Even if you have encrypted your traffic with a VPN (or the Tor Network), advanced traffic analysis is a growing threat against your privacy. Therefore, we now introduce DAITA.
Through constant packet sizes, random background traffic and data pattern distortion we are taking the first step in our battle against sophisticated traffic analysis.
The Chinese Great Firewall (GFW) has already been using machine learning to detect “illegal” traffics. The arms race is moving towards the Cyberpunk world where AIs are battling against an AI firewall.
Careful criticizing China you will awake the Tankies.
One day those tankies people here keep talking about are going to show up.
One day.
I always check under my bed each night to make sure there’s no tankies.
After I blocked hexbear and similar instances I haven’t scene them which is nice. Occasionally I’ll see a Lemmy world one but that is pretty rare.
I’d say they are more common on Lemmy.ml than Lemmy.world
Lemmy.world has many tankies. You keep seeing them pretend israel is not committing Genocide and America needs to kill all student protesters Tiannenmen style. They are also called liberals
Lemmy.ml does not have many tankies.
This is some top level spin here.
no u!!!
I think our instance defederated with hexbear.
Still waiting for Defense Against the AI Dark Arts to drop
DAIDA
?
Harry Potter reference.
I love these guys. Let’s see if somebody can just bootstrap the FOSS framework directly on TCP to work on the internet without a VPN. Fantastic project
How about defense against dhcp option 121 changing the routing table and decloaking all VPN traffic even with your kill switch on? They got a plan for that yet? Just found this today.
Don’t you control your dhcp server?
Of course but you don’t control rogue dhcp servers some asshat might plug in anywhere else that isn’t your network
No port forwarding really kills the utility though - I mainly use the VPN to do port forwarding (e.g. for video games, Plex, etc.) as my ISP is shit.
Like I’m not worried about state-level de-anonymisation, I just want to be able to share services remotely and have a minimum level of anonymity.
Port forwarding removed because hosting threatened to kick mullvad out. Lot of shit hosted through that. No hosting, no vpn, so needed to remove to continue operate.
Port forwarding means torrents. People using a VPN to torrent likely have much more traffic, especially those that seed (which is why they want port forwarding). Not enabling port forwarding means mullvlad can operate at a higher profit to cost ratio, and less risk.
That’s what mullvlad say. It’s not necessarily the reason why they don’t offer port forwarding.
It was always possible for them to continue allowing port forwarding. They could use separate servers for those that want port forwarding, stopping any impact port forwarding had on those customers.
Hum… this was one of the original reasons I signed up with them. I totally missed them dropping support. I’m not mad about it because I don’t torrent much anymore, but it’s still a pretty lame excuse.
I want all my services supporting maximum fuckery at all times as a matter of general principle.
Any alternatives that you know of?
Torrenting works fine with Mullvad in my personal experience, and will pretty much up to my current ISP speed limits (which is 200Mbps download).
Can’t really guarantee you that it will be as good if you’re hosting your own seedbox over their VPN (then again if you’re doing that you should probably pay for a proper seedbox hosted elsewhere) but if you’ve downloade something and the just leave it seeding, it seems fine.
I can’t honestly say I’ve ever had much trouble with it either. No trouble receiving files at least… there wasn’t much outbound traffic, but that could just have been a lack of interest :-)
I’m happy with Mulvad’s service and now that the initial shock and indignation is wearing off I’ll probably stick with them.
Besides I read about their new traffic obfuscation and I’ve got to give that a try. We need proactive innovation like that, now more than ever.
ProtonVPN has it, and Wireguard support.
Thank you. It’s good to know I have a few options.
You should be using a seedbox to torrent in this age. Let the company run their business, if they don’t want to be a part of the group that allows torrents, so be it.
If so easy to fix issue, why not make company and fix it?
There are plenty of other options in the market, including ones with port forwarding. It’s a very saturated market.
That sounds strange given that Mullvad works fine for torrenting in my personal experience and even up to quite a good speed (it can use the full 200Mbps download speed from my ISP)
Also modern NAT will do deep packet inspection on common well known protocols to automatically adjust the port of your machine listed on any “here I am” protocol messages being sent out from your side to be an actual port on the VPN Router and to have an internal association of that port in the Router with the actual port in your machine so that connections of that port can be sent to your own machine and the actual port in it that are used.
It’s only the pure listenner services (such as webservers and e-mail servers) were the port is pre-defined by convention and not a variable one sent out on any “here I am message” that require explicitly configured port-forwarding on the VPN Router side, plus because the port is fixed by convention for each type of service (such as port 25 for SMTP and port 80 for HTTP), off all the clients connected by VPN to that VPN Router at any one time, only 1 will be able to get that specific port.
You need port forwarding to connect on torrents. Your able to torrent because everyone you torrent from has port forwarding enabled. If you want to access more seeders, and more commonly leechers you need port forwarding. This is useful for people using private trackers that want to maintain a ratio.
I can download at the maximum rate my ISP supports and I can seed after downloading (probably only to those clients which my own client has connected to).
However I cannot seed in a brand new session during which I did not download that specific torrent (as I just tested).
I expect this is because, as I explained, the NAT implementation actually tracks which IP addresses your client connected to and through which VPN Router port that went so that subsequent connections from those IPs to that port get sent to the right port in your own machine, but it doesn’t support uPNP/NAT-PMP port forwarding so the bitttorrent client cannot configure on that VPN Router a static port-forwarding so that it can listen for connections from any random client.
So if I understand it correctly it totally screws self-hosted seedboxes and if you want to give back to the community you have leave it seeding immediatelly after downloading and it’s not going to be seeding anywhere as fast since its limited to peers connected to during the dowload stage.
ProtonVPN has it though, which is what I’m using now.
How does port forwarding help with videogames?
I host a server, I forward the port, my friends can connect to the open port on the VPN side.
My ISP does not offer port forwarding.
Zerotier could also work for you
Alternative maybe i2p or tor network. Or make vpn to anon vps and host from there.
Love they called the defence framework “Maybenot”.
I swear the defense against the dark arts teacher just keeps getting weirder and weirder.
I use Mullvad really good, love how they don’t care who you are and can actually maintain complete anonymity even in payment.
Propably going to be banned soon for some stupid reason if gets popular, like free speech is allowing the terrorists make bears cry or something.
I can tell you that this exists way before AI, I wish that there was more awareness earlier but it’s good that now its starting
Windscribe had something similar already? Not exactly this, but they had a feature to add other random traffic to your network specifically to work against systems like these.
So… Tor?
Tor is much better than a VPN privacy wise. However, you are limited on speed and stuck with TCP.
So it’s like a VPN-busta-busta?
What if they have a VPN-busta-busta-busta though?
Then we have to wait til they drop the legendary VPN-quad-busta
