Olivia
Online
tmctmt
@tmctmt
23
Joined April 2026
34 Following
833 Followers
33 Posts
Pinned Tweet
Mullvad exit IPs are surprisingly identifying
https://t.co/JJzrTTG7Uc
@h4x0r_dz it's weird because they explicitly promise not to train LLMs on 'customer or researcher data', but that phrasing suggests they don't train on public reports either.
To clarify, the issue isn't a lack of encryption for DNS queries. The traffic is already encrypted at the tunnel layer and it stays in Mullvad's intranet. The real issue is that Chrome *thinks* it's insecure, which triggers it to turn off a privacy feature.
I was wondering why Chrome was refusing to use ECH on websites where it works just fine in Firefox.
It turns out Chrome only enables ECH if your system DNS server supports DoH. If you use Mullvad, its internal DNS servers are plaintext only.
@soft_fox_lad I noticed that deleted pages on bing tend to stick around for much longer compared to google (too bad they removed cached pages), but that's likely a byproduct of bing's (much) smaller global crawling budget
people in the replies have never stalked someone online and it shows😔
Stop telling me to use duckduckgo IT SUCKS
@TResearchoor 15% of users may have a mac user agent, but how many of them are also going to share the same Mullvad bucket? Probably just one.
I can confirm that Mullvad's new mitigation (currently available on select servers) indeed fixes the IP position correlation flaw.
On Friday the 15th of May, we became aware of a fingerprinting issue affecting Mullvad users.
We have a method which changes this behaviour currently being tested, with plans to begin rolling it out to our VPN servers in the coming weeks.
Read more here: https://t.co/MH32Odwrj0
@TResearchoor It lets you rule out 99% of users. You still need a second clue to identify your target from the remaining 1%, but that's a lot different from trying to find them using only that clue across the entire suspect pool.
@TResearchoor at which point it's trivial to identify the person you're looking for.
@TResearchoor There are only so many Mullvad users on any given website, and that number gets diminishingly small on anything less than social media.
Given enough IP logs, a list of a thousand Mullvad users could conceivably be boiled down to just 3 based on seed range
@TResearchoor https://t.co/hZHjYplPp3
It's a tool I made that calculates positions for a set of exit IPs and deduces the seed that produced them, which was mostly unique per Mullvad user.
The mitigation update removed this pattern from the exit IP choosing algorithm, hence the error.
The IPs are still assigned deterministically though and afaict they won't change until the pubkey rotates, which is a bit of a bummer.
I don't plan on keeping the database up to date, but since Cloudflare is already experimenting with randomly assigned nameservers, there may not be much point in doing so for much longer anyway.
Just released a tool for identifying domains under common ownership using Cloudflare nameserver pair correlation (with some historical data support!):
https://t.co/UfVGr5IEPT
For those unfamiliar with the technique, this post by Aidan Thomson describes it pretty well:
https://t.co/LkWw1l4TMi
A novel-ish means of finding Satoshi, including a website where you can test your own guesses.
All bad writing is by me. Done in collaboration with @tmctmt.
https://t.co/Ijxb6NNavD
If you're interested in funding this, please lmk.
@kevincardenasr More or less expected behavior, considering that shared folder links already reveal this info. It just isn’t displayed in the UI for individual files for some reason.
neat trick with mediafire: you can reveal uploader names for single files using mediafire[.]com/api/1.5/file/get_info.php?quick_key=file_id_goes_here
![tmctmt's tweet photo. neat trick with mediafire: you can reveal uploader names for single files using mediafire[.]com/api/1.5/file/get_info.php?quick_key=file_id_goes_here https://t.co/PUQsQArm4s](https://pbs.twimg.com/media/HIuNhSJXwAAP6R2.png)
how it feels to say pwned as a gen z
The Millennial falloff will be studied for generations
@xcopydotexe - It uses 128-bit XTS-AES by default despite also supporting the 256-bit variant
- You can't change the KDF rounds and it doesn't support stronger KDF like Argon2 (although VeraCrypt only got it very recently too)
The worst part about the YellowKey exploit is the sheer number of misinformed people who are unknowingly going to bottleneck their SSD speeds by like 80% after switching to VeraCrypt instead of simply using password-based BitLocker
https://t.co/1SlXwbI28u
https://t.co/3m46ei6qqX
After this Bitlocker backd- I mean exploit, Veracrypt schizos should be incredibly smug.
A lot has been said on FOSS vs. closed source with regards to security, but for something as solved as OS encryption, FOSS makes most sense, by a lot.
@xcopydotexe The pain points with password-based BitLocker compared to VeraCrypt are:
- Microsoft tries to nanny you into using TPM every step of the way if you use the BitLocker manager. You have to familiarize yourself with the manage-bde command to access most functionality
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers