Honest criticism of Mullvad and I find them secretive! am i stoopid?

straight to the rabbit hole:

1. Just like any other, they have “business” partnership and there is no idea about who these are?
2. Less servers in EU including home country Sweden than to say US. If you truly advocate privacy than this should change.
3. The audits are done under a “restrictive” selected choices given to auditors. And funny thing is these so called audits are paid unlike a more stringent independent and open access kind of audit. Can you really trust theese paid auditors? who knows…
4. Never I have seen anything like a forum or AMA on reddit? engaging with users is important. only few social media handles which again limits the user interaction
5. No business info is actually public. Zilch! Nada! They wont talk about this part anywhere.
6. Iceland is known for liberty and privacy around the globe but Mullvad has zero servers there!! On the contrary the UK gets more love than even EU.
7. I’d never understand why they partenered with Tor team to introudce Mullvad Browser? Heres the confusion. Tor team actually makes it and Mullvad deploys it with their own VPN as an offering. If you rally wanna be transparent than this browser should not even hav gotten any VPN and remain neutrall right? Just a hardenened fox
8. they shockingly dont have DAITA featured servers in Sweden!! own nation is left out?? this step alone speaks about how business is more of a priority
9. and of course core source code of severs and DNS are closed ! ka boom!
10. forgot to add this and had to double check but Mullvad is one of the most prominent donors to Tor Project (good for them!!) and now the Tor team partnered with them to provide Mullvad browser!! this step is so wrong on so many levels. A sponsor got the contract from the developers they donate to?? again m not the one to judge but seems weird. . . …

yea yea I am looking for my tin foil hat

Just like any other, they have “business” partnership and there is no idea about who these are?

What does this even mean? What do you think is not being disclosed?

these so called audits are paid

What other possible incentive could there be? Why would a third party auditing firm be willing to spend the time/money/resources to audit an organization without being compensated for their work?

No business info is actually public

Such as? What are you expecting to be “public” that isn’t?

than this browser should not even hav gotten any VPN and remain neutral right?

It is. Mullvad Browser is a fully free browser, its not tied to any VPN, and using it won’t give you access to any VPN you aren’t already subscribed to.

Do you read their blogs often? >_>

Mullvad is either an honest company or a straight up nsa/mossad op. There is basically no real in between here with their posturing. You have to choose who you trust but imo no matter what they are they do not care about your general browsing habits. At some point you have to judge them based on their track record of privacy which has been pretty much untarnished so far. You also have to consider who else trusts them, with the likes of Mozilla white labeling them that is a decent look.

Anyway make your own decisions on trust on the internet.

Just like any other, they have “business” partnership and there is no idea about who these are?

I don’t understand what you mean by this. Do you mean their corporate form is a partnership? That’s pretty normal? But they’re registered as an “AB” in Sweden, which is the local equivalent of corporation.

Less servers in EU including home country Sweden than to say US. If you truly advocate privacy than this should change.

I imagine this is simply because they have more demand in the US than in the EU. Doesn’t serve them very well to have a bunch of servers in the EU when all their demand is for US servers.

The audits are done under a “restrictive” selected choices given to auditors. And funny thing is these so called audits are paid unlike a more stringent independent and open access kind of audit. Can you really trust theese paid auditors? who knows…

Can you elaborate on this?

Never I have seen anything like a forum or AMA on reddit? engaging with users is important. only few social media handles which again limits the user interaction

Well, I mean, they have official social media accounts and use this subreddit for announcements? I’m not sure what else you want?

No business info is actually public. Zilch! Nada! They wont talk about this part anywhere.

You can easily get basic details for free from the Swedish registrar, and if you’re willing to pay the cost with the registrar, you can get their articles of association, their board meeting minutes, their annual reports, and importantly, their beneficial owners. If they weren’t willing to be transparent, they would have registered in a corporate secrecy jurisdiction like Panama or Switzerland, or (HAH) Delaware.

https://foretagsinfo.bolagsverket.se/sok-foretagsinformation-web/foretag/5592384001/foretagsform/AB

Iceland is known for liberty and privacy around the globe but Mullvad has zero servers there!! On the contrary the UK gets more love than even EU.

Again, this is a question of demand for VPN servers there.

I’d never understand why they partenered with Tor team to introudce Mullvad Browser? Heres the confusion. Tor team actually makes it and Mullvad deploys it with their own VPN as an offering. If you rally wanna be transparent than this browser should not even hav gotten any VPN and remain neutrall right? Just a hardenened fox

Mullvad Browser doesn’t rely or have any dependency whatsoever on the Mullvad VPN. You can use it without any VPN at all, or using a completely different VPN, whatever. I personally use it with ProtonVPN.

they shockingly dont have DAITA featured servers in Sweden!! own nation is left out?? this step alone speaks about how business is more of a priority

I… I… I don’t know how to respond to this. You’re just being silly now. You’ve completely blown past the development of DAITA itself.

and of course core source code of severs and DNS are closed ! ka boom!

Does any VPN provider open-source the server software? All I know of is some providers open-sourcing the client software, not the server. That just seems like asking for trouble from people taking advantage of vulnerabilities and having competitors just pop up all the time who steal your software.

OK, what provider do you recommend?

I think there is a problem with the for-profit model as opposed to a cooperative or at least non-profit model in terms of the conflicts of interest. But Mullvad has been the single most transparent and private VPN for years now. Always good to be more transparent but there is a ceiling of what you can actually do at some point, dealing with (1) laws, (2) web traffic optimization, and (3) limited resources.

With regards to 4, I’m actually alright with their aloofness. Openly engaging would require having to deal with halfwits on reddit, including all the Tom Spark clones.

yea so audits… ever heard of lincensing checks by larger enterprises carried out on premise without prior notice? these are done randomly without any warnings and if issues found, the client gets a hefty panelty.

totally get that but problem is not business but lack of any idea about it or lets disclosures. we dont know who they are partenering with behind the scene and why?? reason matters. Browser is not neutral. It is highly customized and rather uses Mullvad DNS offerings which again is run on a closed source code.

look, we have to listen to both arguments here and so far in my book Mullvad seems really secretive about what they do unfortunately…

good pooint!!! on their blog they said they had used a third party to handle emails. do u know what that party was? Google! but no they dont say any word on it there… see the point being made here.

Afaik:

1. Mozilla
2. Malwarebytes
3. Tailscale

And in a different way:

1. The Tor Project (Mullvad Browser is a collaborative efoort between Mullvad, the Tor project, and by extension Firefox)

that’s a pretty good point. but lack of transparencey is killing me. track record itself is an issue as they don’t provide any data to discuss… only heard about a raid and how police found nothing. sure! and what about rest of the 10+ years?? again no data. Mozilla actually reached to somebody else but got rejected and reverted to Mullvad. And Mozilla itself has many flaws to begin with.

talk with facts so even a troll can learn otherwise someone just deleted a comment here whos account was years old while i was typing a reply but anyways here’s ur proof:

leaflavaplanetmoss: “Mullvad Browser doesn’t rely or have any dependency whatsoever on the Mullvad VPN. You can use it without any VPN at all, or using a completely different VPN, whatever. I personally use it with ProtonVPN.”

and the governing laws compared to UK? Iceland is much better choice and even if it is smaller in size, many large corps operate there

good one!

business dealings matter a lot and if a company is primarily not geared towards benifiting consumers than, it is safe to assume that consumers matter less and here consumer meaning someone who is just an avg person buying individually

mullvad is not into steaming support any day so having more servers in US than EU is questionable and yea surely agreed about demand but again the fact is if ur whole point is about privacy than a GDPR lead EU is way better than US, yea yea encryption and RAM there but law matters too

AMA is quite important and on socials they can easily ignore a reply without public knowing.

once again, they should come forward to users not the other way around to get those company data

if Mullvad only focused on running on demand than they would never include many EU countries. Iceland is quite an exception here as it could even become a bridge server but since Mullvad has parteners in UK (see sever ownerships), they IMO wont spend extra penny in Iceland (or anywhere) and again country law matters!

Mullvad DNS (closed source)is enforced and so does their extension, these are passive dependancy and adverts. Neutrality is nowhere to be found. DNS is quite important as there are many other options present with enough protection and reliability supporting modern standsrd.

DAITA study was done in Sweden and sponsored by Mullvad and yet they didnt deploy it in Sweden. What is there u dont get about this?

open sourcing is not done because it’s the key sauce like coca cola recipe. to avoid competition and nothing elese. these are for profit companies for a reason.

forgot about audits:

yea so audits… ever heard of lincensing checks by larger enterprises carried out on premise without prior notice? these are done randomly without any warnings and if issues found, the client gets a hefty panelty.

I simply have no answer to that sadly…

The fact we haven’t seen it referenced in court docs is one thing to note. You see cases built on vpns actually logging and that’s how they get found out. I say they’re either honest or an extreme honeypot (not for your average Joe) because cultivating a 10 yr spotless reputation either makes perfect business sense or perfect espionage sense. They also develop tools you can independently test such as their browser. You can go test that on one of those fingerprinting sites and see that it actually does what it says it does. They don’t have to release additional items like that and they still do.

I deleted the comment because I posted a much longer reply with the same content.

very well said indeed! browser for test? they dont make it, Tor team does. they just modify it and distribute. and yea also enforce own DNS there too which is closed source. there are many many public DNS out there supporting modern standards without any say. browser is really not something to even talk about.

and fyi (to everyone), they are getting paid for any development done and they are not doing anythiing out of their hearts willingness and this includes browser. (just saying and m not against this either i mean u gotta pay for work!) so browser is more like and advert for them

about court docs? anybody seen it?? once again we got been given no info…

there is one spot though. they neever ever said they were transferring user emails to Google. and thanks to their blog post, i never even cared of this part but to my surrprise, there they didnt say Google but third party (again why? just say Google!!), so I had to dig deeper

yea just saw that and replied to that too