[HN Gopher] Mullvad is now available on Amazon
___________________________________________________________________
Mullvad is now available on Amazon
Author : imartin2k
Score : 388 points
Date : 2022-07-26 13:44 UTC (9 hours ago)
(HTM) web link (mullvad.net)
(TXT) w3m dump (mullvad.net)
| hsshah wrote:
| Been using Mullvad for over 6 months now. Really like it. I wish
| they offer a way to whitelist streaming apps on iphone or atleast
| make a widget to make it easy to turn VPN on and off.
| A_No_Name_Mouse wrote:
| What is the threat model where correlating the payment with the
| account number is the main threat? If you can relate the account
| number to Mullvad traffic, then isn't it far easier to monitor
| the traffic and see what IP is connecting through it (my local
| ISP IP)? And if you cannot, what harm is there in knowing someone
| uses Mullvad? I pay by bank card and I don't see the risk here.
| dahfizz wrote:
| I think the threat model is a three letter agency demanding a
| list of customers from Mullvad. Mullvad does their best to make
| sure no such list exists, but by having credit card info they
| are forced to know your identity.
| A_No_Name_Mouse wrote:
| I assume that all national security agencies monitor all
| traffic and can already see I only connect to Mullvad. And
| I'm sure they will have noticed I use it when going through
| the logs of several SaaS services and see that it is always a
| Mullvad IP that uses my account. No secret IMHO
| gzer0 wrote:
| Often times, some take the extra step of utilizing services
| such as rdp.sh or any other "instantly" deployable VM in the
| cloud (these are services that take monero/cryptos btw), sort
| of like a bastion host. Once connected to that instance, they
| would then deploy their mullvad that was bought via amazon to
| add yet another layer of obfuscation.
|
| Home ISP ---> (optional VPN to connect to rdp.sh deployed VM in
| the cloud) ----> Mullvad VPN on the bastion host
|
| This is of course, not viable for the long term and very
| cumbersome to deal with if you're doing this on the daily.
| Unless you are under threat of a nation-state threat actor...
| you'll be fine.
| anonporridge wrote:
| If you're already doing this and buying an instance with
| monero, you're just buying Mullvad service with monero as
| well for the 10% discount they offer for it.
| Ajedi32 wrote:
| Doesn't that just make rdp.sh a single point of failure? It
| has access to both your real IP and the contents of your
| private communications (it even terminates the TLS connection
| on your side).
|
| Theoretically, chaining 2-3 VPNs together Tor-style would be
| far better (assuming they all support similar payment methods
| as Mulivad), but I don't know of any VPN clients that support
| that.
| xyst wrote:
| This is great, but I would rather not support Amazon. I might use
| this as a last resort method.
| hnarn wrote:
| It's a great compromise. It allows Mullvad to sell physical
| cards without becoming a logistics company, and anyone who
| doesn't want cards (or doesn't want to support Amazon) can use
| one of the numerous other options available, including paying
| with cash.
| humanistbot wrote:
| If you're paranoid about privacy, why would you trust Amazon of
| all retailers?
| Cthulhu_ wrote:
| See, this article made the hairs on the back of my neck stand
| on end; I don't believe this is aimed at legitimate users of
| the service, but aimed at people who are told to go and buy one
| of these cards for someone else.
| humanistbot wrote:
| So if you're paranoid, would you fund your account through a
| card that was bought on Amazon by a family/friend? Instead of
| linking back to you, it links back to someone close to you,
| who probably has no privacy/security skills and bought it by
| asking their Echo Speaker.
| anonporridge wrote:
| If you're _that_ paranoid, this product isn 't for you.
| You're buying time with monero you mined personally, and
| for a 10% discount that Mullvad offers.
|
| And realistically, if you're _that_ paranoid, you 're not
| trusting VPNs at all. You're using Tor.
| GekkePrutser wrote:
| Not here on Amazon Spain yet :(
|
| Hopefully soon! It says "upcoming"...
| stjohnswarts wrote:
| Mullvad is getting so successful, I'm getting a bit worried about
| security/honeypot/buyouts status :( and I just bought a full year
| subscription.
| ezekg wrote:
| I still have a little over a year left on my NordVPN subscription
| (bought 3 years for $80 awhile back), but as soon as that's over
| I'll be switching to Mullvad. I prefer their stance on privacy,
| and I like the private payment options.
| ThePowerOfFuet wrote:
| The sunk cost fallacy strikes again. Walk away and don't look
| back.
| samatman wrote:
| Not really.
|
| NordVPN and all the other janky services in that space do a
| couple things adequately, you can pretend to be from another
| country and get some duck-and-cover on things like torrents,
| if your ISP doesn't like that kind of thing.
|
| I'm in the same boat, basically. Would it be nice to have a
| VPN which takes actual security seriously? Sure, of course,
| but until the end of the year, what $VPN _does_ do is paid
| for, and I don 't care enough, in isolation, about what
| Mullvad offers vs what I'm getting for free.
|
| Next time my wallet comes out is a different story.
| WithinReason wrote:
| Mullvad will cost 180EUR for the same period
| ThePowerOfFuet wrote:
| Dog shit costs less than chocolate cake.
| zahma wrote:
| That's how they get you. You'd better anticipate a lot of
| emails offering you deals to re-up for another few years.
|
| I pulled the plug on Nord years ago and haven't looked back.
|
| Steady the course my friend.
| koheripbal wrote:
| NordVPN speed is also absolute garbage.
| stjohnswarts wrote:
| nah just get the first one and reply unsubscribe in the
| subject and body, you'll be fine.
| account-5 wrote:
| Do they sell these in stores for cash? That would be the best
| anonymous way to do it.
| hnarn wrote:
| If there's a demand for it they can just get it off Amazon and
| mark it up.
| robinkek wrote:
| You can buy them in some tech stores around Sweden. Don't know
| about the rest of the world.
| skyeto wrote:
| At least Webhallen in Sweden sells them in physical stores
| around the country. Not sure about other places though.
|
| Weirdly enough it's also cheaper to buy a 12m card there
| (500SEK instead of the usual 600SEK). Checked, and they're
| listed as a reseller on Mullvad's page so they must've gotten a
| good deal / are selling at a loss.
| kibwen wrote:
| Heck, if you live in a city with a techie population, then buy
| a bunch of cards, throw them in a bucket, then sell them for a
| 1% markup, in cash, at any tech meetup you attend. Buy more
| cards periodically and toss them into the bucket for people to
| pull at random, so there's no plausible correlation between
| time of issuance and time of use. This also covers your own
| tracks as well, if you ever need a VPN.
| drexlspivey wrote:
| Or, you know, don't do all that and just pay with crypto
| ryankrage77 wrote:
| Doesn't this allow Amazon to know who is paying for Mullvad?
|
| Obviously correlating a purchase to a specific account is much
| harder, but it still seems like a compromise on privacy.
| makerofspoons wrote:
| Couldn't you cash-buy an Amazon gift card and then have it
| shipped to a locker?
| caeril wrote:
| Yes, buy the Amazon gift card from a store with cameras, with
| an account set up with your burner SIM purchased from a place
| with cameras, and pick it up from an Amazon Locker blanketed
| with cameras. Use cash with fully-tracked serial numbers for
| all these purchases.
|
| Sounds like a solid plan.
|
| You guys don't seem to realize that tyranny won decades ago,
| and you're fighting a war that has long been lost.
|
| We are all serfs and slaves.
| Cthulhu_ wrote:
| Well yeah, but if it comes to a court case, someone will have
| to prove that the person that bought the card was also the one
| that used it. On top of evidence of actual crime, of course.
| ezfe wrote:
| Well yeah, but if you do it directly then your CC company
| knows. Someone will know, it's just a matter of who. You get to
| pick that.
| 0______0 wrote:
| You can send Mullvad an envelope of cash (not kidding) and
| then no one will know (hopefully)!
| vorpalhex wrote:
| Knowing who is paying for Mullvad is about as useful as knowing
| what sites use TLS.
| eddof13 wrote:
| this is cool, but I think NordVPN at least offers the same thing:
| https://nordvpn.com/retail/
| ThePowerOfFuet wrote:
| > this is cool, but I think NordVPN at least offers the same
| thing: [link removed]
|
| NordVPN, on the other hand, is probably the worst choice for a
| VPN.
|
| https://www.techradar.com/news/nordvpn-will-now-comply-with-...
| eddof13 wrote:
| I was looking into that because it sparked my concern, but I
| also think they make good points here in response to that
| article: https://nordvpn.com/blog/how-nordvpn-protects-the-
| privacy-of...
| ThePowerOfFuet wrote:
| The fact that they even have logs to produce is my point.
| Dylan16807 wrote:
| > [link removed]
|
| That just makes your comment look silly.
| ThePowerOfFuet wrote:
| Silly or otherwise, I didn't want to aid in their marketing
| efforts.
| wintermutestwin wrote:
| >The design of the activation code removes the possibility for
| third parties to link a payment to a Mullvad account, for
| privacy.
|
| Considering that a primary use-case for a VPN is as one of the
| tools to help shield your data from the rampant data thieves, of
| which Amazon is a particularly powerful adversary, I would need a
| much clearer explanation of how this is a privacy enhancer.
|
| Mullvad having a business relationship with Amazon is inherently
| troubling.
| gorbypark wrote:
| I think the idea is that what you are getting from Amazon is a
| card with a code on it. Amazon doesn't know which code it's
| sending you, you just get one at random. Mullvad likewise
| doesn't know which code Amazon sold you. So you get your card,
| enter the code into Mullvad, and none of that information is
| trackable to you. Amazon would know you bought a Mullvad card
| but would have zero way to link you to a specific code. Mullvad
| might know the code was purchased from Amazon, but not who was
| the purchaser. Worst case scenario is that Amazon rats you out
| to the police/CIA/NSA/etc and now you are on a list of people
| that purchased Mullvad VPN services.
| cycomanic wrote:
| Mullvad has been selling these cards at various retailers, one
| of them webhallen which is both an online and physical store in
| the nordics. However, many/most people in the US get a large
| fraction of their purchases through amazon. So to sell to
| people in the US they need some way of doing it. The important
| bit is that the actual account code is hidden behind on of
| those scratch panels. So amazon does not know your Mullvad
| account.
|
| Now an adversary with enough geographic information about who
| connected and access to all of amazon's data could possibly
| correlate purchases with connections. 10 years ago I would have
| considered that infeasible, after Snowden I'm not so sure. If
| you live in a big city it is like still no issue, but if you
| are in some small town with a population of 1000 things might
| still be traced back to you. Still it's likely significantly
| superior than pretty much any other method including using
| crypto. If you are a possible target of a state actor you
| hopefully are thinking about this already.
| rtpg wrote:
| While I generally believe it to be possible, I am very curious
| about how Mullvad is storing its payment records to avoid time-
| based correlations.
|
| For gift cards it's more async, but given that payment processors
| keep records that can be correlated, if Mullvad isn't careful
| about timestamping, how it records crediting to accounts, or the
| like, it would be extremely easy to de-anonymize account
| relations IMO.
| elliekelly wrote:
| Yes, I definitely think that would be possible. Mullvad clearly
| lays out what information is stored and for how long depending
| on the payment method you use[1] and there are clearly trade-
| offs. If you want the most "anonymous" account possible it's
| going to take a few days while you wait for an envelope of cash
| to get to them. For other users it might not be a big deal to
| use a faster payment method. The important thing is disclosure
| so users can make their own assessments about their personal
| risks/rewards.
|
| [1]https://mullvad.net/en/help/no-logging-data-policy/
| aeyes wrote:
| Do these VPN services actually work on consumer websites?
|
| They conveniently list their providers here [1]. For an online
| shop we operate, we have blocked most of these ASNs because 99%
| of the traffic we saw from them was malicious.
|
| [1] https://mullvad.net/en/servers/
| AtNightWeCode wrote:
| To my knowledge there are three somewhat used rules that can
| have an impact on these types of services.
|
| 1. Only allow known/cleared bot traffic from any non-consumer
| ISP.
|
| 2. Block any ASN where bad traffic comes from especially if
| there is no good traffic.
|
| 3. Block any VPN services.
|
| I don't know if Mullvad have their own ASNs or if they are
| hosted at services with ASNs that is classified as consumer
| ISPs or not. It is probably a mix.
|
| I know for instance that OVPN have servers at some shady non-
| consumer ISPs. So, it sometimes gets blocked. It is also,
| unfortunately, not uncommon that VPN connections are used for
| attacks. And if the VPN uses a smaller service provider, then
| that whole ISP may get blocked. If the VPN uses a shady service
| provider. The VPN may fall victim to other user activity from
| that ISP.
|
| I have not worked with any site that blocks VPN all together.
| Tor is often blocked along with some countries. Some streaming
| services blocks VPN though. Most sites do not, I think.
|
| The way things are going right now is that these types of
| services will become more difficult to use on legal commercial
| sites over time.
| OneLeggedCat wrote:
| In the case of Mullvad, my experience is that something like 5%
| of websites get pissy about it, and I have to turn it off, or
| Tor, or whatever else to get around it.
| stjohnswarts wrote:
| 95% of the time, sure. You will hit some companies that will ID
| it as VPN and refuse though. I just don't do business there and
| send them an email to update their security policy and I'll try
| again at some future date. I even have a template email that I
| keep just for that purpose.
| aeyes wrote:
| If I received such an email I wouldn't do anything about it.
| 99.9% of the traffic we see from M247 is malicious and there
| is no chance that I would unblock this ASN on an online shop.
| nabaraz wrote:
| No, Netflix, Hulu all fail for me.
| gamekathu wrote:
| If you are like me who subscribes to Jim Browning's channel you
| know this technology would eventually be misused by scammers.
| Does Mullvad has any plans to counter it?
| notsound wrote:
| ATM, it doesn't seem like mullvad is selling these in stores.
| If a scammer wants a quick payout with less chance to get found
| out, they will get the gift cards from a physical store.
| tadfisher wrote:
| The technology is the same as any other gift card (cash-like
| instrument identified by code that can be transferred over the
| internet or phone). Scammers also use regular bank transfers,
| wire transfers, cryptocurrencies, and payment services like
| Zelle and Venmo. Gift cards are convenient because they're
| cash-like, but they don't enable scams.
| diebeforei485 wrote:
| This is good.
|
| In countries that filter the internet, people do buy and sell
| physical VPN gift cards, to enable usage of somewhat shady VPNs.
|
| Here's a totally legit option.
| GameOfFrowns wrote:
| I love Mullvad, but I fear that they will become a victim of
| their own success. The more prominent the service becomes, the
| bigger priority it will have for intelligence agencies, despotes
| and ad companies to undermine/hack/subpoena it.
| wing-_-nuts wrote:
| You shouldn't use a vpn to protect you from 3-letter agencies.
| Assume they already have the access they need regardless. You
| should be using this to protect you from _private companies_
| hoovering up your data, for that, a vpn is essential.
| akerl_ wrote:
| What is a VPN doing that protects me from private companies?
| wing-_-nuts wrote:
| Your ip address is hidden. For the case of my ISP (which I
| trust as far as I can throw them), my traffic is end to end
| encrypted. This also applies if you're using someone else's
| internet connection and do not trust them not to snoop on
| you (such as your employer's BYOD wifi, or a starbucks
| wifi, etc)
| akerl_ wrote:
| Your IP address isn't really a primary fingerprinting
| method for anybody these days. People and devices are
| overwhelmingly mobile, and many users will connect via
| the same IP.
|
| Starbucks snooping is resolved by more ubiquitous
| technologies like HTTPS, DOH, and encrypted SNI.
| calrueb wrote:
| This isn't true in my experience at least for ad tech.
| Finger printing has moved from a deterministic process,
| to probabilistic models and IP plays a meaningful role in
| that. I believe it is why Apple spent the time building
| Private Relay for instance.
| minitech wrote:
| > Your IP address isn't really a primary fingerprinting
| method for anybody these days.
|
| It narrows things down immensely, and many IPs will not
| have many users.
| Cthulhu_ wrote:
| I've always assumed that a VPN is a honeypot already,
| especially the bigger ones that advertise a lot.
| 2OEH8eoCRo0 wrote:
| If your threat model includes 3 letter agencies then you are
| fucked. Don't be a child pornographer or a terrorist I guess.
| dboreham wrote:
| Assuming they weren't founded by said agencies.
| rightbyte wrote:
| You need to chain vpn:s and hope you hit different ones, as
| said agencies hate eachother.
| LeoPanthera wrote:
| You are being downvoted but this is exactly my fear. They're
| almost too good, they're now the obvious best choice for a
| public VPN service and therefore an obvious target for the
| TLAs.
| m000 wrote:
| Amazon as a k-anonymity provider.
| napolux wrote:
| What about Italy?
| krono wrote:
| Don't think Italy is currently available for purchase on Amazon
| :)
| OJFord wrote:
| Nice! To be honest my reaction to removing subscriptions was a
| bit 'ehh, I get it, I know I should be pleased, but subscriptions
| are actually really convenient'.
|
| But this is pretty much fine. Maybe/hopefully (I'm not too lazy
| to check - 'GB' is 'upcoming') I can Amazon-subscribe and the
| only difference will be a bit of code-entering admin.
| joshstrange wrote:
| I also was a little annoyed with having to manually manage
| something that was on auto-pilot for me but I found a happy
| medium I think. I bought 2 years in advance and then I have
| reminders every year to add another year. That way I should
| always keep a 1 year buffer if something slips a little. It's
| not perfect but I don't think it will be that bad.
| OJFord wrote:
| I considered that, I haven't really used it enough yet to
| commit for so long though. Put it on my mental 'backlog' as
| it were for now while I have the existing subscription (good
| until the card its on expires iirc), and in the mean time
| this popped up.
| nabaraz wrote:
| Has anyone managed to get this setup at their router level? I am
| planning to go nomad, and I am trying to see if I can use USA VPN
| while I'm in Brazil. My employer doesn't allow working from non-
| US IPs.
| tomxor wrote:
| I would not recommend doing that, you will need to be able to
| selectively turn it off or change it sometimes... VPN blocking
| is unfortunately becoming more common among popular services. I
| have to disable or at least switch servers quite often to
| access popular services.
|
| Also if you are new to the game, make sure you use wiregaurd,
| it leaves the large complex VPN protocols of old in the dust.
| It adds almost no latency to my connection, sometimes speeds
| things up.
| drexlspivey wrote:
| That's why you create 2 wifis each one on it's own VLAN, one
| with VPN on and one off. You can then switch wifi to get off
| VPN
| nabaraz wrote:
| Thanks. I am still figuring out how all of this works. I have
| work VPN but I want to use USA VPN too.
| tomxor wrote:
| You've probably heard about them a lot on HN but i'd
| recommend Mullvad, they are also big on wiregaurd, lots of
| servers, lots of countries, well known for privacy focus...
| i don't even use their app, just download the wiregaurd
| configs and use wg-quick to bring them up from the cli,
| been using them for few years now I think.
| icelancer wrote:
| I'd use "kill switch" software on your PC instead, which kills
| your access to the Internet if the VPN goes down. This way, if
| you accidentally disconnect from the VPN, your Internet also
| dies, and it's limited to your computer alone.
|
| This is what I do - I can't use router-based VPN or piHole type
| stuff because people on my network work on ad-related products
| or use sites that don't play well with VPNs or DNS-block lists
| of advertisers, for example.
|
| Of course, you can terminate the VPN software manually and the
| kill switch and access sites using no VPN if you want, which
| allows for mistakes, but pretty rare in my experience. Best is
| to simply have another machine that doesn't have VPN software
| on it and you use over the naked Internet.
| sjoerger wrote:
| Some reason you cannot setup a Pihole instance and manually
| configure certain clients to use it and leave the others
| alone?
| crazygringo wrote:
| This seems extremely clever.
|
| I know Mullvad already allows you to e.g. send cash in an
| envelope for total privacy, but that's kind of a pain, it'll take
| a long time to arrive, if the envelope is lost there's nothing
| you can do, etc.
|
| But by physically printing covered-up codes on cards, this
| actually _uses_ Amazon to create the privacy /anonymity, which
| kind of feels ironic given how Amazon generally tries to hoover
| up all the data. You can get your code with fast Prime delivery,
| a tracking number, pay for it with your credit card, get a free
| replacement if it's lost in the mail...
|
| I love this.
| w4rh4wk5 wrote:
| Regarding the Amazon tracking part. There is no requirement to
| use the card yourself, you could just hand it down or sell it.
|
| While the majority of people might still redeem the code
| themselves, you can't automatically assume that the person who
| bought it is the one using it.
| koheripbal wrote:
| These sort of plausible deniability arguments only work in
| people's heads. Judges and prosecutors never buy these
| arguments.
|
| ...and even if you think you can convince a jury, it's still
| enough to issue a search warrant, whereby the prosecutor will
| find more than enough charges to force you into a plea deal.
|
| Your initial anonymity is your most important defense.
| foobiekr wrote:
| This. Honestly, these arguments for plausible "you can't
| technically prove it" deniability defenses are bizarre and
| comical. Prosecutions are based on circumstantial evidence
| all the time, these aren't going to fool anyone. They're
| the nerd version of Trump's rando cures for covid like
| bright light and bleach.
| samatman wrote:
| This goes beyond plausible deniability, unless I'm missing
| something.
|
| Buying a Mullvad gift card makes you at most a Mullvad
| customer. The cards are presumably one SKU, none of Amazon
| nor Mullvad know which one is sent to a given person.
|
| I'm not sure what the connection might be to warrants here?
| Surely if a judge will sign on "hey this guy uses a VPN can
| we grab his laptop?", that judge would sign on any other
| flimsy excuse.
| jtbayly wrote:
| But the benefit remains. Buy these cards from somebody
| (local?) who bought them from Amazon.
| noodleman wrote:
| I will always assume that any kind of plausible deniability
| is lost just by design of the law unless they really can't
| pin it on an individual. The computer misuse act of my
| country is vaguely defined for this reason, as I imagine
| the same laws are in the US.
|
| For example, "It wasn't me. A friend used my Wi-Fi!" and
| similar arguments will not fly as you can be seen as
| responsible as bill payer. Those kind of defenses could
| even be considered admissions of guilt.
|
| It's concerning to see how many people suggest you claim
| your Wi-Fi was unprotected if accused of something. This
| will more likely be used against you if anything.
| hnarn wrote:
| > These sort of plausible deniability arguments only work
| in people's heads. Judges and prosecutors never buy these
| arguments.
|
| What exactly do you base this on?
|
| First of all, Mullvad (like any serious VPN operator) do
| not log IP:s and one can probably safely assume they do not
| log who bought which gift card. They are also under no
| obligation to do so, as far as I'm aware.
|
| But let's assume for the sake of argument that they did:
| let's assume they log IP:s and sales of gift cards down to
| the social security number of the person who bought it.
|
| Now assume that I'm running a corner store where I sell
| among other things these gift cards, that I bought from
| Amazon at a small markup.
|
| Someone uses these gift cards and the tracking (that
| doesn't exist) leads back to my store.
|
| I'm defending myself in court in a democratic western
| country where people are assumed innocent until proven
| otherwise.
|
| The jury (in the US) or the judge (anywhere else) is
| informed that I buy these cards in bulk, I sell dozens of
| them a week, and the IP (that Mullvad doesn't log) is a
| dead end.
|
| Do you seriously believe that a judge or jury anywhere
| would sentence me for the crime brought forward, or that
| this would even hold water enough to be prosecuted in the
| first place?
|
| This is almost exactly analogous to selling anonymous SIM
| cards (where they still exist). One is used for a drug
| deal. Me, the shop keeper, is prosecuted in this alternate
| universe because I'm selling the cards.
|
| Really?
| nickstinemates wrote:
| Strawman arguments are weird. Especially owning the
| corner store piece.
|
| Nevermind the fact that you're at trial where a judge and
| jury is looking at this. Nevermind that the point the GP
| made was that if you have someone knocking on your door
| motivated to find something they will find something.
|
| I am assuming if you are a nefarious actor, the goal is
| to not have this kind of attention, ever. You do this in
| all of the traditional ways - insulate and delegate.
| hnarn wrote:
| How is it in any way a straw man argument? I was giving
| an example of exactly what the comment said was "not a
| thing": plausible deniability when buying the cards.
|
| If you buy these cards and re-sell them, you have
| plausible deniability. If you buy them from a re-seller
| you have increased anonymity.
|
| Obviously the goal for a nefarious actor (or anyone,
| probably) is to not end up in court. But it's objectively
| true that the idea of Amazon gift cards does in some
| scenarios actually give you increased anonymity compared
| to other payment options, if nothing else because of the
| timing offset if you want to disregard re-sellers.
| [deleted]
| nickstinemates wrote:
| So you think that prosecution is going to go to court
| with just 1 piece of evidence and the entire case is
| going to hinge on the provenance of a Mullvad account?
|
| Sounds extremely unlikely.
| hnarn wrote:
| We're talking about hypotheticals. If you want to make up
| a new hypothetical where tying the suspect to the VPN
| account is irrelevant, what is even your point?
| type0 wrote:
| > Do you seriously believe that a judge or jury anywhere
| would sentence me for the crime brought forward, or that
| this would even hold water enough to be prosecuted in the
| first place?
|
| In some jurisdictions, like Sweden (where Mullvad is
| based) there is such a thing as "help to commit a crime"
| that does get prosecuted
| thaumasiotes wrote:
| > I'm defending myself in court in a democratic western
| country where people are assumed innocent until proven
| otherwise.
|
| There are no such countries; that standard would make it
| impossible to get convictions for almost every crime that
| ever occurred.
|
| Compare this case from the United States:
| https://volokh.com/2014/01/02/wrongful-convictions-proof-
| bey...
|
| > In October of 2007, Elizabeth P. Coast, then seventeen,
| reported that when she was ten years old a neighborhood
| boy named "Jon" sexually assaulted her while the two were
| alone in her grandmother's backyard
|
| > [the trial court] tried and convicted Montgomery in a
| one-day bench trial for the assault of Coast. Coast
| testified under oath that Montgomery had sexually
| assaulted her in 2000.
|
| > no other witnesses to the incident testified at
| Montgomery's trial. Neither was any corroborating
| physical evidence that an assault occurred ever
| presented. The trial judge categorized this case as a
| "word against word situation." In reaching his verdict,
| the trial judge concluded that Coast was more credible
| then Montgomery because she had "no motive whatsoever" to
| lie. The trial court then found Montgomery guilty of
| forcible sodomy, aggravated sexual battery, and object
| sexual penetration. On April 10, 2009, the trial judge
| sentenced Montgomery to 45 years in prison, with 37 years
| and 6 months suspended...
|
| > On November 1, 2012, Coast voluntarily made a
| videotaped statement at the Hampton Police Department.
| After consulting with counsel and receiving Miranda
| warnings, Coast recounted how she had falsely testified
| that Montgomery had assaulted her.
|
| > Coast explained that immediately before she accused
| Montgomery, her mother caught her looking at "sex
| stories" on the Internet. Out of fear of her mother,
| Coast said that she was looking at inappropriate material
| because she had been molested when she was ten years old.
| After she reluctantly named Montgomery as her attacker,
| the lie snowballed. Coast felt like she could not admit
| that the assault never happened
| mynameisvlad wrote:
| An anecdote does not a system make.
|
| Generally speaking, "innocent until proven guilty" is a
| cornerstone in most legal systems. This has been the
| case, literally, for millennia, dating back to Roman
| times.
|
| It is also one of the UN's human rights, and is enshrined
| in several countries' constitutions.
| thaumasiotes wrote:
| > An anecdote does not a system make.
|
| You could publish a dozen similar anecdotes every day for
| a decade. What's unusual about this one is that the girl
| was stupid enough to later admit she'd been lying.
|
| > Generally speaking, "innocent until proven guilty" is a
| cornerstone in most legal systems. This has been the
| case, literally, for millennia, dating back to Roman
| times.
|
| > It is also one of the UN's human rights, and is
| enshrined in several countries' constitutions.
|
| So? Compare https://en.wikipedia.org/wiki/1977_Constituti
| on_of_the_Sovie...:
|
| > The Soviet Constitution included a series of civil and
| political rights. Among these were the rights to freedom
| of speech, freedom of the press, and freedom of assembly
| and the right to religious belief and worship. In
| addition, the Constitution provided for freedom of
| artistic work, protection of the family, inviolability of
| the person and home, and the right to privacy. In line
| with the Marxist-Leninist ideology of the government, the
| Constitution also granted social and economic rights not
| provided by constitutions in some capitalist countries.
| Among these were the rights to work, rest and leisure,
| health protection, care in old age and sickness, housing,
| education, and cultural benefits.
|
| Of course, having the rights in the constitution didn't
| mean anyone was allowed to _exercise_ those rights, and
| they most certainly weren 't. "Innocent until proven
| guilty" is a set of words that people believe in saying,
| but it is not a set of beliefs that people are willing to
| put into practice. It has nothing to do with the legal
| system of any country in the world. For most crimes,
| proof of guilt cannot even theoretically exist. (As was
| true of Elizabeth Coast.)
|
| This was covered fairly extensively in my first link:
|
| > What's doing the work in many of the convictions, I
| suspect, is that the very ubiquity of the risk makes
| factfinders realize that -- if we were to constantly
| consider this generalized risk, in the absence of more
| specific information -- a wide range of crimes couldn't
| be effectively prosecuted. That's especially true of
| child molestation and rape, but it's also true of many
| sorts of felons' possession of guns, robberies, and the
| like. It's always possible, and not extremely unlikely,
| that a police officer was just trying to frame someone he
| already thought was a bad guy.
|
| > But I think many people (again, deliberately or
| subconsciously) are unwilling to see acquittals in all
| such cases. A seemingly disinterested supposed victim's
| testimony thus tends to be credited (unless the victim
| seems untrustworthy for other reasons, such as the
| victim's own past criminal record). A police officer's
| testimony tends to be credited, at least by many jurors.
| And this is so even though there is good reason for
| doubt, simply because whenever we are dealing with human
| testimony there is good reason for doubt.
|
| > So... the "beyond a reasonable doubt" standard ends up
| being, in many cases, considerably less defendant-
| protective than one might think. Maybe that's bad, or
| maybe it's a necessary evil
| mynameisvlad wrote:
| >You could publish a dozen similar anecdotes every day
| for a decade. What's unusual about this one is that the
| girl was stupid enough to later admit she'd been lying.
|
| So? Once again, they are _anecdotes_. I can similarly
| provide thousands of anecdotes showing presumption of
| innocence. It means nothing except that those cases
| happened.
|
| Do you have any proof "it is not a set of beliefs that
| people are willing to put into practice" on a systematic
| scale?
| thaumasiotes wrote:
| >> You could publish a dozen similar anecdotes every day
| for a decade.
|
| > So? Once again, they are _anecdotes_.
|
| "Anecdote" doesn't just mean "something I'd prefer not to
| have to think about", you know. Being very common makes
| the event systematic.
|
| > Do you have any proof "it is not a set of beliefs that
| people are willing to put into practice" on a systematic
| scale?
|
| Yes, we've been talking about it for a while.
|
| > I can similarly provide thousands of anecdotes showing
| presumption of innocence. It means nothing except that
| those cases happened.
|
| That's... not how logic works. On the one hand, we have
| hundreds of thousands of cases of people being railroaded
| for crimes they didn't commit based on no solid evidence.
| On the other hand, we have tens of millions of cases of
| people being railroaded for crimes they did commit, also
| based on no solid evidence.
|
| But let's assume that second group consists only of
| convictions where the defendant's guilt was somehow
| actually proved. That wouldn't mean the system operates
| on the principle that people are innocent until proven
| guilty -- that claim is already falsified by the
| existence of the first group. It would mean that proof of
| guilt is often provided even though it isn't required.
| caeril wrote:
| I'm not really given to Reddit-tier comments, but:
|
| > First of all, Mullvad (like any serious VPN operator)
| do not log IP:s
|
| JFL. LOL.
|
| > where people are assumed innocent until proven
| otherwise.
|
| LMFAO.
| Bilal_io wrote:
| > one can probably safely assume they do not log who
| bought which gift card. They are also under no obligation
| to do so, as far as I'm aware.
|
| You bring up a very good point. Unlike an electronic
| payment system [0], I assume the amazon gift card is not
| linked to your account on Mullvad's servers, so probably
| Mullvad marks the account as paid, but doesn't log the
| Amazon card number
|
| 0. Even that should be safe. Mullvad made a recent
| decision to get rid of subscriptions. Now that your
| account is never linked to your payment method, and we
| can assume that it's safe to use your personal
| credit/debit card. But I'd be careful, if someone is
| important, there is a possibility of someone tracking and
| logging their activities, credit card use, IPs before
| Mullvad purchase and after they connect.
| hangonhn wrote:
| If it's only one card, then you can say that. But if there is
| a pattern of Amazon account X buying these cards to be used
| for Mullvad account Y, then it's harder to deny. Is it
| possible to redeem Amazon gift cards without an Amazon
| account? I suppose another thing you can do is buy and swap
| cards with other people. Each card can be up to 12 months so
| you don't actually need to do this that many times.
| Rastonbury wrote:
| The pattern cannot prove anything just because I buy cards
| every month can't prove I use them for Mullvad. If someone
| gets shot on my street and I have a gun and none of my
| neighbors do and they cannot match the ballistics there is
| almost no case.
| masukomi wrote:
| there's no way to prove that the cards bought on amazon
| account X were used for Mullvad account Y. That would
| require knowing the codes on the cards that amazon sold
| you, which no-one would.
|
| all that can be said with certainty is:
|
| 1. that these people bought mullvad cards on amazon.
|
| 2. these mullvad accounts were paid with cards
|
| All you can say is that 2 is a subset of 1.
|
| If mullvad sells the cards literally anywhere else, then
| you can't even say that with certainty.
| caeril wrote:
| You're missing the point that Mullvad still has your
| connecting IP address.
|
| There have been _countless_ cases demonstrating that
| "no-log" VPN providers definitely do log, and even if by
| some miracle Mullvad doesn't, they can be compelled to
| start doing so, as the Protonmail case demonstrates.
|
| This does nothing to reduce the paper trail.
|
| If you really really really trust Mullvad (and you
| shouldn't), just use Monero.
| j16sdiz wrote:
| mullvad _are_ selling them elsewhere:
| https://mullvad.net/en/help/partnerships-and-resellers/
| hnarn wrote:
| > If mullvad sells the cards literally anywhere else,
| then you can't even say that with certainty.
|
| Mullvad doesn't even have to sell them anywhere else:
| anyone who bought one on Amazon could have re-sold it,
| individually or in bulk. That's the clever part.
| giraffe_lady wrote:
| eh you don't need to prove much anymore that's what parallel
| construction and plea deals are for.
| huslage wrote:
| It's irrelevant. No one knows the code on the card in the
| first place. You can't trace what you don't know.
| mmis1000 wrote:
| Yes.
|
| Even you get into account directly. You see the user using
| a code redeemed from gift card. And then?
|
| You can't associate the code with anything at all even you
| also hack into mullvad's server. There is no way to tell
| that where the code was from even for Mullvad themselves
| let alone others as long as there is no serial number that
| also displays on card without scratch open it.
| tener wrote:
| I wonder how refund works. What if one buys the code, copies it
| and then ships the voucher back asking for refund? How do you
| invalidate the code without linking the code to the purchase?
| [deleted]
| [deleted]
| jffry wrote:
| I would imagine that Amazon either won't let you refund this
| (since it's basically a gift card), or if you try to refund it
| and return an opened package your refund will get denied.
|
| No need to specifically invalidate the code inside to stop you
| from doing refund fraud.
| dewey wrote:
| It looks like a scratch-off code like on Netflix gift cards.
| Once you scratched it off there won't be a refund available
| would be my guess just like any other gift card and many
| digital purchases.
| Zircom wrote:
| As someone who does handles a lot of gift cards, it's not
| hard at all to cover the code back up. They sell little peel
| and stick things online, or it's not hard to make your own.
| There are people that go around to stores, take unactivated
| giftcards, scratch off the sticker to get the code, and will
| then reapply another one and put it back in the store to be
| bought and activated by someone, meanwhile they are
| periodically checking whatever website you can see the
| balance on to see if it's been activated yet so they can use
| it or sell it out from under you.
|
| So my guess would be Amazon doesn't take returns on giftcards
| in the first place.
| jaywalk wrote:
| It's a scratch-off card, so good luck getting a refund on a
| card that's already been scratched off.
| [deleted]
| Hamuko wrote:
| > _Upcoming countries: GB, DE, NO, FI, AU, NL, CA, CH, FR, ES,
| DK_
|
| Wait, Finland doesn't have a localised Amazon. We have to buy
| everything from other countries (usually Germany). How does this
| work?
| henriks wrote:
| Some items on amazon.de state "cannot be shipped to your
| country"; might be that it's simply that?
| dom96 wrote:
| I recently started to use Mullvad. They really appear to be the
| most innovative in the VPN space when it comes to privacy.
| prophesi wrote:
| Kind of surprised this hasn't been mentioned yet, but it's pretty
| commonplace to buy gift cards with cryptocurrencies. So there's
| yet another layer of anonymity if you buy an Amazon gift card
| from a stranger/service then use it for a physical Mullvad
| activation code.
| freediver wrote:
| Who really needs this kind of anonymity?
| mt_ wrote:
| Someone who lives in country, where their freedom of speech
| might compromise their safety a physical freedom.
| freediver wrote:
| How many countries like that are there? What are some
| examples? Then how many people in those countries?
|
| That can't be Mullvad's target market? New to VPNs, forgive
| the ignorance.
| anonporridge wrote:
| This seems like a silly extra step to add when you can just
| purchase Mullvad service directly with monero for a 10%
| discount.
|
| It might even be more likely to deanonymize you since you're
| forced to interact with a physical thing. It's an extra step in
| the obfuscation chain that _adds_ personal information (mailing
| address at least) that wouldn 't be added otherwise.
|
| I suppose if you were forced to use a non anonymous crypto like
| bitcoin that can be easily tracked, there might be some value
| to this extra step.
| prophesi wrote:
| Yeah I would say mailing in cash without a return address or
| using Monero are the best options. Shipping would be the most
| difficult to preserve privacy; even a P.O. box will at least
| indicate your locality. I'd definitely like to hear how the
| voucher cards work and if that leaves a trail on a Mullvad
| account.
| jandrese wrote:
| You can have them shipped to an Amazon locker presumably.
| Mailing cash has the downside of having your postmark on
| the envelope.
| timmytokyo wrote:
| It's also kind of silly when you're not anonymous to Mullvad
| or to the data centers Mullvad pays to run its services out
| of. They have your IP address, and it's not that hard to go
| from an IP address to an ISP to an identity.
|
| Don't get me wrong. I think Mullvad is a great VPN service.
| But if people think it's a bullet-proof solution to the
| problem of anonymity, they're fooling themselves.
| abliefern wrote:
| The point is that typically privacy-first VPN providers
| promise not to store your IP but have to store your payment
| details for practical reasons.
| cosentiyes wrote:
| Is there a good way to receive the physical good without
| providing your address, though?
| purist33 wrote:
| You can deliver the package to a amazon approved distribution
| center ( I dont know what they call them. Basically a shop
| where they hold your stuff until you come around and pick it
| up ). If you want to anonymize it, you can deliver it to some
| other state's distribution center and drive there to pick it
| up. Even better is to give a stranger your phone, to go and
| fetch it from the store, so that your face isnt visible in a
| CCTV cameras near the store, and while they come back to
| deliver it to you, you can fake a mugging and "steal" your
| own phone and the gift card while wearing a PPE kit or
| something, so that they dont know your dimensions.
| vorpalhex wrote:
| "Officers, I just saw a mugging. Can you please send
| someone?"
| hansword wrote:
| Do you, by chance, write cheap adventure stories for a
| living?
|
| Cause this sounds like something I read a few months ago. A
| pretty silly plan.
| purist33 wrote:
| Wasn't it clear enough that I meant for it to be silly ?
| cosentiyes wrote:
| Poe's law strikes again :P
| [deleted]
| airdrop wrote:
| edm0nd wrote:
| Use a reshipping services or just find a drop site you have
| mail access to and know that no one will be home when its
| likely to be delivered. In my carding days in the late 90s -
| early 00s, I would use houses being built that were not
| occupied yet or still under construction. Carded many
| Rolexes, Oakleys, and video games like Starcraft Brood War
| and The Sims this way lol.
| vorpalhex wrote:
| The old trick is to find a house where the owner is on a long
| vacation or not around and mail it there. Of course you could
| lose your package, so adjust risk appropriately.
| thepasswordis wrote:
| Mullvad is absolutely killing it with this stuff.
|
| Mullvad: PLEASE don't sell your company.
| dosshell wrote:
| My impression of Fredrik and Daniel is that they are
| passionated about the technology - not making a startup exit.
| If they did an exit, which i don't think they do, it would
| probably be because they want to go back to a smaller company
| again. They would just start a new smaler vpn service after
| they got paid.
|
| disclaimer: I'm a random dude on the internet that thinks he
| know more than he does.
| nadmone wrote:
| I think it is increasingly likely they will have to shut down
| (or at least move) the company to remain principled. Just in
| recent years Sweden haphazardly requested to joined NATO (and
| is kowtowing to Turkey), sim cards started requiring
| registration and it became illegal not to register where you
| live. And there is very little in terms of developments,
| politics or people to suggest that it will stop anytime soon.
| Cederfjard wrote:
| I'm not sure what insinuation you're trying to make by
| saying that Sweden's request to join NATO is "haphazard",
| but I'm pretty certain I don't like it.
|
| SIM cards requiring registrations is a development in the
| direction towards less privacy, I'll give you that.
|
| Lastly, since when has it been optional to be folkbokford
| in Sweden?
| nadmone wrote:
| It was always required but not illegal. Which made it
| impractical but still an option not to do so. It wasn't
| uncommon for people living with their friend, partner or
| in a bad neighborhood to remain registered somewhere
| else. Now it is illegal and people actually get sentenced
| in court for living a month with their girlfriend without
| letting the government know. And it is already being
| selectively enforced against those the government doesn't
| like but can't prosecute for something else.
|
| You might not like it but it is true. Finland had a plan
| to join NATO in case they felt they had to. And when that
| happened they had plenty of political and public debates
| and support. Sweden's plan was to cooperate with Finland.
| In the declaration of government from late last year it
| was declared that Sweden shouldn't join NATO. So when
| Finland wanted to join NATO Sweden no longer had a plan
| and therefor without convincing debate or support also
| requested to join NATO.
|
| This is important because laws, policy and principles
| aren't worth much if you can quickly change them. Sweden
| has shown itself capable of changing fundamental things
| if it is sufficiently freaked out. And to do so without
| much resistance or recourse. As Sweden had no
| alternatives, and with many even stating so publicly, it
| also isn't in much of a position to resist demands from
| the US or other countries like long standing members
| would. It is likely that Sweden will become a "Nine Eyes"
| country like Denmark which has resulted in numerous
| incidents for them in recent years.
|
| And these are not the only examples. It's everything from
| Swedish police using teargas for the first time in
| history with barely anyone noticing to not being able to
| publish scenic drone footage without approval.
| 2OEH8eoCRo0 wrote:
| Every man has his price.
| ccn0p wrote:
| ...says every founder ever!
| stjohnswarts wrote:
| I think any successor company will be aware that probably 50%
| would quit right away. It's reputation would plummet like a
| piece wise linear cliff.
| sshine wrote:
| I'm pretty sure they won't.
|
| https://mullvad.net/en/about/
|
| About us
|
| Mullvad VPN AB is owned by parent company Amagicom AB. The name
| Amagicom is derived from the Sumerian word ama-gi - the oldest
| word for "freedom" or, literally, "back to mother" in the
| context of slavery - and the abbreviation for communication.
| Amagicom stands for "free communication".
|
| The team
|
| Mullvad VPN AB and its parent company Amagicom AB are 100%
| owned by founders Fredrik Stromberg and Daniel Berntsson who
| are actively involved in the company.
| xyst wrote:
| never say never!
|
| The successors (family) to Fredrik and Daniel might have a
| different view.
|
| At least in my lifetime, I won't be worried
| sph wrote:
| May they live long and healthy, then.
| rufusroflpunch wrote:
| Love Mullvad. Wish they would hurry up on Lightning Network
| integration.
| xd1936 wrote:
| ...butwhy.gif
|
| This would be a weird gift to give.
| Etheryte wrote:
| Privacy. Privacy is Mullvad's whole central thesis. When you
| use a credit card to sign up, they're legally required to keep
| tabs on you. If you buy a gift card off Amazon and use that to
| pay for your VPN, Mullvad will have no idea who you are and
| can't give much information on you even when forced by a court.
| hobabaObama wrote:
| But wouldnt it be possible to connect to gift card and then
| ask Amazon about it?
| bearmode wrote:
| Amazon won't have a clue what the code you got was. Only
| you do.
|
| They'll know you bought a code, but won't have any way to
| connect your purchase to a VPN user. You might not even be
| redeeming the code yourself.
| PurpleRamen wrote:
| The code must be scratched free first, so I assume Amazon
| doesn't know the code, and thus can't link it to a specific
| account. And I assume Mullvad themselves are not linking
| the code to an account either, but just checks validity and
| then charges up the account by the value.
|
| There are probably indirect ways to force a linking, but
| they are probably also highly illegal. And people could
| also just exchange gift-cards or use more indirect ways to
| buy the cards, to dilute those data further. So overall
| this is a rather useful solution, as long as more than a
| handful people will buy them through amazon.
| haswell wrote:
| > _The code must be scratched free first, so I assume
| Amazon doesn 't know the code_
|
| This is the part I'm not following. Unless Amazon takes
| specific steps to intentionally not track the code (and
| this doesn't sound very Amazon-like) , why would we
| assume Amazon doesn't know the code?
|
| The scratch off protection is to prevent shoppers from
| seeing the code in stores, and to provide assurance that
| the card hasn't been used yet ("used" as in the number is
| now in someone's possession).
|
| Edit: I misinterpreted the nature of these cards and
| commented prematurely.
| CaptainNegative wrote:
| My understanding is that Amazon is not the one printing
| these cards. Unless they go out of their way to scratch
| the card off themselves and then cover it back up or
| create a knockoff, the pack of activation cards they
| receive are all effectively indistinguishable from
| Amazon's point of view. They could track which of the
| various indistinguishable cards was shipped where, but
| that doesn't help towards determining who was shipped any
| given code.
|
| The above attack might be a possibility if you're already
| being actively tracked by the NSA, but at the very least
| this approach gets you some degree of forward privacy in
| case the NSA only starts hardcore snooping after the card
| was already delivered to your door. Whether or not it is
| a useful degree of privacy is out of my area of
| expertise.
| [deleted]
| Raed667 wrote:
| If the code is physically printed on a card that needs to
| be scratched. Amazon wouldn't know which code went to which
| person.
| caeril wrote:
| Good point.
|
| A $1.3T behemoth that readily reports Ring data to the
| pigs and runs large-scale cloud contracts with the Feds
| totally won't run these cards through a UV-B or X-ray
| scanner to correlate and log the activation codes.
|
| You're 100% safe with Amazon. Hell, they even have a
| smile in their logo. Who could possibly doubt that?
| GameOfFrowns wrote:
| A friend of mine is going to spend some months doing work in
| Turkey. This would be a useful gift for them.
| KindAndFriendly wrote:
| There is this really great South Park episode where one of the
| characters has the 'ability' to distinct between actual news
| content and advertisements disguised as news [1].
|
| I feel like this is - sadly - more and more required as well when
| browsing HN as there seem to be more and more postings where an
| advertisement is disguised as 'hacker news'.
|
| Can someone enlighten me how the availability of coupon codes for
| a VPN provider on Amazon is considered news?
|
| [1] https://www.youtube.com/watch?v=J7XOCG_P6o4
| surfpel wrote:
| The South Park episode discusses advertisements that are
| disguised as news to get clicks. That's deceptive and bad.
|
| This is a product announcement from a startup. HN is all about
| products and startups and this one in particular is popular
| here. Advertisements aren't necessarily bad, and as far as ads
| go, this one is the best kind.
|
| Fun fact: The original name of HN was actually "Startup News".
| YetAnotherNick wrote:
| Because mullvad has no info who bought this, so if they get any
| warrant or anything asking to track someone, they could say
| they can't technically do that.
| humanistbot wrote:
| But Amazon straight up gives camera access to Ring Doorbells
| to police without user consent or a court warrant. If you're
| paranoid and a Mullvad customer, you should probably treat
| Amazon as if it was a part of the US government.
| vlovich123 wrote:
| Non sequiter. All the government could force Amazon to
| reveal is that you purchased that gift card. They can't A)
| prove that you used it vs handing it out as a gift B) tie
| the purchase to a specific Mullvad account.
| abc_lisper wrote:
| Unless, the card has a visible QR/bar code that is 1 to 1
| with the hidden code. Then we are f*ed. Not mentioning
| this a criticism, I like Mullvad, bought this card a
| couple of days ago and thought about that case when
| buying it.
| humanistbot wrote:
| Non-sequitur, but no worries.
|
| To a prosecutor, that means they have a conspiracy or
| even RICO case on their hands.
| dosshell wrote:
| This got me thinking...
|
| The government do get a limit number of potential users.
| Can this together with fingerprints, ping latency(?) etc.
| be used together with amazon info to narrow down the vpn
| user (in theory) or is that impossible?
|
| For example, if mullvad only had 5 users in separate
| continents, could one measure the latency and
| crossreference with a amazon buy history to identify the
| vpn user?
| ipaddr wrote:
| Yes... You are better off with a prepaid credit card.
| rightbyte wrote:
| You could probably guesstimate the Mullvad<->user ping by
| looking at the time between sequential chained requests.
| That would give a (noisy) circle.
| ibejoeb wrote:
| It's not a coupon or a promotion. It's an alternative payment
| method so that Mulvad does not need to store any identifying
| information about its customers. See
| https://mullvad.net/en/blog/2022/6/20/were-removing-the-opti...
| for information about the situation they are mitigating.
| pjbeam wrote:
| I sometimes find the things being advertised interesting. Not
| because I want to buy them but rather things being pushed and
| who pushes them can help stay abreast of what's happening in
| the world.
|
| A specific example from a little while ago in my life--I saw an
| article advertisement for Microsoft's sovereign cloud offering.
| I thought this was interesting because I think the Internet is
| balkanizing over time and how megacorps try to play in that
| scenario interests me.
|
| I still don't know that it qualifies as news, to your point,
| but Amazon involvement, however incidental, in Mullvad is a
| datapoint I'm glad to have.
| [deleted]
| epistasis wrote:
| HN is pretty explicitly about commerce and specifically tech
| related to commerce. It's one of the few places I frequent
| where self-promotion is encouraged.
|
| This is part of what makes HN unique and great in terms of tech
| news sites.
|
| I don't use a VPN, but am glad to know of product offerings
| like this. If this is an "ad" then bring it on, I say.
| uo21tp5hoyg wrote:
| I assume in this context it's because HN isn't just an
| aggregator but is instead also a community, a community in
| which Mullvad is rather popular with (given previous discussion
| on the topic). So yes it's an advertisement but it's also
| relevant news to this community, personally speaking the "News"
| post here about Mullvad supporting Monero is what finally made
| me switch over to it, so the news and ad were relevant to me as
| a part of this community. (and it was relevant without them
| tracking my every movement, how is that possible??)
|
| I think people here are also interested in the steps Mullvad
| takes to improve user payment privacy, as again every time
| "news" about new methods of payment or concealment of user
| payment history is always met with high praise and interest.
| (as far as I've seen anyway)
| registeredcorn wrote:
| >yes it's an advertisement
| uo21tp5hoyg wrote:
| The original blog post is an advertisement, they are
| advertising a new payment method. Whether or not _this_
| specific post on HN linking to the advertisement is also
| "just an ad" is what's up for debate.
| registeredcorn wrote:
| The thing up for debate is whether or not the
| advertisement, advertising their new payment method, is
| an advertisement?
| pvg wrote:
| _Please don 't complain that a submission is inappropriate. If
| a story is spam or off-topic, flag it._
|
| https://news.ycombinator.com/newsguidelines.html
| 0______0 wrote:
| Perhaps news to some, non-news to some. Why do we allow
| "product launches" on HN? Why let anything with a commercial
| motive ever appear on this forum? Because HN serves a very
| broad audience, and consequently allows information that might
| not pertain to everyone but still deemed valuable by some.
| gzer0 wrote:
| I have been (and still am) a long term supporter and subscriber
| of Mullvad services. I don't forsee that changing.
|
| One concern though, is the blanket blockade of their IP addresses
| accross multiple services; I'm not talking about the avalanche of
| captcha's one must deal with, but for example: I wasn't even able
| to update a fresh install of ubuntu via sudo apt-get update &&
| sudo apt-get upgrade... it refused to connect to mullvad IPs.
|
| I've been running into this problem more and more, first it was
| linux distro issues, then, my gaming client, and perhaps the
| worst, Github itself.
|
| I'm not sure what the solution is here, since Mullvad provides
| unparalleled respect of privacy; but the IP's they use are almost
| always associated with the highest levels of fraud.
|
| Perhaps, this is the price I am willing to pay for privacy done
| right. Props to Mullvad, for being the best in that regard.
| bbertelsen wrote:
| You will get less captchas if you use their socks proxy.
| https://mullvad.net/en/help/socks5-proxy/
| jsheard wrote:
| I've found that M247 IPs are the most problematic, every single
| one of their IPs seems to be blocked by Imgur for example
|
| Thankfully Mullvads client lets you filter servers by provider
| so it's easy to take M247 out of rotation
| ntauthority wrote:
| Anecdotal point of data: M247 seems to run a lot of bad-faith
| traffic as well - while a service I run tries to keep block
| lists minimal even for frequently abused endpoints (eg
| credential stuffing) their ASNs are a mainstay in there.
| ev1 wrote:
| Same - I get an absolutely comedic amount of abuse from
| M247.
| CommieBobDole wrote:
| Almost every site I've seen blocked on Mullvad seems to show a
| Cloudflare 'access denied' page. Since most sites using
| Cloudflare still work, I assume there's an option for site
| owners to block known VPN addresses.
| Cthulhu_ wrote:
| > since Mullvad provides unparalleled respect of privacy
|
| This is both their selling point and their main problem;
| privacy means criminal abuse. This is true for all kinds of
| anonymity, hiding your tracks, hiding your payments, etc; TOR,
| cryptocurrencies, encrypted chat, they all suffer reputation
| damage due to criminal abuse.
|
| And there is no obvious solution that does not impede users'
| privacy, as far as I know.
| Geonode wrote:
| There will always be crime. Trying to prevent crime leads to
| reducing freedom, and not crime.
| rightbyte wrote:
| I like the trade off of locking my door over the freedom of
| not needing a key.
|
| I would not be so fatalistic about impossibility of
| policies that respect privacy.
| marginalia_nu wrote:
| This is arguably one of the big problems with the Internet
| today.
|
| On the one hand, browser automation is _extremely_ effective
| and nearly indistinguishable from human traffic, and bot
| traffic often eclipses that of human visitors, depending on
| what you 're serving, consuming an enormous amount of
| resources.
|
| On the other hand, using IP-reputation to decide who gets a
| captcha is one of the few methods that undeniably works. It's
| really unfair and I wish it didn't have to be that way, but at
| least for my websites, I can't serve traffic to human visitors
| if I don't discriminate against these IP blocks with captchas
| and whatever. I just don't have the hardware. The bot traffic I
| get is something like 50x that of sitting at #1 on the HN front
| page.
| humanistbot wrote:
| > On the other hand, using IP-reputation to decide who gets a
| captcha is one of the few methods that undeniably works
|
| For a particular definition of "works." Giving everyone a
| captcha would also "work", but with different tradeoffs.
| marginalia_nu wrote:
| Well of course, shutting down the server works too, I mean
| works in the context of reducing false positives while very
| effectively blocking most bots.
| 3np wrote:
| I've been thinking a bit abut trying out something different
| here. What I have in mind would be an alternative method that
| the user can opt for instead of the captcha (if flagged). It
| would be for those privacy people on Tor or Mullvad or what
| have you and will not compromise on privacy but may be a bit
| more techy/involve some form of crypto (no investments or new
| coins etc tho).
|
| So you'd still have the CAPTCHA of today but with an
| alternative.
|
| Assuming it's something that would seem to be a usable and
| smoother solution for those people you are today locking out
| or providing a hassle for without significant increase of
| malicious bots (maybe you'll even get less if it works all
| right and it means you can tune up the aggressiveness in the
| rest of the system), about how much willing would you be to
| try something out?
|
| (I'm aware of PrivacyPass but IME while I did have it work at
| times, most of the time it works extremely poorly to the
| point of being unusable on both Cloudflare and hCapctcha,
| while maintenance and support seem on the backburner)
| drcongo wrote:
| I have Mullvad switched on 24/7 and I've not come across this.
| I wonder if there's a difference across regions.
| OJFord wrote:
| Ironically it's Amazon (just the e-commerce site, not AWS) that
| gives me most grief!
| helios_invictus wrote:
| Xerobank did something like 10 years go. Just handed out cards
| with random User/Pass combos, and said have at it!
| newfonewhodis wrote:
| I just switched over from PIA to Mullvad like last month or so.
| Really surprised that Mullvad asked for literally no information
| from me - no username, password, email etc. I'm setting reminders
| on my calendar to remember to add more time to my account, but
| other than that, VPNs shouldn't have more info than that.
|
| More on topic: Doesn't say on the page, but does the card ever
| expire?
| nibbleshifter wrote:
| When will I be able to buy a Mullvad from IKEA?
| highwaylights wrote:
| Nicely done.
| ezekg wrote:
| Why stop there? How about privacy cards in every big box store?
| comprev wrote:
| Wooooosh :-)
| ezekg wrote:
| Shoot. What'd I miss?
| [deleted]
| wyldfire wrote:
| Mullvad is actually the name of the Swedish meatballs with the
| integrated recliner. Hot new item for 2022 so they're
| backordered.
|
| EDIT - apparently this hit a sensitive topic, sorry to offend
| IKEA or Mullvad fans
| cinntaile wrote:
| The u doesn't exist in the Swedish alphabet.
| andrewflnr wrote:
| Yes, I'm sure it was the Swedish alphabet purists who
| downvoted.
| cinntaile wrote:
| Maybe the Ikea naming purists did, they happen to
| coincide ;).
| wyldfire wrote:
| Well, given the response I'm definitely not going to
| follow it up with anything about moose.
| icelancer wrote:
| Mynd you, moose bites Kan be pretti nasti
| aliqot wrote:
| You don't have to buy from anywhere, you can scribble your
| account number on some newspaper wrapped around cash, send it
| in, and they credit you. I'd be surprised if you couldn't get
| some credits for a batch of chocolate chip cookies or
| something, they accept so many forms of payment.
___________________________________________________________________
(page generated 2022-07-26 23:01 UTC)