speed.
TLDR: Don't use tor with vpn's unless you are forced to (like website block , because then you are kind of forced to reduce your opsec a little bit)
There does not exist a system or method to make a signal truly 100% untraceable. What you can do and tor does is severely weakening the odds of the tracing being successful by increasing the amount of work and involved parties thereby improving the odds that the tracing never reaches the actual origin.
>We do not choose more than one router in a given network range, which defaults to /16 for IPv4 and /32 for IPv6. (C Tor overrides this with EnforceDistinctSubnets; Arti overrides this with ipv[46]_subnet_family_prefix.)
2) There is currently no exit-node hosted at Hetzner. Check the Tor atlas
1) Hetzner has more than one /16. Probably not in the same rack though. Might be adjacent rows. Organizations which have their own IP ranges can use them at Hetzner, too.
2) Exit circuits are not the only type of circuit.
>Organizations which have their own IP ranges can use them at Hetzner, too.
If you own the nodes you can just log the encrypted traffic with metadata like user IP (if its an entry-node, which requires a Guard-flag), source and destination Tor-node and timestamp to send it to a centralized logging server. No need to host them in the same rack.
The problem of three nodes being in one rack is traffic analysis of an external attacker, who doesn't own the nodes.
If someone already owns the nodes it doesn't matter where they host them.. Using your own IP range for an attack would just be more complicated, less effective than just buying nodes worldwide and is an OPSEC risk.
So the only reason to run tor nodes on your own IP range on Hetzner servers is if you work together with an organization which has access to ISP and datacenter traffic and probably work together with the datacenter owner to attack Tor users through a correlation attack.
>Exit circuits are not the only type of circuit.
Connections to onion services are sent over 6 nodes, not 3. You talked about 3 nodes, so I assumed you talk about the typical Guard or Bridge Node -> Mid-Node -> Exit-Node circuit. The only reason to have less nodes are single-hop onion services. They are an edge-case..
No, it isn't similar to Private Relay as its entire premise for 2 hop (versus 3 for Tor) hinges on anonymous authorization (via Privacy Pass) at the exit node.
Private Relay has Tor-like guarantees (with 2 hops) baked into the protocol, as it uses anonymous authorization tokens (which can't be tied to Apple IDs they represent) at exit node.
The security on the whole thing still relies on the idea that those two providers, who are partnering to offer this service and sharing the cost, would only try to attack you separately and not together. I don't buy it.
What happened to the tickets being tracked in the Epic that signified this launch? The entire Epic should have been flagged as resolved/completed before a launch like this should have been triggered. As in, the ticket for the launch should have been dependent on the Epic itself being completed.
That’s how you dot your i’s and cross your t’s to prevent very important things from falling through the cracks.
These occur within two protonvpn servers themselves whereas obscura work b/w two different servers owned by two different entities (one obscura and other exit node of mullvad)
QUIC can be blocked by the censor. Since connections fall-back on HTTP 2 this doesn't have any effect on availability. the obfuscation this VPN promises is essentially non-existent.
We have immense respect for the Tor project (and encourage you to support it), but its volunteer-run network can be slow and susceptible to DDoS issues, making it infeasible for everyday use.
Obscura uses two dedicated, high-performance hops for maximum speed and reliability – meaning you get many of Tor’s privacy benefits without sacrificing everyday usability.
> Obscura’s servers relay your connection to exit servers but can never decrypt your traffic.
Doesn't that rely on us trusting that the server runs the code they claim it does? Or is there a way to prove that their server can't get the decryption key (i.e. by proving that it's not possible for them to switch the final hop, or add undisclosed hops in between)?
> Additionally, our app displays your current exit hop’s WireGuard public key on its “Location” page. You can check this key against what Mullvad publishes [here](https://mullvad.net/servers) to ensure that you’re connected via a genuine Mullvad exit hop!
The client is open source, and I believe the E2E encryption is done when the client creates a new Wireguard tunnel. At least, that's what I'm seeing here[0]. Still poring over the code.
Newbie question: It seems like even with VPN, various websites know the time zone the traffic is coming from (perhaps the browser or the OS reveals the time zone settings). Is there a way to mask this?
There are extensions and "undetect browsers" which are just wrappers around launching browsers with extensions, user profiles and sets of arguments so that those things are controlled.
Question: mullvad doesn't traditionally support any of the streaming services (netflix, etc.). Since Obscura is using mullvad, does that mean it also won't?
1)How can I trust that you are sending the data to mullvad only , is there some way of proving this instead of trusting you ?
2) What if all the VPN companies merge together to create such network with 2-3 hops yet still having maximum privacy.
3)Off-topic? But couldn't this theoretically be done if lets say the mullvad vpn connects via https to something like piping server but instead of a single write -> multiple reciever , we fork it a little bit for multiple write -> single receiver & this can work itself on curl and its encrypted. I can in my rough mind draw exactly what obscura is trying to do but with piping server which is so much easier to self host & even host it on multiple cloud providers. Though a big thing is that the nodes would have to be a little configured for this specific purpose (maybe this is where obscura can come in?)
> Additionally, our app displays your current exit hop’s WireGuard public key on its “Location” page. You can check this key against what Mullvad publishes [here](https://mullvad.net/servers) to ensure that you’re connected via a genuine Mullvad exit hop!
2) I really hope that the VPN industry comes together and become each others' 1st/exit hops!
Nice. I like the idea of splitting trust so that the clients IP + browsing data are not linked unless the two servers collude. This feels very similar in spirit to VPN cascading though?
The product page states no logs, and then on that same page there is a claim the VPN IP address means anonymity- except... when I log in to VPN and I'm assigned IP address, now I'm tracked through this IP address? I'd guess there are logs saying something like 'user X requested IP, user X paid so lets give user X a.b.c.d for the duration of session'
But it is not more than a promise, it just shifts the promise "our company isn't watching" into "our two companies aren't sharing data." I think it is an improvement on the status quo but it is frustrating to see false claims like that.
The sole meaningful VPN is the one you host yourself to connect personal stuff around the world in a sole network. For privacy I2P etc performances are not enough for normal use, the rest is mere noise.
That's IMVHO the substance, not counting the fact that even a secure channel is meaningless if you run proprietary crapware at their end.
Since I work mainly with workstations, and rarely ever with laptops, is there a plan to bring something like Obscura to a router running DD-WRT or OpenWRT? Or would I have to get a full-fat router running OpenBSD/PFSense in order to hook Obscura into it?
If I get any kind of a VPN system, I would want it to cover the entire network with just a single installation. Targeting routers running open-source firmware would be a great next step after the three main desktop platforms.
Plus, this then allows Obscura to protect any manner of net-enabled device, regardless of installed OS. Even my HaikuOS systems would be protected that way.
My second question involves roaming devices, such as phones -- will there be a mechanism in play that would allow a phone to recognize a “friendly” or “home” network, and disable its own Obscura install in favour of force-redirecting all network communication through the home Obscura? Or would it simply default to running Obscura-within-Obscura?
My last question involves multiple households: is there any plan to provide a bridging solution between multiple households, so they effectively appear like one giant network with a shared Obscura bridge to the Internet? The point being, I have services on my own home network that I would like to share out to my parents and my brother, which is very doable with a home-built VPN, but I also want a VPN that is a lot like Obscura to protect everyone with regards to direct Internet communication.
Obscura also knows what you do, as it is their client you're using. Though, they've plans to address this shortcoming (reproducible builds / open source: https://news.ycombinator.com/item?id=43019473).
From what I understand they're dividing both identity (IP address) and browsing activity. Mullvad sees your browsing activity but not your identity, and Obscura sees your identity. So no single provider has full visibility into both who you are and what you do
Just to note here - with Mullvad you can pay via gift card that you can find at various retailers (to get a one-time code that you can use to create an account). Of course they can see your IP address but there is no payment/contact information on the system.
(Carl from Obscura here)
Totally! Mullvad is _the_ pioneer in this space, and we look up to them. This is why they were our top pick for being an exit hop provider!
As a long term user of Mullvad, I appreciate when new companies try to innovate on existing ones while acknowledging their value. While I have no interest in changing VPNs right now, I will keep an eye on Obscura. Hope you the best
Hey Carl, sorry to hijack the thread but I have a question for you. Being the operator a small website (5M views/month, 200k users), I am often plagued by targeted cyber attacks. Over the years many of these come from privacy enhanced networks (eg Tor, Mullvad, etc). I have approached Mullvad many times with abusive user reports which they seem to simply ignore. How do you plan to address this in your product? Will you simply allow bad actors to abuse the internet via your service? Or do you have some plans to address this issue?
If the abuse is serious enough, pursue legal avenues. Otherwise, these types of companies shouldn't be unmasking users based on a random persons assertion that someone is bad. That would be an abuse vector itself.
I am not asking them to. I am asking them to do a better job of bad actor detection and banning. Their current stance seems to be “ignore all packets, log nothing”. In my opinion they should be doing some amount of AI based abuse detection. This should be possible without violating user privacy.
How would you get training data for the AI without logging packets?
AI is not the answer for most things, but it's especially not the answer for this. Basic packet filtering is all there should ever be.
> I have approached Mullvad many times with abusive user reports which they seem to simply ignore.
What would you like them to do? Considering that AIUI they outright don't log or monitor users at all, I can't think of anything they could do with your reports.
Yes that is the crux of the issue. However many times when I reported bad actors to Mullvad the attacks were multi day attacks that were ongoing. It would have been trivial for Mullvad to add a filter to check for future packets from that VPN ip to my server IP and flag the associated account. However I believe even this approach is far to manual and invasive. I think there would be a better way using AI to analyze abuse patterns, and automatically flag bad users which match these patterns.
The issue is that VPN providers have zero motivation to do this, because a non-zero percentage of their user base is literally paying them BECAUSE they can use the service to attack other servers with a level of anonymity. If the VPN providers were to combat this issue it would negatively impact their revenue.
> It would have been trivial for Mullvad to add a filter to check for future packets from that VPN ip to my server IP and flag the associated account.
In other words, to break the fundamental premise of their product and identify traffic to a user.
> I think there would be a better way using AI to analyze abuse patterns, and automatically flag bad users which match these patterns.
Not without, again, creating an entire system which exists only to record traffic and tie it back to users.
Basically, both of your suggestions amount to "stop providing the product that is their entire business model", because the whole point is that they go out of their way to avoid having the information that you want them to use.
They don't have to tie it back to an individual, only to an account or, if they respond quickly enough, to a set of activities or traffic pattern.
Lets face it man , they can't do anything.
they can't have AI detection or any other thing to help you. Simply put they can't help you. If they have to , then they aren't that private.
And they are in the business of privacy.
I wonder why threat actors are abusing your website ? I think you have also used cloudflare anti DDOS ? so the problem isn't DDOS , then what exactly is the problem ? are they signing up and abusing your free service or something like that ?
I can understand that concern, and I think in the future some version of [Privacy Pass](https://privacypass.github.io/) will allow for site operators to differentiate between normal vs. abusive users without relying on IP reputation (which is more unreliable anyway since CGNAT is a thing).
We typically don't ban IPs for the very reason mentioned here (CGNAT is a very real thing and we have many users who share IPs). However we do ban IP ranges associated with VPNs that we see an excessive amount of abuse from. I might be an outlier on the internet, but if you take the stance you have outlined above, that you will effectively do nothing to combat the level of abuse from your network, you inevitably hurt your honest users because some web services will be unavailable to them via your VPN.
What would you suggest?
In theory, there could still be a possibility to track through the retailers who bought which one-time code (or have particular buyers be sent particular codes). But Mullvad also simply accepts cash by mail.
There's a new privacy focused entitlement proving thingy now. The first implementation is by cloudflare I believe but Kagi also just went live with it. The name escapes me at this mobile moment.
Privacy Pass!
Yes. Very exciting tech.
You can mail them cash too
careful not to mail them from close to home, or have any handwriting, or leave any fingerprints
Doesn't matter if you use Windows / Mac because it will ping their services before you jump on the VPN and it will know the before IP and the IP after. :)
Well, the 'after IP' is an IP shared with tends or hundreds of thousands of other people.
But yes the use case for a VPN is pretty narrow. E.g. not wanting your ISP to mess with your traffic and decreasing chances of detection of torrenting
My boy, Tim Cook, ain't a snitch though. (At least, I hope not).
You can't prove it. Apple isn't open source.
And with the recent Debacle of Snooper's Law apple e2ee backdoor.
Let me tell you something. A company is asked for a backdoor and they are forced to not tell anybody about it.
The only reason why it was leaked was because of whistleblower. And so , who knows if they have already signed such thing with the NSA or UK already but for their mac's and other devices
Hell, I honestly believe the NSA does not need a backdoor anyway. They have some absolutely frightening people working for them. I believe some of the best of the best.
I do not believe there is such thing as privacy from such organizations. If they want you bad enough, they will get you. Don't have a reason? They'll make one.
Snowden was right after all.
Probably, but no telling.
Do you remember the "Heartbleed" exploit in SSL many years ago? There were allegations that the NSA knew about and used that exploit for many years before the public ever knew about. However, that is not exactly an easy statement to confirm nor deny.
Edit: I also wanted to add something I remember from a talk I saw with a person who once worked for the NSA. He was intentionally only talking about surface-level concepts, but he did mention that the one thing the NSA has, that most do not, is unlimited time and patience.
He said something along the lines of how they can just sit and watch a server, for example. Say that the server is on version 1.0.0 of whatever. Well, the NSA can find an exploit in version 1.1.0 and keep it under wraps. All they have to do is just wait. The second the server is upgraded to 1.1.0, then boom, they're in.
He also used the example of BYOD ("bring your own device") in workplace settings. Say they cannot can entry into somewhere. Well, if they can compromise someone's personal device, then they can just wait. The second the personal device connects to the network they want/is in close enough proximity to the network they want, then boom, they're in.
Be it one second, one hour, ... 10 years, etc.. They can wait. All it takes is one brief instance of a hole in the defense.
Truly some boogeyman level stuff, but I just hope they use their powers for good when possible. Though, I imagine plenty of other countries also have similar "arms race" abilities, which does complicate matters.
Some days, I just want to get a cabin in the woods, and get away from all this dystopian technology.
You want to live in a cabin in the woods , I kind of am.
While I was writing this message , I was roaming out side in the street , my street isn't developed, so there is a lot of empty space 2 sides of my house.
I saw a peacock flying & sitting in front of my house. It was so majestic. It's wings when they fly , the sound they produce is such majestic that it touches your mind.
The solution isn't a cabin in the woods , the solution is living in such remote area like I live , seriously I am not that far away from the main town , but still this place is so nice I just realized but development would come , and houses would get built. Then there would be no more peacocks flying in.
I really get what you are feeling. But I believe that getting away from dystopian technology is far more easier by degoogling with grapheneos or getting a dumb phone like me & linux with sandboxing each applications ,I do think that we can get far away , like they would need to find a bug in such things like qemu , pledge , flatpak etc. though I think they might already have found a bug in some version and like you said, are waiting.
The only solution I can find is to read the source code of these sandboxing applications on linux and to never update it / it should be such that doesn't require updates , a completely minimal sandboxing solution.
How can we imagine they use their powers for good , when the president has handed things over to oligarchy who want maximum profits. What benefit do they get from using their power for good ? None. I am sure that they are using the power of both good and evil.
Also I had read somewhere about a really strange conspiracy theory which really made me question if we can really be against government and big tech (since "lobbying" is made official) but if 5 eyes (the billionaires?) really wanted (heck only if UK + australia wanted , australia police is given the ability to remotely plant data in nation's interest and uk also is getting apple to force data to be leaked in the apple ecosystem and who knows what else. Its only a matter of time that they put 2+2 together (or they have?) and use it to plant CSAM (yes NSA has distributed CSAM for the purposes of catching people , so I wonder if such 5 eyes also have these , please hackernews moderators just because I have mentioned CSAM , don't remove this comment I suppose)
and carrying CSAM is a serious offense and you will get into jail for it. and the jail prisoners aren't kind to CSAM convicted prisoners and they would bully them immensely , maybe even cause them to suicide or just make their life hell.
OK, story time.
I have friend/old-coworker that left my current employer for our state's version of the FBI. While no worker in his agency handled CSAM cases full-time, they all have to do rotations.
There is a lot he could not tell me about the work he did, and how they managed the detain suspects. But I do remember him telling me that he witnessed things that he thought were not even possible. Considering we were both developers, I take his word for it.
Anyway, I once asked him, "What is stopping you all from beaming CSAM on a person's computer, and then targeting that individual?" He paused for a second and said, "Well, we would never do that..." I asked again, "Sure, but what is stopping you all from doing that?" He said, "Well, nothing... but we wouldn't do that..."
Right then, my heart had this sinking feeling. While he is probably right, it did instill a sense of "Well, you never know..." in me. Do I believe most people convicted of CSAM are guilty? Absolutely. Everyone? Perhaps not. Still, good luck convincing a tech illiterate jury of your peers that "the government did it to me!" As far as I am concerned, once charged with such crimes, one is guilty until proven innocent.
I have always believed that if 'they' want you bad enough, then they will get you. By 'they', I mean any of the powers that be -- government, organized criminals, etc..
Dude , I am not kidding , but this gave me so many goosebumps.
Goosebumps on my f'ing face.
And I was thinking this on 5 eyes level but you are saying a single country can do that?
When I had discovered that conspiracy theory which I now believe is true to some degree.
I then used to think, what if they want you to believe that you hold a chance. They don't want you to know they can get you as you are saying it. They want to give you the illusion of freedom. They will target their opposition , journalists with this if all goes south. There are also secret courts.
May I ask , if they can always get you why don't they use this in making their opposition go poof. If I am being extra conspiracist now , is it that they want you to give the freedom b/w 2 systems both of which don't change things really that much. Both political parties are kind of the same thing
but dude what the actual fuck.
They can use csam to break general encryption by saying it's bad for children etc, they can use csam to punish those they want.
I am now seriously wondering if I even have real tangible choice in the government.
I am now wondering if I am literally living in 1984. What if these wars and shit are just a distraction , yes they happen but...
Dude I have come to a realisation, I am seriously living in 1984. Reward is given to those who comply , those who aren't skeptics , skeptics are brushed off as conspiracist.
You can also mail them an envelope full of cash last I checked.
Interesting concept. The blog has a lot more details[1].
One comment/question about the exit nodes. Can someone correct or validate my thoughts:
It’s a WireGuard tunnel from the user to Mullvad, so while Obscura can’t see the user traffic, couldn’t the Mullvad exit node see the traffic, and using knowledge of the users WireGuard public key, associate all that users traffic with that key? So even if they can’t associate it with an IP, they could still potentially identify and track you.
This assumes they use a customised version of WireGuard to somehow log & associate each decrypted IP packet against the users public key.
1. https://obscura.net/blog/bootstrapping-trust/
(Carl from Obscura here)
This is actually quite an interesting point that we’ve been discussing internally.
Right now Obscura rotates your WireGuard key on every “Connect”, but in a future release we will start caching (persist) your WireGuard keys on your client. When we flip that switch, we will also enable recurring key rotation and add a button in the UI for manual key rotation. This rotation would make it harder for Mullvad to track a user across the same key. (Not that they would anyway)
All of this is available for folks to verify at on our GitHub repository: https://github.com/Sovereign-Engineering/obscuravpn-client
Thanks for the reply, and glad to know it’s something you’re already thinking about!
Thanks! that blog post had a thread here:
Trust, 2-Party Relays, and QUIC - https://news.ycombinator.com/item?id=43016574 - Feb 2025 (33 comments)
That blog needs some inline padding for mobile view.
(Carl from Obscura here)
You’re absolutely right, we fixed it and forgot to push to prod XP
Hey Carl, good to know is already fixed! While you are at it, please setup wildcard redirects too. Instinctively, I went to /blog assuming it would be a blog page but it isn't.
And it's not even that hard if the page is built in a sane way, which for the simplicity of the blog should be a no brainer to go for simplicity.
I have my blog hosted at omg.lol and while I had to support mobile by myself, it was really really simple.
Here is my blog: https://xd1.dev
Here is the code for the blog's responsive layout: https://github.com/gchamon/xd1.dev/blob/main/css/responsive-...
No injection, no build, just plain inline linking https://github.com/gchamon/xd1.dev/blob/10b98ddb37a9786ca8fe...
It's insane to me that this even has to be pointed out with such a relatively simple page, and then I looked at the source; it screams "I'm gonna just bang something out in [popular framework] without knowing basic HTML/CSS and let the world suffer from my <div> rot."
I hate modern web development.
I agree. Its not that difficult to just have a max-width of 90% for the content or just add some padding to the inner container.
I also think people skipping over learning some basic CSS fundamentals also end up skipping over basic UI/UX needed for accessible websites, something every web developer should have some awareness about.
Complete reliance on CSS frameworks does not magically make the websites accessible,it gets you 90% there.
Also /blog leads of 403!? Wildcard redirects are not that difficult to setup either.
Also, Obscura can collect metadata on when you use the service, how much data you send/receive, etc.
Even if Mullvad doesn't do it, someone else might. Mullvad is, I expect, now a valuable target because it is the VPN service of choice for so many people concerned with security. Does Mullvad have the budget and expertise to protect itself against determined, highly-resourced attackers?
Finally, is it possible for a third party, intercepting traffic between Obscura and Mullvad, to identify the public key used to encrypt it? I don't think so - the only way to validate a signature is with both keys; that's kind of the point. But maybe there is an attack I'm unaware of?
Mullvad is near the cutting edge on zero trust deployments; allowing user traffic to pass thru, with guaranteed no logging, assumption of compromise guiding system architecture, etc. Nobody can withstand a nation state, not even other nation states, so I feel like they're doing the best that can be reasonably expected of them
> Mullvad is near the cutting edge on zero trust deployments
What is "zero trust deployments"?
Meaning they're achieving their privacy goals without any inherent trust in their systems (eg no databases of user info, etc)
> no databases of user info
Depends on the payment method. Accounting is mandatory in Sweden.
That "some information" according to Swedish Accounting Act (bokföringslagen): "Every transaction, including customer payments, must be supported by proper documentation such as invoices, receipts, and payment confirmations."https://mullvad.net/en/help/no-logging-data-policy / https://archive.vn/qkvD3
Sure, but if privacy matters to you, you have the option of buying credit anonymously and applying it to an anonymized account number. And if your threat model includes nation states, you're definitely not buying anything with a credit card. I also think if you're after payment details, there's more lucrative targets, eg Stripe.
OK. I was just wondering about your "zero trust" (aka "no database of user info etc") comment in the face of those and other Swedish laws that apply to Mullvad, is all.
What you're now telling me is only if I, as a user, don't give Mullvad my info, they wouldn't have to store that. I mean, that's one way or one way of looking at it, alright.
(Carl from Obscura here)
> Does Mullvad have the budget and expertise to protect itself against determined, highly-resourced attackers?
I think Mullvad is actively working on [System Transparency](https://www.system-transparency.org/), which will help a lot.
> Finally, is it possible for a third party, intercepting traffic between Obscura and Mullvad, to identify the public key used to encrypt it? I don't think so - the only way to validate a signature is with both keys; that's kind of the point. But maybe there is an attack I'm unaware of?
I had asked this question a long time ago on either a noiseprotocol or wireguard IRC channel, and the answer is no, a third party intercepting traffic between Obscura and Mullvad, WON'T be able to identify the public key used to encrypt it.
Timing attacks are notably not a part of Tor's threat model, i.e. they are a real concern: https://support.torproject.org/about/attacks-on-onion-routin...
hmm. that is interesting , would you mind sharing some solution , what if I add some insane latency (I know unusable but if it prevents timing attacks)
my conspiracy spidey sense is sensing something fishy...
Maybe timing attack is not part of .onion addresses ?
Mixnet would be a solution. Like what you described, have inbound packets held for some period of time and released as a group so that you cannot as easily correlate the inbound and outbound traffic.
The downside is that it gets much slower, and feels 'bad' as an end user. Each packet takes longer.
The only solution I know of is essentially to do "bandwidth burning" where you inject a bunch of fake traffic as noise. I don't know how you'd do that within the constraints of this system.
> somehow log & associate each decrypted IP packet against the users public key.
Mullvad only needs to associate each decrypted IP packet against an assertion that the packet was paid for. I assume each Obscura node would have a public key, but not associated with a user.
They notably offer this service for Tailscale (as an add-on) and I imagine that it works similarly (on the backend)
Yeah my thinking is even if they don’t have the users IP, knowing and seeing all the traffic associated with a specific public key would allow them to build a profile of the user.
Eg based on the specific sites visited, payload sizes potentially, domains looked up, etc you’d be able to characterise the person. Especially so if anything they did was not encrypted, or they have their own vanity domain (for emails or anything else).
> Mullvad only needs to associate each decrypted IP packet against an assertion that the packet was paid for.
The idea of Obscura is by using two middlemen (them + Mullvad) that neither party can figure out who the end user is. So I’m looking at Mullvad from the perspective of: if they were evil, what about this solution are safeguard protecting the end users privacy. And my conclusion is they’d still be able to break the users privacy in the same way as knowing the users IP, just without the IP.
In Tor, individual websites get individual circuits to prevent this sort of profiling, and I think Obscura would need to do the same for the same level of anonymity.
Why do all of these new VPN solutions want some form of Crypto payment that has to go through KYC regulations to acquire... doesn't that somewhat defeat the purpose?
Mullvad with cash seems like a super ideal way to go. Why can't I just mail you $20 and call it a day?
There are a couple of options for acquiring crypto without KYC. One might sell goods and services for crypto (I have done it myself, sold a videogame console P2P through a local libertarian group chat), or buy crypto with cash via P2P or in a country with looser KYC laws, and lastly they could just mine it themselves. Having significant money through mining might seem improbable, but we can't forget the market dynamics, someone might have mined a lot of some altcoin before a big boom (e.g. dogecoin) and ended up rich overnight.
Also, let's not forget Monero. Even if you buy Monero in a KYC exchange, the letterbois can only track if you've bought, but can't track where you send it to next. You could then exchange it for bitcoin with someone or using a non-KYC service, and there you have it, an anonymous BTC reserve. Or you could just bypass BTC altogether and use the much superior Monero to buy whatever you want.
That whole comment is "With a way harder method than going to the ATM".
I understand that it's possible to get crypto through obscure methods. However if you're selling a privacy focused solution, ideally you shouldn't have to spend 3-4 weeks to acquire the funds to purchase it.
I agree cash is currently king, but we need a crypto (or even better, Monero) economy if we are going to maintain financial privacy in the long run. In the event of a full transition to a Central Bank Digital Currency, like the EU is discussing and Brazil has already announced, cash will not be private anymore, as any physical bills will be just tokens for the underlying digital currency, which is tracked by the government.
What happened if some government agency were to order both Obscura and Mullvad to log a certain user or certain activities? Wouldn't it be possible to combine those logs? If it isn't: would that change if Obscura was ordered to also use a separate Mullvad account for a specific user/IP?
Governments do not even need any of the providers to comply, they can access global NetFlow data. This is conveniently not discussed by any commercial VPN provider.
Thanks for pointing this out. I wasn't aware of NetFlow. I don't use IVPN, but I found this writeup informative:
https://www.ivpn.net/privacy-guides/isp-netflow-surveillance...
Okay, but this is a given if you don't run your own ISP. Your ISP can also see that you connect to Tor. Your data is still encrypted.
It ultimately depends on your threat model. But assuming a state actor has access to NetFlow data, an attack could work like this:
* State actor determines that an IP belonging to a VPN company had a session on example.com around t1-t2
* You -> VPN server at t1
* VPN server -> example.com at t1+latency
* More traces from both sides until around t2 as you browse the site
By correlating multiple samples, and accounting for latency between you and the VPN server and delay introduced by the VPN itself, they would be able to get decent confidence that it was you.
Basically when you go at the point of state threat actors. Things get real spooky. The censorship , the what not.
I feel sad that we have given governments such major accesses in the name of unification.
We need more decentralization at the political level & economical level as well (like most money goes to your city , then state , then at the country , very nominal amount)
Let city decide what it wants with major town hall discussions.
Town halls where only people with an agenda to push or retired and bored people show up?
You can change that much easier than changing something at the national level
Could you protect against NetFlow analysis by pushing a bunch of noise over the VPN tunnel at all times? I'd assume it would at least make the analysis significantly more challenging.
Some of the prior works in this paper[0] address noise in anonymity networks, but in general: you either add noise at the link level which malicious nodes can identify & ignore, or you add noise by injecting fake chaff packets that are dropped somewhere inside the network which are statistically identified when you look at packet density across the network.
This might or might not extend to VPN nodes depending on your threat model - I'd personally assume every single node offered to me by a company in exchange for money is malicious if I was concerned about privacy.
[0] https://www.cs.utexas.edu/~shmat/shmat_esorics06.pdf
How would such an attack work?
The threat actor most use to talk about this is a global passive adversary: a threat actor who can see all relevant traffic on the Internet but who can't decrypt or adjust the traffic.
This adversary would have the ability to ingest massive amounts of data and metadata[0] it acquires from tier 1 ISPs all over the country[1] and the world[2]. They'll not see raw HTTP traffic because most everything of interest is encrypted, but can store and capture (time, srcip, srcport, dstip, dstport, bytes).
From there, it's a statistical attack: user A sent 700 kilobytes to a VPN service at time t; at t+epsilon the VPN connected to bad site B and sent 700 kilobytes+epsilon packets. Capture enough packet flows that span the user, the VPN, and the bad site and you can build statistical confidence that user A is interacting with bad site B, even with the presence of a VPN.
This could go other directions too. If bad site B is a Tor hidden site whose admin gets captured by the FBI and turns over access, they'll be unmasking in reverse – I got packets from Tor relay A, which relay sent packets at time-epsilon to it, (...), to the source.
There's very little you can do to fight this kind of adversary. Adding hops and layers (VPN + VPN, Tor, Tor + VPN, etc.) can only make it harder. It's certainly an expensive attack both in terms of time consumption, storage, and it requires massive amounts of data, but if your threat model includes a global passive adversary, game over.
[0] https://en.wikipedia.org/wiki/XKeyscore
[1] https://en.wikipedia.org/wiki/Room_641A
[2] https://en.wikipedia.org/wiki/FVEY
https://mullvad.net/fr/blog/introducing-defense-against-ai-g...
and multi-hop addresses https://news.ycombinator.com/item?id=43114966
I'm bearish on introducing noise[0] to resist traffic analysis, and I'm exceptionally bearish when the only layer managing noise injection is "a for-profit entity that can be legally compelled to do things"
But every layer helps; I'd feel more than happy torrenting over Mullvad alone, and I'd definitely use it as an additional layer of defense with other tools to keep me private if my threat model needed to consider stronger risks.
[0] https://news.ycombinator.com/item?id=43109903
Could they go to synchronous packet transfer and static payloads?
- users only ever talk to nodes in 8kb chunks, and they TX/RX 12 packets per second.
- nodes only talk to each other in 128kb chunks. Up to 8x / second, no lower than 1x/second
Synchronous packet transfer only solves the problem if you build a truly constant rate network. Traffic monitoring works when variances exist; your flow has to be fully homogeneous to provably secure against it. That means in your model your users would need to transmit and receive exactly 96kbps at all times when on net, and your nodes would talk to each other at 1024kbps at all times when on net. Otherwise, consider A->onion1->onion2->B – an attacker could potentially see the flow from onion1->onion2 decrease to 1 PPS sec when A isn't talking, and increase when A is.
Truly constant rate anonymity networks dramatically add resistance to passive traffic analysis, but they move users from a low-latency/high-throughput network to 56k dialup speeds :) Not only does this suck so most people won't use it, but the people who do chose to use it will glow neon bright to adversaries. The use of the system will be a strong indicator that, even if you don't know what the user is doing, the user is doing _something_ interesting.
And even if there was desire, these networks are intrinsically limited in size and scale if they want to maintain constant rate. Herbivore[0] is an interesting proposal in this space - use a DC-net partitioned into smaller cliques to give in-group anonymity but mass participation. And most use chaff packets – A has nothing to send so sends encrypted random data to maintain the constant rate guarantee... I'm trying to find the paper I read that suggests a global passive adversary who goes "hands on" in the network could use a combination of watermarks generated through packet dropping/artificial queues + knowledge of which packets are chaff to build a trace, but I'm struggling. If I do I'll drop it here.
For fun, go check out https://groups.google.com/g/alt.anonymous.messages – this is probably the classic example of a (very) high-latency but very strong anonymizing mix network.
[0] https://www.cs.cornell.edu/people/egs/papers/herbivore-tr.pd...
Honestly, paying for a VPN is just purchasing slow internet speeds at a premium.
https://www.youtube.com/watch?v=9_b8Z2kAFyY
Just use Tor.
This over-simplification misses different threat models and situtations where a VPN is a good fit and Tor is not.
So the idea is to torrent stuff at maybe 1 mb/s over Tor? I think I'll stick to VPNs
Wanna know about something cool? Tor i offers real untraceable anonymity and is 100% free.
It was also developed by the United States Navy and has been criticized for not being as secure as it claims it is. This should come as no surprise since the US military and agencies have a history of demanding backdoors in software, which just means more attack vectors for outsiders to sniff out.
I make no claims that commercial VPNs are more secure, but at least they have some level of interest in keeping their promises if people are paying them, whereas a free service does not carry the same incentive.
Pick your poison, I guess.
>It was also developed by the United States Navy
Cool, sounds like an organization that is heavily incentivized to make their communication hard to intercept and eavesdrop on.
The navy backdoor claims are unsubstantiated FUD unless you can point them out in the freely available and accessible code. Not to mention that they created the tool to also use themselves.
They also haven't had any influence or control in the development of todays tor project that has existed for over 20 years and despite a massive amount of attacks and research there has never been found anything.
That does not mean there aren't serious drawbacks that are more worth pointing out such as why bother with a very complex and noisy backdoor when you can just covertly create enough nodes to do traffic correlation.
> That does not mean there aren't serious drawbacks that are more worth pointing out such as why bother with a very complex and noisy backdoor when you can just covertly create enough nodes to do traffic correlation.
Winner winner chicken dinner.
FVEY's annual budget is $1.7bn + $1bn + $122mm (NZ :3) + $4.6bn + $classified billion.
You think those guys can't mount a Sybil attack against https://metrics.torproject.org/ ?!
> real untraceable anonymity and is 100% free.
And 50% of the time it works every time...
A lot of things simply don't work if you're using tor. You get blocked, you get blacklisted, accounts get terminated, and so on.
I generally agree, but the same thing also happens to Mullvad exit nodes (though not to the same degree.) Imgur is perpetually "over capacity", breaking images across multiple websites. Twitch tells me "your browser is not supported, try Chrome or Firefox" when trying to log in on Firefox. Netflix blocks all regional content, etc. Not to mention the constant Cloudflare captchas. I once had to use Tor because Mullvad was blocked (creating a foreign Steam account)
Google Search comes to mind as the most Tor-hostile website though, and that allows Mullvad just fine.
Run Mullvad over Tor instead of Mullvad over this Obscura thing ;-)
tor generally doesn't recommend running vpn over tor makes any of your opsec any more safer , in fact I can argue that it makes your opsec worse
but if a website is working on mullvad and not on tor and you are forced to use that website , then yes compromise your opsec a little bit I suppose
The point is not opsec but speed, under the GP's assumption that Mullvad exit nodes have better reputation than tor exit nodes. Not sure if the case, I don't use Mullvad.
I was talking about tor + mullvad where you first connect to tor then mullvad instead of obscura for connecting to a website where mullvad is allowed and tor is blocked like google(google's basically useless in tor thousands of captcha and then sorry mate we can't)
so I would argue that tor + mullvad is still a worse opsec than tor and it still has roughly the same / slightly worse speed with tor.
but I would also argue that tor + mullvad is a better model than obscura + mullvad for opsec but not for speed.
TLDR: Don't use tor with vpn's unless you are forced to (like website block , because then you are kind of forced to reduce your opsec a little bit)
There does not exist a system or method to make a signal truly 100% untraceable. What you can do and tor does is severely weakening the odds of the tracing being successful by increasing the amount of work and involved parties thereby improving the odds that the tracing never reaches the actual origin.
Tor for me is unusable because of its speed.
Not enough exit nodes.
In many countries using Tor can get you in trouble.
That's going to be the case for using Obscura as well?
[flagged]
This comment is wrong and not funny.
1) you didn't read path selection constraints: https://spec.torproject.org/path-spec/path-selection-constra...
>We do not choose more than one router in a given network range, which defaults to /16 for IPv4 and /32 for IPv6. (C Tor overrides this with EnforceDistinctSubnets; Arti overrides this with ipv[46]_subnet_family_prefix.)
2) There is currently no exit-node hosted at Hetzner. Check the Tor atlas
1) Hetzner has more than one /16. Probably not in the same rack though. Might be adjacent rows. Organizations which have their own IP ranges can use them at Hetzner, too.
2) Exit circuits are not the only type of circuit.
>Organizations which have their own IP ranges can use them at Hetzner, too.
If you own the nodes you can just log the encrypted traffic with metadata like user IP (if its an entry-node, which requires a Guard-flag), source and destination Tor-node and timestamp to send it to a centralized logging server. No need to host them in the same rack.
The problem of three nodes being in one rack is traffic analysis of an external attacker, who doesn't own the nodes. If someone already owns the nodes it doesn't matter where they host them.. Using your own IP range for an attack would just be more complicated, less effective than just buying nodes worldwide and is an OPSEC risk.
So the only reason to run tor nodes on your own IP range on Hetzner servers is if you work together with an organization which has access to ISP and datacenter traffic and probably work together with the datacenter owner to attack Tor users through a correlation attack.
>Exit circuits are not the only type of circuit. Connections to onion services are sent over 6 nodes, not 3. You talked about 3 nodes, so I assumed you talk about the typical Guard or Bridge Node -> Mid-Node -> Exit-Node circuit. The only reason to have less nodes are single-hop onion services. They are an edge-case..
EDIT: fixed grammer
You're speaking as if the only reason to run Tor nodes is to attack Tor.
So, essentially the same idea as iCloud+ Private Relay in Safari?
Doesn't Apple control both hops?
No, the second hop is Cloudflare.
Actually, Fastly and Akamai also provide exits. Cloudflare isn't the only provider.
So, two US companies subject to US laws, the FISA court, and government-ordered secret surveillance.
That wasn't the question, though.
The answer is yes - this is the same concept as Apple's Private Relay.
No, it isn't similar to Private Relay as its entire premise for 2 hop (versus 3 for Tor) hinges on anonymous authorization (via Privacy Pass) at the exit node.
But isn't that apple id + privacy relay as well.
I think you have misread things. They aren't comparing private relay with tor but rather with obscura for which the answer is a yes
> But isn't that apple id + privacy relay as well
For authentication? Yes.
Private Relay has Tor-like guarantees (with 2 hops) baked into the protocol, as it uses anonymous authorization tokens (which can't be tied to Apple IDs they represent) at exit node.
https://www.apple.com/privacy/docs/iCloud_Private_Relay_Over...
Do you use any analytics tools on your website and how do you drive traffic to it?
Are you planning no-ads campaigns (similar to what simpleanalytics.com does)?
I'm on a privacy-first project and such info would help.
Privacy focused VPN that only supports MacOS. Amazing.
They're not going to make many sales with the post on here
This was already discussed last week: https://news.ycombinator.com/item?id=43016574
The security on the whole thing still relies on the idea that those two providers, who are partnering to offer this service and sharing the cost, would only try to attack you separately and not together. I don't buy it.
Would you agree it’s strictly better than a single provider?
Strictly, no.
It would have been nice if they'd have revealed what the payment options are before the final step. Kind of disappointing.
(Carl from Obscura here)
Ah we added payment and pricing to our navbar in staging but forgot to push to prod. Doing so now!
Okay, this is… not encouraging.
What happened to the tickets being tracked in the Epic that signified this launch? The entire Epic should have been flagged as resolved/completed before a launch like this should have been triggered. As in, the ticket for the launch should have been dependent on the Epic itself being completed.
That’s how you dot your i’s and cross your t’s to prevent very important things from falling through the cracks.
Two-server approach sounds similar to ProtonVPN "secure core" feature:
https://protonvpn.com/features/secure-core
These occur within two protonvpn servers themselves whereas obscura work b/w two different servers owned by two different entities (one obscura and other exit node of mullvad)
QUIC can be blocked by the censor. Since connections fall-back on HTTP 2 this doesn't have any effect on availability. the obfuscation this VPN promises is essentially non-existent.
This looks like two-hop Tor but I guess it's faster because you pay for it.
From the OP:
How does Obscura compare to Tor?
We have immense respect for the Tor project (and encourage you to support it), but its volunteer-run network can be slow and susceptible to DDoS issues, making it infeasible for everyday use.
Obscura uses two dedicated, high-performance hops for maximum speed and reliability – meaning you get many of Tor’s privacy benefits without sacrificing everyday usability.
I'm not clear on the technical details here.
> Obscura’s servers relay your connection to exit servers but can never decrypt your traffic.
Doesn't that rely on us trusting that the server runs the code they claim it does? Or is there a way to prove that their server can't get the decryption key (i.e. by proving that it's not possible for them to switch the final hop, or add undisclosed hops in between)?
(Carl from Obscura here)
Here's what [one of our FAQ entries](https://obscura.net/#faq-trust) say:
> Additionally, our app displays your current exit hop’s WireGuard public key on its “Location” page. You can check this key against what Mullvad publishes [here](https://mullvad.net/servers) to ensure that you’re connected via a genuine Mullvad exit hop!
Let me know if that's unclear!
That makes sense. Thanks for explaining!
The client is open source, and I believe the E2E encryption is done when the client creates a new Wireguard tunnel. At least, that's what I'm seeing here[0]. Still poring over the code.
[0] https://github.com/Sovereign-Engineering/obscuravpn-client/b...
Newbie question: It seems like even with VPN, various websites know the time zone the traffic is coming from (perhaps the browser or the OS reveals the time zone settings). Is there a way to mask this?
There are extensions and "undetect browsers" which are just wrappers around launching browsers with extensions, user profiles and sets of arguments so that those things are controlled.
Question: mullvad doesn't traditionally support any of the streaming services (netflix, etc.). Since Obscura is using mullvad, does that mean it also won't?
Carl from Obscura here
Happy to answer any questions y’all might have!
Multiple questions here :
1)How can I trust that you are sending the data to mullvad only , is there some way of proving this instead of trusting you ?
2) What if all the VPN companies merge together to create such network with 2-3 hops yet still having maximum privacy.
3)Off-topic? But couldn't this theoretically be done if lets say the mullvad vpn connects via https to something like piping server but instead of a single write -> multiple reciever , we fork it a little bit for multiple write -> single receiver & this can work itself on curl and its encrypted. I can in my rough mind draw exactly what obscura is trying to do but with piping server which is so much easier to self host & even host it on multiple cloud providers. Though a big thing is that the nodes would have to be a little configured for this specific purpose (maybe this is where obscura can come in?)
Supposing that this can be done , then what threat model difference would have it as compared to current obscura. https://github.com/nwtgck/piping-server
(Carl from Obscura here)
1) Here's what [one of our FAQ entries](https://obscura.net/#faq-trust) say:
> Additionally, our app displays your current exit hop’s WireGuard public key on its “Location” page. You can check this key against what Mullvad publishes [here](https://mullvad.net/servers) to ensure that you’re connected via a genuine Mullvad exit hop!
2) I really hope that the VPN industry comes together and become each others' 1st/exit hops!
3) Not totally sure what you mean, but we [use WireGuard-over-QUIC](https://obscura.net/blog/bootstrapping-trust/).
Thanks. I do wonder why you are a mac only app.
Mac apps by default ping the apple servers before they can connect to wireguard over quic and what not.
So its definitely not as secure as using linux or bsd.
Please I want to understand what makes linux / cross platform development harder.
It was for zeditor , arc browser and what not. Things make me treat as third class citizen and mac users as first kind of feels a little .. weird.
Do you use ECL in QUIC? This combo is outright blocked in most DPI-heavy countries.
Mullvad, whose exit nodes they are using anyway, already has a "multihop" feature in the client that sends your traffic in one node and out another.
They addressed that in their FAQ: https://obscura.net/#faq-multihop
Nice. I like the idea of splitting trust so that the clients IP + browsing data are not linked unless the two servers collude. This feels very similar in spirit to VPN cascading though?
(Carl from Obscura here)
Woah I didn’t know about the specific term “VPN cascading”… And it seems like my GLiNet travel router can do it too?
Well in any case, it seems like with cascading you’d have to register with 2 different providers, offering your personal info (if necessary) to both.
The product page states no logs, and then on that same page there is a claim the VPN IP address means anonymity- except... when I log in to VPN and I'm assigned IP address, now I'm tracked through this IP address? I'd guess there are logs saying something like 'user X requested IP, user X paid so lets give user X a.b.c.d for the duration of session'
But it is not more than a promise, it just shifts the promise "our company isn't watching" into "our two companies aren't sharing data." I think it is an improvement on the status quo but it is frustrating to see false claims like that.
There is always a little asterisk: "unless required by law".
Police can ask the service provider to assign you to a specific exit node.
Once you are on that specific exit node it's over.
It's easy for the police to convince you, the CEO of Obscura wouldn't want to be charged as an aid in a crime.
"We only support macOS only at the moment, so please let us know which platforms you use and we’ll notify you when we offer support!"
MacOS is becoming the default platform for development now? This in and of itself, is a threat.
The sole meaningful VPN is the one you host yourself to connect personal stuff around the world in a sole network. For privacy I2P etc performances are not enough for normal use, the rest is mere noise.
That's IMVHO the substance, not counting the fact that even a secure channel is meaningless if you run proprietary crapware at their end.
You ever tried browsing the web on a data center IP? It doesn’t work very well.
They specifically say "connect personal stuff" not "browse the web"
So tor with 2 hops?
(Carl from Obscura here)
Tor still offers more privacy benefits than Obscura for sure, but you want a shorthand, “Tor with 2 hops” works :-)
For people who are only somewhat familiar with Tor or Obscura: how about three hops?
https://tor.stackexchange.com/questions/491/why-does-tor-use...
Since I work mainly with workstations, and rarely ever with laptops, is there a plan to bring something like Obscura to a router running DD-WRT or OpenWRT? Or would I have to get a full-fat router running OpenBSD/PFSense in order to hook Obscura into it?
If I get any kind of a VPN system, I would want it to cover the entire network with just a single installation. Targeting routers running open-source firmware would be a great next step after the three main desktop platforms.
Plus, this then allows Obscura to protect any manner of net-enabled device, regardless of installed OS. Even my HaikuOS systems would be protected that way.
My second question involves roaming devices, such as phones -- will there be a mechanism in play that would allow a phone to recognize a “friendly” or “home” network, and disable its own Obscura install in favour of force-redirecting all network communication through the home Obscura? Or would it simply default to running Obscura-within-Obscura?
My last question involves multiple households: is there any plan to provide a bridging solution between multiple households, so they effectively appear like one giant network with a shared Obscura bridge to the Internet? The point being, I have services on my own home network that I would like to share out to my parents and my brother, which is very doable with a home-built VPN, but I also want a VPN that is a lot like Obscura to protect everyone with regards to direct Internet communication.
Doesn't this just move trust from mullvad to obscura?
The concept is that Obscura knows who you are, but not what you are doing. Mullvad knows what you are doing but not who you are.
Your trust is that Obscura and Mullvad will not collude.
Obscura also knows what you do, as it is their client you're using. Though, they've plans to address this shortcoming (reproducible builds / open source: https://news.ycombinator.com/item?id=43019473).
From what I understand they're dividing both identity (IP address) and browsing activity. Mullvad sees your browsing activity but not your identity, and Obscura sees your identity. So no single provider has full visibility into both who you are and what you do
This feels like another Mullvad (this is a good thing).
EDIT: Ah, they use Mullvad for exit hops. Sweet.
[dead]
[dead]
[dead]