Obscura VPN – Privacy that's more than a promise
(obscura.net)220 points by lostin01010101 2 days ago
220 points by lostin01010101 2 days ago
(Carl from Obscura here)
Totally! Mullvad is _the_ pioneer in this space, and we look up to them. This is why they were our top pick for being an exit hop provider!
Hey Carl, sorry to hijack the thread but I have a question for you. Being the operator a small website (5M views/month, 200k users), I am often plagued by targeted cyber attacks. Over the years many of these come from privacy enhanced networks (eg Tor, Mullvad, etc). I have approached Mullvad many times with abusive user reports which they seem to simply ignore. How do you plan to address this in your product? Will you simply allow bad actors to abuse the internet via your service? Or do you have some plans to address this issue?
> I have approached Mullvad many times with abusive user reports which they seem to simply ignore.
What would you like them to do? Considering that AIUI they outright don't log or monitor users at all, I can't think of anything they could do with your reports.
I can understand that concern, and I think in the future some version of [Privacy Pass](https://privacypass.github.io/) will allow for site operators to differentiate between normal vs. abusive users without relying on IP reputation (which is more unreliable anyway since CGNAT is a thing).
We typically don't ban IPs for the very reason mentioned here (CGNAT is a very real thing and we have many users who share IPs). However we do ban IP ranges associated with VPNs that we see an excessive amount of abuse from. I might be an outlier on the internet, but if you take the stance you have outlined above, that you will effectively do nothing to combat the level of abuse from your network, you inevitably hurt your honest users because some web services will be unavailable to them via your VPN.
You can also mail them an envelope full of cash last I checked.
Interesting concept. The blog has a lot more details[1].
One comment/question about the exit nodes. Can someone correct or validate my thoughts:
It’s a WireGuard tunnel from the user to Mullvad, so while Obscura can’t see the user traffic, couldn’t the Mullvad exit node see the traffic, and using knowledge of the users WireGuard public key, associate all that users traffic with that key? So even if they can’t associate it with an IP, they could still potentially identify and track you.
This assumes they use a customised version of WireGuard to somehow log & associate each decrypted IP packet against the users public key.
(Carl from Obscura here)
This is actually quite an interesting point that we’ve been discussing internally.
Right now Obscura rotates your WireGuard key on every “Connect”, but in a future release we will start caching (persist) your WireGuard keys on your client. When we flip that switch, we will also enable recurring key rotation and add a button in the UI for manual key rotation. This rotation would make it harder for Mullvad to track a user across the same key. (Not that they would anyway)
All of this is available for folks to verify at on our GitHub repository: https://github.com/Sovereign-Engineering/obscuravpn-client
Thanks! that blog post had a thread here:
Trust, 2-Party Relays, and QUIC - https://news.ycombinator.com/item?id=43016574 - Feb 2025 (33 comments)
And it's not even that hard if the page is built in a sane way, which for the simplicity of the blog should be a no brainer to go for simplicity.
I have my blog hosted at omg.lol and while I had to support mobile by myself, it was really really simple.
Here is my blog: https://xd1.dev
Here is the code for the blog's responsive layout: https://github.com/gchamon/xd1.dev/blob/main/css/responsive-...
No injection, no build, just plain inline linking https://github.com/gchamon/xd1.dev/blob/10b98ddb37a9786ca8fe...
It's insane to me that this even has to be pointed out with such a relatively simple page, and then I looked at the source; it screams "I'm gonna just bang something out in [popular framework] without knowing basic HTML/CSS and let the world suffer from my <div> rot."
I hate modern web development.
I agree. Its not that difficult to just have a max-width of 90% for the content or just add some padding to the inner container.
I also think people skipping over learning some basic CSS fundamentals also end up skipping over basic UI/UX needed for accessible websites, something every web developer should have some awareness about.
Complete reliance on CSS frameworks does not magically make the websites accessible,it gets you 90% there.
Also /blog leads of 403!? Wildcard redirects are not that difficult to setup either.
Also, Obscura can collect metadata on when you use the service, how much data you send/receive, etc.
Even if Mullvad doesn't do it, someone else might. Mullvad is, I expect, now a valuable target because it is the VPN service of choice for so many people concerned with security. Does Mullvad have the budget and expertise to protect itself against determined, highly-resourced attackers?
Finally, is it possible for a third party, intercepting traffic between Obscura and Mullvad, to identify the public key used to encrypt it? I don't think so - the only way to validate a signature is with both keys; that's kind of the point. But maybe there is an attack I'm unaware of?
Mullvad is near the cutting edge on zero trust deployments; allowing user traffic to pass thru, with guaranteed no logging, assumption of compromise guiding system architecture, etc. Nobody can withstand a nation state, not even other nation states, so I feel like they're doing the best that can be reasonably expected of them
> Mullvad is near the cutting edge on zero trust deployments
What is "zero trust deployments"?
(Carl from Obscura here)
> Does Mullvad have the budget and expertise to protect itself against determined, highly-resourced attackers?
I think Mullvad is actively working on [System Transparency](https://www.system-transparency.org/), which will help a lot.
> Finally, is it possible for a third party, intercepting traffic between Obscura and Mullvad, to identify the public key used to encrypt it? I don't think so - the only way to validate a signature is with both keys; that's kind of the point. But maybe there is an attack I'm unaware of?
I had asked this question a long time ago on either a noiseprotocol or wireguard IRC channel, and the answer is no, a third party intercepting traffic between Obscura and Mullvad, WON'T be able to identify the public key used to encrypt it.
Timing attacks are notably not a part of Tor's threat model, i.e. they are a real concern: https://support.torproject.org/about/attacks-on-onion-routin...
hmm. that is interesting , would you mind sharing some solution , what if I add some insane latency (I know unusable but if it prevents timing attacks)
my conspiracy spidey sense is sensing something fishy...
Maybe timing attack is not part of .onion addresses ?
> somehow log & associate each decrypted IP packet against the users public key.
Mullvad only needs to associate each decrypted IP packet against an assertion that the packet was paid for. I assume each Obscura node would have a public key, but not associated with a user.
They notably offer this service for Tailscale (as an add-on) and I imagine that it works similarly (on the backend)
Yeah my thinking is even if they don’t have the users IP, knowing and seeing all the traffic associated with a specific public key would allow them to build a profile of the user.
Eg based on the specific sites visited, payload sizes potentially, domains looked up, etc you’d be able to characterise the person. Especially so if anything they did was not encrypted, or they have their own vanity domain (for emails or anything else).
> Mullvad only needs to associate each decrypted IP packet against an assertion that the packet was paid for.
The idea of Obscura is by using two middlemen (them + Mullvad) that neither party can figure out who the end user is. So I’m looking at Mullvad from the perspective of: if they were evil, what about this solution are safeguard protecting the end users privacy. And my conclusion is they’d still be able to break the users privacy in the same way as knowing the users IP, just without the IP.
Why do all of these new VPN solutions want some form of Crypto payment that has to go through KYC regulations to acquire... doesn't that somewhat defeat the purpose?
Mullvad with cash seems like a super ideal way to go. Why can't I just mail you $20 and call it a day?
There are a couple of options for acquiring crypto without KYC. One might sell goods and services for crypto (I have done it myself, sold a videogame console P2P through a local libertarian group chat), or buy crypto with cash via P2P or in a country with looser KYC laws, and lastly they could just mine it themselves. Having significant money through mining might seem improbable, but we can't forget the market dynamics, someone might have mined a lot of some altcoin before a big boom (e.g. dogecoin) and ended up rich overnight.
Also, let's not forget Monero. Even if you buy Monero in a KYC exchange, the letterbois can only track if you've bought, but can't track where you send it to next. You could then exchange it for bitcoin with someone or using a non-KYC service, and there you have it, an anonymous BTC reserve. Or you could just bypass BTC altogether and use the much superior Monero to buy whatever you want.
That whole comment is "With a way harder method than going to the ATM".
I understand that it's possible to get crypto through obscure methods. However if you're selling a privacy focused solution, ideally you shouldn't have to spend 3-4 weeks to acquire the funds to purchase it.
I agree cash is currently king, but we need a crypto (or even better, Monero) economy if we are going to maintain financial privacy in the long run. In the event of a full transition to a Central Bank Digital Currency, like the EU is discussing and Brazil has already announced, cash will not be private anymore, as any physical bills will be just tokens for the underlying digital currency, which is tracked by the government.
What happened if some government agency were to order both Obscura and Mullvad to log a certain user or certain activities? Wouldn't it be possible to combine those logs? If it isn't: would that change if Obscura was ordered to also use a separate Mullvad account for a specific user/IP?
Governments do not even need any of the providers to comply, they can access global NetFlow data. This is conveniently not discussed by any commercial VPN provider.
Thanks for pointing this out. I wasn't aware of NetFlow. I don't use IVPN, but I found this writeup informative:
https://www.ivpn.net/privacy-guides/isp-netflow-surveillance...
It ultimately depends on your threat model. But assuming a state actor has access to NetFlow data, an attack could work like this:
* State actor determines that an IP belonging to a VPN company had a session on example.com around t1-t2
* You -> VPN server at t1
* VPN server -> example.com at t1+latency
* More traces from both sides until around t2 as you browse the site
By correlating multiple samples, and accounting for latency between you and the VPN server and delay introduced by the VPN itself, they would be able to get decent confidence that it was you.
Some of the prior works in this paper[0] address noise in anonymity networks, but in general: you either add noise at the link level which malicious nodes can identify & ignore, or you add noise by injecting fake chaff packets that are dropped somewhere inside the network which are statistically identified when you look at packet density across the network.
This might or might not extend to VPN nodes depending on your threat model - I'd personally assume every single node offered to me by a company in exchange for money is malicious if I was concerned about privacy.
The threat actor most use to talk about this is a global passive adversary: a threat actor who can see all relevant traffic on the Internet but who can't decrypt or adjust the traffic.
This adversary would have the ability to ingest massive amounts of data and metadata[0] it acquires from tier 1 ISPs all over the country[1] and the world[2]. They'll not see raw HTTP traffic because most everything of interest is encrypted, but can store and capture (time, srcip, srcport, dstip, dstport, bytes).
From there, it's a statistical attack: user A sent 700 kilobytes to a VPN service at time t; at t+epsilon the VPN connected to bad site B and sent 700 kilobytes+epsilon packets. Capture enough packet flows that span the user, the VPN, and the bad site and you can build statistical confidence that user A is interacting with bad site B, even with the presence of a VPN.
This could go other directions too. If bad site B is a Tor hidden site whose admin gets captured by the FBI and turns over access, they'll be unmasking in reverse – I got packets from Tor relay A, which relay sent packets at time-epsilon to it, (...), to the source.
There's very little you can do to fight this kind of adversary. Adding hops and layers (VPN + VPN, Tor, Tor + VPN, etc.) can only make it harder. It's certainly an expensive attack both in terms of time consumption, storage, and it requires massive amounts of data, but if your threat model includes a global passive adversary, game over.
[0] https://en.wikipedia.org/wiki/XKeyscore
Honestly, paying for a VPN is just purchasing slow internet speeds at a premium.
https://www.youtube.com/watch?v=9_b8Z2kAFyY
Just use Tor.
Wanna know about something cool? Tor i offers real untraceable anonymity and is 100% free.
It was also developed by the United States Navy and has been criticized for not being as secure as it claims it is. This should come as no surprise since the US military and agencies have a history of demanding backdoors in software, which just means more attack vectors for outsiders to sniff out.
I make no claims that commercial VPNs are more secure, but at least they have some level of interest in keeping their promises if people are paying them, whereas a free service does not carry the same incentive.
Pick your poison, I guess.
The navy backdoor claims are unsubstantiated FUD unless you can point them out in the freely available and accessible code. Not to mention that they created the tool to also use themselves.
They also haven't had any influence or control in the development of todays tor project that has existed for over 20 years and despite a massive amount of attacks and research there has never been found anything.
That does not mean there aren't serious drawbacks that are more worth pointing out such as why bother with a very complex and noisy backdoor when you can just covertly create enough nodes to do traffic correlation.
> That does not mean there aren't serious drawbacks that are more worth pointing out such as why bother with a very complex and noisy backdoor when you can just covertly create enough nodes to do traffic correlation.
Winner winner chicken dinner.
FVEY's annual budget is $1.7bn + $1bn + $122mm (NZ :3) + $4.6bn + $classified billion.
You think those guys can't mount a Sybil attack against https://metrics.torproject.org/ ?!
> real untraceable anonymity and is 100% free.
And 50% of the time it works every time...
A lot of things simply don't work if you're using tor. You get blocked, you get blacklisted, accounts get terminated, and so on.
I generally agree, but the same thing also happens to Mullvad exit nodes (though not to the same degree.) Imgur is perpetually "over capacity", breaking images across multiple websites. Twitch tells me "your browser is not supported, try Chrome or Firefox" when trying to log in on Firefox. Netflix blocks all regional content, etc. Not to mention the constant Cloudflare captchas. I once had to use Tor because Mullvad was blocked (creating a foreign Steam account)
Google Search comes to mind as the most Tor-hostile website though, and that allows Mullvad just fine.
tor generally doesn't recommend running vpn over tor makes any of your opsec any more safer , in fact I can argue that it makes your opsec worse
but if a website is working on mullvad and not on tor and you are forced to use that website , then yes compromise your opsec a little bit I suppose
There does not exist a system or method to make a signal truly 100% untraceable. What you can do and tor does is severely weakening the odds of the tracing being successful by increasing the amount of work and involved parties thereby improving the odds that the tracing never reaches the actual origin.
This comment is wrong and not funny.
1) you didn't read path selection constraints: https://spec.torproject.org/path-spec/path-selection-constra...
>We do not choose more than one router in a given network range, which defaults to /16 for IPv4 and /32 for IPv6. (C Tor overrides this with EnforceDistinctSubnets; Arti overrides this with ipv[46]_subnet_family_prefix.)
2) There is currently no exit-node hosted at Hetzner. Check the Tor atlas
They're not going to make many sales with the post on here
This was already discussed last week: https://news.ycombinator.com/item?id=43016574
The security on the whole thing still relies on the idea that those two providers, who are partnering to offer this service and sharing the cost, would only try to attack you separately and not together. I don't buy it.
Okay, this is… not encouraging.
What happened to the tickets being tracked in the Epic that signified this launch? The entire Epic should have been flagged as resolved/completed before a launch like this should have been triggered. As in, the ticket for the launch should have been dependent on the Epic itself being completed.
That’s how you dot your i’s and cross your t’s to prevent very important things from falling through the cracks.
Two-server approach sounds similar to ProtonVPN "secure core" feature:
These occur within two protonvpn servers themselves whereas obscura work b/w two different servers owned by two different entities (one obscura and other exit node of mullvad)
QUIC can be blocked by the censor. Since connections fall-back on HTTP 2 this doesn't have any effect on availability. the obfuscation this VPN promises is essentially non-existent.
From the OP:
How does Obscura compare to Tor?
We have immense respect for the Tor project (and encourage you to support it), but its volunteer-run network can be slow and susceptible to DDoS issues, making it infeasible for everyday use.
Obscura uses two dedicated, high-performance hops for maximum speed and reliability – meaning you get many of Tor’s privacy benefits without sacrificing everyday usability.
I'm not clear on the technical details here.
> Obscura’s servers relay your connection to exit servers but can never decrypt your traffic.
Doesn't that rely on us trusting that the server runs the code they claim it does? Or is there a way to prove that their server can't get the decryption key (i.e. by proving that it's not possible for them to switch the final hop, or add undisclosed hops in between)?
(Carl from Obscura here)
Here's what [one of our FAQ entries](https://obscura.net/#faq-trust) say:
> Additionally, our app displays your current exit hop’s WireGuard public key on its “Location” page. You can check this key against what Mullvad publishes [here](https://mullvad.net/servers) to ensure that you’re connected via a genuine Mullvad exit hop!
Let me know if that's unclear!
The client is open source, and I believe the E2E encryption is done when the client creates a new Wireguard tunnel. At least, that's what I'm seeing here[0]. Still poring over the code.
[0] https://github.com/Sovereign-Engineering/obscuravpn-client/b...
Multiple questions here :
1)How can I trust that you are sending the data to mullvad only , is there some way of proving this instead of trusting you ?
2) What if all the VPN companies merge together to create such network with 2-3 hops yet still having maximum privacy.
3)Off-topic? But couldn't this theoretically be done if lets say the mullvad vpn connects via https to something like piping server but instead of a single write -> multiple reciever , we fork it a little bit for multiple write -> single receiver & this can work itself on curl and its encrypted. I can in my rough mind draw exactly what obscura is trying to do but with piping server which is so much easier to self host & even host it on multiple cloud providers. Though a big thing is that the nodes would have to be a little configured for this specific purpose (maybe this is where obscura can come in?)
Supposing that this can be done , then what threat model difference would have it as compared to current obscura. https://github.com/nwtgck/piping-server
(Carl from Obscura here)
1) Here's what [one of our FAQ entries](https://obscura.net/#faq-trust) say:
> Additionally, our app displays your current exit hop’s WireGuard public key on its “Location” page. You can check this key against what Mullvad publishes [here](https://mullvad.net/servers) to ensure that you’re connected via a genuine Mullvad exit hop!
2) I really hope that the VPN industry comes together and become each others' 1st/exit hops!
3) Not totally sure what you mean, but we [use WireGuard-over-QUIC](https://obscura.net/blog/bootstrapping-trust/).
Thanks. I do wonder why you are a mac only app.
Mac apps by default ping the apple servers before they can connect to wireguard over quic and what not.
So its definitely not as secure as using linux or bsd.
Please I want to understand what makes linux / cross platform development harder.
It was for zeditor , arc browser and what not. Things make me treat as third class citizen and mac users as first kind of feels a little .. weird.
Mullvad, whose exit nodes they are using anyway, already has a "multihop" feature in the client that sends your traffic in one node and out another.
They addressed that in their FAQ: https://obscura.net/#faq-multihop
(Carl from Obscura here)
Woah I didn’t know about the specific term “VPN cascading”… And it seems like my GLiNet travel router can do it too?
Well in any case, it seems like with cascading you’d have to register with 2 different providers, offering your personal info (if necessary) to both.
The product page states no logs, and then on that same page there is a claim the VPN IP address means anonymity- except... when I log in to VPN and I'm assigned IP address, now I'm tracked through this IP address? I'd guess there are logs saying something like 'user X requested IP, user X paid so lets give user X a.b.c.d for the duration of session'
But it is not more than a promise, it just shifts the promise "our company isn't watching" into "our two companies aren't sharing data." I think it is an improvement on the status quo but it is frustrating to see false claims like that.
There is always a little asterisk: "unless required by law".
Police can ask the service provider to assign you to a specific exit node.
Once you are on that specific exit node it's over.
It's easy for the police to convince you, the CEO of Obscura wouldn't want to be charged as an aid in a crime.
"We only support macOS only at the moment, so please let us know which platforms you use and we’ll notify you when we offer support!"
MacOS is becoming the default platform for development now? This in and of itself, is a threat.
The sole meaningful VPN is the one you host yourself to connect personal stuff around the world in a sole network. For privacy I2P etc performances are not enough for normal use, the rest is mere noise.
That's IMVHO the substance, not counting the fact that even a secure channel is meaningless if you run proprietary crapware at their end.
My self hosted hetzner vpn can't view youtube, read reddit and is blocked by 25% of all web sites. Another 25% require me to solve ten-step captchas in order to view their content. No such problems exist with mullvad, but there are other problems with it.
For people who are only somewhat familiar with Tor or Obscura: how about three hops?
https://tor.stackexchange.com/questions/491/why-does-tor-use...
Since I work mainly with workstations, and rarely ever with laptops, is there a plan to bring something like Obscura to a router running DD-WRT or OpenWRT? Or would I have to get a full-fat router running OpenBSD/PFSense in order to hook Obscura into it?
If I get any kind of a VPN system, I would want it to cover the entire network with just a single installation. Targeting routers running open-source firmware would be a great next step after the three main desktop platforms.
Plus, this then allows Obscura to protect any manner of net-enabled device, regardless of installed OS. Even my HaikuOS systems would be protected that way.
My second question involves roaming devices, such as phones -- will there be a mechanism in play that would allow a phone to recognize a “friendly” or “home” network, and disable its own Obscura install in favour of force-redirecting all network communication through the home Obscura? Or would it simply default to running Obscura-within-Obscura?
My last question involves multiple households: is there any plan to provide a bridging solution between multiple households, so they effectively appear like one giant network with a shared Obscura bridge to the Internet? The point being, I have services on my own home network that I would like to share out to my parents and my brother, which is very doable with a home-built VPN, but I also want a VPN that is a lot like Obscura to protect everyone with regards to direct Internet communication.
Obscura also knows what you do, as it is their client you're using. Though, they've plans to address this shortcoming (reproducible builds / open source: https://news.ycombinator.com/item?id=43019473).
From what I understand they're dividing both identity (IP address) and browsing activity. Mullvad sees your browsing activity but not your identity, and Obscura sees your identity. So no single provider has full visibility into both who you are and what you do
This feels like another Mullvad (this is a good thing).
EDIT: Ah, they use Mullvad for exit hops. Sweet.
Just to note here - with Mullvad you can pay via gift card that you can find at various retailers (to get a one-time code that you can use to create an account). Of course they can see your IP address but there is no payment/contact information on the system.