Add recent Mullvad infrastructure audit

https: //github.com/privacytools/privacytools.io/pull/2199
Co-Authored-By: Minimalist <51658826+minimalist73@users.noreply.github.com>
This commit is contained in:
Jonah Aragon 2021-02-22 10:45:52 -06:00
parent 6194c10429
commit 651fc16b66
No known key found for this signature in database
GPG Key ID: 6A957C9A9A9429F7

View File

@ -28,9 +28,13 @@
<h5>{% include badge.html color="success" text="Independently Audited" %}</h5> <h5>{% include badge.html color="success" text="Independently Audited" %}</h5>
<p>Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report <a href="https://cure53.de/pentest-report_mullvad_v2.pdf">published at cure53.de</a>. The security researchers concluded:</p> <p>Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report <a href="https://cure53.de/pentest-report_mullvad_v2.pdf">published at cure53.de</a>. The security researchers concluded:</p>
<blockquote class="blockquote"> <blockquote class="blockquote">
<p class="mb-0">...Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint.</p> <p class="mb-0">Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint.</p>
</blockquote> </blockquote>
<p>In 2020 a second audit <a href="https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/">was announced</a> and the <a href="https://cure53.de/pentest-report_mullvad_2020_v2.pdf">final audit report</a> was made available on Cure53's website.</p> <p>In 2020 a second audit <a href="https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/">was announced</a> and the <a href="https://cure53.de/pentest-report_mullvad_2020_v2.pdf">final audit report</a> was made available on Cure53's website:</p>
<blockquote class="blockquote">
<p class="mb-0">The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks.</p>
</blockquote>
<p>In 2021 an infrastructure audit <a href="https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/">was announced</a> and the <a href="https://cure53.de/pentest-report_mullvad_2021_v1.pdf">final audit report</a> was made available on Cure53's website.</p>
<h5>{% include badge.html color="success" text="Open Source Clients" %}</h5> <h5>{% include badge.html color="success" text="Open Source Clients" %}</h5>
<p>Mullvad provides the source code for their desktop and mobile clients in their <a href="https://github.com/mullvad/mullvadvpn-app">GitHub organization</a>.</p> <p>Mullvad provides the source code for their desktop and mobile clients in their <a href="https://github.com/mullvad/mullvadvpn-app">GitHub organization</a>.</p>
<h5>{% include badge.html color="success" text="Accepts Bitcoin" %}</h5> <h5>{% include badge.html color="success" text="Accepts Bitcoin" %}</h5>
@ -42,7 +46,7 @@
<h5>{% include badge.html color="success" text="Remote Port Forwarding" %}</h5> <h5>{% include badge.html color="success" text="Remote Port Forwarding" %}</h5>
<p>Remote <a href="https://en.wikipedia.org/wiki/Port_forwarding">port forwarding</a> is allowed on Mullvad, see <a href="https://mullvad.net/help/port-forwarding-and-mullvad/">Port forwarding with Mullvad VPN</a>.</p> <p>Remote <a href="https://en.wikipedia.org/wiki/Port_forwarding">port forwarding</a> is allowed on Mullvad, see <a href="https://mullvad.net/help/port-forwarding-and-mullvad/">Port forwarding with Mullvad VPN</a>.</p>
<h5>{% include badge.html color="success" text="Mobile Clients" %}</h5> <h5>{% include badge.html color="success" text="Mobile Clients" %}</h5>
<p>Mullvad has published <a href ="https://apps.apple.com/app/mullvad-vpn/id1488466513">App Store</a> and <a href="https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn">Google Play</a> clients, both supporting an easy-to use interface as opposed to requiring users to manual configure their WireGuard connections. The mobile client on Android is also available in <a href="https://f-droid.org/packages/net.mullvad.mullvadvpn">F-Droid</a>, which ensures that it is compiled with <a href="https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html">reproducible builds</a>.</p></p> <p>Mullvad has published <a href ="https://apps.apple.com/app/mullvad-vpn/id1488466513">App Store</a> and <a href="https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn">Google Play</a> clients, both supporting an easy-to use interface as opposed to requiring users to manual configure their WireGuard connections. The mobile client on Android is also available in <a href="https://f-droid.org/packages/net.mullvad.mullvadvpn">F-Droid</a>, which ensures that it is compiled with <a href="https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html">reproducible builds</a>.</p>
<h5>{% include badge.html color="info" text="Extra Functionality" %}</h5> <h5>{% include badge.html color="info" text="Extra Functionality" %}</h5>
<p>The Mullvad VPN clients have a built-in killswitch to block internet connections outside of the VPN. They also are able to automatically start on boot. The Mullvad website is also accessible via Tor at <a href="http://xcln5hkbriyklr6n.onion/">xcln5hkbriyklr6n.onion</a>.</p> <p>The Mullvad VPN clients have a built-in killswitch to block internet connections outside of the VPN. They also are able to automatically start on boot. The Mullvad website is also accessible via Tor at <a href="http://xcln5hkbriyklr6n.onion/">xcln5hkbriyklr6n.onion</a>.</p>
</div> </div>