We are removing the option to create new subscriptions

Tip:

This portable secure travel router supports MullVad (and Azire-VPN) out of the box:

https://www.amazon.com/GL-iNet-GL-MT1300-Wireless-Pocket-Siz...

Just input your Mullvad account number and it will upload all WireGuard configurations for all MullVad servers worldwide automatically.

Perfect to use to connect to any unsecure Wi-Fi and drive all traffic via VPN in hotels, airports, coffee shops, etc...

This is just like Mullvad to care about your privacy.

But I think it's a bit overkill to completely remove the subscription option. They could have accomplished the same educating of end users with a simple recommendation or opt-out at sign up.

Still providing subscription for those users who find that most convenient.

payments are truly one of the areas where privacy suffers most. I hope this decision inspires more privacy-focused companies to not store payment information continuosly.

I've been using Mullvad ever since PIA was bought out. Never had an issue with them (other than when I forget to top up and my VPN connection dies :) ) with speed or reliability. I've always used the top up functionality rather than a subscription, but it's great to see how committed they are to reducing the attack surface for the users that need the most privacy.

That's great news and they just got a huge boost in reputation for me. Definitely the go to service if I need a good VPN again.

Especially strong decision since this will certainly cost them a lot of revenue and I don't think the boost in reputation will counter that in the long run.

I, personally, care a large amount about convenience. I don't want to think about bills at all. I've been a Mullvad subscriber for years on a PayPal recurring payment. It works so well that I don't even think about it. I just use it.

Having to think about paying a bill every month is really a pain to me. I get the privacy ideals, but the tradeoffs are not ridiculous. I should be able to make a decision about how private I want to be, not have Mullvad decide for me so that they can feel better about themselves.

I will probably move over to Mozilla VPN now, since they will continue to rely on Mullvad for their infrastructure but allow me to pay them in a convenient way. I guess compromises are in order.

Why are VPNs what people flock to when they think they want privacy? Moreover they kinda break the internet so it's not a scalable solution. It's cool to see a good one selling a privacy message and doing it at level 11, but it seems kinda disingenuous to me to tell users that they're more private because they use a VPN. Private from your current ISP, sure, but not from Mullvad (they're your new ISP, you're just moving the problem of who to trust, not acquiring privacy) and especially not so much from the service level tracking and collection of data which is arguably the real problem short of being targeted by nation-states.

Also it seems all I need to do as an "attacker" is subpoena (or whatever the Swedish equivalent is) Mullvad while your payment record is on file and I get the info I want. If Mullvad really wanted to go hardcore why not only sell little top up cards cash-only at kiosks?

Now, choosing where you want your traffic to geographically egress onto the public network does have marginal utility and it's a perfectly sane feature for VPN providers to market and consumers to pay for--VPNs aren't useless. It's just not privacy.

EDIT: add bit about how Mullvad is your new ISP to clarify the point

Even though I use protonmail, I still bought Mullvad due to their Linux app which has actual per-App split tunneling.

Sweden is part of 14-eyes. I realize this may be naive or already answered, but I don't see why I should trust any service in one of those 14 countries. When things are down to the wire, can anything in Sweden really guarantee any greater level of privacy?

FYI they take monero, the most private cryptocurrency.

Serious question, what are people using their VPN for? I used PIA before the buyout then shifted to Windscribe but I don't think I will renew after this year. I rarely use it and if I want soemthing safe (like using public wifi), I use tailscale instead.

These services will likely not be around in 5 years if things continue as they do today. I work with clients who ban any ASN that hosts these kinds of services. Not sure what Mullvad can do to not become a new Tor or North Korea. At many companies they already are.

I am not for it. Just the way the lands lie right now.

If they don't keep the link between accounts and payments, doesn't that mean they can't revoke an account when a chargeback happens?

Heck of a convincing advertisement, even if it's not meant to be one.

I tried Mulvad, I love their outlook on privacy. However, maybe this is just my experience but the speed I was getting with Mulvad was slow, for some reason. Much slower than my regular ~200 mbps connection. Had to switch back to Nord (would not recommend it, though) again.

For customers who don't go to great length to protect their own privacy when paying (i.e., all subscribers, I assume) Mullvad should persuade them to replace their subscription with the "bill pay" feature of most checking accounts -- maybe even offer tutorials for common banks. I'm not an expert in the implications of a subpoena and if banks get involved, but it seems like it would at least be a way to keep the revenue stream nearly as healthy (recurring automatically) while also meeting their goal of not maintaining subscription data.

Does someone know if they are splitting the dns request and the traffic? Or do they need to decrypt my traffic to get to my dns request?

Have Mullvad's privacy guarantees been tested by subpoena?

Really good initiative, they clearly care about privacy. Most companies are going out of their way to introduce autorenewing subscriptions.

But here they make privacy more important than pleasing the investors. Kudos. Glad I'm a customer.

My paranoid interpretation of this is that they have already been, or are expecting to be served with some kind of order compelling them to silently hand over billing information.

I will admit that I know absolutely nothing of the Swedish legal system.

This is a great idea! In practice, how would you go about this e.g. if you're using Stripe? After a few weeks, delete the customer information in Stripe?

I was so worried they were winding down or something. I really love Mullvad and would hate to have to find a new VPN.

This decision makes me like them even more.

My only concern with Mullvad is that, as their profile and reputation increase, they become a bigger target. That’s mostly a vote of confidence, though the concern is a real one.

This leads me to wonder...

Is there an easy way for regular consumers to set up recurring payments in a "push" configuration (i.e. from my bank to someone else's) rather than "pull" configuration (i.e. most subscriptions where the service charges a credit card on an interval)?

I split a T-Mobile multi-line plan with a few friends where I'm the payer, and I remember looking into this a while back to help them pay their share on time and without hassle, but coming up empty.

Feels like it would be useful for paying for something like Mullvad too, but I feel like there are benefits to that model that reaches beyond the individual use cases I mentioned.

It'd allow me to manage money going out of my account from 1 centralized location, making money flow more predictable and less chaotic than the status quo where a random amount of money is pulled out of my account from various credit cards every month, and I have to log into each account separately to figure out how much.

Is it me (likely), or are a huge range of comments here exactly what you'd expect from a company anticipating blow-back based on their changes? I mean it could really be that good, but this feels a little too clean. I.e. are there shill posters here? I suppose someone could look at all the users who posted, get their karma, and created on dates, and build some estimation calculation. Probably could be greatly improved by adding factor such as wether the user has posted recently in other threads, whether potential shills are responding to parent shills, etc. Arms race ...

If I'll ever use a VPN I will check out mullvad, this kind of attitude is almost non existent now

I think Firefox resells a custom Mullvad product, which I would probably use. I just don’t have a need for security at this layer.

So, I don't quite get it. They supposedly accept one-time payments, but their pricing page only shows recurring periodic payments. What gives?

I love those guys. I really wanna start using them, but there's one missing feature for me: currently, I can mail them a few hundred euros, and get a number of years of service. That's great. But currently you only get one block of service. I'd very much like to be able to pause my credit.

Now, I totally understand that letting people pause with super fine temporal resolution would crush their business model. I'm not asking for that. But I would like to buy say 30 months of service, flick a switch draining say one month of my credit (and having the service for a month), then pausing again.

I can't renew my plan. As I forgot my account number :(

Been a mullvad user for more than 4 years and love it. Thanks guys and keep up the good work.

When I tried it, they didn't have an iPad app, but it was fine because they give you the configuration and I plugged it into the OpenVPN app.

Wonder how this affects MozillaVPN subscriptions.

I wonder if a lower cost service like VPNs could reasonably create an “endowed” account: basically pay enough up front that when invested, the returns on the up front cost are about the same as the monthly cost. If you’d need to make €60/yr, you could probably achieve this with a one-time €1,500 payment. Does it make sense for anyone to pay that much up front? Maybe not. But for people that REALLY want to see the business model succeed and/or are way too wealthy considering their mental laziness, adding an option to pay a totally absurd amount once and then forget about it might be useful, even if that payment is way higher than any normal person would pay.

Would it be possible to store subscription data without actually linking it to the account that is affected? Sort of like a one way encryption.

Mullvad is awesome from top to bottom. From strict adherence to their values to the apps that they make and the service that they provide. I've been an extremely happy customer for years. Keep up the good work!

I tried Mullvad for a year and loved the approach and onboarding. Sadly the connectivity issues and mobile app don't measure up to what I was used to with NordVPN.

Not sure why a savvy someone would use a subscription with a VPN, so not sure what the news is here.

Awesome - someone in real life treating user-identifying data as the toxic brew that it is!!

Refreshing and definitely a good reason to switch.

Been using Mullvad for a year, give or take, and I'm very happy. Zero care to find another VPN provider. Simple, fast, and anonymous sign-up. The apps function perfectly. Never experienced a bug in the Android or Linux apps. And the Wireguard profiles work perfectly. Connections are fast and not throttled (IME). And the UI of the website and apps is minimal and to-the-point.

I hope Mullvad keeps on its current course. It's one of the most respectable companies right now, with a respectable product, and its one of the few I care to pay for on a consistent basis.

Been a happy customer of Mullvad for years now. It's a great product.

Very interesting. Mullvad seems to be the most extreme and reputable VPN service out there when it comes to privacy. At least it seems that way.

I use this style of writing often, in conjunction with markdown documents.

Also, I find that using bullet points helps to visualize the sentences better, especially when used hierarchically.

Refunds and disputes can happen way after a week right? I've seen disputes 120+ days after a transaction.

I mean, maybe they won't be affected by this but they sort of suggest after a few weeks you could dispute the charge and they would have no idea it was you.

Thankfully, they still support my favorite way to pay: dropping an envelope filled with various cash currencies and your account number on a slip of paper in a mailbox at a random airport.

Highly commendable position. Mullvad is leaving a ton of money on the table by doing this, but in the sea of shady VPN providers, having a provider do something proactive like this makes me want to switch.

I love that you can literally just send an envelope of cash with your account number to pay.

> At Mullvad VPN we strive to know as little as possible about our users. We are constantly looking for ways to reduce the amount of data we store while still providing a usable service.

I wish more companies had this attitude.

Note that a major issue with Mullvad is the long standing open issue which prevents iCloud syncing on macOS [1]

I've noticed this is not really a Mullvad specific issue, as the same thing happens when i apply their "killswitch" config (= pfctl firewall rules under the hood) while using other VPN services, like ProtonVPN.

Apple seems to be blocking some of the proxy ip's or some iCloud service process is misbehaving somehow.

[1] https://github.com/mullvad/mullvadvpn-app/issues/2401

The few times where removing ‘features’ (re: privacy holes) is good news

I like this a lot even though my primary reason is unexpected subscription renewal. I started a membership site and tried to use every single thing I would want as a customer. One of the things was a reminder that my yearly membership was about to expire, and by doing nothing this would indeed happen. No automatic renewal (but keeping the account in an inactive state). Confident customers can renew for 3 years with a discount, but nothing will automatically renew. Turns out, customers love this attitude and happily renew when it's time.

Kudos!

I've been using Mullvad for years as a permanently-connected VPN and I find it excellent. I do use a subscription, but I have a friend who sends them cash in an envelope by snail mail and loves it.

Wow.

Hadn't heard of Mullvad before reading this, figured I'd give it a try. That is hands down the BEST onboarding experience for an app (let alone a VPN) I've had in I don't know how long. Took me maybe 2 minutes to go from no account to a working VPN connection.

I love that everything is anonymous (down to the account credentials just being a randomly generated token).

Great benefit. I also recommend to find a reputable masked card service provider if you plan to use a credit/debit card. Autopay is just another way for banks and providers to circumvent overdraft protection legislation and hopefully new legislation will remove any "perks" that providers offer for autopay services.

Mullvad already did this for anyone who wanted port forwards, because those people are more likely to be the target of legal demands.

They seem to never actually associate the account number with any payments except at the moment the account gains time. This keeps them from having to respond to any legal demands with useful data.

I wonder if the iOS subscriptions are affected. Technically they could just not associate your payment with your account number. Then the app can submit the transaction ID and your account number that was stored locally to the service to extend your time.

I wish more SaaS companies (especially VPN ones) did this, this is a giant win for in the area of privacy. Go Mullvad!

I've always loved that Mullvad wouldn't let you accidentally compromise your own security.

For example, the port-forwarding feature won't work if you have a recurring subscription.

This just extends that kind of thinking to the service in general.

Been a Mullvad customer for a long time now, and it's always been awesome.

Why not just subscriptions with random persistent pay reference?

They could be safe against adversary that has access to Mullvad data, while still offering convenience of subscriptions. It is not safe against adversary that has access to banking data, but even independent payments are not safe against that adversary, if they are often enough.

Do they take crypto?

I’ve funded some virgin addresses from Tornado Cash notes, running from my own local node

Thats sufficient and definitely less cumbersome than Monero.

Anyone have thoughts about the privacy and security aspects of TunnelBear? I've been using them for a few years, wondering if I should switch to Mullvad.

That's amazing. When so many companies go in the opposite direction, it's incredibly refreshing to see a company make strides toward reducing their customer's identifiable data footprint.

A big prob with the big VPNs like kape companies is their IP addresses are recognized. Does mullVad, ovpn and or ivpn suffer from the same?

Mullvad is badass, tried it out for a month and it was glorious, so I just recently pre-paid a full year.

Clickbait .. but a rightfull one :)

If you're familiar with the sizeable benefits of the subscription model for a business you'll recognize this is a big deal.

Another happy Mullvad customer. Been using them for a couple years now, and couldn't be happier with the ease, speed, and privacy.

This is PR and the comments are astroturfed to absolute hell. VPN is the most heavily advertised business I am aware of. There are a lot of reasons to mistrust this behavior.

1) it doesn't cost mullvad very much to not autorenew subscriptions. People dont forget to renew their subscriptions to a service that breaks your connection to youtube when you forget to pay. It's closer to the world of warcraft model.

2) Customers are now rightfully wary of renewing subscriptions. Given horror stories of how difficult it is to cancel your subscription to a service, I suspect that you lose upwards of 50% of potential customers if you only offer subscription models.

3) No VPN has any incentive at all to "protect your privacy". It is perfectly legal for them to lie to you about not keeping logs and then turn them over to state actors, provided they are operating out of the right state. In fact, state actors would encourage such a thing. Perhaps some of these VPNs do something to protect your privacy, but it is not because they are incentivized to.

> convenience comes at a cost and we no longer think this is an acceptable trade-off.

In an age where dissertations about what color and position to use for buttons go pages long, that's a courageous position that follows a clear strategy. Kudos!

I would love to look at Mullvad. Every time I try to connect to their website using Firefox 101 it fails with Error code: SSL_ERROR_RX_RECORD_TOO_LONG. Is anyone else experiencing this?