Mullvad vs Proton VPN: The Ultimate Privacy-First Technical Breakdown

Mullvad vs Proton VPN TL;DR: Mullvad wins for pure privacy. It requires no email, creates no account identity, accepts cash payment, runs RAM-only servers with nothing to seize, and its no-logs policy was proven in an actual 2023 Swedish police raid that produced zero user data. Proton VPN wins for ecosystem breadth, streaming access, and global server coverage. Proton requires an email-linked account and operates under Swiss jurisdiction – strong protections, but with a legal surface area that Mullvad structurally avoids by holding no identity data at all.

There are two types of VPN users. The first kind wants to unblock Netflix, get a cheaper flight, and maybe stop their ISP from seeing their torrent traffic. For them, a VPN is basically a tool for minor inconvenience reduction, something they grabbed after a YouTube ad promise of “military-grade encryption.”

The second kind actually thinks about what a VPN means at a technical and legal level. They want to know who holds their data. They want to understand what happens when a court order arrives. They’ve thought about what “no-logs” means in practice versus in marketing copy, and they know the difference between a company that claims to protect your privacy and one whose architecture makes privacy violations structurally impossible.

If you’re the first kind of user, stop reading. NordVPN has a referral coupon waiting for you somewhere, probably attached to a YouTube sponsor segment.

If you’re the second kind, sit down. We’re going deep.

This is a comparison of Mullvad VPN and Proton VPN – the two most serious, most credible privacy-focused VPNs on the market right now. Not the most popular. Not the most heavily marketed. The most serious about what privacy actually means technically and legally. I’ll cover the architecture, the audits, the jurisdiction realities, the code, the controversies, the payment models, the speed data, and the cases where each one wins. No hedging. No affiliate fencing. No “both are great, it depends on your needs” non-conclusions.

The short version: Mullvad wins for pure privacy. Proton wins for ecosystem utility and server breadth. But the gap between them on the things that actually matter for someone under real threat is larger than most people in this space are willing to say out loud.

Let’s get into it.

Company Philosophy and Business Model: The Foundation of Everything

Start here, because every meaningful technical difference between these two products flows from a business decision that was made before a single line of code was written.

Mullvad’s entire business model can be summarized in one sentence: sell a VPN tunnel for €5 a month, no strings attached. The company was founded in Sweden in 2009, and its pricing hasn’t changed since launch. Not a sale, not a promotional rate, not a teaser – €5 is simply what the product costs. The name itself – “Mullvad” is Swedish for “mole” communicates the philosophy before you even open the app. Stay underground. Stay out of sight. Don’t attract attention.

The company doesn’t run promotions. It doesn’t participate in the standard affiliate marketing ecosystem that drives most VPN review coverage (where reviewers get paid more to recommend higher-priced plans, creating systematic bias toward recommending expensive options). It doesn’t offer multi-year subscriptions. That last point deserves a separate paragraph.

When a VPN locks you into a 3-year contract at a 75% discount, they’ve created a financial stake in your continued existence as a customer. Your renewal, your upgrade path, your lifetime value becomes a data point in their business. The longer the contract, the more incentive they have to build even a minimal profile of you as a user because you’re a relationship, not a transaction. Mullvad’s explicit refusal to offer multi-year plans is a privacy decision disguised as a pricing policy. You pay monthly. They have no relationship with you beyond the current billing period.

Proton’s model is fundamentally different, and it’s important to understand why, not because it’s dishonest, but because the business structure creates privacy constraints that are architectural in nature.

Proton AG, based in Geneva, is building a suite of privacy-respecting alternatives to the dominant tech ecosystem: ProtonMail, Proton Calendar, Proton Drive, Proton Pass (a password manager), and Proton VPN, all living under a unified Proton account. This is a genuinely useful product vision. Privacy-conscious users who want an alternative to Google Workspace can get email, cloud storage, calendaring, password management, and VPN under a single subscription, operated by a company with legitimate privacy credentials and audited practices.

But here’s the architectural tension that matters: to use any Proton service, you need a Proton account. That account requires an email address. You can use a throwaway address, and Proton has thought carefully about minimizing what they collect from that account. But the account exists. It’s in Proton’s systems. It has a creation timestamp. It has an email address tied to it. If you use ProtonMail as your email, then your email account and your VPN account are the same identity in Proton’s system.

This isn’t a criticism of Proton’s ethics. It’s a structural observation about what the ecosystem model implies. Mullvad, by contrast, has built a system where there is no account to exist in the first place – just a 16-digit number with a credit balance.

Neither model is wrong. They serve genuinely different users with genuinely different needs. But if your threat model includes “I need to be unidentifiable to my VPN provider itself,” you’re already further down the Mullvad road before you’ve compared a single technical feature.

Account Anonymity: The Most Important Difference Nobody Talks About Enough

This section is the most important one in the article. If you read nothing else, read this.

When you sign up for Mullvad VPN, here is the complete signup process: you go to mullvad.net, click “Generate account number,” and the website returns a 16-digit number. That is the entire process. There is no email field. No name field. No username. No password. The 16-digit account number is your account. Write it down somewhere safe, because Mullvad cannot recover it for you as they don’t know who you are.

If you then pay for that account using Monero or physical cash sent in an envelope, the following statement becomes literally true: Mullvad has no information linking that account to any human being on earth. The account number exists in their database alongside a credit balance. That’s it. No email. No payment history traceable to a person. No IP address tied to account creation. No device fingerprint. Nothing. The account is an anonymous ledger entry.

This matters in a specific and precise way. When a court order arrives demanding information about a user, the standard question is: “Who owns this account?” If Mullvad cannot answer that question – not because they’re uncooperative, but because the information literally does not exist in their system, then the court order produces nothing. You cannot compel someone to produce data that was never collected. This isn’t legal maneuvering. It’s the mathematical reality of a system designed to have nothing to hand over.

Proton VPN’s account creation works differently. You create a Proton account with an email address, then that account gains access to Proton VPN. You can use a throwaway email or even a ProtonMail address created without personal information which reduces the identifying information involved. Proton has also designed their systems to minimize metadata collection, and their privacy policy is stronger than most of the industry. But an account exists. It has an email tied to it. That email has a creation IP (possibly masked through Tor, if you’re careful). When Swiss authorities issue a legally binding data request about a specific account, Proton can at minimum confirm the account exists and provide whatever minimal account metadata they hold.

To their credit, Proton’s no-logs policy for VPN traffic has been independently audited five times as of 2026. They don’t log what you do over the tunnel. That’s verified. The distinction is between traffic logs (which Proton doesn’t keep) and account identity (which Proton necessarily maintains as part of the ecosystem model).

A journalist in a hostile country, an activist targeted by their government, or a whistleblower who can’t afford a single identifiable thread, for these users, the difference between “no traffic logs” and “no account identity whatsoever” is not a marginal technical footnote. It’s the difference between being safe and being exposed.

Server Infrastructure: RAM-Only vs Full-Disk Encryption – What It Means When Someone Shows Up With a Warrant

Let’s talk about what happens when law enforcement, or a well-resourced adversary, physically walks into a data center and tries to pull data from a VPN provider’s servers.

Both Mullvad and Proton own their own physical server hardware. They don’t spin up cloud instances on AWS, Azure, or DigitalOcean. This is already a meaningful distinction from most VPN providers. When you rent a server from a cloud provider, you’re running your VPN infrastructure inside someone else’s data center on someone else’s hardware under someone else’s terms of service. Ownership of the physical hardware is a prerequisite for serious security claims.

But where they diverge is in the memory architecture of those servers and this is where the threat models really separate.

Mullvad runs RAM-only (diskless) servers. Every VPN server in Mullvad’s network runs its operating system and all associated data entirely in volatile memory. There is no hard drive. There is no SSD. There is no persistent storage of any kind. When the server loses power, whether through scheduled maintenance, a power outage, a court-ordered shutdown, or a physical seizure, every piece of data on that machine evaporates. Permanently. Irreversibly. RAM is volatile by design; cut the power and it clears. There is no forensic recovery from cleared RAM.

This architecture was audited twice: once by Radically Open Security in June 2023 (confirming the RAM-only design is correctly implemented across their server fleet) and again by Cure53 in June 2024 (infrastructure security audit that found no critical issues and confirmed the diskless approach). The audit reports are public.

What this means practically: if a court orders Mullvad to hand over server contents, or law enforcement physically seizes a server, they get a blank machine. The data that existed while the server was running – routing tables, active connections, whatever – is gone the moment power is cut. There’s nothing to image, nothing to analyze, nothing to decrypt.

Proton VPN uses bare-metal servers with full-disk encryption. These are physical servers Proton owns and operates, not rented cloud instances. The disks are encrypted using strong encryption. When a server is powered off, the encrypted disk is effectively unreadable without the key.

Proton’s argument for this approach: full-disk encryption on owned hardware is more reliable and operationally stable than RAM-only servers. RAM-only servers require careful engineering. Every reboot means re-fetching the operating system, configuration, and any needed state from a secure source. Proton argues their full-disk encryption model is equally protective against data extraction while being less operationally complex.

The counterargument: full-disk encryption protects data at rest when the server is off. A running server has its disks decrypted – that’s the point, it needs to be able to read and write data. If a server is seized while running, or if authorities have access to the machine while it’s operational, the disk encryption doesn’t help. RAM-only architecture eliminates this vulnerability because there’s no disk to seize, running or not.

This isn’t a theoretical concern. Law enforcement in multiple jurisdictions has seized running servers from various services over the years. The “running server” attack vector is real. RAM-only architecture defeats it entirely. Full-disk encryption with a running server does not.

Proton counters that their no-logs policy means there’s nothing worth seizing even on a running server and their audits confirm this for VPN traffic logs. Both arguments have merit. But the RAM-only design gives Mullvad an additional layer of protection that exists independently of policy: even if Proton wanted to hand over data from a running server, Mullvad structurally cannot, because the data doesn’t persist anywhere it could be extracted.

On server counts:

Proton’s network has grown dramatically from roughly 5,000 servers in early 2024 to 17,000+ servers across 127 countries by late 2026. Mullvad operates approximately 700–750 servers in 50+ countries, concentrated in Europe and North America, with WireGuard connections capable of reaching 10 Gbps on owned hardware.

The server count difference matters primarily for two use cases: streaming geo-unblocking (where you need country-specific servers) and covering obscure geographies. For most privacy-focused use cases in Western Europe and North America, Mullvad’s server count is more than adequate, and their speed numbers suggest the smaller fleet is well-maintained.

Protocols: WireGuard, the GotaTun Revolution, and Why Mullvad Killed OpenVPN

WireGuard is the right choice for a primary VPN protocol in 2026, and both Mullvad and Proton use it. That’s not the interesting part of the protocol story. The interesting part is what Mullvad did on top of WireGuard in late 2025.

WireGuard’s advantages over OpenVPN and IKEv2 are well-established at this point. The codebase has roughly 4,000 lines of code, OpenVPN has 70,000+. Less code means a smaller attack surface. The auditing burden is tractable: a security researcher can actually read and understand the entire WireGuard codebase in a reasonable amount of time, something that’s simply not true of OpenVPN. WireGuard’s cryptographic primitives are modern and well-chosen: ChaCha20-Poly1305 for authenticated symmetric encryption, Curve25519 for elliptic-curve Diffie-Hellman key exchange, BLAKE2 for hashing, and SipHash for hash table keying. These are not the aging algorithms of OpenVPN’s legacy (though OpenVPN with good configuration is still cryptographically acceptable, the attack surface comparison is the stronger argument).

WireGuard also has a fundamentally better handshake mechanism and achieves connection establishment in a single round trip rather than the multi-stage negotiation required by OpenVPN. In practice, this means faster connection times and more reliable behavior on mobile networks where connections drop and re-establish constantly.

Both companies implemented WireGuard well. The cryptographic core is not where they differentiate.

GotaTun: Mullvad Writes Its Own WireGuard

In December 2025, Mullvad announced GotaTun – their own custom implementation of the WireGuard protocol, written in Rust and forked from Cloudflare’s BoringTun project. This is a significant engineering investment that most VPN companies would never attempt. Understanding why they did it requires understanding Mullvad’s tech stack.

Mullvad’s application codebase is primarily written in Rust. The daemon that manages VPN connections, the network configuration logic, the kill switch implementation, the obfuscation layers is all Rust. But until GotaTun, the actual WireGuard implementation they used was wireguard-go, a well-regarded Go-language implementation maintained by the WireGuard project.

The problem: two different languages means a Foreign Function Interface boundary. Every time the Rust daemon needed to interact with the Go-based WireGuard implementation, it crossed that boundary. FFI boundaries in systems programming are notoriously prone to problems – memory management conventions differ between languages, data representation differs, error handling patterns differ. The result: more than 85% of all crash reports from Mullvad’s Android app traced directly to the wireguard-go FFI boundary.

GotaTun eliminates the boundary by implementing WireGuard entirely in Rust, natively integrated with the rest of the codebase. The name is a dual reference: it nods to BoringTun (the Cloudflare library it’s forked from) while also referencing the Götatunneln, a major road tunnel under Gothenburg, Sweden, where Mullvad is headquartered. The naming is characteristically low-key.

The impact was immediate and measurable. After deploying GotaTun on Android in version 2025.10 (released at the end of November 2025), the user-perceived crash rate dropped from 0.40% to 0.01%. Zero crashes attributable to the WireGuard implementation since launch. Users reported faster connection speeds and meaningfully better battery life, the latter because GotaTun uses zero-copy techniques and multi-threaded processing without the overhead of language boundary marshaling.

GotaTun is also open-source under a 3-clause BSD license and available on Mullvad’s GitHub, supporting Linux (x86_64, aarch64, armv7), macOS, Windows, iOS, and Android. Cloudflare’s BoringTun lacked first-class Android support; GotaTun added it.

Critically, GotaTun has native built-in support for two of Mullvad’s most privacy-relevant features: DAITA and Multihop. In wireguard-go, these features were implemented as wrappers around the WireGuard implementation – essentially bolted on. In GotaTun, they’re part of the core. This isn’t just an engineering cleanliness win; it means the integration is tighter, the code paths are simpler, and the attack surface is smaller.

A third-party security audit of GotaTun by Assured Security Consultants ran from January 19 to February 15, 2026. Results published March 6, 2026: two low-severity issues identified and fixed before publication. No major vulnerabilities found. GotaTun’s DAITA integration, the CLI tool, and external dependencies were explicitly noted as outside the audit’s scope meaning a follow-up audit specifically covering those components would be valuable and is presumably coming.

Rollout to desktop and iOS platforms is planned throughout 2026.

The OpenVPN Exit: A Principled Technical Decision

In November 2024, Mullvad announced they would drop OpenVPN support entirely on January 15, 2026. When the announcement was made, fewer than 7% of Mullvad users were still on OpenVPN. The rationale was straightforward: maintaining two protocol stacks (WireGuard and OpenVPN) divides engineering attention and doubles the audit surface. By consolidating entirely on WireGuard, Mullvad can iterate faster, audit a simpler codebase, and focus development resources on WireGuard-specific features like DAITA, Multihop, and GotaTun.

This decision drew some pushback from power users who argued OpenVPN has legitimate use cases in specific network configurations – particularly corporate environments where deep packet inspection blocks WireGuard’s characteristic UDP traffic patterns. Mullvad’s obfuscation tools (ShadowSocks, QUIC obfuscation, Stealth) address this concern for most users.

Proton VPN still maintains OpenVPN alongside WireGuard and their Stealth protocol. For users who operate in environments where WireGuard is blocked and obfuscation isn’t sufficient, Proton’s protocol flexibility is a genuine advantage.

DAITA: The Privacy Feature That No Other Major VPN Offers

Defense Against AI-guided Traffic Analysis (DAITA) is the most technically interesting feature either VPN provider has shipped in the last several years. It addresses a threat vector that most VPN users have never considered, and that most VPN companies have never attempted to solve.

Here is the attack. Your VPN encrypts your traffic. An adversary – an ISP, a government surveillance system, a sophisticated attacker on the same network cannot read what you’re sending. But they can watch the shape of your traffic: when packets arrive, how large they are, how they cluster over time. Different types of internet activity have recognizably different traffic shapes even when encrypted.

A streaming video creates a distinctive pattern: large, regular bursts of data at predictable intervals corresponding to video buffer fills. A web page load creates a different pattern: a flurry of small requests followed by large responses, then silence. A video call creates yet another pattern: bidirectional symmetric traffic at regular intervals. A messaging app creates short bursts of small packets. Over time, these patterns are recognizable by machine learning systems even through VPN encryption.

This isn’t theoretical. Academic researchers have demonstrated that machine learning systems can classify encrypted traffic with meaningful accuracy. Nation-state adversaries with access to major internet exchange points can potentially identify what users are doing even when a VPN is active, by analyzing traffic metadata at scale.

DAITA attacks this at the packet level through two mechanisms.

The first is constant packet sizes. Every packet is padded to a uniform size before transmission. If the standard packet size is 1400 bytes and your packet is 200 bytes, it gets padded with random data to reach 1400 bytes. An observer watching the traffic stream sees an unbroken sequence of identically-sized packets – no size variation to analyze, no application-specific signature.

The second is random background traffic injection. DAITA continuously injects fake packets between you and the VPN server, even when you’re not actively doing anything. An observer cannot distinguish real traffic from injected cover traffic. The timing patterns of your actual activity are buried in a constant stream of dummy traffic.

DAITA v1 launched in May 2024. DAITA v2 arrived in March 2025 with a significant improvement: instead of using static parameters (fixed padding sizes, fixed injection rates), v2 uses randomized, server-defined parameters that change with every new connection. This is important because a static DAITA implementation might itself become recognizable if every DAITA-protected connection has identical characteristics, you’ve just created a new signature. v2’s randomized parameters eliminate that vulnerability.

DAITA v3 is in development. The DAITA feature is currently available on 20+ Mullvad servers, with expansion ongoing. It is optional. Users enable it when they want it partly because DAITA significantly increases bandwidth consumption (you’re sending padded packets and dummy traffic, after all) and has a real impact on battery life on mobile devices.

The tradeoff is genuine but rational. For the vast majority of users in the vast majority of use cases, DAITA is overhead they don’t need. For someone operating under active surveillance by a sophisticated adversary, it’s the difference between being identified and staying protected. Most VPN features are marginal improvements on the margin. DAITA is a qualitatively different type of protection against a real class of attack.

Proton VPN has no equivalent feature. It’s not a criticism – building DAITA required significant research and engineering investment. But the gap is real, and it matters for high-risk users.

Jurisdiction: Sweden vs Switzerland – The Real Analysis, Not the Marketing Version

Every VPN company that operates in a “privacy-friendly” jurisdiction talks about it extensively in their marketing. Most of the marketing analysis is shallow. Let’s go deeper.

Sweden’s Situation

Sweden is a member of the 14 Eyes intelligence-sharing alliance – the extended signals intelligence partnership that includes the US (NSA), UK (GCHQ), Canada (CSIS/CSE), Australia (ASD), New Zealand (GCSB), and eight additional countries including Germany, France, and Sweden itself (FRA). In principle, this means that a Swedish company could receive data requests facilitated by allied intelligence services, you don’t necessarily need Swedish law enforcement to initiate; allied agencies can potentially route requests through Swedish channels.

This sounds alarming until you apply it to Mullvad’s actual architecture. The 14 Eyes concern is: “What if allied intelligence requests Swedish authorities to compel data from Mullvad?” The answer in Mullvad’s case remains the same as for any other request: there is no data. No account identities. No traffic logs. No connection metadata. No payment records tied to individuals. The 14 Eyes multiplies the number of potential requestors. It doesn’t change the fact that a request for data that doesn’t exist produces nothing.

Sweden also has the FRA (Försvarets radioanstalt), its signals intelligence agency, with known bulk surveillance capabilities on international traffic. FRA warrants some concern for anyone whose traffic transits Swedish infrastructure. However, Mullvad’s WireGuard tunnels encrypt traffic in a way that FRA traffic analysis would see only encrypted payloads, not content and DAITA would address even the metadata analysis concern.

The 2023 police raid is the empirical proof: Sweden’s own law enforcement, acting with a valid search warrant, found nothing.

Switzerland’s Situation

Switzerland is not in the EU. It’s not in the Five Eyes or 14 Eyes. Swiss privacy law (including the revised Federal Act on Data Protection, revFADP, updated in 2023) is genuinely strong. Swiss courts have a higher threshold for compelling data disclosure than most EU jurisdictions, and Switzerland does not participate in the EU’s law enforcement data-sharing frameworks by default.

This is meaningfully better jurisdiction than Sweden from a legal standpoint. Swiss law provides stronger statutory protections and a higher bar for compulsion.

But – and this is the point that the ProtonMail incident made vivid – Swiss courts can and do issue legally binding orders to Swiss companies to produce user data in criminal investigations. The Swiss legal system’s quality doesn’t create a legal immunity. It creates a higher bar, not an impenetrable wall. When Swiss courts issued a legally binding order to ProtonMail in 2021, ProtonMail complied because the alternative was criminal liability for the company. Andy Yen made this explicit: “Proton must comply with Swiss law. As soon as a crime is committed, privacy protections can be suspended.”

The legal analysis therefore has two independent variables: the quality of the jurisdiction’s privacy protections, and the amount of data that exists to be compelled. Switzerland wins on the first variable. Mullvad wins decisively on the second. A company that holds identifying account information in a good jurisdiction is less exposed than a company that holds identifying account information in a bad jurisdiction but more exposed than a company that holds no identifying account information at all, regardless of jurisdiction.

For most users, Switzerland’s legal advantages are meaningful and the Proton VPN model is genuinely well-protected. For users who need maximum protection and can’t afford any single point of legal vulnerability, Mullvad’s “no data” architecture matters more than Proton’s “better jurisdiction.”

The Audit Record: Who Has Actually Verified These Claims?

The VPN industry has a marketing problem: “no-logs policy” is easy to claim and difficult to verify. The companies that take auditing seriously get an independent security firm to examine their systems, check server configurations, review application code, and produce a public report. The ones that don’t just write a privacy policy and hope no one looks closely.

Both Mullvad and Proton take auditing seriously. The differences are in breadth, depth, and how they’ve responded when auditors actually found things.

Mullvad’s Audit History

Mullvad’s relationship with Cure53, the German cybersecurity firm, goes back to 2018. They’ve now completed four infrastructure audits with Cure53: 2018, 2020, 2022, and June 2024. The June 2024 audit specifically examined the VPN server setup, backend systems, and network configuration. Findings across all four audits: no critical issues. The few medium/low-severity findings that appeared were remediated in subsequent deployments.

Beyond Cure53:

In June 2023, Radically Open Security conducted a purpose-built audit of Mullvad’s RAM-only server architecture and not a general security assessment, but a specific investigation into whether the diskless server design actually works as claimed. It does.

In March 2025, Mullvad completed a MASA (Mobile Application Security Assessment) for the Android app, a Google-required assessment for VPN apps distributed through the Play Store. Passed.

In August 2025, Assured Security Consultants completed a comprehensive penetration test of Mullvad’s web application. Result: zero critical, high, or medium-severity findings. One low-severity issue was fixed before the report was published.

In October 2025, Mullvad’s apps underwent penetration testing and source code review, concluding that the apps “have a high security level.” The auditors specifically praised the Content Security Policy implementation, HSTS configuration, and security header setup on the web application.

In January 2026, X41 D-Sec (a respected German security firm) audited Mullvad’s account and payment infrastructure – the APIs handling account creation, authentication, device management, WireGuard key distribution, and voucher redemption. This is an unusually comprehensive scope; most VPN audits focus on the client apps or server configuration and ignore the account management backend. Mullvad audited specifically the pieces of their system that touch the relationship between payment and account identity.

In January–February 2026, GotaTun received its dedicated audit from Assured Security Consultants, published March 2026. Two low-severity findings. Both fixed before publication. No major vulnerabilities.

That’s eight distinct audit engagements across multiple independent firms covering infrastructure, application code, server architecture, RAM-only design, web application, account/payment backend, and the custom WireGuard implementation. No other VPN provider has an audit record with this breadth.

Proton VPN’s Audit History

Proton runs annual no-logs audits. The 2022, 2023, 2024, and 2025 audits were all conducted by Securitum, the Polish cybersecurity firm. Each audit confirmed: Proton VPN does not log user activity, does not store metadata logs, and does not engage in practices that would compromise user privacy. The 2025 audit reviewed production server configurations, change controls, and operational procedures.

Separately, between 2024 and 2025, Reversemode conducted a comprehensive security audit of Proton VPN’s apps and core infrastructure, published January 2025. No critical issues found.

Proton’s audit record is genuine and commendable. Annual cadence is better than most providers. One legitimate limitation noted in the 2025 Securitum report: the CI/CD pipeline (the software development and deployment pipeline), full source code review, and ancillary systems were explicitly excluded from scope. This means vulnerabilities in the development pipeline or peripheral services theoretically wouldn’t be caught by these audits.

Comparative assessment: both companies have strong, credible audit records. Mullvad’s record is broader in scope covering more distinct systems, more auditing firms, and specific architecture components (like the RAM-only design and the GotaTun implementation) that Proton’s audits don’t touch. The depth of Proton’s no-logs audits is strong and consistent. Neither company is hiding from scrutiny.

The 2023 Swedish Police Raid: The Most Important Event in Recent VPN History

On April 18, 2023, six officers from Sweden’s National Operations Department (NOD) arrived at Mullvad’s Gothenburg offices carrying a court-issued search warrant. Their stated objective: seize computers containing customer data.

Mullvad’s lawyers explained to the officers how the system is designed. No customer data existed. The company has no email addresses, no connection logs, no payment records tied to account numbers, no IP addresses tied to accounts. There was nothing to seize because nothing had ever been collected.

Mullvad CEO Jan Jonsson described the officers as arriving “with the intention to seize computers with customer data” and noted that when they were shown how the account system works, they left empty-handed. The company went on record: “In line with our policies, such customer data did not exist. We argued they had no reason to expect to find what they were looking for and any seizures would therefore be illegal under Swedish law.”

The officers left with nothing.

This is the most significant event in VPN trust verification in recent years, and it deserves more weight than it typically receives. Every VPN company makes claims about their no-logs policy. Most of those claims are tested only in the sanitized environment of a friendly audit where the company controls access and the auditor checks what they’re shown. Very few have been tested adversarially by law enforcement arriving with warrants specifically seeking user data.

The Swedish police raid was not a marketing exercise. Six law enforcement officers from a national operations department do not show up at a company’s office as part of a publicity stunt. They arrived with a legally valid search warrant and the genuine intention of seizing data. They found nothing because there was nothing to find.

Mullvad’s response to the event was characteristically low-key. Jonsson noted it was the first time in the company’s then-14-year history that police had arrived with a warrant. He described it as “peculiar” and said the company didn’t know exactly what the officers were looking for. There was no triumphant press release, no “we stood up to the government!” marketing copy. Just a factual statement of what happened.

This is the highest possible validation of a VPN’s privacy claims: an adversarial test under real legal pressure, observed by multiple parties, producing exactly the result that the company’s architecture predicts. No data to seize. No user compromised.

Proton VPN has not faced an equivalent test for its VPN service. Their no-logs audits are credible, but an audit is a cooperative process. The Swedish police raid was not.

The ProtonMail IP Logging Incident: A Careful Analysis

This is the most discussed controversy in Proton’s history, and it’s surrounded by confusion about what actually happened, what it means for Proton VPN specifically, and what it implies about the Proton ecosystem model.

In September 2021, a French climate activist group that had been occupying commercial properties near Place Sainte-Marthe in Paris was using ProtonMail addresses for internal communications. French law enforcement wanted to identify the individuals behind those accounts. ProtonMail is based in Switzerland and doesn’t cooperate directly with French authorities. Doing so would violate Swiss law (specifically Article 271 of the Swiss Criminal Code, which prohibits acting on behalf of foreign states without authorization).

So French police went through Europol to reach Swiss authorities, who then issued a legally binding order directly to ProtonMail under Swiss law. ProtonMail was given no choice: comply with the Swiss court order, or face criminal liability. They complied. They began logging the IP address of the targeted account. That IP address was handed to French authorities. A climate activist was arrested in France.

ProtonMail CEO Andy Yen was direct about the legal reality: “Proton must comply with Swiss law. As soon as a crime is committed, privacy protections can be suspended and we’re required by Swiss law to answer requests from Swiss authorities.”

The incident revealed two things. First, it exposed a gap in ProtonMail’s own marketing. The service had presented itself as fundamentally unable to produce IP logs, when in fact Swiss courts could compel them to start collecting IP logs on specific accounts. ProtonMail updated its privacy policy and documentation to be more explicit about this. Second, it demonstrated that Europol can serve as an effective bridge between EU law enforcement and Swiss companies, routing requests through Swiss courts rather than directly from French police.

What this means specifically for Proton VPN:

Yen and Proton have been consistent that VPN services in Switzerland operate under different statutory frameworks than email services. Swiss law does not require VPNs to log connection data the way it can require email services to act on targeted surveillance orders. Proton VPN’s no-logs policy has been independently audited annually and the 2025 Securitum audit confirmed that no user activity data is logged at the VPN layer.

There are also 29 legal requests documented in Proton’s transparency report through June 2025, all of which were denied because there was no data to produce. The pattern is consistent with their no-logs claims for VPN traffic.

The critical observation is structural rather than specific to VPN traffic: Proton’s account system means there is an account identity that Swiss courts could potentially compel Proton to act on. For the VPN service specifically, the no-logs architecture means there’s less to act on. There’s no traffic log to produce even if compelled. But the account identity itself (email, creation date, any payment metadata) is data that exists in Proton’s system under Swiss legal jurisdiction.

Mullvad’s structural response to the same scenario would be: there is no account identity. There is nothing for a court to compel. The account number exists. That’s it. If Swiss courts issued an order to Mullvad about account number 1234567890123456 (hypothetically), Mullvad could truthfully respond: “We know this account exists and has €X credit. That is the complete extent of our knowledge.” No email. No IP. No payment identity. No activity.

The ProtonMail incident is not a reason to dismiss Proton VPN’s privacy. It is a reason to understand that Proton’s model has a legal surface area that Mullvad’s doesn’t and to calibrate your threat model accordingly.

Encryption Architecture, Multihop, and Traffic Obfuscation: The Technical Weeds

Core Cryptography

Both Mullvad and Proton VPN use WireGuard’s cryptographic stack for their primary tunnels:

ChaCha20-Poly1305 is the authenticated encryption algorithm. This is the cipher that encrypts your traffic and authenticates it simultaneously, preventing both eavesdropping and tampering. ChaCha20 is a stream cipher designed by Daniel Bernstein; combined with the Poly1305 MAC, the combined AEAD construction is considered one of the most secure symmetric encryption options available.

Curve25519 handles the key exchange using elliptic-curve Diffie-Hellman. This allows the client and server to agree on a shared secret over an insecure channel without transmitting that secret. Curve25519 is Bernstein’s design and is generally considered more resistant to implementation errors than older NIST curves.

BLAKE2 handles hashing where needed, and SipHash is used for internal hash table operations.

Perfect Forward Secrecy is implemented through ephemeral session keys. New keys are generated for each session and discarded afterward. Compromising a session key (if that were possible) would not allow decryption of past or future sessions.

These choices are equivalent between Mullvad and Proton for the WireGuard tunnel. The differentiation is in what’s built on top.

Post-Quantum Encryption

Both providers have moved on post-quantum cryptography. Mullvad enabled quantum-resistant WireGuard tunnels by default across platforms in 2025, using a post-quantum Key Encapsulation Mechanism (KEM) layered over the standard WireGuard handshake. Proton VPN has similar protections.

The relevance: “harvest now, decrypt later” is a real concern for intelligence agencies. If a well-resourced adversary is recording your encrypted VPN traffic today, betting that a future quantum computer will be able to break the classical Curve25519 key exchange, your historic traffic could theoretically be decrypted years from now. Post-quantum cryptography addresses this by using key exchange algorithms that are believed to be resistant to quantum computation. Both providers are ahead of most of the VPN industry on this.

Multihop / Double VPN

Both providers support routing your traffic through two VPN servers in sequence – you exit the first server encrypted to the second, and only the second server sees the plaintext of your exit traffic. The privacy value is protection against adversaries who control one endpoint: an observer at the first server sees your IP but not your destination; an observer at the exit server sees your destination but not your real IP; neither alone can correlate both ends.

Proton VPN’s implementation of this is called Secure Core. The “secure core” servers are Proton-owned machines in high-privacy jurisdictions: Switzerland, Iceland, and Sweden. When you use Secure Core, your traffic always enters through one of these controlled, owned, audited servers before exiting through the final country. This is a well-designed default even if the exit server in some country is compromised, the adversary can only see traffic coming from a Proton Secure Core server, not your real IP.

Mullvad’s Multihop is more flexible: you select any entry server and any exit server from their network. For technically sophisticated users who want to combine, say, a Mullvad server in one jurisdiction with a Mullvad server in another, this flexibility is useful. For users who want a preset, trusted configuration without thinking through the implications, Proton’s Secure Core defaults are better designed.

Obfuscation Protocols

Traffic obfuscation disguises VPN traffic to look like something else, typically HTTPS, to bypass deep packet inspection systems that block VPN connections. This is primarily relevant in countries like China, Iran, Russia, and corporate networks with aggressive filtering.

Mullvad offers:

• ShadowSocks for WireGuard: Wraps WireGuard in an obfuscation layer that disguises it as regular traffic. Effective in many censored environments.
• QUIC obfuscation (mobile): Uses QUIC (HTTP/3’s underlying protocol) as an obfuscation carrier on mobile platforms.
• Lightweight WireGuard Obfuscation: A custom obfuscation protocol for desktop and Android.
• Encrypted DNS Proxy: Used for the app’s backend API connections, preventing network-level blocking of the Mullvad API itself.

Proton VPN’s primary obfuscation is the Stealth protocol: WireGuard wrapped in TLS 1.3, making it look like standard HTTPS traffic. TLS is the most common encrypted traffic on the internet, meaning Stealth traffic is essentially indistinguishable from any web browser connection. In 2025, Proton made Stealth available on iOS in addition to Android, expanding its reach.

Stealth has a practical edge in the most hostile censored environments – specifically China, where deep packet inspection is sophisticated enough to detect many obfuscation methods. TLS mimicry at a high quality level is harder to detect than some other techniques. Proton’s documented anti-censorship work (providing free servers in 64 countries during elections and political crises in 2024) and the consistent positive reports from their 2024 censorship observatory give Stealth a real-world track record.

Both implementations are effective for most blocked-network scenarios. For China specifically and similarly sophisticated censorship environments, Proton’s Stealth has more documented real-world evidence behind it.

Payment Anonymity: The Vulnerability Most VPN Reviews Never Mention

Here is the payment anonymity problem that almost no VPN review discusses properly.

Your VPN provider might have a perfect no-logs policy. Their servers might be RAM-only. Their audits might be immaculate. But if you paid for the VPN with your credit card, and your credit card statement links your name, address, and billing information to a subscription at “Mullvad VPN” or “Proton Technologies AG,” then anyone with access to that financial record knows you’re a customer of that VPN. They don’t know what you did over the VPN, but they know you use it.

For a threat model that includes “I need to prevent any party from knowing I even use a VPN,” payment anonymity is not optional.

Mullvad’s payment options:

Cash by physical mail is the most extreme option available. You place currency in an envelope – euros, US dollars, Swedish kronor along with your account number, and mail it to Mullvad’s address in Gothenburg. Mullvad credits the account when the cash arrives. The entire transaction is: anonymous account number → envelope of cash → credit added. There is no bank record. No payment processor. No digital trace. Forensically, this transaction cannot be connected to any identity because no identity-linked system was ever involved.

Monero is the next-best option. Monero is the only major cryptocurrency with true transaction-level privacy built into the protocol by default. Bitcoin transactions are pseudonymous but linkable through chain analysis; Monero transactions are unlinkable by cryptographic design (using ring signatures, stealth addresses, and RingCT). Paying with Monero from a fresh wallet, without going through a KYC exchange, provides strong payment anonymity.

Bitcoin is also accepted, with a 10% discount on cryptocurrency payments. Bitcoin is less private than Monero. Chain analysis firms can often link Bitcoin transactions to identities through exchange KYC records or address clustering. For advanced users who understand UTXO management and coin selection, Bitcoin can be used relatively privately, but it requires effort.

Mullvad also accepts credit card and PayPal, but these are the least private options/ They create a payment record tied to your identity.

Proton VPN’s payment options:

Proton accepts credit card, PayPal, and Bitcoin. The Bitcoin acceptance is valuable for users who want payment privacy. However, because Proton requires an account email to create an account, even a Bitcoin payment is tied to the Proton account identity – the payment is private, but it’s linked to an account that has an email address in Proton’s system.

There’s a path to higher anonymity with Proton: create a ProtonMail account through Tor without providing personal information, use that as the signup email for Proton VPN, then pay with Bitcoin from a non-KYC wallet. This requires several careful steps and is not the default experience. Mullvad’s cash-by-mail option requires no such complexity. The anonymity is structural, not dependent on user operational security.

The 10% cryptocurrency discount:

Mullvad offers a 10% discount on the €5/month price when paying with Bitcoin, Monero, or Bitcoin Lightning (making it effectively €4.50/month). This is a small but meaningful incentive that aligns with their privacy objectives – they want users to use anonymous payment methods, and they’re willing to price-discount to encourage it.

Pricing Model and Business Alignment: Who Benefits From What?

Pricing isn’t just about cost. For privacy-focused users, the business model determines what incentives the company has in relation to your data.

Mullvad:

€5/month. One plan. No tiers. No upsell. No promotional pricing. The price has not changed since the service launched in 2009. A 16-year commitment to flat pricing. The 10% cryptocurrency discount exists but is not a promotional mechanism; it’s a permanent feature reflecting the company’s preference for anonymous payments.

What this model implies: Mullvad’s revenue is directly proportional to the number of paying users. They have no data business, no analytics product, no advertising revenue, no enterprise sales team building profiles of users. A user who pays €5/month for five years is worth €300 to Mullvad. That’s it. There is no additional value to be extracted from knowing that user’s browsing habits, which platforms they use, or what their interests are. The financial alignment between the company and the user’s privacy is clean.

Mullvad also explicitly refuses long-term subscription plans – no annual prepay, no multi-year contracts. This is the intentional removal of the most common mechanism by which VPN companies incentivize retention data collection. A company that’s sold you a 3-year plan has reason to worry about your churn and lifetime value. Mullvad has reason only to provide a good VPN service each month.

Proton VPN:

Free tier: Unlimited bandwidth, 10 free server locations, 1 device, no data cap. This is funded by paid subscribers and is a legitimate service – the same no-logs policy applies, audited and confirmed.

Plus (~$4.99–$9.99/month depending on plan and timing): 17,000+ servers, 10 devices, all server types including Secure Core and Tor over VPN.

Unlimited (~$12.99/month): Adds ProtonMail Plus, Proton Drive, Proton Calendar, and Proton Pass to the same subscription.

Proton runs promotional pricing that changes with time. Annual plans offer meaningful discounts over monthly billing. The free tier is monetized through paid-tier upgrades, not data.

The multi-tier model means Proton’s revenue picture is more complex than Mullvad’s. They’re managing a freemium conversion funnel, ecosystem cross-sells, and retention strategies across multiple products. This doesn’t make them dishonest. It makes them a company with a more complex financial relationship with users that has more moving parts. The free tier is a real privacy benefit for users who can’t afford a subscription. The ecosystem integration is genuinely useful for users who want a privacy-respecting alternative to Google’s suite.

But the complexity is worth acknowledging. Mullvad’s financial interests and your privacy interests are perfectly aligned in a simple way. Proton’s financial interests and your privacy interests are aligned in a more complex way that generally works out well but involves more organizational moving parts.

Speed Testing: What the Real Numbers Show

Speed testing VPNs is methodologically tricky. Results depend heavily on the test server locations, the underlying connection speed, the protocol selected, the time of day, and which specific VPN servers you connect to. A good comparison uses consistent methodology across both providers from the same network.

From independent 2026 testing:

Mullvad reduced download speeds by approximately 10.57%, upload speeds by approximately 4.23%, and increased latency by approximately 15.90% compared to baseline. These numbers put Mullvad among the fastest VPNs available, the overhead is minimal.

Proton VPN reduced download speeds by approximately 20.11%, upload speeds by approximately 43.21%, and increased latency by approximately 351.26%.

The latency figure for Proton is striking. A 351% increase in latency is not a marginal overhead – it’s the kind of impact that makes real-time applications noticeably worse. Video calls become choppy. Gaming becomes problematic. Interactive web applications feel sluggish. Mullvad’s 15.90% latency increase is imperceptible in most use cases.

The speed difference likely reflects a combination of factors: Mullvad’s smaller, more deliberately maintained server fleet vs. Proton’s rapidly expanded 17,000-server network (where individual server quality and load management may vary more); the GotaTun optimization showing early results on Android (with desktop/iOS improvements pending); and potentially protocol configuration differences.

GotaTun’s full platform rollout in 2026 should continue improving Mullvad’s performance numbers. Proton’s 2025 app revamp addressed some speed issues. Both are moving targets.

For most use cases like browsing, secure communications, torrenting, file transfers, both VPNs are more than fast enough. The latency gap matters specifically for latency-sensitive applications.

Where Proton VPN Genuinely Wins

An honest comparison acknowledges where the other product actually wins. Proton VPN has real, meaningful advantages that aren’t trivial.

Streaming and geo-unblocking. If you regularly use a VPN to access Netflix US from Europe, BBC iPlayer from the US, or any other geo-restricted streaming service, Proton VPN is the better choice. Mullvad doesn’t optimize for streaming. They don’t maintain dedicated streaming servers, don’t update their IP pools specifically to stay ahead of streaming service blocks, and don’t market this capability. It’s not that they’re incapable of it. Sometimes Mullvad servers work with streaming services. But it’s inconsistent and not supported. Proton actively maintains streaming server pools and has documented success with Netflix, BBC iPlayer, Disney+, and others.

Server coverage and geographic reach. 17,000+ servers in 127 countries vs. 750 in 50 countries. If you’re in Southeast Asia, Sub-Saharan Africa, Latin America, or any geography outside Mullvad’s primary coverage area, Proton simply has more options. For privacy use cases in Mullvad’s coverage area, the smaller network is adequate. For global use or obscure geography requirements, Proton wins clearly.

The free tier with real privacy. This is genuinely unusual in the VPN industry. Most “free” VPNs monetize through data collection, advertising injection, or by selling bandwidth to botnet operators. Proton’s free tier is funded by paid subscribers, uses the same no-logs policy as the paid service, and has been audited. Unlimited bandwidth on a free tier from an audited, legitimate privacy company is a real service.

Anti-censorship documented work. Proton has published extensive documentation of their anti-censorship efforts: providing free servers in 21 countries before and after election days in 2024, deploying Stealth protocol specifically to address sophisticated censorship systems, operating a censorship observatory that tracks internet shutdowns and VPN usage spikes in real time. They’ve demonstrated actual commitment to censorship circumvention beyond just claiming it.

The Proton ecosystem. For users building a privacy-respecting alternative to Google’s suite – email, calendar, cloud storage, password manager, Proton offers an integrated solution that works well and is backed by a credible privacy record. Mullvad is only a VPN. If you want the ecosystem, Proton provides it.

Secure Core implementation. Proton’s Multihop implementation with guaranteed high-privacy entry nodes (Switzerland, Iceland, Sweden, all directly owned) is a better default Multihop configuration than Mullvad’s more flexible but less opinionated approach. For non-technical users who want the security of double-hop routing without having to think through server selection, Secure Core is a cleaner solution.

Mullvad’s Weaknesses: What It Gets Wrong

Privacy maximalism has costs, and Mullvad’s costs are real.

Sweden is in the 14 Eyes. I addressed the architectural counter-argument earlier – no data to compel makes jurisdiction less relevant. But the FRA (Sweden’s signals intelligence agency) does operate bulk surveillance on international traffic crossing Swedish infrastructure. For users with sophisticated threat models who want to avoid both a 14 Eyes jurisdiction and ensure no architecture-level vulnerabilities, this is worth knowing.

No streaming optimization, and they don’t pretend otherwise. Mullvad explicitly does not optimize for streaming unblocking. If streaming access is a significant part of your VPN use case, you’ll be frustrated with Mullvad. Some servers work with some services sometimes. Don’t rely on it.

Smaller server network with geographic gaps. The 50-country coverage is solid for Western Europe and North America. For Southeast Asia, most of Africa, and significant parts of Latin America, options are thin or nonexistent.

The account number problem cuts both ways. The same design that makes Mullvad more anonymous than any other major VPN also means there is no account recovery. If you lose your 16-digit account number, your prepaid account balance is gone. There is no email to reset through, no identity to verify, no support escalation path. This is correct design for privacy purposes but it means the user bears full responsibility for account security. If you store the account number in a password manager that gets compromised, the security depends on that password manager. If you store it in a text file and lose the device, it’s gone.

No free tier. €5/month is not expensive, but Proton gives you a usable free option. For users who need to test a VPN before committing, or who need occasional VPN access without a subscription, Proton’s free tier is valuable. Mullvad has no equivalent.

Customer support is email-only. No live chat. No phone support. No ticketing system with real-time updates. For technical issues, this means waiting for email responses. Proton VPN also doesn’t have live chat, but their support ecosystem around the broader Proton account is more developed.

The aesthetic is very utilitarian. Mullvad’s apps are functional and clean, but they prioritize minimalism over polish in a way that some users find stark. The map view in their desktop app is basic compared to Proton’s more visually developed interface. This is a minor point. The interface works fine but worth knowing if you spend a lot of time looking at the UI.

The Verdict: Matching the VPN to the Threat Model

Both Mullvad and Proton VPN are operating in good faith. The people running these companies genuinely believe in privacy as a value. Neither is a surveillance operation in disguise. The question is which one is better for your specific situation.

Use Mullvad if:

You are a journalist, activist, whistleblower, security researcher, or anyone who could plausibly face legal compulsion. The anonymous account system, cash payment option, RAM-only infrastructure, quantum-resistant encryption, DAITA traffic analysis protection, and the real-world proof of the 2023 police raid make Mullvad the correct tool for users whose privacy matters adversarially, not just theoretically. The Swedish police raid is the defining evidence here: six officers with a valid warrant, leaving with nothing. That is the outcome your privacy protection needs to achieve.

You want the simplest possible attack surface. One product, one price, one protocol, one focus. No ecosystem to accidentally cross-contaminate, no account identity to subpoena, no promotional pricing that changes your long-term relationship with the company.

You want payment anonymity built into the system rather than dependent on careful operational security steps. Cash by mail is available to anyone; using Proton anonymously requires a multi-step process.

Use Proton VPN if:

You want reliable streaming access alongside genuine privacy. Proton’s documented Netflix, BBC iPlayer, and Disney+ support is real. Mullvad doesn’t compete here.

You want global server coverage including Southeast Asia, Africa, and Latin America. Proton’s 17,000+ server network in 127 countries is genuinely broader.

You’re building a privacy-respecting alternatives suite. If you want ProtonMail + Proton Drive + Proton Calendar + a VPN under one account, the integration is well-designed and the privacy record is credible.

You need a free tier. Proton’s free option is legitimate.

You’re in a heavily censored country and Stealth is the best protocol option for your network. Proton’s documented anti-censorship work gives Stealth a real-world evidence base.

Closing Thoughts

Mullvad has built a system that is harder to abuse even if you wanted to abuse it. The anonymous account means there’s no identity to subpoena. The no-email signup means there’s no pivot point for cross-referencing. The RAM-only servers mean there’s no disk image to forensically examine. The cash payment option means there’s no financial record to link a person to a subscription. The 2023 police raid didn’t just prove the no-logs policy. It proved that the architecture produces the right outcome under adversarial conditions.

Proton’s response to the same scenario involves Swiss law, court orders, and whatever account metadata happens to exist in their system. They’d comply with a legally binding Swiss court order because they’re a law-abiding company and the alternative is criminal liability and whatever data they hold would be produced. For VPN traffic specifically, the no-logs policy is audited and genuine. But the account identity exists, and it’s reachable by the right legal mechanism.

That’s the real difference. Mullvad has structurally less to comply with. Not because they’re hostile to law enforcement or reckless, they’re a professional, law-abiding company. But because they built a system where the data simply doesn’t accumulate in the first place.

For people to whom privacy is a convenience feature, both are excellent choices. For people to whom privacy is a necessity – journalists in hostile environments, activists targeted by their governments, whistleblowers, security professionals with specific threat models – the architecture gap between these two products is not a footnote. It’s the whole answer.

FAQ

This post first appeared at - The CyberSec Guru