Bildquelle: Mullvad

Mullvad VPN – an interview with the Swedish mole

Mullvad means mole. The company was founded in March 2009 and we recently spoke to the Managing Director Jan Jonsson.

First of all, you have to admit: Mullvad clearly stands out from the crowd of other VPN providers. As one of the very few providers, you can pay for VPN access completely anonymously in cash or with the privacy coin Monero. Most providers deliberately do not offer this. Probably because they don’t want to provoke any problems with the authorities.

Mullvad focuses on transparency

Mullvad has also developed its own browser, which makes it harder for online advertisers and intelligence agencies to track surfers, and also blocks trackers and ads. The company’s cross-platform clients are known for anonymising tracking data before it is transmitted. The Swedish mole is also one of the few VPN providers that does not offer an affiliate programme. Wherever you advertise, you won’t make a cent. On the other hand, customers do not have to commit to any long-term contracts. Access to Mullvad VPN costs €5 per month, regardless of whether you sign up for one or 24 months. Bad for website owners, but good for customers!

Release of the source code of the VPN clients

Last but not least, Mullvad has its technical infrastructure and software regularly tested by penetration testers and has published the source code of its own software. We are not used to this level of transparency in this industry. Competitors do not publish the source code of their clients, because then experts could easily see how intensively users of VPN dial-in programs are monitored at every turn. Mullvad, on the other hand, is all about creating and maintaining transparency. This is also clear from the CEO’s answers.

Our writer Sunny recently invited our readers to submit questions for an interview. There were a lot of them, and we were only able to submit half of them. But be honest: the answers are extremely short. Mullvad CEO Jan Jonsson told us that the company is fully focused on developing its own product. As a result, there is not much time or energy left to answer questions from journalists. Instead of trying to prolong the answers, we preferred to ask him three specific questions.

Mullvad AppleTV now supports the use of VPNs. Is a Mullvad app planned for this?

Jan Jonsson: We are currently investigating this. There are no plans at the moment. Privacy Coins are being treated more and more repressively. Will Mullvad still offer payment via Monero in the long run or maybe even accept other privacy coins?

Jan Jonsson: We have no plans to stop supporting Monero.

Additional question: Aren’t you afraid of getting into trouble with the authorities sooner or later?

Jan Jonsson: Accepting cash is not against the law. On the contrary, in these times of „war“ in Europe, with energy problems and so on, being prepared and having cash on hand is something that is encouraged rather than forbidden.

Transparency reports would be bad for our users‘ privacy There is no transparency report like there is with many email providers. Why not?

Jan Jonsson: We don’t have a transparency report because in order for customers to verify our report (i.e. for it to have any value at all), we have to provide facts such as the case ID, which is bad for privacy.

Mullvad Understandable, but a pity! Mullvad doesn’t offer the discounts that other companies generously give as part of their marketing. Instead, Mullvad tries to attract new customers with numerous and sometimes huge advertisements in New York, FiDi and especially Brooklyn. What are the motivations behind Mullvad’s marketing decisions? What do you do and what do you leave out?

Jan Jonsson: We don’t do affiliate marketing or anything that isn’t transparent, and we don’t want to tie customers into contracts. In other words, we do marketing to generate more revenue so that we can offer a better product. But we do it transparently and fairly.

Mullvad rejects non-transparent partner programs Why doesn’t Mullvad offer affiliate programmes like everyone else?

Jan Jonsson: Non-transparent affiliate programmes offer incentives for dishonest reviews, behaviour and marketing. How does Mullvad make sure that nobody logs on to your rented servers?

Jan Jonsson: All servers are secured in the same way. We get alerts when someone logs on to a server, only a few Mullvad employees have access, and we audit the security settings of the servers. Why do you use Google services for email?

Jan Jonsson: So that we can concentrate on developing a good VPN service, other tools not related to VPN development are outsourced. However, we are in the process of moving away from outsourced email services. Update: We are now running our own email servers, see blog.

Mullvad, chat control
Mullvad regularly protests against the planned chat control.

DoQ encryption currently under review Are there any plans to use Mullvad DNS servers with DoQ encryption?

Jan Jonsson: We are evaluating the value of using DoQ and how stable it is etc. How does Mullvad anonymise the log files sent to support via the Mullvad app? How long are the logfiles kept? How secure is the storage where the log files are stored?

Jan Jonsson: The files are stripped of all sensitive information such as IP addresses, user accounts, computer accounts, etc. before they are sent to support. The reports are kept for a maximum of three months. Storage: GMail. Update: We now use our own hosted email servers and no longer use GMail. Is the functionality of your so-called „Bastion Hosts“ equivalent to a dedicated firewall appliance?

Jan Jonsson: Bastion hosts are sort of jump hosts, i.e. you have to come from one of a few listed IPs to be allowed in. Will it be possible in the foreseeable future to buy or book the Mullvad exit nodes for Tailscale directly from Mullvad, or will I still have to go through Tailscale and not be able to buy them anonymously and securely?

Jan Jonsson: You still have to book through Tailscale. The service we offer is slightly different, has a different focus and so on.

job openings, mllvad

Requests from rights holders are what we deal with the most. How often does Mullvad receive requests from the authorities? How many raids have you had?

Jan Jonsson: One raid, many requests

Additional question: Has the number of requests from the authorities increased in recent years? If so, by how much? Has it doubled, can you roughly estimate the percentage increase?

Jan Jonsson: The number of enquiries is stable, one or two „real cases“ a year and then the holiday industry campaigning against streaming and sharing of films. These are, as always, the cases with the biggest impact.

Mullvad wants to continue accepting cash as payment Yes, I can imagine that the workload is highest for P2P requests. I can’t find anything about this in your security review of account and payment services, so the question is: Will Mullvad allow cash payments in the long term, as more and more regulations are coming for cash?

Jan Jonsson: There are no plans to get rid of cash.

Additional question: How many people are involved in processing the cash payment letters? It must be quite time-consuming, right?

Jan Jonsson: On the subject of cash processing. It’s a part-time job for one person. Jan, thank you for answering so many questions. Our best wishes for the future of your business!

Lars Sobiraj


Lars Sobiraj fing im Jahr 2000 an, als Quereinsteiger für verschiedene Computerzeitschriften tätig zu sein. 2006 kamen neben noch zahlreiche andere Online-Magazine dazu. Er ist der Gründer von Außerdem brachte Ghandy, wie er sich in der Szene nennt, seit 2014 an verschiedenen Hochschulen und Fortbildungseinrichtungen den Teilnehmern bei, wie das Internet funktioniert.