I don’t consider mullvad multihop as a major security feature, but is a massive convenience feature. If you’re running the mullvad browser extension, or their mullvad browser you can just change the location of your browser without reconfiguring the VPN. Using their proxy network. Very convenient.
If you want to get really fancy you could do something with layered network name spaces, having each one use a different proxy forward to get multiple hops through one VPN connection.
The core flaw of multihop, is that your VPN provider can see all of it. So if they’re compromised, multi-hops not doing you any good.
But if you use something like qubes and you log into a VPN with account a, then you log into a different VPN with account b, then you log into VPN one again with account c : it’s going to be problematic to identify your entire path. People would have to be measuring every packet going in and out. Which is unlikely.
But this depends on your threat model, if you’re adversary has the resources to monitor all network links (national intelligence agencies) then this is very insufficient. You would have to ensure your first hop also doesn’t identify you, login for brief Windows, don’t send a lot of data for God’s sakes don’t stream video. For the vast majority of what people care about this is not an issue.
Safing is really interesting, it’s an onion network, but you can configure each application to have its own independent path. So instead of a normal VPN we’re all traffic has the same route. This would make identification much more difficult, let’s suppose you accidentally started up discord while attached to your safing session, it wouldn’t give away your identity for all your other applications cuz they would have different paths. It’s interesting. I recommend you look at it. https://safing.io/spn/
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !privacyguides@lemmy.one
In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.
This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.
You can subscribe to this community from any Kbin or Lemmy instance:
Check out our website at privacyguides.org before asking your questions here. We’ve tried answering the common questions and recommendations there!
Want to get involved? The website is open-source on GitHub, and your help would be appreciated!
This community is the “official” Privacy Guides community on Lemmy, which can be verified here. Other “Privacy Guides” communities on other Lemmy servers are not moderated by this team or associated with the website.
Moderation Rules:
We prefer posting about open-source software whenever possible.
No soliciting engagement: Don’t ask for upvotes, follows, etc.
Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
Be civil, no violence, hate speech. Assume people here are posting in good faith.
Don’t repost topics which have already been covered here.
News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
No help vampires: This is not a tech support subreddit, don’t abuse our community’s willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
No misinformation: Extraordinary claims must be matched with evidence.
Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.
You forgot to mention qubes :)
I don’t consider mullvad multihop as a major security feature, but is a massive convenience feature. If you’re running the mullvad browser extension, or their mullvad browser you can just change the location of your browser without reconfiguring the VPN. Using their proxy network. Very convenient.
If you want to get really fancy you could do something with layered network name spaces, having each one use a different proxy forward to get multiple hops through one VPN connection.
The core flaw of multihop, is that your VPN provider can see all of it. So if they’re compromised, multi-hops not doing you any good.
But if you use something like qubes and you log into a VPN with account a, then you log into a different VPN with account b, then you log into VPN one again with account c : it’s going to be problematic to identify your entire path. People would have to be measuring every packet going in and out. Which is unlikely.
But this depends on your threat model, if you’re adversary has the resources to monitor all network links (national intelligence agencies) then this is very insufficient. You would have to ensure your first hop also doesn’t identify you, login for brief Windows, don’t send a lot of data for God’s sakes don’t stream video. For the vast majority of what people care about this is not an issue.
Safing is really interesting, it’s an onion network, but you can configure each application to have its own independent path. So instead of a normal VPN we’re all traffic has the same route. This would make identification much more difficult, let’s suppose you accidentally started up discord while attached to your safing session, it wouldn’t give away your identity for all your other applications cuz they would have different paths. It’s interesting. I recommend you look at it. https://safing.io/spn/