Obscura VPN

Higher than what? Monero transaction fees are averaging lower than credit card transaction fees right now. And can’t you just make that part of the price … ?

Just to be clear:

Mullvad charges $5.79 per month flat.

Obscura charges $8.00 per month flat.

Mullvad allows you to buy only one month with Monero and incentivizes it with a 10% discount.

Obscura makes you buy at least three months minimum if you use Monero.

Why is that so? Surely Mullvad is operating at a loss if you purchase a month at a time since Obscura requires a minimum of $24 per transaction.

Mullvad is 5 EUR. Not USD. FYI.

And to assume they are a honeypot just because of this is a really silly deduction that cannot possibly make any rational sense.

sorry if these things are already addressed in the thread or are in latest verions of the app but:

1. having native android client will be great help, wireguard config just doesn’t cut the bill.
2. just copy everything windscribe clients are doing on different platforms. - that should be good for feature parity.

This happens on Android, too; but “never leaking” is a strong guarantee, which even Android doesn’t hold up to (for instance, connectivity checks & captive portal detection on Android happen outside of the VPN tunnel setup to includeAllNetworks equivalent).

Any updates as to when the Audit will be released?

@davidcollini and I are drafting the announcement as we speak, sorry it’s taken a while!

I promise it won’t disappoint!

Obscura apps are buggy.

What are some bugs you’re seeing? We don’t have any major outstanding bugs at the moment but happy to take a look!

The audit is now published

Very impressive! Congrats on the results, clearly very well earned. Are there plans for a similar audit of the iOS app as well?

@obscuracarl Hey man! I just stumbled upon this Obscura VPN thread that I found here, and I assume that you are the developer/founder behind this? I was just doing some further reading up and research, including listening to those couple of podcast episodes that you were on. I must say, Obscura looks absolutely amazing and I am quite impressed on the tech and concepts behind it. I was looking for a dedicated privacy VPN in addition to my Proton VPN that I already got for general and streaming use, and I was just going to go for vanilla Mullvad. One question: Are you guys planning to offer native clients for Android, Linux, and Windows? And if so, would you happen to have an approximate timeline for when those might be out?

That means to say, if you manage to get cross-platform support out, I am happy to say you guys will be getting a new customer.

Glad to hear it

We’re actively work on the Linux and Android ports now, Android alpha (not full release) should be out in a couple of weeks with Linux soon to follow!

Windows will be harder since it’s a non-UNIXy platform, but platform support is our main focus at the moment and we’ll get there!

If you haven’t yet, I’d encourage you to sign up for the platform waitlist on our website (click on “Other Platforms”) so you get an email once we release, but of course I’ll announce here too!

Question for @obscuracarl : Can the traffic from different apps be distinguished in some way inside a wireguard tunnel?

I ask this because at the moment obscura doesn’t have a DAITA equivalent and I was exploring ways to make traffic analysis less reliable.

The tor project says doing multiple things in the browser could help obfuscate traffic fingerprints, maybe then using multiple apps at the same time could be of help, of course this would only work if traffic from lets say my YouTube client can’t be easily distinguished from lets say traffic from an app store or crypto wallet, so that’s what I wanted to ask.

Also, will we ever have a way to use decoy traffic or something like that in obscura? Thanks for this wonderful service btw!

Inside a WireGuard tunnel, nothing is distinguishable (of a single key) without breaking the cryptography primitives.

I think what you’re referring to is timing attacks, which a global passive adversary could be doing. To mitigate against that, we offer a “Packet padding” experimental feature, which we’ve upstreamed to quinn (GitHub PR). This is sort of a middle-ground between no mitigation and full-on DAITA, since DAITA has quite a dramatic effect on bandwidth usage.

image1462×406 27.9 KB

Glad you like it! Hope the above was helpful!

Thanks a lot man! I’ll wait for the android app so I can use that function, looks cool!

I like that Wireguard configs are provided. Being asked to use one of those shitty (often proprietary) graphical clients is a non-starter for me. For one, it makes the VPN impossible to use in headless machine.

I don’t see much point in using Obscura this way since they don’t even provide the QUIC encapsulation for anything but Apple devices. Or using Obscura in particular since virtually any VPN provider may provide the same functionality.

We’re working on a Linux CLI right now, would love to know your preferred UX for a headless machine!

Even when using the WireGuard config, you still benefit from our Two-Party Relay design, which ensures that no single party sees both your PII and traffic. Hope that clears things up!

The only “PII” that’s hidden away from Mullvad is the client IP?^[1] If not, what else?

In fact, Obscura is able to leverage (?) Mullvad’s existing design for WireGuard multi-hop^[2] as-is precisely because Mullvad categorically knows who the client is (across all sessions), even if it can’t see the IP. I did point this out before; but I’m also not sure if Cure53 cleared any such concern in its audit of Obscura’s two-party protocol: Mullvad has partnered with Obscura VPN - #216 by ignoramous

1. Mullvad accepts payments without needing KYC, already; so, the two-party system here is only shiting merchant of record from one entity based in Sweden to another based in the US, which has
   worser consumer protection laws per this analysis. ↩︎

2. Where only the “Peer Endpoint” is changed to point to the desired entry location, while the “Peer Identity”, is exit location’s public key. ↩︎