this post was submitted on 12 May 2025
110 points (96.6% liked)
Privacy
37786 readers
298 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Mullvad is much friendlier to privacy, but their proxies get blocked by A LOT of stuff, they also have a very small number of proxies. Mullvad collects literally nothing about you, but that's a double edged sword. not having any way to verify exactly who paid money into which account number means they can't help you if someone steals your account. I also have it on good authority that mullvad isn't very reliable at getting past more aggressive censorship firewalls. the one in china for example won't allow you to use mullvad unless the sim you're connecting from is a US one.
Proton doesn't record anything you're doing with their VPN and they've had to prove that many times and their "sentinel" program and the 2FA and double password you can enable make it very hard if not impossible for someone to mootch off your account. I very rarely get blocked by anything when I use proton VPN, if I ever do get blocked I just have to change the proxy I'm on. I don't even have to change the location most of the time because proton VPN has a huge number of proxies at each location.
Proton also gives you the ability to save recovery phrases and recovery files if you lose your password(s) or your 2FA
ente auth and ageis auth are great for storing your 2FAs and they allow you to back them up to a file if your account with ente fails in some way or if you forget the password to get into your ageis
as for those recovery files and phrases I talked about. save them in text files on a small capacity flash drive that you don't use for anything else
Mullvad also has hidden servers they give access to on request if you can't access the regular ones. Can help with government censorship etc
Good to know, but how can you safely request them without giving away that you're using them?
What method does the request go through? What happens when those proxies get blocked by the censorship firewalls too?
I just used email lol, and I don't think it's possible to hide that you're connecting to a certain IP. And if they get blocked too I'll email them again D:
Who knows how to steal you mull account with out you knowing? This seems over blown atleast from that perspective. I'm sure it's possible but unless you are incredibly slopping opsec I doubt it's even on the list of problems. Given all other things you could be doing.
it's just a string of numbers with no password
How would anyone get the long string though? Realistically speaking. It would be difficult and unlikely.
It's just numbers, no punctuation marks, no letters, no math symbols. No entropy really.
For most people that's not an issue, but some people out there can guess them.
one way to mitigate that problem is simply to not load your mullvad account with more than 1 year of time at any given time. If your mullvad account has like...10 years of time then yeah, lots of people are going to mootch if they figure out which number has that
Or even if they don't mootch, they could just remove the devices on your account and fuck with you
Unless you are willing to do the math, “no entropy really” deserves a [citation needed]
what kind of password has more entropy? one with capital and lowercase letters, numbers, math symbols and puncuation marks?
or the one with only numbers?
Is there really a citation needed for that?
Entropy is calculated from the character set size to the exponent the length of the string: E = log2(R^L). A long string of numbers can have more entropy than a shorter alphanumeric string with special characters. I looked it up and apparently their account number is 16 digits. That’s 53 bits of entropy, which is not guessable. Someone brute forcing would have quadrillions of login attempts to try.