I’ve been reading through Signal’s government requests and couldn’t find a similar section on Mullvad’s website. I’d be curious to read about them if there are any. It would seem unlikely to me that Mullvad has never received any kind of court order for information about a user.
Yup, Swedish police issued a search warrant and raided Mullvads offices last year. They left empty handed as Mullvad does not retain ANY customer data.
They even stopped allowing customers to pay with credit card recurring payments because they didn’t want to store customer payment info that could harm their users.
I currently pay Mullvad with a recurring charge on my credit card.
They brought it back? That’s concerning
They realized banning convenience is bad for business. You can still pay in private ways
What could they even give? They don’t even ask for an email, and they claim to run everything you browse as RAM that never gets held or recorded.
Credit card numbers, assuming you would pay for the service that way
I don’t see why people would use a credit card to pay for a vpn, it seems like it would totally defeat the purpose. I guess if you get ahold of an anonymous card then it would be fine, but using a card in your name to pay for an anonymous service just seems wacky to me.
I’m curious, does anyone here pay for their vpn with something thatvis in their name? If so, why?
What purpose is it defeating if they are not storing anything besides your credit card payment information?
Yeah, if they’re looking for your data on VPN services, they obviously already know you use it, most likely because of the IP.
Because that’s not our threat model.
I want to be anonymous for the sites I visit. I want my ISP, who’s likely selling my data, to have none. I want to use a WiFi without anybody sniffing.
I’m lucky enough to live in a county were I’m not prosecuted for my ideas or who I am, and I’m not doing anything illicit aside from torrent.
So the hassle doesn’t seem needed in this case. If I think Mullvad can harm me if they know my name, then I wouldn’t use it at all, even with private payments.
That’s a bit misleading, they did receive a request, and a search warrant was attempted, but since the data they wanted didn’t exist, nothing happened.
Good link, but just the word yes didn’t accurately answer the question.
IIRC, they get requests for data, and, if the request is valid, hand over what they have, which is virtually nothing as they don’t keep logs. There is no provision in Swedish or EU law that could compel them to start keeping logs.
They also “retain lawyers to monitor the legal landscape should they need to move core parts of [their] business”
