Very cool, hopefully other companies take note.
Great news! Mullvad is great even if their account security makes you do a double take
Can someone explain to me what this means? I’m technologically inept when it comes to privacy, slowly getting better day-by-day thanks to Lemmy.
What does “without any disks in use” mean?
- If the computer is powered off, moved or confiscated, there is no data to retrieve.
- We get the operational benefits of having fewer breakable parts. Disks are among the components that break often. Therefore, switching away from them makes our infrastructure more reliable.
- The operational tasks of setting up and upgrading package versions on servers become faster and easier.
- Running the system in RAM does not prevent the possibility of logging. It does however minimise the risk of accidentally storing something that can later be retrieved.
https://mullvad.net/en/blog/2022/1/12/diskless-infrastructure-beta-system-transparency-stboot/
I’m not an expert but I think : The site you visit only sees the VPNs info. Which is how you maintain some anonymity while browsing. However, if your VPN keeps logs, then you can still be tracked, just at a different place. Some say they don’t keep logs, and you’d have to trust that.
RAM is considered volatile memory, so each time the server turns off, it loses all data. This is compared to disk (hard drives of whatever type) which retain memory even if the server turns off.
In theory, this ram only server prevents them from keeping logs (like which user went where) since the server wouldn’t even have a place to store it.
Edit: lustrums post is more accurate and has info that this doesn’t prevent logging per se, but could prevent accidental logging. I.e. they can’t hire a forensic computer specialist to parse through operating system logs to try to find info they didn’t otherwise log elsewhere.
If the computer is unplugged, there’s nothing left on a hard drive to show what state it was in. This means nobody malicious can physically remove their servers and gain information about customers.
deleted by creator
No data is supposed to be readable after you shut it off. There are ways to restore it though but it’s still vastly better in leaving no trace.
It means that even though Mullvad already doesn’t log anything about their users activities, there is no persistent storage on the servers, so as soon as it is powered off or raided by The Agencies, there is absolutely nothing to retrieve from it.
A normal computer is usually constantly writing little bits and pieces of data to disk. But data on the disk might accidentally remain on the disk even if it’s not intended. Then that data could be read later by someone else who is spying on VPN users .
There’s also a common assumption that data on disk storage may leave behind remnants even after it’s been overwritten. (Magnetic disks may leave behind some magnetic signatures. Flash drives will stop using sectors that are worn out, potentially leaving data there.) And state actors like NSA might have some capability to recover this ghost data if they get a hold of the actual drives.
There’s a general understanding that data on RAM is irrevocably destroyed within a short time after the device loses power. So attacks on RAM data have to occur in real time while the data is in use. (There may be some attacks that preserve RAM after power down using low temperatures and liquid nitrogen).
Last time I looked at VPNs, mullvad seemed highly recommended for privacy and security. Sounds like it may still be the case.
Anyone pro-Mullvad that can explain to me how it’s better than PIA?
To my knowledge, which may be wrong, PIA has faster speeds and is also entirely RAM-based.
That said…I’d gladly switch if that’s untrue and Mullvad is better. On the outset, it sounds like Mullvad triggers search engine captchas less, which would be a nice win.
edit: Well, you all convinced me. Made the switch.
PIA and Mullvad should have equal speeds because they both have 10gbps servers and wireguard. Both PIA and Mullvad use ram-only servers exclusively. As for search engine captchas, I never get them with Mullvad. The main issue with PIA is that they were bought by a questionable company that previously developed adware. You can read about that here. Personally, I would never use a privacy tool that is owned by an ad company, even if they claim to have changed. I used them up until the acquisition, then switched and have been extremely happy with Mullvad.
As for search engine captchas, I never get them with Mullvad.
That has nothing to do with VPNs, and everything to do with how your browser “leaks” your user behaviour history.
Captchas go through your browser behaviour history and examine the clicks and pages you have gone through, how long you were on each one and how you scrolled through each page. Stuff like that. If that browser behaviour history reaches a minimum threshold of “human-like behaviour”, there is no test to pass. If it doesn’t, or there is no history to go after, you get a test.
I do not use a VPN provider but damn, that’s cool as hell. Now how do I self host it? :D
Wouldn’t that defeat the purpose of a VPN?
Not if you want to VPN to your home.
But why would logs you hurt than?
How to debug and how to do forensic if only the supposed persons are connected to your home, if you don’t have any logs?
