Mullvad VPN completes migration to disk-less VPN infrastructure
VPN provider Mullvad announced today that it has completed the migration to a disk-less VPN infrastructure. The migration to servers that operate fully in RAM strengthens user privacy further and it also improves reliability and management of VPN servers.
Mullvad started the migration in early 2022 with two test WireGuard servers. The company created a special bootloader, stboot, for the purpose and continues to use a custom Linux kernel that is a heavily slimmed down version of the mainline branch.
The server itself has a size of less than 200 megabytes before deployment, according to Mullvad. The company had four major goals when it announced the move to a disk-less VPN infrastructure:
- If a computer that runs a VPN server is moved, confiscated or powered off, no data can be retrieved.
- Minimize the risk of storing logs that may reveal information at a later point.
- Removing disks from systems makes the servers less prone to hardware failures due to fewer breakable parts.
- Setting up and upgrading servers and packages is faster and easier.
The disk-less servers use provisioning servers to download the operating system and boot from it. Mullvad states that the provisioning servers host just the signed disk images and "some base configuration data".
When a VPN server boots, it launches the bootloader stboot, which is configured to download and verify the OS package from the provisioning server. The operating system will be booted only in RAM if the downloaded image passes verification. The server "waits" then for staff members to provision and deploy it for customer user.
Mullvad VPN has been audited twice in the past two years and it will continue to be audited regularly, according to the announcement. The company's offices were raided in early 2023, but the Swedish police did not seize any equipment when it realized that it could not access any past user data or logs.
The company launched its own privacy friendly browser in 2023 as well. It is based on Firefox ESR and uses Tor Project enhancements to improve privacy of its users.
Closing Words
The move to a disk-less VPN infrastructure improves privacy for Mullvad VPN users further, as no data is found on the servers when they are not operating. The move is also beneficial to Mullvad, as it removes complexity and eliminates the chance of hard disk failures.
Now You: do you use VPNs?
I used Mullvad for years and considered them the Gold Standard, until they removed Port Forwarding. I’ve since switch to another provider, but I would return to Mullvad immediately if they brought back Port Forwarding.
I switched to Mullvad vpn a few months ago and they have servers located closer to me than my old VPN service. Mullvad supports WireGuard so I have it setup on my GL.iNet home router as well as my GL.iNet travel router for when I am staying in hotels for work. The speed of the VPN is very good and quite comparable to other top notch VPN services. Going diskless is an added bonus for security reasons mentioned.
Mullvad also has an app with a GUI interface for Linux which I like. My previous VPN client didn’t have an app for Linux with a GUI interface. I was only able to connect the service by using the command line.
+1 for Mullvad. Been using them for about 3 years now. Industry leader on privacy, good uptime and bandwidth (at least compared to other VPNs I’ve used),reliable and secure app, and a simple, hype-free price plan. This is now the only VPN I recommend to clients who want a VPN for privacy.
But if you prioritize the ability to remote-stream (like if you want to connect to Netflix in another country) over privacy, Mullvad’s not the best.
Yes, I’m a dedicated Mullvad VPN customer and have just renewed my annual subscription. I use their service in combination with the Wireguard app. I like the fact that when signing up Mullvad doesn’t ask for your name, email address or any other identification. The only ID is a 20 digit number only used to login to their site with.