I’ve been reading through Signal’s government requests and couldn’t find a similar section on Mullvad’s website. I’d be curious to read about them if there are any. It would seem unlikely to me that Mullvad has never received any kind of court order for information about a user.
Thanks!
Yup, Swedish police issued a search warrant and raided Mullvads offices last year. They left empty handed as Mullvad does not retain ANY customer data.
They even stopped allowing customers to pay with credit card recurring payments because they didn’t want to store customer payment info that could harm their users.
I currently pay Mullvad with a recurring charge on my credit card.
They brought it back? That’s concerning
They realized banning convenience is bad for business. You can still pay in private ways
When they announced it, they said it would be bad for business, but that they valued their customers privacy more than the cost it would cause in lost business.
Once their servers are unplugged they lose all value. While their online and running that could be a different story.
servers unplugged
Or they can do a cold boot attack
Possible but with physical access needed. Which makes things much more difficult. At least for servers under Mulls control vs rented servers from a provider in each locale.
That’s a bit misleading, they did receive a request, and a search warrant was attempted, but since the data they wanted didn’t exist, nothing happened.
Good link, but just the word yes didn’t accurately answer the question.
just the word yes didn’t accurately answer the question
correct, which is why the link was provided. the OP can figure the rest out, as you did
Since you are pedantic. The answer yes is absolutely correct and not misleading. The question was “Has given a court order to reveal…” and not “Was revealed personal information 'cause of a court order”.
You sir are technically correct.
The best kind of correct.
Thanks!
What could they even give? They don’t even ask for an email, and they claim to run everything you browse as RAM that never gets held or recorded.
Yes if you get a court order for data you don’t hold, you don’t have to provide data you don’t have access to. I wasn’t expecting that Mullvad would have any useful data to give, I just wanted to read their response/commentary is all
Credit card numbers, assuming you would pay for the service that way
I don’t see why people would use a credit card to pay for a vpn, it seems like it would totally defeat the purpose. I guess if you get ahold of an anonymous card then it would be fine, but using a card in your name to pay for an anonymous service just seems wacky to me.
I’m curious, does anyone here pay for their vpn with something thatvis in their name? If so, why?
Because that’s not our threat model.
I want to be anonymous for the sites I visit. I want my ISP, who’s likely selling my data, to have none. I want to use a WiFi without anybody sniffing.
I’m lucky enough to live in a county were I’m not prosecuted for my ideas or who I am, and I’m not doing anything illicit aside from torrent.
So the hassle doesn’t seem needed in this case. If I think Mullvad can harm me if they know my name, then I wouldn’t use it at all, even with private payments.
Anonimity is keeping your identity private, but not your actions.
Privacy is keeping your actions hidden, but not your identity.
Using a VPN will hide your IP and make you more anonymous online. Using a personal CC to buy the vpn does not compromise that and does not defeat the purpose at all.
Only if your specific account ID is compromised could the personal CC be used against you by identifying you. E.g.: “they” found your bad email in an inbox of somebody who is less privacy conscious and are trying to figure out who
festybear69@...is.It depends on what your use-case/threat model is.
What purpose is it defeating if they are not storing anything besides your credit card payment information?
Yeah, if they’re looking for your data on VPN services, they obviously already know you use it, most likely because of the IP.
IIRC, they get requests for data, and, if the request is valid, hand over what they have, which is virtually nothing as they don’t keep logs. There is no provision in Swedish or EU law that could compel them to start keeping logs.
They also “retain lawyers to monitor the legal landscape should they need to move core parts of [their] business”
Why would they?, there is nothing they can found anyway.
They’d get nothing helpful from Signal either and yet governments still do it. Governments often don’t know what they’re doing and are used to just being able to ask companies for user data
Nothing majorly helpful. They show account creation date, last seen date with time stamps for creation and last seen. Phone number used to register, account ID as a number, sealed sender from anyone such as true or false, find your account by contacts true or false. Badges by number such as 1 or 0. And user agent as letters. That’s about it. Anyone can pull their log file they keep under account settings anytime inside the app.
