199
submitted 10 months ago by leraje@lemmy.blahaj.zone to c/privacy@lemmy.ml

A week or so ago, a blog post was posted in this Community calling out Mullvad for using GMail as their email provider. Wasn't the greatest blog post in the world and didn't approach Mullvad for comment or explanation. Anyway, looks like Mullvad heard about it and responded.

all 8 comments
sorted by: hot top controversial new old
[-] SnotFlickerman@lemmy.blahaj.zone 67 points 10 months ago

Mullvad doesn't mention a blog post, I think this has been in the works a lot longer than that blog post was.

These servers run from RAM, with fully encrypted disks mounted to store the backend PostgreSQL database. We cannot fully run our servers from RAM due to requiring a persistent database, but that was a trade-off we had to make.

These servers run the same OS and kernel configuration as the rest of our infrastructure that runs from RAM, and we have had this service audited pre-production by Assured AB. The issues found by Assured have since been resolved.

Auditing takes time, as does fixing issues found during audits. This wasn't in response to a blog post. This was because Mullvad is a company that is trying to do right by their customers (a shocker, I know).

[-] leraje@lemmy.blahaj.zone 16 points 10 months ago

Yep, could well be. I ain't knocking Mullvad at all .

[-] lemmyreader@lemmy.ml 37 points 10 months ago* (last edited 10 months ago)

That's really great news, and hopefully an inspiration for other companies to follow suit. Tearing the Google email monopoly into smaller pieces bit by bit :)

Just for the record, the other post mentioned by the OP can be found here : https://old.reddit.com/r/mullvadvpn/comments/197a9pd/mullvad_uses_gmail_for_its_support/

[-] LWD@lemm.ee 11 points 10 months ago

So either Mullvad told a fib and got the email thing fixed within 24 days, or they actually were working on it earlier. Either way, not bad.

[-] tom42@lemmy.world 11 points 10 months ago

What I find kind of strange is that they have used Gmail before. Feels not to be the best decision for a VPN service which offers anonymous access.

Even better that they have switched now.

[-] leraje@lemmy.blahaj.zone 12 points 10 months ago

I think they probably did it at first as its quick and easy to set up. And they did strongly recommend anyone mailing them encrypted the emails. I would also assume it was always the plan to self host them but it was the least important part of the whole system so they left it until last to address.

this post was submitted on 08 Feb 2024
199 points (99.5% liked)

Privacy

32482 readers
231 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS