| 💰 Pricing | Flat €5/month (≈$5.8), no long‑term discounts |
| ✅ Free Trial | ❌ |
| 📆 Money Back Guarantee | 14 Days |
| 🗺 Jurisdiction | Sweden |
| 🖥 Number of Servers | ≈580 servers in 50 countries |
| 📝 Logging Policy | Strict no‑logs, anonymous accounts (no email) |
| 📥 Torrenting/P2P | Yes, allowed on all servers |
| 🍿 Streaming | Not streaming‑focused; mixed results with Netflix etc. |
| 🛡 Kill Switch | ✅ |
| ⚙️ Protocols | WireGuard, OpenVPN |
| 🛠 Support | Email/ticket support, no 24/7 live chat |
| 💻 Simultaneous Devices | 5 devices |
| 🔥 Current Deal | No promos |

Overview
A VPN built for privacy purists, not streamers
Evaluating Mullvad as you would a standard consumer VPN is a category error. Most commercial VPNs are glorified media-unblocking proxies, engineered to sell “82% off” discount codes to YouTubers’ audiences. Mullvad, operated by Amagicom AB out of Gothenburg, is built on an entirely different premise: absolute digital privacy as a non-negotiable human right.
As a Principal Cybersecurity Auditor, I classify Mullvad not as a consumer app but as a critical privacy utility. The engineering team behind this service prioritizes cryptographic integrity over commercial marketability. That is why you will not see Mullvad sponsoring podcasts or running manipulative holiday flash sales. The price has been €5 a month since 2009. It has never changed.
The infrastructure is built on bare-metal servers with advanced configurations designed to defeat state-level surveillance. Mullvad operates within Swedish jurisdiction, which does make it a member of the 14 Eyes intelligence-sharing alliance. However, the technical framework mathematically prevents data sharing regardless of what any treaty requires. The system is architected so that even a legitimate legal warrant produces nothing to hand over, because no handoverable data exists.
The threat model: who is Mullvad specifically designed for?
Mullvad’s infrastructure is built to defend against highly motivated adversaries: rogue ISPs, corporate data brokers, and localized government censorship agencies operating at a national scale.
If your threat model aligns with the following profiles, Mullvad is built for you:
- Investigative journalists and activists: Users operating in hostile digital environments who need absolute anonymity to bypass localized firewalls without leaving a financial or identifiable footprint. Paying with cash mailed to Sweden makes the transaction forensically untraceable.
- Cybersecurity professionals and developers: Network architects who want raw, unadulterated access to tunneling protocols (WireGuard, OpenVPN) without proprietary wrapper bloat, closed-source auditing gaps, or undisclosed telemetry hooks.
- Privacy absolutists: Individuals decoupling their digital identity from Big Tech ecosystems, pairing Mullvad with the Tor Network, the Mullvad Browser, and encrypted DNS resolvers to eliminate tracking at every network layer.
Who should avoid Mullvad entirely?
Mullvad’s stringent security policies actively degrade the experience for casual users seeking entertainment. The strict IP rotation policy and the complete absence of residential IP spoofing make Mullvad’s server nodes extremely susceptible to automated commercial blacklisting.
Seek alternative commercial VPNs if you fall into these categories:
- Heavy streaming consumers: Because of rigid IP pooling, Mullvad suffers near-total streaming unblocking failures. Do not expect to bypass geo-restrictions for Netflix, Hulu, or BBC iPlayer. This is not a bug; it is an intentional architectural decision explained in detail in the Streaming section below.
- Novice users wanting “set-and-forget” convenience: Mullvad has no 24/7 live chat support, and features like Bridge mode Shadowsocks require a baseline understanding of proxy protocols. The documentation assumes technical literacy and does not hold your hand.
- Users intolerant of CAPTCHAs: Mullvad does not cycle its IPs to evade commercial blacklists. When bad actors abuse shared IP addresses (which happens often, given Mullvad’s strict anonymity), the collateral damage lands on legitimate users. You will regularly encounter aggressive CAPTCHA verification issues on Cloudflare-protected websites.
The 16-digit anonymous account system

The most architecturally significant difference between Mullvad and every major competitor is its authentication model. Traditional VPN providers use an OAuth or email-and-password database schema. That schema creates a permanent cryptographic link between your real-world identity and your VPN license. Your email address is the thread. Pull it, and you unravel your entire usage history. Law enforcement, data brokers, hostile hackers who breach the VPN’s own database: any of them can walk that thread backward to your identity.
Mullvad cuts that thread entirely through its 16-digit anonymous account system. When you start a subscription, the Mullvad client generates a random, cryptographically secure 16-digit integer. No email address, no password, no username, and no security questions are ever requested or recorded. The generation happens client-side. Mullvad’s servers receive only the resulting number, not the process that produced it.
Pricing & Plans: The Anti-Subscription Model

The philosophy of the flat €5/month fee
The commercial VPN industry runs on deceptive pricing psychology. Competitors market “82% Off” introductory rates that require a three-year upfront commitment, then auto-renew at two or three times the initial rate. Mullvad refuses to participate in that structure.
Since 2009, the price has been €5 per month. One month, ten years: same cost per month. There are no sales, no affiliate coupons, and no tiered feature locks. By refusing to offer long-term discounts, Mullvad forces itself to compete on the technical quality of its network, not the depth of a promotional discount. If the service degrades or you simply no longer need it, you stop paying. This pricing structure also eliminates a recurring billing database that would otherwise store payment tokens, billing cycles, and user PII indefinitely.
Market pricing comparison: Mullvad vs. the industry
To illustrate how distorted the broader VPN market is, consider the “True Cost of Ownership” across a realistic lifecycle:
| VPN Provider | Advertised introductory rate | Required upfront commitment | Cost upon auto-renewal (Year 3+) | Pricing psychology |
|---|---|---|---|---|
| Mullvad VPN | €5.00 / month | 1 month (no lock-in) | €5.00 / month (static) | Honest flat rate. No auto-renewal traps. No tiered access. |
| NordVPN | $3.09 / month | 2 years ($81,36+ upfront) | $12.99 / month | Heavy introductory discounts. Steep price hikes upon renewal. |
| ExpressVPN | $2.79 / month | 2 year ($66,40+ upfront) | $12.95/ month | Premium model. Auto-renews at a significantly higher flat rate. |
| Surfshark | ~$1.78 / month | 2 years ($48+ upfront) | ~$15.45 / month | Deepest initial discounts, but traps users in 24-month cycles with quiet hikes. |
Note: Competitor pricing fluctuates based on aggressive daily marketing campaigns. Mullvad’s €5 rate has not changed in over 15 years.
Paying with crypto (Bitcoin, Monero, and the 10% discount)
Mullvad natively accepts Bitcoin (BTC), Bitcoin Cash (BCH), and Monero (XMR). Because crypto payments bypass traditional banking rails and eliminate credit card processing fees from gateways like Stripe or PayPal, Mullvad passes those savings directly to the user: an automatic 10% discount on all crypto payments.
- Bitcoin (BTC): Bitcoin is pseudo-anonymous, not fully anonymous. The public ledger can be traced through chain analysis. Sophisticated forensic firms like Chainalysis routinely de-anonymize BTC transactions by following the money across the public blockchain.
- Monero (XMR): For absolute cryptographic payment privacy, Monero is the correct choice. XMR uses Ring Confidential Signatures (RingCT) and stealth addresses, making the sender identity, receiver identity, and transaction amount mathematically untraceable even for forensic analysts with blockchain access.
Mailing physical cash to Sweden
For users in environments where purchasing a VPN is itself a criminal act, any digital payment leaves a forensic trail. Mullvad solves this by accepting anonymous cash payments through the physical mail.
The process for achieving an “air-gapped” transaction:
- Generate your 16-digit anonymous account token through the Mullvad client or website, preferably over the Tor network to prevent your ISP from logging the connection.
- Write this 16-digit token on a blank sheet of paper. Do not write your name, return address, or any other identifying information.
- Place the paper and physical fiat currency (Mullvad accepts EUR, USD, GBP, SEK, and several others) into a standard envelope.
- Mail the envelope to: Mullvad VPN AB, Box 53049, 400 14 Gothenburg, Sweden.
Once the envelope arrives, Mullvad staff opens it, credits the corresponding 16-digit account with the appropriate time balance, then shreds both the paper and the envelope. Zero digital forensic link. Zero record.

Credit cards, PayPal, and data retention
Mullvad accepts traditional fiat payments through credit card, PayPal, and regional processors like Swish and iDEAL. If you use this route, accept that third-party financial institutions retain their own records. Mullvad itself purges the associated transaction IDs from its active databases after 40 days (the refund window plus a buffer). However, Stripe, PayPal, and your bank will permanently retain a record of a transaction with “Amagicom AB” or “Mullvad VPN.”
To minimize data retention further, Mullvad officially discontinued auto-renewing subscriptions in 2022. Forcing one-time payments eliminates the need to store persistent payment tokens, like hashed credit card data, on their own infrastructure.
The 14-day refund policy
In 2024, Mullvad reduced its refund window from 30 days to 14 days. This looks like a consumer downgrade. From a data retention perspective, it is an improvement: the shorter the window, the less time Mullvad is legally required to hold payment telemetry. Once the 14-day window expires, transactional data tied to your 16-digit account is purged.
The 14-day refund policy applies only to traceable fiat payments (credit cards, PayPal, bank transfers). Anonymous cash payments and cryptocurrency transactions are non-refundable.
Core Features & Application Architecture

UI/UX: function over form
Mullvad’s application design mirrors its network architecture: austere, utilitarian, and deliberately free of marketing bloat. You will not find gamified server maps, “optimized for streaming” tabs, or persistent upsell banners anywhere in the interface. The client, which is uniform across Windows, macOS, Android, and iOS, is a compact rectangular window anchored to the system tray.
A practical flaw in Mullvad’s UX is the complete absence of real-time server telemetry. Competitors like Proton VPN display current server load as a percentage and ping latency in milliseconds. Mullvad shows neither. You connect to a city location, and the client assigns you a server node at random. If that node is congested, the interface gives you no indication of the problem and no mechanism to select a different one.
For a tool aimed at power users, this omission is hard to defend. The only workaround is manual server-hopping: disconnect, select a different city within the same region, and reconnect until performance stabilizes.
A native Linux GUI (not just a CLI wrapper)
Where Mullvad’s development team genuinely distinguishes itself is Linux support. Most commercial VPNs ship a clunky, under-maintained command-line interface for Linux as an afterthought. Mullvad delivers a fully featured, native Graphical User Interface built for Debian, Ubuntu, and Fedora distributions.
This Linux client maintains full feature parity with its Windows and macOS counterparts, including Split Tunneling and Lockdown Mode integration. Given that Mullvad’s primary user base skews heavily toward cybersecurity professionals and privacy advocates, first-class Linux GUI support is a meaningful differentiator.
The transition to WireGuard and post-quantum encryption
Mullvad is actively pushing the VPN industry away from legacy cryptography. The company announced the systematic deprecation of OpenVPN across its network, transitioning toward an exclusive WireGuard architecture.
OpenVPN is battle-tested and highly configurable, but it relies on an aging codebase exceeding 100,000 lines of code. That scale increases the attack surface and throttles maximum throughput. WireGuard operates on roughly 4,000 lines and uses modern cryptographic primitives: ChaCha20 for symmetric encryption, Poly1305 for message authentication, and Curve25519 for key exchange. The transition delivers faster handshake times, lower CPU overhead (which matters for mobile battery life), and significantly better bandwidth throughput on high-speed connections.
DAITA (Defense Against AI-guided Traffic Analysis)

Traditional VPN encryption hides the content of your traffic (the payload). It does not hide the shape of your traffic.
Sophisticated adversaries, including oppressive telecom regulators and advanced corporate firewalls, use Deep Packet Inspection (DPI) combined with AI-driven machine learning to analyze the size, timing, and directionality of encrypted packets. By observing these metadata patterns, an AI can deduce what you are doing with reasonable accuracy. A continuous burst of large packets looks like a 4K video stream. Intermittent small packets at regular intervals look like a VoIP call. The content is encrypted; the behavioral signature is not.
Mullvad built DAITA (Defense Against AI-guided Traffic Analysis) specifically to destroy these AI profiling systems.
Pros and cons of using DAITA
DAITA is a genuine advancement in anti-surveillance technology. It comes with concrete operational trade-offs that make it unsuitable as a permanent always-on feature for most users.
Pros:
- Renders AI-based traffic fingerprinting and DPI surveillance ineffective.
- Highly effective at bypassing state-level censorship firewalls that block VPN traffic based on pattern recognition rather than IP blocklists.
- Provides the strongest available protection for high-risk users operating in hostile network environments.
Cons:
- Massive bandwidth overhead: DAITA pads packets and injects dummy traffic, which significantly increases data consumption. Do not use DAITA on a metered cellular connection.
- Performance degradation: The constant packet manipulation increases latency and reduces download/upload speeds substantially. DAITA is not suitable for gaming or large file transfers.
- Limited server availability: DAITA requires specialized server-side processing and is currently available only on select nodes (London, New York, Amsterdam, and a handful of others).
Lockdown Mode and split tunneling mechanics
A VPN is only as secure as its ability to prevent unencrypted traffic leaks. Mullvad uses aggressive, OS-level firewall manipulation to enforce strict tunnel discipline.
Mullvad’s Kill Switch is integrated directly into the application core and cannot be disabled through the interface. If the VPN connection drops for any reason, the application instantly injects routing rules into the host operating system (Windows Filtering Platform on Windows, iptables or nftables on Linux) to blackhole all outgoing traffic. Your true IP address never touches the open internet during a tunnel interruption.
Lockdown Mode takes this further. When enabled, it modifies the host firewall to block all internet connectivity permanently unless the Mullvad client is actively running and connected to a server. If you close the application, reboot your machine, or manually disconnect, the device becomes internet-isolated. For laptops connecting to untrusted hotel or airport Wi-Fi, this is one of the most practically useful features Mullvad offers.
The controversial removal of port forwarding
In May 2023, Mullvad permanently removed port forwarding. For the self-hosting and BitTorrent communities, this was a significant blow. Port forwarding allows incoming connections from the open internet to pass through the VPN server’s NAT firewall and reach a specific device on your local network. Without it, torrent clients cannot accept incoming peer connections (crippling upload ratios on private trackers), and users running Plex or Nextcloud instances lost the ability to reach their home servers remotely.
Mullvad did not remove the feature to spite its users. Open ports were being systematically abused to host command-and-control servers for botnets, distribute malware, and in the most serious cases, child sexual abuse material. This burned Mullvad’s server IPs across global spam databases like Spamhaus, and the resulting law enforcement scrutiny culminated in the 2023 NOA raid on their Gothenburg headquarters. The RAM-only diskless servers and zero-logs policy ensured police left with nothing, but the sustained IP reputation damage and legal friction were unsustainable. Port forwarding was permanently terminated to protect the silent majority of legitimate users.
Speed, Performance, and Real-World Friction

Throughput analysis: WireGuard benchmarks
To accurately assess Mullvad’s network, you need to separate the cryptographic overhead from the physical routing limitations. The benchmark environment below uses a 500 Mbps symmetric fiber connection, testing from a US-West hub, running continuous automated tests over 48 hours.
Mullvad has systematically upgraded its infrastructure, replacing VPS nodes with 10 Gbps and 20 Gbps bare-metal servers. The server hardware itself is rarely the bottleneck. The throughput losses below are governed by physical routing distance and the encapsulation overhead of the WireGuard protocol.
| Connection state | Ping (latency) | Download speed | Upload speed | Bandwidth retention |
|---|---|---|---|---|
| Baseline (no VPN) | 2 ms | 491 Mbps | 471 Mbps | 100% (reference) |
| Local server (Los Angeles) | 15 ms | 447 Mbps | 396 Mbps | ~91% |
| Regional server (New York) | 62 ms | 314 Mbps | 286 Mbps | ~64% |
| Distant server (London) | 115 ms | 246 Mbps | 231 Mbps | ~50% |
| Ultra-distant (Tokyo) | 230 ms | 108 Mbps | 92 Mbps | ~22% |
Latency and gaming performance
Bandwidth determines how fast a file downloads. Latency determines the real-time responsiveness of a connection. For VoIP, stock trading, and competitive gaming, latency is what actually matters.
When you connect to Mullvad, your data no longer travels the most direct BGP (Border Gateway Protocol) route provided by your ISP. It detours through the Mullvad server before reaching the destination. That detour adds latency by definition.
However, Mullvad’s use of premium Tier-1 transit providers occasionally produces routing that is actually more efficient than a consumer ISP’s congested peering points. In direct testing, local gaming connections (under 500 miles) introduced 8-10 ms of additional ping. For casual players on Call of Duty or Valorant, Mullvad is highly viable on local servers.
Jitter and bufferbloat mechanics
The real enemy of competitive gaming is not high ping; it is variable ping, known as jitter. Jitter makes packet delivery inconsistent, causing rubber-banding and unregistered inputs that feel like lag even when your average ping looks fine.
Because Mullvad uses non-throttled bare-metal servers, testing showed negligible jitter during off-peak hours. On heavily utilized nodes, particularly major metropolitan hubs like New York or Frankfurt, micro-spikes in CPU queueing on the server side introduce minor packet delays. Competitive gamers should manually select lower-population city nodes within their geographic region to reduce this bufferbloat.
MTU size tweaking for stability
If you experience packet loss, infinite loading screens, or random disconnects while gaming or accessing secure sites on Mullvad, the likely cause is packet fragmentation. The fix is manual Maximum Transmission Unit (MTU) adjustment.
Standard internet MTU is 1500 bytes. A VPN wraps data in an additional encrypted header. WireGuard adds exactly 60 bytes. If your router tries to send a 1500-byte packet through a WireGuard tunnel that accommodates only 1440 bytes, the packet fragments, causing severe lag and connection drops.
To fix this:
- Open Command Prompt (Windows) or Terminal (macOS/Linux).
- Run a ping test with the “do not fragment” flag:
ping 8.8.8.8 -f -l 1420(Windows) orping 8.8.8.8 -D -s 1420(Mac/Linux). - If you get a “Packet needs to be fragmented” error, reduce the number by 10 and retry.
- Find the highest number that pings successfully (e.g., 1380), then add 28 bytes for IP/ICMP headers. Your optimal MTU is 1408.
- Open the Mullvad client, go to Settings > VPN Settings > WireGuard Settings, and input the custom MTU value.
This single tweak eliminates the majority of VPN-related micro-stutters and gaming disconnects.
The “Cloudflare CAPTCHA”

One of the most consistently frustrating real-world friction points of using Mullvad is not speed or routing; it is the constant volume of CAPTCHA verification issues. Browse the web heavily on Mullvad and you will encounter regular “Verify you are human” screens, Cloudflare challenge loops, and outright “Access Denied” responses on banking and e-commerce sites.
IP reputation scoring and ASN blocking
Cloudflare, Akamai, and Fastly collectively protect over 80% of public internet traffic from DDoS attacks, credential stuffing, and malicious bots. They do this by assigning a dynamic “Trust Score” to every IP address globally.
When you connect to Mullvad, you share a single datacenter IP address with hundreds or thousands of other anonymous users.
- The anonymity abuse vector: Because Mullvad requires zero identification, accepts anonymous cash payments, and enforces a zero-logs policy, it attracts bad actors. Threat actors use Mullvad to run automated bots, web scrapers, and spam campaigns at scale.
- The collateral damage: Cloudflare sees thousands of malicious requests originating from a single Mullvad IP. It flags that IP, and often the entire Autonomous System Number (ASN) block associated with Mullvad, as high-risk.
- The WAF response: When you, a legitimate user, hit a website through that flagged IP, the Web Application Firewall intercepts the connection and forces CAPTCHA completion to distinguish you from the bots that burned the IP.
How to mitigate the CAPTCHA loop
You cannot eliminate this friction entirely while maintaining high-grade privacy, but you can reduce it:
- Use SOCKS5 proxies: Mullvad offers internal SOCKS5 proxies on all servers. Configure your browser to use the local SOCKS5 proxy at
10.64.0.1while connected to the VPN. Your browser traffic exits through a slightly different routing path, which occasionally bypasses burned IP lists. - Server hopping: WAFs flag individual IPs dynamically. If you are stuck in a CAPTCHA loop on a New York server, manually switch to an Atlanta or Chicago node for a fresh IP with a potentially cleaner reputation score.
- The Mullvad Browser: Using the official Mullvad Browser standardizes your browser fingerprint across all users. It will not stop IP-based CAPTCHAs, but it prevents sites from deploying advanced fingerprinting scripts that trigger secondary algorithmic challenges.
The CAPTCHA epidemic is the operational cost of genuine digital anonymity. A VPN that never faces CAPTCHAs is almost certainly cycling IPs through unethical residential proxy networks or quietly logging behavioral data to help platforms whitelist it. Mullvad users accept CAPTCHA friction as confirmation that the anonymity shield is working. If you ever stop seeing CAPTCHAs entirely on a privacy VPN, that is the moment to start asking uncomfortable questions about what the provider is doing behind the scenes to earn that trusted-IP status.
Security, Privacy, and Legal Framework
Swedish jurisdiction and the 14 Eyes alliance

VPN marketing departments invest heavily in “privacy haven” headquarters placement. Panama, the British Virgin Islands, Switzerland. Privacy-conscious users often express concern upon discovering that Mullvad operates out of Gothenburg under Swedish jurisdiction, since Sweden is a member of the SIGINT Seniors Europe (SSEUR), better known as the 14 Eyes alliance.
The 14 Eyes is a multinational intelligence-sharing treaty facilitating the exchange of signals intelligence among member nations (including the US, UK, Canada, and Australia). The concern is legitimate: if Swedish intelligence compelled Mullvad to log data, that data would flow to NSA and GCHQ analysts.
The legal reality: Sweden’s Electronic Communications Act (LEK)
The governing legislation for telecom data retention in Sweden is Lagen om elektronisk kommunikation (LEK, the Electronic Communications Act).
Under LEK, standard ISPs and telecommunications operators are legally required to retain subscriber metadata (IP addresses, connection timestamps, billing data) for law enforcement access. However, Swedish legal precedent draws a hard line between a traditional ISP (which provides access to the internet) and a VPN provider (which provides an encrypted software tunnel over the internet).
Mullvad does not provide an electronic communications network. It provides a software service. Under Swedish law, Mullvad is exempt from the mandatory data retention directives of LEK. The government cannot compel Mullvad to retroactively produce logs that the company has no legal obligation to maintain.
The April 2023 police raid: a real-world stress test
A privacy policy is a corporate promise. It means nothing until it is tested by an adversary with legal authority. For Mullvad, that test occurred on April 18, 2023.
The National Operations Department (NOA) breach
Six officers from Sweden’s National Operations Department (NOA) executed a physical raid on Mullvad’s corporate headquarters in Gothenburg. They arrived with a valid search warrant, acting on a mutual legal assistance request from German authorities (specifically the State Criminal Police Office of Mecklenburg-Vorpommern).
German police were tracking a cyberattack originating from a specific Mullvad IP address hosted in Germany. Because the IP traced to Amagicom AB, the Swedish NOA demanded physical access to Mullvad’s servers to seize customer logs, billing records, and active session data tied to that IP.
Technical defiance and empty hands
What happened next is one of the clearest demonstrations of infrastructure-level privacy in VPN history. The Mullvad executive team and legal counsel met the NOA officers and explained the technical reality of the infrastructure.
They demonstrated that:
- No databases existed: No database mapped the requested IP address to any specific 16-digit anonymous account. The association was architecturally impossible.
- No billing correlation: Even if they had an account number, it could not be connected to an individual. Fiat payment data had been purged, and some accounts were funded through untraceable anonymous cash payments.
- Hardware amnesia: Seizing the physical machines would yield a hardened OS running entirely in RAM, with zero persistent storage. The moment power was cut, all data was gone.
Mullvad’s legal counsel successfully argued that under Swedish law, hardware seizure is only lawful when there is a “reasonable expectation” of finding the evidence listed in the warrant. Because Mullvad is structurally incapable of retaining the requested data, a seizure would be a punitive business disruption rather than valid evidence collection.
After consulting the presiding prosecutor by telephone, the Swedish NOA officers conceded. They left the building with zero computers, zero hard drives, and zero customer data. That outcome converted Mullvad’s zero-logs policy from a marketing claim into a court-tested forensic fact.
Unprecedented transparency and independent audits
The VPN industry runs on a trust-but-verify model. Mullvad invites the verification.
Most commercial VPNs hire large accounting firms (PwC, Deloitte) to conduct high-level procedural reviews of logging policies. These audits are superficial and heavily redacted. Mullvad hires dedicated penetration testing teams, publishes the complete, unredacted technical reports publicly, and lets the security community scrutinize the findings.
The big three: Cure53, Radically Open Security, and Assured AB
Mullvad rotates auditing partners to ensure diverse attack methodologies:
- Cure53: The German cybersecurity firm audited Mullvad’s desktop and mobile clients, scrutinizing the WireGuard source code and OS-level firewall integration. They confirmed the Kill Switch’s efficacy and found no mechanisms capable of leaking PII.
- Assured AB: This Swedish firm conducted a penetration test against Mullvad’s VPN infrastructure, focusing on internal APIs, configuration servers, and the backend databases managing the 16-digit anonymous account system. They verified that the database schema mathematically prevents user deanonymization.
- Radically Open Security (ROS): In 2023, this Dutch non-profit security consultancy audited Mullvad’s no-log policies and infrastructure configuration. ROS physically examined server deployment scripts and confirmed that no traffic, DNS, or connection metadata is logged to any persistent storage or centralized syslog server.
When these firms discover vulnerabilities (and they do, consistently), Mullvad does not bury the findings. They publish the vulnerabilities alongside developer notes explaining the patches applied. That transparency demonstrates a mature incident response process that most VPN providers would never replicate with their own auditors.

The Mullvad Browser: defeating browser fingerprinting
A VPN masks your IP address. It does not protect against Browser Fingerprinting, which is how advertising networks (Google, Meta, and hundreds of smaller data brokers) track you across the web without needing your IP. Fingerprinting analyzes your screen resolution, installed fonts, OS version, graphics rendering output, and dozens of other browser parameters to create a unique, persistent identifier.
Mullvad addressed this by collaborating directly with the Tor Project to create the Mullvad Browser.
- The “crowd” anonymity model: The Tor Browser achieves anonymity by making every user look identical. It standardizes window sizes, blocks canvas fingerprinting, and standardizes font rendering across all installations.
- Tor without onion routing: The Mullvad Browser uses the exact same anti-fingerprinting mechanisms developed by the Tor Project, but removes the multi-hop onion routing that makes the Tor network slow. Instead, it routes the sanitized browser traffic through the high-speed Mullvad VPN tunnel.
Server Network & Physical Infrastructure
Bare-metal servers vs. virtual locations

When evaluating VPN infrastructure, the distinction between physical hardware and virtualized environments has direct operational consequences. Many commercial VPNs inflate their server counts (advertising “10,000+ servers in 100+ countries”) by using Virtual Private Servers (VPS) and “Virtual Locations.” A virtual location assigns you an IP registered to India while the physical server handling your data sits in a cheaper, less regulated datacenter in Singapore or the Netherlands.
Mullvad rejects this practice entirely. Every node in the Mullvad network is a physical, bare-metal server. If the client shows you connected to a server in Milan, Italy, the hardware processing your encryption keys is physically bolted into a rack inside a datacenter within the municipal boundaries of Milan.
This adherence to physical reality ensures that users are not inadvertently routing sensitive traffic through hostile jurisdictions, and it guarantees the high-bandwidth, low-latency performance necessary to saturate gigabit connections.
Unrivaled provider transparency
What distinguishes Mullvad as a trusted security tool rather than a generic utility is its transparency regarding supply chain. On the Mullvad website, the “Servers” page is a live, exhaustive database of the entire infrastructure.
For every server (e.g., us-nyc-wg-101), Mullvad publicly lists:
- Server ownership: Is the server physically owned by Amagicom AB, or rented from a vetted third party?
- Hosting provider / ASN: Which datacenter operates the building (DataPacket, M247, 31173 Services AB, Tzulo)?
- Hardware specifications: Does the server use a 1 Gbps, 10 Gbps, or 20 Gbps network uplink?
- Protocol status: Is the server provisioned for WireGuard, Bridge Mode, or DAITA processing?
This granular detail lets network engineers and privacy advocates filter their connections explicitly. If you refuse to route traffic through M247 (a large multinational datacenter operator), the Mullvad client lets you filter the server list to show only servers physically owned and operated by Amagicom AB.
The cost of ideology: geographic gaps
Maintaining a network of roughly 580 RAM-only diskless servers requires rigorous vetting of datacenter partners. Mullvad must confirm the facility has adequate physical security, acceptable peering agreements, and a legal framework that will not allow unauthorized server tampering. Geographic expansion is slow.
Because of these requirements, Mullvad’s network is heavily concentrated in North America and Western Europe.
Analyzing the coverage void
If you regularly travel to or reside outside the NATO/EU sphere, Mullvad’s network presents real constraints:
- Africa: Coverage is practically absent, typically limited to a single location in South Africa. Users elsewhere on the continent face significant latency as traffic routes to European server hubs.
- South America: Coverage is sparse, usually limited to Brazil or Colombia. Users in Argentina, Chile, or Peru face the same cross-continental routing problem as African users.
- Asia and Middle East: Major hubs (Japan, Singapore, Hong Kong) are well-served with 10 Gbps uplinks. Broader regional coverage is thin compared to competitors like ExpressVPN, which uses virtual servers to fill volatile jurisdictions Mullvad will not touch.
Mullvad has determined that deploying insecure, virtualized infrastructure in high-risk environments purely to add dots to a marketing map is an unacceptable architectural compromise. If you need a local IP address in a developing nation or a censorship-heavy regime, and Mullvad has no physical server there, it is the wrong tool for that specific use case. This is not a flaw in their reasoning; it is a consistent application of the same principle that governs every other infrastructure decision they make. Transparency and hardware integrity are non-negotiable, even when the cost is a smaller-looking server map than competitors who will place a virtual server anywhere without disclosing it.
Streaming & Censorship Bypassing

The brutal truth about streaming (Netflix, Hulu, BBC)
Do not purchase Mullvad if your primary goal is streaming geo-blocked content.
The commercial VPN industry markets streaming access heavily. Maintaining it requires an expensive, continuous arms race. When Netflix identifies an IP address belonging to a VPN provider, they ban it. The VPN then purchases new, clean IP addresses to restore access, until those are detected and banned too.
Mullvad refuses to run that race. Their focus is cryptographic privacy and defense against mass surveillance. Dedicating engineering resources to cycling IPs for Hulu directly conflicts with the goal of maintaining a stable, transparent, and forensically clean network.
Why do streaming services block Mullvad so easily?
Streaming services use commercial IP classification databases (MaxMind, IP2Location) to categorize every IP address as “Residential” (belonging to a home ISP like Comcast or BT) or “Datacenter/Hosting” (belonging to server infrastructure like AWS, DigitalOcean, or M247).
Mullvad is transparent about its infrastructure. It uses high-speed datacenter providers. Netflix’s detection algorithms flag these immediately: a user connecting from a datacenter IP associated with M247 is not a person living in a datacenter. Block the connection.
Because Mullvad does not use residential botnet proxies and does not aggressively cycle its IP pool, their server IPs stay on major streaming blacklists indefinitely.
The definitive streaming failure list
During direct testing, Mullvad consistently triggered proxy-error messages across these platforms:
- Netflix: Consistent failures across US, UK, and JP libraries. You may occasionally access Netflix Originals, which are not geo-restricted, but any licensed regional content is blocked.
- Hulu: Total failure. Hulu has one of the most aggressive datacenter IP blocks in the industry.
- Disney+: Frequent infinite loading screens or outright login failures on all tested server locations.
- BBC iPlayer: Total failure. BBC actively blocks all known Mullvad UK server IPs.
- Amazon Prime Video: Highly inconsistent. Typically defaults to regional restrictions or proxy errors, with occasional brief access before detection.
If streaming is a regular use case, look to commercially focused alternatives like NordVPN, Surfshark, or ExpressVPN, which dedicate significant budgets to maintaining clean streaming IPs.
Bypassing the Great Firewall and DPI
Where Mullvad ignores commercial streaming firewalls, it is highly aggressive against state-level censorship and Deep Packet Inspection. Authoritarian regimes (China, Iran, Russia) do not simply block IP addresses. They analyze the mathematical shape of data crossing their national borders.
Standard OpenVPN and WireGuard handshakes carry distinctive cryptographic signatures. A state firewall recognizes the signature of a VPN connection and drops the packets before they reach the destination. Mullvad deploys specialized obfuscation technologies to survive in these environments.
Bridge Mode and Shadowsocks integration
Mullvad’s primary tool against the Great Firewall of China is Bridge Mode, which uses Shadowsocks technology.
Shadowsocks is an open-source, encrypted proxy protocol originally developed by a Chinese programmer to bypass the Great Firewall. It does not operate like a traditional VPN. Rather than establishing an easily identifiable cryptographic tunnel, Shadowsocks uses a lightweight SOCKS5 proxy to obfuscate data as ordinary HTTPS traffic.
When you enable Bridge Mode in the Mullvad client:
- Your traffic is encrypted locally.
- The client wraps the encrypted traffic inside a Shadowsocks proxy layer.
- The wrapped traffic is sent to a specialized Mullvad Bridge Server.
- To the state firewall’s DPI system, this traffic looks like standard HTTPS web traffic heading toward a random server. It carries no VPN handshake fingerprint.
- Once the traffic clears the national firewall and reaches the Bridge Server, the Shadowsocks wrapper is removed and the traffic enters the standard Mullvad VPN network.
This multi-stage obfuscation passes direct testing in restricted environments, allowing users to access the open internet without triggering automated state detection systems.
TCP vs. UDP: defeating corporate firewalls
Not all censorship is state-sponsored. Hotel, university, and corporate Wi-Fi networks often block VPN connections using simple port filtering: all UDP traffic is blocked, with only TCP Port 80 (HTTP) and TCP Port 443 (HTTPS) permitted.
Mullvad defeats these local restrictions by allowing users to manually force the VPN connection to use TCP over Port 443. The corporate router then sees encrypted traffic moving across the standard port used for online banking and e-commerce. The firewall cannot distinguish between your Mullvad tunnel and a standard TLS session to your bank’s website.
Customer Support & Documentation

The absence of live chat
In an industry where 24/7 live chat has become a standard marketing checkbox, Mullvad’s complete lack of real-time support is a visible gap for the average consumer. If you encounter a routing issue at 2:00 AM on a Sunday, you will wait for a response.
From an operational security perspective, that absence is a deliberate architectural decision. Providing 24/7 live chat requires outsourcing support to large third-party platforms (Zendesk, Intercom, Freshdesk). These platforms log IP addresses, browser metadata, and chat transcripts by default. By refusing to implement live chat, Mullvad eliminates a third-party data retention vector that would otherwise sit outside their control.
Secure communication through PGP-encrypted email
Mullvad’s support infrastructure relies entirely on asynchronous email ([email protected]). Response times follow Swedish business hours. The quality of support compensates: you are not interacting with a Tier-1 contractor working from a script. You are typically communicating with Tier-2 or Tier-3 network engineers who can address technical specifics directly.
For users in hostile environments (investigative journalists, activists in censorship-heavy regimes), standard email is vulnerable to interception. Mullvad publishes their public PGP (Pretty Good Privacy) key on their website. You can encrypt your support query locally before sending it, ensuring only Mullvad staff with the corresponding private key can read the ticket contents. This level of support security is almost entirely absent from the commercial VPN sector.
Open-source documentation
Mullvad’s approach to user education resembles a Linux distribution wiki more than a consumer product manual. The official Help Center is dense, technical, and free of marketing language.
If you need to manually configure a DD-WRT router, implement a custom SOCKS5 proxy through the command-line interface, or adjust MTU clamping for a specific WireGuard interface, the documentation provides the exact terminal commands required. Novice users may find it overwhelming. Network administrators will appreciate the specificity.
FAQ
Why is Mullvad blocked by Netflix?
Mullvad suffers from severe streaming unblocking failures because they use transparent, high-speed datacenter IPs rather than deceptive residential proxies. Streaming services like Netflix easily identify and block these datacenter IPs.
How does the 16-digit anonymous account work?
Instead of using an email and password, Mullvad generates a random 16-digit number that acts as your sole authentication token. This mathematically prevents the company from linking your VPN usage to your real-world identity.
What is Mullvad DAITA?
DAITA (Defense Against AI-guided Traffic Analysis) is a proprietary feature that pads packet sizes and injects background noise into your connection. It is designed to blind AI-driven Deep Packet Inspection (DPI) systems attempting to profile your encrypted traffic.
Does Mullvad work in China?
Yes, but it requires manual configuration. Users in highly censored regions must utilize Bridge Mode, which wraps the VPN connection in a Shadowsocks proxy to disguise the traffic and bypass the Great Firewall.
Why am I getting so many CAPTCHAs with Mullvad?
You will face frequent CAPTCHA verification issues because Mullvad’s shared datacenter IPs are often flagged by Web Application Firewalls (like Cloudflare) due to the high volume of anonymous traffic originating from them.
Is Mullvad good for gaming?
Yes, for local servers. By utilizing fast bare-metal servers and WireGuard, Mullvad adds minimal latency (ping) for gaming, though competitive players must manually tweak their MTU size to prevent packet fragmentation.