Mullvad VPN
Online security is a must; using a VPN like Mullvad isn't for just torrenting files and watching Netflix via a different country. However, picking the correct VPN can be challenging. Mallvad does an excellent job while protecting your privacy and making the process pretty simple.
- Design
- Ease of use
- Price
Mullvad VPN values your privacy and provides as much anonymity as possible for $5.50 a month.
UPDATE April 7, 2022
When we first published this review, we ran some basic tests to check the security of the VPN’s connection. Since then, we had the site bash.ws recommended to us as a place to test how anonymous a VPN is keeping your identity. So, we ran a full anonymity screening using Mullvad and these were the results.
Test | Result | Score |
---|---|---|
IPv4 | not listed in any blacklist | +1 |
IPv6 | N/A | +1 |
Connection | IPv4 | |
Location | United States of America | -1 |
WebRTC | IP is not leaking | +1 |
DNS | IP is not leaking | +1 |
System | MacOSX | -1 |
Browser | Safari 15.4 | -1 |
DNT (Do Not Track Header) | Inactive | -1 |
Proxy | N/A | +1 |
Ports | N/A | +1 |
Tor | N/A | +1 |
ASN | Showed an officially registered autonomous system number |
The anonymity rating was 7 out of 12 points or 58%. When I ran the test without the VPN enabled, the score was 5 out of 12 points, or 41%. The two main areas that were addressed by enabling the VPN were the IP address and a DNS leak. Many VPNs are at a minimum going to show location, system, and browser information. So that part doesn’t concern me. The remainder of our review on Mullvad VPN is shown below.
Everyone needs a VPN. I am a firm believer of this because I value my privacy. I remember being at a local car stereo store waiting on an installation to be completed a few years back. I connected to their WiFi and an obnoxious warning popped up on the screen that let me know that they log all the data that flows through their network. Here is the full text of that message.
This is an open wireless network. No network communication is 100% secure. No network communication should be considered private or protected. All communication over XXXX network is subject to monitoring. XXXX reserves the right to reduce throughput or access as need be.
That was a big NOPE for me. At the time I was using PIA (Private Internet Access) as my VPN. So, I logged into the service, but for some reason, it would not work. It straight-up failed on me. So, I could no longer justify paying for their service. That day, I went for an hour and a half without using the internet because I didn’t want to use WiFi in a place that wasn’t secure. That was also the last time I used PIA.
Since then, I have been somewhat obsessed with finding the best VPN provider available. I actually don’t leave my home much so it doesn’t make a lot of sense for me to pay for a year of service when I don’t know how much I’ll end up using it during that time. I did, however, find myself on vacation in Florida recently. We were staying in an Airbnb and I really didn’t feel that the network was as secure as it should be. So, I began my search for a VPN provider again and my research led me to Mullvad VPN.
What is Mullvad VPN?
Mullvad VPN is an open-source commercial VPN service. It was originally launched in 2009 and operates using WireGuard and OpenVPN protocols. The parent company, Amagicom AB, along with Mullvad, is 100% owned by Fredrik Strömberg and Daniel Berntsson who are both very involved with the company. As of October 2018, Mullvad operates with the vision to provide transparent and honest service within the VPN industry.
Mullvad VPN utilizes first-class technology to ensure all the accounts they serve are secure.
“Mullvad includes ‘industrial strength’ encryption (employing AES-256 GCM methodology), 4096-bit RSA certificates with SHA-512 for server authentication, perfect forward secrecy, ‘multiple layers’ of DNS leak protection, IPv6 leak protection, ‘multiple stealth options’ to help bypass government or corporate VPN blocking, and built-in support for port forwarding.” [1]
As of April 2020, Mullvad VPN offers native iOS and Android clients using the WireGuard protocols. With Mullvad’s service users can evade hackers and trackers as well as maintain their privacy, which Mullvad states are a universal right.
“Privacy is fundamental to a well-functioning society because it allows norms, ethics, and laws to be safely discussed and challenged. Without privacy, a free and open society can neither flourish nor exist. That is why we provide a VPN service that helps keep your online activity, identity, and location private for only €5/month.” [2]
What sets Mullvad VPN apart from other providers?
Mullvad VPN is an exceptional organization with a lot of unique features. For one thing, Mullvad provides a lot of information about their services, policies, and company principles throughout their site. They have a reputation for being transparent with their subscribers as well as with the public. When I reached out to them about featuring them in a review, they directed me to their review policy. The synopsis is that they don’t engage in affiliate marketing or any of the following types of marketing:
- paid reviews
- affiliate marketing
- hosting third-party ads on their website
Mullvad does place paid ads in places like Google, Facebook, and Twitter, and they do host their own ads on Mullvad.net.
When I learned about this policy, I was immediately intrigued about the rest of the company and its services. I really respect the total transparency they offer and it made me investigate other VPN options more closely.
Remain Anonymous with Mullvad VPN
Mullvad has a very clear primary principle when it comes to their practices – privacy. They want their users to be able to remain anonymous when they use their service and in order to help with that mission, Mullvad doesn’t require any information from a user to start using their service. Yes, you read that right. You don’t have to provide an email address, create a password, give them your first and last name, or any other identifying information. You simply generate an account number from Mullvad VPN and then enter that into the Mullvad VPN app. This keeps users 100% anonymous.
Mullvad also has a strict ‘no logging’ policy. They do this to protect their users’ privacy and maintain their anonymity. At this point in time, they might still have to process personal data in order to accept payments, but their long-term goal is to not store any type of data – even payment data.
A Unique Pricing Model
Even Mullvad’s pricing model is structured to provide users the ability to keep their privacy. Mullvad charges one flat rate of €5/month or approximately $5.50/month. They don’t make things complicated with a multiple-tier pricing structure. It’s one price – no matter how long you use the service. They don’t want to lock people into a long-term subscription and Mullvad allows users to pay as they want to. If you want to pay for a full year at one time, you can. If you want to pay month-to-month, you have that option, too. The price has not changed since they launched 13 years ago.
In addition to the flat-rate pricing model, Mullvad VPN also accepts multiple forms of payment. Not only do they accept traditional payment forms such as cash, credit card, and PayPal, but they also accept fees transferred using methods such as Bitcoin. I was surprised to hear that they accept cash. Here’s what their FAQ says:
Can I really pay with cash? You bet, and please! Stay anonymous all the way. Just put your cash and payment token (randomly generated on our website) in an envelope and send it to us. We accept the following currencies: EUR, USD, GBP, SEK, DKK, NOK, CHF, CAD, AUD, NZD. [3]
While I love that they provide this option in the interest of anonymity, I can’t say that sending cash in an envelope is the safest option to ensure your payment gets to them. They do, however, provide a 10% discount to users who pay for their subscription through cryptocurrencies.
Additional Features You Should Care About
In addition to the anonymity practices and pricing model, Mullvad VPN provides the following features to further enhance its offerings to users.
- Mullvad has independent, external audits of their infrastructure and products to ensure transparency and improve their security
- Mullvad provides a safe jurisdiction as a VPN based in Sweden
- An integrated kill switch is designed into Mullvad’s products so that users can automatically stop all network traffic if they have connectivity issues
- Support is provided from within Mullvad instead of being outsourced
Where is Mullvad VPN located and why is that important?
As I mentioned above, Mullvad is headquartered in Sweden. Where a VPN provider is located (the actual business – not the servers) is important to you, the user, because different jurisdictions have different privacy laws and policies about data sharing. Because Mullvad is located in Sweden, they are subject to Swedish laws and regulations. In an effort to provide total transparency, Mullvad VPN has included a list of the relevant laws in Sweden that they must abide by.
In addition to Swedish laws, Mullvad also falls under the jurisdiction of the Fourteen Eyes, one of the alliances created between a group of countries in order to share intelligence data. There are cooperatives organized around the globe including the Five Eyes, which dates back to World War II, Five Eyes Plus, Nine Eyes, and Fourteen Eyes.
The original alliance – Five Eyes – is made up of Australia, Canada, New Zealand, the United Kingdom, and the United States. Fourteen Eyes is composed of the Five Eyes plus Denmark, France, the Netherlands, Norway, Belgium, Germany, Italy, Spain, and Sweden. These countries will still share data amongst one another.
Some users will say that since Sweden is part of the Fourteen Eyes, that is a no-go for them because that means that Mullvad can still share data with the authorities if asked. Even though that’s the case, since Mullvad doesn’t collect any personal information, there is really nothing to worry about. Plus, if you are like me and not doing anything illegal with your VPN service, it really doesn’t matter if they share what data they have.
How does Mullvad VPN work in practice?
The setup for Mullvad VPN is easy. The iOS app was available via the App Store, but the Mac App was not. We reached out to Mullvad to ask if there was a specific reason for that and we were told that there just hasn’t been much demand for it to be in the App Store. Therefore, developing it specifically for Apple, which is an involved process, hasn’t been a priority. They do offer the app as a direct download from their website.
I didn’t have any issues whatsoever with the iOS app. I generated my account number, entered it into the app, and started rocking the internet like a digital champ. Connections were solid and I didn’t even perceive that I was connected to a VPN. The macOS app is unfortunately a different story.
I downloaded it just fine, but when I entered the account number, for whatever reason, the app would not allow me to sign in. I reached out to Mullvad and they provided me with a new login code that fixed my issue right away. After getting connected, I haven’t noticed any drop-offs in service or other types of disruption.
I also think their support is very efficient and prompt to respond to inquiries.
What tests did we run on Mullvad’s service?
When we test out a VPN service there are two main features we are looking at – security and speed. Being connected to a VPN tunnel does inevitably slow down your data transfer rate while you’re connected to the internet and of course, you want your VPN service to be secure. After all, that’s the main reason to be connected, isn’t it? So, how do we look at these two areas?
The first thing we look for is an IP Leak. This is the most efficient way to know if your VPN is actually active. An IP address provides a lot of your information outwardly to connected sources that request that IP address. Your IP address includes information such as your area code, zip code, city, ISP, etc. Third parties can use this information to locate you.
Connecting through a VPN is the first step in masking your IP address from others. In order to find out if you have an IP Leak, and therefore, a VPN that is not working properly, visit whatsmyip.org (or just type the phrase “what’s my IP” into Google) without your VPN connected. Write down the public IP address that is shown. Next, connect your VPN and recheck your public IP address. If it is different than what you originally wrote down, the VPN is active and protecting your IP address.
But wait – there’s more! The second security breach to look for is called a DNS Leak. Even if your IP address is showing a different location, your DNS (Domain Name Server) may not be. If you have a DNS leak, your DNS queries, browsing history, and maybe even IP address could be exposed to third parties. In order to test this, you can utilize dnsleaktest.com.
When you first visit the site, it will show your public IP address. You will want to run the Extended Test. You are going to do this twice – once without the VPN connected and once with it connected. The first time you run it without the VPN, you will likely see a lot of servers being provided by your ISP. Take a screenshot and then run the test again with your VPN connection. Instead of seeing multiple servers listed, you should only see one and it should be showing the location that your VPN is connected through. If you don’t see any DNS servers that belong to your ISP, the connection is secure and the VPN is working correctly.
There is a third type of security leak called WebRTC Leak. WebRTC stands for ‘real-time communication’ and it’s a technology used with video chat and voice applications. WebRTC makes those types of applications run more efficiently. This is another place where data can be transmitted because it’s using the same types of internet protocols to create a connection. We did not run this test because even though there are a lot of WebRTC leak tests available, the majority of them are provided on VPN sites and others link to VPN affiliate programs. Since we couldn’t find what we considered to be a reliable testing method, we didn’t want to judge Mullvad VPN on this test.
NOTE: WebRTC is a setting that can be disabled through your web browser. If you search for “disable WebRTC” for your web browser, you will find the instructions on how to disable this data risk. That said, some video/audio communication channels will not work properly without them enabled.
Finally, we run an internet speed test (Speedtest powered by Ookla) to see how our speed is affected by the VPN connection. We run the test without the VPN connected and then with it connected. That way we can see what the current speed is at that point in time just before we run the speed test with the VPN turned on.
How did Mullvad measure up?
Mullvad VPN passed the IP Leak test and the DNS Leak test with flying colors. One of the things that I really like about Mullvad is that the app shows the location of the server you are connected to, your inbound IP address (used for the DNS leak test), and the outbound IP address (used for the IP leak test). Since Mullvad shows this information, it’s one more piece of information you have to verify the connection is secure because you can match up the IP addresses provided by Mullvad to what the tests are showing.
As far as the speed test goes, Mullvad did not disappoint. We have ultra-high-speed internet service and without the VPN we got a download speed of 467.34 Mbps and an upload speed of 20.68 Mbps. I didn’t expect that the VPN connection would provide that kind of result, but I did get a download speed of 178.21 Mbps and an upload speed of 21.36 Mbps. This was very impressive and while I did sacrifice a little more than half of my download speed to be connected to Mullvad, the speed was network speed is still plenty fast to get most types of work completed efficiently.
Final Thoughts
There are literally hundreds of VPNs on the market right now. Some of them provide decent service, but some are complete junk. It can be hard to discern the good from the bad, especially with all the affiliates pushing certain brands simply because they have a higher commission percentage. This is the reason that Mullvad VPN is a solid choice to go with because you know they don’t pay for that type of marketing. Any reviews you see on their service are based on real experiences because Mullvad doesn’t pay for those reviews to be good nor do they offer any sort of payback through affiliations.
Another big reason that Mullvad is trustworthy is that they aren’t owned by a conglomerate or another VPN company. Lots of VPNs are owned by the same parent company and as a result, they are all networked together, which means…that’s right. There is the possibility that they share information. Because there are so many choices out in the world right now, you need to be cautious with who you decide to go with.
Mullvad VPN’s number one mission is to provide the most privacy options to its users. Period. I’ve had solid service from them and believe – based on our testing – that they will work well for anyone.
For more details, visit Mullvad, Facebook, and Twitter.
[1] https://en.wikipedia.org/wiki/Mullvad
[2] https://mullvad.net/en/
[3] https://mullvad.net/en/pricing/
6 Comments
You can run a WebRTC leak test on Bash.ws which is (afaik) not affiliated with any VPN provider. There’s also the usual tests for DNS leaks, along with some extras like an IP blacklist test, torrent leak test and port test.
Thank you that is very helpful. I will make sure we check them in our upcoming VPN reviews. We want to make sure we are coverage as much as we can so someone can make a real informed decision on the service they pick. This is why we are not doing any review of a VPN that wanted us to signup for an affiliate program or pay us to do it. If that was asked we eliminated them from the list. Any links you can provide that will help us do better tests would be greatly appreciated.
Another test site your can try is browserleaks(dot)com. While not quite as ‘clean’ as bash.ws – they do run google-analytics and fastly scripts, and occasionally run a small ad for various VPN providers – they’re (afaik) not affiliated with anyone. The ‘IP Address’ tab gives you a decent overview of your IPv4 and IPv6 addresses and the server/datacenter providers they’re associated with, along with DNS and WebRTC leak test results all in one page. Aside from that, you can find other tools to test your browser hardening, if interested.
As for VPN provider recommendations, the only one that’s in the same league as Mullvad with regards to your test criteria is probably IVPN. They also used a numbered account system (inspired by Mullvad), don’t do affiliate marketing (you won’t see Marquez or Linus recommending them on Youtube), are very transparent about their operation, conduct and disclose results of regular audits for their infrastructure/applications, and are clear about their ownership/staff, legal guidelines, logging policy, payments, etc. They lose out to Mullvad in some aspects (total number of servers, pricing structure) but are better in other aspects (mobile app quality, warrant canary, accept Monero) so it’s a bit of a toss-up.
I just ran Mullvad through Bash.WS, and it seemed to pass with flying colors. I will be updating this review to showcase the test results. Thanks again.
There is a couple of Chrome extension that will disable WebRTC leaks and protect you from fingerprinting. First is called “WebRTC Control”. Second is “Canvas Blocker – Fingerprint Protect”. They do not in any way hinder your browsing experience, such as disaling javascripts etc, but they do disable some tracking.
Hi Brian, thank you for this. Do you know of any for Safari?