Today we are announcing a partnership with Obscura VPN, a newly launched two-party VPN service that uses our WireGuard VPN servers as its “exit hop”.
While connected through Obscura, your traffic first passes through Obscura’s servers before exiting to the Internet via Mullvad’s WireGuard servers. This two-party architecture ensures that neither Obscura nor Mullvad can see both your identity and your Internet traffic.
Why doesn’t Mullvad partner with reputable VPN provider like IVPN for their own multihop feature? Other than some obscure VPN service that only allows you to pay with Bitcoin lightning and not Monero.
I also couldn’t find info about whether Obscura VPN host their own servers or just rent servers like all other VPN companies.
Well for this use case it doesn’t matter nearly as much. So what if you don’t trust Obscura VPN? They get your IP and almost nothing else, while only Mullvad will be able to see the websites you connect to.
You can see all their partnerships and resellers here
I read this as just another source of income for Mullvad and not some sort of implicit endorsement of Obscura. Although using their service in this way seems to be pretty privacy friendly even without much knowledge of Obscura.
It’s interesting that they are not using the same technology as iCloud Private Relay or INVISV, if I’m reading this correctly, although I can’t think of a reason why their solution wouldn’t be private either. I’ll have to look more into this though.
Fair enough, though you also have to hand over your payment information to a traditional single-party VPN. Hopefully they’ll offer giftcards or monero in the future.
They have done great work, even have experience with Monero.
Among us, we’ve served on the Nix RFC Steering Committee, implemented the 64bit random number generator for the Go standard library, fixed critical vulnerabilities for hardware security tokens, won bounties for Monero bugs, and contributed to Bitcoin for reproducible builds.
What concerns me, and is not immediately clear, is how they are getting the initial connection information from Mullvad to your client in the first place. The tunnel might be relayed, but if the initial key exchange was handled by Obscura at any point, then they could potentially decrypt that tunnel breaking E2EE.
I believe other private relays use some sort of private token system to authenticate to the exit nodes without the entry nodes ever needing that information, but it sounds like Obscura is just using regular WireGuard tunnels.
Edit: I assume this is not how it works but I’d like a written explanation. There are plenty of ways to only exchange public keys though.
Private Relay is a based on multiple IETF standards authored by network / security / cryptography experts. I doubt tunneling multi-hop WireGuard even comes close to Private Relay’s privacy guarantees which is baked into specs (way more assuring than hand-waving about RAM-only servers and trust-me-bro “anonymous” account IDs).
They reference MASQUE and private relay as design inspirations and their protocol is based on QUIC but they don’t say explicitly that it uses MASQUE. Still very cool and something I want to look into and try out. I really hope other VPN companies start partnering like this.
Like Jonah points out above,[1]Private Relay’s privacy guarantees come from how authentication+authorization are handled (which is a separate spec), not solely from the transport protocols, MASQUE or QUIC.
Private Relay is designed to ensure only valid Apple devices and accounts in good standing are allowed to use the service. Websites that use IP addresses to enforce fraud prevention and anti-abuse measures can trust that connections through Private Relay have been validated at the account and device level by Apple.
For a device to connect to iCloud Private Relay, it must first be authorized.
Authorization is performed by presenting a valid, anonymous token based on RSA blind signatures. These signatures are sent as one-time-use tokens to each proxy when establishing a connection, separating legitimate from illegitimate devices. The proxies can validate the tokens with a public key to validate that the user is legitimate, without actually identifying the user.
Tokens and keys are rotated daily to ensure users have authenticated recently.
The proxies also perform asynchronous double-spend prevention to stop a token from being shared and used for fraudulent access.
To generate this blind signature, the user’s device connects to an Apple server and is authenticated. To ensure only Apple devices and valid iCloud+ accounts can use Private Relay, the server performs device and account attestation using the Basic Attestation Authority (BAA) server prior to vending out tokens. To mitigate abuse, rate limiting restricts how many tokens a user’s device can retrieve per day.
No, Obscura+Mullvad is better than oblivious multi-hop; as it is “oblivious” multi-party.
The Obscura control plane (1st party; server) takes your money and in return its app (1st party; client) gives you a censorship resistant transport.
The Obscura app registers your “WireGuard keys” (hopefully, rotated often; and presumably without the intervention of their own control plane) with Mullvad (2nd party), directly. Obscura folks haven’t seem to written about how exactly this is done (but the clients are open source, so anyone with enough time can always look there, I guess). If this part (which is all important) isn’t done carefully without leaking any bits of your identity to Mullvad, then you’d expect them to do so eventually.
The Obscura app (1st party; client), in a censorship resistant tunnel, sends your encrypted WireGuard traffic (knows your identity but not the contents which are encrypted) to its data plane (1st party; server) which unconditionally forwards it to Mullvad (2nd party).
Mullvad (which can decrypt the traffic but doesn’t know your identity) in return forwards it to the eventual destination/website.
It seems to be from https://sovereignengineering.io/, which is kinda like a hackathon but for "Six weeks of high-bandwidth ideation, experimentation, mentorship, dialog, cross-pollination and discussions on how to build kickass applications, services, and businesses for a self-sovereign future. "