Security of Using Mystermium VPN

Can someone give insight into how secure using Mysterium nodes as a VPN are.

If using a conventional VPN, we rely on the practises and security of a single company, only a handful of which are worth trusting.

With Mysterium we rely on the integrity of nodes, which anyone can setup. What assurances can we have that the nodes cannot access and tamper with data coming from VPN users?

Are nodes able to inspect encrypted connections?

Nodes would be able to keep their own logs - what could they log?

If your browsing with Https then all communication is encrypted between you and the website/service you are using.
Nodes cannot inspect Https.
What Mysterium NodeUi logs is the users country/region the time spent connected and the amount of MYST paid

Hey!

Im a Mysterium Ambassador and Im gathering some resources to answer this type of questions. Let me show point some of the resources that I’ve already gathered. In the future I intend on documenting this and making a thread for wider visibility.

• Smart Contract Security: Verified and audited by Certik https://www.certik.com/projects/mysterium
• External Report Linux Node Security: This is an external security report made with Qualys of my Oracle Hosted Linux Node. The node is just an Ubuntu Instance updated to latest that only has exposed 4449 to internet (don’t even need to expose that, I do it for convenience for management).https://ipfs.io/ipfs/QmV42NgCcvb5sJbkj5CuCTRvW8rSe8htCUG7NYMRhDqFsz

I’m planning to add later this afternoon the internal reports. In any case, source is opensource and code can always be reviewed:

https://github.com/mysteriumnetwork/node

As mentioned by u/peter-sovietsquirrel, all communications are done through Wireguard so your communications are encrypted with SSL. That leaves the node runner or anyone else in the same network for that matter unable to analyze your traffic or inspect it. They would only see scrambled that if they chose to analyze this with Wireguard.

In regard to logs, this is what Mysterium devs told me:

By default, wireguard stores connected IP addresses on the host to maintain a connection. Connection (node service) logs could be queried for e.g. with Journalctl utility (on Linux): sudo journalctl -u mysterium-node.service or saved directly into the file. To view logs in realtime: sudo journalctl -fu mysterium-node.service.

Although it allows to monitor peers IP addresses or session specific data, all of the sensitive traffic uses HTTPS connections, which is encrypted from the client to the end server. Exit node runners can play the traffic with a Wireshark etc., but this traffic encrypted and it’s not possible to decrypt it on the provider level, so it’s useless for them.

There is no a way from user perspective to export (just view) all of the provider specific sessions and locations (could be a feature request for component NodeUI). Although they can grab some data from local database it’s not much usable.