Mullvad VPN is attempting to make its servers even more secure from prying eyes by running them without any storage disks installed.
Virtual Private Networks (VPN) offer a way to stay anonymous online and hide your browsing destinations, but if a VPN server is seized or stolen, there’s a chance the storage disks they contain could hold information allowing users to be identified along with their online activity. The highest-rated VPNs use a number of techniques to stop this from happening, but Mullvad is taking things to the next level and trying to make it all but impossible.
As part of its goal to make the VPN infrastructure transparent and user-auditable, Mullvad is experimenting with removing the storage disks from its servers. These so-called diskless servers will run purely in RAM. By doing so, it means as soon as a server loses power there is no data to view as it’s automatically wiped from the volatile memory. Mullvad also points out that no disks means there’s fewer breakable parts and its infrastructure therefore becomes more reliable as a consequence.
With no storage disks, Mullvad had to figure out how to get these servers running an operating system and software. This is achieved using a provisioning server, which downloads an “OS Package” to the RAM of the diskless server. The provisioning server uses a storage disk, but it only stores the signed image for the operating system being transferred.
For now, Mullvad is testing the diskless system in beta on a pair of WireGuard servers in Sweden. If you’re a Mullvad VPN customer, you can try using them by visiting either the Mullvad app or website and navigating to Switch Location -> Sweden -> System Transparency [BETA]. Gothenburg and Stockholm servers should then appear to be used.
Mullvad admits that a diskless system doesn’t prevent logging from happening, but it does, “minimize the risk of accidentally storing something that can later be retrieved.” If the beta proves successful, it seems likely Mullvad will quickly move to offering diskless servers across its entire service.
