[lan321]

> And how much "surveillance" does a VPN prevent anyway?

Changing your acc number every other month and paying anonymously is much easier on Mullvad than on the ISP level. You can also get multiple people on the number very easily. And Mullvad is likely an entity outside of your home country, hence more difficult to coerce than your ISP.

In my eyes ISPs are compromised by default so the aim is to guard against them, if Mullvad is also as compromised it's more difficult for them to track me across account numbers and, even if they do, my data is then in another country, which worries me less than it being local since I'm not important enough to warrant international action.

[ignoramous]

> And Mullvad is likely an entity outside of your home country, hence more difficult to coerce than your ISP

This is not true in the EU or for the signatories of the Lugano Convention (the EU, Switzerland, Iceland, and Norway). Mullvad is very explicit that they'll abide by all EU laws. For instance, see the e-Evidence Regulation specifically written for "network-based services" like "proxy services": https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A...

> Mullvad is also as compromised it's more difficult for them to track me across account numbers

That's your assumption, not an assertion Mullvad makes?

> even if they do, my data is then in another country, which worries me less than it being local

There exists international treaties on intel sharing (including for "cyber") at every level: The UN, The European Council, the EU, the NATO states, and so on.

> I'm not important enough to warrant international action

Your government can demand action of other governments and businesses via various treaties it may have in place. Mullvad, since it says it'll abide by all EU / Swedish laws, is not a hurdle for your local LEA you think it might be.

[lan321]

> is not a hurdle for your local LEA you think it might be

Everything is possible, of course, but in no world is it <= difficult to get information out of an entity outside your borders. A police officer can go to my local ISP's office and ask to see my logs. If he gets lucky, he gets them, otherwise his escalation path is smaller. If he wants to do that to Mullvad he has to start some process that goes through multiple people and takes a lot more time. Additionally, by the time he reaches Mullvad he probably has my ISP logs.

> That's your assumption, not an assertion Mullvad makes?

IDK what they have to say about it, but the ISP has a hardware line to my home, my name on a contract and recurring card payments. Mullvad has some money with no clear source and an ID with 3-4 people on it that jump ID every other month. I can't change my ISP every other month so one has a single big ass log for my home in a folder with my name on it and my payments while the other has multiple logs they have to bring together and no name on the payments.

They can absolutely parse things and follow me across IDs to put me in a big log and maybe do some data magic to tie it to my person but:

1- It's extra work for them to get to the ISP starting point

2- That starting point is actually still worse since possible mistakes in that process can be argued in court.

[ignoramous]

> They can absolutely parse things and follow me across IDs to put me in a big log

So, VPNs do not protect against surveillance. Both of us agree.

> some data magic

The EU e-Evidence Regulation requires this of EU & EFTA based providers. Make what you will.

[djhn]

According to Mullvad they do not keep logs, so whatever data they can be compelled to give up should include very little.

[ignoramous]

That's not going to matter if the regulation, like the one linked to above, explicitly requires a proxy provider to preserve data.