DAITA: Defense Against AI-guided Traffic Analysis
-
Hey they did support it until they were getting difficult legal requests because some users were abusing it, and getting turned away by different hosting providers.
They shut it down to protect the rest of us who use it without abusing it.
https://mullvad.net/en/blog/removing-the-support-for-forwarded-ports
Unfortunately port forwarding also allows avenues for abuse, which in some cases can result in a far worse experience for the majority of our users. Regrettably individuals have frequently used this feature to host undesirable content and malicious services from ports that are forwarded from our VPN servers. This has led to law enforcement contacting us, our IPs getting blacklisted, and hosting providers cancelling us.
The result is that it affects the majority of our users negatively, because they cannot use our service without having services being blocked.
I know the port forwarding thing can be a deal-breaker for some people, but it's not Mullvad's fault that they needed to remove this to be able to continue providing quality services for the rest of their customer base.
This is sadly one of those "this is why we can't have nice things" type deals because when enough people abuse it, it becomes a problem. I have no ill will towards Mullvad for taking it away when it became financially and legally foolish to continue doing so.
-
Agreed!
They have a “Why privacy matters!” guide I keep sending to people;
-
They did at one point, but they removed it due to constant abuse.
-
Now I’m curious if the vpn I use will consider a similar approach going forward (PIA).
-
How are other VPN services able to do port forwarding without having this problem?
-
-
What’s the benefit of port forwarding when using a VPN?
-
-
Seems like it will cost Mullvad more for bandwidth. Great feature overall, very similar to Monero's Dandelion++
-
AirVPN doesn't.
-
Given how often I see articles where a pedo was caught because they were sending photos over telegram unencrypted or similar. I do think many are that stupid.
-
I think that's another reputable VPN?
Then my theory might be debunked or they will get forced to cut off port forwarding too
-
If ya do it right, you can't distinguish the signal from the noise. Encryption makes data look random. So if you send dummy random data then it just looks like constant random data. No signal is distinguishable.
-
It's nice, but it brought my speeds to a crawl.
-
This is accurate when using the BT protocol. However if you have uTP (Micro Transport Protocol) enabled, it has "support for NAT traversal using UDP hole punching between two port-restricted peers where a third unrestricted peer acts as a STUN server."
-
Much like other criminals, only the stupid ones get caught. Look at how many of those articles say that they'd been doing it for decades. Many more of them are out there right now.
-
I'm not sure. Some people say that because they're in Italy which is part of the N eyes, they're not trustworthy.
Then there's the fact that they haven't been audited independently. The admin says it's because audits are security theater not real proof of privacy, so he'd rather not give some 3rd party root access to the servers.
-
Let's give credit where it's due: https://github.com/maybenot-io/maybenot
The Maybenot Framework (FOSS) is how Mulvad pulls this off, and if you run your own VPN you can use this too! Mulvad is a contributor, so good on them.
-
If I understand it correctly, it's an app feature (or is it server side?). I'm interested since I use mullvad on router.
