Mullvad browser: the privacy of Tor, with the perks of a VPN
How could a Tor browser without its network work in practice?
News of a brand-new browser offering a whole new spin on the Tor network might have caught all privacy nerds out there by surprise.
On April 3, one of the best VPN services around, Mullvad, launched its new product which was developed in partnership with the Tor Project.
First released in 2008, the free and open-sourced Tor browser has become synonymous with privacy online as it hides user data by rerouting connections to at least three encrypted servers all run by volunteers.
However, this level of security comes with some drawbacks in performance. Plus, Tor is often associated with illegal activities on the dark web.
The Mullvad browser is essentially Tor, but designed to be used with a trustworthy VPN instead of the Onion network - a way to provide greater privacy to as many people as possible.
Mullvad VPN and the Tor Project today present the release of the Mullvad Browser.A privacy-focused web browser designed to be used with a trustworthy VPN instead of the Tor Network.Read the full story and download the browser here.https://t.co/PpO9v2bpACApril 3, 2023
Mullvad CEO Jan Jonsson told TechRadar that they have chosen the Tor Project as they believe it's the best when it comes to privacy-focused browsers. "We have, for a long time, been devoted supporters of the Tor Project and we share their values when it comes to people's privacy and fighting mass surveillance," he said.
Privacy-focused browser: why do you need one?
You might be wondering why, if you are already using a secure VPN service, you also need a secure browser to ensure your privacy is protected.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Despite what some providers on the market might want us to believe, a VPN isn't enough for achieving privacy nowadays.
"The mass surveillance of today is absurd. Both from commercial actors like big tech companies and from governments," Jonsson said.
Short for Virtual Private Network, a VPN is security software that spoofs people's IP address while encrypting all the data leaving a device. That's great for accessing otherwise geo-restricted online content and/or apps, while enjoying some anonymity online.
However, today's surveillance is more complex than that. Big tech and data brokers seek to gather as much data as possible to build an accurate profile of every user to better tailor both their services and ads. Likewise, authorities are notorious for spying on citizens on national security grounds. And these aren't limited to authoritarian countries: think of the Five Eyes Alliance as an example.
A web browser then becomes an important means for snoopers to collect your personal data and track your digital behavior. Some specific details collected are:
- Personal IP address: Short for Internet Protocol, your IP address identifies your device so that your ISP (internet service provider) knows where to send the internet traffic. Think of it as your home address. As your IP is public, your ISP could share such information with authorities, advertisers or data brokers. Third-party actors on websites could also collect this information to track you down. All this might be more or less invasive, depending where you're based.
- Browser fingerprinting: Also known as device fingerprinting, it refers to a series of tracking scripts that web pages use to determine a lot of details about the device you're using. These include your operating system, type of device you're browsing from, other software installed, language, time, font, screen resolution, and more. All these prompts make it possible to create your unique fingerprint. And, contrary to cookies, websites can do so without asking for permission.
- Third-party cookies: Cookies are a tiny snippet of code that gets stored on your browser every time you access a website. While some (first-party cookies) are placed by the site owner for functionality reasons, third-party cookies are used by external actors to track your online activity all over the internet. These are used, for example, to tailor ads according to your searches. And, despite the fact that under GDPR users can reject tracking, their journey is often built to make people hit 'accept'.
- Third-party web scripts: Again, this type of web tracker is a small piece of JavaScript code that can both help web pages to function or, if they're placed by third-parties, track you. Web scripts can determine a video you're watching, how long you look at an image on screen, if you read the whole article, and so on. Scripts also collect the details for creating your browser fingerprint. However, this behavioral data needs unique identifiers to link the activities to a specific person.
Mullvad browser: how does it protect your data?
The idea behind the Mullvad browser is simple: an alternative web browser that offers the privacy and security of Tor, together with all the perks of a standard VPN.
"We don’t like the fact that the internet has turned into an infrastructure where it’s possible to collect anything about anyone at any time," said Jonsson.
"From our perspective there has been a gap in the market for those who want to run a privacy-focused browser as good as the Tor Project’s but with a VPN instead of the Tor Network."
Put simply, Mullvad browser seeks to make it harder for anyone to track you on the internet. But how does it do that in practice?
By default, it comes with private mode enabled meaning that cookies are never saved between sessions. So are visited pages, forms or search bar entries, and cached web content. It has also Firefox's 'resist fingerprinting' system always on.
First-party isolation (FPI) is employed to fight back cookies during your session, too. The Mullvad browser isolates these instead in separate cookie jars so that trackers cannot connect to each other, failing to build your digital persona.
Mullvad browser never collects telemetry data (details to improve performance like crash and error reports) either, blocking web scripts via Mozilla's uBlock Origin extension. Not so surprisingly, tracking-free DuckDuckGo is its default search engine.
All these come as standard. Developers suggest not changing the browser's settings as doing so could inadvertently reduce the overall browser's security.
Despite not being a necessity, the provider also strongly recommend using the browser together with a trustworthy VPN (Mullvad or others) for extra anonymity. A VPN is, in fact, the only way to hide your personal IP address.
Mullvad browser isn't the only privacy-friendly browsing option out there - think of Mozilla Firefox (which both the Tor and Mullvad browser are based on) or Brave, for example.
However, a similar level of privacy is usually achieved by installing a lot of extensions that have the potential to make users even more visible among the cyber-crowd.
Less techy users might fail to customize software's settings for the best security, too.
Here, there's no need to play with settings or download countless privacy extensions. Mullvad browser is the one doing this work for you.
According to Isabela Fernandes, Executive Director at the Tor Project, this demonstrates "you can develop free technology with mass-appeal and privacy in mind."
Completely free and open-sourced, it's available to download on Windows, MacOS, and Linux. Just head to https://mullvad.net/en/browser and follow the instructions.
Mullvad browser vs Tor: which one to choose?
As you've probably noticed, the Tor browser and Mullvad browser are fundamentally quite close to each other. They are both free and open-source software, designed to minimize web tracking. The network they work on is what makes the difference here.
The Tor Browser connects to the internet via its decentralized Tor network operated by volunteers. It encrypts web traffic in at least three security layers, sending connections through three different relays around the world.
On the contrary, the Mullvad browser establishes internet connection via the encrypted VPN tunnels and servers of Mullvad VPN or any other service, but only if you're connected to a VPN service. Otherwise, it will do so as standard browsers do - although that's not recommended as your IP will not be hidden.
Tor is great if you're trying to hide from government surveillance as authorities might be using more sophisticated tracking tools than what commercial snoopers employed. Tor might also be better for bypassing strong online censorship, thanks to features like its Snowflake, as state censors increasingly crack down on VPN usage.
As a downside, Tor isn't super user-friendly and might slow down your online activities - especially when combined with a VPN app. The Mullvad browser, Fernandes explained, represents a more privacy-oriented option for everyday browsing while also challenging behavioral data exploitation.
"We hope to inspire others to take a page out of our playbook – and think of privacy as a 'feature' that can enhance user experience, not as an afterthought," she added.
We're making great progress on improvements to onion services and their DoS attack protections. Thank you again to @try_quiet, @Trezor, @fedibtc, @ocelothq, @opensats, & @freedomofpress for making this possible! https://t.co/eoIhmsbLj8March 31, 2023
It is worth noting that Tor has also been the target of a wave of DDoS attacks lately. However, developers said that this partnership has been advantageous as it allowed them to address some legacy issues and fix vulnerabilities.
An interesting point raised by The Verge around the effectiveness of Mullvad browser is the fact that if there are few people using it, these might be easily fingerprinted just for being the only ones not displaying such detail.
Replying to this, Jonnsson told TechRadar: "We hope that as many people as possible want to use the Mullvad Browser. That’s why you don’t have to be a Mullvad VPN customer to use it. The more people who use it, the better for privacy. We hope that people start to consider their internet behavior and join the resistance against mass surveillance, big data gathering and surveillance capitalism."
Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com