search

mullvad / mullvad-browser

Privacy-focused browser for Linux, macOS and Windows. Made in collaboration between @torproject and @mullvad
https://mullvad.net/browser
1.14k stars 21 forks source link

Integrate the VPN entirely (so it's without a hard-requirement of Mullvad VPN outside of it) #103

Closed AutonomousCat closed 1 year ago

AutonomousCat commented 1 year ago

It's a bit of a rabbit hole how I got here.

My primary OS is Windows 10, which doesn't support the Mullvad VPN executable and Tailscale at the same time.

This had me download WireGuard to use Mullvad that way (since I think the non-toggle kill-switch on the native application prevents Tailscale from working fully). However, the solution with only WireGuard wasn't perfect. I noticed even with the DNS setting within the WireGuard interface, the DNS leak test still somehow failed. I wasn't able to add 100.64.0.7 to my WIFI card adapter configuration without it breaking the connection to my router.

I started looking into browser based DNS options (since it's the web I'm concerned about and not executables), and stumbled upon Mullvad Browser. It's almost what I need, but in the event WireGuard cuts out, it might be my biggest risk.

My suggestion

Integrate a full VPN within Mullvad Browser, and while doing so add a kill-switch (and other features found in the app).

I admit, it is a little confusing why it doesn't have this native integration already, unless it's due to it being new.

It stores your account key already for Leta, so how about using that for much more?

ruihildt commented 1 year ago

It's almost what I need, but in the event WireGuard cuts out, it might be my biggest risk.

A potential solution would be to always use the proxy as a "killswitch": as the proxy only works inside of a tunneled connection, when the tunnel is stopped, the whole browser will not be able to access internet.

Integrate a full VPN within Mullvad Browser, and while doing so add a kill-switch (and other features found in the app).

This is unlikely to happen for the same reason that we don't have a "VPN Proxy extension":

A VPN extension makes it possible to use the VPN only for the browser. It's very easy to click a link that will make your traffic go outside of the VPN tunnel. This is why we don't propose this: it's much safer to encrypt all your device traffic, to make sure there's no unintentional leak.

We are thinking about other ways to better interface with the VPN, but this is currently not a priority.