Mullvad VPN raided by law enforcement

d3athf1sh

[H]ard|Gawd
Joined
Dec 16, 2015
Messages
1,216
Rougly a week ago Mullvad VPN was raided by National Operations Department (NOA) of the Swedish Police that showed up with 2 warrants and intended to seize computers with customer data. But ended up leaving with nothing after lawyers stepped in and pointed out that the company maintains a strict no-logging policy on customer data. Also it looks like they were pressured by Germany and Interpol to make the raid.

https://www.pcmag.com/news/mullvad-vpn-hit-with-search-warrant-in-attempted-police-raid
https://mullvad.net/en/blog/2023/4/...search-warrant-customer-data-not-compromised/
 
The way I see it, it's a lot like a Swiss bank account from a few decades ago. Back then, if a law enforcement agency tried to go there to demand access to their records, you'd have some heavily armed guards pointing submachine guns at you and telling you to get lost.

It was probably about 25-30 years ago (my best guess) that they changed their policies to cooperate with law enforcement investigations, and also to report suspicious accounts to the authorities.

No doubt, a lot of criminals back then used Swiss bank accounts, just like a lot of criminals use VPN's to hide their tracks. I suspect that VPN providers are going to eventually cave in, and allow such access in the long run.
 
Been using Mullvad ever since they advertised/sponsored this site for a month or so. Granted speeds max out for me at about 100MB/s so I dont use it unless I'm doing super nefarious things, like watching videos that arent available in my region

I also like how Swedish law states that if they cant get what they want, because it doesnt exist, they cant take everything in the hope that they find something else
:D
 
Last edited:
Been using Mullvad ever since they advertised/sponsored this site for a month or so. Granted speeds max out for me at about 100MB/s so I dont use it unless I'm doing super nefarious things :D
is that what speed your internet connection is from your ISP or only when using vpn? because i've always heard mullvad highly recommended for their security/privacy policies, figured they'd have descent speed too?
 
is that what speed your internet connection is from your ISP or only when using vpn? because i've always heard mullvad highly recommended for their security/privacy policies, figured they'd have descent speed too?

I can push/pull 650-850 Mbit/s through Mullvad depending on the day. (Greater Boston area Verizon FiOS gigabit -> New York City Mullvad servers. I've been very impressed with the performance, but that is using OpenVPN on a dedicated pfSense router. Performance is lower when using their app.

I wonder what the authorities were looking for. I almost don't mind searches with warrants. I'm not trying to hide any crimes. I'm just trying to limit the amount of tracking I'm exposed to online.
 
Last edited:
I can pull 400-500 mbps through the app at all times on my computer. Not as fast as my Google fiber can connect, but faster than most websites load without it. I like not being tracked and with Google as my ISP there is too much tracking.
 
Rougly a week ago Mullvad VPN was raided by National Operations Department (NOA) of the Swedish Police that showed up with 2 warrants and intended to seize computers with customer data. But ended up leaving with nothing after lawyers stepped in and pointed out that the company maintains a strict no-logging policy on customer data. Also it looks like they were pressured by Germany and Interpol to make the raid.

https://www.pcmag.com/news/mullvad-vpn-hit-with-search-warrant-in-attempted-police-raid
https://mullvad.net/en/blog/2023/4/...search-warrant-customer-data-not-compromised/

I vetted those guys before I ever let them advertise. Solid.
 
I wonder what the authorities were looking for.
prob some darknet market transactions
I almost don't mind searches with warrants. I'm not trying to hide any crimes. I'm just trying to limit the amount of tracking I'm exposed to online.
i hear ya, i guess you wouldn't mind the cops stopping by later and doing a search just to be sure no funny business is going on inside your house then either being they have a warrant for your neighbor's place? ;)
 
Last edited:
Been using them since I switched after the PIA shenanigans. Speeds could be better but are good enough, considering. I'm not even sure what kind of information they'd have on customers, you just have an account number, no username or personal info or anything. I guess via payment details?
 
is that what speed your internet connection is from your ISP or only when using vpn? because i've always heard mullvad highly recommended for their security/privacy policies, figured they'd have descent speed too?
Was a bit of a typo, should have been 100Mbps not 100MB/s. And that's the VPN speed. Was a bit faster when there was a more local IP to hop onto but those disappeared for some reason so I use one a state or two away. Don't get me wrong, I'm perfectly fine with the speed find for streaming movies and shows in locals where I'm not supposed to be doing so.
 
I wonder just what the authorities were looking for...

Probably just the MPAA looking for the IP addresses of people downloading the latest Apple TV series via usenet.
 
The way I see it, it's a lot like a Swiss bank account from a few decades ago. Back then, if a law enforcement agency tried to go there to demand access to their records, you'd have some heavily armed guards pointing submachine guns at you and telling you to get lost.

It was probably about 25-30 years ago (my best guess) that they changed their policies to cooperate with law enforcement investigations, and also to report suspicious accounts to the authorities.

No doubt, a lot of criminals back then used Swiss bank accounts, just like a lot of criminals use VPN's to hide their tracks. I suspect that VPN providers are going to eventually cave in, and allow such access in the long run.
i guess the thing is, is that a lot of vpn's have servers all over the world and unless they have a VERY strict no logs policy, which a lot don't, it makes it a lot easier for law agencies to access the data. especially if they're based in a country that would enforce those types of laws. Like you say it's suprising to see swiss authorities cooperate like that, but at least they eventually backed down.
 
National Operations Department (NOA)
NOA has the capacity to direct and supervise police activities nationally and internationally in order to ensure that resources are used efficiently.

does not conduct any self-initiated operational activities but supports the police regions in their different activities;
supervises the operational activities and is mandated to decide on operations and reinforcement of resources across the country;
is the national point of contact for the Swedish Security Service, the Swedish Armed Forces and the National Defence Radio Establishment, and is responsible for managing sensitive information relating to terrorism and signals intelligence etc.;
is responsible for coordinating, planning and monitoring the special efforts undertaken by several authorities against serious organised crime.
 
No doubt, a lot of criminals back then used Swiss bank accounts, just like a lot of criminals use VPN's to hide their tracks. I suspect that VPN providers are going to eventually cave in, and allow such access in the long run.
I suspect you're wrong or they would go out of business. Using a VPN also doesn't make you a criminal - it makes you concerned about privacy. With the authoritarian ways that governments are moving worldwide, it makes a whole lot of sense to protect your privacy.

Been using them since I switched after the PIA shenanigans.
What shenanigans? Used them for awhile. Stopped when service got crappy and I realized they were in the US.
 
What shenanigans? Used them for awhile. Stopped when service got crappy and I realized they were in the US.
so for one, USA is not the best place to be located in regards to privacy. i personally remember PIA use to sponsor LTT and something happened that EVERYONE started complaining and they were forced to drop them, i looked it up and found this on reddit:

Mothman394
·2 mo. ago

PIA was once the best VPN around, but sadly, since Kape Technology acquired PIA, nobody should be using it anymore. Kape has a really bad history of spreading malware, buying out once-tryarworthy VPNs, and logging users data. Nothing they touch can be trusted.
https://restoreprivacy.com/kape-tec...svpn-cyberghost-pia-zenmate-vpn-review-sites/
What you're seeing is likely just one step in Kape slowly running PIA into the ground. The best time to bail was before they acquired PIA. The 2nd best time is now. Get out. Consider whatever you spent on the subscription a sunk cost and leave it.
I strongly recommend Mullvad over any other VPN. Not NordVPN, not Express, not any of the ones that spend tons of money on advertising. Mullvad. It gets the job done, it's proven to have no logs, it's the most highly recommended VPN for torrenting, the dev team releases updates frequently and is transparent about their actions. It's 5 euros per month -- pricier than PIA, except since PIA is owned by Kape it's safe to assume any money you spend on it is completely wasted.
 
I have a year left on my PIA sub, I'll look into Mullvad after that's up
 
and in case anyone was wondering i don't work for mullvad, personally I use AirVpn it was another one, along with Mullvad on a very short list of true no log vpn's. i use to do a lot of shilling for them but here lately they've been getting pretty crowded, especially on the weekends, but i will say my internet runs basically the same with and without vpn active besides a slightly higher ping. I even leave it running when playing games like GTA and it just works. There are no speed limits and they just added the first 10G server a few weeks ago.

AirVPN: An OpenVPN and WireGuard based VPN operated by activists in defense of net neutrality, privacy and against censorship.
 
Last edited:
I suspect you're wrong or they would go out of business. Using a VPN also doesn't make you a criminal - it makes you concerned about privacy. With the authoritarian ways that governments are moving worldwide, it makes a whole lot of sense to protect your privacy.

I don't have anything against VPN use, and if anything, I use my university one all of the time. Most folks using VPN's simply want more privacy.

I also don't have anything against the older style Swiss bank accounts. Most folks who used them wanted stability and reliability.

I'm simply pointing out that more than a small number of individuals have used such services for less than wholesome deeds, and that if a government wants to get access to such records, then it can certainly leverage all sorts of forces in order to get its way. Either that, or they can lean heavily on another nation's government to take similar actions.
 
I don't have anything against VPN use, and if anything, I use my university one all of the time. Most folks using VPN's simply want more privacy.

I also don't have anything against the older style Swiss bank accounts. Most folks who used them wanted stability and reliability.

I'm simply pointing out that more than a small number of individuals have used such services for less than wholesome deeds, and that if a government wants to get access to such records, then it can certainly leverage all sorts of forces in order to get its way. Either that, or they can lean heavily on another nation's government to take similar actions.
At work, I work with a list of known VPN exit nodes, and those are straight blocked, because I know none of our staff and students should have a legitimate reason to be accessing our services from them, and before they were blocked 99% of the traffic coming from them was bots probing for vulnerabilities and 1% people who forgot to turn theirs off while they were accessing American Netflix. That said I totally support people using them, I just advise caution when doing so because they aren't hiding their traffic they are just changing who can see it, and there are a lot of VPN providers out there both free and paid and they make a lot of claims but have no measurable means of backing it up.

I would personally say that tanking a "valid" Police raid and having them walk away completely empty-handed is about as good a method to back your claims as anything else I could imagine.

Note:
I say "Valid" because I mean they had a warrant, and they or somebody did their due diligence so the police followed procedure, the motives and processes followed up to that point though are... suspect? But given how Russia has been active in using VPN's as a cover to do a lot of shit in Germany lately since they sent those Tanks to Ukraine, I sort of get their urgency in the matter.
 
I'm glad this happened since Mullvad are the only third-party VPN I could tell to have held up to more rigorous adversary actions which has confirmed their policies (which for any company are only good if they match what they're actually doing).

When they show how they for example mitigate server part tampering by photographing unique glitter patterns one would like to hope that it's not all for show but it seems they indeed care.
 
Been using them since I switched after the PIA shenanigans. Speeds could be better but are good enough, considering. I'm not even sure what kind of information they'd have on customers, you just have an account number, no username or personal info or anything. I guess via payment details?
This exactly. I did the same thing and no issues.
 
Been using them since I switched after the PIA shenanigans. Speeds could be better but are good enough, considering. I'm not even sure what kind of information they'd have on customers, you just have an account number, no username or personal info or anything. I guess via payment details

This exactly. I did the same thing and no issues.
Well, there could be information like what IP did their traffic come in on, which exit IP did they use, do they have anything stored about what they did while connected, LOTS of VPNs might not keep personally identifiable data but if you have enough data you can start to fill in the blanks so there could be something like this.
Timestamp, entry IP, local IP, Destination IP, Exit IP, Source Port, Destination port, Application ID, UserAccountID.
Now none of that on its own is identifiable, there is information there that could be used in conjunction with logs from other sources to paint a picture of what happened or lead to another information source.
So say a large number of German government services were hacked and shut down, their logs show the attacks originated from an IP that is a known exit node for Mullvad, if they could find the corresponding traffic from Mullvad then it would lead them to the next location they need to identify, which probably goes to another VPN, then Another, etc ... ending in Russia as the attacks corresponded with the German announcement that they were sending Tanks to Ukraine but that is still something they need to try and track down because assumptions are bad.
 
Well there could be information like what IP did their traffic come in on, which exit IP did they use, do they have anything stored about what they did while connected, LOTS of VPN's might not keep personally identifiable data but if you have enough data you can start to fill in the blanks so there could be something like this.
They state no IP logging is kept.
Mullvad said:
We log nothing whatsoever that can be connected to a numbered account's activity:

  • no logging of traffic
  • no logging of DNS requests
  • no logging of connections, including when one is made, when it disconnects, for how long, or any kind of timestamp
  • no logging of IP addresses
  • no logging of user bandwidth
  • no logging of account activity except total simultaneous connections (explained below) and the payment information detailed in this post.

Fwiw they also early last year began introducing diskless servers, where the only ephemeral data being stored is in memory.

One could rightly be skeptical of such claims but that's why such incidents as this news go toward evidence that they're doing what they say.
 
They state no IP logging is kept.


Fwiw they also early last year began introducing diskless servers, where the only ephemeral data being stored is in memory.
Yeah I know they say that so do a lot of VPNs doesn't always make it exactly true, "kept" is a funny word, if they sell it or give it away and then destroy the locals then nothing has been "kept" but it still exists where it can be sold which is how a lot of other VPN providers make ends meet.
Like I said though tanking a raid and having the Police walk away with nothing is about the best proof they are true to the spirit of their word possible.
 
This and Nord are the only two VPNs I can recommend. Nord just had their third audit with no user data shown to be kept, so they’re honoring their no-logs policy as well. I just wish Mullvad was faster.
 
No VPN provider would stay in business if "No logs" wasn't mostly marketing wordplay optimized to local laws and not legally binding, but suffice to say if you're torrenting John Wick you have nothing to worry about, but if you're committing certain crimes and abuses, botnets, SWAT'ing, bomb threats, or otherwise a nuisance interfering with or violating a VPN company's internal ToS no-list - or if you piss off a big enough agency - then some words on a website and your measly $5 monthly isn't much leverage in that power differential.

People are removed from these services all day long, and law enforcement is cooperated with all the time when a VPN co deems it in their best interest - quietly. A VPN provider doesn't stay in business by allowing any script kiddie to burn it to the ground and get its upstream or peered connectivity cut, held liable for anything, or sued out of existence. There's always oversight.
 
Last edited:
All the more reason that Mullvad is one of the better VPNs around - they seem to be equally proficient in terms of policy and latest tech, embrace open source while being easy to use, and offer a wide range of servers (including those that they own directly, or multihop etc) with even up to multi-gigabit speed capability. This proves their no logging policy and the way they run their servers is sound and Sweden (while not perfect) is one of the better privacy destinations and a decent legal framework, as evidenced by the police actually going away once it was demonstrated there was nothing worth seizing, as opposed to how in some other nations (including the US) its likely they would have been seized for spite and/or to look for any other possible thing to charge. Nobody should expect a VPN alone to shield them from serious criminal activity with a legit, in-operating-nation warrant, (or for that matter, a state level actor deciding to target you specifically regardless of legitimacy) but its heartening that even when a warrant is delivered they both stand up while abiding the letter of the law and the way they run their VPNs mean that there isn't any data to seize in the first place.

Mullvad is one of the very few I recommend for most "general" users, unabashedly. The only other that comes close is ProtonVPN, which I'd need to check out the specifics again as I've not used their VPN service in awhile but I don't expect things to have changed too much to the negative. There are a few others that I would suggest but are very specific for niche usage and often have one or more compromises in other areas. For a long time I've worried that something will come along to shake my faith in Mullvad but at least so far, my concerns have been unfounded and this incident only adds more evidence in that regard .
 
Last edited:
No VPN provider would stay in business if "No logs" wasn't mostly marketing wordplay optimized to local laws and not legally binding, but suffice to say if you're torrenting John Wick you have nothing to worry about, but if you're committing certain crimes and abuses, botnets, SWAT'ing, bomb threats, or otherwise a nuisance interfering with or violating a VPN company's internal ToS no-list - or if you piss off a big enough agency - then some words on a website and your measly $5 monthly isn't much leverage in that power differential.

People are removed from these services all day long, and law enforcement is cooperated with all the time when a VPN co deems it in their best interest - quietly. A VPN provider doesn't stay in business by allowing any script kiddie to burn it to the ground and get its upstream or peered connectivity cut, held liable for anything, or sued out of existence. There's always oversight.

That said, i'll be signing up for these guys because Cox doesn't need to know how many hours I spent looking for the filthiest Dua Lipa deepfake yet devised lovingly and adoringly by supercomputers.
This is based on what, exactly? When a company gets raided and has no user data, as is the case with Mullvad, then they are upholding their no-logs policy statement. That's not marketing. They were literally raided and law enforcement came out with nothing. If they were logging specific things, that would be a direct contradiction to that claim. If you are a target for law enforcement for something nefarious, the VPN isn't going to do anything as law enforcement has other tools to go after you, as Edward Snowden revealed to us all.
 
Anyone elses Mullvad down today?

I have my network connect through them via OpenVPN on my router. No settings have changed, but had no outside world connectivity today.

I tried several OpenVPN servers and all of them were the same, couldn't reach the outside world.

Have verified that it is not DNS (cannot ping IP's or domain names when connected to the servers), but I CAN ping the VPN servers.

Disconnect from Mullvad and everything is normal again.
 
Anyone elses Mullvad down today?

I have my network connect through them via OpenVPN on my router. No settings have changed, but had no outside world connectivity today.

I tried several OpenVPN servers and all of them were the same, couldn't reach the outside world.

Have verified that it is not DNS (cannot ping IP's or domain names when connected to the servers), but I CAN ping the VPN servers.

Disconnect from Mullvad and everything is normal again.
They are removing legacy stuff and upgrading to version 2.6 today. Lots of their servers and exit nodes seem to be currently down or showing errors.

We will upgrade our OpenVPN servers 15/05/2023 05:00-11:00 GMT+1 to run OpenVPN 2.6, removing various legacy options. You may experience interruptions to your connections. Guides have been updated for the latest configurations if you do not use our Mullvad VPN app.
 
They are removing legacy stuff and upgrading to version 2.6 today. Lots of their servers and exit nodes seem to be currently down or showing errors.

We will upgrade our OpenVPN servers 15/05/2023 05:00-11:00 GMT+1 to run OpenVPN 2.6, removing various legacy options. You may experience interruptions to your connections. Guides have been updated for the latest configurations if you do not use our Mullvad VPN app.

Thank you!

For future reference, where did you find this announcement?

I did some brief googling to see if there was a known issue but came up empty handed. (Granted I did it hurriedly from my phone using mobile data, but...)
 
Last edited:
Thank you!

For future reference, where did you find this announcement?

I did some brief googling to see if there was a known issue but came up empty handed. (Granted I did it on my phone using mobile data, but...)
They posted it to Twitter of all places a few days ago. I don’t use it but I do monitor it for announcements like this.
 
They posted it to Twitter of all places a few days ago. I don’t use it but I do monitor it for announcements like this.

Ahh, I do have a Twitter account, but I probably only use it once or twice a year when looking for something specific that I am already aware of.

Not exactly a good way to disseminate information, at least not to me :p
 
Last edited:
Ahh, I do have a Twitter account, but I probably only use it once or twice a year when looking for something specific that I am already aware of.

Not exactly a good way to disseminate information, at least not to me :p
Yeah lately my Twitter feed is 90% bots from South America trying to get me to click links to some
Sort of only fans knock off… I’m not dumb enough to click but I can at least “appreciate” the attempts…

The remaining 10% are updates, notifications, or announcements from games or services I specifically followed.
 
Yeah lately my Twitter feed is 90% bots from South America trying to get me to click links to some
Sort of only fans knock off… I’m not dumb enough to click but I can at least “appreciate” the attempts…

The remaining 10% are updates, notifications, or announcements from games or services I specifically followed.

Honestly, mullvad really could use to revisit how they disseminate important information.

I just took another look. They don't even have a news/alerts section on their webpage that I could find, so nothing there. Their Facebook page hasn't had an update since April, no mention there. Their blog page talks about the Swedish search warrant, but nothing since.

Did they really just yeet it to Twitter and call it a day?
 
Honestly, mullvad really could use to revisit how they disseminate important information.

I just took another look. They don't even have a news/alerts section on their webpage that I could find, so nothing there. Their Facebook page hasn't had an update since April, no mention there. Their blog page talks about the Swedish search warrant, but nothing since.

Did they really just yeet it to Twitter and call it a day?
Yep.
So fucking many services do this and it pisses me off and it is the only reason I have a Twitter account.
 
Yeah lately my Twitter feed is 90% bots from South America trying to get me to click links to some
Sort of only fans knock off… I’m not dumb enough to click but I can at least “appreciate” the attempts…

The remaining 10% are updates, notifications, or announcements from games or services I specifically followed.
Might use the "Following" tab. Saves me a lot of headache.
 
Back
Top