this post was submitted on 28 May 2024
118 points (99.2% liked)

Privacy

31772 readers
398 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Cross-posted from: https://sh.itjust.works/post/19987854


We have previously highlighted the importance of not losing your account number, encouraging it to be written down in a password manager or similar safe location.

For the sake of convenience account numbers have been visible when users logged into our website. This had led to there being potential concerns where a malicious observer could:

  • Use up all of a user's connections
  • Delete a user's devices

From the 3rd June 2024 you will no longer be able to see your account number after logging into our website.


all 27 comments
sorted by: hot top controversial new old
[–] [email protected] 39 points 5 months ago (4 children)

If someone is spying your PC you have bigger problems than your VPN account being stolen.

[–] [email protected] 53 points 5 months ago

This might be a change due to that new Microsoft recall program

[–] [email protected] 17 points 5 months ago

I think the issue is that someone could physically look at your screen and walk away with the account number, not that they might have remote access.

[–] [email protected] 15 points 5 months ago (1 children)

Since the other comment didn't Go into detail: Microsofts "Recall" will so that on every Windows 11 PC soon. Literally index everything you do or look at, OCR-ing periodic screenshots. Also storing them, possibly including sensitive information like this.

[–] [email protected] 19 points 5 months ago (2 children)

Then your bigger problem is using Windows...

[–] [email protected] 4 points 5 months ago

Yup, it would be. But many people are, so they changed that it's displayed at all by default.

[–] [email protected] 1 points 5 months ago* (last edited 5 months ago)
[–] [email protected] 16 points 5 months ago* (last edited 5 months ago) (2 children)

All good, but mullvad should work on more rotation of server IPs or find a solution from alltheir banned server by big techs . Nearly 90% of their servers are blocked to do common internet tasks .

[–] [email protected] 4 points 5 months ago (2 children)

Is it really that bad? I let my NordVPN subscription lapse as I didn't need it due to personal matters, I've heard a lot of good things about Mullvad and was considering them as my VPN provider.

[–] [email protected] 8 points 5 months ago (1 children)

It’s exaggerated. I believe most services are generally more sceptical about users with a known VPN connection. But yeah, I think you‘ll have some hiccups when browsing with a VPN on no matter the provider, or did you have a different experience with NordVPN (I‘m legit curious)?

[–] [email protected] 4 points 5 months ago (1 children)

I did have occasional issues with using a VPN and it was clear services were somewhat suspicious about me (very aggressive use of CAPTCHAs, additional login validation etc.).

That being said, outside of netflix (circumventing region-lock), I never had any issues with outright loosing access to tech oligopoly services.

[–] [email protected] 3 points 5 months ago

Ah okay! Yeah that’s basically my experience with Mullvad. Anyways, you can try it out and if you don’t like it just don’t pay $5 for another month. 🤷‍♂️

[–] [email protected] 1 points 5 months ago* (last edited 5 months ago)

With protonvpn, are the the best vpns . And I tested all the services believe me. But the big issue mullvad have is IP bans. The rest is almost perfect . Ah and the problem with port forwarding, suddenly they decided to remove that service , with reason because people were abusing of it. But instead of just remove it one day to another, with no previous notification to the users and not giving an alternate option, felt very rough .

[–] [email protected] 1 points 5 months ago

Nearly 90% of their servers are blocked to do common internet tasks .

Perhaps your browsing habits are severely impacted by Mullvad being blocked, but that doesn't seem to be the universal case. I've had the occasional hiccup with a few sites that block VPNs (Mullvad's IPs), but "90%" is quite an exaggeration when compared to my personal experience.

[–] [email protected] 2 points 5 months ago (1 children)

why dont you guys do something useful like come up with a MFA powered contingency plan for people who get their ID stolen

or maybe actually come out with multihop on android?? lol

[–] [email protected] 20 points 5 months ago (3 children)

MFA kinda defeats the purpose of Mullvad. The less they know about you the better.

[–] [email protected] 16 points 5 months ago

6 digit totp is totally anon

[–] [email protected] 8 points 5 months ago (1 children)

A FIDO2 hardware key should do the trick. Not all MFA are based on communications.

[–] [email protected] 7 points 5 months ago (2 children)

You can't use those on a router, and they are painful on mobile.

[–] [email protected] 3 points 5 months ago

That was not the argument above, was it?

What kind of MFA you can use on a router, BTW?

I have a FIDO2 with Nfc, and it works. Is it convenient? No. Is it more secure? Yes.

[–] [email protected] -3 points 5 months ago (1 children)

Why can't you use FIDO2 hardware keys on a router? I have a PC running openBSD as a Router and I can use hardware keys.

[–] [email protected] 0 points 5 months ago (1 children)

So you are running a full-fledged OS on a standalone computer that functions as a router. An actual router has a very limited operating system with no such functionality, plus it's always online by design, so you'd basically have to have a key that is permanently plugged in; or depending on the setup you'd have to re-authenticate ever so often. Not exactly great considering most routers are hidden somewhere in an inaccessible corner.

[–] [email protected] 1 points 5 months ago

It's nothing fancy I just needed more CPU power on my router. I'm not saying it makes sense to use a hardware key to access the internet on router level, I'm just saying it works.

openBSD is actually kinda common base for routers. Also why would I hide a router in some inaccessible corner?

[–] [email protected] 3 points 5 months ago* (last edited 5 months ago)

You could use open time based codes