[NhanH]

Even if that attacks has close to 100% success rate, I'd imagine it being nigh physically impossible to execute a targeted attack, as you don't know which machine to hit for a specific user. And that seems to be the main threat model we would be concerned about for this.

[foobiekr]

Of course they know which machine to hit. How do you do customer service without such a basic function?

[hiatus]

Mullvad gives you the option to connect to multiple servers. They offer wireguard configs for every endpoint. How does law enforcement know which server the client plans to connect to? There is no metering either, just a flat monthly rate so nothing to track there either.

[foobiekr]

I find these discussions so tiring. Let me turn it around. In their position, how would you manage this? Might you hook authentication events? Why are you pretending this is hard?

[hiatus]

You can connect to mullvad via tor though. If I only ever went to the mullvad site via tor to make an account, paid in monero and only ever accessed the VPN via tor, what is there to hook into?

[foobiekr]

.. that you can connect to Mulvad via tor says nothing _at all_ about what _Mulvad_ can do which was the discussion point.