The Tor Project and Mullvad VPN have both announced collaboration on a privacy-oriented web browser. The joint browser, which is based on Firefox, has the features of the Tor Browser but operates over the Mullvad Virtual Private Network rather than Tor's onion routers. The collaboration has helped polish interface improvements and address several long standing issues.
Mullvad and the Tor Project have been part of the same community that is dedicated to developing technology that prioritizes protecting people's right to privacy for many years now. Mullvad contributes to the Tor Project at the highest level of membership, Shallot, and were a founding member of the Tor Project's Membership Program. They approached us to help them develop their browser because they wanted to leverage our expertise to create a product that is built on the same principles and with similar safety levels as the Tor Browser -- but that works independently of the Tor network. The result is the Mullvad Browser, a free, privacy-preserving web browser to challenge the all-too-prevalent business model of exploiting people's data for profit.
and
"The mass surveillance of today is absurd. Both from commercial actors like big tech companies and from governments," says Jan Jonsson, CEO at Mullvad VPN. "We want to free the internet from mass surveillance and a VPN alone is not enough to achieve privacy. From our perspective there has been a gap in the market for those who want to run a privacy-focused browser as good as the Tor Project's but with a VPN instead of the Tor Network."
Mullvad has been an active member of the Tor project for years.
Oh, and one more thing, speaking of VPNs, buried in the actual text of Senate Bill S.686 - RESTRICT Act 118th Congress (2023-2024), hidden behind rhetoric about ByteDance and Tiktok is a ban on VPN usage.
Previously:
(2023) The 'Insanely Broad' RESTRICT Act Could Ban VPNs in the USA
(2022) Are Virtual Private Networks Actually Private?
(2022) VPN Providers Remove Servers From India in Wake of New Data Collection Laws
(2022) Tor Project Upgrades Network Speed Performance with New System
(2014) VPN Providers Response to Heartbleed
« Seattle Becomes First U.S. City to Permanently Require Sick Leave for Delivery and App-based Workers | German Police Raid DDoS-Friendly Host ‘FlyHosting’ »
Related Stories
From TorrentFreak:
VPN services operate in an industry that has security and trust as its hallmarks. So when a major security threat such as Heartbleed is revealed, they should be among the first to address the issue. TorrentFreak reached out to several popular VPN services to find out how they responded to Heartbleed.
The VPN providers who responded to TorrentFreak are Private Internet Access, TorGuard, IPredator, Mullvad, VikingVPN, IVPN, TigerVPN, blackVPN, Anonymizer, BolehVPN, NordVPN, proxy.sh, HideIPVPN, SlickVPN, OctaneVPN, IPVanish, LiquidVPN, AirVPN, VPN.S, VPN.ac, Unspyable, Seed4.Me, and VyprVPN.
Tor project upgrades network speed performance with new system
The Tor Project has implemented three new algorithms in the latest protocol version (0.4.7.7) to address network congestion and increase browser speeds. The new system, called Congestion Control, promises to eliminate speed limits on the network. The algorithms are designed to minimize packet loss (Tor-Westwood), estimate queue lengths (Tor-Vegas), and estimating bandwidth delays (Tor-NOLA).
Congestion Control "will result in significant performance improvements in Tor, as well as increased utilization of our network capacity," say the maintainers of the project.
[...] . However, for the entire community to benefit from the improvements, exit relay operators will have to upgrade to 0.4.7 of the Tor protocol.
"[...] Because our network is roughly 25% utilized, we expect that throughput may be very high for the first few users who use 0.4.7 on fast circuits with fast 0.4.7 Exits until the point where most clients have upgraded. At that point, a new equilibrium will be reached in terms of throughput and network utilization."
"For this reason, we are holding back on releasing a Tor Browser Stable with congestion control until enough Exits have upgraded to make the experience more uniform. We hope this will happen by May 31st" - the Tor Project
VPN Providers Remove Servers From India In Wake Of New Data Collection Laws:
VPN providers remain a primary target of governments around the world (authoritarian leaning and otherwise) that don't much like their citizens chatting privately or avoiding government surveillance. We watched it happen in Russia, where strict new data collection and retention rules resulted in a mass exodus of VPN providers (the ones that are actually dedicated to privacy and security, anyway).
VPN crackdowns are also occurring in purported democracies like India, after the government passed new cybersecurity rules requiring that VPN operators collect user names, email addresses and IP addresses, store it for five years, and furnish it to authorities on demand.
Since that defeats a major justification for even using a VPN and creates obvious legal headaches, VPN providers have been pulling their servers out of India over the last few months. This week they were joined by Proton VPN, which also says it's moving their India-based servers out of the country. They are, however, using smart routing servers to dole out Indian IP addresses:
VPNs do not provide the security properties people expect:
"VPNs were originally designed to get into a secure network, but companies have repurposed them so you can escape a restrictive internet service provider you don't trust and access a free and safe one instead," Crandall says. "So, the way people use VPNs today is kind of backwards."
Crandall notes this access is helpful when users are worried about their browsing data being monitored though their internet service provider, or ISP, or when users are in a country that censors their internet activity.
[...] "We're really just asking the fundamental questions like, 'When you repurpose VPNs in this way, do they actually have the security properties that people expect?'" he says, reiterating his work's focus on at-risk users who face severe consequences from censorship and surveillance policies. "The first part of the research that we did was looking at the VPN tunnel itself, which is an encrypted tunnel between the VPN server and the client, to see what kind of damage attackers can do from there."
[...] The team concluded that traffic can still be attacked from the tunnel in the same ways as if VPN were not being used, with attackers able to redirect connections and serve malware, which is what users believe VPN protects them from.
[...] "For people around the world, there can be a lot at stake when VPN providers market with false claims about their services. Our research exposed how VPN-based services, including the ones marketing their VPN service as 'invisible' and 'unblockable,' can be effectively blocked with little collateral damage," says Ensafi, an assistant professor of electrical engineering and computer science. [...]
"As VPNs continue experiencing increased usage, repressive countries have developed some of the most sophisticated censorship and surveillance technology in response," Mixon-Baca says. "This work is crucial to make progress toward understanding how these systems operate and developing defenses for attacks on the users who depend on VPNs."
USENIX presentation slides as well as a ten-minute video of the talk
https://www.vice.com/en/article/4a3ddb/restrict-act-insanely-broad-ban-tiktok-vpns
[...] The bill could have implications not just for social networks, but potentially security tools such as virtual private networks (VPNs) that consumers use to encrypt and route their traffic, one said. Although the intention of the bill is to target apps or services that pose a threat to national security, these critics worry it may have much wider implications for the First Amendment.
"The RESTRICT Act is a concerning distraction with insanely broad language that raises serious human and civil rights concerns," Willmary Escoto, U.S. policy analyst for digital rights organization Access Now told Motherboard in an emailed statement. [...]
[...] Under the RESTRICT Act, the Department of Commerce would identify information and communications technology products that a foreign adversary has any interest in, or poses an unacceptable risk to national security, the announcement reads. The bill only applies to technology linked to a "foreign adversary." Those countries include China (as well as Hong Kong); Cuba; Iran; North Korea; Russia, and Venezuela.
The bill's language includes vague terms such as "desktop applications," "mobile applications," "gaming applications," "payment applications," and "web-based applications." It also targets applicable software that has more than 1 million users in the U.S.
"The RESTRICT Act could lead to apps and other ICT services with connections to certain foreign countries being banned in the United States. Any bill that would allow the US government to ban an online service that facilitates Americans' speech raises serious First Amendment concerns," Caitlin Vogus, deputy director of the Center for Democracy & Technology's Free Expression Project, told Motherboard in an emailed statement. "In addition, while bills like the RESTRICT Act may be motivated by legitimate privacy concerns, banning ICT services with connections to foreign countries would not necessarily help protect Americans' privacy. Those countries may still obtain data through other means, like by purchasing it from private data brokers." [...]
(Score: 2, Disagree) by Mojibake Tengu on Wednesday April 05, @01:39PM (2 children)
I'd rather expect Mullvad VPN Browser could make use of blockchain and AI more creatively... Um, forget that joke.
Seriously, extremely small Tor population and infrastructure on IPv6 makes Tor very poor opsec on both dual and v6only networks. In small thousands on v6, everyone is just prey observable and identifiable from outside by temporal metadata.
For compare, without even touching a concept of mass TikTok, a typical single Chinese game has dozens of millions players worldwide (Genshin Impact, January 2023: 65,521,480 active players, that means daily, about 8,500,000 concurrent players).
I wish Tor having similar metric on some of its funny Applications, be it a browser or messaging or whatever but that will never happen.
Conclusively, with current level of public (non)acceptance Tor is near to useless.
The edge of 太玄 cannot be defined, for it is beyond every aspect of design
(Score: 1, Interesting) by Anonymous Coward on Wednesday April 05, @02:02PM (1 child)
If you had actually read the summary before spewing your usual shit, you'd see that there's no Tor integration in the Mullvad browser.
(Score: 0) by Anonymous Coward on Thursday April 06, @02:33AM