- kfreds parentI don't consider myself a programmer and I can use Ed25519 safely. I do however understand computing fairly well.
- > Thank you for the reply, I really appreciate it.
Likewise.
> You created a company which .. ultimately undermines the government power and makes it weaker.
Undermining the power of governments and other powerful entities has benefits and drawbacks. Our thesis is that making mass surveillance and online censorship ineffective is a net good for humanity in the long term.
You are arguing that censorship is a net good in the much more specific context of disinformation campaigns on social media during war time. Yes, government censorship might be effective and proportional in that context. It could also backfire.
You are also arguing that the dynamics and algorithms of social media is the vector through which disinformation spreads. Wouldn't it then be more effective and proportional to target social media for regulation?
>> It sounds like you're arguing for censored populations to .. not circumvent censorship through technological means.. > Yes, in democratic countries..
What should people in undemocratic countries do?
> I believe that the exact same ads you have on the streets in the cities should be published by politicians or NGOs and not a business. > .. I do think that political activism is still possible even when there is additional risk.
I agree. At the same time, freedom of expression and of the press is under attack on a global scale. Consider this article from Reporters Without Borders: https://rsf.org/en/world-press-freedom-index-2025-over-half-...
> On the other hand, I do know that vulnerable people (teens, minorities, sick, elderly) in my country get recruited by Russia en masses through messengers. I do know that Russia engages in psychological warfare through Telegram, Facebook and TikTok without governments able to do anything.
I agree that is a serious problem and I don't know how to solve it. I'm sorry.
> I do want for politicians to fight for my rights, but I don't want that from businesses to be honest.
Why not?
> I mean, activism is clearly a part of your business strategy.
From a cause-and-effect point of view it would be more correct to say that starting a business is a part of our activism strategy. My opinions on the proportionality of mass surveillance and government censorship were formed a decade before I started Mullvad. Running a business is hard work, and if I didn't believe in its mission I would move on to something easier.
> The more discussion you create around issues related to privacy and censorship the more users you'll have - that's why I call it performative. Mullvad's business depends on the performance of fighting for the rights at the same time as benefitting from the fight itself.
I see. I interpreted it as "for show" in the sense of not being genuine.
- Thank you for your constructive criticism.
> I think the right course of action should be a political activism, not a technological one. Especially when the company doing it makes a fortune.
We tried that. My cofounder and I, as well as several of our colleagues, tried classic political activism in the early 2000s. It became increasingly clear to us that there are many powerful politicians, bureaucrats and special interest groups that don't act in good faith. They lie, abuse their positions, misuse state funds and generally don't care what the population or civil society thinks. They have an agenda, and don't know the meaning of intellectual honesty.
> The course, when one can just disengage from participating in society by sidestepping the problems by either using VPNs in terms of censorship .. is very dangerous and will reinforce the worst trends.
It sounds like you're arguing for censored populations to respect local law, not circumvent censorship through technological means, and only work to remove censorship through political means.
Generally, the more a state engages in online censorship the less it cares about what its population thinks. There are plenty of jurisdictions where political activism will get you jailed, or worse.
Are you seriously suggesting that circumventing state censorship is immoral and wrong?
> So instead of speaking from the high ground, please, tell us what your solution about mass disinformation happening from US social media megacorps, Russia mass disinformation, mass recruitment of people for sabotage on critical infrastructure.
Social media companies make money by keeping people engaged, and it seems the most effective way of doing that is to feed people fear and rage bait. Yes, that's a problem. As is disinformation campaigns by authoritarian states.
Powerful companies have powerful lobbyists, and systematically strive for regulatory capture. Authoritarian states who conduct disinformation campaigns against their population are unlikely to listen to reform proposals from their population.
I don't claim to have a solution for these complex issues, but I'm pretty sure mass surveillance and censorship will make things worse.
> Tell us, how can we keep living in free society when this freedom is being used as a leverage by forces trying to destroy your union.
Political reform through civil discourse cannot be taken for granted. Mass surveillance and censorship violate the principle of proportionality, and do not belong in a free society.
> Please, give us your political solutions to the modern problems instead of earning a fortune by a performance free speech activism.
I'm not sure what you mean by performance. Please clarify.
- > it would be nice if you addressed the specific objection
I'm pretty sure I did. I'll happily answer yours as well.
> Do you think they appeal more to consumers who are seeking "it keeps me vaguely secure", or it helps me watch Venezuelan Netflix and avoid some kinds of targeted advertising personalisation?
Between those two options, definitely "it keeps me vaguely secure". None of the ads you link to are intended for customers that want to circumvent geographical restrictions. We don't market to that customer segment.
- Actually, no. Our goal is to make mass surveillance and censorship ineffective, not maximizing profit to our shareholders. If there was a big red button we could push that accomplishes our goal and makes Mullvad obsolete in the process, we'd push it. There's an abundance of problems to solve in the world. It'd be nice if we could figure out how to get rid of some and move on to other problems.
- Sure!
Regarding tracking concerns, masking your IP address is a necessary but insufficient first step to improving your privacy online. ISPs typically don't allow their users to do that per-device in a UX-friendly way. Protecting against browser fingerprinting is something that Mullvad Browser does quite well, thanks to it being a fork of Tor Browser.
As for circumventing geo restrictions, you're absolutely right. We make an effort to get it to work, but ultimately privacy and censorship is much more of a priority for us. That's why we don't advertise it.
Finally, the campaign isn't just about getting more customers. We started Mullvad for political reasons, and now we have the resources to spread that message further. Governments around the world are warming up to the idea of mandatory device-side mass surveillance and backdooring E2E encryption. We're trying to build public opinion against that.
- Good point. That is indeed a distinct fifth reason.
Here's a sixth one: for some users it can improve latency, bandwidth and/or even cost.
latency/bandwidth: because of weird peering agreements between ISPs / ASes.
cost: there are networks where consumers pay per MB for international traffic, but not local traffic. Consumers can sometimes establish a VPN tunnel to the local data center and get an unmetered international connection, because the data center has a different agreement with the monopolistic consumer ISP.
- We have a few partners who use our infrastructure (e.g. Mozilla), but we're not trying to dominate as a white-label solution. In fact, we've said no to a few well-known brands who wanted to white-label our infrastructure.
As for our long term goals, take a look at our owner's directive: https://mullvad.net/en/blog/ownership-and-future-mullvad-vpn
We want to make online mass surveillance and censorship ineffective. Mullvad is political action through entrepreneurship. We're reinvesting a lot of our profit into open-source software and hardware projects that benefit both Mullvad and the wider community.
I really don't want us to "corner the entire market" because that would make us a single point of failure. I would like to think that our hard work help push the market to keep improving.
- The way I see it there's four use cases:
- protecting your privacy from your local ISP, WiFi, school, government etc
- protecting your privacy from some forms of online tracking
- circumventing censorship
- circumventing geographical restrictions
If you combine masking of your IP address with a web browser that protects you from various types of browser-based fingerprinting, you are more in control of your privacy online. You get to decide, to a greater extent, who you share very personal information with. That doesn't seem very silly.
(disclosure: I'm one of the deeply silly cofounders of Mullvad)
- You might also find these interesting:
- Akaros, an OS for manycore systems: http://akaros.org/news.html
- VMThreads, an interesting paper on scheduling challenges, related to Akaros: https://iwp9.org/11iwp9proceedings.pdf
- The virtualization of I/O is fascinating, and VirtIO's progress from the Linux kernel to hardware implementations. My only wish is that Linux would support inter-VM shared memory as a VirtIO transport in addition to pci and mmio.
Thanks for the pKVM tip, and the connection between OpenTitan and Barrelfish.
Speaking of security and open-source hardware, shameless plug of stuff I work on:
- dev.tillitis.se (FPGA-based OSHW RoT)
- system-transparency.org (related to CC, TDX, SNP)
- sigsum.org
- Thank you! I realize now that I was thinking about a different aspect of systems research, but failed to say so.
Barrelfish (multikernel) and your username made me think of manycore systems and the scheduling challenges we will surely face as systems become more heterogeneous. I'm in a period of trying to learn more about that. Any and all recommendations are much appreciated.
- Interesting. Try reaching out to Mullvad's support as well if you haven't done so already. If I'm not mistaken they conduct censorship circumvention experiments from time to time together with customers. I'm sure they'd also be interested to hear about any long-term resilient low-bandwidth channels you've found, such as the syncthing relay network. Those are very useful for bootstrapping and configuration updates.
- Hi! I used to think that the product should speak for itself, only grow by word of mouth, and that it was wrong to do any advertising. Part of me still thinks that.
On the other hand we ran a very political advertising campaign one-two years ago when we protested a new EU law proposal. We plastered Stockholm's airport in billboards targeting EU politicians and journalists. We published a book and sent copies to several hundred politicians. It was quite a success. Incidentally our office was raided by the Swedish police a month later - the first time in 14 years.
I really appreciate your feedback. Are you able to pinpoint more exactly why you feel that our advertising undermines trust in our brand? Is it simply the fact that we're advertising at all?
Our marketing team works hard to ensure that our advertising doesn't make security guarantees we can't keep, or sell the product through fear-mongering. I feel that we've found a set of advertising messages that work, but clearly it still causes some unease and skepticism.
Perhaps it's simply a worry that we'll change because Mullvad is growing up and is no longer an obscure underdog?
- Mullvad's mission is to make mass surveillance AND online censorship ineffective. So yes, we do intend to offer excellent censorship circumvention out of the box.
Having said that we have clearly prioritized privacy for a long time. For what it's worth we have several censorship improvements on the roadmap. Stay tuned.
- > there's definitely been a lottery win or a series A
We have neither won the lottery nor taken on outside investment. We've been growing for years, and we've reached a point where we can afford campaigns like this. It is an interesting experiment by our marketing team. Still, I think people on HN overestimate the cost of campaigns like this.
- > Did they get a cash infusion? Why all of the sudden are they expanding?
No cash infusion. We've been growing for years, just like many other VPN services. We're still quite a bit smaller than e.g. Nord and Express though.
As for our choice of advertising, we don't run an affiliate program, nor do we want to track our customers through online ads, so we're trying this instead. It's cheaper than you might think.
// Fredrik (cofounder of Mullvad)
- I assume you're referring to this[1]. I don't think it's necessary to bring all of that into the Go runtime itself, or ask the Go team to maintain it. It would be part of your application, and similar to a board support package.
TamaGo already supports UEFI on x86, and that too would be part of the BSP for your application, not something that would need to be upstreamed to Go proper. Same for AMD SEV SNP.
As for you (nanovms) supporting new instance types, wouldn't it be nice to do that work in Go? :)
Edit: I wonder how big the performance impact would be if you used TamaGo's virtio-net support instead of calling from Go into nanos.
- > This proposal seems to be taking that approach to the extreme - not even a kernel.
To be fair, there is a kernel - the Go runtime. But since there is no privilege separation it classifies as a unikernel. Performance gains should be expected compared to a system where you have to copy data to/from guest VM kernel space to guest VM user space.
> I wonder if it could run on cloud VMs?
Yes. TamaGo currently runs in KVM guests with the following VMMs: Cloud Hypervisor, Firecracker microvm, QEMU microvm.
> How tiny could the image become?
Roughly the same size as your current Go binary. TamaGo doesn't add much.
- > Fair. This isn't the official Mullvad position, then (which is that the law may apply)?
I'm pretty sure our official position is that it doesn't apply, rather than it may apply. Note that the article on our website that I quoted is more recent than the one you quoted. I can't find a more recent legal opinion than that.
Regarding backdooring websites, that's interesting. I'll have to ask someone about that. Thanks.
> the outcome from it (backdoors, compromises, coercion etc) will be kept a state secret
I am not a legal expert, but I'm pretty sure you're wrong. The first-order outcome would be a court case that says the law applies to VPNs, or not. The second-order outcome would be secret coercion in a specific criminal case, or nothing. The first-order outcome would be public. Interesting question though. I'll have to ask about this too.
> Much needed (:
Yes. :)
It might interest you to know that I've spent the past six years working on things like that. My role at Mullvad since several years is only strategic, as I spend almost all of my time on applied research. See glasklarteknik.se and tillitis.se.
> (which no amount of software mitigations would thwart, I don't think)
Physical security is hard. However, I see no reason to limit ourselves to only software-based mitigations.
- I'm writing this on my phone and for whatever reason can't find the passages that you're quoting. Are they in the same article that I linked?
In any case, to my knowledge the law in question doesn't apply to us. If the Swedish government tried to argue otherwise we'd get our lawyers involved.
Having said all of this, I am concerned about National Security Letters and similar concepts. Technologies like reproducible builds, transparency logs, and remote attestation can help there.
- I'm pretty sure you're talking about this law, in which case it doesn't apply to us.
https://mullvad.net/en/help/swedish-covert-surveillance-data...
In short, "Mullvad is thus not covered by either the data storage provisions in the LEK for operations subject to a reporting obligation, or the duty to cooperate pursuant to the Covert Surveillance of Data Act."
- > Ok, but... don't users have to reply [rely] on their provider’s pinky-promise that the two parties won't cooperate with each other and share their separate data, thereby connecting the dots? >
Yes. On the other hand, it does complicate things for the attacker, whether it is internal (the orgs) or external - a 3rd party attacker would have to compromise both orgs instead of one.
> After all, the two parties are already cooperating to an extent, so why can't they cooperate even more, either voluntarily or at the command of some hostile government?
Voluntarily: If you look at the business incentives that wouldn't make a lot of sense.
Forced by government: Here I'd say look at the jurisdictions of the orgs.
(disclosure: I'm one of the founders of Mullvad)
- > .. Tor .. believing its three hops is the minimum required number of hops to achieve the goal of anonymity.
It's more nuanced than that. Tor's design states the following:
"A global passive adversary is the most commonly assumed threat when analyzing theoretical anonymity designs. But like all practical low-latency systems, Tor does not protect against such a strong adversary."
https://svn-archive.torproject.org/svn/projects/design-paper...
There are tons of ways to de-anonymize users, Tor and VPN users alike. Same goes for mixnets. Whether or not an attacker can acquire a user's real-world identity depends on a lot of parameters. The number of network proxy hops is just one parameter.
Having said that, everything else equal, more hops is better than fewer. Then again, if all the user does is log into Facebook with their real-world identity, the number of hops doesn't matter at all. Or it does, because their adversary isn't Facebook, but their local ISP! It depends on what the user wants to protect against. There is a reason the Tor Project went on to build the Tor Browser. They realized that the sort of anonymity that users were looking for wasn't to be had with only the Tor network. They needed to complement the tor client with privacy protections on the application layer.
Regarding network proxy hops there's also this perspective: strong anonymity, low bandwidth overhead, low latency - choose two. This anonymity trilemma teaches us yet again that security and performance / UX is often at odds. If you want security you have to be prepared for inconvenience.