You can answer the question yourself for any provider using this simple test: Can you legally buy access to it from inside the EU? If yes, they will suffer from the same problem as all other providers.
As I said above, a simple court order can destroy any attempt at privacy. All (serious) VPN providers claim they don't store logs. But that does not mean that a court can't force them to do so. When combined with a gag order you can have someone collecting all your traffic without you even realizing it. And that's just the VPN provider, which usually doesn't own any datacenters. The datacenter providers can also receive the orders to either monitor traffic or even install hardware to do so. If you want any hope of privacy, you steer clear of all big commercial "privacy" providers, because they are very high on every government agency's list. And you just need one component in the entire chain to be compromised.
> All (serious) VPN providers claim they don't store logs. But that does not mean that a court can't force them to do so. When combined with a gag order you can have someone collecting all your traffic without you even realizing it. And that's just the VPN provider, which usually doesn't own any datacenters. The datacenter providers can also receive the orders to either monitor traffic or even install hardware to do so. If
None of this really matters unless you are doing something illegal enough that the government is interested in you and convinced a judge to get warrants.
That isn't 99% of people. 99% of people just want to try and stop being traced and their data being harvested with an easy solution that mostly works for that purpose.
>None of this really matters unless you are doing something illegal enough that the government is interested in you
The issue here is that how "illegal" something is depends heavily on where you live. In some places speaking against the government can get you killed [1]. In others, hosting movies can get your house raided by police helicopters [2].
> The issue here is that how "illegal" something is depends heavily on where you live.
The context of the discussion was the EU.
And the point stands. For 99% of people VPNs offer privacy even against the government, that would need to meet a high burden of proof and require a warrant to break that privacy.
>When combined with a gag order you can have someone collecting all your traffic without you even realizing it.
Are such gag orders common in the EU? I know they are fairly common in the US, but don't know enough about EU laws to know if that's an actual concern there or not.
You're spreading FUD, the Swedish government can't do shit to Mullvad but take their servers offline. Possibly if it was a matter of national security, at which point our recommendations are useless either way.
False. Like all member states, the Swedish government has officialy ceded jurisdiction and enforcement of certain laws to the EU. Only VPN providers who do not comply with such international court orders get shut down. Look at what happened to vpnlab: The police literally write on their seized domain that they have forcefully attained access to everything, because the provider would not give it away freely: https://vpnlab.net/
Consequently, you can assume that all other VPN providers who are still doing business in Europe are freely giving away their data to government agencies.
You presume that a) all governments are bad, b) law is controlled by these governments and c) we only have to hide from governments.
Neither are absolutely true.
I mostly trust my (western european) government to not fuck me over when I am abiding the laws. Which I mightn't always do. I mostly trust them to be proportional: e.g. not beat me up or throw me in prison for smoking a spliff or drinking in public.
A court order is handled by courts. Which, at least in most European countries, is independent. This is shifting in some countries, but that's a rather big deal. "Cut of from EU benefits" big.
Regardless what police or governments want, they have to abide by laws. And courts decisions on allowing access to my internet usage.
While in many countries governments are truly life threatening to minorities, that's not the only privacy concern. I have much more to "fear" from my ISP selling out, my datacenter getting bought by a FAANG or just those FAANGs spying on my every move.
What I'm trying to say is: you are spreading FUD by inventing some absolutisms that are really a spectrum for most common VPN users.
Also: VPNs have always known to be detrimental to your security when browsing "really" secure: through TOR.
Mullvad complies, but they go out of their way to keep very little information. If you don't have the information in the first place, you can't surrender it.
Beware that despite all marketing statements, VPN providers can easily be forced to store logs using court orders, even if they don't do it by default.
That still has value, it's much harder to do drag-net style surveillance if you need court orders to collect new information and can't scoop up old information.
This also happened with providers in Europe. So you can safely assume that any VPN provider who is still doing business in Europe is compromised in some way or another by the government.
"Compromised" is a wrong word to use, unless you consider any obedience to the law "compromise". VPN providers who are still doing business in EU (not Europe) do obey court orders - that would be more correct wording. Any non-compliance is a one-time occurence: either you decide to cease operations or you are forced to cease operations by LEA, as in vpnlab.net example.
If you actually look at the vpnlab example, you'll find that the government got access to all their data, not just for specific cases. So you can assume that all remaining providers have yielded the same level of access.