Mullvad on Tailscale: Privately browse the web

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
VPN tailscale tailscale-control-server Wireguard tailscale-server

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • headscale

    An open source, self-hosted implementation of the Tailscale control server

    • You can run your own "head scale" control server and use their clients with it: https://github.com/juanfont/headscale

    Requires a lot more setup, but it is an option. I've been self-hosting headscale for some time and it is quite stable.

  • sigsum

    Mirror only. Official repository is at https://git.glasklar.is/sigsum/project/documentation

    • > one of the ways you can evaluate companies is to recognize when they're making sketchy, not-relevant claims to create an air of legitimacy.

    This is an excellent heuristic. Personally I like to evaluate trustworthiness in terms of integrity and competence - can I trust their values and can I trust that they know what they are doing? Words are cheap of course. Consistent action across several years is much harder to fake. It also overlaps with another heuristic I use to model and predict the behaviour of a company; a company's behaviour will converge on the shareholders' goals over time.

    > This "our servers have no disks" thing is kind of thing is marketing.

    You are correct that we considered that aspect while writing the blog post, but please read the content before passing judgement. See the section titled "To recap about “no disks in use”" in particular.

    On the topic of "air of legitimacy" I'll just leave these here:

    * Our apps have been open-source since we launched in 2009

    * Our response to Shellshock: https://news.ycombinator.com/item?id=8385332

    * Our thoughts on WireGuard in 2017: https://mullvad.net/en/blog/2017/9/27/wireguard-future/

    * Experimental post-quantum KEM support in 2017: https://mullvad.net/en/blog/2017/12/8/introducing-post-quant...

    The blog post you commented on also talks extensively about how it was one of our first steps in making our infrastructure transparent. Here are just two things we've done as part of that project:

    * "This is the first time a modern off-the-shelf server platform gains coreboot support, and it is an integral part of realizing our vision of transparent and independently auditable VPN servers." - https://mullvad.net/en/blog/2019/8/7/open-source-firmware-fu...

    And finally, we've spent 2-3 years designing a transparency log with distributed trust assumptions. One of many critical parts necessary to achieve our vision of transparent server infrastructure. I'll wager that there's no transparency log with a stronger threat model than ours. https://www.sigsum.org

    We're certainly not without fault, but hopefully this helps inform your opinion of Mullvad.

    Best regards,

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts