From 651fc16b66cc5bcf402c2b0d78f2f97ca4663f5d Mon Sep 17 00:00:00 2001 From: Jonah Aragon Date: Mon, 22 Feb 2021 10:45:52 -0600 Subject: [PATCH] Add recent Mullvad infrastructure audit https: //github.com/privacytools/privacytools.io/pull/2199 Co-Authored-By: Minimalist <51658826+minimalist73@users.noreply.github.com> --- _includes/legacy/sections/vpn.html | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/_includes/legacy/sections/vpn.html b/_includes/legacy/sections/vpn.html index b07876ff..e26b1623 100644 --- a/_includes/legacy/sections/vpn.html +++ b/_includes/legacy/sections/vpn.html @@ -28,9 +28,13 @@
{% include badge.html color="success" text="Independently Audited" %}

Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report published at cure53.de. The security researchers concluded:

-

...Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint.

+

Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint.

-

In 2020 a second audit was announced and the final audit report was made available on Cure53's website.

+

In 2020 a second audit was announced and the final audit report was made available on Cure53's website:

+
+

The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks.

+
+

In 2021 an infrastructure audit was announced and the final audit report was made available on Cure53's website.

{% include badge.html color="success" text="Open Source Clients" %}

Mullvad provides the source code for their desktop and mobile clients in their GitHub organization.

{% include badge.html color="success" text="Accepts Bitcoin" %}
@@ -42,7 +46,7 @@
{% include badge.html color="success" text="Remote Port Forwarding" %}

Remote port forwarding is allowed on Mullvad, see Port forwarding with Mullvad VPN.

{% include badge.html color="success" text="Mobile Clients" %}
-

Mullvad has published App Store and Google Play clients, both supporting an easy-to use interface as opposed to requiring users to manual configure their WireGuard connections. The mobile client on Android is also available in F-Droid, which ensures that it is compiled with reproducible builds.

+

Mullvad has published App Store and Google Play clients, both supporting an easy-to use interface as opposed to requiring users to manual configure their WireGuard connections. The mobile client on Android is also available in F-Droid, which ensures that it is compiled with reproducible builds.

{% include badge.html color="info" text="Extra Functionality" %}

The Mullvad VPN clients have a built-in killswitch to block internet connections outside of the VPN. They also are able to automatically start on boot. The Mullvad website is also accessible via Tor at xcln5hkbriyklr6n.onion.