Obscura VPN – Privacy that's more than a promise

Original Article ↗ Hacker News Discussion ↗

Architecture & Comparisons

  • Core idea: split trust between two entities. Obscura sees the user’s IP/identity; Mullvad sees browsing traffic but (ideally) not identity. Only collusion or coercion of both can fully deanonymize.
  • Multiple users compare it to:
    • Tor with 2 hops instead of 3 (trading some anonymity for speed/reliability).
    • Apple’s iCloud Private Relay (two-hop design with anonymous authorization tokens).
    • Mullvad’s own multihop, ProtonVPN “Secure Core,” and iCloud’s multi-provider exit setup.
  • Distinction noted: Obscura uses a separate company (Mullvad) for exits, rather than two servers from the same provider.

Trust, Threat Models & Limits

  • Skepticism that “more than a promise” is accurate: the model just shifts trust to “these two companies won’t collude or be compelled together.”
  • Concern that governments could order both Obscura and Mullvad to log a specific user, or to pin that user to a particular exit node, defeating the split.
  • Discussion of global passive adversaries and NetFlow: correlation of “user → VPN” and “VPN → site” flows can deanonymize regardless of VPN marketing; adding hops only raises cost, doesn’t make you untraceable.
  • Timing and traffic-analysis attacks, mixnets, and constant-rate networks are mentioned; solutions exist but are slow, complex, and impractical for everyday browsing.

Metadata, Profiling & Key Management

  • Even if content is hidden from Obscura, it can still collect metadata (connection times, volumes).
  • Mullvad could, in theory, associate all traffic for a given WireGuard public key and build behavioral profiles without knowing the IP.
  • Obscura currently rotates WireGuard keys per connection and plans persistent keys plus scheduled/manual rotation to limit long-term profiling.
  • Client shows the exit’s WireGuard public key so users can verify it against Mullvad’s published keys.

Abuse, Reputation & Website Compatibility

  • Site operators complain that Mullvad/Tor-style networks are frequent sources of attacks and that reports to Mullvad don’t seem to change anything.
  • Others argue that effective abuse detection would require the very logging and user-linkability these services promise not to have.
  • Consequence: VPN exit IPs and self-hosted DC IPs get blocked or heavily CAPTCHA’d by many services; Mullvad is seen as better than Tor here, but still problematic.

Platform, UX & Payments

  • Criticism that a “privacy” VPN launches macOS-only, where the OS phones home before the VPN connects.
  • Website/blog issues: poor mobile padding, broken /blog routing, hidden pricing; these were acknowledged and then fixed by the founder.
  • Payment model (crypto, etc.) is questioned; many praise Mullvad’s cash and gift-card options as a superior privacy baseline.