this post was submitted on 08 Aug 2024
77 points (98.7% liked)

Privacy

31859 readers
389 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I've been reading through Signal's government requests and couldn't find a similar section on Mullvad's website. I'd be curious to read about them if there are any. It would seem unlikely to me that Mullvad has never received any kind of court order for information about a user.

top 30 comments
sorted by: hot top controversial new old
[–] [email protected] 51 points 3 months ago (1 children)
[–] [email protected] 14 points 3 months ago
[–] [email protected] 45 points 3 months ago (2 children)

Yup, Swedish police issued a search warrant and raided Mullvads offices last year. They left empty handed as Mullvad does not retain ANY customer data.

[–] [email protected] 20 points 3 months ago (1 children)

They even stopped allowing customers to pay with credit card recurring payments because they didn't want to store customer payment info that could harm their users.

[–] [email protected] 10 points 3 months ago (1 children)

I currently pay Mullvad with a recurring charge on my credit card.

[–] [email protected] 4 points 3 months ago (1 children)

They brought it back? That's concerning

[–] [email protected] 6 points 3 months ago (1 children)

They realized banning convenience is bad for business. You can still pay in private ways

[–] [email protected] 2 points 3 months ago

When they announced it, they said it would be bad for business, but that they valued their customers privacy more than the cost it would cause in lost business.

[–] [email protected] 7 points 3 months ago (1 children)

Once their servers are unplugged they lose all value. While their online and running that could be a different story.

[–] [email protected] 2 points 3 months ago (1 children)
[–] [email protected] 2 points 3 months ago

Possible but with physical access needed. Which makes things much more difficult. At least for servers under Mulls control vs rented servers from a provider in each locale.

[–] [email protected] 27 points 3 months ago (2 children)
[–] [email protected] 38 points 3 months ago (2 children)

That's a bit misleading, they did receive a request, and a search warrant was attempted, but since the data they wanted didn't exist, nothing happened.

Good link, but just the word yes didn't accurately answer the question.

[–] [email protected] 23 points 3 months ago

just the word yes didn’t accurately answer the question

correct, which is why the link was provided. the OP can figure the rest out, as you did

[–] [email protected] 7 points 3 months ago (1 children)

Since you are pedantic. The answer yes is absolutely correct and not misleading. The question was "Has given a court order to reveal..." and not "Was revealed personal information 'cause of a court order".

[–] [email protected] 6 points 3 months ago

You sir are technically correct.

The best kind of correct.

[–] [email protected] 4 points 3 months ago
[–] [email protected] 21 points 3 months ago (1 children)

IIRC, they get requests for data, and, if the request is valid, hand over what they have, which is virtually nothing as they don’t keep logs. There is no provision in Swedish or EU law that could compel them to start keeping logs.

[–] [email protected] 16 points 3 months ago

They also "retain lawyers to monitor the legal landscape should they need to move core parts of [their] business"

[–] [email protected] 21 points 3 months ago* (last edited 3 months ago) (2 children)

What could they even give? They don't even ask for an email, and they claim to run everything you browse as RAM that never gets held or recorded.

[–] [email protected] 8 points 3 months ago

Yes if you get a court order for data you don't hold, you don't have to provide data you don't have access to. I wasn't expecting that Mullvad would have any useful data to give, I just wanted to read their response/commentary is all

[–] [email protected] 5 points 3 months ago (1 children)

Credit card numbers, assuming you would pay for the service that way

[–] [email protected] 0 points 3 months ago (3 children)

I don't see why people would use a credit card to pay for a vpn, it seems like it would totally defeat the purpose. I guess if you get ahold of an anonymous card then it would be fine, but using a card in your name to pay for an anonymous service just seems wacky to me.

I'm curious, does anyone here pay for their vpn with something thatvis in their name? If so, why?

[–] [email protected] 21 points 3 months ago

Because that's not our threat model.

I want to be anonymous for the sites I visit. I want my ISP, who's likely selling my data, to have none. I want to use a WiFi without anybody sniffing.

I'm lucky enough to live in a county were I'm not prosecuted for my ideas or who I am, and I'm not doing anything illicit aside from torrent.

So the hassle doesn't seem needed in this case. If I think Mullvad can harm me if they know my name, then I wouldn't use it at all, even with private payments.

[–] [email protected] 13 points 3 months ago

Anonimity is keeping your identity private, but not your actions.

Privacy is keeping your actions hidden, but not your identity.

Using a VPN will hide your IP and make you more anonymous online. Using a personal CC to buy the vpn does not compromise that and does not defeat the purpose at all.

Only if your specific account ID is compromised could the personal CC be used against you by identifying you. E.g.: "they" found your bad email in an inbox of somebody who is less privacy conscious and are trying to figure out who festybear69@... is.

It depends on what your use-case/threat model is.

[–] [email protected] 8 points 3 months ago (1 children)

What purpose is it defeating if they are not storing anything besides your credit card payment information?

[–] [email protected] 6 points 3 months ago* (last edited 3 months ago)

Yeah, if they're looking for your data on VPN services, they obviously already know you use it, most likely because of the IP.

[–] [email protected] 1 points 3 months ago (1 children)

Why would they?, there is nothing they can found anyway.

[–] [email protected] 8 points 3 months ago (1 children)

They'd get nothing helpful from Signal either and yet governments still do it. Governments often don't know what they're doing and are used to just being able to ask companies for user data

[–] [email protected] 2 points 3 months ago* (last edited 3 months ago)

Nothing majorly helpful. They show account creation date, last seen date with time stamps for creation and last seen. Phone number used to register, account ID as a number, sealed sender from anyone such as true or false, find your account by contacts true or false. Badges by number such as 1 or 0. And user agent as letters. That's about it. Anyone can pull their log file they keep under account settings anytime inside the app.