In a move that has drawn attention from the cybersecurity community, Mullvad VPN, a popular provider known for its commitment to privacy, has announced it is discontinuing support for port forwarding. The company cites frequent misuse of this feature, leading to negative experiences for the majority of its users, and more troublingly, garnering unwanted attention from law enforcement agencies.
Port forwarding is a networking technique that allows remote computers to connect to a specific computer or service within a private local area network (LAN). In the context of a VPN service, port forwarding could be used to enable friends or family to access a service running behind the VPN, such as a legitimate website, a game server, or a self-hosted server.
However, the darker side of this coin has caught up with Mullvad, prompting the drastic decision to entirely remove the feature. The misuse of port forwarding can open avenues for abuse, with nefarious individuals utilizing this feature to host undesirable content and malicious services. This has resulted in Mullvad’s IP addresses being blacklisted, hosting providers cancelling their services, and law enforcement contacting the company.
The compromise Mullvad has chosen is a challenging one. On one hand, it protects the majority of its users who may not be using port forwarding, ensuring their VPN experience is not negatively impacted by the actions of a few. On the other hand, it limits the functionality of the service for those users who were using port forwarding for legitimate purposes.
The removal of the port forwarding feature may be seen as a positive move from a cybersecurity perspective. By eliminating this feature, Mullvad is taking a stand against the potential for misuse and abuse that port forwarding can enable. This could include activities such as operating rogue servers, distributing illegal content, or even hosting phishing sites, all of which can be done by malicious actors who take advantage of port forwarding to hide their activities behind the VPN.
Nevertheless, the decision also brings with it a negative impact on the versatility of Mullvad’s service. Port forwarding is a useful feature for power users who require remote access to services behind their VPN. This includes scenarios such as running a remote game server, providing access to a self-hosted website, or facilitating peer-to-peer file sharing. By removing this feature, Mullvad could risk alienating a segment of their user base who rely on these capabilities.
On Twitter, several users expressed disappointment and concern about the removal of the port forwarding feature, stating that it was essential for their use of the service, and suggesting that Mullvad could have addressed the problem by limiting port forwarding to certain servers. Some users, however, appreciated the decision, commending Mullvad for prioritizing the quality of their core product and removing features that could compromise privacy and security.
Reddit users also had mixed reactions. Some users understood the decision and saw it as a necessary step to ensure the survival of Mullvad and the privacy it offers. They criticized those who had abused the feature for ruining it for others2. Others, however, were skeptical about the effect of the decision on Mullvad’s future, with some predicting that the removal of port forwarding might lead to the end of the VPN provider. They argued that many users chose Mullvad specifically for the port forwarding feature, and that the removal of this feature could cause these users to leave2. Some users also suggested that abuse of the service went beyond torrents and included illegal activities like child sexual abuse material (csam) sharing.
The sentiment in the Hacker News thread about Mullvad’s decision to remove port forwarding was mixed. Many users expressed understanding and agreement with the decision, seeing it as a necessary measure to maintain service quality and reduce abuse. However, a significant number of users were disappointed, viewing port forwarding as a crucial feature whose removal could affect their experience, particularly for tasks like torrenting. Suggestions were made for alternative solutions, like offering dedicated servers for port forwarding or implementing stricter controls. Some users provided technical insights to highlight the importance of port forwarding, while official replies from Mullvad indicated that this decision was part of a larger strategic roadmap.
In short, public sentiment towards Mullvad’s decision to remove support for port forwarding is mixed, with some users understanding and supporting the decision, and others criticizing it and expressing concerns about its impact on the service.
As of now, Mullvad has removed the ability to add new port forwards and plans to remove all existing ports by July 1, 2023. This decision is sure to be felt by users who are actively using this feature. Mullvad has advised those affected to update their services accordingly.
This development highlights the ever-present tension between security and functionality in the world of digital services. While Mullvad’s decision may limit certain users, it could also be seen as a necessary step to curb abuse and protect the wider user base. As always, the world of cybersecurity and privacy evolves, and providers like Mullvad must continue to navigate these complex waters.