Not to be overly cynical, but I imagine that once Mullvad reaches critical mass (as defined by law enforcement/foreign intelligence orgs), it will be forced to start to identify users.
It's kind of like dark markets. If you're a smaller player, you're not a priority, but once you start to hit everyone's radar screens, eventually you'll "play according to their rules".
Swedish authorities have violated their own laws at the behest of American spy agencies before. If it happened before it could happen again. And now Sweden is in NATO, so their relationship with American spy agencies is likely more intimate than ever before.
> On December 18, 2001, 45-year-old Ahmed Agiza was secretly apprehended in Sweden by Swedish Security Police. Agiza was then handed over to agents of the U.S. CIA, who stripped him, dressed him in overalls and chained and shackled him before transporting him in a Gulfstream V aircraft to Egypt, where he was severely tortured. At the time of his unlawful rendition, Agiza, an Egyptian citizen, was living in Sweden with his wife and five young children, waiting for a determination on their political asylum application.
I don't think any Western entity is beyond the reach of the US intelligence apparatus. If the US isn't pressing these countries to hand over data on a person, it means that the US isn't interested in disappearing that person. Throughout the War On Terror, time and time again we've seen these European countries cooperate in one way or another.
Well, Sweden has its own DPA law (see IMY) which prevails over GDPR. Also, according to the recent decision (see [0] and its references for details), user is not considered as party to their own privacy rights.
I can only add that in Sweden at least some important personal information is not protected at all. It's given by the government for free and can be used by anyone [1]. Like all details on any person income, taxes paid, phone number, address and birth date [2]. Nice regulations, isn't it?
I'm really not sure if I want to use VPN or any other service based in Sweden.
One of the few cases where no-logging can be made profitable. But if that isn't already illegal, soon someone will make laws demanding vpns to keep logs for the usual "children and terrorists".
I wonder what we could do to make no-logging more widely profitable
I love Mullvad in principle but using it as a daily driver VPN is becoming an increasingly miserable experience. I could live with increased CAPTCHA checks, but IME their IP ranges are more and more being overtly blocked or silently throttled/blackholed by services, server hopping to access something is a daily annoyance even after filtering out their worst provider (M247).
It comes with the territory I suppose, their commitment to privacy means they can't stop bad actors from ruining their IPs reputations even if they want to.
Completely agree. I find it nearly impossible to use without a significantly degraded browsing experience. I also thought of using a VPS but being the only person who would be using that static IP makes it harder anonymize traffic. You can’t hide behind the masses on a VPS VPN. One leak that has some piece of identifying information along with the VPS IP exposes you entirely.
Just use Mullvad as the first hop in a VPN chain, where the exit point is a VPS with a clean IP that you've registered anonymously and paid for in Monero.
I'm rather impressed by that policy. Not so much the policy itself - any VPN operator should have a policy like that - but the detail and specificity with which they've set it out.
General privacy policies for internet services should look like that.
Do people enter into a mutually legally binding contract that holds mullvad to keeping with this policy? What happens if that contract is breached? Is there someone from Mullvad here that knows more details?
It's kind of like dark markets. If you're a smaller player, you're not a priority, but once you start to hit everyone's radar screens, eventually you'll "play according to their rules".