[Feature request] DAITA should probably not allow me to set a custom MTU

[kubrickfr]

I have checked if others have suggested this already

• I have checked this issue tracker to see if others have reported similar issues.

Feature description

DAITA allows me to "hide" my traffic from pattern analysis, which is great! But what if I have a custom MTU value set? What if I'm the only one using a particular value of, say, 1321? What's the point of injecting fake traffic and padding all my packets if, in the end, I'm the only one using that MTU?

Alternative solutions

DAITA or not, I have always considered non-standard MTUs to be Mullvad's privacy's Achile's heel when it comes to traffic analysis, deviating from the default should come with a big warning, you don't even need AI to track people with that.
Another solution/track is that Mullvad should really, really, push for Socks Proxy usage with DAITA (or when a user changes their MTU) as it makes everyone's exit traffic come out with a MTU of 1500.

Type of feature

• Better privacy/anonymity
• Better at circumventing censorship
• Easier to use
• Other

Operating System

• Android
• iOS
• Windows
• macOS
• Linux

[kubrickfr]

A nice little tool to check how third parties see your MTU: https://www.speedguide.net/analyzer.php

[Serock3]

Thanks for the feedback! It's a fair point actually and I have brought it up with our DAITA developers. We need to discuss if there's a good solution that doesn't prevent user from configuring their MTU if that's what they need to get a working connection, perhaps a warning in the GUI when using non-default value?

[kubrickfr]

I don't know what the distribution of MTUs look like, maybe you have some statistics about it?
But if, as I think it is, more than 95% of people have the default MTU, one shouldn't be allowed to use DAITA with a custom MTU, it's just wasted bandwith and security theatre.

I have not written "a peer reviewed and published paper", so this is just my opinion. And my opinion is that DAITA is great, but when you enable it, it should only allow traffic to (and from) the SOCKS5 proxy, period. And if the proxy is configured to have generous buffers, and the client throttles you a few % of the traffic on the Mullvad server, then you can have whatever MTU pleases you and you're probably fine.

[Serock3]

We have decided to close this issue for now, as we need to work out a good tradeoff between the extra anonymity of consistent MTU values and lowered connection quality. We will continue to investigate this internally and we may open the issue again if it becomes relevant. Thank you for bringing this to our attention.

[Ewarren7]

You bring up a good point on analysis based on MTU. Being able to set it with DAITA was useful though for being able to actually use DAITA on an ISP that provides a lower MTU connection.

Maybe if it could have a default low and normal MTU option that could help low MTU blend in with others.

[kubrickfr]

1380, the default, is already really low. A normal default would be 1440.

As mentioned here, if you have to specify a lower MTU, use the SOCKS proxy to blend in.