Submitted 6 months ago by ForgottenFlux@lemmy.world to technology@lemmy.world
https://mullvad.net/en/blog/introducing-defense-against-ai-guided-traffic-analysis-daita
Even if you have encrypted your traffic with a VPN (or the Tor Network), advanced traffic analysis is a growing threat against your privacy. Therefore, we now introduce DAITA.
Through constant packet sizes, random background traffic and data pattern distortion we are taking the first step in our battle against sophisticated traffic analysis.
That's one of the reasons why I love Mullvad, they actually care about their customers, not just about their bottom line
I wonder how much of a bottom line they actually have given how cheap their service is.
Mullvad is 5 bucks a month and never has promos.
Weigh that against Nord which often has a year for like 15 bucks…
But Mullvad is one of the few that actually seems to care about privacy.
I'm pretty sure they are profitable, considering they were founded in March of 2009. You can't really run a company without profits for 14 years, right? Just routing network traffic isn't that expensive after all. They are the only ones being honest about it, other VPNs charge way more because they only want to extract money from their customers.
If only they didn’t bend the knee to the five eyes and drop port forwarding
They got rid of port forwarding to improve the reputation of their IP ranges. That makes it less likely for Mullvad users to get blocked by CDNs like Cloudflare and Akamai when visiting websites. If you want port forwarding, just use AirVPN or rent a VPS and use that. Not sure what you're talking about, but Mullvad is based in Sweden, which is not a part of the five eyes alliance. It's a part of 14 eyes, but Sweden has very strong privacy, Mullvad even has an entire page about privacy legislation in Sweden: https://mullvad.net/en/help/swedish-legislation
They also have a page that explains how Sweden being part of the 14 eyes alliance doesn't really affect Mullvad: https://mullvad.net/en/blog/5-9-or-14-eyes-your-vpn-actually-safe
Their office was also raided by prosecutors last year, and they weren't able to seize any customer information, because Mullvad doesn't store anything about their customers:
https://mullvad.net/en/blog/mullvad-vpn-was-subject-to-a-search-warrant-customer-data-not-compromised
https://mullvad.net/en/blog/update-the-swedish-authorities-answered-our-protocol-request
5 eyes shit is dumb pop security anyway. As if the CIA can’t rento colo space in Kazakhstan and market you some extra spooky VPN.
Still waiting for Defense Against the AI Dark Arts to drop
DAIDA
?
Harry Potter reference.
And Dumbledore’s AIrmy for when they forbid DAAIDA as an anti-terrorist measure
I love these guys. Let’s see if somebody can just bootstrap the FOSS framework directly on TCP to work on the internet without a VPN. Fantastic project
Those words sound cool and mean literally nothing
Bootstrapping See the Application section specifically.
FOSS = Free/Open Source Software TCP = Transmission Control Protocol VPN = Virtual Private Network
These words mean a lot actually. Pretty basic terms when it comes to the internet.
Err… Like… a 2009 Java applet? Those were built straight on TCP. And the lack of security made anyone else in the same LAN cafe let you steal your password.
The closest thing I can think of that goes for the vibe you’re talking about is I2P
No port forwarding really kills the utility though - I mainly use the VPN to do port forwarding (e.g. for video games, Plex, etc.) as my ISP is shit.
Like I’m not worried about state-level de-anonymisation, I just want to be able to share services remotely and have a minimum level of anonymity.
Port forwarding removed because hosting threatened to kick mullvad out. Lot of shit hosted through that. No hosting, no vpn, so needed to remove to continue operate.
Port forwarding means torrents. People using a VPN to torrent likely have much more traffic, especially those that seed (which is why they want port forwarding). Not enabling port forwarding means mullvlad can operate at a higher profit to cost ratio, and less risk.
ProtonVPN has it though, which is what I’m using now.
How does port forwarding help with videogames?
Opens up your NAT for matchmaking
I host a server, I forward the port, my friends can connect to the open port on the VPN side.
My ISP does not offer port forwarding.
Someone else pointed out Tailscale; I’ve had luck with free tier VPS+WireGuard.
I have an Oracle one which has worked well. Downside is I did link my CC, because my account was getting deactivated due to inactivity (even using it as a VPN and nginx proxy for my self hosting wasn’t enough to keep it “active”). But I stay below the free allowance, so it doesn’t cost.
That said: as far as anonymity goes, it’s not the right tool. And I fully appreciate the irony of trying to self-host to get away from large corporations owning my data…and relying on Oracle to do so. But you can get a static IP and VPS for free, so that’s something.
Zerotier could also work for you
You can use Tailscale for this
Alternative maybe i2p or tor network. Or make vpn to anon vps and host from there.
How about defense against dhcp option 121 changing the routing table and decloaking all VPN traffic even with your kill switch on? They got a plan for that yet? Just found this today.
I doubt it would matter in some environments at all.
As an example a pc managed by a domain controller that can modify firewall rules and dhcp/dns options via group policy. At that point firewall rules can be modified.
Don’t you control your dhcp server?
The Option 121 attack is a concern on networks where you don’t.
Exactly where you’d want a VPN. Cafes, hotels, etc.
Of course but you don’t control rogue dhcp servers some asshat might plug in anywhere else that isn’t your network
Love they called the defence framework “Maybenot”.
I swear the defense against the dark arts teacher just keeps getting weirder and weirder.
I can tell you that this exists way before AI, I wish that there was more awareness earlier but it’s good that now its starting
I use Mullvad really good, love how they don’t care who you are and can actually maintain complete anonymity even in payment.
Propably going to be banned soon for some stupid reason if gets popular, like free speech is allowing the terrorists make bears cry or something.
So it’s like a VPN-busta-busta?
What if they have a VPN-busta-busta-busta though?
Then we have to wait til they drop the legendary VPN-quad-busta
So… Tor?
Tor is much better than a VPN privacy wise. However, you are limited on speed and stuck with TCP.
Windscribe had something similar already? Not exactly this, but they had a feature to add other random traffic to your network specifically to work against systems like these.
Phoenix3875@lemmy.world 6 months ago
The Chinese Great Firewall (GFW) has already been using machine learning to detect “illegal” traffics. The arms race is moving towards the Cyberpunk world where AIs are battling against an AI firewall.
possiblylinux127@lemmy.zip 6 months ago
Careful criticizing China you will awake the Tankies.
No_Eponym@lemmy.ca 6 months ago
Drums, drums in the deep …
Image
oce@jlai.lu 6 months ago
You can conviniently block a whole instance from your account now, it reduces this kind of disagreement a lot.
Linkerbaan@lemmy.world 6 months ago
One day those tankies people here keep talking about are going to show up.
One day.
phoenixz@lemmy.ca 6 months ago
HI WINNIE POOH! How have you been, have you had your daily dose of honey yet?
Socsa@sh.itjust.works 6 months ago
I have some first hand experience with this. Brand new XMPP server, never before seen by anyone in the world, blocked within about 12 hours. Wireguard VPN on AWS lasts for a few hours on some networks, more on others. Never longer than a few days though.
dubyakay@lemmy.ca 6 months ago
From China?