Mullvad VPN's servers have undergone an independent audit – and the results are in

Mullvad VPN working on a laptop
(Image credit: Mullvad)

One of the best VPN services around right now, Mullvad VPN has achieved some positive results in its second independent security audit. 

Gothenburg-based cybersecurity consulting firm Assured AB confirmed the security of Mullvad VPN servers as 'no leakage or logging of customer data could be found.'

"The configuration is sound and did not display signs of any direct customer information," conclude the security group in its report.   

However, some medium and low risks vulnerabilities have been spotted around firewall policies and internal monitoring practices that should be improved to further minimize attackers possibilities.

What's next?

Mullvad VPN developers seem to be now busy fixing the bugs in its servers’ infrastructure. 

Among the improvements, it has already implemented more stringent firewall rules to make the protection against malicious intruders even stronger. A wider range of credentials has been implemented so that every server and API will have their own unique identifiers.  

Overall, the provider claims to be satisfied with the outcome. "We are thankful to Assured AB for verifying that we do not have any customer logging enabled on any of our external facing services.

"As with our last audit we will endeavor to do audits on as close to a yearly basis as possible. We are grateful to Assured AB for auditing our servers, they were able to highlight new issues that the previous audit did not."

Mullvad homepage

(Image credit: Mullvad)

For customers, it is important to know if their data security is actively protected. This is the reason why VPN audits conducted by trusted third-party experts are an important practice for safeguarding the safety of users. 

By providing an independent verification over companies' policies and software infrastructure, they ensure nothing is missed in development, and that customers aren't misled by flase marketing messages.

As in Mullvad VPN's case, these audits also offer an opportunity to spot and fix potential vulnerabilities before they can develop into more serious risks for users' privacy.

Mullvad VPN is just one of the big names that has undergone an independent audit. Other providers doing the same include ExpressVPNNordVPNSurfshark and IPVanish.

Chiara Castro
Senior Staff Writer

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com