We have successfully completed our migration to RAM-only VPN infrastructure
20 September 2023 NEWS SYSTEM TRANSPARENCY
Today we announce that we have completely removed all traces of disks being used by our VPN infrastructure!
In early 2022 we announced the beginning of our migration to using diskless infrastructure with our bootloader known as “stboot”.
Completing the transition to diskless infrastructure
Our VPN infrastructure has since been audited with this configuration twice (2023, 2022), and all future audits of our VPN servers will focus solely on RAM-only deployments.
All of our VPN servers continue to use our custom and extensively slimmed down Linux kernel, where we follow the mainline branch of kernel development. This has allowed us to pull in the latest version so that we can stay up to date with new features and performance improvements, as well as tune and completely remove unnecessary bloat in the kernel.
The result is that the operating system that we boot, prior to being deployed weighs in at just over 200MB. When servers are rebooted or provisioned for the first time, we can be safe in the knowledge that we get a freshly built kernel, no traces of any log files, and a fully patched OS.
I find the "Mullvad VPN scratch cards" interesting. If a store near you has them you could buy one and be totally anonymous. What I find a bit odd is that you can buy them on amazon as well but sold directly by mullvad. Doesn't that defeat the purpose? The idea of the card is a decoupling of your real identity from the vpn user but when you buy the card in their store doesn't it negate that?
I am probably just missing something here. Does anyone have more insight?
From what I read in the article, there is still one part of the boot sequence that does require some sort of storage: the part where the bootloader fetches the network boot image and verifies it against the checksum signature. But I think that can be performed by booting from a pendrive and then removing it. The problem will come if law enforcement gets a hold of said pendrive...