The inner circle so to speak

  • Rayspekt@kbin.social
    link
    fedilink
    arrow-up
    11
    arrow-down
    1
    ·
    1 year ago

    Hell, Mullvad was abused to the point they removed access to Port Forwarding on their VPN service, which has led to many people needing to switch to crummier, shadier VPNs that still offer port forwarding access.

    Could you explain what happened?

    • Hot Saucerman@lemmy.ml
      link
      fedilink
      English
      arrow-up
      29
      arrow-down
      2
      ·
      1 year ago

      As clear as I can make it out, it seems like it was related to a search warrant that was executed on Mullvad.

      https://mullvad.net/en/blog/2023/4/20/mullvad-vpn-was-subject-to-a-search-warrant-customer-data-not-compromised/

      Because just a little over a month after the news of the failed raid, there was news of them removing port forwarding.

      https://mullvad.net/en/blog/2023/5/29/removing-the-support-for-forwarded-ports/

      Emphasis mine.

      Unfortunately port forwarding also allows avenues for abuse, which in some cases can result in a far worse experience for the majority of our users. Regrettably individuals have frequently used this feature to host undesirable content and malicious services from ports that are forwarded from our VPN servers. This has led to law enforcement contacting us, our IPs getting blacklisted, and hosting providers cancelling us.

      The result is that it affects the majority of our users negatively, because they cannot use our service without having services being blocked.

      The abuse vector of port forwarding has caught up with us, and today we announce the discontinuation of support for port forwarding. This means that if you are a user of forwarded ports, you will not be able to add or modify the ports you have in use.

    • apt_install_coffee@lemmy.ml
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      They made a smart call that has probably increased the long term privacy of their users.

      People were using port forwarding to host illegal shit, and governments were getting pissed off about it. Mullvad has been able to prove in court that they don’t keep logs, but that’s not a perfect deterrent; a properly motivated government, perhaps if somebody is using Mullvad to host CSAM, might attempt to legally force Mullvad to put logging in and add anti-canary clauses.

      Preventing port forwarding keeps customers as consumers rather than hosters, and avoids this issue.