Mullvad is a Swedish VPN provider founded in 2009 and operated by Amagicom AB in Gothenburg. Accounts have no email, no username, no password. Each account is a randomly generated 16-digit number you write down. Payment accepted in cash by post, Monero, Bitcoin, bank transfer, or card. Five euros per month, flat. No tiers, no discounts, no upsells.
What it means in practice
In April 2023, Swedish police executed a search warrant at Mullvad’s offices looking for customer data on a specific user. They left empty-handed because the data did not exist. That is the threat model Mullvad was built for: the customer pays for an architecture that cannot be coerced into surrendering what it never collected. The annual independent audits (Cure53, Assured) verify the no-logs claim against the actual code, not against the marketing page. Mullvad has no affiliate program, runs no influencer campaigns, and has been Predaxia’s editorial recommendation since launch with zero financial relationship.
Who uses it, and against whom
Heavily used by journalists working in the EU under press-freedom protections, by activists in jurisdictions where VPN ownership is legal but trackable, and by privacy-conscious technical users who understand the difference between a no-logs claim and a no-logs architecture. The adversary set ranges from local ISPs running deep-packet inspection, to advertising networks doing IP-to-identity matching, to nation-state services attempting traffic-correlation attacks against high-value targets (Mullvad documents the latter as out of scope and recommends Tor or multi-hop configurations for that threat tier).
What you can change today
Sign up at mullvad.net, write the 16-digit number on paper, pay one month in cash by post or one year in Monero. Install the desktop and mobile apps. Enable the kill switch, DNS leak protection, and quantum-resistant tunnels in settings. For the first month, run Mullvad on every device including the work laptop in mobile-data mode to surface every app that breaks under VPN. Most users discover two or three corporate apps that need split-tunnel exclusions, and that audit alone is worth the five euros.
