1 yr. ago • 100%

Mullvad VPN - Infrastructure audit completed by Radically Open Security

mullvad.net Infrastructure audit completed by Radically Open Security - Blog | Mullvad VPN

We tasked the Netherlands based security firm Radically Open Security (RoS) with performing the third audit towards our VPN infrastructure.

We invite you to read the final report of our third security audit, concluded in mid-June 2023, with many fixes deployed late June 2023. Further re-tests and a verification pass was performed during July.

Radically Open Security found no information leakage or logging of customer data

RoS discovered 1 High, 6 Elevated, 4 Moderate, 10 Low and 4 info-severity issues during this penetration test.

Privacy @lemmy.ml Mullvad Announce Latest Infrastructure Audit

TechNews @radiation.party [HN] Mullvad VPN – Infrastructure Audit Completed by Open Security

Hacker News @derp.foo Mullvad VPN – Infrastructure Audit Completed by Open Security

17 comments

Forgot one point

got in trouble for not offering port forwarding anymore
38
- Yeah I had to move to another provider over this. It's sad, I like their policies and services, but it's a deal breaker.
  
  9
  
  why do you need to port forward over vpn?
  
  2
- Getting in trouble? It's more like:
  
  Server providers threatening to terminate business with Mullvad because some of its users used port forwarding to host contents that meant legal trouble.
  
  Mullvad chose to terminate support for port forwarding in a transparent way and gave clear dates to prepare. This was done instead of selling off their users or collaborating with whatever legal threats they were facing.
  
  I don't like it, but at least I understand their business decision. Even if I took my business elsewhere, they have a solid point on transparency.
  
  3
  
  Agreed, but getting in trouble sounds funnier
  
  1
Good VPN.

13
Mullvad is a great vpn, one of the best for sure. Unfortunately because they don't support portforwarding the product is not a option for me anymore. I switched to airvpn and am satisfied with it.

13
- I never really used a VPN, what is your usual use case and what exactly would I need port forwarding for?
  
  6
  
  I use it for downloading torrents without leaking my IP. If you can't portforward you are limited to downloading torrents. You won't be able to upload, or at the very least your upload speeds will be very slow. If your primary use case is torrents portforwarding is important. It allows you to open a port and be able to upload.
  
  2
Happy customer for years.

It's a shame port forwarding is not supported anymore, but I'm thinking of other ways to supply the deficiency instead of switching providers.

10
- What other ways are you referring to, if I may ask?
  
  5
  
  Having a VPS and routing all traffic between VPS and homeserver using wireguard. It's often discussed in selfhosting communities where the admin is behind restrictive firewalls and policies (which means no port forwarding) or cannot afford to reveal their home ``IPs
  
  2
Cool to see. Does anyone have more context on these types of tests and how mullvad did?

10
- If you read the report there's both context there and also on their site mullvad have commented on the found issues stating either reasons or what they are doing to fix it.
  
  7
Keep it up, guys. Mullvad is since years my go to VPN.

7

You've viewed 17 comments.