They're a model company for data-minimization. No account names, no passwords, can pay by cash in an envelope, RAM-only infrastructure, thorough and frequent 3rd-party auditing, etc.
They provide back, fund privacy initiatives, have a history of being unable to provide user data when requested by governments, all of their stuff is well documented. You'd be hard-pressed to find anyone privacy & security conscious speak poorly about them.
They were deceptive about why they removed static IPs and port forwarding. Such deceptions speak to character, and a VPN company isn't private -- it's trust transference. So character matters.
There are 6 other providers that do offer static IP, and one of those uses AWS nitro to ensure that mappings aren't available to LEO. So this wasn't a technical limitation.
>They were deceptive about why they removed static IPs and port forwarding.
What were they deceptive about? Their announcement is straight forward.
"Regrettably individuals have frequently used this feature to host undesirable content and malicious services from ports that are forwarded from our VPN servers. This has led to law enforcement contacting us, our IPs getting blacklisted, and hosting providers cancelling us.
The result is that it affects the majority of our users negatively, because they cannot use our service without having services being blocked."
There's also Glasklar Teknik AB and Karlstad Internet Privacy Lab AB.
Glasklar does:
- Sigsum, a transparency log design
- System Transparency, a security architecture for transparent systems
- Hosts and maintains the Debian Snapshot service, an archive of the past decade of released Debian packages
KIPL does traffic analysis defense against AI-based classifiers, which Mullvad recently integrated into the VPN app.
https://www.glasklarteknik.se
https://www.sigsum.org
https://www.system-transparency.org