We've Teamed Up With Mullvad VPN to Launch the Mullvad Browser

Carefully understand the difference here and correct me anytime as I too am a human!

The Tor Project team developed the Mullvad Browser which is managed by Mullvad VPN team which again as previously mentioned runs on en entirely different structure and requirement.

In Tor’s blog, they cited Mullvad VPN to be a “trusted” service. This is where the problem starts. Is this a right move to give Mullvad this level of certification by Tor team? If yes, then I have no issues as like many, I believe in the Tor network standards more than a VPN provider. I would start trusting Mullvad VPN too!

Mullvad Browser is deeply integrated with their VPN counterpart by design. Meaning this is more like a promotion itself for Mullvad’s VPN service. Homepage, Mullvad VPN extension, DNS, default bookmarks, designs etc all lead to Mullvad VPN service. This is, after all a browser made by the Mullvad team. You must understand here that everything matters including support.

Note the difference of action here. Mullvad used “same” support email address, managed by Google for both Mullvad Browser and VPN services while both must have been separate! Meaning even Mullvad Browser queries too ended up with Google!

Let me reiterate here again that their recent blog announcement left out “Google” and “Gmail” words and represented this as some “third-party” service that they had used. This is not a transparent move. You won’t even find these words under support category on their website anywhere! Should have been more transparent there.

My point here is that Mullvad is just another VPN service relying on revenues from users and therefore engage in such practices in order to mitigate a backlash. On one hand you talk about universal privacy and then for over a decade you kept on using Gmail as support, run by Google which is in the business of collecting user data and advertisements!

Any suppression of whole truth is a grave violation of trust. No matter how you spin it!

In an ideal situation, this browser should have maintained neutrality and not leaning towards any VPN service. Tomorrow if anything goes wrong with Mullvad VPN’s credibility, the browser will too lose its trustworthiness. To be honest this also means Mullvad’s past history too and this a grey area and unknown territory.

The Tor Project’s work is extremely transparent and straightforward. A VPN service relies on many “moving parts” out of their direct control. Both can’t be compared.

So, does the Tor Project trust Mullvad VPN ergo everything that Mullvad team does? I really don’t know the answer to this so kindly share your thoughts on this.

“Mullvad Browser was developed by the Tor Project who have a proven track record of building and deploying free and open-source privacy preserving technologies such as Tor Browser, Onion Services, the Tor network etc”

Tor made the actual browser, not Mullvad.

If you trust tor then you already trust Mullvad Browser as they’re from the same people.

“Unlike other browsers on the market, Mullvad Browser’s business model does not rely on capitalizing on users’ behavioral data. Mullvad makes money by selling their VPN, they are not in the business of selling user data from the browser”

From same link.

Please stop making multiple posts about disproven FUD.

If you are so bothered about email security then email using self applied GPG encryption. https://mullvad.net/static/gpg/mullvadvpn-support-mail.asc

@atari Tor!= Privacy. Just ask Eldo Kim

@doktor why @me?

I’m sorry to tell, but Tor does give you privacy and anonimity, at least a fair amount of it. However, if you don’t care about poor OpSec, you will get caught sooner or later. That is what got Eldo Kim caught. Just give the wrong people the possibility to do some correlation attacks and you will be out.

You can learn more about the case in one of DEFCON’s talk, here.

And yeah, I’m happy he got caught, people shouldn’t use the Tor network to do bad things.

A fair amount in many cases isn’t enough and sometimes is less than a VPN. If he used a multi hop VPN without tor he PROBABLY wouldn’t have been caught. OPSEC often relates to what a user can control, bare tor users can’t control network monitoring and bridge users can only control it until that bridge IP becomes known as part of tor network. This pass the buck mentality is an easy way of avoiding truths, this probably helps spooks since nobody is willing to admit that good personal OPSEC ± tor == ultimate privacy.

And “doing bad things” is an extremely idiotic reason to wish people get into trouble through tor. The CCP think that breaching their firewall is a bad thing, do you hope all them get caught? What about the people in countries involved in conflict? Lets hope they all get caught too. If Chat Control came in then all of Europe deserves to get caught too. Herpity derpity doo.

I know you are going to say “I meant illegal things”
Keep in mind the biggest batch of true information ever released came through breaking of laws by both Edward Snowden and Julian Assange, they broke laws as did news agencies who obtaines the files.

Many things submitted to SecureDrop will come about through breaking laws. You can’t selectively say Group A deserve to get caught but Group B shouldn’t because its a different type of crime on the same network.

Ironically I just passed through a node which is doing SSL stripping too.

Because you liked the post which kind of gives it credability since you are somebody highly involved with tor, or at least I’ve seen your name connected with it for years.

OK, thank you for your explanation.

Given the posts you created on this forum you are an evangelist for commercial VPN.

Personally I see them all as a black-box. You can decide to trust them, because creating credibility is in their core financial interest. But any audit is just a flashlight on their technical infrastructure, which can change within seconds.