Yup: see https://hackage.haskell.org/package/ghc-internal-9.1001.0/do... where it is clear that setting a handler simply writes to an array inside an MVar. And when the signal handler is run, the runtime starts a green thread to run it, which means user Haskell code does not need to worry about signal handler safe functions at all, since from the OS perspective the signal handler has returned. The user handler function simply runs as a new green thread independent of other threads.

But I like the fact that you brought up this idea. Haskell can't do it but in a parallel universe if there were another language with no runtime but with monads, we can actually solve this.

Another option is to use a proper OS that includes the ability to receive signals as a part of your main event loops: https://man.openbsd.org/kqueue.2#EVFILT_SIGNAL

I believe you can also do something similar with epoll() on Linux but not sure the semantics are quite as nice as kqueue.

It's mostly just a matter of having a defined scope. They could of course say "You can only attack this one exact thing" that makes them look good, but this is true of many things.

Defining the threat model is standard in the infosec auditing/pentest world, FWIW.

> If Mullvad dictated how to do things or imposed limits on the reach of the testing, the results are worthless anyway

That's only true if your threat model is "literally every possible thing that could ever happen", which is so broad to be meaningless and impossible to test anyway.

Computer programmers also do not typically design their programs under the assumption that someone stuffed newspaper between their CPU and heatsink and it caught on fire. They work on the assumption the computer is not on fire.

That's the whole point of a threat model: Mullvad has a threat model, and they build a product resistant to that. When someone audits the product, they should audit it against the threat model.

For example, this X41's threat model only supposes that an attacker could execute code on the system as a different, unprivileged user. They don't consider the situation where an attacker might have an administrative account on the system.

For my personal devices today, this matches my threat model. If an attacker has an administrative account on my machine, I assume that my VPN isn't going to be able to protect my traffic from them. There's no need to worry about laying out all the ways this could impact Mullvad's client.

> We believe the reason these vulnerabilities exist is because gocryptfs doesn’t have a clearly spelled-out threat model. Some of the attacks seem hard to avoid given gocryptfs’s performance goals and may have been introduced “by design” to meet these goals. We suggest writing down an explicit threat model and updating the website to better communicate the security guarantees that gocryptfs provides. This way, users are less likely to rely on it in ways which would make them vulnerable.

Later established: https://nuetzlich.net/gocryptfs/threat_model/

If I ask a person to do a audit I will tell them what the scope of their audit is, e.g. check the physical security measures of our server rooms. Otherwise they would have to take literally everything into consideration (what if the accountant is a malicous actor, what if the server rooms are attacked by a military, what if our hardware is swapped out during delivery, what if..) and they would never be able to stop.

If you take security seriously you try to defend against likely attack scenarios first. Your way to control that is by choosing the scope of audit.

So, first you have to determine what the target says.

Then you look around to see if that seems accurate.

Then you look around to see what are the systems and controls that are in place to keep things in a controlled state in the future.

To do an audit you have to audit against some sort of pre-established criteria. That is how audits work. In security, that will typically be a standard (or set of standards) alongside a threat model. In finances, you audit against what is legal in the areas you operate.

>[...] zero idea what the auditor would be doing?

That's a practical impossibility. From the client side you want to be able to evaluate quotes, stay within a budget, etc. You don't want to pay good money (audits are really expensive!) for areas that you are works-in-progress, or non-applicable threat models (e.g. lots of security software explicitly does not protect against nation-state actors, so they don't do audits from the perspective of a nation-state actor).

From the auditor side, you want to know what staff to assign (according to their expertise), how to schedule your staff, etc.

>If Mullvad dictated how to do things or imposed limits on the reach of the testing, the results are worthless anyway

Not at all. The company says "This is the set of standards we are auditing against and our threat model. This is how we performed". The results are useful for everything covered by those standards and threat model. By explicitly stating the threat model, you as a consumer can compare your threat model to the one that was audited and make an informed decision.

I'm thinking of moving to protonvpn.

Their reasoning is "they will be able to focus their resources where they can make a difference". Whatever that means.

I'm not sure if this can be done without the app or not.

Fun fact: you can just mail Mullvad some cash in an envelope. No need for any cryptocurrency

Who owns that wallet can absolutely be an unknown - although practically with 99% people buying through coinbase this isn't the case.

- use coinjoin with something like wasabi wallet(https://wasabiwallet.io/)

- purchase BTC with cash

maybe he is using tor on top of it

who knows

I occasionally run this just to make sure, especially when using an unfamiliar service:

  curl ipinfo.io

FTFY (added scare quotes)

I don't see blocking tracking and data mining as a problem at all, but rather a very good thing.

There isn't a lot Mullvad can do about it. Not all providers of hosting are willing to tolerate VPN endpoints in the same way they don't like hosting tor exit nodes.

reCAPTCHA is the GoDaddy of CAPTCHA services. It doesn't achieve its purpose and the CAPTCHA task is often just a time waster. It's already decided whether you're a bot or not - which is not based on your mouse movements, but rather your IP address reputation and whether you're signed into Google. It only still exists because of brand inertia. I'd like to see a Google executive put before Congress and forced to complete a reCAPTCHA over Tor.

This alone can be worth it for many people. I trust Mullvad significantly more than I trust my ISP.

[0]: https://mullvad.net/en/help/no-logging-data-policy

But, it's not white label. White label implies it would be Tailscale VPN (or similar) with no reference to Mullvalad in their docs or marketing. But that's not what is happening with their offering.

Just use the best programming language. Ups? For what application? Yes, everything depends on the application. Honestly, I doubt that many VPNs are better then Astrill if it comes to the GFC. I mentioned, it comes at a price. But if you are price sensitive, Mullvad is still nearly double the price of AirVPN....

"Mullvad has had multiple public audits and even contributed to other security-related open source projects."

Well, airvpn has also interesting roots. https://airvpn.org/aboutus/

"You don't have to create an account, and they even take cash by mail. It can't be more"

Well, I dont think any of my recommendations takes cash by mail, but that may take bitcoin. And for the applications you are hinting at, it is much more important that you connect via Tor to your VPN. One thing gives anonymity, the other privacy.

"Furthermore even in their FAQ they don't say that they wouldn't give the data to a court."

ROTFL. Every company will give data, or the data they have, to a court. At least in their own jurisdiction. Yet, there are (or were) VPNs that were cyberspace only. No corporation, just a website. A business that is not incorporated and only exits in cyberspace may indeed have a lot of leverage. At this point, you may ask yourself what you are doing. But if it is really so important, I would start setting up my own servers and selling my own VPNs. A tree you can hide best in a Forrest.

"I would never buy a VPN from a company like that." If everything you have is a hammer, every problem becomes a nail. Everything depends on your application and what you want to achieve.

If you want a Mercedes of VPNs, likely Astrill is the choice. If privacy is your main concern, there are many options. Dont mistake privacy for anonymity. If in doubt, pay with Bitcoin and use TOR to connect to your VPN.

For my current application, AirVPN is more than enough. Two years: are 79 €, if they have a special, it is 49 euro. If you are cost sensitive, Mullvad is double the price already, but at least only less than half of the Astrill price.