Disclaimer: The below review is my opinion, which I will try to provide as many examples for and as much evidence as possible to support. Readers can learn more about how I conduct my reviews, my methodology, etc – here. More information on review badges here.
This is the first VPN review in which I’ve let my Patreon supporters choose the service I will be taking a look at. For those who are unaware, patrons supporting That One Privacy Site at the $5/month level or higher are able to nominate a service in between reviews that use open-to-all nominations. Normally this would still involve a random selection, but as I currently only have one patron at this tier, their nomination wins by default, lucky them!
Written October 3, 2017
Signing up for the service: When first visiting Mullvad’s site, I was impressed by its elegance. Oftentimes, VPN company websites are bogged down in marketing nonsense. Mullvad’s site has a few sections, separated by a lot of whitespace, which keeps things nice and clean looking while still providing useful information about their company and product. Instead of a giant “BUY NOW, HERE’S OUR PLANS” banner, riddled with a long feature list – they have a subdued, yellow button in the upper right hand corner of the page, which stands out enough for someone looking to sign up. In literally 2 seconds, you can have an account created without having to provide ANYTHING – no name, no email address, no personal info of any kind. This is because Mullvad uses a token based system – which is genius for anyone concerned with privacy.
Your token, a long numerical code, serves as both your username and password. Paired with this fairly rare safeguard, are mulitple private payment methods, including cash and Bitcoin (although, some will note that Bitcoin is not entirely anonymous). On the same page your token is given, you are taken straight to your user portal, in which you can manage port settings for the account, pay for service if you wish, and read through their selection of setup guides. Everything that should be in a VPN user portal felt like it was in one place, and the process naturally takes you there without having to dig through endless sub-menus or scour the footer of the site. When you want to get back to this area from a cold start, you only have to enter your token into the main page of the site. This is EXCELLENT design. Security and privacy are maintained, the user doesn’t even have to think about it, and everything flows from one simple action.
Furthermore, when you are ready to download config files, you are two clicks away from a config file generator! I always love this feature when a service will take the time to build it. It makes downloading specific configurations super easy and, like their site design as a whole, Mullvad’s is one of the more elegant ones I’ve seen. It doesn’t bog you down with too many confusing options and you are able to choose platform, region, and port/protocol from a few drop-downs, then download your file. Other VPN companies reading this – if you don’t already have one, make a config file generator, I love them and your customers will thank you!
The only complaint I have with their setup is that a full package of all configs wasn’t available to download. Having them all downloadable at once is a convenient way to manage connections without having to go back to the user portal when you want to change, or to download them all one at a time from the start, which would be inconvenient. I know that if you choose to use the official client, you’re afforded more flexibility. But as per the reasons discussed in my methodology, I prefer a purely manual connection.
Configuring the service: Getting the config files was a snap using the generator mentioned above, and configs were properly set up for their given platform (inline certs for mobile, etc). Configs showed proper dumping of IPv6 routes (an often overlooked precaution). Strong ciphers were used by default, and everything connected and ran stable. They even discuss in various guides and blog posts, the future of their product with protocols such as WireGuard. You couldn’t ask for more and it felt like the tech team behind Mullvad are forward facing and really know what they’re doing. There are even some companies I’d consider very good that don’t go to some of these lengths or considerations. More on speeds below.
Speed & Stability tests: Speeds on the US server tested were EXCELLENT, and international speeds were pretty good, but not fantastic (14.29% speeds retained compared to my “excellent” bar of 20%). All tests run using AES-256 over UDP. (The strong default cipher requires heavier on-the-fly encryption, which could be one possible reason). Speeds were very consistent accross all trials and all servers with an exception or two. Needless to say, I was very impressed. Speeds on mobile were slower, but again, I chalk that up to the heavy encryption being used and the mobile hardware being the real bottleneck.
| Speed Tests – Mullvad – Desktop | |||||||
| Latency | Download | Upload | |||||
| No VPN | Trial 1 | 30 | ms | 190.71 | mbps | 10.57 | mbps |
| Trial 2 | 31 | ms | 183.81 | mbps | 10.86 | mbps | |
| Trial 3 | 30 | ms | 193.24 | mbps | 10.65 | mbps | |
| Average | 30 | ms | 189.25 | mbps | 10.69 | mbps | |
| USA | Trial 1 | 35 | ms | 177.07 | mbps | 10.13 | mbps |
| Trial 2 | 36 | ms | 173.08 | mbps | 10.24 | mbps | |
| Trial 3 | 33 | ms | 180.72 | mbps | 10.14 | mbps | |
| Average | 35 | ms | 176.96 | mbps | 10.17 | mbps | |
| Comp to Bench | +4 | ms | 93.50% | 95.11% | |||
| UK | Trial 1 | 279 | ms | 34.66 | mbps | 6.82 | mbps |
| Trial 2 | 280 | ms | 33.60 | mbps | 5.85 | mbps | |
| Trial 3 | 283 | ms | 35.99 | mbps | 6.32 | mbps | |
| Average | 281 | ms | 34.75 | mbps | 6.33 | mbps | |
| Comp to Bench | +250 | ms | 18.36% | 59.20% | |||
| Hong Kong | Trial 1 | 354 | ms | 26.17 | mbps | 3.22 | mbps |
| Trial 2 | 355 | ms | 19.31 | mbps | 3.17 | mbps | |
| Trial 3 | 353 | ms | 28.32 | mbps | 3.25 | mbps | |
| Average | 354 | ms | 24.60 | mbps | 3.21 | mbps | |
| Comp to Bench | +324 | ms | 13.00% | 30.05% | |||
| Australia | Trial 1 | 413 | ms | 21.95 | mbps | 2.08 | mbps |
| Trial 2 | 414 | ms | 21.81 | mbps | 2.01 | mbps | |
| Trial 3 | 413 | ms | 21.52 | mbps | 2.10 | mbps | |
| Average | 413 | ms | 21.76 | mbps | 2.06 | mbps | |
| Comp to Bench | +383 | ms | 11.50% | 19.30% | |||
| Speed Tests – Mullvad – Mobile | |||||||
| Latency | Download | Upload | |||||
| No VPN | Trial 1 | 31 | ms | 116.43 | mbps | 10.87 | mbps |
| Trial 2 | 32 | ms | 121.99 | mbps | 11.14 | mbps | |
| Trial 3 | 33 | ms | 122.59 | mbps | 10.96 | mbps | |
| Average | 32 | ms | 120.34 | mbps | 10.99 | mbps | |
| USA | Trial 1 | 42 | ms | 17.53 | mbps | 10.46 | mbps |
| Trial 2 | 34 | ms | 22.07 | mbps | 10.47 | mbps | |
| Trial 3 | 32 | ms | 21.37 | mbps | 10.46 | mbps | |
| Average | 36 | ms | 20.32 | mbps | 10.46 | mbps | |
| Comp to Bench | +4 | ms | 16.89% | 95.21% | |||
| UK | Trial 1 | 281 | ms | 4.06 | mbps | 11.48 | mbps |
| Trial 2 | 284 | ms | 4.73 | mbps | 11.20 | mbps | |
| Trial 3 | 278 | ms | 8.30 | mbps | 10.55 | mbps | |
| Average | 281 | ms | 5.70 | mbps | 11.08 | mbps | |
| Comp to Bench | +249 | ms | 4.73% | 100.79% | |||
| Hong Kong | Trial 1 | 366 | ms | 4.33 | mbps | 11.66 | mbps |
| Trial 2 | 355 | ms | 3.76 | mbps | 12.49 | mbps | |
| Trial 3 | 406 | ms | 4.07 | mbps | 12.20 | mbps | |
| Average | 376 | ms | 4.05 | mbps | 12.12 | mbps | |
| Comp to Bench | +344 | ms | 3.37% | 110.25% | |||
| Australia | Trial 1 | 415 | ms | 3.80 | mbps | 6.99 | mbps |
| Trial 2 | 416 | ms | 3.02 | mbps | 6.00 | mbps | |
| Trial 3 | 414 | ms | 4.00 | mbps | 5.89 | mbps | |
| Average | 415 | ms | 3.61 | mbps | 6.29 | mbps | |
| Comp to Bench | +383 | ms | 3.00% | 57.26% | |||
Getting support: Sometimes at this stage in past reviews, a config file doesn’t work or maybe the website is really obtuse and confusing. When these kinds of things occur, there is a legitimate need for support. Things went as smooth as could be to this point in the review, so I simply reached out with some general questions to gauge their response time, helpfulness, and detail. I heard back within 24 hours (which I think is reasonable), but I confirmed with their support rep that support hours are on Swedish time, which could make getting quick support frustrating for non-European customers. The answers I received from Mullvad’s support rep were quite helpful and personal, (compared to a lot of companies sending a canned response or simply a link to some knowledgebase article buried deep on their site).
Getting a refund: As I was able to perform my tests using a free trial of the service, no refund was requested, however the service states in their terms a 30 day refund policy which is very reasonable.
Concerns in Terms & Conditions / Privacy Policy: Perhaps I shouldn’t be surprised, but Mullvad’s terms were short and sweet. They clearly made known their stance on privacy and as far as logging, do EXACTLY what they should and instead of falling back on the “we log nothing” trap (with which you will see other companies contradicting themselves), they tell you EXACTLY what they do. From their privacy policy, they link to a complete article about what they don’t log and how they achieve it. This inspires confidence in the potential and current customer alike. I love when companies are clear about this and Mullvad is clear as crystal. They explain from a server standpoint what is done, and WHY they don’t want to keep logs on you. Their token system and what it’s important to their philosophy are also explained.
Details that would normally be on a lengthy Terms of Service page, were covered between their Privacy Policy and FAQs pages. This makes the info you are looking for well broken out and easy to find. If you want to see more details, almost every entry has a guide page associated with it.
Final thoughts: Mullvad easily has one of the best VPNs I’ve ever seen or used. They tick almost all of the boxes for me – and they still charge a reasonable amount for their product.
This isn’t to say that the service is perfect (although it’s come closer than any of the other services I’ve looked at). International speeds were not quite up to the high standard set by the US server tested, (but were still decent). I also would love to see an option to download all VPN configs as a bundle to avoid the need to download them each at a time. While support was personal and helpful, it was disappointing to find out about its European business schedule – some companies provide a live chat service which makes support all but instant. Still, it could be worse – they key is negating the need for support, and I think Mullvad, by having a solid and simple service and site have probably done about all they can in this regard.
Mullvad intentionnally does not participate in an affiliate program – which is a hard temptation to avoid in this industry. I’m glad to give kudos to companies that are willing to sacrifice a little “easy money” to not contribute to the plague of irresponsible and unethical advertising that rains down on theirs and other companies’ potential customers.
I’m therefore pleased to announce for the first time in 36 reviews, that Mullvad has received not only the badges described above, but the “TOPG Choice” badge. I have not awarded this badge previously. If you’ve been with me for a while and reading my reviews, you’ll know that I don’t give out badges willy nilly. A company has to earn them – and Mullvad has managed to earn almost all of them!
Update (10-4-2017): Mullvad has reached out me to let me know that they have implemented a “download all configs” option for their config file generator, and I have confirmed (In less than 24 hours since releasing the review) Well done! I have updated the review accordingly!
| FROM THE VPN COMPARISON CHART | ||
| CATEGORY | VPN SERVICE | Mullvad |
| JURISDICTION | Based In (Country) | Sweden |
| Fourteen Eyes? | Fourteen | |
| Enemy of the Internet | No | |
| LOGGING | Logs Traffic | No |
| Logs DNS Requests | No | |
| Logs Timestamps | No | |
| Logs Bandwidth | No | |
| Logs IP Address | No | |
| ACTIVISM | Anonymous Payment Method | Yes |
| Accepts Bitcoin | Yes | |
| PGP Key Available | Yes | |
| Gives back to Privacy Causes | Yes | |
| Meets PrivacyTools IO Criteria | Yes | |
| LEAK PROTECTION | 1st Party DNS Servers | Yes |
| IPv6 Supported / Blocked | Yes | |
| Offers OpenVPN | Yes | |
| OBFUSCATION | Supports Multihop | Yes |
| Supports TCP Port 443 | Yes | |
| Supports Obfsproxy | Yes | |
| Supports SOCKS | Yes | |
| Supports SSL Tunnel | Yes | |
| Supports SSH Tunnel | Yes | |
| Other Proprietary Protocols | Yes | |
| PORT BLOCKING | Auth SMTP | No |
| P2P | No | |
| SPEEDS | US Server Average % | 93.50 |
| Int’l Server Average % | 14.29 | |
| SERVERS | Dedicated or Virtual | Dedicated |
| SECURITY | Default Data Encryption | AES-256 |
| Strongest Data Encryption | AES-256 | |
| Weakest Handshake Encryption | RSA-4096 | |
| Strongest Handshake Encryption | RSA-4096 | |
| AVAILABILITY | # of Connections | 5 |
| # of Countries | 20 | |
| # of Servers | 82 | |
| Linux Support (Manual) | Yes | |
| WEBSITE | # of Persistent Cookies | 1 |
| # of External Trackers | 0 | |
| # of Proprietary APIs | 0 | |
| Server SSL Rating | A+ | |
| SSL Cert issued to | Self | |
| PRICING | $ / Month (Annual Pricing) | $5.44 |
| $ / Connection / Month | $1.09 | |
| Free Trial | Yes | |
| Refund Period (Days) | 30 | |
| ETHICS | Contradictory Logging Policies | |
| Falsely Claims 100% Effective | ||
| Incentivizes Social Media Spam | ||
| POLICIES | Forbids Spam | |
| Requires Ethical Copy | ||
| Requires Full Disclosure | ||
| AFFILIATES | Practice Ethical Copy | |
| Give Full Disclosure | ||
If you like the project and find my work useful, please consider donating – your generous contributions help pay for the hosting, tools, and time I need to do my research and keep the data fresh.