They are not impossible to track, but that would be relevant only if Mullvad were severely compromised — and even then, we would only be in almost impossible territory.
There are no central repositories as to the location of arbitrary banknote serial numbers.
Lets assume, for the sake of argument, that a cash-paying user were to make the mistake of paying every single time to renew the same suspicious Mullvad account using cash which was always newly withdrawn from cash machines from a banking institution which meticulously tracks them and is able to report from which location they originated (maybe even the card which withdrew them!).
In that case, if Mullvad were to be compromised (or if the targeted user was such an absolute threat to humankind that Mullvad were to agree to collaborate in his or her capture), it would only be possible if Mullvad's mail receivers were to either a) actively keep track of either banknote serial number and link it to a customer, or b) be fully aware of the requirement to make a note of it only of received to renew the target account.
Anything short of that and even the perfectly traceable banknote serial number just becomes one of hundreds? thousands? deposited by Mullvad in their bank accounts — assuming they don't even use some of them as petty cash if needed.
If a user of Mullvad were to reach that level of a threat model I would argue they would be much more likely to be caught by tracking of their sent mail, in the style of Ted Kaczyński.
> There are no central repositories as to the location of arbitrary banknote serial numbers.
Why do you say that?
All that's needed is banks tracking serial numbers and associated persons as cash leaves the bank and enters it. The serial numbers on American cash seem machine readable, and on each bill they are printed in two places near opposite corners - as if they are designed for automated reading.
It doesn't have to be perfect, logically infallible, alibi-proof evidence. You could build a pretty good graph of who is doing business with whom, especially by examining repetitions of the same edges. At worst, it seems useful for intelligence tasks and to obtain worthwhile leads to pursue.
A serial number is not a tracking device. A sufficiently determined adversary with unlimited resources and access could maybe track you via it
But practically speaking an afternoon of shopping, exchanging coins for banknotes, breaking those into coins and back again will make it as untraceable as possible.
Especially since we're talking about 60 euro per year
I pay for VPN service with a credit card in my name that I have had for years. I'm not trying to hide the fact that I occasionally use a VPN. The ISP sees the tunnel, the websites I visit see the VPN IP, netflow logs the time, duration, bytes transferred, etc. It's no secret that I am using a VPN.
IMO, most VPN users are normal people, like me, who just want privacy from online advertisers and data aggregators. I do not want or expect privacy from the VPN provider. After all, I connect to their VPN service from my home ISP (which has an IP) that has an account in my name too.
No matter how you try to hide your payment for the VPN service, they know who you are.
IMO, technical people often 'go too far' and become unreasonable about these things (especially security people). They have lost touch with real-world threat models and use cases. James Mickens has a good short paper on this called 'This World of Ours' https://www.usenix.org/system/files/1401_08-12_mickens.pdf
It is probably the most reliable yeh, tho spending time here I’ve grown increasingly aware that the great firewall is more than aware of this vpn traffic, even if it’s wrapped up to look like normal traffic. They periodically will seem to ‘dial down’ the internet, especially at politically sensitive times. They are fully aware great swathes of the populace and visitors use VPNs, and they choose to allow it. They’d rather control and monitor than inspire even more opaque channels.
I should point out getting bitcoin anonymously requires some work too (if you buy BTC it is tied to your CC, and many exchanges require your ssn). Mullvad does allow you to send them cash anonymously in the mail as well.
That’s for accessing the website, not for sending your traffic via TOR to Mullvad. I don’t think they have a built-in way to send traffic to them via TOR without going through an exit node.
Oh, huh that's odd, why provide website access but then not actually product access when your product is a network service. Didn't think to read further than the headline because of that I guess, thanks for correcting me
same as with cash and crypto payment method it's to minimize data exposure outside of the service itself. If you don't trust them to connect with your ip why bother using a VPN instead of just tor.
I know it's a whole field of research and I'm not familiar with any of it, so I'm not saying this is a good reason, but what I understood from upthread (where the person mentioned you'd connect to Mullvad with your real IP address) is that they don't want either the ISP (or perhaps a tap) or someone subpoenaing Mullvad, to know that they're using Mullvad. By connecting via Tor, they don't know what you're connecting to, and if they go through the trouble of attacking Tor for you, they'll still land at Mullvad and they probably have to get a warrant for them to start keeping logs on all Tor users until they eventually can tie activities to an ISP subscriber
So I can see the reasoning, though anyone who considers this: I've heard years ago that they're not sure whether VPN-in-Tor or vice versa improves or degrades the anonymity, there are apparently reasons for either way, please read up on it before you feel safe using whatever solution in a regime without freedom of speech or something
I’ve never understood the neighbor approach. What’s the logic for that? Instead of your skin, it’s a person one door down from you, that was generous enough to share their connection with you? That’s not anonymity, that’s just outsourcing the identity to someone that probably extended trust to you. And if other things like Tor remove that connection, then what was the point of using a neighbor in the first place?
Generous to share? What makes you think the neighbor even knows about it? Also, one door down? They make antennas that can reach much further than that. If you're in a high rise building, you can even be picking up something from another floor in a different building more than one door down.
You're just not trying very hard if you're using your immediate next door neighbor.
This is an unnecessarily obtuse and pedantic response to the thought being raised.
Yes, a neighbor may not realize they're sharing their network, however, interpreting their "next door" comment as a literal unit of proximity doesn't make your comment look as intelligent as you may think it does.
This is an unnecessarily obtuse and pedantic response to the thought being raised and doesn't make your comment look as intelligent as you may think it does.
Ignoring BTC anonymity fallacy, does it even matter? If they don't store any logs as they claim, they can know anything about you, but won't be able to rat you out to authorities even if they wanted to, because you are just one of thousands of customers and any of them could have been using that IP the police is asking about. Am I missing something?
