On a side note, buttons icons on this page won't load without javascript. I cannot comprehend what would justify such decision.
opem 2 hours ago [-]
The page already contains link to both of these resources
john_strinlai 2 hours ago [-]
right. but one of those resources contains much more context than the other, making it much more suitable for the submission link.
Cider9986 42 minutes ago [-]
If you us Mullvad browser, which has built in proxies, this isn't an issue because it doesn't use wireguard.
The browser also has a cool feature in the browser extension called Random mode. This gives you a different IP for each site, improving your privacy.
Cider9986 42 minutes ago [-]
You can probably also use it on regular Firefox.
mjevans 2 hours ago [-]
I'd really like some version of E.G. Librewolf configured to spoof the exact SAME information no matter who's using it. Like standard resolution for a 1080p monitor, the same GPU profile, Allow device timing stuff to work but with a fixed profile etc.
Effectively, stop spoofing random data, start spoofing still useful but not for finger printing data.
Or tor browser, where all the features came from. You can also enable it on firefox with privacy.resistFingerprinting enabled.
whilenot-dev 12 seconds ago [-]
[delayed]
traceroute66 1 hours ago [-]
> You can also enable it on firefox with privacy.resistFingerprinting enabled.
Not the same thing.
I use both Firefox and Mulllvad Browser side-by-side on a regular basis and in practice Mullvad Browser is far more aggressive in its privacy preserving measures to the extent that you do sometimes stumble across websites that are "broken" in Mullvad Browser but work fine in Firefox, for example the animated map features on the Ventusky website (which, IIRC, breaks because Mullvad is more aggressive at blocking JS graphics functions).
andrewstuart 3 hours ago [-]
Do VPNs pay retail ISPs for exit points?
TkTech 3 hours ago [-]
No, not usually. Few ISPs are willing to risk blacklisting.
Just like scrapers (and a lot of VPNs are quietly using their custom VPN clients to sell your own IP [and data] to scrapers) it's mostly a "don't ask don't tell" situation for IP sourcing. You use a multitude of IP providers and if a scandal happens you just say "We didn't know!" and move on to the next. Almost always grey-market, very rarely through legitimate providers.
tiffanyh 1 hours ago [-]
I see DataPacket.com have VPN clients.
Does anyone know if this is any issue for non-vpn users of datapacket.com?
>Does anyone know if this is any issue for non-vpn users of datapacket.com?
Probably not that much worse than other VPS providers with trashed IP reputations, eg. digital ocean, vultr, ovh. If you're blocking bots, the first thing to block is any datacenter ip ranges, not just known VPN servers.
r_lee 2 hours ago [-]
why is this downvoted? I'm not aware of a single ISP that would willingly let VPN providers use their ip blocks for their exit nodes
2 hours ago [-]
dtech 3 hours ago [-]
Not retail ISPs, but many extensions and free VPNs route VPN traffic through the connections of those who use them.
joxdosba 2 hours ago [-]
This isn’t correct, the residential IPs are a completely separate and vastly more expensive product.
> Will other users of tuxlerVPN be able to connect using my IP address?
"When you use our free residential VPN, you automatically agree to add your IP address into the community pool. This means that you are trading your own IP address in return for the ability to connect via the IP addresses of other users. You can opt out of this by purchasing our premium subscription; once you upgrade to the premium version, your IP address will be removed from our community pool."
preinheimer 2 hours ago [-]
I mean, most “residential proxy” providers are selling access to hacked devices, or sneaky plugins
Most people think switching VPN servers completely resets correlation, but subtle infrastructure patterns like deterministic exit-IP allocation can still create linkage signals without actually exposing identity.
The fact that Mullvad openly documented it instead of silently patching it is probably the best part here.
j027 1 hours ago [-]
This sounds like some LLM to me
captn3m0 55 minutes ago [-]
Just flag and move on.
willis936 2 hours ago [-]
Is this at all related to Wyden's recent congressional warning? Are any other VPN providers speaking up on this?
And what evidence do you have that this May 14th disclosure has nothing to do with Wyden's March warning? If you remember your history you'll know Wyden tried to shake the Snowden revelations out before the Snowden revelations.
Dismissing Wyden's remarks as "american politics" is near equivalent to dismissing the entire notion of VPN security.
Mullvad has explicitly given their reasoning. That's the evidence. Now the burden of evidence is on you to show that these things are connected since you are the one challenging Mullvad's claim.
john_strinlai 1 hours ago [-]
>Dismissing Wyden's remarks as "american politics"
its a letter signed by american politicians, addressed to an american agency, about american citizens.
no scare quotes are needed around american politics.
(mullvad is swedish)
willis936 58 minutes ago [-]
And would you classify Snowden's revelations the same?
The pattern is "Wyden rings the bell about a dragnet and then we learn the details about it". It just seems like an extraordinary claim with no extraordinary evidence to say that "person warning about VPN compromises has not motivated any of Mullvad's recent security work". Just provide that evidence for your claim.
john_strinlai 54 minutes ago [-]
>It just seems like an extraordinary claim
what? it's not extraordinary at all. mullvad has a long history of being very security conscious. they do not wait for american politicians to direct their security work. i will stress again, mullvad is a swedish company.
feel free to read the co-founder's HN comment right here: https://news.ycombinator.com/item?id=48145679. they found out about the issue via the blog post, looked into it, and fixed it. end of story. (it says as much in the first line of mullvad's blog post too...)
which is the blog post, rather than a list of exit servers
related to this post: https://news.ycombinator.com/item?id=48143880
https://datatracker.ietf.org/doc/rfc5737/
The browser also has a cool feature in the browser extension called Random mode. This gives you a different IP for each site, improving your privacy.
Effectively, stop spoofing random data, start spoofing still useful but not for finger printing data.
Not the same thing.
I use both Firefox and Mulllvad Browser side-by-side on a regular basis and in practice Mullvad Browser is far more aggressive in its privacy preserving measures to the extent that you do sometimes stumble across websites that are "broken" in Mullvad Browser but work fine in Firefox, for example the animated map features on the Ventusky website (which, IIRC, breaks because Mullvad is more aggressive at blocking JS graphics functions).
Just like scrapers (and a lot of VPNs are quietly using their custom VPN clients to sell your own IP [and data] to scrapers) it's mostly a "don't ask don't tell" situation for IP sourcing. You use a multitude of IP providers and if a scandal happens you just say "We didn't know!" and move on to the next. Almost always grey-market, very rarely through legitimate providers.
Does anyone know if this is any issue for non-vpn users of datapacket.com?
https://www.datapacket.com/case-study/nordvpn
Probably not that much worse than other VPS providers with trashed IP reputations, eg. digital ocean, vultr, ovh. If you're blocking bots, the first thing to block is any datacenter ip ranges, not just known VPN servers.
> Will other users of tuxlerVPN be able to connect using my IP address?
"When you use our free residential VPN, you automatically agree to add your IP address into the community pool. This means that you are trading your own IP address in return for the ability to connect via the IP addresses of other users. You can opt out of this by purchasing our premium subscription; once you upgrade to the premium version, your IP address will be removed from our community pool."
https://medium.com/@xianghangmi/resident-evil-understanding-...
Technical paper: https://ieeexplore.ieee.org/document/8835239
Most people think switching VPN servers completely resets correlation, but subtle infrastructure patterns like deterministic exit-IP allocation can still create linkage signals without actually exposing identity.
The fact that Mullvad openly documented it instead of silently patching it is probably the best part here.
https://www.wyden.senate.gov/imo/media/doc/wyden_letter_to_g...
Dismissing Wyden's remarks as "american politics" is near equivalent to dismissing the entire notion of VPN security.
https://www.washingtonpost.com/politics/after-years-of-obscu...
its a letter signed by american politicians, addressed to an american agency, about american citizens.
no scare quotes are needed around american politics.
(mullvad is swedish)
The pattern is "Wyden rings the bell about a dragnet and then we learn the details about it". It just seems like an extraordinary claim with no extraordinary evidence to say that "person warning about VPN compromises has not motivated any of Mullvad's recent security work". Just provide that evidence for your claim.
what? it's not extraordinary at all. mullvad has a long history of being very security conscious. they do not wait for american politicians to direct their security work. i will stress again, mullvad is a swedish company.
feel free to read the co-founder's HN comment right here: https://news.ycombinator.com/item?id=48145679. they found out about the issue via the blog post, looked into it, and fixed it. end of story. (it says as much in the first line of mullvad's blog post too...)