The popular VPN service Mullvad said it received a data search warrant from the Swedish Police. However, the company demonstrated its no-logs policy and could not hand over any details to law enforcement.
Mullvad VPN Disclosed Receiving Data Search Warrant
According to a recent post from Mullvad, the VPN provider recently received a search warrant for a customer’s data.
Specifically, they received the warrant on April 18, 2023, from the National Operations Department (NOA) of the Swedish Police when 6 police officers visited the VPN provider’s facility. The officers intended to search the premises – specifically, the computers – for the wanted customer’s data. They even planned to seize the respective computers carrying the desired data.
However, as Mullvad claims in its privacy policy, the firm logs no user data. (Mullvad does not save users’ account names, even for account maintenance purposes. Instead, it generates random identifiers that do not link back to the user’s real information.)
So, in compliance with this policy (and practice), Mullvad tried to convince the officers. As stated in their post,
We argued they had no reason to expect to find what they were looking for and any seizures would therefore be illegal under Swedish law.
The service even demonstrated the sheer existence of zero logs. As a result, the officers didn’t seize any systems. However, even if they did, Mullvad states they could retrieve no customer information.
The firm confirms this as the first incident of receiving data search warrants during the 14 years of Mullvad.
Why Is This Disclosure Important?
For no-logs VPNs, the biggest test of their genuineness is when they are asked (by law) to hand over users’ data, and they fail. (Perhaps the only failure that adds to the credibility of a VPN service.) That’s because any business can only deny handing over something to law enforcement if they literally don’t possess it at all.
Users opt for tools like VPNs to protect their online privacy. They trust the service providers with their data only to avoid intrusive surveillance. So even if a VPN shares a suspected criminal’s data with someone, it still proves that the service does log its customers’ information. Consequently, every customer of the VPN feels their privacy is at stake. And the entire effort of using such tools goes in vain.
With this search warrant, Mullvad has demonstrated the validity of its no-logs policy. And it isn’t the first such entity since Private Internet Access (PIA) also demonstrated the same in the past.
Nonetheless, PureVPN is one such example where its actions contradicted its claims. Despite claiming to log no data, the service handed over a target user’s identifiers to the FBI in 2017. While they intended to help the LEA, this act received backlash from the cybersecurity community. Eventually, PureVPN improved its policies and went through independent audits to validate its no-logs claim.