Not just that, nsa can observe enough of the whole intrnet traffic and do deep packet inspection.
Afaik tor does explicitly not protect against such an observer in their threat model.
There is no DPI on Tor networks. Traffic analysis for de-anonymization for Tor works by knowing all the variables in the system and solving it, not by looking at any content of the packets themselves.
The last time something like that was possible at all in Tor it broke it entirely and destroyed the anonymization. The bug involved a vulnerability in the way Tor handled the traffic confirmation attack on Onion Services. This attack allowed malicious relays to embed uniquely identifiable information into Tor cells (the packets used in the Tor network).
That's not deep packet inspection, just FYI. Timing and traffic correlation attacks never get any access to the packet information and piggy back on existing network weaknesses (correlating IP addresses based on timing metadata)
Yeah, but there's no need of "knowing all the variables in the system" and there's no "last time something like that was possible", it's always been possible.
And you get the "packet information" out of the exit nodes...
DPI usually refers to actually poking around the contents of the packets, which in TOR are (hopefully) minimally informative. With timing attacks you just keep track of the volume.
Apple's Private Cloud Compute seems to be conceptually equivalent with System Transparency - an open-source software project my colleagues and I started six years ago.
I'm very much looking forward to more technical details. Should anyone at Apple see this, please feel free to reach out to me at stromberg@mullvad.net. I'd be more than happy to discuss our design, your design, and/or give you feedback.
Confidential Compute involves technologies such as SGX and SEV, and for which I think Asylo is an abstraction for (not sure), where the operator (eg Azure) cannot _hardware intercept_ data. The description of what Apple is doing "just" uses their existing code signing and secure boot mechanisms to ensure that everything from the boot firmware (the computers that start before the actual computer starts) to the application, is what you intended it to be. Once it lands in the PCC node it is inspectable though.
Confidential Compute goes a step further to ensure that the operator cannot observe the data being operated on, thus also defeating shared workloads that exploit speculative barriers, and hardware bus intercept devices.
Confidential Compute also allows attestation of the software being run, something Apple is not providing here. EDIT: looks like they do have attestation, however it's different to how SEV etc attestation works. The client still has to trust that the private key isn't leaked, so this is dependent on other infrastructure working correctly. It also depends on the client getting a correct public key. There's no description of how the client attests that.
Interesting that they go through all this effort just for (let's be honest) AI marketing. All your data in the past (location, photos, contacts, safari history) is just as sensitive and deserving of such protection. But apparently PCC will apply only to AI inference workloads. Siri was already and continues to be a kind of cloud AI.
Apple's secure enclave docs also mention memory encryption. The PCC blogpost mentions that the server hardware is built on secure enclaves. And since they are claiming that even Apple can't access it, I am currently assuming that there will be memory encryption happening on the servers. At which point you have have the main ingredients of CC: memory encryption & remote attestation.
EDIT: and they mention SGX and Nitro. Other CC technologies :)
> Apple's secure enclave docs also mention memory encryption.
Yes, but that's only within the enclave. Every Mac hardware since T2 has had that, and we don't consider them strong enough to meet the CC bar.
As an example of the difference, CC is designed so that a compromised hypervisor cannot inspect your guest workload. Whereas in Apple's design, they attempt to prove that the hypervisor isn't compromised. Now imagine there's a bug ...
(Not that SGX hasn't had exploitable hardware flaws, but there is a difference here.)
This was my take from the presentation as well, immediately thought of your feature. Will be interesting to hear your take on it once the details have been made available and fully understood.
Yeah it seems so, though most of these systems (e.g. Intel SGX, AMD SEV, NVIDIAs new tech) use the same basic building blocks (Apple itself isn't member of the confidential computing consortium but ARM is), for me it's the quality of the overall implementation and system that sets this apart. I'm also quite bullish about trusted computing, seems it gains significant momentum. I would like some technologies to be more open and e.g. allow you to control the whole stack and install your own root certificates / keys on a hardware platform, but even so I think it can provide many benefits. With Apple pushing this further into the mainstream I expect to see more adoption.
> I'm just interested in how it all works under the hood.
Learn everything there is to learn about the Tillitis TKey. It's the most open-source software and hardware USB security token there is. It is FPGA-based, and contains a tiny RISC-V core.
A VPN is not enough for privacy. But in combination with a privacy-focused browser, you make sure to block third-party cookies and other tracking technologies used by the data collectors.
The paragraph above is clearly visible on our landing page. We don't want people using our service for things it's not designed for.
The paragraph below is also a direct quote from our website.
"When you visit a website, you can be identified and tracked through your IP address, third-party cookies, all kinds of tracking scripts, and through so called browser fingerprints. That’s why masking your IP address is not enough to stop the data collection. However, by using a trustworthy VPN in combination with a privacy-focused browser, you can put up a better resistance against the mass surveillance of today. That's why we partnered with the Tor Project to develop Mullvad Browser – a browser designed to minimize tracking and fingerprints."
> Some of the ads also felt deceptive making it seem like it will prevent all your online tracking, even though we know that’s not the case.
I'm sorry to hear that. For what it's worth our marketing colleagues make a big effort to minimize the risk of such interpretations. Sometimes a really snappy string of words can be interpreted multiple ways. There's also only so many words we can put on an ad before it gets messy. We do try hard to make the nuances clear on our website, which ultimately is where any new users will have to go in order to buy the service.
I’m a big fan of your service, but I agree with GP. I rode the subway yesterday and saw a Mullvad ad that strongly implied that a VPN is adequate protection against data brokers and data collection on websites.
It certainly wasn’t the most egregious VPN ad I’ve ever seen, but it was disappointing to see Mullvad imply privacy properties for VPNs knowing that ordinary people don’t understand cookies, sessions, fingerprinting, or JavaScript.
> feel free to describe to HN how Mulvad protects users against ad networks.
A VPN is not enough for privacy. But in combination with a privacy-focused browser, you make sure to block third-party cookies and other tracking technologies used by the data collectors.
That's why we partnered with the Tor Project to develop Mullvad Browser – a browser designed to minimize tracking and fingerprints.
Please also note that this information is clearly displayed on our landing page. We don't want people using our service for things it's not designed for.
ah, now i understand. your earlier comment very much read like you were accusing kfreds personally of making such a statement about ad networks. but you meant to say one (or more) of the ads you've seen yourself appears to makes such a claim. thanks for clarifying.
Thank you for noticing! System Transparency is taking way longer to figure out, design and build than I expected. On the other hand the project is quite ambitious, and our work on ST has sprouted two additional OSS projects:
> VPNs are pretty far out in the "just trust me bro" realm of handing over all your browsing habits with no ability to check their real behavior.
Yes. It is quite an interesting situation, really. It's also a fun challenge! To what extent can we prove that we are trustworthy, and using what tools? Do those tools exist or do we have to invent them?
You'd have to invent this one at least, as it currently doesn't exist. As the DNS server operator, you can view all my DNS queries. In a zero-trust environment where I don't trust you not to log all user queries and forwards them to the NSA, you'd need to use homomorphic encryption and create a DNS client and server than can do a lookup, without you, the DNS server operator, from finding out what the DNS lookup was of.
https://github.com/menonsamir/spiral-rs claims to have implemented this at a level that's practical for real world applications, with a demo for a wikipedia server, but it's far too slow, as demoed, for use as DNS server.
Now, the fact of the matter is that you can map my account ID back to the IP I'm connecting from, but with very limited way to map from my IP to my identity protects that in many ways, but data-mining at scale, knowing how many users connecting to one proxy server from city X, would be worth something to advertising and related companies who are more interested in large habits of users. If it turns out no one uses the pirate bay anymore, but use torrent site XYZ, I know where I'd place my advertising dollars for, say, a VPN product.
This is on the extreme end, but you asked for a fun challenge! :)
I should've been more clear. The questions I posed above are rhetorical. I've spent well over half a decade obsessing over them. See my mention of System Transparency, Sigsum and Tillitis elsewhere in this thread.
Thank you for your hard work. You've spent way more time on the problem than I. Didn't realize it was rhetorical! Mostly I wanna see homophobic encryption happen in practice. :p
tbh I don't think they exist. And I'm, like, half okay with that - it's entirely justified paranoia, bad actors of all skill levels undeniably exist and they hide successfully for many years, but I do believe good actors exist. It's why I chose mullvad.
At best you have stuff like attestation... but we all know those have a long history of being flawed and are subject to loads of side channels that can't be attested against. Plus VPNs are such a honeypot in every conceivable way that TONS of state-actor-level efforts are entirely reasonable, and that could easily include cheating on basically all attestation systems imaginable. We're just kinda stuck trusting history and lack of public leaks / correlated actions / whistleblowers IMO.
Or, frankly, the Mozilla partnering counts for a lot to me. I won't use their setup because it doesn't have non-vpn-app options, but they're a group I mostly trust to have people's safety at heart.
Personally, stuff like Tor (where by construction you only need to touch a couple good actors to be reasonably secure, and anyone can contribute) is about the only mostly-actually-trustworthy kind of system. You can expect malicious actors to participate there, and still have a reasonable level of privacy, particularly if you check a few personally (which is feasible because anyone can contribute). Tor and similar have plenty of issues, but structurally they're much more sound by design than any centralized VPN can ever be. Now if only they were even a tiny fraction as usable...
1. We launched Mullvad 15 years ago. During those 15 years people's interest and awareness of online security and privacy has grown considerably, as has the consumer VPN market.
2. Our strategy is quite different from most of our competitors'. As a result we've grown slower than several of them, but we have nevertheless continued to grow year after year.
3. The costs of the campaign are perhaps lower than you assume.
tl;dr We've slowly grown over many years and are now making enough money to plaster privacy propaganda over your city. Hopefully it's an interesting change from the usual bus ads. Enjoy!
I'm sorry you feel that way, but I can relate. I initially had mixed feelings about it as well.
On the other hand the campaign we did in Stockholm last year worked out quite well. It managed to affect both domestic and EU legislative discussions at the time. Or at least our campaign contributed to moving the discussion in the right direction.
How much is that worth? I'm not sure, but the reason we started Mullvad in the first place was to conduct political action through entrepreneurship, specifically regarding mass surveillance and censorship.
If nothing else it seems to amuse a lot of people, including me and my colleagues. When I first heard of the idea of plastering privacy propaganda all over some major U.S. cities my initial reaction was more or less "lol, we can just do that?". As it turns out we can. :)
Thank you for sharing that! I am definitely part of the HN group think that tends to be irked by mass marketing- mainly because of baggage from the past of false advertising. However, I do agree that getting the non-IT geek's attention is what would actually move the needle for political action. I was amused (mostly surprised) to see a billboard while driving down the 110 in LA. More importantly, it led to a cool discussion with my non-tech wife who now appreciates your guys' brand more. :)
As frustrating as it is, even great products don't sell themselves. I find much, if not most marketing for subscription-based services pretty scummy, but it's not like it has to be, and I'd much rather see physical ads than how most stuff gets surreptitiously slipped into my surveillance-capitalism-sponsored life.
Since there's no existing compendium, maybe a social media contest for people submitting photos of anonymized objects (e.g. in a box), books (hardback with custom cover), humans (costume/mask/etc) with Mullvad ads / billboard in the background. Crowdsource field reporting and motivate discussion about metadata in online and offline privacy.
Okay, this comment was the comment that got me sold on Mullvad. I was looking for a VPN I liked anyway and if you also use your business entity to help drive legislation toward a more privacy focused end, I'm in.
For me, (one of) the moments was when there figured out how to do remote attestation of the server to check that what it was running was what you expected, so you could check its privacy yourself.
Rather a neat subversion of the common corporate use of remote attestation, to preserve user privacy and security rather than curtail it.
Thank you! You are of course referring to System Transparency. I feel obligated to point out that we have yet to fully implement that idea. I've been working on it, and the related projects Sigsum and Tillitis, for the past six years. There have been lots of detours, but we are making progress towards the vision outlined in the blog post I wrote in 2019: https://mullvad.net/en/blog/system-transparency-future
Two years ago we moved the OSS projects System Transparency and Sigsum to its own organization: Glasklar Teknik AB (glasklarteknik.se).
The OSS and OSHW project TKey was moved to Mullvad's other sister company Tillitis AB (tillitis.se)
Thank you for the service that you and the rest of the team provide. I've found it to be excellent, and you're one of only a very slim number of transparent VPN providers who seem to be in it for the right reasons.
How did you measure the effectiveness of physical ads to issues and other key metrics? I’m just curious what it takes to measure those as it’s always been mysterious to me. It seems like it needs to include a coupon code or something? Also interesting re: legislation. How so?
To my knowledge we don't measure it, at least not in the way I think you mean.
I can't speak for my marketing colleagues but I would assume they reason about it. It seems like a complex system to me, which means the approach kind of has to be (1) forming an understanding of the system and (2) deciding whether one is comfortable with the uncertainty.
One aspect that makes the cost/benefit assessment quite a bit easier is that we don't only care about how many new paying customers we get. It's also fun to do this kind of advertisement. How many interesting conversations about privacy have been had as a result of people seeing our billboards? That's worth something too.
thank you for offering up in this forum at least your own personal contributions to your organization's position on its advertising campaigns. not sure if any official statements on the matter have been made elsewhere, but you've assuaged at least my own slight concern about it with this one. truly. (and by 'truly' i mean i've been meaning to stuff some cash in an envelope addressed to you guys!)
Would you be willing to clarify what you mean by that?
To start with, are you saying that Tor is wide open to traffic analysis
(1) by anyone,
(2) by powerful attackers such as the NSA, or
(3) by the NSA specifically?