Mullvad.net

What do you do when you get banned on British TV?

Our TV ads – under the concept And Then? – were banned in the UK, by Clearcast (an organization formed by the major TV channels in the UK which, on behalf of the authorities, must approve all TV advertising in the UK). Their arguments included: · “The overall concept lacks clarity.” · “It is unclear why certain examples are included, who the ‘speaker’ represents, and the role of individuals depicted in the car.” · “Several examples (e.g., paedophiles, rapists, murderers) risk causing serious offence and could imply that the VPN facilitates criminal activity.” · “Referencing topics such as: Paedophiles, Rapists, Murderers, Enemies of the state, Journalists, Refugees, Controversial opinions, People’s bedrooms, Police officers, Children’s headsets … is inappropriate and irrelevant to the average consumer’s experience with a VPN.” We think their arguments are nonsense. On the one hand, censorship and mass surveillance are escalating in the UK, through new laws, government pressure and proposed legislation. On the other hand, criticism of censorship and mass surveillance is being blocked through processes that are arbitrary and – to use their own words – unclear. When we tried to criticize the TV ads ban through outdoor ads, they were also banned by government bodies. We believe the situation is both Orwellian and Kafkaesque. You can watch all the banned ads and read more about escalating mass surveillance and censorship in the UK on our site: mullvad.net/and-then/uk And then? When our ads were banned on British TV, we took them to the streets instead and projected them onto walls in London.

Looking to be a star on CCTV?

Mass surveillance and censorship are escalating in many countries right now. There is a global attack on secure encrypted communication. Often, authorities, politicians, and tech companies work together to push for new laws. One example: when Ashton Kutcher (yes, the actor), through his tech company Thorn, tried to introduce total surveillance of all EU citizens through undemocratic and corrupt methods. First, Ashton Kutcher convinced the EU Commission that they could scan everything on an EU citizen’s phone or computer (messages, photos, emails, phone calls, all of it) for child sexual abuse material without, at the same time, looking at the content of other types of communication. And then? And then EU Commissioner Ylva Johansson presented the legislative proposal called Chat Control, which aimed to scan everything on all EU citizens' phones and computers (including conversations in end-to-end-encrypted messaging services). The message from the Commission was: we will only search for child sexual abuse material (CSAM). And then? And then experts from all over the world explained to her that the kind of scanning she was talking about (as Ylva described it: a drug-sniffing dog that can detect illegal content in a message without reading the message) simply cannot be done safely, and that Chat Control would mean the end of privacy and pose a security threat to all Europeans. Ylva responded with: “what about the children?” And then? And then it was revealed that Thorn, the organization founded by Ashton Kutcher and which had been lobbying for Chat Control from the beginning, was selling the kind of scanning technology that could be used for Chat Control – despite being registered as a charity organization in the EU’s lobbying registry. And then? And then it was revealed that Thorn, together with the EU Commission, had also started and funded “children’s rights organizations” that had supported the proposal. What appeared publicly to be charitable organizations were in fact lobby groups. And then? And then it was revealed that Europol wanted unlimited access and wanted to use the scanning for more than just child abuse crimes, saying that all data – also unfiltered and innocent material – should be stored because it “could at some point be useful to law enforcement”. And then? And then it was revealed that employees at Europol had joined Thorn, to lobby their old colleagues. And then? And then politicians in Brussels wanted to exempt themselves from the scanning. And then? And then the European Parliament, in an almost historic consensus, voted against the proposal and called Chat Control nothing but mass surveillance. As one of the members of the parliament said: “The Commission wasn’t focusing on protecting children but wanted mass surveillance.” And then? And then The Council of the EU (law proposals must go through both the Parliament and the Council), after three years of negotiation, finally reached a common position on Chat Control. The requirement for mandatory scanning (including end-to-end encrypted messaging services) was removed, which is a major victory, but several problematic elements remain in the Council's position. For instance, the Council wants to demand ID Control to use messaging services (including end-to-end encrypted). And then? And then, in 2026 the final negotiations began, between the European Commission, the European Parliament, and the Council of the EU. At the same time, the European Commission is working on a Plan B, through the initiative Going Dark/ProtectEU, where they once again try to force total surveillance (this time organized crime is the excuse) on the citizens of the EU. And then? youtube.com/watch?v=fPzvUW…

Our WireGuard implementation, GotaTun was recently audited by Assured Security Consultants. Two identified low severity issues were fixed prior to the completion of the audit. No major vulnerabilities were found. Read more here: mullvad.net/blog/a-securit…

That's the spirit.

Hear, hear. NO MORE AND THEN!

The Mullvad night shift at work. Stay tuned.

Amazing, this one is up. For now.

Today, the final negotiations on Chat Control 2.0 begin between the European Commission, the European Parliament, and the Council of the EU. Although the requirement for mandatory scanning (including end-to-end encrypted messaging services) has been removed, several problematic elements remain in the Council's position. For instance, the Council wants to demand identity verification to use messaging services (including end-to-end encrypted). This would pose significant risks to dissidents, whistleblowers, and others, and create a chilling effect on free speech. We hope the European Parliament stands firm against any wording that paves the way for mass surveillance and censorship. Cyprus, currently holding the Presidency of the Council of the EU, aims to conclude the negotiations by June. A reminder of the corrupt backstory behind the Chat Control proposal and the involvement of Ashton Kutcher and his company Thorn: mullvad.net/why-privacy-ma…

Today, we hit the streets with a major "And Then?" campaign in the UK, despite having faced strong opposition. First, our TV ad "And Then?" was banned on British television. And then, the outdoor ad campaign meant to criticise the TV ban was largely halted. Here, you can watch the banned ads and explore the entire campaign. mullvad.net/and-then/uk

God save the Mullvad ads. This one got banned too, by The City of London. @rickygervais do you have any pro tips?

Mullvad was banned on British TV. And then? And then this underground ad got banned by the government body Transport For London. The argument was clear: you cannot encourage people to engage with a banned TV commercial.

The United Kingdom is escalating its censorship and mass surveillance. When Mullvad tried to criticise this with the TV ad “And Then?”, it was banned on British television.

The UK has announced plans to fast-track legislation requiring “age verification for VPN use”. The correct term, however, is not age verification but identity verification. A law like this would require everyone to identify themselves in order to use a VPN. This would pose a risk to whistleblowers, violate human rights, and represent yet another step toward an authoritarian society.

@GrapheneOS We can sponsor you. Please contact us and share the specs to support@mullvadvpn.net

We need more 10Gbps or higher dedicated servers for hosting our OS and app updates. We have North America covered well enough via sponsored servers from ReliableSite in both Miami and Los Angeles and a sponsored server from Xenyth in Toronto but no longer have any left in Europe.

We have added new currencies to our list of supported credit card payment methods! Read more here: mullvad.net/blog/addition-…

Late last year X41 D‑Sec GmbH performed a white‑box source‑code audit of the Mullvad payment and account API and its supporting backend services. Read more about the audit here: mullvad.net/blog/2026/1/21… Read the report here: x41-dsec.de/static/reports…

2025 has been a year of campaigns, audits and improvements to our suite of obfuscation methods. Read about some of the highlights here: mullvad.net/blog/mullvad-r…