VPN provider Mullvad announced today that it has completed the migration to a disk-less VPN infrastructure. The migration to servers that operate fully in RAM strengthens user privacy further and it also improves reliability and management of VPN servers.
Mullvad started the migration in early 2022 with two test WireGuard servers. The company created a special bootloader, stboot, for the purpose and continues to use a custom Linux kernel that is a heavily slimmed down version of the mainline branch.
The server itself has a size of less than 200 megabytes before deployment, according to Mullvad. The company had four major goals when it announced the move to a disk-less VPN infrastructure:
- If a computer that runs a VPN server is moved, confiscated or powered off, no data can be retrieved.
- Minimize the risk of storing logs that may reveal information at a later point.
- Removing disks from systems makes the servers less prone to hardware failures due to fewer breakable parts.
- Setting up and upgrading servers and packages is faster and easier.
The disk-less servers use provisioning servers to download the operating system and boot from it. Mullvad states that the provisioning servers host just the signed disk images and "some base configuration data".
When a VPN server boots, it launches the bootloader stboot, which is configured to download and verify the OS package from the provisioning server. The operating system will be booted only in RAM if the downloaded image passes verification. The server "waits" then for staff members to provision and deploy it for customer user.
Mullvad VPN has been audited twice in the past two years and it will continue to be audited regularly, according to the announcement. The company's offices were raided in early 2023, but the Swedish police did not seize any equipment when it realized that it could not access any past user data or logs.
The company launched its own privacy friendly browser in 2023 as well. It is based on Firefox ESR and uses Tor Project enhancements to improve privacy of its users.
Closing Words
The move to a disk-less VPN infrastructure improves privacy for Mullvad VPN users further, as no data is found on the servers when they are not operating. The move is also beneficial to Mullvad, as it removes complexity and eliminates the chance of hard disk failures.
Now You: do you use VPNs?
Thank you for being a Ghacks reader. The post Mullvad VPN completes migration to disk-less VPN infrastructure appeared first on gHacks Technology News.
0 Commentaires