Mullvad Review

Disclaimer: The below review is my opinion, which I will try to provide as many examples for and as much evidence as possible to support.  Readers can learn more about how I conduct my reviews, my methodology, etc – here.  More information on review badges here.

This is the first VPN review in which I’ve let my Patreon supporters choose the service I will be taking a look at.  For those who are unaware, patrons supporting That One Privacy Site at the $5/month level or higher are able to nominate a service in between reviews that use open-to-all nominations.  Normally this would still involve a random selection, but as I currently only have one patron at this tier, their nomination wins by default, lucky them!

Written October 3, 2017

Signing up for the service: When first visiting Mullvad’s site, I was impressed by its elegance.  Oftentimes, VPN company websites are bogged down in marketing nonsense.  Mullvad’s site has a few sections, separated by a lot of whitespace, which keeps things nice and clean looking while still providing useful information about their company and product.  Instead of a giant “BUY NOW, HERE’S OUR PLANS” banner, riddled with a long feature list – they have a subdued, yellow button in the upper right hand corner of the page, which stands out enough for someone looking to sign up.  In literally 2 seconds, you can have an account created without having to provide ANYTHING – no name, no email address, no personal info of any kind.  This is because Mullvad uses a token based system – which is genius for anyone concerned with privacy.

Your token, a long numerical code, serves as both your username and password.  Paired with this fairly rare safeguard, are mulitple private payment methods, including cash and Bitcoin (although, some will note that Bitcoin is not entirely anonymous).  On the same page your token is given, you are taken straight to your user portal, in which you can manage port settings for the account, pay for service if you wish, and read through their selection of setup guides.  Everything that should be in a VPN user portal felt like it was in one place, and the process naturally takes you there without having to dig through endless sub-menus or scour the footer of the site.  When you want to get back to this area from a cold start, you only have to enter your token into the main page of the site.  This is EXCELLENT design.  Security and privacy are maintained, the user doesn’t even have to think about it, and everything flows from one simple action.

Furthermore, when you are ready to download config files, you are two clicks away from a config file generator!  I always love this feature when a service will take the time to build it.  It makes downloading specific configurations super easy and, like their site design as a whole, Mullvad’s is one of the more elegant ones I’ve seen.  It doesn’t bog you down with too many confusing options and you are able to choose platform, region, and port/protocol from a few drop-downs, then download your file.  Other VPN companies reading this – if you don’t already have one, make a config file generator, I love them and your customers will thank you!

The only complaint I have with their setup is that a full package of all configs wasn’t available to download.  Having them all downloadable at once is a convenient way to manage connections without having to go back to the user portal when you want to change, or to download them all one at a time from the start, which would be inconvenient.  I know that if you choose to use the official client, you’re afforded more flexibility.  But as per the reasons discussed in my methodology, I prefer a purely manual connection.

Configuring the service: Getting the config files was a snap using the generator mentioned above, and configs were properly set up for their given platform (inline certs for mobile, etc).  Configs showed proper dumping of IPv6 routes (an often overlooked precaution).  Strong ciphers were used by default, and everything connected and ran stable.  They even discuss in various guides and blog posts, the future of their product with protocols such as WireGuard.  You couldn’t ask for more and it felt like the tech team behind Mullvad are forward facing and really know what they’re doing.  There are even some companies I’d consider very good that don’t go to some of these lengths or considerations.  More on speeds below.

Speed & Stability tests: Speeds on the US server tested were EXCELLENT, and international speeds were pretty good, but not fantastic (14.29% speeds retained compared to my “excellent” bar of 20%).  All tests run using AES-256 over UDP.  (The strong default cipher requires heavier on-the-fly encryption, which could be one possible reason).  Speeds were very consistent accross all trials and all servers with an exception or two.  Needless to say, I was very impressed.  Speeds on mobile were slower, but again, I chalk that up to the heavy encryption being used and the mobile hardware being the real bottleneck.

Speed Tests – Mullvad – Desktop
    Latency Download Upload
No VPN Trial 1 30 ms 190.71 mbps 10.57 mbps
Trial 2 31 ms 183.81 mbps 10.86 mbps
Trial 3 30 ms 193.24 mbps 10.65 mbps
Average 30 ms 189.25 mbps 10.69 mbps
USA Trial 1 35 ms 177.07 mbps 10.13 mbps
Trial 2 36 ms 173.08 mbps 10.24 mbps
Trial 3 33 ms 180.72 mbps 10.14 mbps
Average 35 ms 176.96 mbps 10.17 mbps
Comp to Bench +4 ms 93.50% 95.11%
UK Trial 1 279 ms 34.66 mbps 6.82 mbps
Trial 2 280 ms 33.60 mbps 5.85 mbps
Trial 3 283 ms 35.99 mbps 6.32 mbps
Average 281 ms 34.75 mbps 6.33 mbps
Comp to Bench +250 ms 18.36% 59.20%
Hong Kong Trial 1 354 ms 26.17 mbps 3.22 mbps
Trial 2 355 ms 19.31 mbps 3.17 mbps
Trial 3 353 ms 28.32 mbps 3.25 mbps
Average 354 ms 24.60 mbps 3.21 mbps
Comp to Bench +324 ms 13.00% 30.05%
Australia Trial 1 413 ms 21.95 mbps 2.08 mbps
Trial 2 414 ms 21.81 mbps 2.01 mbps
Trial 3 413 ms 21.52 mbps 2.10 mbps
Average 413 ms 21.76 mbps 2.06 mbps
Comp to Bench +383 ms 11.50% 19.30%
Speed Tests – Mullvad – Mobile
    Latency Download Upload
No VPN Trial 1 31 ms 116.43 mbps 10.87 mbps
Trial 2 32 ms 121.99 mbps 11.14 mbps
Trial 3 33 ms 122.59 mbps 10.96 mbps
Average 32 ms 120.34 mbps 10.99 mbps
USA Trial 1 42 ms 17.53 mbps 10.46 mbps
Trial 2 34 ms 22.07 mbps 10.47 mbps
Trial 3 32 ms 21.37 mbps 10.46 mbps
Average 36 ms 20.32 mbps 10.46 mbps
Comp to Bench +4 ms 16.89% 95.21%
UK Trial 1 281 ms 4.06 mbps 11.48 mbps
Trial 2 284 ms 4.73 mbps 11.20 mbps
Trial 3 278 ms 8.30 mbps 10.55 mbps
Average 281 ms 5.70 mbps 11.08 mbps
Comp to Bench +249 ms 4.73% 100.79%
Hong Kong Trial 1 366 ms 4.33 mbps 11.66 mbps
Trial 2 355 ms 3.76 mbps 12.49 mbps
Trial 3 406 ms 4.07 mbps 12.20 mbps
Average 376 ms 4.05 mbps 12.12 mbps
Comp to Bench +344 ms 3.37% 110.25%
Australia Trial 1 415 ms 3.80 mbps 6.99 mbps
Trial 2 416 ms 3.02 mbps 6.00 mbps
Trial 3 414 ms 4.00 mbps 5.89 mbps
Average 415 ms 3.61 mbps 6.29 mbps
Comp to Bench +383 ms 3.00% 57.26%

Getting support: Sometimes at this stage in past reviews, a config file doesn’t work or maybe the website is really obtuse and confusing.  When these kinds of things occur, there is a legitimate need for support.  Things went as smooth as could be to this point in the review, so I simply reached out with some general questions to gauge their response time, helpfulness, and detail.  I heard back within 24 hours (which I think is reasonable), but I confirmed with their support rep that support hours are on Swedish time, which could make getting quick support frustrating for non-European customers.  The answers I received from Mullvad’s support rep were quite helpful and personal, (compared to a lot of companies sending a canned response or simply a link to some knowledgebase article buried deep on their site).

Getting a refund: As I was able to perform my tests using a free trial of the service, no refund was requested, however the service states in their terms a 30 day refund policy which is very reasonable.

Concerns in Terms & Conditions / Privacy Policy: Perhaps I shouldn’t be surprised, but Mullvad’s terms were short and sweet.  They clearly made known their stance on privacy and as far as logging, do EXACTLY what they should and instead of falling back on the “we log nothing” trap (with which you will see other companies contradicting themselves), they tell you EXACTLY what they do.  From their privacy policy, they link to a complete article about what they don’t log and how they achieve it.  This inspires confidence in the potential and current customer alike.  I love when companies are clear about this and Mullvad is clear as crystal.  They explain from a server standpoint what is done, and WHY they don’t want to keep logs on you.  Their token system and what it’s important to their philosophy are also explained.

Details that would normally be on a lengthy Terms of Service page, were covered between their Privacy Policy and FAQs pages.  This makes the info you are looking for well broken out and easy to find.  If you want to see more details, almost every entry has a guide page associated with it.

Final thoughts: Mullvad easily has one of the best VPNs I’ve ever seen or used.  They tick almost all of the boxes for me – and they still charge a reasonable amount for their product.

This isn’t to say that the service is perfect (although it’s come closer than any of the other services I’ve looked at).  International speeds were not quite up to the high standard set by the US server tested, (but were still decent).  I also would love to see an option to download all VPN configs as a bundle to avoid the need to download them each at a time.  While support was personal and helpful, it was disappointing to find out about its European business schedule – some companies provide a live chat service which makes support all but instant.  Still, it could be worse – they key is negating the need for support, and I think Mullvad, by having a solid and simple service and site have probably done about all they can in this regard.

Mullvad intentionnally does not participate in an affiliate program – which is a hard temptation to avoid in this industry.  I’m glad to give kudos to companies that are willing to sacrifice a little “easy money” to not contribute to the plague of irresponsible and unethical advertising that rains down on theirs and other companies’ potential customers.

I’m therefore pleased to announce for the first time in 36 reviews, that Mullvad has received not only the badges described above, but the “TOPG Choice” badge.  I have not awarded this badge previously.  If you’ve been with me for a while and reading my reviews, you’ll know that I don’t give out badges willy nilly.  A company has to earn them – and Mullvad has managed to earn almost all of them!

Update (10-4-2017): Mullvad has reached out me to let me know that they have implemented a “download all configs” option for their config file generator, and I have confirmed (In less than 24 hours since releasing the review)  Well done!  I have updated the review accordingly!

JURISDICTION Based In (Country) Sweden
Fourteen Eyes? Fourteen
Enemy of the Internet No
LOGGING Logs Traffic No
Logs DNS Requests No
Logs Timestamps No
Logs Bandwidth No
Logs IP Address No
ACTIVISM Anonymous Payment Method Yes
Accepts Bitcoin Yes
PGP Key Available Yes
Gives back to Privacy Causes Yes
Meets PrivacyTools IO Criteria Yes
LEAK PROTECTION 1st Party DNS Servers Yes
IPv6 Supported / Blocked Yes
  Offers OpenVPN Yes
OBFUSCATION Supports Multihop Yes
Supports TCP Port 443 Yes
Supports Obfsproxy Yes
Supports SOCKS Yes
Supports SSL Tunnel Yes
Supports SSH Tunnel Yes
Other Proprietary Protocols Yes
P2P No
SPEEDS US Server Average % 93.50
Int’l Server Average % 14.29
SERVERS Dedicated or Virtual Dedicated
SECURITY Default Data Encryption AES-256
Strongest Data Encryption AES-256
Weakest Handshake Encryption RSA-4096
Strongest Handshake Encryption RSA-4096
AVAILABILITY # of Connections 5
# of Countries 20
# of Servers 82
Linux Support (Manual) Yes
WEBSITE # of Persistent Cookies 1
# of External Trackers 0
# of Proprietary APIs 0
Server SSL Rating A+
SSL Cert issued to Self
PRICING $ / Month (Annual Pricing) $5.44
$ / Connection / Month $1.09
Free Trial Yes
Refund Period (Days) 30
ETHICS Contradictory Logging Policies
Falsely Claims 100% Effective
Incentivizes Social Media Spam
POLICIES Forbids Spam
Requires Ethical Copy
Requires Full Disclosure
AFFILIATES Practice Ethical Copy
Give Full Disclosure

If you like the project and find my work useful, please consider donating – your generous contributions help pay for the hosting, tools, and time I need to do my research and keep the data fresh.

Popular Posts

The Next Big Step(s) for That One Privacy Site

Written Dec 6, 2018 A few years ago, my desire for privacy grew and I started trying to change my digital habits. During this transformation, I discovered the need to opt out of unlawful mass surveill...

Read more

PayPal is a Kafkaesque Nightmare

“Hey, TOPG, what the heck?  You’ve been off the radar for a couple of months, when’s the next review?”  Quick version – “Life has been hectic (in part due...

Read more