This was teased nearly 18 months ago. It's finally available to use.
Mullvad beat the founder to the official launch announcement on X.
pull down to refresh
pull down to refresh
This was teased nearly 18 months ago. It's finally available to use.
Mullvad beat the founder to the official launch announcement on X.
Obscura seems like a great concept, and I like the use of QUIC and the client being implemented in a memory-safe language.
I have two concerns, both regarding identity correlation:
The only way to make this system completely anonymous is if a separate Wireguard pubkey is used for each internet endpoint. E.g. if I visit stacker.news and dunlaoghairechessclub.ie and alcoholicsanonymous.ie at the same time, they should each go through separate Wireguard connections with separate, short-lived Wireguard pubkeys (see Tor's stream isolation concept). Otherwise the exit node can build a profile of the user from the set of visited sites and track them even across Wireguard pubkey changes. Most people have a quite distinct set of sites that they tend to visit.
The Wireguard implementation, at least on Linux, has a very weak mitigation against this issue in which the precision is reduced to 16.777216 ms, but a mere precision reduction is not enough to fully address this issue. As noted in the Wireguard paper, it must only be a per-peer monotonically increasing number. Ideally the field should be used as a counter starting at zero whenever a new Wireguard pubkey is used. Alternatively, assuming short-lived Wireguard pubkeys, one could use timestamps with per-pubkey random offsets.
Did you ever find any additional info regarding these two concerns?
I haven't taken the time to ask the Obscura people about it or investigate their software at this point. Feel free to bring these concerns to their attention.
I do have some ideas on this kind of service and in particular how I would handle the Wireguard public keys. I'd be happy to work with Obscura or otherwise to implement these ideas once they are more complete.
As an aside, I am currently trying to create a Linux kernel patch or alternate Wireguard module to solve the timestamp issue by adding a randomly varying offset to the timestamp. Might publish it once I've got it working.
How it's going??
Regarding the Wireguard patch, I've been mostly busy with other stuff lately, but it's progressing slowly. So far I've got the randomness algorithm working in kernel space. It's more complicated than one might imagine, as it's supposed to work as a noise source that is realistic (indistinguishable from natural clock noise) yet strong enough to make correlation difficult, and that is stateless yet consistent across reboots and reasonably fast to calculate.
The second part, which I'm currently working on, is an internal clock that is not directly affected whenever there's a jump in wall-clock time (e.g. by the user, NTP client or similar), but might slowly, or randomly, adjust over time. Finally this must all be integrated into the Wireguard module.
That said, Obscura and/or the kernel devs should rather just change to using the Wireguard timestamp field as a simple counter. They don't need to blend in to become part of any existing anonymity set.
And they accept Bitcoin over Lightning!
edit: wow, even nostr support in the "Request your platform" form. Are they bitcoiners??
edit 2: Oh yes, Carl Dong at least is
I just downloaded it and am running it but does this mean that I don't need Mullvad anymore?
I just pay $6-8 per month to Obscura and they pay a percentage of that to MullVad on the back end to access the exit server?
I can't seem to run both at the same time.
I haven't used it yet, but I would assume you don't need Mullvad anymore.
Yeah, it seems like MullVad is somewhat deprecated on desktop but still very valuable on mobile.
Obscura is cool so far but it needs features like MullVad's "Kill Switch" and "Lockdown Mode" so I can't mess things up and accidentally leak my IP.
Looks like it is only for Mac OS at the moment.
A shame, but I suppose they had to start somewhere. So long as the Linux support ends up being good, I'll be happy.
Also TFTC has a podcast episode up to with Obscura #883172
More tools, more options, more better. Love it.
https://xcancel.com/carl_dong/status/1889381916081791265