[HN Gopher] Mullvad VPN now accepts Monero payments
___________________________________________________________________
Mullvad VPN now accepts Monero payments
Author : rvz
Score : 284 points
Date : 2022-05-03 10:29 UTC (12 hours ago)
(HTM) web link (mullvad.net)
(TXT) w3m dump (mullvad.net)
| 0des wrote:
| Its too bad monero research lab seems to be slowing down and
| disbanding.
|
| Devs have to eat and all, but I wonder sometimes if a longer and
| slower emission curve would have helped here. Monero is mostly
| emitted at this point.
|
| For a project that means so much to the world and still has much
| work to do, its a shame how things turned out with MRL.
| opportune wrote:
| More people need to put up bounties for feature development.
| There are some existing sites but they're not heavily used. I
| think plenty of people would be happy to develop a feature for
| 5/6 figures.
|
| There are also some monero whales that could probably stand to
| contribute to further development even if they don't do it
| themselves (like fluffy pony) but unfortunately it looks like
| they are/he is in the early stages of getting Assanged
| vmception wrote:
| Why is that bad? it's done
|
| people deciding if they want excess holdings of Monero shouldnt
| base their confidence on a standing committee
| 0des wrote:
| It is not a standing committee, it was community funded
| research that produced privacy technology. "It" is never
| done.
| vmception wrote:
| Tornado cash is good _enough_ tbh
|
| Monero communities arrogance and in-grouping has segregated
| them just like they desired. That technology and user
| experience is an evolutionary dead end, it can exist and
| that has enough utility. But in the multichain world the
| user experience is better and the funding models are
| better, even gitcoin grants streamline development of
| projects.
| 0des wrote:
| Respectfully I disagree with this statement, on a
| conceptual, as well as factual level.
|
| >Tornado cash is good enough tbh
|
| I hold neither of these, but as someone with a
| significant amount of experience in the field, the facts
| are clear. "Good enough" is not an objective measurement
| of the binary quality of fungibility. Monero is fungible.
|
| Is this me saying everyone should go out and buy some
| Monero, no, it is me saying that when you consider the
| mechanics of the way these two scantly comparable
| technologies function, there is one clear winner because
| only one is fungible.
|
| I don't have a response to the social issues of those
| that use or perpetuate Monero adoption, just as I don't
| have a response to the social issues of those that use or
| perpetuate USD, or any other asset. It's not my business
| what other people do, and I don't feel associated by
| virtue of using the same utility.
|
| > That technology [ ... ] is an evolutionary dead end
|
| This will need a source.
| tromp wrote:
| > the binary quality of fungibility
|
| The fact that Monero has been growing the minimum ring
| size over time, as well as refining the decoy selection
| algorithm, shows that fungibility, in the sense of
| transaction graph obfuscation, is more of a spectrum.
| vmception wrote:
| Its good enough in user experience and storage, in fact
| far superior to Monero's experience. When a user then
| wants fungibility the one time they want the state's
| money and financial institution then they use Monero as a
| conduit.
| selsta wrote:
| monero, without dev tax and pre-mine, simply doesn't have the
| funds to compete in research with other, more well funded
| projects. I don't see how a different emission curve would have
| helped here.
|
| MRL work is progressing on Seraphis[1] which will allow for
| significantly higher ring sizes without increasing the
| transaction size. A proof of concept is currently in
| development.
|
| [1] https://www.getmonero.org/2021/12/22/what-is-seraphis.html
| 0des wrote:
| Hello Selsta :)
| seibelj wrote:
| This is why tokens make sense. Can fund development of new
| features if you could integrate new tokens on Monero. It's how
| Ethereum has moved mountains with new infrastructure projects.
| px43 wrote:
| Tokens were thing on Bitcoin too. They were called "colored
| coins". The reason that it works on Ethereum is turing
| complete scripting allowing you to build all sorts of fun
| financial gadgets and tools around the token.
| hereme888 wrote:
| Monero is about to go through a hard fork and significant
| upgrades, like trading XMR to BTC and back without a
| centralized exchange. The mining rewards was recently voted to
| a specific amount for perpetuity, to guarantee it never going
| to zero. I think the project is going quite well.
| tiluha wrote:
| The mining reward schedule has not been changed since monero
| was started. The tail emission was alays part of the
| protocol.
| seanw444 wrote:
| Thank you, Mullvad team! This is quite literally the only feature
| I've been wanting. Everything else works well. Bandwidth?
| Excellent. Apps? Excellent. WireGuard? Excellent. No form of KYC
| required, period? Excellent. Payment options? Excellent.
|
| I hope I don't live to see you turn into every other shady VPN
| service.
| tomxor wrote:
| I really like mullvad's service too (wiregaurd)... My only
| issue is that is seems to have become increasingly difficult to
| access many websites through their servers.
|
| I suppose this is inevitable to some degree with any VPN
| service, it's part of the deal for more privacy, you have to
| share an IP with potential sources of abuse. But it seems to
| have gotten really bad recently to the point that I end up
| server hoping throughout the day because different websites
| will have blocked different mullvad servers - to complicate
| matters some of their newer server IPs hosted by another
| company are misidentified as russian and blocked by many sites
| and services.
|
| I'm not blaming Mullvad, but it's changed my use of their
| service from a set and forget to a constant reminder that i'm
| on a VPN... I don't know what the solution is beyond some crude
| cycling of IPs.
| InCityDreams wrote:
| >seems to have become increasingly difficult to access many
| websites through their servers.
|
| And i, very happily, continue on without those 'many
| websites'. Of which, there are actually, very, very few for
| me. Nevertheless - fuck 'em; and not missed.
| mirceal wrote:
| 2 thoughts:
|
| 1) if you do this for unauthenticated websites you are bad
| and I will not use you
|
| 2) if you do this for authenticated websites (especially if I
| pay you) I will stop using you and you will lose my money.
|
| The most I will accept is a captcha (because it's 2022 and
| this is where we are)
| handsclean wrote:
| The way I see it, websites like that are saying they'll only
| do it without a condom. You want it real bad, so it's
| tempting to try to bargain about it, or maybe just take it
| off for now - it's just a little while, what're the chances
| it goes wrong? - but we all know that the smart move is to
| keep it on or back out entirely. Reasonable partners, of
| which there are many, understand and cooperate. And ones that
| don't aren't the type of partner you want anyway.
| vortext wrote:
| Username checks out.
| nonrandomstring wrote:
| > My only issue is that is seems to have become increasingly
| difficult to access many websites through their servers.
|
| Welcome to the world of Tor users. People who value online
| dignity need to work together against privacy hostile web
| technologies. My present bugbear is Cloudflare, who seem to
| do a lot to disrupt privacy respecting technologies.
| Ultimately though, the power lies with web service designers.
| One can no longer pretend "I didn't know" when turning over
| delivery to some cheap (free) but shady CDN who then blocks
| millions of legitimate users because they don't want to be
| tracked and spied on.
| brightball wrote:
| Yea problem from an admin perspective is that all malicious
| traffic attempts to use privacy respecting technology. It's
| more guilt by association than anything else for the
| legitimate users.
|
| One of the weird realities is that in order to combat fraud
| you need to be able to identify the source, which is a hard
| reality as a privacy advocate.
| nonrandomstring wrote:
| Not specifically picking on you (thanks for replying) but
| may I rephrase that a little and then ask something;
| "Sinners look just like saints, so it's necessary to
| punish all, to destroy the riches of the many in
| order that wicked few do not escape."
|
| Is that a fair framing of the "ethics" of what you said?
| (I'm not attributing that as 'your' argument, I
| understand you're kinda just trying to 'explain'
| something as you see it).
|
| Do you think this kind of thinking can continue to stand
| if technology is ever going to be fair and useful to
| everyone? Or do we just accept that technology always
| amplifies as least as many problems and injustices as it
| solves?
| brightball wrote:
| Short answer: I think companies will act to solve the
| problems they're experiencing.
|
| I added some of my own experience here:
| https://news.ycombinator.com/item?id=31252676
|
| If an army is attacking your border and somebody walks
| through them saying, "It's okay, I'm totally legitimate!"
| that person is probably still going down in the
| crossfire. Enter from the direction where the attacks
| aren't coming from and your odds will increase
| significantly.
|
| Ultimately, companies will either adopt a very strict
| security policy on their own or they will respond to the
| problems that they are experiencing. If you are a US only
| company and you start getting malicious traffic from
| Romania, it's fairly common to just block all of Romania.
| When you're using tools like Maxmind for network
| identification, VPNs and Tor are just another traffic
| source that you can choose to block if it's causing you
| problems.
| nonrandomstring wrote:
| Thanks, good response.
|
| What I'm getting is that you consider the "attack" an
| immediate mortal threat and the granularity of tools and
| techniques for discerning enemy/friendly identity and
| behaviour are lacking. The principle ethical stance is
| really self-preservation.
|
| > "It's okay, I'm totally legitimate!" that person is
| probably still going down in the crossfire.
|
| Nice analogy. I may have to steal that :)
|
| Given that we can't rely on identity [1], can we improve
| analysis and response to behaviour?
|
| [1] I see in an earlier response you talk a bit about
| fingerprinting, and of course anyone serious about
| privacy will modulate OS and browser FPs without
| malicious intent.
| brightball wrote:
| Again, also very situational.
|
| For example, at the site where I worked we needed much
| stricter protection but we didn't want to bother the
| established users of the site...so we setup trust scores
| and implemented stricter controls on a sliding scale. The
| higher your trust score, the less strict we would be with
| our policies.
|
| As a brand new user, your score was a flat 0. You could
| boost it by verifying a credit card, phone number and
| address (without using a VPN/Tor). Successful
| transactions rewarded your score. Transactions with
| established users are more valuable than transactions
| with other new users, etc.
|
| All the security was virtually invisible to the
| established users and it worked like a charm.
|
| Regarding the fingerprinting, at the time that we were
| doing this anti-fingerprinting technology barely existed.
| We had some other tricks in the bag too to fingerprint
| based on behavior. It was a lot of fun working on that
| stuff though. Very much a cat and mouse game.
| qw3rty01 wrote:
| No, because you're framing it like they're blocking or
| challenging every user that comes to their site. Instead,
| when 90% of your malicious traffic comes from VPNs/TOR,
| it makes way more sense to just block or challenge those
| specifically even if it causes an inconvenience on the
| ones who use those services in a non-malicious way.
| nonrandomstring wrote:
| Just to be clear I was asking that of the parent poster
| brightball.
|
| I'm trying to map the technical explanations people give
| onto what may be going on for them at "ethical reasoning"
| level.
|
| You're welcome to add your interpretation of course.
|
| You probably guessed I'm looking to distinguish a Bentham
| from Mill sort of utilitarianism.
| bauruine wrote:
| Where do you have the information from that "all
| malicious traffic attempts to use privacy respecting
| technology."? I just checked an access.log (from a searx
| instance) and an auth.log for malicious traffic and it
| doesn't look at all like that.
|
| ssh bruteforce top 5 offenders:
|
| 147 (Tor: 0) TENCENT-NET-AP-CN
|
| 133 (Tor: 0) DIGITALOCEAN-ASN
|
| 31 (Tor: 0) CHINANET-BACKBONE
|
| 17 (Tor: 0) BAIDU
|
| 13 (Tor: 0) CHINANET-SH-AP
|
| Overall there where 737 unique IPs from 241 ASNs and 1
| was a Tor node.
|
| access log top 5 offenders:
|
| 76 (Tor: 0) DIGITALOCEAN-ASN
|
| 58 (Tor: 0) CONTABO
|
| 54 (Tor: 0) AMAZON-AES
|
| 50 (Tor: 0) KAZTELECOM-AS
|
| 34 (Tor: 0) CORBINA-AS
|
| Overall there where 1672 unique IPs from 618 ASNs and 4
| where Tor nodes.
| brightball wrote:
| Not necessarily Tor, but a VPN could be coming from any
| of those sources.
|
| I spent a recent chunk of my career combating fraud on a
| niche-eBay style site and the people trying to defraud
| other users, pay with stolen credit cards, login with
| phished credentials, etc were consistently trying to hide
| their origin.
|
| Until we started using fingerprinting techniques to track
| them across multiple accounts and IPs, we had no way to
| spot this. It was a shock to me when I realized there
| were legitimate uses for fingerprinting technology
| because I'd always associated it with ad networks and
| trackers. They're fairly necessary for combating fraud
| though.
|
| When we stopped letting any untrusted users run a credit
| card if their connection couldn't be trusted, our charge
| backs virtually stopped. That experience makes me
| completely understand sites scrutinizing anonymized
| traffic.
| idiotsecant wrote:
| HN tends to be pretty micropayment / cryptobro averse
| (for good reason, mostly) but I think this is a problem
| that crypto could legitimately solve - Tie an anonymous
| 'identity' to a well-seasoned (unmoved for >x time, where
| x = days for some things or maybe years for some things)
| wallet with some reasonable amount of funding in it ($100
| or something) and you become 'Guy who owns that hundred
| bucks'. Moving the hundred bucks unseasons it. The
| provider only respects your claim to be an individual if
| you can prove you've got a pile of 100 seasoned bucks. If
| you do something I don't like, I can ban that pile from
| further interaction. Malicious users would immediately
| move the money around, but at least the malicious actors
| would need a lot of piles of money constantly moving
| around and 'seasoning' to create a bunch of fake
| individual identities, which gets prohibitively expensive
| at scale for all but nation-state type actors which
| you're not going to be able to defend against anyway.
|
| Bam - I am anonymous, but have (mostly) proven I am a
| real person with (mostly) reasonably good intentions.
| nonrandomstring wrote:
| Your talking about earned capital as a forfeitable
| deposit. Sure that scheme has its place.
|
| I joined HN for one or two reasons. To research a book.
| But also to promote my last book. Anyone can post here
| with a throwaway, yet I didn't want to be an interloping
| dick who felt entitled to hit and run posting links to my
| own vanities... so I decided; join, contribute,
| participate, earn. After a few months I don't feel bad
| about plying my own wares a little. Reputation (social
| capital) is natural and ancient and doesn't really need
| crypto.
|
| Most of the Web isn't that though. As an information
| system, as Sir Tim first coined it, it's a publishing
| machine: You advertise a service, I send "requests", you
| send "responses", we part ways without complications.
| Quick anonymous sex on the beach. So-called Web2.0 f-cked
| that massively. Web2.0 wants to exchange phone numbers.
| And once the surveillance capitalist creeps latched on to
| stalking everyone around the neighbourhood... well here
| we are.
|
| I think what some Web3.0 people think is that crypto can
| repair some kind of "middle ground", where Web2.0 type
| behaviours can take place but anonymously and under
| conditions controlled by "stakes". I think this won't
| work for psychological and game theoretical reasons we
| can't get into here. Instead I think we need to repair
| the Web1.0 layer at least, and since transport level
| security and anonymity have become necessary in a post-
| Snowden era, for me that means getting rid of the
| selective prejudice inflicted by systems like Cloudflare.
| shiftpgdn wrote:
| The flip side to this is to have your site hammered by
| bots, scrapers and worms looking for exploits (look at your
| weblogs sometime and see how often Wordpress php pages are
| requested, lol). I don't know what the middle ground is but
| in spirit I agree with you, especially in keeping the
| internet decentralized. In practice I'm not so sure.
| mccorrinall wrote:
| When configured correctly you can use most of the
| cloudflares features such as WAF without blocking all
| tor/vpn users. Requires a little bit more than just
| flicking the ,,i'm under attack" button though.
| throwaway4good wrote:
| "I'm not blaming Mullvad" - you should - this is a direct
| consequence of accepting customers that pay cash and wants to
| be completely anonymous.
|
| In the end they are going to drive their honest non-abusive
| customers elsewhere.
| drexlspivey wrote:
| I have my own VPN on a digitalocean droplet and it's
| basically the same, I'm outright blocked from many sites
| (Imgur for example) and I have to solve tons of captchas.
| DigitalOcean doesnt accept cash so your argument doesn't
| pass the sniff test.
| jcrawfordor wrote:
| DO has a generally poor reputation in the security
| industry as abuse from their services is very common -
| they don't really vet their customers to any real degree.
| The same is true of e.g. AWS which is why a lot of
| websites will outright block traffic coming from AWS.
|
| The reality is that "anonymous payment" is kind of
| pointless, it's basically never the payment method that
| determines abuse potential as abusers have all kinds of
| ways of making payment anonymously even when only e.g. cc
| is accepted. What matters is the level of time and effort
| put into monitoring usage.
|
| To be honest, on a pure sniff test your traffic coming
| from DO is probably _more_ suspicious. There are lots of
| legitimate uses of commercial VPNs. There are not many
| legitimate users of consumer web-browsing from DO.
| mirceal wrote:
| I'm sorry... WHAT? people that value their privacy should
| be banned, right?
| neither_color wrote:
| Not really, this happens with any VPN service to the point
| that if VPN providers were more honest this is what they
| would tell people:
|
| Online stores are more likely to flag your purchase as
| suspicious on the admin side(e.g the Shopify console)
|
| You will run into captchas and prompts for authentication
| more often
|
| You may not be able to log into some of your more sensitive
| services(like banking)
|
| Streaming sites will block your server eventually
|
| Even if you spin your own wireguard instance on any major
| cloud provider you're going to run into the same issues.
| judge2020 wrote:
| > Online stores are more likely to flag your purchase as
| suspicious on the admin side(e.g the Shopify console)
|
| I'm not sure a VPN provides much utility when you're
| already punching your (billing|shipping) address and CC
| number into a website - that is, unless you're using a
| drop site for your packages, which definitely will make
| you look like someone who has stolen CC digits and is
| trying to cash in on them.
| neither_color wrote:
| Well, to give one use case example, when I'm traveling I
| want to access websites from a US IP address so that l18n
| settings on websites don't serve me in another language
| or metric units by default. That's one way I use VPNs
| that have nothing to do with trying to hide from the NSA
| or whatever people think they're doing.
| phatfish wrote:
| Encountering a foreign language AND the metric system.
| The stuff of nightmares!
| xanaxagoras wrote:
| I've had a lot of trouble with that lately. I can't connect
| to imgur without turning it off, and my USPS.com account got
| straight up banned for logging in over Mullvad, I had to call
| them to prove my identity.
| heipei wrote:
| All that plus IPv6 support, which is still not that common
| among VPN providers.
| judge2020 wrote:
| On that note, is there a good consensus on IPv6 blocking? I
| know some ISPs provide a /48 while mine (AT&T) only provides
| a /64 to each customers. I would imagine most websites, when
| blocking a v6 for abuse, block the whole /64?
| mekster wrote:
| Wish the name was easier to remember. It opens opportunity for
| typo domain/app squatters to take people elsewhere. I had to
| double check the spell from reliable sources.
| gog wrote:
| It's always interesting to see how often stuff that Mullvad does
| ends up on HN, even when it's not something new. There are other
| VPNs out there that were accepting Monero for a long time.
| badrabbit wrote:
| I gotta say, I love Monero but every single time I see malware
| deploy a miner it is Monero for obvious reasons. More than any
| currency I want it to succeed because of true anonymity it
| provides but when you accept Monero, better beef up your anti-
| abuse capacity.
| stavros wrote:
| What kind of abuse could I be subjected to if I accept Monero?
| Seems like the most that could happen is that people can send
| me money.
| opportune wrote:
| I don't think there is much of any risk of accepting it
| except that you may not be able to comply with KYC.
| vorpalhex wrote:
| 1. Accept kickbacks from <terrorist org>
|
| 2. Buy your product with kickbacks
|
| 3. Resell your product at a discount for clean money
|
| Congrats, you now get to meet all the alphabet people in
| person and spend a lot of one on one time with them. Hope you
| didn't have any traveling planned cuz you aren't getting on
| any airplanes.
| Kiro wrote:
| > for obvious reasons
|
| You might think it's because it's private and confidential but
| it's actually because it's suited for CPU mining.
| badrabbit wrote:
| Either way it is very difficult to find the owner of an XMR
| "wallet"
| Grimburger wrote:
| It feels wrong going in defending them here but basically
| nothing else on the planet is CPU mine-able anymore, RandomX
| was made specifically to exclude GPU's and ASIC's.
|
| If you had intrusions on GPU servers it would be a very
| different story.
| badrabbit wrote:
| I can't tell you why they compromise thousands of docker
| containers,vms and even run of the mill malware drops xmr
| miners with winring0.sys on windows to run at ring0
| throwaway4good wrote:
| Many years ago I worked for a telco that had a mobile product
| that you could buy with cash (show up in a convenience store with
| cash and you would get a SIM card for use straight away without
| any form of registration).
|
| This was 5 times as expensive compared to when you paid by debit
| or credit card.
|
| This offering was extremely popular amongst drug dealers and
| people needing a burner to call in a bomb threat. (Maybe there
| were legislate uses too - I never found out.)
|
| The problem for the telco was that this was generating hundred
| fold the number of request for wire tapping and logging by the
| courts and the police. And by law the telco was required to
| service these request free of charge.
|
| So in the end the business simply wasn't there even though the
| margins were sky high.
|
| Moral of the story: selling stuff to criminals might seem like
| easy money but may not be worth the trouble.
| lordofgibbons wrote:
| >Moral of the story: selling stuff to criminals might seem like
| easy money but may not be worth the trouble.
|
| Interesting that you think only criminals want privacy. I use
| Signal and TLS too, I must be Pablo Escobar's second coming?
| stanmancan wrote:
| If you looked at 'average people' versus 'criminals' you'll
| find that there's a much higher demand for privacy/anonymous
| communication among the criminals. That isn't to say that
| normal folk don't want privacy too.
|
| The end result is that if you're one of few company that
| offer privacy to your customers you'll find your customer
| base has a higher ratio of criminals as they'll all flock to
| you.
| ipaddr wrote:
| Does this apply to vpns? Have we crossed the more normal
| people are using it threshold than criminals or should that
| be outlawed?
|
| Will we reach a point where self hosting is seen as
| criminal?
| shrimp_emoji wrote:
| I think criminalizing useful technologies is an obscenely
| naive way to operate. You're incurring insane game
| theoretical cost for the consolation of revenge against the
| criminals.
| throwaway82652 wrote:
| Even if you aren't a criminal, the fact is that privacy tools
| of this nature are explicitly relying on having enough volume
| of criminals and other illicit users to provide cover for
| you. This is what they're designed to do, the designers of
| these systems will openly admit to it. You can make your own
| judgement on whether you're ok with that, but it doesn't help
| to deny what's actually happening.
| lil_dispaches wrote:
| When only criminals care about privacy, privacy becomes
| criminal?
| lordofgibbons wrote:
| >the fact is that privacy tools of this nature are
| explicitly relying on having enough volume of criminals and
| other illicit users to provide cover for you
|
| No, that's not how this works. You don't need criminal
| activity to provide you with anonymity. You just need ANY
| other activity in order to get lost in the crowd[1].
|
| Your flawed view is that nobody should have privacy because
| some bad guys might use privacy to do bad things. Privacy
| advocates are the opposite. We say everybody deserves
| privacy as a human right, even if on occasion some bad guys
| take advantage of the privacy.
|
| [1] https://www.getmonero.org/resources/moneropedia/ringsig
| natur...
| _wldu wrote:
| If you are interesting enough, Signal doesn't help at all.
| Some nation state will have NSO infect your mobile device
| with Pegasus and record everything you type, say and do.
|
| People need to understand this. There is no solution for
| mobile device compromise other than to stop using these
| devices.
|
| And if you cannot stop using them, then you must understand
| that everything you type, say and do on or around your mobile
| device is (or will be) public. So treat it like a public
| device at all times.
| lordofgibbons wrote:
| Sure, but just because nation states can hack you doesn't
| mean you should throw your hands up and give up on keeping
| your data as secure as possible. There are non-state actors
| who would love to get their hands on your data for profit.
| kuroguro wrote:
| Most of EU has prepaid SIMs without registration AFAIK? It's
| really not much of a problem.
| throwaway4good wrote:
| Not in my home country anymore.
|
| And all major telcos have departments dedicated just to serve
| the authorities.
| Etheryte wrote:
| Interesting story, but how does this relate to Mullvad
| accepting Monero payments?
| throwaway82652 wrote:
| https://en.wikipedia.org/wiki/Monero#Illicit_use
| throwaway4good wrote:
| My guess is that the level of abuse is much higher by the
| customers paying via monero, than the ones paying by card.
| My guess is also that abuse is not entirely without cost
| for Mullvad.
|
| In other words the cost associated with the extra business
| that comes via Monero might be higher than the extra money
| that comes in.
| searchableguy wrote:
| For Indians, mullvad and others will not be available soon.
|
| New order require mandatory logging and storage of customer
| details for 5 years for digital infra providers post June.
|
| https://entrackr.com/2022/04/it-ministry-orders-vpn-provider...
| tintedfireglass wrote:
| What? Why have I never heard of it? Useless news outlets never
| talk about the important things :/ No one is opposing this?
| Why?!
| FollowingTheDao wrote:
| > Useless news outlets never talk about the important things
|
| It's a feature, not a bug.
| atypeoferror wrote:
| I wonder how they plan to impose compliance on entities that
| have no legal presence in India, accept cryptocurrency
| payments, and take no PII as part of the signup process - all
| of which I believe apply to Mullvad.
| searchableguy wrote:
| They are gonna ban self custodial wallet which are rare in
| India anyway. So exchange will monitor and KYC anyone you
| transfer crypto coins to.
|
| Impose a penalty on the citizen side as well.
| fs111 wrote:
| Mullvad accepts cash via mail
| 0des wrote:
| Its either a custodial wallet, like an exchange, or a
| wallet for yourself like keys you generate and hold on your
| own.
|
| The latter is fine
| nvrspyx wrote:
| If you're able to exchange rupee for another currency, you
| can always mail the cash to them. I admittedly don't know
| how feasible or how difficult that is to do though.
| dotnet00 wrote:
| Monero users are more likely to be the type to use a cold
| wallet, and a ban on cold wallets is unenforceable
| (especially for Monero, where transactions can't be traced)
| as it's kind of like holding cash, except that there isn't
| anything to be found physically.
| 5678909787 wrote:
| How could they possibly enforce that? Is there any
| government in the world that's currently able to enforce
| such laws?
| JumpCrisscross wrote:
| > _Is there any government in the world that 's currently
| able to enforce such laws?_
|
| People talk about crypto like offshore bank accounts and
| cash never existed.
|
| How does the revolutionary leader of a Sub-Saharan
| country who suspects the deposed leader has funds in an
| offshore bank account in a jurisdiction that doesn't even
| recognize the incoming regime get the money? Violence.
|
| In hyper-legalistic societies like the U.S., yes, the
| police may sometimes have trouble finding proof that
| survives court scrutiny. (Though I'd guess most people
| aren't practicing good opsec around their crypto.) But
| that isn't most of the world. I don't see the Indian
| police having any trouble arresting and searching someone
| on reasonable suspicion of operating a hidden wallet.
| usednet wrote:
| I'm curious as to what HN's VPNs of choice are.
|
| I personally use IVPN and Mullvad.
| 0des wrote:
| Nice try officer, just AOL for me thanks ;)
| jmuguy wrote:
| Hello fellow youth, I sure do like loitering. Let's talk
| about our favorite spots around town to loiter with our
| friends.
| mirceal wrote:
| Mullvad FTW! I've tried basically all VPNs out there and
| Mullvad and Proton were (at the time I did the experiment) the
| only ones that were 1) trustworthy 2) just worked
| notRobot wrote:
| Mullvad for me. I'm very happy with their offering.
| McDyver wrote:
| AirVPN
|
| You can use openvpn or wireguard as clients (or their own), and
| while i was writing this I just saw they accept payments with
| different crypto (bitcoin, ethereum, litecoin, bitcoin cash,
| dash, doge, monero)
| dotnet00 wrote:
| Same.
|
| The other big point in AirVPN's favor is configurable port
| forwarding. Makes it much easier to quickly expose something
| to the internet on any network.
| capableweb wrote:
| Same as Mullvad. Personally, the greatest feature of Mullvad
| is that they accept cash sent in envelopes, it doesn't get
| more (proven) private than that. Does AirVPN offer something
| similar?
| McDyver wrote:
| I couldn't find that option, so I'd say no
| makeworld wrote:
| https://www.privacytools.io/#vpn
| ravenstine wrote:
| ProtonVPN because I already have a Protonmail account and they
| don't sponsor podcasts (as far as I know).
| Liquid_Fire wrote:
| I'm also not sure why sponsoring podcasts is relevant, but
| FWIW I have heard ads for ProtonVPN on the Darknet Diaries
| podcast (https://darknetdiaries.com/sponsors/).
| ravenstine wrote:
| It affects my decision making because the stuff that gets
| plastered across podcasts and YouTube videos is often crap
| the hosts themselves clearly haven't even used. Just my
| opinion based on the times I've actually researched the
| products I've seen sponsoring content. YMMV
| capableweb wrote:
| Maybe I'm missing something, but why is "not sponsoring
| podcasts" a plus for a VPN service? Personally Mullvad is my
| favorite and AFAIK, they also don't sponsor any podcasts, but
| I don't think that would influence how I feel about Mullvad.
| ipaddr wrote:
| It shows scale and also makes them a bigger target for
| lawsuit which get's settled through access.
|
| Check out what vpn have been sued over the last year (they
| all have been no log companies) and you will quickly
| realize that logs are being shared by anyone of size. The
| smaller the service the better.
| brewdad wrote:
| I used Mullvad for a few years and was largely happy with
| it. I got a multi-year deal on ProtonVPN that was too good
| to pass up, so now I'm on that. Overall, I think I liked
| Mullvad better so may go back to it when my time is up.
|
| I used NordVPN back quite a few years ago. Once they
| started advertising on cable tv shows, I knew it was time
| to jump ship. A VPN service spending that kind of money is
| either burning through cash too quickly to survive, selling
| user data, or a government honeypot.
| flaviut wrote:
| The VPN industry is generally pretty shady & tries to sell
| users services that do them no or even negative good by
| making silly claims.
|
| When a service isn't being honest in their advertising, it
| makes you think about what else they're being dishonest
| about.
| capableweb wrote:
| That's more about what's in their marketing material
| ("when a service isn't being honest in their
| advertising") rather than where they actually put that
| marketing material.
|
| And yeah, then I'd agree, if Mullvad started lying or
| pushing useless services down my throat, I'd definitely
| dump it quickly.
| bennyp101 wrote:
| I just connect back to my router.
|
| I don't have a "hide from websites" need, but a "don't trust
| public internet" need.
| jermaustin1 wrote:
| My own digital ocean droplet. Its easy to set up and get going,
| costs only $5/mo, and with all of my other droplets bandwidths
| combined I effectively have unlimited bandwidth.
|
| Only ever use it on public wifi, and it isn't meant to be
| "private", just good enough to prevent accidental data leakage
| at Starbucks/doctors' offices/wherever else my 5g doesn't reach
| and I'm forced onto public WiFi.
| tomxor wrote:
| I used to do this, and it's nice having your own IP, however
| keep in mind that while you preserve privacy from your
| ISP/gov you lose privacy from the websites and services you
| access as you become very uniquely identifiable.
| jermaustin1 wrote:
| Yeah I'm less worried about trackers (block those with
| uOrigin and AdGuard), and just more worried about data
| leaks on public wifi which are less and less likely with
| everything being on SSL now, but until everything is FORCED
| onto SSL then I will still run my own VPN when I'm on
| public.
| tomxor wrote:
| Note that those are client side. Nothing can stop a
| server from seeing your IP.
| wesapien wrote:
| Please consider shielded Zcash Txs too
| nuclx wrote:
| What are people using VPNs for mostly, if they're living in a
| country without internet censorship?
|
| It's either your ISP or the VPN provider, which can log the
| websites you have visited, so there isn't a clear advantage of
| using a VPN. Sure the VPN provider may claim to log nothing, but
| that's hard to confirm and not proven to be true in some cases
| (related thread regarding Protonmail:
| https://news.ycombinator.com/item?id=28443449).
|
| For researching confidential topics, TOR appears to be fine. VPN
| may have better network bandwidth, or may be blocked from less
| websites than TOR exit nodes I guess.
| V1ndaar wrote:
| For me one big use case: avoiding stupid geoblocks on
| motorsport streams. Often streams are available in countries
| where the licence has not been sold on Youtube or the websites
| of the sport itself (sometimes for free, sometimes as a
| subscription).
|
| For example Formula 1 has F1TV that you can only sign up for in
| some countries (where they didn't sell out to Sky essentially).
|
| Like, I don't even mind paying for a service if it's good and
| actually available!
| InCityDreams wrote:
| Sent a link (yt, less than a couple of minutes long) to two
| friends (in different, and not my, countries). Both blocked.
| One friend changed location via vpn and watched the video.
| The other, no vpn, didn't see the video AND said they
| wouldn't ever use a vpn as they have 'nothing to hide'.
| pluc wrote:
| Getting around region limitations (eg "getting the US Netflix"
| or ability to get Hulu or HBO+ at all in Canada)
| ziddoap wrote:
| > _It 's either your ISP or the VPN provider_
|
| That answers it for many people, I would guess. Even without
| censorship, many ISPs have a much worse track-record for
| gathering and subsequently selling information than, say,
| Mullvad does.
|
| Is it an absolute that Mullvad doesn't log/sell information?
| No, of course not. But they make a much more convincing case
| than my ISP does.
|
| Geoblock avoiding is another common answer. My ISP also sends
| out letters if you torrent, which can be annoying to receive -
| Mullvad alleviates that.
| nuclx wrote:
| Here in Germany the rights of ISP users are supposedly better
| protected than in other jurisdictions. At least that's what I
| heard on this podcast [0], latest episode iirc.
|
| [0] https://www.stitcher.com/show/cypherpunk-bitstream
| trompetenaccoun wrote:
| Yet you can't watch age restricted youtube videos without
| giving them your ID or credit card information. In the name
| of "protecting children".
|
| The German government also threatened to ban Telegram which
| would have put them in line with places like China, Russia,
| Cuba and Iran. I think Telegram folded and now removes
| channels at their request in order to avoid being fully
| censored.
| 0daystock wrote:
| > Is it an absolute that Mullvad doesn't log/sell
| information? No, of course not. But they make a much more
| convincing case than my ISP does.
|
| That's not the only deciding factor though, is it? Mullvad
| (not singling them out, but just for sake of illustration) is
| in many ways is more attractive to bad actors because it
| centralizes users seeking privacy. On top of that, you're
| adding additional software and network complexity which
| equals attack surface. There's more to consider than what
| appears at face value when considering whether a VPN is
| appropriate.
| zucker42 wrote:
| There's significantly more competition among VPNs than there
| are among ISPs in any given area, so it should be no surprise
| that some VPNs are more trusted than ISPs. Most people have
| only a few choices for their ISP, and maybe only one that
| offers the features they require (for example, only one ISP in
| my area offers high enough upload speeds to reasonable backup
| my computers). In many cases people don't have a choice of ISP
| that will keep their data private.
|
| Therefore, you are trading trusting your ISP for trusting your
| VPN, but at least you are getting someone who _says_ they care
| about your privacy (rather than someone who has a track record
| of not caring) and someone who would face significant business
| repercussions if they became untrusted, rather than someone
| that would face almost no business repercussions.
| photon-torpedo wrote:
| > What are people using VPNs for mostly, if they're living in a
| country without internet censorship?
|
| Current example: https://news.ycombinator.com/item?id=31248250
| modeless wrote:
| I don't have a choice of ISPs. It's not a competitive market
| and they have no incentive to respect my privacy in the
| slightest.
|
| In contrast I can choose any VPN provider in the world. It's a
| competitive market and they have strong incentives to respect
| privacy because it's one of their main selling points. Any VPN
| that is discovered to not be respecting privacy will lose a lot
| of business in short order.
|
| Sure you can say that they can violate privacy in secret, but
| that's a big risk for them. It's no risk at all for an ISP
| because their customers have no choice. It's no guarantee, but
| it's definitely a better situation to use a company that
| actually has incentives aligned with yours.
| dotnet00 wrote:
| ISPs are often in a more powerful position, in the sense that
| they often have more streams of data to you than just your
| internet usage. E.g. your mobile service provider is also your
| ISP when you're on the go, thus they also have your call and
| text history and location history to correlate with your
| browsing history.
|
| On top of that there's also the value of just having privacy
| even if the ISP can be trusted. E.g. I might not mind being
| seen naked by a friend, but I would still prefer for that to
| not happen.
|
| In general I think a lot of the big providers who have gone
| without incidents (and without major changes) for a long time
| can be trusted. I feel the incidents with Proton were somewhat
| overblown, since their page on legal notices received did
| mention that they could be compelled to log IP addresses (or at
| least that's how I remembered it). But even without that, I
| think Mullvad has been pushing for "system transparency" where
| users can verify all the software that's running on their
| servers, which is a step in the right direction towards
| providing confidence that they are indeed not logging anything.
| jiveturkey wrote:
| USA-based.
|
| I personally use it to evade IP-based tracking, for random
| example LinkedIn. Try browsing LI from your home. LI will
| suggest that you connect to others in your home. Even though I
| have a fake LI profile, not linked to other members of my
| household, so this doesn't actually invade my privacy, it's
| still yucky that they maintain a shadow connection between us.
| There are tons of sites/services that do this kind of simple
| yet invasive tracking.
|
| I also use it in rare cases for torrenting or downloading
| content. I normally have other methods for torrenting and
| seeding privately but in some cases I want another level of
| privacy (nothing illegal/bad/censor worthy, and therefore would
| be ok with law enforcement connecting the dots through VPN), a
| level that VPN serves well.
|
| I am glad that the VPN providers sell people on nonsense, on
| protections they can't guarantee (to Western countries anyway).
| This makes the service actually available at all. To me it's an
| analog of the https-everywhere cargo cult, that makes it super
| easy these days to get a free SSL cert.
|
| No technology is perfect. It doesn't make it useless.
| topdancing wrote:
| > What are people using VPNs for mostly, if they're living in a
| country without internet censorship?
|
| I find it's a convenient way to prevent services beyond my ISP
| from knowing where am I based on IP address.
|
| All of those apps you have on your devices presumably have
| permanent connections back to their servers and they can very
| easily tell if you're at home, out on mobile data, in an
| office, or in a cafe/public library or even in a different
| country.
|
| With a VPN, they currently think I'm in Dallas; which I'm
| nowhere near right now.
| 0daystock wrote:
| Many apps on your phone are entitled to read WiFi SSID's,
| mapping your location as accurately as GPS - and indoors,
| too! Go ahead and google "where am I" with a native
| Android/iOS search app with your VPN enabled, you may be
| surprised by the results. Not to mention accelerometers and
| other sensors can reliably predict your movement and
| location, too.
| topdancing wrote:
| They do not have such an entitlement:
| https://grapheneos.org/faq#hardware-identifiers (edit: and
| also: https://grapheneos.org/usage#wifi-privacy )
|
| And the only app that has access to GPS on my device is:
| https://organicmaps.app/
|
| And Googling "where am I" indeed shows me at my VPN exit
| [with my always-on and enforced VPN].
| sgillen wrote:
| Avoiding my university or workplace from snooping on my
| traffic.
|
| I've had it where I was served an add from a server that had
| previously been implicated in a bot net operation. The
| university told me I was infected and that my computer was not
| allowed back on the network until I came in person to show them
| that I had done a full wipe and reinstall of my OS.
| f38zf5vdt wrote:
| > may be blocked from less websites than TOR exit nodes I
| guess.
|
| Try routing all your traffic through TOR and trying to navigate
| the modern web or common apps. It is _extremely_ punishing when
| you connect through TOR exit nodes.
| flatiron wrote:
| I used to run a relay and they are even hostile to relays. I
| had to stop because my family was asking why their banking
| apps didn't work on the Wi-Fi and why they always get
| warnings and CAPCHAs only at home.
| leodriesch wrote:
| Torrenting comes to mind. Also if you trust the VPN provider
| more than your ISP or VPN provider has essentially no PII of
| you (in case of Mullvad).
| flatiron wrote:
| This is what I use mine for. If PIA is secretly logging they
| aren't going to reveal that info and ruin their business
| model for whatever you call a DMCA request in Canada
| regarding my torrent activities.
| ulzeraj wrote:
| I use Mullvad mainly for privacy but also to dodge EU cookie
| bullshit. The internet becomes so much better just by using a
| Swiss IP addres.
| vmception wrote:
| Just as a reminder, you can bridge from EVMs to Monero via the
| SECRET bridges, which seems to have the Monero community's
| blessings on consensus models. There is ample liquidity as well.
|
| So there is bi-directional access to and from the broader crypto
| ecosystem without centralized exchanges and without the
| selectively scamming shapeshift-style sites, and for the pros:
| without OTC desks either.
| trompetenaccoun wrote:
| Well Secret isn't exactly the broader ecosystem, it uses the
| EVM (as most smart contract platforms do these days) but isn't
| Ethereum Mainnet. So you'd have to bridge more from there. Of
| course you could bridge into Ethereum or other chains directly
| with something like WXMR as well. Everything is getting bridged
| these days, there's going to be 1000 bridges soon. Users should
| be aware of the risks!
|
| That said Secret is interesting. Another thing to note though
| in terms of privacy is that Secret token transactions aren't
| anonymous afaik, despite the name suggesting otherwise. Only
| the smart contracts are. It's an interesting design choice,
| there are probably arguments pro and contra both.
| easrng wrote:
| WXMR is not real bridge, it's effectively a pegged token.
| Secret Network bridges are custodial. Atomic swaps would be
| better.
| vmception wrote:
| I didn't feel the need to specify how many bridges you had to
| take, just that you can have XMR and get to the broader
| ecosystem via SECRET. That is 100% accurate and orders of
| magnitude better than before the SECRET bridges existed.
|
| Correct, yes, on SECRET network, smart contract variables are
| private, which means all token transactions are while the
| native currency is not. There are a variety of ways to leak
| data anyway.
|
| So SCRT is the native currency while sSCRT is the token
| version that therefore has the variables (to, from, amount)
| private.
|
| sXMR is the token version of XMR there.
| 2OEH8eoCRo0 wrote:
| As a Mullvad fan this makes me very nervous. If they begin being
| used by, and taking payment from criminals it's going to bring a
| lot of extra heat their way.
| tmikaeld wrote:
| It rather shows that they protect the user from mullvad itself
| being a privacy leak, which shows that they stand by their
| principles.
| my69thaccount wrote:
| Might be a little late for that bro
| _joel wrote:
| You can literally send them an envelope of cash anonymously,
| how is this any different?
| seanw444 wrote:
| Because Monero is the scary bad-guy coin, of course.
| throwaway4good wrote:
| Really? I guess running a VPN is a profitable business ...
| seanw444 wrote:
| They've been requiring zero identification from the beginning.
| That's been their business model. They don't know if you're a
| criminal, or a law-abiding citizen. And they intended it that
| way. That's how it should be.
| 2OEH8eoCRo0 wrote:
| It hasn't been possible at scale until now though. I think
| they're opening floodgates. I hope I'm wrong.
| cinntaile wrote:
| They already take anonymous cash payments. They can't tell if
| that's legal or illegal money there either.
| metamuas wrote:
| password4321 wrote:
| What is the minimum viable effort required to receive Monero?
| opportune wrote:
| It depends on how security conscious you are. Technically you
| can route things through remote nodes and thus avoid
| downloading the blockchain. But the monero community is
| security conscious and usually recommends downloading the
| blockchain, which takes a while if you do it the "right" way
| and don't just find a copy of it hosted somewhere and download
| it.
|
| If you are ok with skipping that, you can use something like
| CakeWallet to create a wallet on your phone and then give
| someone a receiving address
| tiluha wrote:
| To just receive: download the wallet software from
| getmonero.org and generate a new wallet. The are also multiple
| point of sale solutions available.
|
| To automate payments: run a node and use any of the RPC
| libraries available for various languages.
| throwaway4good wrote:
| 0des wrote:
| Most of us wear a trenchcoat and moustache glasses
| CommieBobDole wrote:
| I'm a clipart hacker, so I wear a hoodie and sunglasses.
| Indoors, in the dark.
| tomxor wrote:
| You should also wallpaper your room with green binary
| glyphs
| nonrandomstring wrote:
| I find thick black leather gloves really help with my
| typing too.
| hall0ween wrote:
| Tor at least but there's likely more. also rumor in the
| internet goes (and looking to be correct if misguided) the us
| government identifies its citizens that dl Tor
| vmception wrote:
| they cant see what you do on tor
|
| you can still take flights, get mortgages, enter and leave
| the country after being on the imaginary or actual list, so
| why do so many people care?
| irl_ wrote:
| That's nonsense. There are somewhere between 2 and 8 million
| users of Tor every day. The vast majority of Tor users are
| ordinary people that want a little more privacy. What a waste
| of resources it would be to try to identify and track each of
| them.
| searchableguy wrote:
| You only need to control majority of tor exit nodes to
| deanonymize people which many have been doing for a while.
|
| https://therecord.media/thousands-of-tor-exit-nodes-
| attacked...
| vmception wrote:
| No, this just keeps you private from all private sector actors
| and friends and spouses
|
| Lets children and other unbanked pay for vpns as they don't
| have banking access, they can earn some crypto from someone and
| bridge that to monero
|
| Tor if you don't want any private sector logging + additional
| access to the onion internet
|
| A TorOS if you want more hardened access
| throwaway4good wrote:
| Unbanked?
| vmception wrote:
| Debanked
|
| Notbanked
|
| Sansbanked
| throwaway4good wrote:
| And they use Monero instead?
|
| (I am actually curious; who are these people who do not
| have a bank account but use Monero?)
| vmception wrote:
| > And they use Monero instead?
|
| they can use Monero _as well_ , not instead. As there are
| lots of other interchangeable options for non-banked or
| unhosted crypto payments and commerce.
|
| > (I am actually curious; who are these people who do not
| have a bank account but use Monero?)
|
| to me, your question is similar to asking "who are these
| people that use their cell phone in a subway tunnel"
| after cellular service was extended underground. the
| similarity being that the answer is "I don't know" and
| "you're not going to get a dissertation or a source about
| it, people just use whats available" and "who cares".
| What I wrote earlier is just a list of what happens when
| the expanded availability is there.
| michaelt wrote:
| 'Unbanked' is a term used in policy circles for people who
| don't have bank accounts.
|
| For example undocumented migrants, homeless people, people
| fleeing abusive partners, people with a history of
| bankruptcy, and so on.
|
| This can be politically important because if the state
| wants to pay all benefits by bank transfer to keep admin
| costs down, they've got to make sure even the most
| vulnerable people in our society can get a bank account.
|
| Of course, usually the unbanked use cash.
| vmception wrote:
| One of the flaws of policy circles is that they assume
| the unbanked are victims. The term, for that sector, is a
| proxy for the desire and recognition of people lacking
| access to capital and services, which is what the policy
| circle really wants to occur and being in the banking
| system had been the route to that for so long.
|
| Now it is not necessary, with peer to peer digital cash
| operating in a parallel economy, that allows access to
| goods, services, investments, insurance, capital and
| more.
| throwaway4good wrote:
| In crypto circles it is also code word for "criminals".
|
| As in for example "banking the unbanked" which translates
| into "providing extremely expensive banking like services
| for criminals."
| michaelt wrote:
| I'll be honest, I've never heard 'unbanked' used in
| relation to cryptocurrency or criminals before vmception
| used it above.
|
| I know my drug dealer can't pay duffle bags full of
| cocaine-covered $100 bills into the bank - but he can
| still get a personal checking account and pay in $100 a
| week or so. So I would not describe him as 'unbanked' in
| the conventional sense.
| vmception wrote:
| When the state moves to seize and freeze his bank
| accounts and flag his unhosted bitcoin addresses, he'll
| wish he had some Monero and Tornado.cash notes to pay his
| lawyer with.
| rvz wrote:
| > So if I want to get started with cybercrime; is Mullvad and
| Monero the way to go?
|
| Yes.
|
| > Any other tools that I should be aware of?
|
| Like Tor, I hear that Signal is also a great choice for
| terrorists and extremists as well according to some
| testimonials from them.
|
| The road to hell is paved with good intensions.
| barnabee wrote:
| I'll take the risk of extra crime or terrorism as a cost of
| privacy as a human right, thanks
| throwaway4good wrote:
| Can I run a Tor node or dark web website behind Mullvad?
| WHA8m wrote:
| > according to some testimonials from them
|
| I'd rather not be that guy... but we have a survivorship bias
| problem here.
| dotnet00 wrote:
| End-to-end encryption is another tool you should be aware of as
| a budding cyber criminal. Your government can likely tell you
| all about how dangerous it is.
| McDyver wrote:
| I would say VPN and monero are the digital equivalent to a
| balaklava and cash.
|
| Did you ever use any of those in "real life", or only when
| committing crimes?
| throwaway4good wrote:
| In real life cash and balaklava have other purposes than
| keeping your identity hidden. (Balaklava may keep your head
| warm and cash may be the only possible payment in some
| situations.)
| ziddoap wrote:
| And in real life, both VPNs and anonymous currency have
| other applications than committing crimes. What's your
| point?
| throwaway4good wrote:
| That they don't have any practical applications other
| than committing crime?
| ziddoap wrote:
| There are plenty of other practical applications. I guess
| if you believe that only criminals want privacy it might
| be hard to see them, though.
|
| Do you also believe that encryption is evil? Those pesky
| criminals use it all the time.
| throwaway4good wrote:
| That is a bit of a straw man ain't it?
|
| I was talking about the real world use cases for a vpn
| paid with monero.
| ziddoap wrote:
| Do you want me to sit here and list out all of the
| applicable and legal use-cases for VPNs and Monero? How
| many would I have to list for you to change your views?
| Is there even a number, or is your mind set that VPN =
| criminal?
| throwaway4good wrote:
| I don't think you can give me a single legitimate use
| case for a VPN with no KYC paid via Monero.
| Tr3nton wrote:
| You live under an authoritarian regime that jails you
| based on the things you purchase.
| Forbo wrote:
| Maybe I'm sick of surveillance capitalism at every
| fucking turn? Why do I need to justify my right to
| privacy? I'm absolutely over mega corporations trying to
| build psychological profiles of me to determine how to
| best try to manipulate me into giving them money. Or
| perhaps I don't trust them to keep the information they
| gather securely, properly protecting it from becoming
| part of the next big data breach. That's not even taking
| into account them turning around and selling it to the
| highest bidder. Every payment processor has turned
| dataminer. I'm sick of it. The more places I can use
| Monero, the better.
| ziddoap wrote:
| You said there was no practical application for VPNs _or_
| Monero, but now you 're shifting your goal posts? I think
| I have wasted enough brain cycles on this.
| throwaway4good wrote:
| It was always and - you can use a vpn for watching
| foreign tv - cheers!
| McDyver wrote:
| Does that mean that every user replying to this thread is
| a criminal and have no legitimate use to the VPN?
| throwaway4good wrote:
| If you add paid with monero then probably yes.
| McDyver wrote:
| OK, so using your logic, if you're wearing a balaklava to
| warm up your head, don't use cash. Will remember that
| joshmarlow wrote:
| Well trying to get unfiltered information in a censored
| country _would_ be a crime.
| Tr3nton wrote:
| If you really don't see the value of privacy, why not
| post your various account login credentials here? If only
| criminals are those with things to hide, surely you will
| allow us access to your bank, email, etc. You have
| nothing to hide, why not?
| praveenhm wrote:
| I am mozilla VPN, which uses Mullvad, is there any disadvantage
| using Mozilla over directly using Mullvad?
| csande17 wrote:
| If you use Mozilla's VPN, you have to trust that they won't
| backdoor their VPN client in order to serve their public policy
| goals. (Mozilla has taken a lot of public stances against
| things like "disinformation" and "harassment", which could
| theoretically motivate them to unmask the hateful trolls who
| use VPN services!)
| andreisbc wrote:
| Mullvad always seemed too good to be true. So that's why i'd
| won't use it if i'd had critical stuff to do. I do love Mullvad,
| but so aircrack-ng
| kfreds wrote:
| Thank you for the compliment! We are indeed for real, but I
| don't expect this comment will convince you. I'd love to know
| what we could do that would change your mind.
|
| The same goes for anyone else reading this. Are you worried
| that we are too good to be true? What could we do to become
| more trustworthy in your eyes?
|
| Cheers, Fredrik Stromberg (cofounder of Mullvad)
| Fritsdehacker wrote:
| I don't know. Disclaimer: just a happy customer. What I do
| know is that all you know about me is the account number you
| gave me and the IP address I'm connecting from. I always pay
| cash, so that would be hard to trace back.
|
| So I know you do the absolute maximum you can do to know as
| little about me as possible. As far as not keeping logs and
| not spying on me, I suppose I'll have to trust the audit
| reports.
|
| Not much more you can do in my opinion. It's definitely good
| enough for me! Thanks for this great service!
| 0daystock wrote:
| Paradoxically, the most trustworthy thing you could do as a
| VPN provider is explain why most people don't need and won't
| actually benefit from a VPN. Outside of a few limited use
| cases (accessing location-restricted content, connecting to
| legacy services) and with almost-ubiquitous end-to-end TLS
| encryption deployed on the Internet, there's really not a lot
| of good reasons to use a VPN (and many good reasons _not_
| to). Reasoning about this in a transparent and objective way
| is something I 've never seen VPN providers do, and for this
| reason I struggle with trusting them.
| __turbobrew__ wrote:
| DNS queries are still leaked (from most users) regardless
| of end-to-end TLS. There is of course DNSSEC and DNS over
| HTTPS, but those are not used by the majority.
|
| Another use case you missed is downloading/uploading
| pirated/copywrited content. Good VPNs receive DMCA notices
| and throw them in the garbage.
|
| You are right that VPNs are not useful for many use cases
| and they can give users a false sense of security.
| easrng wrote:
| DNSSEC doesn't help privacy, it helps security.
| __turbobrew__ wrote:
| My only feedback is that Mullvad is based out of Sweden which
| is a member of Fourteen Eyes. I don't expect you to move your
| location but it is the only detractor I can think of.
| throwaway92394 wrote:
| This isn't meant to be criticism just curious. Why did it
| take so long to add monero support? For the past several
| years there's only ~2 other VPNs that tick all the privacy
| boxes, and you're the most preferable - other then lack of
| monero support. It always seemed weird that you went so far
| for privacy, but didn't support monero.
|
| Was it just on the backlog and took a bit of time to
| implement? I appreciate that you built your own
| implementation for crypto by the way.
|
| Thanks for the great service.
|
| EDIT: I've heard a rumor that you've shared a user IP because
| of a government subpoena (live during a connection, so it
| wasn't logged). Has this happened? I think according to your
| swedish-legislation page says "However, the Swedish police
| authority may have access to information by way of coercive
| measures such as seizure and search of premises." which would
| allow for this to happen in theory? I.E. intercepting or
| seizing control of your router to see what IP a connection is
| on?
|
| EDIT: One other question - is there plans to add more IPs?
| Services seem to flag most mullvad IPs but I'm not sure
| there's much you can do about that.
___________________________________________________________________
(page generated 2022-05-03 23:01 UTC)