Tag: vpn

VPN services offer an excellent way to improve privacy while online. To be precise, good VPN services do, while bad ones either leak your data or sell it outright.

Mullvad is considered to be one of the best when it comes to online privacy. The Sweden-based provider gets audited by third-parties regularly and offers several options to purchase access anonymously.

Mullvad announced this week that it has entered a partnership with Obscura VPN.

The core idea is simple: Obscura VPN uses Mullvad’s servers as exit nodes for its customers. This means, in essence, that the traffic of Obscura VPN customers flows through two independent systems.

In other words, neither Mullvad or Obscura have full control over the data. This may remind you of how Tor operates, or how some VPN services offer multi-hop connections.

The latter pushes the connection through two or more servers in different countries to improve privacy. The difference is that a single VPN provider is in control of all servers.

As for Tor, it uses a three-hop system and comes close to what Obscura offers. Tor is largely operated by volunteers, which means that it can be slow at times and that denial of service attacks happen regularly on top of that.

I published a guide about using multiple VPN services on a single system. It involves virtual systems, which allow you to chain-link as many VPN connections as you like.

Privacy by design, says Obscura

Obscura claims that the system that it uses never sees a user’s browsing history while using the VPN. Here is how Obscura explains it on its website:

• Obscura uses Mullvad for exit hops. This means that it does not know which websites users access.
• Mullvad operates the exit hops, but it does not know the customer. Obscura says that it is masking a user’s real IP address when traffic is relayed to the exit server.

Obscura is available for $6 per month as a starting offer. The regular price is $8 per month according to the website. Users can pay via Credit Card or Bitcoin over Lightning.

One downside right now is that there appears to be a client for macOS only.

Closing Words

The idea behind Obscura VPN is interesting. Combine two VPN services to increase security. The new company still has to prove itself and pass audits. The app code is open source, which is a good start. Support for additional platforms is a must.

What is your take on this? Do you use a VPN service? Would you use a service that offered Obscura’s system? Please leave a comment down below to let us know.

Using a VPN makes sense in a lot of situations. To protect your data when using networks that you do not have full control over, to protect your data from being sold by your ISP, or to access content that would be blocked otherwise.

Services and ISPs may use filters to limit the use of VPNs. This may lead to scenarios where you cannot access specific content while using a VPN.

NordVPN says that it has created a solution for the problem. Called NordWhisper, it is designed to disguise VPN traffic.

The company describes it in the following way:

While standard protocols using obfuscation techniques are effective on networks that prevent access to essential services or public resources, NordWhisper steps in when VPN-specific blocks make connecting to these networks more challenging. This protocol ensures users can browse securely in restricted networks.

NordWhisper mimics regular web traffic, making it more difficult for network filters to identify it. Essentially, it blends in with ordinary internet activity, providing users with a reliable way to browse on restricted networks while maintaining the same strong encryption and security as other VPN protocols.

One downside to using NordWhisper is that it may “be slower than other protocols” due to the way it works.

The feature will be integrated into NordVPN’s applications. First on Windows, Linux, and Android, but all other platforms will also be supported at a later point.

The feature has been in testing for some time. NordVPN customers may check for the availability of the new feature in the following way:

1. Open the NordVPN application.
2. Select Settings > Connection.
3. Activate the menu next to VPN Protocol.

NordWhisper is listed as an option there, if the feature is available already. Tests will show how effective the new protocol really is and whether it can also be used for relatively mundane activities, such as accessing Netflix content in another region.

Regarding VPNs, do you use them? If so, which is your favorite and why? Feel free to leave a comment down below.

Internet users have a few weapons in their arsenal when it comes to disguising their location. Some have good reasons for wanting to do that, from making sure that activity cannot be traced back to them to watching streaming content that is available only in other regions, or paying less for certain goods and services.

Deanonymization attacks try to locate a user through various means. A simple one uses a device’s IP address to find out information about a user.

Deanonymization using Cloudflare

A security research has discovered a new method, one that does not require any user interaction at all. It relies on Cloudflare, which operates one of the largest content distribution networks and certain services, that use Cloudflare for caching.

The main idea behind the attack is this: Cloudflare caches content and there is a way to check cached content on Cloudflare. All you have to do is send a unique file to a user before checking Cloudflare caches for hits. Cloudflare does not cache the unique file in all datacenters, if it is accessed only by a single user.

As a result, you get a hit in a datacenter that is close to the user. Usually, it is the nearest datacenter. Cloudflare operates hundreds of data centers in the world. While that still means that you get a radius of a few hundred kilometers or more, you can still narrow down a user’s location, provided that no other means of disguising the location are used.

The researcher describes the attack using Signal and Discord. In Signal, there are two options. The first sends an image to a user, which requires that the target opens the conversation. If the target has push notifications enabled, this one-click attack turns into a 0-click attack, as the attachment is shown already as part of the notification. All it takes afterwards is to check CloudFlare datacenters to find the one that has cached it (first).

On Discord, users can use custom emojis if they have a Nitro subscription. They can show the custom emoji in their status, which means that anyone opening the profile of the user may have their approximate location checked using Cloudflare.

Combined with GeoGuesser, which is a private Discord bot, it could be used to narrow down a user’s location.

Closing Words

While the attack still means that a radius of several hundred kilometers is returned, it may be possible to combine this attack with others, or use it regularly.. The attack may provide important information on its own, but if done regularly, it could help identify a user who is moving around a lot (e.g. for work).

There is little that users can do to prevent this kind of attack. One option is to disable the auto-accepting of attachments and media, another the use of VPN servers or other means of disguise.

Mullvad announced this week that it has enabled quantum-resistant tunnels in the VPN’s Windows client. The company plans to enable the feature on its mobile clients for Android and iOS in the future as well.

This comes just a few months after Mullvad added protections against AI traffic analysis to its VPN.

What are quantum-resistant tunnels? Put simply, it is hardening the connection to the VPN with stronger protections against attacks.

Mullvad notes that the previously used system has no weaknesses, but that more powerful computer systems could attack it successfully. The company mentions quantum computers specifically.

The updated security protects the connections against potential future attacks that could utilize computer systems that are more powerful than those available today.

Here is the paragraph that describes the improvement in technical terms:

The feature prevents such a future attack using post-quantum secure key encapsulation mechanisms for exchanging a pre-shared key for WireGuard. The algorithms currently used are Classic McEliece and ML-KEM.

With this new app release we switched to the NIST standard ML-KEM from the earlier Kyber standard, but this is essentially a minor revision of that standard.

Windows users can check Settings > VPN settings > WireGuard settings > Quantum-resistant tunnel to configure the feature. It should be enabled on Windows by default, provided that the latest VPN client update has been installed already.

Mullvad VPN should highlight the use of the feature with a quantum-resistance feature indicator.

Closing Words

Mullvad continues to improve the security of its VPN. The latest addition should future-proof connections of customers against potential quantum-computer-based attacks.

Now it is your turn. Do you use a VPN? If so, which and why that one? Feel free to leave a comment down below.