Really though this isn't the threat model at all for someone who just wants to use a VPN, I only went there because the comment senselessly advised shipping your own hardware to the colo. Once it leaves your possession, there's not much you can do to ensure that it still has unmodified code on it (assuming standard PC hardware). There are lots of ways of hiding persistence on a system, and decades of research along these lines. If you're worried about the kind of attacks that necessitate sending your own hardware, then, regardless of who owns title to the device, the firmware being replaced to snoop on or alter what is actually in RAM is in-bounds.
#NORD VS MULLVAD SOFTWARE#
> which the software image can't be modified without you knowing it. I feel like for most threat models its a more than acceptable tool. I don't think you have provided any substantial argument for most commercial vpn users to switch. After all nobody has to actually target you in particular they can look for vulnerable hosts in an automated fashion. On the other hand for most people the differential between know how between you and professionals is probably sufficiently useful that you are less likely to get hacked with them than on your own. In fact a VPS or indeed any host actually has the same problem you describe in that a host is a bigger target than you and therefore more valuable.
Again this breaks the example of valuables in storage. If they are attentive and competent this either will never happen or it will be for a short duration. If the vpn provider doesn't keep any logs your total exposure is that they may start collecting logs of traffic for the duration during which they are compromised. Likewise with keeping your personal traffic personal instead of having it show up on your bosses network who cares if bob has it.
If your vpn usage for example is downloading movies the fact that bob the hacker knows you downloaded inception isn't very worrisome. I think the analogy fails because thats valuable isn't a good that it is simply retained or lost.
0 kommentar(er)
