Facebook is still a Delaware company, with lots of established case law for what Zuckerberg can and can not do, voting majority or not. SpaceX is now some Texas corporation with a state legislature ready to enable whatever Musk wants.
Which you absolutely shouldn't use, because just like Tor Browser before, a vulnerability in the browser can be immediately escalated into decloaking your real IP. Ideally the proxying doesn't even happen on the same machine.
One possible mitigation might be to run your system (or just the browser/certain apps) sandboxed to only communicate with the IP/ports mullvad uses for VPNs.
> a vulnerability in the kernel can be immediately escalated into decloaking your real IP
Not necessarily IMO... if you create a network namespace that can only communicate with mullvad, and then run the VM inside that... even owning the entire VM and escaping it doesn't help you... you would now have to exploit the host kernel as well, which to me is basically just as good as it being separate hardware in the first place.
By the time someone has pulled off a VM escape I think it's safe to assume they're akin to a state level actor and a network namespace isn't going to stop them.
What threat model should you use Mullvad browser in? What threat model should you avoid Firefox-based browsers?
Please talk in terms of specific threats instead of fearmongering. For people wanting to avoid surveillance capitalism, which is a very common threat, I think Mullvad Browser is a fantastic choice.
For journalists targetted by nation states, perhaps it would be better to use Brave or Chrome inside of Qubes.
> For journalists targetted by nation states, perhaps it would be better to use Brave or Chrome inside of Qubes.
Curious why Chrome/Brave is recommended? I don't think any modern browser is better for anti-fingerprinting like the Firefox-based ones, including TOR and Mullvad Browser? Don't install random extensions outside the defaults and you're doing a lot better than a Brave/Chrome install if you want a usable internet.
I mentioned those because they are more focused on security than privacy/anonymity.
Chrome takes security a lot more seriously than Firefox, but Firefox does more for privacy. It would depend on the specific person, whether they are more worried about zero days or more worried about being identified.
Zero days for chrome will cost more than zero days for Firefox because Chrome takes security more seriously, there are more exploit preventions.
Brave is based on chromium and has a good update schedule, but it has some regressions like allowing manifest v2. Chrome is going to have the best update schedule.
Vanadium is the only browser that improves on Chrome's security.
> Zero days for chrome will cost more than zero days for Firefox because Chrome takes security more seriously
They may cost more for Chrome, but it needn’t be because Chrome takes security more seriously; Chrome’s greater market share alone would be enough to account for this.
Not that I’m denying the overall conclusion. Just this bit of reasoning.
Well with qubes your security comes from VM isolation, so wouldn't that make using a gecko browser safer? If a browser exploit gets through the browser its stuck in a disposable VM with nothing else on it. Also the mullvad client is on another proxy netVM
If only the Linux Foundation was primarily funding development of Linux, it's hard to describe what it is they are doing exactly, but it's a bit like a social club for Middle Managers and other insignificant people, building ecosystems^TM, connections and synergies^TM, and of course the Linux brand. Starting initiatives and such.
Doesn't help that just to start out you are looking at a 110+ GB size for their tools, which as far as anyone can tell, isn't really justified by anything.
That's because in the EDA space, they have horrible software practices. Take the worst you can imagine and then go worse from there. So eventually, when things "appear to work" they end up taking a snapshot of a messy directory and calling that the deliverable asset.
No, it's just all of the device models. Even the OSS tools take up almost 20 GB of space once you get all of the suppported device models which is not many compared to what Vivado supports.
Why not both? Look at the installables from Cadence, they are full of redundant garbage, broken rpaths, etc. Tools that don't even need to support devices have 5-8GB compressed installables with 12-20GB of on disk space being taken up.
Horribly broken installers and a mess of environment variables needed to get the software to even run.
You won’t see “resell electricity” on the IPO brochures. They’ll say something like multi billion dollar ARR hyperscaler business.
To the extent both are true, it’s non trivial to have large grid connections in the US these days or even gas pipeline connections hooked up to generators around a datacenter. Those assets are valuable.
I think the ISP story is a bit shitty outside some niche markets (mobile internet on airplanes and the like), but the military applications are massive. Everything is moving into drones and Starlink terminals are small enough to fit on them all, while being essentially unjammable, giving you a coarse location signal on top and plenty of bandwidth.
I can't believe Kurian has not put his foot down about this. Adverse action against accounts over $X ARR absolutely must have review by revenue-carrying people before the action is taken.
It really is amazing that there is not some level at which "human review" becomes mandatory. Customers of that size already have dedicated account rep contacts.
What scares me are the basic usability fails it still has. Search for a few foreign language words and it will come back with paragraphs upon paragraphs of AI output in that foreign language despite me telling Google in 15 different ways that I don't speak it, nor anything else on the Google page being in that language. How are all their products always made by and for the most narrow minded people on this planet.
Funnily enough, I have the exact opposite problem, where Google likes to give me results in the configured main language even when I do queries in another and actually want results in the other language.
I’ve found it quite unsettling to be served foreign language videos on YouTube automatically dubbed over by Google into English. Just mixed in with the search results.
It's quite unsettling to be served English AI-dubbed videos randomly on Youtube, where the original is another language you normally default to (Japanese) and it's happy to use in most cases. And then you go to the settings for the video to go back to the original and it tells you it is... Chinese (and no, it's really Japanese).
reply