For people wondering how the hell a user can audit the server is diskless or whatever, the goal appears to be using TPM to provide remote attestation for all code in the boot path. See <a href="https://www.system-transparency.org/" rel="nofollow">https://www.system-transparency.org/</a>.
I've been following Mullvad for a long time and my impression (from countless reviews and comments here on HN) has been quite positive. But here's what I don't understand: Why are the servers located in Sweden, a country that's known for online surveillance[0] like no other country in the EU? From the Wikipedia article[1]:<p>> The law permits the signals intelligence agency, National Defense Radio Establishment, to monitor the content of all cross-border cable-based Internet traffic to combat "external threats" such as terrorism and organized crime.<p>[0]: <a href="https://www.opendemocracy.net/en/can-europe-make-it/didier-bigo-sergio-carrera-nicholas-hernanz-julien-jeandesboz-joanna-parkin-fra-1/" rel="nofollow">https://www.opendemocracy.net/en/can-europe-make-it/didier-b...</a><p>[1]: <a href="https://en.wikipedia.org/wiki/Internet_in_Sweden#Internet_censorship_and_surveillance" rel="nofollow">https://en.wikipedia.org/wiki/Internet_in_Sweden#Internet_ce...</a>
A bit tangential to the main post, but I'd to share a recent positive experience with Mullvad:<p>I am a regular user of Mullvad and recently wanted to try a different VPN, that only provides Wireguard configs (i.e. no native app). I used the default setup.<p>For some reason, my internet connection was flaky, and when it disconnected and reconnected, my traffic leaked.<p>That never happened to me with Mullvad as the app comes with an "Always require VPN" option out of the box and it has always worked reliably.
I love the concept and I even wrote a blog post about how to set up a fully pxe bootable server environment using Alpine Linux [1] (which by default boots from RAM) in 2019. I still use it and it's one of those things that makes recovery or testing so much faster because I don't even need a usb thumb drive<p>[1] <a href="https://blog.haschek.at/2019/build-your-own-datacenter-with-pxe-and-alpine.html" rel="nofollow">https://blog.haschek.at/2019/build-your-own-datacenter-with-...</a>
This is awesome, glad that Mullvad is heading in this direction.<p>For reference, ExpressVPN (which has been audited by PwC) introduced this in 2019 [1].<p>Unfortunately, ever since ExpressVPN was purchased by Kape Technologies (they also own PIA, Cyberghost, Zenmate all of which do not have reliable histories); Mulvad has been the clear choice for a while now. They're also the backend for Mozilla VPN (mozilla just whitelabels from Mulvad [3])<p><pre><code> [1] https://www.expressvpn.com/blog/introducing-trustedserver/
[2] https://www.expressvpn.com/blog/pwc-audits-expressvpn-servers-to-confirm-essential-privacy-protections/
[3] https://news.ycombinator.com/item?id=26646510</code></pre>
Some information that could be of interest to those running VPN servers.<p>I live in Kazakhstan and recently our government decided to shut down the Internet. But apparently there were ways to get out: they did not filter two TCP ports. My guess it was some "backdoor" put by employees who had to obey the orders but wanted to provide people some way to get around those blocks. Those ports were used to run VPN software. I used Outline VPN on my VPS and it allowed me and my friends to have a working Internet.<p>TLDR: allow specifying port and protocol (TCP/UDP) as some kind of advanced option for those users who need it for some reason.<p>Right now we've got Internet back and it works fine, but who knows when our government will decide to shut it down again.<p>PS mullvad.net website apparently is blocked in Kazakhstan as well. I know that they block popular VPN provider websites, so that should not come as a surprise, but still. I have no idea whether actual VPN subnets are blocked or not.
> If the computer is powered off, moved or confiscated, there is no data to retrieve.<p>Don't forget to add insta-shutdown when any USB device is connected to the system!
The VPN provider I use have had diskless systems for years. Is this the same thing?<p><a href="https://www.ovpn.com/en/blog/improvement-of-the-physical-security" rel="nofollow">https://www.ovpn.com/en/blog/improvement-of-the-physical-sec...</a>
It's a trade-off. If you have no disk, the disk can't fail, but the network can, and the remote PXE server can, and the remote SAN can. You can get into a state where you have to pray no servers reboot. Intermittent errors can be real annoying when it makes provisioning fail. (used to work a server farm that'd do server rebuilds over PXE, and ran a few diskless cluster projects)<p>An alternative is you use a RAID array and mount your disks in read-only mode, or use physically read-only disks and when you have to replace a disk, you pre-mirror the replacement disk. In this way the local disks can be replaced as they fail and there's never a point when the server is at risk of not being able to boot.<p>......or they could boot from CDROM :)
This is hardly a new thing in VPN providers though. I know that perfect privacy[1] and azire vpn[2] both advertise this feature already.<p>[1]<a href="https://www.perfect-privacy.com/en/features/without-logs" rel="nofollow">https://www.perfect-privacy.com/en/features/without-logs</a>
[2]<a href="https://www.azirevpn.com/docs/environment" rel="nofollow">https://www.azirevpn.com/docs/environment</a>
<a href="https://archive.is/HbjIQ" rel="nofollow">https://archive.is/HbjIQ</a><p>(it was blocked for me because it's a VPN service provider)
The server configuration (and therefore customers account numbers) is stored in Server OS images I suppose, right ? It shouldn't be an issue as far as inspection is concerned, should it ?<p>Also, isn't there a law that enforces logs to be kept for n years ? How is it compatible with diskless setup ?
Isn't this the same as just running a boot cd or PXE server and running all the data out of RAM drives? I mean we've been doing this for years on linux as hobbyists haven't we? Or does this bring somethign new to the table?
Pretty similar to the default (diskless) mode in Alpine, though it lacks the tooling to verify persisted data and the sources apkvols can be applied from at boot aren't that well documented.