Hubbry Logo
MullvadMullvadMain
Open search
Mullvad
Community hub
Mullvad
logo
8 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Mullvad
Mullvad
Mullvad
View on Wikipedia
from Wikipedia

Mullvad VPN
Desktop client
DeveloperMullvad VPN AB[1]
TypeVirtual private network
Launch dateMarch 2009; 16 years ago (2009-03)
Platform(s)Android, iOS, Linux, macOS, Windows (official app)
Website
Mullvad
Stable release(s)
Androidandroid/2025.7[3]Edit this on Wikidata  / 8 September 2025 
Linux2025.13[4]Edit this on Wikidata / 10 November 2025
macOS2025.13[4]Edit this on Wikidata / 10 November 2025
Windows2025.13[4]Edit this on Wikidata / 10 November 2025
Repository
Websitemullvad.net Edit this on Wikidata

Mullvad is a commercial VPN service based in Sweden. The name "Mullvad" is the word for "mole" in the Swedish language. Mullvad operates using the WireGuard and OpenVPN protocols. It also supports Shadowsocks as a bridge protocol for censorship circumvention. Mullvad's VPN client software is publicly available under the GPLv3, a free and open-source software license.[5][6][7]

History

[edit]

Mullvad was launched in March 2009 by Amagicom AB in Göteborg,[8][9] and it had begun by supporting connections via the OpenVPN protocol in 2009.[10] Mullvad was an early adopter and supporter of the WireGuard protocol, announcing the availability of the new VPN protocol in March 2017[11] and making a "generous donation" supporting WireGuard development between July and December 2017.[12]

In September 2018, the cybersecurity firm Cure53 performed a penetration test on Mullvad's macOS, Windows, and Linux applications.[13] Seven issues were found which were addressed by Mullvad.[14] Cure53 tested only the applications and supporting functions. No assessment was made on the Mullvad server-side and back end.[13]

In October 2019, Mullvad partnered with Mozilla to utilize Mullvad's WireGuard servers for Mozilla VPN.[15]

In April 2020, Mullvad partnered with Malwarebytes and provided WireGuard servers for their VPN service, Malwarebytes Privacy.[16]

In May 2022, Mullvad started officially accepting Monero.[17]

On 18 April 2023, Mullvad's head office in Gothenburg was visited by officers from the National Operations Department of the Swedish Police Authority who had a search warrant to seize computers being used by Mullvad containing customer data. Mullvad demonstrated that in accordance with their policies, no such data existed on their systems. After consulting with the prosecutor, the officers left without seizing any equipment or obtaining customer information. Mullvad had released a public statement in relation to this information in a blog post on their website two days later, also mentioning that it was their first time that their offices had been searched by authorities.[18] In a letter sent to Mullvad nine days after the search, the Swedish Police Authority stated that they had conducted the search at the request of Germany for an ongoing investigation. The investigation involved a blackmail attack that targeted several institutions in the state of Mecklenburg-Western Pomerania which revealed IP addresses that were traced back to Mullvad's VPN service.[19]

On 29 May 2023, Mullvad announced that they would be removing support for port forwarding, effective on 1 July 2023. This was done due to the use of port forwarding for illegal activities, with this causing interference by law enforcement, Mullvad IP addresses getting blacklisted, and hosting providers canceling their services.[20]

Service

[edit]

A TechRadar review noted in 2019 that "Mullvad's core service is powerful, up-to-date, and absolutely stuffed with high-end technologies".[5] Complementing its use of the open-source OpenVPN and WireGuard protocols, Mullvad includes "industrial strength" encryption (employing AES-256 GCM methodology), 4096-bit RSA certificates with SHA-512 for server authentication, perfect forward secrecy, multiple layers of DNS leak protection, IPv6 leak-protection, and multiple "stealth options" to help bypass government or corporate VPN blocking.[5]

Mullvad provides VPN client applications for computers running the Windows, macOS and Linux operating systems. As of April 2020, native iOS and Android Mullvad VPN clients using the WireGuard protocol are available. iOS and Android mobile operating system users can also configure and use built-in VPN clients or the OpenVPN or WireGuard apps to access Mullvad's service.[21]

Privacy

[edit]

Providing personal information used to identify users such as email addresses and phone numbers is not required during Mullvad's registration process. Instead, a unique 16-digit account number is anonymously generated for each newly registered user, and this account number is used to log in to the Mullvad on other devices.[22]

For anonymity purposes, Mullvad accepts the anonymous payment methods of cash and Monero. Payment for the service can also be made via bank wire-transfer, credit card, Bitcoin, Bitcoin Cash, PayPal, Swish, EPS Transfer, Bancontact, iDEAL, Przelewy24, and vouchers sold by multiple resellers.[5][23][24] Payments made via cryptocurrency have a 10% discount.[25] In June 2022, the service announced that it will no longer offer new recurring subscriptions, as this further reduces the amount of personal information that will have to be stored.[26]

Mullvad does not log VPN users' IP addresses, the VPN IP address used, browsing-activity, bandwidth, connections, session duration, timestamps, and DNS-requests.[5][22]

Mullvad has many privacy-focused features built into their VPN. Instances include multi-hop, which routes all traffic through an additional Mullvad server before it arrives at its destination,[27] the ability to add a quantum-resistant key exchange to the encryption process, making all data encrypted resistant to quantum computer related attacks,[28] and Defense against AI-guided Traffic Analysis (DAITA), which ensures all packets are the same size and also inserts random network traffic (significantly increasing bandwidth usage), though this is only enabled on select servers.[29]

Mullvad has been actively campaigning against the EU's Regulation to Prevent and Combat Child Sexual Abuse (a.k.a. Chat Control), which would require service providers to scan all users' online communications, even encrypted services, arguing that it would make all methods of online communication viewable and thus not private and not anonymous.[30][31]

Reception

[edit]

While Mullvad has been noted for "taking a strong approach to privacy and maintaining good connection speeds", the VPN client setup and interface has been noted as being more onerous and technical than most other VPN providers especially on some client platforms.[32] However, a follow-up review by the same source in October 2018 notes, "Mullvad has a much improved, modern Windows client (and one for Mac, too)". A PC World review, also from October 2018, concludes, "With its commitment to privacy, anonymity (as close as you can realistically get online), and performance Mullvad remains our top recommendation for a VPN service".[21]

In November 2018, TechRadar noted Mullvad VPN as one of five VPN providers to answer a set of questions for trustworthiness verification posed by the Center for Democracy and Technology.[33][34] In March 2019, a TechRadar review noted slightly substandard speeds.[23] However, a TechRadar review later that year, published on 11 June 2019, stated that Mullvad VPN "speeds are excellent".[5] This is also supported by a 2024 CNET review that demonstrated 13.5% speed loss in March 2024 tests.[35] While the latter review notes a shortcoming for mobile users in that Mullvad had not provided mobile VPN client apps,[5] Mullvad apps for both Android and iOS are now available.

The non-profit Freedom of the Press Foundation, in their "Choosing a VPN" guide, lists Mullvad amongst the five VPNs that meet their recommended settings and features for VPN use as a tool for anonymizing online activity.[36]

Other products

[edit]
Mullvad Browser
DevelopersMullvad VPN and Tor Project
Stable release
15.0.1[37] Edit this on Wikidata / 17 November 2025; 9 days ago (17 November 2025)
Repositorygithub.com/mullvad/mullvad-browser
EngineGecko
Operating system
LicenseMozilla Public License[38]
Websitemullvad.net/browser

Browser

[edit]

On 3 April 2023, Mullvad Browser was released, developed by the Tor Project team and distributed by Mullvad.[39] It has similar privacy and security settings levels to Tor Browser, with an exception being that it operates independently of the Tor network and is meant to be used with a VPN service instead, either Mullvad VPN or another trusted provider.[40] Mullvad Browser has been programmed to minimize the risk of users being tracked and fingerprinted.[41][42] It attempts to achieve this through several measures:

  • Private mode is enabled by default. This means that cookies are never saved between sessions.
  • It utilizes Firefox's "resist fingerprinting" feature.
  • First-party isolation is in place, in which cookies are placed in separate cookie jars so that trackers cannot connect to each other to build a profile of its user.
  • No collection of telemetry data.[43]

Search engine

[edit]

On 20 June 2023, Mullvad announced the Mullvad Leta search engine. Mullvad Leta uses the Google Search and Brave Search APIs as a proxy and caches each search for 30 days. When a user inputs a web query, the service checks if it has a cache of the search before making a call to the Google Search or Brave Search API.[44] The service was initially only accessible to devices that had Mullvad VPN turned on,[45] before being opened to the general public on 4 March 2025. Mullvad VPN announced on November 6, 2025, that Mullvad Leta would be shut down on November 27, 2025[46].

Public DNS

[edit]

Mullvad also offers public DNS servers that offer DNS over HTTPS, DNS over TLS, and various content-blocking filters.[47]

See also

[edit]

References

[edit]
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Mullvad

View on Grokipedia
from Grokipedia

Mullvad is a (VPN) service provider headquartered in , , founded in March 2009 by Fredrik Strömberg and Daniel Berntsson as a response to increasing concerns over digital surveillance and .
Operated by Mullvad VPN AB, a of Amagicom AB wholly owned by its founders, the service prioritizes user by requiring no personal information, addresses, or traditional account identifiers—instead using randomly generated account numbers—and accepts payments exclusively in fixed amounts via cash, cryptocurrency, or bank wire without linking to identities.
Mullvad enforces a strict no-logging policy for user activity and metadata, has undergone independent audits to substantiate these claims, and employs protocols like and alongside innovations such as , encrypted DNS over the VPN tunnel, and quantum-resistant to counter advanced threats.
The company maintains open-source client applications, collaborates with organizations like on tools such as the Mullvad Browser, and commits to long-term independence without external investment or sale, driven by an idealistic vision of rendering impractical.

History

Founding and Early Years

Mullvad VPN was launched in March 2009 by Amagicom AB, a Swedish company founded by Fredrik Strömberg and Daniel Berntsson in . The service's development originated in the summer of 2008, driven by the founders' idealistic commitment to as a cornerstone of civilized society and their aim to render and impractical through technological means. Amagicom AB's name draws from the ancient Sumerian term "," which translates to "" and underscores the emphasis on secure, unrestricted communication. From inception, Mullvad prioritized user anonymity and minimal , operating without requiring for account creation or usage. The initial service relied on the OpenVPN protocol for secure connections, establishing a foundation for encrypted tunneling that aligned with its privacy-focused ethos. Early operations grew organically without external investment, reflecting the founders' vision of sustainable, principle-driven entrepreneurship rather than profit maximization. Key innovations in the nascent phase included the introduction of payments in July 2010, enabling pseudonymous transactions, followed by cash payment options in September 2010 to further accommodate anonymous users. These features distinguished Mullvad from contemporaries by minimizing traceable financial interactions, reinforcing its commitment to user sovereignty amid rising concerns over digital surveillance in the late . By addressing early security vulnerabilities, such as those related to in 2014, the service demonstrated proactive resilience during its formative years.

Expansion and Technological Advancements

In 2016, Mullvad expanded its server by 150%, increasing from 23 to 59 servers and adding locations in 13 new countries including , , , , , , , , , , , , and the . The company also hired two full-time employees and released updated client software with signed releases for enhanced security verification, alongside introducing SOCKS5 proxy support on all servers and upgrading server hardware to bolster protection against vulnerabilities. By 2017, server capacity grew further by 175% to 162 locations across 27 countries, while the team expanded with four additional employees and three consultants. That year, Mullvad became an early adopter of the protocol, announcing its availability in March and contributing significantly to its development to prioritize speed and simplicity over legacy options like . In December, the company introduced a post-quantum secure VPN tunnel, employing hybrid schemes resistant to potential threats, marking an proactive step in cryptographic advancement. Subsequent years saw continued infrastructure scaling, with Mullvad operating over 700 servers in 49 countries by 2025, emphasizing owned and rented hardware for reliability. In 2019, the company launched its System Transparency initiative, aiming to verify server software integrity through open-source firmware ports and partnerships, such as with for shared server resources. This evolved in January 2022 with the deployment of RAM-only servers to eliminate persistent storage risks, expanding to over 20 servers by late 2024 with plans for broader rollout in 2025. Technological progress accelerated in 2024 with the introduction of DAITA (Defense Against AI-guided Traffic Analysis), a feature using fixed packet sizes, randomized background traffic, and data distortion to counter machine learning-based metadata that could deanonymize encrypted VPN flows even without content decryption. DAITA rolled out progressively across platforms, reaching and macOS in 2024, Android in October 2024, and shortly thereafter, with a version 2 update in 2025 enhancing performance against AI fingerprinting. In 2025, Mullvad implemented obfuscation for on desktop apps (version 2025.9), tunneling UDP traffic via to masquerade it as innocuous web activity, aiding circumvention in censored environments like and ; mobile support followed in October. These developments reflect Mullvad's focus on verifiable, forward-looking enhancements amid growing capabilities. In April 2023, Swedish police executed a at Mullvad VPN's offices in an attempt to seize servers and computers containing customer connection linked to a . The company successfully challenged the scope of the warrant, arguing under Swedish law that authorities lacked reasonable grounds to expect relevant on the premises, as Mullvad maintains a verified no-logs policy with no stored user activity or metadata. No customer information was found or compromised, demonstrating the practical enforcement of Mullvad's privacy commitments despite demands. Mullvad operates under Swedish jurisdiction, which imposes no mandatory data retention requirements on VPN providers, unlike the repealed Law on Electronic Communications (LEK) that previously applied to but exempts encrypted VPN traffic. The company complies with the General Data Protection Regulation (GDPR) for minimal operational data, such as payment processing, but explicitly states it cannot be compelled to log user activity or metadata for purposes. In response to formal requests, Mullvad refers authorities to its no-logs policy and, if necessary, would consider service shutdown over forced spying. Broader regulatory pressures in the pose ongoing challenges, with an EU expert group in March 2025 identifying VPN services as obstacles to investigations, potentially leading to targeted . Mullvad has opposed proposals for backdoors or expanded , such as under the Swedish Covert Surveillance of Data Act (effective 2020–2025), which allows limited metadata access for but does not mandate provider-side logging. These tensions highlight VPN providers' vulnerability to evolving EU-wide rules prioritizing investigative access over , though Sweden's framework remains relatively permissive compared to jurisdictions like the or with stricter retention mandates.

Company and Operations

Ownership Structure and Location

Mullvad VPN is operated by Mullvad VPN AB, a wholly-owned of Amagicom AB, which was founded on April 23, 2009, in by Strömberg and Daniel Berntsson. Amagicom AB, meaning "free communication" in a constructed term, serves as the parent entity and maintains full control over the VPN service without external investors, , or plans for acquisition, as affirmed by the founders in 2021. This structure ensures operational independence, with the founders actively involved in decision-making to prioritize privacy-focused development over . Amagicom AB is privately held, with 100% ownership divided equally between Strömberg and Berntsson, who each own 50% of the shares and remain the sole shareholders as of the latest public statements. The company is headquartered in , , at Box 53049, with the 400 14, operating under Swedish corporate law as an (AB), a structure that limits public disclosure of detailed financials beyond annual reports filed with Swedish authorities. This location subjects Mullvad to Sweden's Electronic Communications Act, which influences obligations but aligns with the company's no-logs policy commitments, though it places it within the Fourteen Eyes intelligence-sharing alliance.

Business Model and Pricing

Mullvad operates a subscription-based , deriving all revenue exclusively from customer payments for VPN access without reliance on , , or affiliate partnerships. The company, structured as a private entity under Amagicom AB in , prioritizes long-term sustainability over or acquisition, having committed since its 2008 inception to idealistic goals of enhancing user rather than pursuing sale or expansion into data-driven revenue streams. This approach avoids common industry practices like tiered plans or upselling, focusing instead on uniform service delivery to maintain operational transparency and user trust. Pricing remains fixed at €5 per month (approximately $5.40–$5.80 USD, depending on exchange rates) across all subscription durations, including one month, one year, or even one decade, with no discounts for longer commitments to promote flexibility and discourage lock-in effects. This structure, unchanged since 2009, positions Mullvad as one of the more affordable VPN options on a per-month basis, though it eschews promotional trials or bundles to align with its privacy ethos. Value-added tax (VAT) is included in the quoted price for applicable regions. To support , Mullvad accepts a range of payment methods, including cash sent by mail, cryptocurrencies such as and , and bank transfers, which minimize traceable personal data compared to credit cards or . Accounts use randomly generated numbers rather than emails or identifiers, enabling sign-up without personal verification, though non-anonymous payments may retain minimal transaction records for billing compliance under regulations like GDPR. This payment flexibility reinforces the model's emphasis on user control over , even at the cost of higher administrative overhead.

VPN Service Features

Protocols and Encryption

Mullvad VPN supports two tunneling protocols: as the primary and default option across its client applications, and as a legacy alternative scheduled for complete removal on January 15, 2026. employs state-of-the-art , including ChaCha20 symmetric authenticated with Poly1305 (per RFC 7539 AEAD), for Diffie-Hellman key exchange, BLAKE2s hashing (RFC 7693), key derivation (RFC 5869), and a Noise_IK handshake over UDP for secure session establishment. This design results in a compact of under 7,000 lines, minimizing the compared to alternatives like or , while enabling high performance without requiring activity logging. For , Mullvad enforces strict configurations limited to TLS 1.3 on the control channel with ciphers TLS_CHACHA20_POLY1305_SHA256 and TLS_AES_256_GCM_SHA384 (minimum TLS 1.2), and data channel options of or AES-256-GCM. Server authentication relies on 4096-bit RSA certificates signed with SHA512, with perfect via 4096-bit Diffie-Hellman parameters and ephemeral Diffie-Hellman (DHE) ; keys re-exchange every 60 minutes. These measures prioritize security by excluding weaker legacy ciphers and ensuring , though 's larger codebase and complexity make it less efficient than . In Mullvad's implementation, keys rotate every two weeks to mitigate static IP correlation risks, with public keys cleared from server RAM after 600 seconds of inactivity; the protocol supports up to five simultaneous devices per account via unique keys. Both protocols route all traffic through Mullvad's servers, but WireGuard's simplicity and speed position it as the recommended choice for most users, with no observed increase in leak vulnerabilities when properly configured.

Server Network and Infrastructure

Mullvad maintains a global network comprising 710 VPN servers distributed across 49 countries and 89 cities, utilizing infrastructure from 15 distinct hosting providers. This setup ensures broad geographic coverage without reliance on virtual servers or fabricated locations, as all servers are physically situated in the listed jurisdictions. The company sources servers either through direct ownership, over which it exercises physical control, or via dedicated rentals that preclude shared hosting arrangements. To enhance security and preclude persistent data storage, Mullvad's entire VPN operates on RAM-only servers, eliminating disks entirely; this migration was fully completed on September 20, 2023. Servers run a custom-hardened based on LTS, with isolated remote management via bastion hosts to prevent direct access by providers. High-speed fiber wavelength connections link key data centers in to hubs in , , , , and Zurich, optimizing inter-server traffic routing. The infrastructure undergoes periodic independent , with the fourth review by Cure53 completed in June 2024 confirming implemented security measures, and a subsequent audit scheduled for 2025. This diskless design aligns with Mullvad's no-logs policy by ensuring no residual data survives server reboots or power cycles, thereby minimizing forensic risks in the event of seizures or compelled access.

Client Applications and Usability


Mullvad offers native VPN client applications for and later, macOS, various distributions including and , Android 8.0 and above, and . The applications are open-source and available via official downloads or releases, enabling users to verify the software independently. Account setup requires no personal information; users generate a 16-digit account number for anonymous access, with payments accepted via , crypto, or other methods to maintain . The desktop clients for Windows, macOS, and feature a minimalistic interface prioritizing simplicity, where users can connect to the VPN with one click after , automatically selecting optimal servers for speed and reliability. Usability enhancements include an always-on that blocks all internet traffic upon connection failure or app closure, preventing data leaks; to route specific apps or domains outside the VPN; and options for custom local DNS servers. Advanced configurations, such as key rotation and traffic , are accessible via settings without requiring command-line intervention, though users can also utilize CLI tools for scripting. Additional settings include Device IP version, which controls the IP protocol (IPv4, IPv6, or automatic) for the initial connection to relay servers, distinct from In-tunnel IPv6, which governs routing of IPv6 traffic through the tunnel and is normally not needed on Windows unless accessing IPv6-only destinations. Reviews note the consistent, user-friendly design across desktop platforms, with intuitive server selection and real-time connection status indicators. Mobile applications for Android and mirror desktop functionality, supporting for efficient performance on limited resources, with automatic connection on untrusted networks via app settings. Key features include , , and recent additions like QUIC-based rolled out in version 2025.8 on October 20, 2025, to disguise traffic and evade censorship in restrictive environments. Android-specific updates, such as introduced in version 2025.1 on March 29, 2025, allow chaining servers for enhanced , configurable within the app. improvements have addressed earlier interface limitations, providing smoother navigation and blocking features, though platform restrictions limit some desktop-level customizations, including the lack of options to enable, disable, or configure IPv6 tunneling due to iOS VPN framework constraints. App verification tools ensure authenticity before installation, bolstering trust in mobile deployments. Complementing the VPN clients, Mullvad provides the Mullvad Browser, a modified ESR version developed with , focusing on anti-fingerprinting and reduced tracking rather than VPN integration. It enforces uniform window sizes, isolates per domain, and disables for usability in privacy-sensitive scenarios, downloadable for +, macOS, and . A separate extension adds VPN-specific tools like IP/ detection, proxy chaining, and a browser-level kill switch, enhancing control without full browser replacement. These tools promote layered privacy but require manual configuration for optimal usability alongside the core VPN app.

Privacy and Security Measures

Anonymity and Account Management

Mullvad enables account creation without requiring any personal identifying information, such as a username, , or . Users generate a unique random account number—currently 16 alphanumeric characters long for improved —upon initial subscription purchase, which serves as the sole identifier for accessing the service. This approach eliminates traditional registration hurdles that could link users to real-world identities, aligning with the company's policy of minimizing to preserve user . Account management relies on this number for and subscription handling via the Mullvad app or , with no associated personal profiles or recovery options available. If an account number is lost, users cannot retrieve it, as no backup identifiers or support tickets are maintained; instead, a new account must be created, transferring any unused manually if possible. This design prioritizes over convenience, preventing the storage of recoverable user data that could be subpoenaed or compromised. Subscriptions are prepaid in fixed increments, such as €5 per month, funded through the account dashboard without ongoing billing tied to external financial records. To support anonymous funding, Mullvad accepts payments via privacy-focused methods including cash sent by mail, cryptocurrencies like and , and prepaid cards, alongside conventional options like credit cards that are processed without retaining linking metadata. Cash payments, for instance, allow complete detachment from digital trails, as vouchers are mailed without requiring sender details beyond the account number. The company processes these without activity metadata or associating payments with IP addresses beyond immediate verification, ensuring that even payment records do not compromise user unless legally compelled. This framework extends to operational anonymity, where the VPN app connects using the account number without transmitting to servers, and no session logs are kept to correlate usage patterns. Independent audits have verified the absence of persistent identifiers, reinforcing claims of non-attributable access, though users must still manage their own operational security, such as avoiding reuse of account numbers across devices or . Limitations include the inability to automate renewals anonymously without recurring traceable payments, potentially requiring manual intervention.

No-Logs Policy and Independent Audits

Mullvad operates under a strict no-logs policy, committing to store no user activity data, including connection timestamps, original IP addresses, session bandwidth, or traffic destinations. The company retains only ephemeral data necessary for active VPN sessions, such as temporary keys generated upon connection and deleted immediately after disconnection, ensuring no persistent identifiers link sessions to accounts. Accounts are identified solely by randomly generated numbers without requiring personal information like email addresses, and payment methods support anonymity through options like cash or . This minimal retention approach is designed to prevent any reconstruction of user activity even under legal compulsion. The policy's implementation has been scrutinized through multiple independent audits of Mullvad's VPN and server , which explicitly examined for unauthorized or leakage. A of VPN servers by a Gothenburg-based firm confirmed no information leakage or mechanisms. Subsequent audits by Cure53 in 2020 and 2024 similarly found no personally identifiable information (PII) retention or privacy leaks, with the 2024 review of and relay identifying only two low- to medium-severity issues unrelated to , while affirming a strong overall posture. A 2023 by Radically Open reviewed server access and deployment pipelines, recommending auditable tracking but uncovering no evidence of persistence. These audits, focusing on and operational systems, corroborate the absence of capabilities. Real-world validation occurred during a Swedish police raid on April 18, 2023, when the National Operations Department executed a at Mullvad's offices seeking customer data related to an investigation. Officers seized servers and computers but departed without obtaining any , as no logs or identifying data existed to seize. Mullvad's subsequent request for disclosure protocols from authorities confirmed zero customer data was accessed or retained, demonstrating the policy's effectiveness against compelled disclosure. Client-side audits, such as Cure53's 2020 review and X41 D-Sec's 2024 assessment, further support secure non-logging by identifying only minor, non-persistent vulnerabilities in the applications. A 2025 web app by Assured AB detected no critical or high-severity flaws, reinforcing endpoint integrity.

Response to Government Inquiries and Raids

On April 18, 2023, at least six officers from Sweden's National Operations Department (NOA) visited Mullvad's office in with a authorizing the seizure of computers containing customer data linked to an identified in an ongoing . stemmed from police efforts to trace activity associated with the , but Mullvad staff informed the officers that no user logs or were retained, as per the company's strict no-logs . Consequently, the police departed without confiscating any equipment or obtaining identifiable information, confirming that Mullvad held no relevant records. Mullvad publicly disclosed the incident on April 20, 2023, via its official , emphasizing that the event validated its commitments and that customer anonymity remained intact. The company had previously operated for over 14 years without any reported visits, a claim substantiated by this first encounter yielding no data. In a follow-up on May 2, 2023, Mullvad shared the authorities' response to its request for the search protocol, which clarified that the probe involved an routing through Mullvad but provided no specifics on the underlying offense, maintaining the investigation's confidentiality. This raid highlighted Mullvad's operational design to resist disclosure: account numbers are randomly generated without ties to personal identifiers, payments can be anonymous (e.g., via cash or ), and servers retain no activity logs. Independent analyses post-incident, including from cybersecurity outlets, affirmed the event as empirical proof of Mullvad's no-logs adherence, distinguishing it from providers compelled to retain under legal mandates in other jurisdictions. No further government actions or inquiries against Mullvad have been publicly documented as of 2025.

Performance Evaluations

Speed and Latency Testing

Independent evaluations of Mullvad VPN's performance, primarily using the protocol for its efficiency, reveal competitive download speeds with moderate latency increases attributable to overhead and geographical distance. Tests conducted via tools such as Ookla Speedtest on high-speed baseline connections (often 400+ Mbps unprotected) show average speed losses ranging from 8% to 39%, depending on server proximity and load. In CNET's March and August 2025 assessments across macOS and Windows, Mullvad averaged a 24% speed reduction overall, with stable results including 7% loss to nearby European servers from . Download speeds reached 350 Mbps to New York servers on macOS and 280 Mbps on Windows, dropping to 250-290 Mbps (macOS) and 190-220 Mbps (Windows) for Australian connections; upload speeds followed similar patterns but were less emphasized in reporting. proved consistently faster than in most scenarios, though occasionally edged it on Windows. VPNMentor's 2025 tests highlighted variability, with 27% average loss on nearby servers and 39% on distant ones using exclusively; some connections even exceeded baseline speeds, while outliers dropped up to 45% due to potential overcrowding. Latency remained under 85 ms on local servers, adequate for real-time applications like gaming, but elevated on remote ones, aligning with typical VPN-induced delays of 50-150 ms reported elsewhere for European servers.
SourceTest YearAverage Speed LossLatency Notes
202524% overallMinimal (e.g., 7% loss nearby); stable across OS
VPNMentor202527% nearby, 39% distant<85 ms local; higher distant
AllAboutCookies20258% overallNot specified
These results underscore Mullvad's prioritization of over raw throughput, yielding reliable performance for and streaming without the severe degradation seen in less optimized VPNs, though users on gigabit connections may notice bottlenecks on loaded or far-flung servers.

Reliability for Specific Use Cases

Mullvad demonstrates high reliability for (P2P) and torrenting, with support enabled on all servers and strong performance via the protocol, achieving download speeds suitable for large files without significant throttling. Independent tests confirm it as one of the top options for torrenting due to its features and consistent connectivity, though the removal of in 2023—implemented to curb abuse—may hinder seeding efficiency for advanced users reliant on incoming connections. For streaming geo-restricted content, Mullvad exhibits limited reliability, as many IP addresses are flagged and blocked by platforms like , , and , reflecting the provider's de-emphasis on IP rotation optimized for media unblocking in favor of . Users often resort to to access such services on unprotected connections, underscoring that Mullvad prioritizes anonymity over circumvention of detections. In online gaming, Mullvad offers dependable performance with low latency on regional servers, typically maintaining ping times under 50 ms using , which supports stable connections for real-time play despite occasional during peak hours. Tests indicate it retains sufficient speed and minimal for competitive titles, though global server routing can introduce noticeable delays compared to non-VPN baselines. Mullvad proves effective for bypassing internet censorship and firewalls, leveraging obfuscation techniques such as Obfuscation and protocols to mask VPN traffic, enabling access in restrictive environments without frequent detection. These features, combined with RAM-only servers, enhance reliability against common in authoritarian regimes.

Known Limitations

Mullvad's connection speeds exhibit variability depending on server selection and network conditions, with some distant servers delivering average speeds of only 180 Mbps compared to 310 Mbps on nearby ones during 2025 testing. Independent evaluations have recorded overall speed losses of approximately 24% across protocols and platforms, though maximum throughput can exceed 950 Mbps on optimal connections. This inconsistency arises partly from Mullvad's smaller server network of around 700-800 locations, which limits options for low-latency routing in underserved regions compared to larger competitors. Latency can spike occasionally, impacting real-time applications like gaming or video calls, despite generally low baseline ping times under protocol. Enabling obfuscation, recommended for evading detection in restrictive networks, introduces measurable increases in latency and throughput reductions, as acknowledged by Mullvad's . Reliability for bandwidth-intensive tasks may falter during peak usage due to the service's emphasis on over server scaling, leading to reports of throttling or instability on crowded nodes. On iOS devices, a DNS leak may occur if IPv6 traffic is not properly tunneled by the VPN, leading iOS to send DNS queries via IPv6 outside the tunnel; this reflects known iOS system behavior rather than app issues, and can be addressed by enabling IPv6 in the Mullvad app settings. For geo-restricted streaming, Mullvad's performance is limited by inconsistent unblocking capabilities, succeeding with some platforms like in select regions but failing others due to IP detection rather than speed deficiencies. These constraints reflect Mullvad's prioritization of features, such as dynamic IP assignment, over optimized common in consumer-oriented VPNs.

Reception and Criticisms

Positive Assessments from Experts

Security researchers and independent auditors have consistently praised Mullvad VPN for its robust implementation and minimal vulnerabilities. In a 2024 audit conducted by Cure53, the Mullvad desktop application was rated as having a "high security level," with only non-critical issues identified and promptly addressed by the provider. Similarly, an assessment by NCC Group of the Android app in early 2025 confirmed its strong security posture, highlighting effective protections against common threats. These evaluations underscore Mullvad's commitment to rigorous code review and rapid remediation, distinguishing it from competitors with more frequent or severe flaws. Privacy-focused review sites have lauded Mullvad's anonymity features, such as accountless sign-ups via numbered accounts and anonymous payment options. awarded it 4.5 out of 5 stars in September 2024, citing its "sterling reputation for securing your connection and protecting your " at an affordable fixed price of €5 per month. CNET's Attila Tomaschek, in a September 2025 review, recommended it as "an excellent option for even the most -critical VPN users," emphasizing its top-tier no-logs policy proven in real-world legal challenges. Wirecutter, part of , has selected Mullvad as its top VPN pick for years, as reaffirmed in October 2025, due to its transparent operations and resistance to data retention demands under Swedish jurisdiction. PCWorld echoed this in February 2025, describing it as "one of the most private and secure VPNs on the market" with reliable performance and user-friendly apps, earning a 4.5-star rating. Privacy advocacy resources like Privacy Guides further endorse Mullvad for advanced users prioritizing evasion of , recommending its protocol as the default for optimal without logging user activity. These assessments highlight Mullvad's edge in empirical testing over mainstream alternatives, though experts note its strengths are most evident for non-streaming, high-stakes anonymity needs.

User Experiences and Drawbacks

Users report high satisfaction with Mullvad's emphasis on , such as accountless sign-ups and support for anonymous payments like cash or , which enables usage without disclosure. Privacy-focused individuals frequently praise the service for its implementation and protocol support, which provide reliable traffic blocking and efficient encryption during connections. However, many users encounter drawbacks in performance, including inconsistent speeds and frequent disconnections, particularly on distant servers or during high-load activities like gaming. Mullvad's limited server network—approximately 700 servers across 40 countries as of 2025—contributes to latency issues and in popular locations, making it less suitable for bandwidth-intensive tasks compared to larger providers. Streaming compatibility draws consistent criticism, with users noting unreliable access to geo-blocked content on platforms like , often requiring multiple server trials due to Mullvad's non-optimization for such circumvention. The absence of live chat support forces reliance on or self-help resources, frustrating users needing prompt resolution for connection problems. Additionally, the time-based subscription model, where credits expire after use without rollover, has led to complaints about forgotten top-ups causing unexpected service interruptions. While effective for torrenting, these limitations position Mullvad as a specialized tool for over general versatility.

Comparative Standing in the VPN Market

Mullvad distinguishes itself in the VPN market through an uncompromising emphasis on user and , positioning it as a preferred choice for privacy advocates rather than general consumers seeking broad functionality. As of 2025, it maintains a fixed model of €5 per month regardless of subscription length, undercutting many competitors while avoiding personalized discounts or upsells that could compromise . Independent evaluations, such as Wirecutter's annual testing of 11 VPNs, have selected Mullvad as the top overall pick for five years running, citing its transparency, audited no-logs policy, and resistance to data retention laws in . In broader rankings, however, it rarely claims the absolute top spot; designates it as the most private VPN but awards best overall for superior streaming unblocking and app usability across devices. Comparisons with market leaders like reveal Mullvad's trade-offs: 's network exceeds 6,000 servers across 111 countries, enabling consistent high speeds (up to 950 Mbps in tests) and features like over VPN, which Mullvad lacks, leading reviewers to favor Nord for performance-intensive tasks such as 4K streaming or gaming. Mullvad's approximately 800 servers in 38 countries yield competitive speeds—around 400-600 Mbps for local connections—but falter on global latency for distant servers, making it less ideal for users needing in restrictive regions. Against , Mullvad prioritizes anonymity via accountless access and cash payments, but 's Lightway protocol and 3,000+ servers in 105 countries provide faster average downloads (over 700 Mbps) and broader geo-unblocking, though at a premium starting at $8.32 monthly. Privacy-focused rivals like ProtonVPN offer similar ideological alignment, with both emphasizing open-source apps and independent audits, yet Proton edges out in speed for bandwidth-heavy activities like torrenting, per 2025 benchmarks, while Mullvad leads in signup by forgoing requirements entirely. WIRED and other outlets group Mullvad with Proton as elite for "utmost ," contrasting them against feature-heavy providers like , which, despite strong , collect more metadata for support purposes. Mullvad's smaller scale—lacking live chat or extensive —limits its mainstream appeal, resulting in a dedicated but niche user base that values its resistance to subpoenas, as demonstrated in past Swedish raids yielding no user data. Overall, Mullvad holds strong comparative standing for causal needs but cedes ground to larger players in scalability and convenience.

Additional Products

Mullvad Browser

The Mullvad Browser is a free, open-source web browser developed jointly by Mullvad VPN and the Tor Project to enhance user privacy by minimizing online tracking and fingerprinting. Released on April 3, 2023, it is designed for users seeking robust browser-level protections without relying on the Tor network, instead recommending connection via a VPN such as Mullvad's service for IP address concealment. Based on Extended Support Release (ESR), the browser incorporates Tor Browser's anti-fingerprinting technologies, including letterboxing, standardized fonts, Canvas, and WebGL behavior to achieve uniformity across users and reduce identifiability, while excluding Tor's for potentially faster performance. It enables mode by default, blocks third-party trackers and cookies, and facilitates easy deletion of browsing data between sessions. Multilingual support was added in version 13.0 on October 13, 2023, and the latest stable release, version 14.0, arrived on November 19, 2024, with updates to components like and . Unlike the Tor Browser, which routes traffic through the Tor network for anonymity against high-threat actors, Mullvad Browser prioritizes defenses against corporate surveillance and big tech data collection, assuming VPN usage for network-level privacy. Its fingerprint differs slightly from Tor Browser's due to the absence of Tor-specific integrations, but it blocks or randomizes tracking elements more effectively than most browsers, maintains strong resistance to tracking scripts, and resists common browser fingerprinting vectors. It is recommended by Privacy Guides for the strongest anti-fingerprinting protection when paired with a VPN and performs strongly in tests from privacytests.org and the EFF's Cover Your Tracks.

Public DNS Resolver

Mullvad operates a public encrypted DNS resolver service that supports (DoH) on port 443 and (DoT) on port 853, encrypting queries to prevent interception by internet service providers or third parties. The service launched in beta on March 3, 2021, with servers initially deployed in , the , , the , , and . It employs QNAME minimization, disclosing only the minimal necessary domain information to authoritative servers, thereby reducing exposure of full query details. An routing system directs queries to the nearest server location, which include (), (), Göteborg, , and (), , , and New York (); primary IPv4 endpoints are 194.242.2.2 and variants for filtered services. The resolver adheres to Mullvad's no-logging policy, explicitly stating no retention of DNS request data, connection timestamps, or user identifiers, a stance verified through independent audits such as the 2021 Assured review of its DoH implementation, which found no privacy leaks. To further mitigate risks of persistent , the service transitioned to full RAM-only operation on November 10, 2023, ensuring no data survives server restarts or seizures by eliminating . This aligns with Mullvad's broader infrastructure practices, emphasizing ephemerality for non-VPN services accessible to any user without subscription. By default, the resolver (accessible via dns.mullvad.net) performs no content filtering or blocking, resolving all domains without interference. Optional variants provide curated blocklists for ads and trackers (adblock.dns.mullvad.net), (malware.dns.mullvad.net), or family-oriented restrictions excluding adult content, , and (family.dns.mullvad.net), sourced from Mullvad-maintained repositories of prohibited domains. Prior to this encrypted service, Mullvad offered an unencrypted public DNS at IP 193.138.218.74, which was discontinued on January 16, 2023, to prioritize amid rising concerns. The resolver integrates with Mullvad's VPN app by default for connected users but operates independently, with tools like tests available for verification.

Browser Extensions and Supporting Tools

Mullvad offers a beta browser exclusively for version 91.1 and later, designed to complement its by providing tools for connection monitoring and enhanced within the browser. The does not route all traffic through the VPN but assumes users have the Mullvad desktop client active; it focuses on diagnostics and optional proxy chaining. Key features include real-time and detection, which alert users to potential exposures, and support for SOCKS5 proxies as a secondary hop after the VPN tunnel to further obscure traffic origins. The extension displays Mullvad VPN connection status directly in the browser toolbar, allowing quick verification of active sessions without switching applications. Proxy functionality enables selective routing of browser traffic through Mullvad's proxy servers, which encrypt only the connection to the proxy endpoint while the initial VPN leg handles broader ; this setup splits traffic layers but requires manual configuration of proxy endpoints provided by Mullvad. Installation occurs via the Add-ons store or direct download from Mullvad's site, with settings adjustable for check frequency and proxy activation. No official extension exists for Chromium-based browsers like , and Mullvad has stated no plans to develop one due to resource priorities. An unofficial "Mullvad Proxy" extension for allows automated connection to Mullvad proxies without manual setup, but it lacks official support and endorsement. Earlier prototypes, such as the 2021 Mullvad Privacy Companion beta, recommended third-party privacy extensions like but have been superseded by the current tool. Users report the extension's leak checks as reliable for basic diagnostics, though it cannot mitigate browser fingerprinting, for which Mullvad recommends pairing with the Mullvad Browser.

References

  1. https://mullvad.net/en/about
  2. https://mullvad.net/en/blog/ownership-and-future-mullvad-vpn
  3. https://mullvad.net/en/why-mullvad-vpn
  4. https://mullvad.net/en/help/no-logging-data-policy
  5. https://mullvad.net/en/blog/mullvad-vpn-and-the-tor-project-team-up-to-release-the-mullvad-browser
  6. https://mullvad.net/en/blog/are-we-worthy-your-trust
  7. https://mullvad.net/en/blog/our-year-expansion-looking-back-2016
  8. https://mullvad.net/en/blog/reflecting-exciting-year
  9. https://mullvad.net/en/blog/wireguard-future
  10. https://mullvad.net/en/blog/introducing-post-quantum-vpn-mullvads-strategy-future-problem
  11. https://thebestvpn.com/reviews/mullvad-vpn/
  12. https://mullvad.net/en/blog/mullvad-review-of-2024
  13. https://mullvad.net/en/blog/introducing-defense-against-ai-guided-traffic-analysis-daita
  14. https://mullvad.net/en/blog/defense-against-ai-guided-traffic-analysis-daita-now-available-on-linux-and-macos
  15. https://cyberinsider.com/mullvads-daita-v2-brings-stronger-resistance-to-ai-enhanced-vpn-traffic-analysis/
  16. https://mullvad.net/en/blog/introducing-quic-obfuscation-for-wireguard
  17. https://mullvad.net/en/blog/mullvad-vpn-was-subject-to-a-search-warrant-customer-data-not-compromised
  18. https://www.techradar.com/news/mullvads-no-log-policy-proven-after-police-raid
  19. https://mullvad.net/en/help/swedish-legislation
  20. https://mullvad.net/en/help/how-we-handle-government-requests-user-data
  21. https://www.techradar.com/vpn/vpn-privacy-security/vpn-services-may-soon-become-a-new-target-of-eu-lawmakers-after-being-deemed-a-key-challenge
  22. https://mullvad.net/en/help/swedish-covert-surveillance-data-act
  23. https://mullvad.net/en/vpn/laws-that-matter
  24. https://mullvad.net/en/vpn/trustworthy-vpn
  25. https://mullvad.net/en
  26. https://mullvad.net/en/pricing
  27. https://mullvad.net/en/blog/cash-still-king
  28. https://theprivacydad.com/paying-for-mullvad-vpn-anonymously-with-monero/
  29. https://mullvad.net/en/help/privacy-policy
  30. https://mullvad.net/en/help/dd-wrt-routers-and-mullvad-vpn
  31. https://mullvad.net/en/help/why-wireguard
  32. https://mullvad.net/en/servers
  33. https://mullvad.net/en/help/server-list
  34. https://mullvad.net/en/blog/we-have-successfully-completed-our-migration-to-ram-only-vpn-infrastructure
  35. https://mullvad.net/en/blog/fourth-infrastructure-audit-completed-by-cure53
  36. https://mullvad.net/en/download/vpn/windows
  37. https://mullvad.net/en/download/vpn/linux
  38. https://mullvad.net/en/download/vpn/android
  39. https://github.com/mullvad/mullvadvpn-app
  40. https://mullvad.net/en/help/using-mullvad-vpn-app
  41. https://mullvad.net/en/blog/long-awaited-feature-introduced-desktop-app-20211
  42. https://www.cnet.com/tech/services-and-software/mullvad-review/
  43. https://www.pcmag.com/reviews/mullvad-vpn
  44. https://mullvad.net/en/blog/quic-obfuscation-now-available-on-android-and-ios
  45. https://www.tomsguide.com/computing/vpns/android-becomes-the-latest-platform-to-benefit-from-mullvad-vpn-multihop-heres-how-to-access-it
  46. https://www.techradar.com/vpn/vpn-services/you-can-now-verify-if-your-mullvad-vpn-app-is-legit
  47. https://mullvad.net/en/browser
  48. https://mullvad.net/en/browser/hard-facts
  49. https://mullvad.net/en/download/browser/extension
  50. https://github.com/mullvad/browser-extension
  51. https://mullvad.net/en/blog/mullvads-account-numbers-get-longer-and-safer
  52. https://mullvad.net/en/blog/your-privacy-your-privacy-updated-policy
  53. https://mullvad.net/en/account
  54. https://mullvad.net/en/blog/clarifying-our-no-logging-policy
  55. https://mullvad.net/en/blog/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data
  56. https://mullvad.net/en/blog/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit
  57. https://mullvad.net/en/blog/infrastructure-audit-completed-by-radically-open-security
  58. https://mullvad.net/en/blog/results-available-audit-mullvad-app
  59. https://mullvad.net/en/blog/the-report-for-the-2024-security-audit-of-the-app-is-now-available
  60. https://mullvad.net/en/blog/independent-security-audit-of-our-web-app-completed-by-assured
  61. https://www.theverge.com/2023/4/21/23692580/mullvad-vpn-raid-sweden-police
  62. https://mullvad.net/en/blog/update-the-swedish-authorities-answered-our-protocol-request
  63. https://www.vpnmentor.com/reviews/mullvad-vpn/
  64. https://allaboutcookies.org/mullvad-vpn-review
  65. https://www.rtings.com/vpn/reviews/best/torrenting
  66. https://www.comparitech.com/vpn/reviews/mullvad-review/
  67. https://www.top10vpn.com/guides/mullvad-torrenting/
  68. https://cyberinsider.com/vpn/best/netflix/
  69. https://www.safeshellvpn.com/blog/mullvad-netflix.html
  70. https://mullvad.net/en/help/watching-netflix-with-split-tunneling
  71. https://www.security.org/vpn/mullvad/
  72. https://www.rtings.com/vpn/reviews/mullvad/mullvad
  73. https://www.zdnet.com/article/mullvadvpn-review/
  74. https://www.cloudwards.net/news/mullvad-vpn-expands-quic-obfuscation-to-android-and-ios/
  75. https://proprivacy.com/vpn/review/mullvad
  76. https://www.privacyjournal.net/mullvad-review/
  77. https://www.techradar.com/vpn/latest-vpn-testing-and-results
  78. https://cyberinsider.com/vpn/reviews/mullvad-vpn/
  79. https://mullvad.net/en/help/connection-speed-why-it-so-slow
  80. https://mullvad.net/en/help/dns-leaks
  81. https://www.tomsguide.com/computing/vpns/mullvad-vpn-announces-two-big-security-updates-heres-what-you-need-to-know
  82. https://www.nytimes.com/wirecutter/reviews/best-vpn-service/
  83. https://www.pcworld.com/article/395038/mullvad-vpn-review-2.html
  84. https://www.privacyguides.org/en/vpn/
  85. https://www.reddit.com/r/mullvadvpn/comments/1gl19oa/what_is_going_on_with_mullvad_vpn/
  86. https://www.reddit.com/r/mullvadvpn/comments/1fc2q8b/disappointing_experience_with_mullvad_vpn/
  87. https://cyberinsider.com/vpn/comparison/nordvpn-vs-mullvad/
  88. https://www.cnet.com/tech/services-and-software/best-vpn/
  89. https://allaboutcookies.org/expressvpn-vs-mullvad
  90. https://cyberinsider.com/vpn/comparison/mullvad-vs-proton-vpn/
  91. https://www.wired.com/gallery/best-vpn/
  92. https://cybernews.com/best-vpn/mullvad-vs-nordvpn/
  93. https://blog.torproject.org/releasing-mullvad-browser/
  94. https://github.com/mullvad/mullvad-browser
  95. https://support.torproject.org/mullvad-browser/what-is-mullvad-browser/
  96. https://mullvad.net/en/blog/mullvad-browser-130-released-with-multilingual-support
  97. https://www.privacyguides.org/en/desktop-browsers/
  98. https://support.torproject.org/mullvad-browser/what-is-difference-mullvad-browser-tor-browser/
  99. https://mullvad.net/en/browser/tor-without-tor
  100. https://discuss.privacyguides.net/t/mullvad-browsers-fingerprint-is-different-than-tor-browsers/16278
  101. https://mullvad.net/en/help/dns-over-https-and-dns-over-tls
  102. https://mullvad.net/en/blog/mullvad-doh-and-dot-beta-release
  103. https://www.privacyguides.org/en/dns/
  104. https://mullvad.net/en/blog/2023
  105. https://github.com/mullvad/dns-blocklists
  106. https://mullvad.net/en/blog/shutting-down-our-unencrypted-public-dns-service
  107. https://mullvad.net/en/help/all-about-dns-servers-and-privacy
  108. https://mullvad.net/check
  109. https://mullvad.net/en/help/mullvad-browser-extension
  110. https://discuss.privacyguides.net/t/mullvad-extension-how-do-proxies-work/22371
  111. https://www.reddit.com/r/mullvadvpn/comments/1dph747/mullvad_extension_for_chromium_based_browsers/
  112. https://addons.mozilla.org/en-US/firefox/addon/mullvad-proxy/
  113. https://mullvad.net/en/blog/test-our-new-browser-privacy-tool-mullvad-privacy-companion-beta
  114. https://discuss.privacyguides.net/t/serious-problem-how-reliable-are-vpn-extensions-like-mullvad-vpn-for-firefox/22341
Add your contribution
Related Hubs
User Avatar
No comments yet.