From Mullvad
Once again mullvad proving they are the only good VPN
Hey they did support it until they were getting difficult legal contacts because some users were abusing it, and getting turned away by different hosting providers.
They shut it down to protect the rest of us who use it without abusing it.
https://mullvad.net/en/blog/removing-the-support-for-forwarded-ports
Unfortunately port forwarding also allows avenues for abuse, which in some cases can result in a far worse experience for the majority of our users. Regrettably individuals have frequently used this feature to host undesirable content and malicious services from ports that are forwarded from our VPN servers. This has led to law enforcement contacting us, our IPs getting blacklisted, and hosting providers cancelling us.
The result is that it affects the majority of our users negatively, because they cannot use our service without having services being blocked.
I know the port forwarding thing can be a deal-breaker for some people, but it’s not Mullvad’s fault that they needed to remove this to be able to continue providing quality services for the rest of their customer base.
This is sadly one of those “this is why we can’t have nice things” type deals because when enough people abuse it, it becomes a problem. I have no ill will towards Mullvad for taking it away when it became financially and legally foolish to continue doing so.
How are other VPN services able to do port forwarding without having this problem?
Agreed!
They have a great “Why privacy matters” guide I keep sending to people;
It will all end with us back on dialup speeds once the counter-DAITA throughput machine learning de-obfuscation analysis of defense against AI guided traffic analysis of proxy anomised packets starts. I think I might just read a book.
Imagine a future where you and your VPN connection maintain 10mbps of constant, uniform traffic at all times. That solves the problem too, if the noise is aways high, you can’t see the signal
You can always see the signal in the noise, that is the point of the signal and therein lies the rub.
Sure, but one of the benchmarks of a good cryptographic algorithm is to reduce the amount of meta information you can get from a random sampling. Most of the timing attacks are looking for traffic activity to pattern match ultimate source and receiver. If the encrypted tunnel is always exactly 10mbps of cryptographic traffic, then it would be much harder to identify
Let’s give credit where it’s due: https://github.com/maybenot-io/maybenot
The Maybenot Framework (FOSS) is how Mulvad pulls this off, and if you run your own VPN you can use this too! Mulvad is a contributor (and funder), so good on them.
Edit: for those interested, Mulvad’s client is a fork of Wireguard with Maybenot incorporated as a submodule. Cool stuff: https://github.com/mullvad/wireguard-go
Seems like it will cost Mullvad more for bandwidth. Great feature overall, very similar to Monero’s Dandelion++
If Mullvad only allowed port forwarding…
