One of the best things you can do to protect your data and privacy while online is to use a good VPN. Not all VPNs offer equally good protections; some even collect and sell user data.
Mullvad VPN is already offering some of the strongest privacy protections in the industry. This begins with options to buy access anonymously, but does not end there. You may also run Mullvad Browser, a hardened fork of the Firefox web browser.
Also great:
Mullvad announced a new protective feature against AI-based traffic analysis in May of this year. Defense against AI-guided Traffic Analysis (DAITA) is designed to protect user data against the growing thread of the use of AI to analyze traffic to identify patterns and users, even when VPNs are used.
This form of traffic analysis works in the following way according to Mullvad:
- Whenever you visit a website or use a service on the Internet, network packets are transferred.
- While ISPs and network listeners do not know the content of these packages, they do know a) the size of the packets, b) when and how often they are sent.
- AI may identify websites, services, and even people you message based on network packages.
DAITA
DAITA is designed to protect against any form of network packet analysis to determine visited websites, services, or communication.
This is achieved in the following way (again according to Mullvad):
- DAITA changes the size of all packets send over the VPN to be the same size.
- Random background traffic is added to the communication.
- Data pattern distortion by sending cover traffic between the client and the VPN server.
DAITA is available in Mullvad VPN for Android already. You need to enable ti manually under Settings > VPN Settings > DAITA.
Note that DAITA works with select servers, Mullvad lists Amsterdam, London, Los Angeles, and New York, at the time.
Do you use a VPN service? If so, which and why this one? What is your take on Mullvad’s new privacy feature? Feel free to leave a comment down below.
I used DAITA on the Mullvad Windows app for several weeks. Note that it is available via any server; if you’ve enabled it in the app and choose a server that’s not DAITA-enabled, Mullvad automatically muti-hops you to one that is. If you don’t want this, you can also configure the app to restrict connections to direct-DAITA-enabled servers, or to not use DAITA at all.
My take is that DAITA may be beneficial for high-risk situations, and will probably become the default for VPNs at some point, but for now is excessivly paranoic for my situation. Even if your encrypted VPN traffic is being surveilled by a nation-state using AI, they may be able to use it to guess what you’re connecting to, but that’s not the same as saying they can actually read your traffic. I no longer use DAITA.
“Even if your encrypted VPN traffic is being surveilled by a nation-state using AI, they may be able to use it to guess what you’re connecting to, but that’s not the same as saying they can actually read your traffic.”
I actually watched a few videos where they pretty convincingly proved that with IPS surveillance they can find the endpoint of your connection. And if the ISP of the website you accessed will cooperate, they can see whatever you are doing in real time even with the best VPN. So they can easily track your browsing even through VPN if you are a high value target of surveillance. They are not tracking everybody. This kind of surveillance is still resource intensive.
With encrypted messengers it is more difficult. They need to get a key for your chat session from somebody from the company that owns maintains messenger’s network. So VPN for encrypted messaging is a must only in countries where you can go to jail just for talking with somebody on your country’s enemy country list regardless of content of conversation. If you are in Russia or Iran, for example, you better use VPN.
As soon as my NordVPN subscription ends, I will try Mullvad VPN. I was sold on Mullvad VPN a while ago, but NordVPN got me for 26 month subscription about a year ago. NordVPN is OK for Windows and Google TV, but I could not make it work on Android.
I’ve been using Mullvad VPN for several years now and I’m very pleased with its performance on my Windows machine, but I’m not so enthusiastic about installing a VPN on my Android phone for the simple reason that connectivity checks can’t be prevented. This has been confirmed by Google which has flagged it as Won’tFix: https://issuetracker.google.com/issues/250529027
However, Mullvad has published a workaround in their blog article which they published on October 10, 2022. That said I haven’t taken the suggested steps since I never use my phone’s browser. I simply don’t like the size of the screen and much prefer the 1980p screen on my laptop which runs on Windows 8.1.
Mullvad however doesn’t support the VPN on any OS below Windows 10. To get around that problem I’ve installed the independent Wireguard app which can be downloaded from https://www.wireguard.com/ All that’s necessary to do afterwards is to generate a key pair on the Mullvad site and then download either the whole set of Wireguard servers, or just the ones you’re interested in. As additional network security I’ve configured the Mullvad SOCKS 5 proxy. The IP for that in FF Network Settings is 10.64.0.1 with Port set to 1080. So even if the VPN should go pear-shaped the SOCKS 5 will ensure continued security. These two run perfectly well together and can be checked on https://browserleaks.com/ip if you have any doubts. The SOCKS 5 also prevents Internet connections if you forget to enable the Wireguard app before going online.
Martin wrote an article a short while ago about how all Mullvad runs completely in RAM now which is well worth reading as well: https://www.ghacks.net/2023/11/11/mullvads-public-encrypted-dns-servers-run-in-ram-now/