[johnwayne666]

I’m wondering how this compares to Apple’s iCloud Private Relay.

Mullvad is trying to increase their transparency and make sure users can trust them which is great. But would there be a way for them to make it so that users do not have to trust them? What if the second server was hosted by another entity?

[mikece]

"I'm wondering how this compares to Apple’s iCloud Private Relay."

Simple answer: Apple doesn't get your info. Mullvad is one of the non-logging VPN providers so unless you're compromised in some other way (like logging into Google, Facebook, etc) then running a make on your is far more difficult than just serving a warrant to Apple.

[matthews2]

> Mullvad is one of the non-logging VPN providers

How do you know that they're not logging? Or that their ISPs are not logging?

[clsec]

Here's the latest Mullvad security audit (June 2020).

https://cure53.de/pentest-report_mullvad_2020_v2.pdf

[odensc]

Unless I'm mistaken that's just a security audit of their client applications, which would not in any way prove that they aren't logging.

[clsec]

You are correct. I don't use Mullvad and had assumed this was an audit of their infrastructure, not their app. Thanks for pointing that out.

[6c737133]

I don’t believe there’s any way to completely validate any service providers claims - there’s always a bit of trust required

That said, mullvad facilitates fully anonymous signup and payment, if you’re so inclined… so in that regard even if they’re secretly logging, if your OPSEC is up to par then it’s fairly moot.

Just my 0.02$

[E4YomzYIN5YEBKe]

I believe that with iCloud Private Relay, the second hop is a different company (Cloudflare/Akamai/Fastly). Whereas multihop offered by Mullvad and other VPN companies they own both hops which would make correlation easy for them.

[encryptluks2]

Then the user would just go find a second VPN provider.