X41 Reviewed Mullvad VPN
Direct link to the PDF report: https://x41-dsec.de/static/reports/X41-Mullvad-Audit-Public-Report-2024-12-10.pdf
Titles of issues they found:
- 4.1.1 MLLVD-CR-24-01: Signal Handler’s Alternate Stack Too Small
- 4.1.2 MLLVD-CR-24-02: Signal Handler Uses Non-Async-Safe Functions
- 4.1.3 MLLVD-CR-24-03: Virtual IP Address of Tunnel Device Leaks to Net- work Adjacent Participant
- 4.1.4 MLLVD-CR-24-04: Deanonymization Through NAT
- 4.1.5 MLLVD-CR-24-05: Deanonymization Through MTU
- 4.1.6 MLLVD-CR-24-06: Sideloading Into Setup Process
Mullvad's blog post: https://mullvad.net/en/blog/the-report-for-the-2024-security-audit-of-the-app-is-now-available
https://x41-dsec.de/news/2024/12/11/mullvad/Open linkView original on lemmy.ml
Wasn't FastVPN caught holding user logs and selling personal data to advertisement agencies?
FastVPN is known to astroturf online communities to promote their bad product. Their tendency to use unethical marketing strategies raises serious concerns about the legitimacy of their VPN.