Is Mullvad better than NordVPN?

Is Mullvad really anonymous?

Mullvad makes it easy to create secure, private and anonymous internet connections through the use of a number of protocols and tools.

Is this really that anonymous? Some people have compared Mullvad to Tor, which is a much bigger name in the anonymity business. But how similar or different is this and who benefits from such a setup? You are now about to go into an encrypted tunnel, through which you can exchange data with other machines anonymously and privately. This is great for online banking, online payments, or simply to browse on a site where a lot of people are logged in as admins and operators. It also helps protect against prying eyes on traffic you send out to the wider internet.

This also means that your traffic gets around local proxy firewalls that most ISPs set up. What kind of traffic are we talking about? A lot of traffic can be sent anonymously through a secure tunnel, but at the same time most normal users will be rather oblivious to what's going on under the hood. They're just going about their day while the connection keeps their information secure.

It also protects against traffic from a certain website, because it will not be visible to the ISP. The more interesting users are those that use anonymizing services like VPNs and proxy servers. These services route the data through a VPN server somewhere else in the world, often based on countries that have better internet access or more liberal censorship.

The benefit of such a setup is that it has no record whatsoever of the data that you are sending. It can route the traffic without even knowing that your IP address is from Iceland, or that you're from New Zealand or wherever you might be going.

So how does it work? As soon as you click on the link to a site that hosts sensitive material, your traffic is routed through a VPN server. If your traffic comes from Iceland, it will be routed to some server in Australia.

If your traffic comes from somewhere more strict, such as New Zealand, it will be sent to an Icelandic server first. The VPN server forwards the traffic to the site, and returns the response back to your computer. The response might also go to the VPN server and back again.

What is the Mullvad controversy?

It's a relatively new issue: It began in 2025 when a Mullvad, a service offered through the Tor network, was used by a Russian agent to hack the Democratic National Committee.

In the end, the FBI tracked the IP address associated with the DNC breach to a location in Sweden, and the suspect was later arrested.

As per Swedish law, the police seized the servers in question and handed them over to the FRA (National Defence Agency) in charge of technical surveillance. This is where the problem arises, as the FRA used an old version of the server software (2.5.18) for their investigation of the breach. The result is that FRA did not have access to the information stored on the hacked server, hence they could not prove that it was Russian.

When Mullvad filed a complaint about the illegal seizure of their server, the FRA was then forced to pay the company a 20,000 fine for breaking the law (no pun intended). This, in turn, triggered the current controversy: Mullvad, being a Swedish-based company, is in the process of fighting extradition to the US for the reason that "their servers are completely unrelated to the DNC breach". They argue that this is because of all the privacy rights of their users, which makes it impossible to do an investigation in Sweden as the servers were seized illegally.

Is there any proof of what happened? The story is complicated. The FRA started the investigation of the DNC breach using an old version of the server software, which caused some major security holes. When the FRA finally got access to the hacked server, they found out that the server itself was owned by Mullvad. For this reason, the FRA can't prove that the Russians were behind the hack.

However, Mullvad only took custody of the servers after the Russian had already left the country, making it unlikely that the servers contain information that could help the FRAt that time, the server was locked down, preventing FRA from getting into it. Mullvad's claim is that the servers contain information which will provide evidence of the DNC hack.

Mullvad also provided more information of what exactly they have, such as the list of visitors' IP addresses. Their argument is that those visiting their servers could provide information about who visited them during the time of the hack.