Comment by mmooss

Comment by mmooss 2 days ago

12 replies

View on Hacker News

Also, Obscura can collect metadata on when you use the service, how much data you send/receive, etc.

Even if Mullvad doesn't do it, someone else might. Mullvad is, I expect, now a valuable target because it is the VPN service of choice for so many people concerned with security. Does Mullvad have the budget and expertise to protect itself against determined, highly-resourced attackers?

Finally, is it possible for a third party, intercepting traffic between Obscura and Mullvad, to identify the public key used to encrypt it? I don't think so - the only way to validate a signature is with both keys; that's kind of the point. But maybe there is an attack I'm unaware of?

ijustlovemath 2 days ago

Mullvad is near the cutting edge on zero trust deployments; allowing user traffic to pass thru, with guaranteed no logging, assumption of compromise guiding system architecture, etc. Nobody can withstand a nation state, not even other nation states, so I feel like they're doing the best that can be reasonably expected of them

Reply View 6 replies
  • ignoramous 2 days ago

    > Mullvad is near the cutting edge on zero trust deployments

    What is "zero trust deployments"?

    Reply View 5 replies
    • ijustlovemath 2 days ago

      Meaning they're achieving their privacy goals without any inherent trust in their systems (eg no databases of user info, etc)

      Reply View 4 replies
      • ignoramous 2 days ago

        > no databases of user info

        Depends on the payment method. Accounting is mandatory in Sweden.

          As a customer of [payment] services, these entities would allow us to request this information if we chose to do so. In short, your payment actions with these two methods are not anonymous and the GDPR and other relevant data protection regulations may apply if you are making a payment by credit card, PayPal, Swish or by bank wire.

  The data must be kept for the statutory retention period described in applicable local laws such as the Swedish Accounting Act (some information must be stored for seven years from the end of the fiscal year).
        That "some information" according to Swedish Accounting Act (bokföringslagen): "Every transaction, including customer payments, must be supported by proper documentation such as invoices, receipts, and payment confirmations."

        https://mullvad.net/en/help/no-logging-data-policy / https://archive.vn/qkvD3

        Reply View 3 replies
conradev 2 days ago

Timing attacks are notably not a part of Tor's threat model, i.e. they are a real concern: https://support.torproject.org/about/attacks-on-onion-routin...

Reply View 3 replies
  • Imustaskforhelp 2 days ago

    hmm. that is interesting , would you mind sharing some solution , what if I add some insane latency (I know unusable but if it prevents timing attacks)

    my conspiracy spidey sense is sensing something fishy...

    Maybe timing attack is not part of .onion addresses ?

    Reply View 2 replies
    • woofcat 2 days ago

      Mixnet would be a solution. Like what you described, have inbound packets held for some period of time and released as a group so that you cannot as easily correlate the inbound and outbound traffic.

      The downside is that it gets much slower, and feels 'bad' as an end user. Each packet takes longer.

      Reply View 0 replies
    • conradev a day ago

      The only solution I know of is essentially to do "bandwidth burning" where you inject a bunch of fake traffic as noise. I don't know how you'd do that within the constraints of this system.

      Reply View 0 replies
dongcarl 2 days ago

(Carl from Obscura here)

> Does Mullvad have the budget and expertise to protect itself against determined, highly-resourced attackers?

I think Mullvad is actively working on [System Transparency](https://www.system-transparency.org/), which will help a lot.

> Finally, is it possible for a third party, intercepting traffic between Obscura and Mullvad, to identify the public key used to encrypt it? I don't think so - the only way to validate a signature is with both keys; that's kind of the point. But maybe there is an attack I'm unaware of?

I had asked this question a long time ago on either a noiseprotocol or wireguard IRC channel, and the answer is no, a third party intercepting traffic between Obscura and Mullvad, WON'T be able to identify the public key used to encrypt it.

Reply View 0 replies