argante Why does Mullvad not admit to this risk and only say that they provide wonderful privacy and anonymity?

If these risks are not addressed in any of their blog posts, then it wouldn't hurt to bring it up with them and perhaps they will elaborate to everyone's benefit. Multihop, DAITA, Mullvad browser, RAM only servers, etc.. ought to address some of these concerns... or perhaps they consider the risks beyond the scope of a VPN company to address? None of this strikes me as deserving of being labeled a scam.

Relating back to the OP concern, does the Mullvad fork of the Firefox browser address Mozilla's pivot to Surveillance Capitalism? That's definitely a question I'd like both Mullvad and the Tor Project to address.

    r134a Can Mullvad guarantee for example that a server in France rented from M247 doesn't 'monitor' in any way? (For lack of a better term). If not, how would that work exactly?

    I've always assumed the answer to the first question is a flat no, but I'd rather shift my risk to M247 after exiting a VPN tunnel than to allow my ISP to do even worse, with full KYC. So it's not a question of are VPNs private and anonymous, it's a question of which VPN provides the best privacy and anonymity among all VPN providers.

        argante I don't blame Mullvad or IVPN for bad faith. They try, but they don't live in a vacuum. Not to mention all the risks they mislead users. If they are aware of it, it is a scam

        You're pulling a straw man here.. First you claim Mullvad is a scam, go on a crusade against TOR not being able to prove any of your points with any evidence beyond some people on YT or medium saying it is like that. just because something is on the internet does not mean it's true.

        Then you go and try to prove VPN is bad because of KYC, cloudflare, using specific providers and shit, only to agree Mullvad does not have KYC for example.. Then when someone provided you good arguments against your claims you go "oh I know they try, yada yada" because you don't have anything meaningful to say to this..

        What you blatantly skip is that you can pick multihop in Mullvad (not yet on mobile), you can use Mullvad owned servers, you can do a lot to achieve good enough every day privacy plenty enough for normies. But nah, everything is a scam because some dude on your fav yt channel with content quality like network chuck said it's a scam

        Also if you care for privacy so much, you'd not use services like discord..

            elih it's a question of which VPN provides the best privacy and anonymity among all VPN providers.

            GOS+Vanadium+Orbot as Full VPN. Disable JIT and javascript globally. You will still be able to enable javascript for a specific web page directly from Vanadium. Vanadium supports .onion links directly, so there is no reason to install Tor Browser. There is a small issue in Vanadium that .onion addresses are marked as insecure. I plan to report this to the Vanadium developers as a bug.
            Network & Internet -> VPN -> Always-on VPN + Block connections without VPN. This will prevent leaks such as DNS.

            This is the best setup you can easily do. A more advanced approach is to hide Tor behind a socks5 proxy, which will avoid Tor being blocked by endpoint servers, but I was surprised that my banking app works even when I connect directly through Tor.

            Separate profile: Wireguard/WG Tunnel or e.g. Mullvad/IVPN/Proton. This solution is good when you are more concerned about bypassing geoblocking. VPN will also work well in hotels, cafes, etc., when you want to hide your outgoing traffic.

                0xsigsev You muddled everything so much that I don't even know what to answer. I didn't relate KYC specifically to Mullvad, what's more, I pointed out that they encourage Monero by giving a lower price. Other VPNs force bank payments, which is related to KYC, but not on the VPN side, but on the bank's side.

                First you claim Mullvad is a scam

                and I explained why, but this applies to all VPNs.

                go on a crusade against TOR

                I pointed out weaknesses known for a very long time. Nothing groundbreaking. Then, I emphasized that Tor is probably the best solution we have now (Lokinet probably won't succeed).

                What you blatantly skip is that you can pick multihop in Mullvad

                Was I only focusing on Mullvad?

                    argante Vanadium supports .onion links directly, so there is no reason to install Tor Browser.

                    So you didn't actually understand any of what I was previously saying about TOR anonymity.

                        n3t_admin So you didn't actually understand any of what I was previously saying about TOR anonymity.

                        And did you notice the settings I indicated? Privacy in Vanadium also relies on the fingerprint not being unique.

                            argante I'll just say it bluntly: you have no idea what you are talking about.
                            If you don't believe me, believe the official usage guide:

                            Vanadium will be following the school of thought where hiding the IP address through Tor or a trusted VPN shared between many users is the essential baseline, with the browser partitioning state based on site and mitigating fingerprinting to avoid that being trivially bypassed. The Tor Browser's approach is the only one with any real potential, however flawed the current implementation may be. [...] The focus is currently on research since we don't see much benefit in deploying bits and pieces of this before everything is ready to come together. At the moment, the only browser with any semblance of privacy is the Tor Browser but there are many ways to bypass the anti-fingerprinting and state partitioning.

                            There is very good reason why neither Vanadium, nor Brave private tabs or anything else (mostly scamware) lives up to the standards of the TOR project. If you don't understand how browser fingerprinting works, please don't claim to have solutions that will compromise people's security sooner or later.

                                https://discuss.grapheneos.org/d/12592-mullvad-introducing-defense-against-ai-guided-traffic-analysis

                                Mullvad admitted that even though they don't save logs, 90% (?) of the traffic is captured anyway (data centers, ISPs):

                                https://www.vice.com/en/article/fbi-bought-netflow-data-team-cymru-contract/

                                https://www.vice.com/en/article/us-military-bought-mass-monitoring-augury-team-cymru-browsing-email-data/

                                DAITA: if there's e.g. Cloudflare with MitM capabilities on the way, then despite this additional protection, it will probably be possible to get rid of this noise. But it's good to see that they're taking such initiatives.

                                  n3t_admin If you don't understand how browser fingerprinting works, please don't claim to have solutions that will compromise people's security sooner or later.

                                  This can be decided by directly comparing Vanadium with these settings vs Tor Browser. So far I've tested vs Librewolf and Vanadium performed better in such a fingerprint test.

                                  At the moment, the only browser with any semblance of privacy is the Tor Browser but there are many ways to bypass the anti-fingerprinting and state partitioning.

                                  Nice of you to point that out.

                                      argante So far I've tested vs Librewolf

                                      okay, since this is derailing into completely unrelated topics now, I'm out of here.
                                      I just hope the project account will clean up here soon enough. (Dangerous) misinformation is usually not tolerated here, btw.

                                        You muddled everything so much that I don't even know what to answer

                                        How about you start providing source of your claims. So far all you say is Mullvad this Mullvad that, TOR this TOR that but you have not provided a single article proving your claims. Like the one below, where there's NOTHING from Mullvad, instead same article about Team Cymru and their "offering" which I am sure is just marketing bullshit bingo and they can't deliver.

                                        argante argante Mullvad admitted that even though they don't save logs, 90% (?) of the traffic is captured anyway (data centers, ISPs)

                                        Go ahead and prove me wrong with a single reputable source proving your claims. If you can't them stop spreading FUD.

                                              0xsigsev

                                              So far all you say is Mullvad this Mullvad that, TOR this TOR that

                                              Start with yourself and write precisely what you are referring to.

                                              Like the one below, where there's NOTHING from Mullvad,

                                              https://mullvad.net/en/blog/introducing-defense-against-ai-guided-traffic-analysis-daita
                                              .............^^^^^^^^^

                                              instead same article about Team Cymru and their "offering" which I am sure is just marketing bullshit bingo and they can't deliver.

                                              If you (so) sure is just marketing bullshit go ahead and prove me wrong with a single reputable source that it is not so.

                                              Mod note:

                                              Removed this last sentence. The discussion isn't getting toxic. Claims were made and those claims were questioned. People not agreeing with you isn't toxic.

                                                  argante Just one last sentence from me, because this discussion is going nowhere, you clearly don't understand what you read and make sensations out of it just like the two initial articles you linked and I replied to. But I understand now why...

                                                  1. The Mullvad article states something that was known for a.very long time and even here on this very forum many people said this. ISP is your first hop, many (especially big ISPs) monitor the traffic as a standard security practice, in EU this is (more) regulated than in US. Everyone knows it, no one tries to hide it as you imply here.

                                                  2. Team Cymru.. lol, I won't link any documents or links, because I can't, but at the same time I won't ask you to just trust me on this, this is not how this works.

                                                  Having said that I'll simply stop replying to your posts because it's pointless, there's no (technical) discussion with you, if you don't grasp the concepts of how any of this works and just parrots sensationalists and attention seeking media.

                                                    16 days later