Since we started Mullvad VPN over 10 years ago, we have been obsessed with the question, “How do we demonstrate our trustworthiness to our users?”
This query is closely related to two thoughts often asked by the VPN users themselves:
- How can I trust my VPN provider?
- How do I know my VPN provider doesn’t keep logs?
We are here to describe our perspective on trustworthiness and to finally present a new security architecture for our infrastructure which we are currently working on. This architecture will greatly diminish the need for trust and instead enable verification through cryptography.
A market for lemons
A trustworthy VPN provider is characterized by skill, transparency, honesty, and conscientiousness. You should feel confident in expecting us to fulfill our commitment toward you, now and in the future. This is also the reason security will forever be deeply ingrained in Mullvad’s culture. Security is how we gain trust in our systems so that we may, in turn, earn it from you.
Unfortunately, the reality of VPN services like Mullvad is that we ask you to trust us without much verification. You try to judge our honesty through our words, but talk is cheap. You try to choose a provider based on reviews, but by now you know that few review sites are themselves honest or unbiased. These insights provoked us to build solutions that rely less on trust of human character and more on technology and mathematics so that trust within certain constraints can be cryptographically verified. In other words, we need transparent and verifiable systems.
Just as powerful people should be scrutinized more than others, so should computing systems in positions of power. With power comes the ability to acquire more, conceal it, and do damage. Transparency and accountability should be expected from those to whom we delegate responsibilities – the greater the responsibility, the more accountability. Anyone claiming to offer privacy and security should to the same extent offer transparency and verifiability.
Within certain constraints, we believe System Transparency gives you the ability to cryptographically verify the inner workings of Mullvad’s VPN servers while you are using them, and without compromising the privacy of other users. As it combines many diverse security technologies to form something new, System Transparency requires a technical background to grasp. Eventually we hope to educate less technical audiences as well.
A market for peaches
We are certain this concept has potential far beyond the VPN industry. Nevertheless it is worth observing that this idea introduces an interesting new game to our line of business. The currently dominating strategy in the VPN service industry seems to be a short-term marketing ploy: pay as many marketing partners as possible to promote the “exceptional” security and no-log-ness of your VPN service, whether it is true or not.
Paying for good reviews is not a signal of trustworthiness, nor is making hyperbolic claims of security a sign of technical skill. In the current market, a technically incompetent or even malicious player can promise trustworthiness, as no one is able to verify it.
System Transparency has the potential to move our industry to a state where even a technically competent player must go to great lengths in order to deceive. In a market that demands System Transparency, bad actors will eventually be detected and weeded out.
Finally, a market that constantly demands more transparent systems compels players to reinvest in open source and open hardware security technology, to the benefit of all.
Our call to action
To all VPN users, security experts, VPN providers, and reviewers:
- Let’s pioneer the development of transparent systems.
- Let’s encourage their use and continuous improvement through our individual choices.
- Let’s make sure our technological foundations are as transparent as possible.
- Let’s make sure that those foundations serve the users, and no one else.