Mullvad.net

What do you do when you get banned on British TV?

On Friday the 15th of May, we became aware of a fingerprinting issue affecting Mullvad users. We have a method which changes this behaviour currently being tested, with plans to begin rolling it out to our VPN servers in the coming weeks. Read more here: mullvad.net/blog/exit-ip-f…

A new VPN leak that allows any app to leak traffic outside the VPN tunnel has recently been discovered by @cybaqkebm Read more here: mullvad.net/blog/any-app-o…

It’s absurd that American authorities can purchase personal data – that they’re not allowed to gather themselves without a warrant – directly from data brokers. This violates the Fourth Amendment, and it’s time to close the data broker loophole. Today, @RepThomasMassie, @RepBoebert and @naomibrockwell at the @LudlowInstitute introduced the Surveillance Accountability Act. It requires warrants based on probable cause for all government surveillance and data access. You can read more about it at surveillanceaccountability.com

Apple's networking stack is preventing the iOS app from being as secure as possible, we have now secured our app to mitigate this despite the rough edges around the update procedure. Read more here: mullvad.net/blog/force-all…

This is Senate House in London. When George Orwell wrote 1984, the building served as the model for the headquarters of the Ministry of Truth (the propaganda ministry). The Ministry of Truth decided what was true, for example that 2+2=5. It was responsible for censorship and rewriting history, and it banned the word “free” in the sense of freedom. When we projected our banned TV ads onto buildings in London, we thought this would be a fitting location. Nineteen Eighty-Four was supposed to be a warning, not an instruction manual.

Chat Control 1 is dead. Let’s end Chat Control 2. Members of The European Parliament: stand firm in your position – no mass surveillance whatsoever!

Starting with 16.0a1 alpha release, Mullvad Browser Alpha is based on the Firefox Rapid Release channel rather than the Extended Support Release (ESR). The alpha release is now available on Linux ARM. Read more here: mullvad.net/blog/mullvad-b…

No and then, Keir Starmer.

The only way we want our ads to come down. When people take them home. a) Keep them. b) Send them to Ashton Kutcher. c) Put them outside 10 Downing Street.

Our TV ads – under the concept And Then? – were banned in the UK, by Clearcast (an organization formed by the major TV channels in the UK which, on behalf of the authorities, must approve all TV advertising in the UK). Their arguments included: · “The overall concept lacks clarity.” · “It is unclear why certain examples are included, who the ‘speaker’ represents, and the role of individuals depicted in the car.” · “Several examples (e.g., paedophiles, rapists, murderers) risk causing serious offence and could imply that the VPN facilitates criminal activity.” · “Referencing topics such as: Paedophiles, Rapists, Murderers, Enemies of the state, Journalists, Refugees, Controversial opinions, People’s bedrooms, Police officers, Children’s headsets … is inappropriate and irrelevant to the average consumer’s experience with a VPN.” We think their arguments are nonsense. On the one hand, censorship and mass surveillance are escalating in the UK, through new laws, government pressure and proposed legislation. On the other hand, criticism of censorship and mass surveillance is being blocked through processes that are arbitrary and – to use their own words – unclear. When we tried to criticize the TV ads ban through outdoor ads, they were also banned by government bodies. We believe the situation is both Orwellian and Kafkaesque. You can watch all the banned ads and read more about escalating mass surveillance and censorship in the UK on our site: mullvad.net/and-then/uk And then? When our ads were banned on British TV, we took them to the streets instead and projected them onto walls in London.

Looking to be a star on CCTV?

Mass surveillance and censorship are escalating in many countries right now. There is a global attack on secure encrypted communication. Often, authorities, politicians, and tech companies work together to push for new laws. One example: when Ashton Kutcher (yes, the actor), through his tech company Thorn, tried to introduce total surveillance of all EU citizens through undemocratic and corrupt methods. First, Ashton Kutcher convinced the EU Commission that they could scan everything on an EU citizen’s phone or computer (messages, photos, emails, phone calls, all of it) for child sexual abuse material without, at the same time, looking at the content of other types of communication. And then? And then EU Commissioner Ylva Johansson presented the legislative proposal called Chat Control, which aimed to scan everything on all EU citizens' phones and computers (including conversations in end-to-end-encrypted messaging services). The message from the Commission was: we will only search for child sexual abuse material (CSAM). And then? And then experts from all over the world explained to her that the kind of scanning she was talking about (as Ylva described it: a drug-sniffing dog that can detect illegal content in a message without reading the message) simply cannot be done safely, and that Chat Control would mean the end of privacy and pose a security threat to all Europeans. Ylva responded with: “what about the children?” And then? And then it was revealed that Thorn, the organization founded by Ashton Kutcher and which had been lobbying for Chat Control from the beginning, was selling the kind of scanning technology that could be used for Chat Control – despite being registered as a charity organization in the EU’s lobbying registry. And then? And then it was revealed that Thorn, together with the EU Commission, had also started and funded “children’s rights organizations” that had supported the proposal. What appeared publicly to be charitable organizations were in fact lobby groups. And then? And then it was revealed that Europol wanted unlimited access and wanted to use the scanning for more than just child abuse crimes, saying that all data – also unfiltered and innocent material – should be stored because it “could at some point be useful to law enforcement”. And then? And then it was revealed that employees at Europol had joined Thorn, to lobby their old colleagues. And then? And then politicians in Brussels wanted to exempt themselves from the scanning. And then? And then the European Parliament, in an almost historic consensus, voted against the proposal and called Chat Control nothing but mass surveillance. As one of the members of the parliament said: “The Commission wasn’t focusing on protecting children but wanted mass surveillance.” And then? And then The Council of the EU (law proposals must go through both the Parliament and the Council), after three years of negotiation, finally reached a common position on Chat Control. The requirement for mandatory scanning (including end-to-end encrypted messaging services) was removed, which is a major victory, but several problematic elements remain in the Council's position. For instance, the Council wants to demand ID Control to use messaging services (including end-to-end encrypted). And then? And then, in 2026 the final negotiations began, between the European Commission, the European Parliament, and the Council of the EU. At the same time, the European Commission is working on a Plan B, through the initiative Going Dark/ProtectEU, where they once again try to force total surveillance (this time organized crime is the excuse) on the citizens of the EU. And then? youtube.com/watch?v=fPzvUW…

Our WireGuard implementation, GotaTun was recently audited by Assured Security Consultants. Two identified low severity issues were fixed prior to the completion of the audit. No major vulnerabilities were found. Read more here: mullvad.net/blog/a-securit…

That's the spirit.

Hear, hear. NO MORE AND THEN!

The Mullvad night shift at work. Stay tuned.

Amazing, this one is up. For now.

Today, the final negotiations on Chat Control 2.0 begin between the European Commission, the European Parliament, and the Council of the EU. Although the requirement for mandatory scanning (including end-to-end encrypted messaging services) has been removed, several problematic elements remain in the Council's position. For instance, the Council wants to demand identity verification to use messaging services (including end-to-end encrypted). This would pose significant risks to dissidents, whistleblowers, and others, and create a chilling effect on free speech. We hope the European Parliament stands firm against any wording that paves the way for mass surveillance and censorship. Cyprus, currently holding the Presidency of the Council of the EU, aims to conclude the negotiations by June. A reminder of the corrupt backstory behind the Chat Control proposal and the involvement of Ashton Kutcher and his company Thorn: mullvad.net/why-privacy-ma…

Today, we hit the streets with a major "And Then?" campaign in the UK, despite having faced strong opposition. First, our TV ad "And Then?" was banned on British television. And then, the outdoor ad campaign meant to criticise the TV ban was largely halted. Here, you can watch the banned ads and explore the entire campaign. mullvad.net/and-then/uk