benjaminhays
commented
4 months ago This may be a convenient thing to have on the list of servers present on the site for those curious about the state of RPKI support in privacy services, but it doesn't really give the user much more sanity or security by restricting exit nodes to solely RPKI compliant ASNs. A lot of the threat models of the users of Mullvad and other VPNs tend to automatically assume that all traffic can and will be inspected and possibly interfered with by a third-party. Mitigating these concerns is one of the main selling points for VPNs as a whole.
Assuming all of Mullvad PKI works and the ciphers involved remain secure to cryptanalysis, a BGP hijack would have no serious effect besides an effective DoS (which would be immediately noticeable, picked up upon, and bypassed via switching locations). Of course, if you're sending plaintext traffic from one of Mullvad's exit servers, you could vulnerable to information leakage, but if you're planning on sending unencrypted data from a VPN in 2024 you've got a whole different problem all-together.
Don't get me wrong, RPKI is a great technology that should be implemented by far more ASNs than currently implement it, but it's generally more a security concern for ISPs than individuals. A BGP-hijack is generally a mild inconvenience for users, but for an ISP its a tremendous loss of money, customer trust, and added potential legal liability due to breach of contract.
I have checked if others have suggested this already
Feature description
RPKI is a useful technology to prevent hijacking of routes on the Internet. There is a testing tool and a somewhat up-to-date list of which ISPs support it here: https://isbgpsafeyet.com/
Please add the ability to filter out exits/locations without RPKI support in order to ensure greater integrity of connections.
Alternative solutions
Alternatives would be phasing out use of providers which don't support RPKI or lobbying them to add it.
Type of feature
Operating System