Mullvad VPN: Introducing Defense against AI-guided Traffic Analysis (DAITA)
Mullvad VPN: Introducing Defense against AI-guided Traffic Analysis (DAITA)
Even if you have encrypted your traffic with a VPN (or the Tor Network), advanced traffic analysis is a growing threat against your privacy. Therefore, we now introduce DAITA.
Even if you have encrypted your traffic with a VPN (or the Tor Network), advanced traffic analysis is a growing threat against your privacy. Therefore, we now introduce DAITA.
Through constant packet sizes, random background traffic and data pattern distortion we are taking the first step in our battle against sophisticated traffic analysis.
-
The Chinese Great Firewall (GFW) has already been using machine learning to detect "illegal" traffics. The arms race is moving towards the Cyberpunk world where AIs are battling against an AI firewall.
-
Careful criticizing China you will awake the Tankies.
-
Drums, drums in the deep ...
-
HI WINNIE POOH! How have you been, have you had your daily dose of honey yet?
-
-
-
That's one of the reasons why I love Mullvad, they actually care about their customers, not just about their bottom line
-
I wonder how much of a bottom line they actually have given how cheap their service is.
-
I'm pretty sure they are profitable, considering they were founded in March of 2009. You can't really run a company without profits for 14 years, right? Just routing network traffic isn't that expensive after all. They are the only ones being honest about it, other VPNs charge way more because they only want to extract money from their customers.
-
If only they didn't bend the knee to the five eyes and drop port forwarding
-
They got rid of port forwarding to improve the reputation of their IP ranges. That makes it less likely for Mullvad users to get blocked by CDNs like Cloudflare and Akamai when visiting websites. If you want port forwarding, just use AirVPN or rent a VPS and use that. Not sure what you're talking about, but Mullvad is based in Sweden, which is not a part of the five eyes alliance. It's a part of 14 eyes, but Sweden has very strong privacy laws, Mullvad even has an entire page about privacy legislation in Sweden: https://mullvad.net/en/help/swedish-legislation
They also have a page that explains how Sweden being part of the 14 eyes alliance doesn't really affect Mullvad: https://mullvad.net/en/blog/5-9-or-14-eyes-your-vpn-actually-safe
Their office was also raided by prosecutors last year, and they weren't able to seize any customer information, because Mullvad doesn't store anything about their customers: https://mullvad.net/en/blog/mullvad-vpn-was-subject-to-a-search-warrant-customer-data-not-compromised https://mullvad.net/en/blog/update-the-swedish-authorities-answered-our-protocol-request
-
You could always tunnel a publicly routable IP address over your VPN... I.e. https://tunnelbroker.net/
-
5 eyes shit is dumb pop security anyway. As if the CIA can't rent colo space in Kazakhstan and market you some extra spooky VPN.
-
-
-
Still waiting for Defense Against the AI Dark Arts to drop
-
DAIDA
-
?
-
Harry Potter reference.
-
-
And Dumbledore’s AIrmy for when they forbid DAAIDA as an anti-terrorist measure
-
-
No port forwarding really kills the utility though - I mainly use the VPN to do port forwarding (e.g. for video games, Plex, etc.) as my ISP is shit.
Like I'm not worried about state-level de-anonymisation, I just want to be able to share services remotely and have a minimum level of anonymity.
-
Port forwarding removed because hosting threatened to kick mullvad out. Lot of shit hosted through that. No hosting, no vpn, so needed to remove to continue operate.
-
ProtonVPN has it though, which is what I'm using now.
-
How does port forwarding help with videogames?
-
Opens up your NAT for matchmaking
-
I host a server, I forward the port, my friends can connect to the open port on the VPN side.
My ISP does not offer port forwarding.
-
-
Someone else pointed out Tailscale; I've had luck with free tier VPS+WireGuard.
I have an Oracle one which has worked well. Downside is I did link my CC, because my account was getting deactivated due to inactivity (even using it as a VPN and nginx proxy for my self hosting wasn't enough to keep it "active"). But I stay below the free allowance, so it doesn't cost.
That said: as far as anonymity goes, it's not the right tool. And I fully appreciate the irony of trying to self-host to get away from large corporations owning my data...and relying on Oracle to do so. But you can get a static IP and VPS for free, so that's something.
-
Alternative maybe i2p or tor network. Or make vpn to anon vps and host from there.
-
You can use Tailscale for this
-
Zerotier could also work for you
-
-
I love these guys. Let's see if somebody can just bootstrap the FOSS framework directly on TCP to work on the internet without a VPN. Fantastic project
-
Those words sound cool and mean literally nothing
-
Bootstrapping See the Application section specifically.
FOSS = Free/Open Source Software TCP = Transmission Control Protocol VPN = Virtual Private Network
These words mean a lot actually. Pretty basic terms when it comes to the internet.
-
-
I'm afraid just generating random traffic from your IP address won't do anything against traffic flow analysis. Because most internet traffic is point to point, people who are interested in the flow, just follow the traffic moving between various points. So if you're sending extra traffic to other random sites, it doesn't interfere with point-to-point flow analysis.
In the context of a VPN, because all of your traffic is encrypted, you have to work harder to determine what traffic is going where. Because all traffic is going from your network to another virtual network. So an outside observer just sees the size and frequency of traffic but not the destinations. In this context since they don't see the destinations, it makes sense to add random traffic flows, because that'll obscure the signal that the observers are looking for.
-
Err... Like.. a 2009 Java applet? Those were built straight on TCP. And the lack of security let anyone else in the same LAN cafe steal your password.
The closest thing I can think of that goes for the vibe you're talking about is I2P
-
-
How about defense against dhcp option 121 changing the routing table and decloaking all VPN traffic even with your kill switch on? They got a plan for that yet? Just found this today.
-
-
I doubt it would matter in some environments at all.
As an example a pc managed by a domain controller that can modify firewall rules and dhcp/dns options via group policy. At that point firewall rules can be modified.
-
-
-
Love they called the defence framework "Maybenot".
-
I swear the defense against the dark arts teacher just keeps getting weirder and weirder.
-
I can tell you that this exists way before AI, I wish that there was more awareness earlier but it's good that now its starting
-
So it's like a VPN-busta-busta?
What if they have a VPN-busta-busta-busta though?
-
Then we have to wait til they drop the legendary VPN-quad-busta
-
-
I use Mullvad really good, love how they don't care who you are and can actually maintain complete anonymity even in payment.
Propably going to be banned soon for some stupid reason if gets popular, like free speech is allowing the terrorists make bears cry or something.
-
Windscribe had something similar already? Not exactly this, but they had a feature to add other random traffic to your network specifically to work against systems like these.
-
So… Tor?
-
Not just tor. Tor plus random traffic.
Let's say across your VPN you always sent one megabyte per second of traffic even if you had nothing to say. And then everybody connected to the VPN endpoint did the same thing. Then it gets very difficult to actually follow the traffic flows of the encrypted packets. You don't see a large chunk of data passing through the network
-
Tor is much better than a VPN privacy wise. However, you are limited on speed and stuck with TCP.
-