Even if you have encrypted your traffic with a VPN, advanced traffic analysis is a growing threat against your privacy. Therefore, we have developed DAITA – a feature available in our VPN app. Through constant packet sizes, random background traffic and data pattern distortion, we are taking the battle against AI-guided traffic analysis.

From Mullvad

  • OsrsNeedsF2P@lemmy.mlEnglish
    111·
    11 hours ago

    Seems like it will cost Mullvad more for bandwidth. Great feature overall, very similar to Monero’s Dandelion++

      • Snot Flickerman@lemmy.blahaj.zoneEnglish
        712·
        17 hours ago

        Hey they did support it until they were getting difficult legal contacts because some users were abusing it, and getting turned away by different hosting providers.

        They shut it down to protect the rest of us who use it without abusing it.

        https://mullvad.net/en/blog/removing-the-support-for-forwarded-ports

        Unfortunately port forwarding also allows avenues for abuse, which in some cases can result in a far worse experience for the majority of our users. Regrettably individuals have frequently used this feature to host undesirable content and malicious services from ports that are forwarded from our VPN servers. This has led to law enforcement contacting us, our IPs getting blacklisted, and hosting providers cancelling us.

        The result is that it affects the majority of our users negatively, because they cannot use our service without having services being blocked.

        I know the port forwarding thing can be a deal-breaker for some people, but it’s not Mullvad’s fault that they needed to remove this to be able to continue providing quality services for the rest of their customer base.

        This is sadly one of those “this is why we can’t have nice things” type deals because when enough people abuse it, it becomes a problem. I have no ill will towards Mullvad for taking it away when it became financially and legally foolish to continue doing so.

        • apex32@lemmy.worldEnglish
          11·
          15 hours ago

          How are other VPN services able to do port forwarding without having this problem?

          • sunzu2@thebrainbin.org
            122·
            15 hours ago

            They force you to pay with KYC money… No Pedo is stupid enough to be spreading CSAM on that VPN

            • lapping6596@lemmy.worldEnglish
              61·
              11 hours ago

              Given how often I see articles where a pedo was caught because they were sending photos over telegram unencrypted or similar. I do think many are that stupid.

              • catloaf@lemm.eeEnglish
                2·
                2 hours ago

                Much like other criminals, only the stupid ones get caught. Look at how many of those articles say that they’d been doing it for decades. Many more of them are out there right now.

              • sunzu2@thebrainbin.org
                11·
                11 hours ago

                I think that’s another reputable VPN?

                Then my theory might be debunked or they will get forced to cut off port forwarding too

          • Yingwu@lemmy.dbzer0.comEnglish
            4·
            12 hours ago

            When you torrent you can only connect to peers that have open ports, if your ports are closed. Which means it makes it a lot harder to upload if you rely on private trackers and maintaining a good ratio. One can still download and upload, but for especially older torrents it has a good chance to affect your speeds and ability to download.

            • Jack Sparrow@sh.itjust.worksEnglish
              3·
              7 hours ago

              This is accurate when using the BT protocol. However if you have uTP (Micro Transport Protocol) enabled, it has “support for NAT traversal using UDP hole punching between two port-restricted peers where a third unrestricted peer acts as a STUN server.”

  • seven_phone@lemmy.worldEnglish
    281·
    17 hours ago

    It will all end with us back on dialup speeds once the counter-DAITA throughput machine learning de-obfuscation analysis of defense against AI guided traffic analysis of proxy anomised packets starts. I think I might just read a book.

    • jet@hackertalks.comEnglish
      141·
      17 hours ago

      Imagine a future where you and your VPN connection maintain 10mbps of constant, uniform traffic at all times. That solves the problem too, if the noise is aways high, you can’t see the signal

      • seven_phone@lemmy.worldEnglish
        62·
        17 hours ago

        You can always see the signal in the noise, that is the point of the signal and therein lies the rub.

        • jet@hackertalks.comEnglish
          11·
          17 hours ago

          Sure, but one of the benchmarks of a good cryptographic algorithm is to reduce the amount of meta information you can get from a random sampling. Most of the timing attacks are looking for traffic activity to pattern match ultimate source and receiver. If the encrypted tunnel is always exactly 10mbps of cryptographic traffic, then it would be much harder to identify

          • seven_phone@lemmy.worldEnglish
            4·
            17 hours ago

            Yes as with almost everything the ability to do a thing is just a function of how much you want to do it.

        • pebbles@sh.itjust.worksEnglish
          43·
          10 hours ago

          If ya do it right, you can’t distinguish the signal from the noise. Encryption makes data look random. So if you send dummy random data then it just looks like constant random data. No signal is distinguishable.

  • jimjam5@lemmy.worldEnglish
    2·
    16 hours ago

    Now I’m curious if the vpn I use will consider a similar approach going forward (PIA).