What VPN have you switched to after the Mullvad situation. I have looked at nym and ivpn. But don’t know if they are any good.
What VPN have you switched to after the Mullvad situation. I have looked at nym and ivpn. But don’t know if they are any good.
Mullvad has been audited over and over again and found to not be logging.
Before they dropped port forwarding a police raid famously found nothing and confirmed that they were not recording any user information and operating as advertised, that is to say, operating in a way that not only didn’t log, but precluded the possibility of logging.
A raid where they get nothing is like an audit but it’s the real thing.
They dropped port forwarding because, in concert with an Interpol investigation, all the big content delivery networks and lots of websites to boot started blocking their endpoints.
There is not any vpn I’m aware of that has been physically raided by cops with a court warrant in hand and shown to have nothing and also dropped their possibly most popular service, port forwarding, in order to not have to comply with an investigation.
I used ivpn in the past and see it as basically an untested mullvad from ten years ago. Who knows how its people and technology would respond under the same circumstances? Could be good, could be bad.
Audits don’t prove they don’t keep logs when a company do a audit on them Mullvad give them access to what they can audit Mullvad can just delete the logs from the servers when the audit is taking place it don’t prove anything.
But the raid where the cops don’t find anything is a really good sign.
Yeah there’s a lot of questionable stuff in the vpn service security auditing “space”.
That’s why I think it’s important to look at the raid outcome to see how their systems handle a real world situation (interpol tries to get logs and install logging in order to bust an alleged global csam ring using mulvads port forwarding, user privacy and anonymity protections to trade files over windows cifs (yes, network neighborhood, pedos apparently have a reputation for lack of opsec) sharing). The raid was unsuccessful because there were no logs and the police were unable to install logging capabilities.
After that failed operation, Interpol began requesting cdns and hosts block mullvads endpoints by ip. The point of that operation was to either force mullvads compliance with the investigation, to get them to drop port forwarding, or to force them to close down.
Because at the peak even cloudflare was blocking mullvad, it became very hard to use the service when browsing or for pretty much anything that relied on internet like rss or podcasts, shoutcast or even updating your computer.
Mullvad dropped port forwarding after rotating servers for months to attempt to beat the block and giving users lots of warning.
In the months after the block request was lifted, using the service for normal browsing went back to usual.
I remember all these details so clearly because I was a user of mullvad then and it was a relatively high profile and well publicized test of a vpn services’ capability to withstand government pressure.
As it turns out, even having no logs and no ability to add logging into your system doesn’t stop government from telling everyone else to make your system unusable.
It’s also pretty much the best possible outcome someone could expect of a service.
The point of this long ass reply is not to defend a company, although I think a person who was doing so could be forgiven for it in this case, the point is to help you understand what happened to make users of that service put their trust in it and why people like me are saying “maybe consider not ditching mullvad” when you ask what to use instead.