What's behind Mullvad's reputation?

Mullvad VPN is a true veteran of the VPN industry – and has been since 2009. Since then, the provider has become synonymous with digital privacy.

Although plenty of the services on our best VPN rankings do a stellar job of balancing security and usability, Mullvad puts anonymity above all else with its audited no-logs policy, robust security tools, and dedication to transparency. It's exactly what we like to see.

This approach has made Mullvad a leader in the VPN sphere – so keep reading, and I'll dig into why Mullvad has maintained such a rock-solid reputation.

The basics

So, given the glowing endorsement, you might wonder why Mullvad isn't listed on our top VPN page – and the reason why is pretty straightforward. Mullvad prioritizes privacy, rather than the streaming support that a lot of today's users have at the top of their must-have lists.

This certainly doesn't make Mullvad a bad choice – far from it, in fact. If you value your digital privacy above everything else then it should be one of the first services you consider.

After all, when you choose a VPN, you're giving them access to all the traffic that passes through your computer to the internet. So when you pick a VPN provider, you need to trust them as much as you trust your internet service provider (ISP) – if not more.

This is why Mullvad is so popular. It's a VPN you can really trust – but you don't have to take my word for it. The Freedom of the Press Foundation recommends Mullvad VPN as one of the very few services that check all the boxes for protecting journalists.

I spoke to Jan Jonsson, Mullvad VPN CEO, who underscored the importance of this ongoing defense of our digital freedoms.

"The mass surveillance taking place today violates both fundamental human rights and different countries’ constitutions and crosses the boundaries that we, in free societies, have set for those in power," Jonsson said. "These boundaries exist as safeguards for democracy – so when they are crossed, we must resist.

Unlike other VPNs, Mullvad doesn't demand your personal information when you sign up for an account. You don't need to provide a name or email address; instead, you generate a random account number, ensuring that your identity remains anonymous. This account number is your only identifier and it isn't tied to any of your real details.

If you're still worried about leaving a paper trail, however, Mullvad lets you pay for your subscription via a variety of anonymous methods, including cash and cryptocurrencies. Most importantly, Mullvad accepts Monero, which is the best way to conduct anonymous transactions using cryptocurrencies.

Now that I've covered all the basics, let's dive into the features that make Mullvad a great choice for privacy-first browsing.

Pricing

Other VPNs will try to tempt you into picking up a long-term subscription with discounts – but Mullvad does things differently.

The service offers exactly one pricing option: €5 per month, regardless of how many months you purchase. Mullvad used to operate a more typical tiered subscription plan but stopped in 2022.

The new approach has the added advantage of allowing Mullvad to operate while retaining as few of your details as possible. Since Mullvad doesn't store ongoing payment information, there’s no way to tie a recurring payment to a specific person's VPN usage.

While this might sound a little inconvenient at first, don't worry. You can still add multiple months to your plan in one go. Mullvad keeps track of the remaining time on your subscription, too, allowing you to top up as and when necessary. It takes a bit of extra management to make sure you're always covered by Mullvad, but this approach has the added benefit of making sure you're only ever paying for what you want to use instead of being pressured into a long-term plan.

Mullvad also has several partners that offer different pricing schemes, including MalwareBytes and Mozilla VPN, who both license Mullvad's servers for their own VPN products. If you're worried about privacy but don't want to send cash or invest in cryptocurrency, there are also several physical partners Mullvad provides voucher cards for, such as Amazon, ProxyStore, and SerialCart.

Encryption

Of course, all the good intentions in the world don't matter if a VPN's technical implementation leaves you open to snooping. This is why Mullvad VPN only uses implementations that are highly secure and have stood the test of time: OpenVPN, and WireGuard.

These protocols are considered the "gold standard" when it comes to protecting VPN encryption, ensuring that your internet traffic is secure from prying eyes – something that's a top priority for Jonsson and his team.

"If we don’t have the right to explore new thoughts and ideas without someone constantly registering that process, if we don’t have the right to private conversations with those close to us, if we don’t have the right to decide for ourselves when and to whom we express something – do we even have free speech at all? Freedom of speech means the right to say what you want, but it should also mean the right to decide when and to whom you say it."

OpenVPN has been in use for more than 20 years. It's trusted by individuals and corporations alike, it's highly configurable and can be adapted to meet various security needs. However, it is a little slower and chews up more resources than some of today's more modernized options.

OpenVPN uses AES-256 encryption, a standard recommended by the National Institute of Standards and Technology for secure data transfer. AES-256 is considered virtually unbreakable with current computing power, as it would take billions of years to decrypt a single stream.

WireGuard, on the other hand, is a newer protocol that is known for its simplicity, speed, and security.

Unlike OpenVPN, which offers multiple encryption settings, WireGuard uses a single, highly optimized encryption suite designed to provide maximum security with minimal overhead. This simplicity results in faster connection speeds while maintaining a high level of security.

The best thing about WireGuard is that, thanks to a much smaller footprint than OpenVPN, it won't chew through your battery life.

While there are some security issues with the default implementation of WireGuard, Mullvad has taken extra steps to ensure that your IP isn’t left hanging around in the system's RAM by deleting it 600 seconds after your last connection.

Logging policy

Mullvad's logging policy is unusually brief, especially when compared to smaller, less trustworthy services. The provider has a clear and concise policy that does not attempt to mislead you with loopholes or omissions. When Mullvad says that it does not log your data, it truly means it.

As per Mullvad's policy, it doesn't log the following details:

• IP addresses
• DNS requests
• Traffic
• Connections and timestamps
• User bandwidth

This no-logs policy has been confirmed by several companies including Cure53, Assured AB, and Radically Open Security. These third-party audits demonstrate that not only is Mullvad invested in providing a no-logs service, but that it's also open and transparent about the results these audits provide.

Additionally, Mullvad's apps are open source, meaning anyone can check out the code for vulnerabilities. The VPN has also commissioned audits of its apps in both 2020 and 2022. So, with its public user base and private experts keeping an eye on Mullvad's code, it's going to be difficult for a hacker to pounce on an exploit that hasn't already been fixed.

Mullvad operates its own authoritative DNS servers, too, which have also passed independent audits. This infrastructure provides additional privacy by ensuring that DNS requests are handled in a way that doesn't expose them to your ISP, as these requests aren't handled by a VPN tunnel by default.

Really, the thing that fills me with the most confidence when discussing Mullvad is the fact that all of this technology works in the real world – not just on paper.

There's no way to spy on Mullvad's servers and the cops can't jump over all that technology and go straight to the source, either. In fact, Mullvad was served with a warrant by Swedish police in April 2023, but it was dismissed after the provider pointed out that complying with the warrant would be illegal under Swedish law. 

Kill switch

A kill switch is a critical feature for any VPN – it prevents data leaks by cutting your internet connection in the event of a VPN dropout.

By automatically severing the connection, Mullvad's kill switch protects your digital privacy and keeps your original IP address from being exposed.

The Mullvad kill switch is enabled by default, which I like, and can't be disabled. This ensures that you've got round-the-clock protection against accidental data exposure when you're browsing via public Wi-Fi – even if you forget to flip the kill switch on.

This is particularly handy if you're using Mullvad's mobile apps to cover you while you're traveling between multiple Wi-Fi hotspots.

Quantum resistance

There's a lot of chatter about quantum computers breaking VPN encryption and, while we're not nearing that stage of computing quite yet, Mullvad isn't taking any chances.

The service has implemented quantum-resistant encryption into their Android and desktop versions of the WireGuard protocol based on NIST-recommended quantum-resistant algorithms. This makes Mullvad one of only a handful of VPNs at the forefront of future-proof privacy.

According to Jonsson, the decision to invest in tomorrow's cybersecurity was prompted by the ever-growing reach of today's mass surveillance – and how a VPN alone may not be enough to combat it.

"We are also working together with universities and researchers to develop technical resistance against the mass surveillance of the future," Jonsson explained. "We have VPN tunnels that can resist quantum computers, and we have recently launched DAITA (Defense Against AI-guided Traffic Analysis), a feature in our VPN app that sends out fake traffic and disrupts the patterns of data packets that could be used to analyze people's encrypted traffic."

Even if you could decrypt Mullvad’s traffic with a quantum computer, however, there wouldn't be much to get your hands on.

As of September 2023, Mullvad implemented a RAM-only server infrastructure, ensuring that all data is wiped whenever servers are rebooted or moved. So, even if the service was raided or hacked, there's only a minimal amount of data they'd be able to pull from the servers.

Conclusion

So, in summary, it's fair to say that Mullvad has more than earned its reputation for top-notch digital privacy

Some VPNs only talk the talk – they'll claim to abide by a no-logs policy but won't invest in an audit to back up their claims. Some keep tabs on your browsing habits, too, and some are little more than scams designed to harvest your identifiable data.

In that regard, Mullvad is a breath of fresh air. If your privacy comes first, and you want to reclaim some of your online anonymity, it's well worth seeing how this secure VPN works for you.