ava on Nostr: It's basically the same as LibreWolf with "resist fingerprinting"/letterboxing ...
It's basically the same as LibreWolf with "resist fingerprinting"/letterboxing enabled, strict mode toggled, and NoScript and uBlock Origin pre-installed.
I had/have big hopes for Mullvad Browser because browser anonymity increases with the size of the crowd using it.
Having those defaults means everyone using Mullvad Browser has the same default extensions, much like Tor. One doesn't "stand out" as much as manually installing them, thereby increasing your unique browser fingerprint.
"it is imperative that you do not modify the browser at all outside adjusting the default security levels. Other modifications would make your fingerprint unique, defeating the purpose of using this browser. If you want to configure your browser more heavily and fingerprinting is not a concern for you, we recommend Firefox instead."
-- (privacyguides.org)
I keep my browser extensions down to the minimum, but I do have others.
This makes you stand out more using Mullvad Browser, so does not using their VPN. I use Mullvad VPN as a backup, but I prefer ProtonVPN, purchased over Tor with non-KYC BTC, with no recovery email or phone set, separate from my main Proton account. Because UDP only WireGuard gets blocked by too many sites, streaming platforms etc.
**I use and recommend Mullvad for specific tasks, but due to these limitations, it still hasn't replaced LibreWolf for me.**
Here's more info on OpenVPN and WireGuard:
I had/have big hopes for Mullvad Browser because browser anonymity increases with the size of the crowd using it.
Having those defaults means everyone using Mullvad Browser has the same default extensions, much like Tor. One doesn't "stand out" as much as manually installing them, thereby increasing your unique browser fingerprint.
"it is imperative that you do not modify the browser at all outside adjusting the default security levels. Other modifications would make your fingerprint unique, defeating the purpose of using this browser. If you want to configure your browser more heavily and fingerprinting is not a concern for you, we recommend Firefox instead."
-- (privacyguides.org)
I keep my browser extensions down to the minimum, but I do have others.
This makes you stand out more using Mullvad Browser, so does not using their VPN. I use Mullvad VPN as a backup, but I prefer ProtonVPN, purchased over Tor with non-KYC BTC, with no recovery email or phone set, separate from my main Proton account. Because UDP only WireGuard gets blocked by too many sites, streaming platforms etc.
**I use and recommend Mullvad for specific tasks, but due to these limitations, it still hasn't replaced LibreWolf for me.**
Here's more info on OpenVPN and WireGuard:
quoting nevent1q…qynanpub18fwvl8c7emfg7w35mvtkq4830c87y4yj5v7hxj6vqjp2px38tm9qsysz6n (npub18fw…sz6n)
It's not exactly that cut and dry. If you live in an oppressive country that blocks VPNs, OpenVPN via TCP is likely the way to go.
If you find your VPN getting blocked often, like Mullvad, switching to a quality VPN like Proton using OpenVPN via TCP is likely the way to go.
Personally, I find OpenVPN with UDP is a good balance between reliability and compatibility.
Check this out. I am not endorsing OctoVPN, but it's a good breakdown.
https://help.octovpn.com/en/article/openvpn-vs-wireguard-a-comparison-with-tcp-and-udp-cmh43j/
Then re-read this bit (edited) for more context.
"Wireguard is faster and leaner and definitely the way to go for most people and in most usecases, but it has a significant limitation as far as privacy and obfuscation goes...it's only UDP."
This is why Mullvad VPN is well known for getting blocked by many sites as well as not being a good option for streaming, or circumventing geographical-blocking and censorship by oppressive governments.
---
Wireguard also forces you to use ChaCha20 encryption and Poly1305 which is definitely more modern, but not as battle tested as other algorithms.
OpenVPN while being code heavy and slower can also use ChaCha20 in addition to other well established encryption protocols.
They also have a complete zero logs policy and do not store user IP addresses on the VPN server, whereas WireGuard requires the user’s IP address of the user to be stored on the server until the server reboots.
Good on Mullvad for making their servers RAM only!
---
**WireGuard uses UDP and doesn't support use over TCP, it can't use TCP port 443, which makes the fact you are using a VPN trivial to detect and block.**
**The creator of WireGuard has emphasized that the protocol does't focus on obfuscation and that deep packet inspection is a known limitation.**
---
In contrast, OpenVPN is better out of the box at evading censorship and deep packet inspection since it can use both UDP and TCP, and also supports traffic packet obfuscation through features like Scramble.
---
If you're going to run Mullvad/Wireguard, check out ProxyGuard. It's a good balance between simplicity and level of obfuscation.
"Proxy UDP connections over HTTP(s). The main use case is to proxy WireGuard packets.
It does this by doing a HTTP upgrade request similar to how websockets work.
This means we can tunnel the protocol behind a reverse proxy."
https://www.eduvpn.org/running-wireguard-over-tcp-a-solution-for-udp-blocking-issues/
https://codeberg.org/eduVPN/proxyguard