Another audit, same result - Mullvad proven secure and log-free in latest audit check

Sunshine (she/her)@lemmy.ca · 22 hours ago

Another audit, same result - Mullvad proven secure and log-free in latest audit check

emergencycall@fedia.io · 21 hours ago

A penetration test is not an audit and does not provide any such assurance that logs are not retained. The goal of a penetration test is to penetrate via vulnerabilities and misconfigurations, not validate public logging claims about a service

Vicinus@piefed.zip · 21 hours ago

The audit covered every public-facing component of Mullvad’s online presence, including the website, the Tor-only Onion service, the rsync setup, and the internal content management system (CMS). Each of these elements was examined for common attack vectors, misconfigurations, or any signs of hidden data collection.

I believe checking the “internal content management system (CMS)” is what they are using to say there were no logs.

They linked a more detailed report in the article, but I didn’t look at it. It may contain something different than my takeaway from the article.

Weslee@lemmy.world · 8 hours ago

The content management interface for the Mullvad VPN web application is a Django ap- plication that allows content administrators to manage the blog, help guides and similar articles.

Doesn’t look like the CMS is anything to do with the VPN service itself.

emergencycall@fedia.io · 12 hours ago

Your belief is wrong. That is not what a penetration test does. They are looking at it from the outside.

ordnance_qf_17_pounder@reddthat.com · 21 hours ago

Ah, Mullchad. The best VPN for those who don’t need port forwarding.

Laser@feddit.org · 19 hours ago

Still on PIA despite the sketchy history just for that feature.

cantankerous_cashew@lemmy.world · 11 hours ago

Im in a similar situation, using protonvpn. CEO has unsavory political views but the service has been fantastic

rycee@lemmy.world · 17 hours ago

OVPN also has port forwarding and are pretty transparent.

Laser@feddit.org · 8 hours ago

I’ll check it out when my current subscription expires.

PrimeErective@startrek.website · 19 hours ago

I wish they would make a flatpak

prole@lemmy.blahaj.zone · 11 hours ago

If you’re using an immutable distro, you can still use mullvad. I’ve had no problem if I download the rpm (I’m on Bazzite), and install it as a local package. Only annoying thing is that I have to manually update it, but it’s really not hard.

PrimeErective@startrek.website · 11 hours ago

Yeah, it’s easy enough on bazzite, but it’s such a pain on the steam deck to get a VPN working. I haven’t been able to do the manual config lately either

Proton VPN flatpak on steam deck works great though

prole@lemmy.blahaj.zone · 3 hours ago

SteamOS is not that different than Bazzite… Can’t you go into desktop mode, download the RPM from the mullvad site, and install the local package using “rpm-ostree” in command line?

Drasglaf@sh.itjust.works · 7 hours ago

You could try CachyOS on the Deck, I used it for a few months and it worked great. It’s practically the same as SteamOS but with pacman and paru available, with all the advantages this brings.

I sold my Deck and bought a Legion Go, and I’m also using CachyOS here. Same results.