• [deleted]

  • Edited
  1. Should I leave Wireguard-Port to automatic or change it?
  2. Should I enable automatic, Shadowsocks or UDP over TCP in: Wireguard veiling?
  3. How about Mullvad Direct and Bridges? Should I leave them both enabled?
  4. In Mullvad Desktop Version, should I change IP-Version from Automatic to IPV4?
  5. And should I deactivate IPV6 in my Desktop Network Settings?

    [deleted] There will be far more detailed answers to your questions, but I think a pretty good rule of thumb here is to leave it as default unless you have a good reason to change it, such as trouble connecting due to censorship by your ISP, or the public WiFi you're connected to, etc.

    For example WireGuard Obfuscation (which you ask about in question 2) can help hide that you're using a VPN from your network provider. So if you are connecting to the VPN, and the websites you want to access without problems, and have no other reason to hide the fact you're connecting to a VPN from your network provider, then you probably want to leave it as automatic. Neither of those methods (shadowsocks and UDP-over-TCP) are, by any means, fool proof either, especially if you are being looked at by a very determined adversary, so it's important that you understand your threat model as well

      • [deleted]

      roamer4223 And what should I turn on all, for higher threat model? Like the best Settings for that Situation?

        You probably worry too much about these things. It won't make or break your privacy.

          • [deleted]

          FlipSid I just want the maximum Security and Privacy. Even if my threat model is not that high, my Goal is to get the best out of it.

          • [deleted]

          Rizzler No, I just want the maximum I can get out of it, which is normal.

          The problem is there is rarely a "best", just a situative and individual fitting solution. One could argue to not use Mullvad but Tor for best privacy and security. One could argue that changing default settings will harm your privacy by becoming part of a smaller sample size group, or benefit your privacy by sharing less data overall.

          So best thing you can get is a more detailed education on what those settings (and a VPN in general) do exactly, and decide whether that would benefit or harm your definition of privacy and security.

          A best practice approach can't be right for everybody, so I'd avoid any suggestion that says "do this exact thing and you'll have better privacy", especially if it is not explained and discussed in detail.

          Until you find a deep understanding, it's usually a good approach to keep the default settings with trusted parties (e.g. if you trust the devs from Mullvad, GrapheneOS, Tor Browser etc.)..

          To give a more detailed example: OpenVPN vs Wireguard. The latter has a lot of advantages (faster, leaner, simpler, less resource heavy etc.). But one privacy disadvantage to my limited understanding is that for Wireguard to work, the VPN provider has to store your IP address temporarily on their servers. That's an inherent privacy issue that Mullvad has to implement strategies against (which they do). Now you have to decide: Is Mullvad's Wireguard implementation or the OpenVPN protocol a more private solution?

          My solution: Since I don't fully understand the differences and haven't taken the time yet, I don't change the default setting and rather trust that it's probably the best solution for now (within the privacy limits of VPNs in general).