Review of Mullvad VPN

Original Article ↗ Hacker News Discussion ↗

Scope of the Audit

  • Audit covers the Mullvad VPN app/client, not the whole VPN service or server infrastructure.
  • Some note this makes the original title misleading, but still relevant since the app is the main entrypoint for users.
  • Separate infrastructure audits (by other firms) were done earlier in the year.

Key Findings in the Report

  • Issues found include: unsafe signal handling (too-small alt stack, non–async-safe functions), IP leaks via ARP, deanonymization via NAT/MTU behaviors, and a sideloading risk in the setup process.
  • Commenters view these as “straightforward” and mostly low-to-moderate risk, with sideloading called the most concerning but not standalone-exploitable.
  • Deanonymization vectors are said to apply broadly to VPNs, not just Mullvad.

Deep Dive: Signal Handling

  • Large subthread debates how hard it is to write correct POSIX signal handlers.
  • Points raised:
    • Signal handlers can interrupt code in critical sections; they must not wait on locks or shared resources.
    • Very small set of async-signal-safe operations is allowed.
    • Languages/runtimes (C, Rust, Haskell, etc.) struggle to provide safe abstractions; ideas like function “coloring”, monads, or dedicated signal threads are discussed.
  • Consensus: safe signal handling is extremely tricky; Mullvad’s issues here are understandable but real.

Threat Models and Value of Audits

  • Several comments praise this report for explicitly stating its threat model.
  • Debate over whether customer-defined scope weakens audits; counterargument is that every audit must target a defined model and constraints of time/budget.
  • Users are encouraged to compare their own threat model (e.g., unprivileged local attacker vs. admin/nation-state) to the one used in the audit.

Mullvad’s Reputation and Business Model

  • Many express strong trust in Mullvad relative to other VPNs: no-logs policy, multiple public audits, RAM-only infrastructure, simple flat pricing, and anonymous payment options (cash, crypto, Monero).
  • Others worry about the general VPN industry’s marketing and snake-oil tendencies, but often exempt Mullvad as “one of the better ones.”

Usage, Limitations, and Ecosystem Issues

  • Practical complaints:
    • Removal of port forwarding significantly hurts torrenting and private tracker seeding.
    • Planned deprecation of OpenVPN pushes some to consider other providers.
    • Mullvad endpoints often hit CAPTCHAs or blocks (especially on YouTube/Reddit), possibly because of known hosting ASNs and anti-tracking incentives.
  • VPNs seen as most valuable for ISP privacy and censorship circumvention; some argue they are over-marketed for broad “anonymity.”