Hacker News new | ask | show | jobs
by commoner 1750 days ago
Mozilla VPN uses the Mullvad VPN service for most of its backend, and Mullvad had Cure53 complete an audit of its infrastructure last December:

https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leak...
1 comments
sneak 1750 days ago
As I mentioned, this is irrelevant one second after it's published.
link
dylan604 1750 days ago
If they tie a hash of the software to the report, then you can verify the software is the same.

Not sure how to handle updates later though. What level of udpates would require an entirely new audit?

link
m4rtink 1750 days ago
But how do you verify the backend code and infrastructure?

Thats the most important question for a VPN.

link
sneak 1750 days ago
The audit commoner is referring to is of their backend infrastructure, not their published software.
link