Both Mullvad and Proton VPN can be doxxed without sudo by any app on Linux desktop. Please see the instructions on our website. https://simplifiedprivacy.com
Find a file
2026-02-21 00:13:33 +00:00
bareass.sh Upload files to "/" 2026-02-18 22:02:21 +00:00
README.md Add README.md 2026-02-21 00:13:33 +00:00

Video Format

We have a short demo video to explain these concepts and showcase the tool. If you are new to these concepts, please see the video first: Video Link


BareAss Naked Tool

Simplified Privacy presents an original script for ripping down Mullvad & Proton VPNs without needing sudo, by abusing the DBUS and network interfaces. Any app can easily do these same types of actions, and unfortunately the vast majority of VPNs are exposed. Now this demo implementation just rips down the VPN, but in the wild, any app could make an API call to a server the attacker controls. Please see our self-host git for the code:
https://git.simplifiedprivacy.com/SimplifiedPrivacy/bareass_mullvad


Tool's Use:

The following are commands to use the BareAss Naked Tool.


List Interfaces

The user can list all interfaces.

bash bareass.sh list  



Butt Naked Mullvad

Kill Mullvad, through their "lockdown" mode"

bash bareass.sh kill-mullvad    

Please see our podcast on Mullvad's other poor decisions. Also our yellow paper's key section, discusses disagreement with their multi-hop strategy.


Rip Down Proton

First list the interfaces, see a proton interface and take it down:

bash bareass.sh kill proton0  

Please see our article on Proton's negligence for other critical points we disagree with them on.


Proof of Concept DBUS Protection

To showcase what apps (such as a web browser) can do or access from inside the bubblewrap, do the following with the layer-one system-wide VPN already on:

bash bareass.sh bwrap-kill wg  

And once again to repeat, all the apps inside HydraVeil have this automatically. This script is just a demonstration of the attack being done from inside the Bwrap. So you're experiencing being denied from the point of view of the app.