Trust & Privacy

VPN
1

Dear Mysterium Team,
as a Mysterium VPN User, how could I know if there is now way to manipulate a node to read my data traffic like accounts and passwords?
I read in conventional and centralized VPN you have to trust the provider.
I’m asking myself if it would be easy for nodes to get access to sensitive data.
Is there some third party code audition?

2

Hi, Mysterium Network is an open-source project so there is no hidden stuff or any back-doors. You can check the code or even contribute to its development! You can check it out in our GitHub here: https://github.com/mysteriumnetwork

VPN connections are currently encrypted using market leading OpenVPN protocol for transport and we will also be adding multi hops, relays and additional security measures to protect user privacy, security and anonymity.

Centralized VPNs

  • Closed / hidden code may contain back doors, cannot be reviewed or contributed to

  • Focus on shareholder benefit

  • Your private data and logs in one hands

  • Simplified access to your data for 3rd parties (governments, hackers, advertisers / spammers)

  • High profit margins

Decentralized VPNs

  • Open source code can be reviewed, audited and contributed to by anyone

  • Focus on network participant benefits

  • Your private data is decentralized and so is the hardware infrastructure

  • Obstructed access of your data for 3rd parties

  • Free market allows competitive prices

3

Thanks for your reply.
I did`t ask if there are some back-doors hidden in the code.
My question was, if it is possible for someone else to deploy a modified node in order to spy on data.

4

Regarding the security audit, our codebase is open source and everybody is welcome to be a security auditor or adviser, review the code and contribute. But at certain stages of our product development we’ll do security audits with external security auditors to make sure we provide a secure solution to our clients and community members. Any modifications to the code are visible to anyone and will be clearly seen so that is not an issue as it is with centralized VPN providers.

5

I´m not concerned about the modifications of a released code.
I´m concerned about possible modifications a owner of a node could do.
If this node still manages to communicate in the network properly, no one would notice if this single node is spying.

6

That’s not how it works. A node cannot modify the code that has already been deployed so that is not an issue.

7

But the traffic will be going through the node and after the node’s end it won’t be encrypted and as with any other VPN provider, the exit node can monitor your traffic. How do you prevent this, or can you?

8

Hi, actually the VPN traffic travels through a secure encrypted tunnel. As for the internet provider what they will see is the IP of the node host instead of the user IP. To maintain higher anonymity and security users could connect using different nodes each time. Also the multi hops and relays will increase protection of the users in the decentralized network.