I’ve been reading through Signal’s government requests and couldn’t find a similar section on Mullvad’s website. I’d be curious to read about them if there are any. It would seem unlikely to me that Mullvad has never received any kind of court order for information about a user.
Yup, Swedish police issued a search warrant and raided Mullvads offices last year. They left empty handed as Mullvad does not retain ANY customer data.
They even stopped allowing customers to pay with credit card recurring payments because they didn’t want to store customer payment info that could harm their users.
I currently pay Mullvad with a recurring charge on my credit card.
They brought it back? That’s concerning
They realized banning convenience is bad for business. You can still pay in private ways
Once their servers are unplugged they lose all value. While their online and running that could be a different story.
servers unplugged
Or they can do a cold boot attack
Possible but with physical access needed. Which makes things much more difficult. At least for servers under Mulls control vs rented servers from a provider in each locale.
Thanks!
IIRC, they get requests for data, and, if the request is valid, hand over what they have, which is virtually nothing as they don’t keep logs. There is no provision in Swedish or EU law that could compel them to start keeping logs.
They also “retain lawyers to monitor the legal landscape should they need to move core parts of [their] business”
What could they even give? They don’t even ask for an email, and they claim to run everything you browse as RAM that never gets held or recorded.
Credit card numbers, assuming you would pay for the service that way
I don’t see why people would use a credit card to pay for a vpn, it seems like it would totally defeat the purpose. I guess if you get ahold of an anonymous card then it would be fine, but using a card in your name to pay for an anonymous service just seems wacky to me.
I’m curious, does anyone here pay for their vpn with something thatvis in their name? If so, why?
Because that’s not our threat model.
I want to be anonymous for the sites I visit. I want my ISP, who’s likely selling my data, to have none. I want to use a WiFi without anybody sniffing.
I’m lucky enough to live in a county were I’m not prosecuted for my ideas or who I am, and I’m not doing anything illicit aside from torrent.
So the hassle doesn’t seem needed in this case. If I think Mullvad can harm me if they know my name, then I wouldn’t use it at all, even with private payments.
What purpose is it defeating if they are not storing anything besides your credit card payment information?
Yeah, if they’re looking for your data on VPN services, they obviously already know you use it, most likely because of the IP.
That’s a bit misleading, they did receive a request, and a search warrant was attempted, but since the data they wanted didn’t exist, nothing happened.
Good link, but just the word yes didn’t accurately answer the question.
Since you are pedantic. The answer yes is absolutely correct and not misleading. The question was “Has given a court order to reveal…” and not “Was revealed personal information 'cause of a court order”.
just the word yes didn’t accurately answer the question
correct, which is why the link was provided. the OP can figure the rest out, as you did
Why would they?, there is nothing they can found anyway.
They’d get nothing helpful from Signal either and yet governments still do it. Governments often don’t know what they’re doing and are used to just being able to ask companies for user data
