199
submitted 9 months ago by leraje@lemmy.blahaj.zone to c/privacy@lemmy.ml

A week or so ago, a blog post was posted in this Community calling out Mullvad for using GMail as their email provider. Wasn't the greatest blog post in the world and didn't approach Mullvad for comment or explanation. Anyway, looks like Mullvad heard about it and responded.

top 8 comments
sorted by: hot top controversial new old
[-] SnotFlickerman@lemmy.blahaj.zone 67 points 9 months ago

Mullvad doesn't mention a blog post, I think this has been in the works a lot longer than that blog post was.

These servers run from RAM, with fully encrypted disks mounted to store the backend PostgreSQL database. We cannot fully run our servers from RAM due to requiring a persistent database, but that was a trade-off we had to make.

These servers run the same OS and kernel configuration as the rest of our infrastructure that runs from RAM, and we have had this service audited pre-production by Assured AB. The issues found by Assured have since been resolved.

Auditing takes time, as does fixing issues found during audits. This wasn't in response to a blog post. This was because Mullvad is a company that is trying to do right by their customers (a shocker, I know).

[-] leraje@lemmy.blahaj.zone 16 points 9 months ago

Yep, could well be. I ain't knocking Mullvad at all .

[-] lemmyreader@lemmy.ml 37 points 9 months ago* (last edited 9 months ago)

That's really great news, and hopefully an inspiration for other companies to follow suit. Tearing the Google email monopoly into smaller pieces bit by bit :)

Just for the record, the other post mentioned by the OP can be found here : https://old.reddit.com/r/mullvadvpn/comments/197a9pd/mullvad_uses_gmail_for_its_support/

[-] LWD@lemm.ee 11 points 9 months ago

So either Mullvad told a fib and got the email thing fixed within 24 days, or they actually were working on it earlier. Either way, not bad.

[-] tom42@lemmy.world 11 points 9 months ago

What I find kind of strange is that they have used Gmail before. Feels not to be the best decision for a VPN service which offers anonymous access.

Even better that they have switched now.

[-] leraje@lemmy.blahaj.zone 12 points 9 months ago

I think they probably did it at first as its quick and easy to set up. And they did strongly recommend anyone mailing them encrypted the emails. I would also assume it was always the plan to self host them but it was the least important part of the whole system so they left it until last to address.

[-] the_third@feddit.de 7 points 9 months ago

Sometimes you do a thing because you're spread thin, and then it works, and then something else comes up and THEN when someone points it out the whole company does the equivalent of me, groaning myself up from the couch after the rain stopped on a Saturday cause there really is no excuse anymore to get around clipping the hedges, goddamnit.

[-] LemmyHead@lemmy.ml 2 points 9 months ago

I don't think that's a good argument though. Any other email provider is as easy to set up an account with and is more privacy friendly: proton, skiff, posteo. If they made a big blunder like that, I can only expect them to use other big tech stuff in the background like google DNS servers etc. Unti someone points it out

this post was submitted on 08 Feb 2024
199 points (99.5% liked)

Privacy

32142 readers
1039 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS