| > And Mullvad is likely an entity outside of your home country, hence more difficult to coerce than your ISP This is not true in the EU or for the signatories of the Lugano Convention (the EU, Switzerland, Iceland, and Norway). Mullvad is very explicit that they'll abide by all EU laws. For instance, see the e-Evidence Regulation specifically written for "network-based services" like "proxy services": https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A... > Mullvad is also as compromised it's more difficult for them to track me across account numbers That's your assumption, not an assertion Mullvad makes? > even if they do, my data is then in another country, which worries me less than it being local There exists international treaties on intel sharing (including for "cyber") at every level: The UN, The European Council, the EU, the NATO states, and so on. > I'm not important enough to warrant international action Your government can demand action of other governments and businesses via various treaties it may have in place. Mullvad, since it says it'll abide by all EU / Swedish laws, is not a hurdle for your local LEA you think it might be. |
Everything is possible, of course, but in no world is it <= difficult to get information out of an entity outside your borders. A police officer can go to my local ISP's office and ask to see my logs. If he gets lucky, he gets them, otherwise his escalation path is smaller. If he wants to do that to Mullvad he has to start some process that goes through multiple people and takes a lot more time. Additionally, by the time he reaches Mullvad he probably has my ISP logs.
> That's your assumption, not an assertion Mullvad makes?
IDK what they have to say about it, but the ISP has a hardware line to my home, my name on a contract and recurring card payments. Mullvad has some money with no clear source and an ID with 3-4 people on it that jump ID every other month. I can't change my ISP every other month so one has a single big ass log for my home in a folder with my name on it and my payments while the other has multiple logs they have to bring together and no name on the payments.
They can absolutely parse things and follow me across IDs to put me in a big log and maybe do some data magic to tie it to my person but:
1- It's extra work for them to get to the ISP starting point
2- That starting point is actually still worse since possible mistakes in that process can be argued in court.