We take trust very seriously, want to minimize the need for trust where we can, and earn it where we have to!
I haven’t tested dVPNs for a while now, but they seemed a bit unreliable last time I checked (I may be mistaken here). We run bare metal servers and so does most (perhaps all?) Mullvad servers.
That’s right! For context: we made a small announcement towards the end of 2023, but it took quite a while to get the tech stable and polished enough for us to take on users.
No, they own 173 out of 684 servers, all others are rented. You can filter by “Owned” from their servers page.
@jerm a rented server can still be bare metal
Right, just checked About our servers. I thought they were talking about owning bare metal servers, wonder if @obscuracarl do any other than all rented?
Our rented servers are all dedicated, meaning they are not shared with anyone else. We do not use virtual servers.
For some context, because we use a custom WireGuard-over-QUIC protocol (and we’re a team of just 4 people 
) it’s hard for us to target multiple platforms. We care a lot about polish and didn’t want to rush things!
For the WireGuard config generator, that’s next on our roadmap, but as I mentioned above it comes with some tradeoffs since we’d lose obfuscation and would become a glorified iptables DNAT+SNAT rule.
We hope so too! Any particular requirement you’d want the most?
Very true, Mullvad has built its reputation well and we look up to them as a shining example of a great VPN service!
That would have been interesting! Though it would have required more engineering investment on Mullvad’s part vs. just allowing us to partner with them like they did for Tailscale, Mozilla, and others. We put a lot of effort into the QUIC-based protocol as well.
Unfortunately we don’t yet have the money or manpower to operate a datacenter yet, so we use rented bare-metal servers.
Most of our team are home-labbers though so it’s definitely something on the agenda for us in the long run!
Duly noted. Thank you for clarifying. Makes sense then. Hope the apps are being made and a couple more platforms are supported by the end of the year. And please let Linux be one of them. Linux is always last to get apps and I hate to see it “lose”.
I am not nearly technical enough to demand anything with spcificity. But Privacy Guides and Techlore already have a solid threshold and requirements for what such a tool/app/service and the company should be like and have. So, I’d say simply follow that and go beyond where you feasibly can.
Thanks for your continued participation here answering everyones questions. Appreciate it. One seldom gets to speak directly with the “head-janitor” of cool new growing projects.
Oh you don’t need to worry about that at all. All of our other engineers run Linux + Android and will riot if we put off Linux for too long 
(ofc I want it too for my Arch workstation and NixOS boxes)
Of course. I’d be a bad “head-janitor” if I weren’t listening to y’all!
The fact that everyone I’ve talked to on this forum is so level-headed, reasonable, and knowledgeable also helps a lot. Speaks to the good work that the mods have done 
I think we should see more of those kinda of partnerships. Would love to see a Proton-Mullvad partnerships. Would reduce the trust needed.
Proton and Mullvad are already trust less. Don’t know what more they can do or you need from them.
You still definitely need to trust Proton and Mullvad because they can see all your traffic.
I think INVISV explains the issues with VPNs pretty well here.
I think so too. I have the hope that one day all the trustworthy VPN companies become each others’ first/second hops, which will raise the bar for the entire industry.
That would be cool to see. Do you think there’s any chance of them adopting the MASQUE protocol instead of wireguard in the future? I know Cloudflare WARP uses it.
I’ve attended the MASQUE working group at the IETF twice now, so I hope for adoption in the long run (or at least some interoperable protocol), but from the business operations perspective I understand why even starting to think about MPR/2-Party is difficult.
Yielding some control of a core part of your customer’s experience to another firm is always tough and almost against the nature of normal corporate-think, even if doing so would benefit everyone.
Right you are.
What I meant more was that given their history, reputation, and being open sourced and audited - it may as well not require trust.
It was a metaphorical response than I meant it literally.
They aren’t trustless. No VPN is. It would be nice if you could eg chose a Proton VPN server as entry hope and a Mullvad server as exit hop.
I just explained how I meant it.
Got it. Make sense and I personally fully trust them. But on a grand scheme basis, this technique would increase security and privacy for all. Especially for high-risk target against advanced vpn server attacks,
They ought to be using Tor instead anyway. But I take your point.
That’s true. I’m thinking even just for a non-MPR use case though. There seem to be some other benefits
I wonder if it might be in the interest of VPN providers to at least offer some servers using MASQUE in their regular service.
A microcontroller is also bare metal 
Yes.
You underestimate the overhead of rolling out a new protocol and the anti-abuse mechanisms and the SOPs and the SLAs and the whole gamut. Pretty sure, if it were upto the old guard, they’d still be running OpenVPN and not want to change a thing.
It is of course in the interest of new companies wanting to differentiate from the crowd (or for existing companies who are so inclined to do so, given it aligns with whatever strategy).