> service provider may claim to not store any user data, but they could be lying.
As someone who ran a VPN in the past, this blog post is extremely strange as well as the purported described sequence of events.
Police in any jurisdiction aren’t jokes - especially not Sweden where they can absolutely walk in and take your stuff according to mullvads website [1].
It’s 2023 - if a VPN is how you’re doing your privacy you’re probably doing it wrong.
I'm satisfied with the transparency Mullvad has shown by publishing its 9 audits[1] and with their efforts to ask for as little information from users as possible. I also appreciate how Mullvad releases up-to-date source code for all of its software clients, which I consider a bare minimum for any VPN to even be considered.[2]
Private Internet Access, on the other hand, does not release up-to-date source code for its software clients:
- PIA Android client: latest source release v3.14.0 (Mar 18, 2022) vs. latest Google Play release v3.18.0 (Feb 22, 2023)[3]
- PIA iOS client: latest source release v3.14.0 (Mar 18, 2022) vs. latest App Store release v3.20.0 (Mar 1, 2023)[4]
- PIA browser extension: latest source release v3.1.0 (May 31, 2021) vs. latest Chrome Web Store release v3.2.0 (March 8, 2022)[6]
It's not clear to me how much of a say you still have in PIA's operations, but if you have any influence, I kindly ask you to direct them to release the source code of PIA's clients on time, every time a new client version is released. Open sourcing PIA's clients was something you promised PIA would do to reassure customers after PIA was acquired by the former adware/malware distributor Kape Technologies.[7]
commoner - Thank you for this comment, and I think it's definitely fair to trust in Mullvad given these transparencies. The sequence of events are simply peculiar to me, and doesn't seem like a professional police operation. That said, I've been keenly watching Mullvad and agree with you that it's rock-solid in transparency which is the number one reason to use/not use a VPN service, if for privacy.
I salute Mullvad and consider it to be the top VPN in the world today, and specifically, the only one I would recommend to anyone looking for a VPN.
In terms of PIA, I am no longer affiliated with the company, but I agree that getting the source out for the clients out on time is something they should try to address quickly.
gerbilly (another poster in parallel) - In 2023, I don't think a VPN is not private, but, for sure this cannot be the only tool in one's arsenal to secure their privacy. Depending on your threat-levels, there are different things you may want to do. To be clear, if you're being targeted, you cannot maintain privacy.
For the absolutist:
1. Get cash but not from an ATM (traceable)
2. Go buy a computer (must be Purism or something with trustworthy hardware) with said cash but wear a disguise when buying it. Disable all the location/etc. stuff at store parking lot.
3. Purchase a T-Mobile Prepaid Hotspot with cash.
4. Purchase mullvad, but wear gloves, mask and a hairnet when working with the envelope to send cash.
5. Never login to any service of any kind that would leak your identity.
These are pretty serious allegations, and as the ex-CIO of PIA, you certainly have the credibility to make them. However, drip-feeding various circumstantial links do not really help your case, and HN comments is not the best medium to make them.
I'd suggest creating a website or page, and writing out your allegations in detail and instead linking that here.
As someone who ran a VPN in the past, this blog post is extremely strange as well as the purported described sequence of events.
Police in any jurisdiction aren’t jokes - especially not Sweden where they can absolutely walk in and take your stuff according to mullvads website [1].
It’s 2023 - if a VPN is how you’re doing your privacy you’re probably doing it wrong.
Don’t trust. Verify.
[1] https://mullvad.net/en/help/swedish-legislation/