Virtual Private Networks, or VPNs, are popular services for (supposedly) increasing your security and privacy on the internet. They are often marketed as all-encompassing security tools, and something that you absolutely need to keep hackers at bay. However, many of the selling points for VPNs are exaggerated or just outright
Some of them don’t even log the data required to cooperate with requests. Mullvad is one.
how do they prove that they both don’t and can’t?
Audit.
https://www.consumerreports.org/electronics-computers/vpn-services/mullvad-ivpn-mozilla-vpn-top-consumer-reports-vpn-testing-a9588707317/
https://mullvad.net/en/blog/2023/8/9/infrastructure-audit-completed-by-radically-open-security https://www.techradar.com/news/mullvad-vpns-servers-have-undergone-an-independent-audit-and-the-results-are-in
https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data
Better than most but I couldn’t find mention of anything that prevents them from complying with secret requests to begin data monitoring.
Potentially where they’re based that’s unconstitutional or something but I didn’t see evidence of such.
IVPN is another