The Mullvad Bloghttps://www.mullvad.net/blog/2024-02-13T07:43:38.505239+00:00Keep up to date on developments at Mullvad. New versions of our client, security updates, job posts - find it all here.Family-friendly DNS content blocking now added to our Encrypted DNS service2024-02-13T07:43:38.505239+00:00https://www.mullvad.net/fr/blog/2024/2/13/family-friendly-dns-content-blocking-now-added-to-our-encrypted-dns-service/<p>Our free Encrypted DNS service has been expanded include another blocking combination: family-friendly content blocking.</p>
<p>This offering goes alongside the others outlined on our <a href="https://mullvad.net/en/help/dns-over-https-and-dns-over-tls">Encrypted DNS product page</a>. This combination has been added to enable parents and guardians the opportunity to block unwanted advertising, adult content and gambling, whilst still enabling their children access to social media platforms.</p>
<p>We update our DNS block lists weekly, as can be seen on our open-source <a href="https://github.com/mullvad/dns-blocklists">Github repository</a> from where the servers update.</p>
<p>Our product page explains how to use our service, where it is beneficial and what options there are. This service is free and available to anyone, whether or not they are a Mullvad VPN customer.</p>We now self-host our support email2024-02-08T09:25:03.427988+00:00https://www.mullvad.net/fr/blog/2024/2/8/we-now-self-host-our-support-email/<p>Our support emails are now moving to self-hosted and Mullvad-owned hardware.</p>
<p>From now on, our Support Team can be reached at a <strong>new email address</strong>: <a href="mailto:support@mullvadvpn.net">support@mullvadvpn.net</a></p>
<p>Emails sent to the <strong>old address:</strong> <a href="mailto:support@mullvad.net">support@mullvad.net</a>, will still continue to function until we announce the shut-down of that email address.</p>
<h2>Why are we doing this?</h2>
<p>Mullvad has always been striving to provide the most robust, reliable and privacy enhancing service, spending all available energy on the upkeep and improvement of our products. This meant that we outsourced some parts of our business that are not a core part of our product offering. Up until this point, we have been making use of a third-party service for our emails with the added recommendation of using encrypted technology such as PGP/GPG.</p>
<p>We have been working on hosting our own email service for a considerable period of time, as it takes time to build a secure solution. The service was audited pre-production, tested thoroughly and is now in production for customers to reach us. When communicating with our support team it is important that you consider your own setup; we still recommend that you use PGP/GPG and to send encrypted emails when contacting our support team. Take a look at our guide here regarding <a href="https://mullvad.net/help/using-encrypted-email">how to send and receive encrypted emails</a>.</p>
<h2>Another system running from RAM</h2>
<p>These servers run from RAM, with fully encrypted disks mounted to store the backend PostgreSQL database. We cannot fully run our servers from RAM due to requiring a persistent database, but that was a trade-off we had to make.</p>
<p>These servers run the same OS and kernel configuration as the rest of our infrastructure that runs from RAM, and we have had this service audited pre-production by Assured AB. The issues found by Assured have since been resolved, <a href="https://www.assured.se/publications/Assured_Mullvad_email_server_audit_2024.pdf">read the audit here. </a></p>
<p>All emails from our apps (in case problem reports are generated) will be sent to this new address instead.</p>
<p>As with all new services, we expect that there will be some downtime and glitches with such a large change. We are working to improve this service, and such issues and bugs will be resolved over time. We appreciate your patience with any issues that arise.</p>Support for more local currencies when paying for Mullvad using Paypal2024-01-18T06:32:41.477064+00:00https://www.mullvad.net/fr/blog/2024/1/18/support-for-more-local-currencies-when-paying-for-mullvad-when-using-paypal/<p>In order to avoid fees when paying with Paypal, we now support payment in EUR, USD, GBP, SEK, AUD, and CAD.</p>
<p>The price is always the equivalent of €5, exchange rates convert from the base price of €5.</p>Mullvad's usage of Kyber is not affected by KyberSlash2024-01-04T16:51:34.876249+00:00https://www.mullvad.net/fr/blog/2024/1/4/mullvads-usage-of-kyber-is-not-affected-by-kyberslash/<p>Vulnerabilities in some implementations of Kyber, the quantum-resistant key encapsulation mechanism, were <a href="https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/ldX0ThYJuBo/m/uIOqRF5BAwAJ">recently disclosed</a>. Mullvad’s quantum-resistant tunnels are not affected by this vulnerability, nor any vulnerability of the same kind.</p>
<p>The two timing-based attacks named KyberSlash1 and KyberSlash2 builds on the fact that some implementations of Kyber were not performing critical operations in constant time. If a service allows an attacker to request many such operations towards the same key pair, the attacker can then measure timing differences and slowly compute the secret key.</p>
<p>This type of timing-based vulnerabilities are fairly common in cryptography. And that is why Mullvad’s quantum-resistant tunnel protocol is designed in such a way that this entire class of vulnerabilities are not exploitable.</p>
<p>The Mullvad app computes a completely new key pair for each quantum-resistant tunnel connection. No secret key material is ever reused between two tunnels or two different users. Therefore each secret key is only used for a single encapsulation operation, so the scenario where timing differences can be measured does not exist. As a result, it does not matter if the Kyber implementations used by the Mullvad app and servers are vulnerable to KyberSlash1 and KyberSlash2 or not, the scenario in which it can be exploited does not exist.</p>
<p>The key pairs for quantum-resistant shared secret exchange are generated on the <em>clients</em> in Mullvad’s setup, and only the WireGuard server to which the client is establishing a connection can send a ciphertext to it. So no endpoint where a key encapsulation operation can be requested is ever exposed publicly or where a potential attacker could reach it. It all happens inside the encrypted WireGuard tunnel between the client and the WireGuard server.</p>
<p>As an extra layer of security, our quantum-resistant tunnels do not rely on only Kyber. We use two quantum-secure key encapsulation mechanisms (Kyber and Classic McEliece) and mix the secrets from both. This means that both algorithms must have <em>exploitable</em> vulnerabilities before the security of the VPN tunnel can become affected.</p>Mullvad Review of 20232023-12-28T16:16:45.814901+00:00https://www.mullvad.net/fr/blog/2023/12/28/mullvad-review-of-2023/<p style="text-align:left">We are counting down the days until 2024 and are excited about the things that will happen next year.<br />
But first, let’s take a look at the special year of 2023. Here is what we remember most fondly.</p>
<h2 style="text-align:left">The release of Mullvad Browser in collaboration with the Tor Project</h2>
<p style="text-align:left">A trustworthy VPN is not enough to stop the absurd data collection of today. That's why we <u><a href="https://mullvad.net/blog/mullvad-vpn-and-the-tor-project-team-up-to-release-the-mullvad-browser" style="color:#0563c1; text-decoration:underline">partnered with the Tor Project to develop Mullvad Browser</a></u> – a browser designed to minimize tracking and fingerprints, to be used with a trustworthy VPN instead of the Tor Network</p>
<p style="text-align:left">We also <u><a href="https://mullvad.net/blog/introducing-mullvad-leta-a-search-engine-used-in-the-mullvad-browser" style="color:#0563c1; text-decoration:underline">introduced Mullvad Leta</a></u>, a search engine used in the Mullvad Browser.</p>
<p style="text-align:left">And back in March, we decided to <u><a href="https://mullvad.net/blog/mullvad-becomes-highest-level-of-tor-member-shallot" style="color:#0563c1; text-decoration:underline">upgrade our support to the Tor Project</a></u> and became a Shallot onion in the Tor Project’s Membership Program. We share the values of the Tor Project when it comes to human rights, freedom of speech and online privacy, and we are looking forward to continue our partnership during 2024.</p>
<h2 style="text-align:left">Completed migration to RAM-only VPN infrastructure</h2>
<p style="text-align:left">During 2023, we have <u><a href="https://mullvad.net/blog/we-have-successfully-completed-our-migration-to-ram-only-vpn-infrastructure" style="color:#0563c1; text-decoration:underline">completely removed all traces of disks</a></u> being used by our VPN infrastructure. Back in early 2022 we announced the<u><a href="https://mullvad.net/blog/2022/1/12/diskless-infrastructure-beta-system-transparency-stboot/" style="color:#0563c1; text-decoration:underline"> beginning of our migration</a></u> to using diskless infrastructure with our bootloader known as “stboot”. Our VPN infrastructure has since been audited with this configuration twice (<u><a href="https://mullvad.net/blog/2023/8/9/infrastructure-audit-completed-by-radically-open-security/" style="color:#0563c1; text-decoration:underline">2023</a></u>, <u><a href="https://mullvad.net/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/" style="color:#0563c1; text-decoration:underline">2022</a></u>), and all future audits of our VPN servers will focus solely on RAM-only deployments.</p>
<h2 style="text-align:left">Partnership with Tailscale</h2>
<p style="text-align:left">Since Tailscale was founded in 2019, customers have been forced to choose between either Tailscale or Mullvad without the ability for them to co-exist. All of that changed in September, when we <u><a href="https://mullvad.net/blog/tailscale-has-partnered-with-mullvad" style="color:#0563c1; text-decoration:underline">announced a partnership with Tailscale</a></u> that allows customers to use both in conjunction through the Tailscale app.</p>
<h2 style="text-align:left">Stable Quantum-resistant tunnels in the app</h2>
<p style="text-align:left">Back in November 2022 we <u><a href="https://mullvad.net/blog/2022/11/8/post-quantum-safe-vpn-tunnels-available-on-all-wireguard-servers/" style="color:#0563c1; text-decoration:underline">blogged about Post-quantum safe VPN tunnels</a></u> being an experimental feature available on all our WireGuard servers. During 2023 the protocol has been stabilized. The setting for enabling the feature is now available in our Android and Desktop apps.</p>
<h2 style="text-align:left">Stop chat control – and other campaigns.</h2>
<p style="text-align:left">Mullvad has throughout the year been more vocal in the public space than ever before. It seems like it’s needed. A lot of focus has been directed towards <u><a href="https://mullvad.net/chatcontrol" style="color:#0563c1; text-decoration:underline">obstructing the law proposal known as chat control</a></u>, where we, for instance, took the <u><a href="https://mullvad.net/chatcontrol/campaign" style="color:#0563c1; text-decoration:underline">debate to the streets in Sweden</a></u>, during the country’s EU presidency. Among other activities, we have also been trying to educate the EU politicians in different ways. A lot of organizations and researchers has done a massive work to oppose this anti-democratic bill, and we are proud to be a part of it. Current status: the EU Parliament has taken a clear stance against the bill. We hope the EU Council will follow.</p>
<h2 style="text-align:left">Support for the community</h2>
<p style="text-align:left">Lastly, we could not do what we do without other people and organizations innovating in the fields that we rely on. That is why we sponsored Qubes OS, The Tor Project, Security Fest and more.</p>
<p style="text-align:left">Thank you for this year. Our fight against mass surveillance and censorship will continue.<br />
Mullvad VPN</p>Support of more local currencies when paying for Mullvad to avoid fees!2023-12-13T07:42:15.369798+00:00https://www.mullvad.net/fr/blog/2023/12/13/support-of-more-local-currencies-when-paying-for-mullvad-to-avoid-fees/<p>In order to avoid fees when paying with credit cards, we now support payment in EUR, USD, GBP, SEK, AUD, CAD, CHF, DKK, JPY, KRW, NOK and PLN.</p>
<p>The price is always the equivalent of €5, exchange rates convert from the base price of €5.</p>Introducing package repositories for Ubuntu, Debian and Fedora2023-11-20T11:55:52.632988+00:00https://www.mullvad.net/fr/blog/2023/11/20/introducing-package-repositories-for-ubuntu-debian-and-fedora/<p>We now provide self-hosted repositories with the latest stable and beta Mullvad VPN apps, for users of our supported Linux distributions. Our supported distribution releases are listed on our <a href="https://mullvad.net/download/vpn/linux">download page</a>.</p>
<p>If you are a customer that wishes to install our VPN application without needing to keep checking back to our website each release, you can make use of our guides to get set up. These repositories are available to anyone, with the instructions found here: <a href="https://mullvad.net/help/install-mullvad-app-linux">https://mullvad.net/help/install-mullvad-app-linux</a></p>
<p>Each time a new Mullvad VPN app release is made, whether stable or beta, they will be made available on this repository. We do not support adding both stable and beta repositories, you can only install one version of the app at any one time.</p>
<p>In order to use the service after installation you need to have a valid Mullvad VPN account with credit on the account.</p>Moving our Encrypted DNS servers to run in RAM2023-11-10T09:03:20.562804+00:00https://www.mullvad.net/fr/blog/2023/11/10/moving-our-encrypted-dns-servers-to-run-in-ram/<p>We recently <a href="https://mullvad.net/blog/2023/9/20/we-have-successfully-completed-our-migration-to-ram-only-vpn-infrastructure/">announced the completion</a> of our migration to remove all traces of disks in use on our VPN infrastructure.</p>
<p>Today we can announce more steps forward - our Encrypted DNS service has also been converted to run from RAM!</p>
<h2>Encrypted DNS for all - paying customers or not</h2>
<p>Encrypted DNS (also known as DNS over TLS and DNS over HTTPS) protects your DNS queries from being snooped on by third parties when <strong>not</strong> connected to our VPN service. DNS queries are encrypted between your device and our DNS servers.</p>
<p>Primarily as a service to be used when not connected to our VPN servers, this service is completely cost-free, and available to anyone that wishes to have a trustworthy, audited Encrypted DNS service with <a href="http://github.com/mullvad/dns-blocklists">optional content blocking</a>. This service is available from servers located worldwide, and can be configured by using the <a href="https://mullvad.net/help/dns-over-https-and-dns-over-tls/">following guide</a> on our website.</p>
<p>This service can be used in conjunction with our VPN service, but is discouraged, as it will always be slower than using the DNS resolver on the VPN server that you are connected to.</p>
<p>All of these Encrypted DNS servers are configured using the same Linux kernel, with the same level of security and privacy as the as our VPN infrastructure. This is the next step towards running our stateless infrastructure from RAM.</p>EU Digital Identity framework (eIDAS) another kind of chat control?2023-11-02T06:00:30.877752+00:00https://www.mullvad.net/fr/blog/2023/11/2/eu-digital-identity-framework-eidas-another-kind-of-chat-control/<p>The proposed EU Digital Identity framework (eIDAS) aims to meddle with the process around internet certificates and will undermine the independence and security assurances of the basis for website security:</p>
<ol>
<li>A certificate contains the website's identity (name, etc.) and its public key for encryption and signing. It is endorsed by trusted organizations that undergo regular audits. This process enables browsers to verify that the website we visit is authentic (thus avoiding "man-in-the-middle" attacks) and establishes an encrypted connection.</li>
<li>Articles 45 and 45a stipulate that web browsers must recognise a new form of certificate issued by any EU state , potentially compromising the encryption and most of all trust and overall security of the web.</li>
<li>This situation bears similarity to the controversy surrounding "chat control", as it implies that authorities could intermediate all traffic, decrypting communications sent over services using these certificates.</li>
</ol>
<p><strong>In summary, eIDAS Article 45 and 45a represent a dangerous intervention in a system that is essential to securing the Internet.</strong></p>
<p>Mullvad is against these proposed articles.</p>
<p><strong>Time perspective:</strong></p>
<ul>
<li>8th November – political (trilogue) agreement sign-off</li>
<li>End of November to mid-December: Council & Parliament votes (both in Committee & Plenary)</li>
</ul>
<p><strong>Industry letter</strong></p>
<p><a href="https://blog.mozilla.org/netpolicy/files/2023/11/eIDAS-Industry-Letter.pdf">https://blog.mozilla.org/netpolicy/files/2023/11/eIDAS-Industry-Letter.pdf </a></p>
<p><strong>Read more</strong></p>
<p><a href="https://blog.mozilla.org/netpolicy/files/2021/11/eIDAS-Position-paper-Mozilla-.pdf">https://blog.mozilla.org/netpolicy/files/2021/11/eIDAS-Position-paper-Mozilla-.pdf</a></p>
<p><a href="https://educatedguesswork.org/posts/eidas-article45/">https://educatedguesswork.org/posts/eidas-article45/</a></p>
<p><a href="https://securityriskahead.eu/">https://securityriskahead.eu/</a></p>
<p><a href="https://www.eid.as/#article45">https://www.eid.as/#article45</a></p>Mullvad Browser 13.0 released with multilingual support2023-10-13T11:00:37.690754+00:00https://www.mullvad.net/fr/blog/2023/10/13/mullvad-browser-130-released-with-multilingual-support/<p>We’re happy to announce that our first major update to Mullvad Browser is now available on our <a href="https://mullvad.net/download/browser">download page</a> and our <a href="https://cdn.mullvad.net/browser/13.0/">CDN</a>.</p>
<p>Since we released Mullvad Browser in April in collaboration with the Tor Project, it has been well received and its use has been steadily increasing.</p>
<p>Mullvad Browser 13.0 is our first stable release based on <a href="https://www.mozilla.org/en-US/firefox/115.0esr/releasenotes/">Firefox ESR 115</a>, incorporating a year's worth of changes shipped upstream. As part of this process we've also completed our annual ESR transition audit, where we review Firefox's changelog for issues that may negatively affect the privacy and security of Mullvad Browser users and disable any problematic patches where necessary. The final reports from this audit are now available in <a href="https://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/tree/main/audits">tor-browser-spec repository</a> on Tor project Gitlab repository.</p>
<p>Particularly notable are the accessibility improvements we've gained as a result of the transition to Firefox ESR 115. Mullvad Browser 13.0 is our first release to inherit the <a href="https://blog.mozilla.org/accessibility/firefox-113-accessibility-performance/">redesigned accessibility engine</a> introduced by Mozilla in Firefox 113. This change promises to improve performance significantly for people who use screen readers and other assistive technology.</p>
<p>Finally, we're happy to see "DNS over HTTPS" settings revamped (under "Settings" > "Privacy & Security" ). Using this interface, it is now possible to correctly set a DoH server without fallback or leaks, by selecting "Max Protection".<br />
What's new?</p>
<h2>Multilingual support</h2>
<p>As part of our effort to make Mullvad Browser more accessible, it is now available in:</p>
<ul>
<li>العربية (Arabic)</li>
<li>မြန်မာ (Burmese)</li>
<li>简体中文 (Chinese Simplified)</li>
<li>正體中文 (Chinese Traditional)</li>
<li>Dansk (Danish)</li>
<li>Nederlands (Dutch)</li>
<li>Suomi (Finnish)</li>
<li>Français (French)</li>
<li>Deutsch (German)</li>
<li>Italiano (Italian)</li>
<li>日本語 (Japanese)</li>
<li>한국어 (Korean)</li>
<li>Norsk Bokmål (Norwegian)</li>
<li>فارسی (Persian)</li>
<li>Polski (Polish)</li>
<li>Português BR (Portuguese Brazilian)</li>
<li>Русский (Russian)</li>
<li>Español (Spanish)</li>
<li>Svenska (Swedish)</li>
<li>ไทย (Thai)</li>
<li>Türkçe (Turkish)</li>
</ul>
<h2>Bigger new windows</h2>
<p>On browser start, the new windows should be bigger by default and present themselves in a more useful landscape aspect-ratio for the majority of desktop users in Mullvad Browser 13.0.</p>
<p>The rationale behind the new window size and its impact on letterboxing can be found in <a href="https://blog.torproject.org/new-release-tor-browser-130/">Tor Browser 13.0 release blog post</a>.</p>
<h2>Updated search engine selection</h2>
<p>For convenience, we added multiple search engines by default:</p>
<ul>
<li>Mullvad Leta (requires a paid Mullvad account)</li>
<li>Brave Search</li>
<li>DuckDuckGo</li>
<li>DuckduckGo HTML</li>
<li>Metager</li>
<li>Mojeek</li>
<li>Startpage</li>
</ul>
<p>To change your default search engine, go to "Settings" > "Search" > "Default Search Engine" and use the dropdown to select another one.<br />
Other notable changes</p>
<ul>
<li>Enable cross-tab identity leak protection in "quiet" mode</li>
<li>Enable built-in URL anti-tracking query parameters stripping</li>
<li>Change devicePixelRatio spoof to 2</li>
<li>Lock RFP in stable builds</li>
</ul>
<h2>Changelog</h2>
<p>The full changelog is available in our <a href="https://github.com/mullvad/mullvad-browser/releases/tag/13.0">releases notes</a>.</p>
<h2>Technical notes</h2>
<p>Going forward the names of all our build artifacts should follow the format <code>${ARTIFACT}-${OS}-${ARCH}-${VERSION}.${EXT}</code><br />
For example, the Linux package for 13.0 is named <code>mullvad-browser-linux-x86_64-13.0.tar.xz</code></p>
<p>If you are a downstream packager or download Mullvad Browser artifacts using scripts or automation, you might have to update your scripts.</p>
<h2>What's next?</h2>
<p>Our focus has now turned on making Mullvad Browser as usable as possible, without compromising on privacy. Our goal is to make it easy for everyone to use Mullvad Browser as their default browser.</p>
<h2>Send us your feedback</h2>
<p>If there is something stopping you from using Mullvad Browser daily, we want to hear from you.</p>
<p>Contact us:</p>
<ul>
<li>by <a href="mailto:support@mullvad.net">email</a></li>
<li>via our <a href="https://github.com/mullvad/mullvad-browser/issues">Github issue tracker</a></li>
</ul>
<p>Your feedback, positive and negative, is very important, and we thank you for each test, review, comment and bug report.</p>Amendment to the Act (2020:62) on Covert Data Surveillance2023-10-11T08:08:35.236354+00:00https://www.mullvad.net/fr/blog/2023/10/11/amendment-to-the-act-202062-on-covert-data-surveillance/<p>In response to the recently ammended Covert <a href="https://mullvad.net/help/swedish-covert-surveillance-data-act/">Data Surveillance Act (2020:62) </a>we can say that:</p>
<p>The “New wiretapping law passed in Sweden” , which came into effect on October 1, 2023, does not affect Mullvad and our services any differently than the previously existing laws in the field. The amendment, among other provisions, grants the police and prosecutors the authority to conduct covert surveillance of data in cases where it was not possible before (for example, to investigate which person can reasonably be suspected of a specific crime).</p>
<p>Police and prosecutors will still be required to adhere to the rules that have been in place previously for the use of this type of coercive measure.</p>Select your local currency when paying for Mullvad to avoid fees!2023-10-04T07:24:23.064799+00:00https://www.mullvad.net/fr/blog/2023/10/4/select-your-local-currency-when-paying-for-mullvad-to-avoid-fees/<p>In the name of furthering our transparency and to avoid card fees we now accept card payments directly in USD, EUR, GBP and SEK.<br />
The price is always the equivalent of €5, exchange rates convert from the base price of €5. An example is shown in the image below.</p>
<p><img alt="" src="/media/uploads/2023/10/04/a-fair-price.png" /></p>
<p>The correct exchange rate will always be used without any extra fees. This ensures that the price you see on our website, the amount you pay and the value you see on your bank statement will be the same.</p>
<p>In general banks will charge 5-10% extra for currency exchange, even if they say there are zero fees. Choose your local currency to avoid card exchange fees!</p>
<p>Read more: <a href="https://mullvad.net/pricing">https://mullvad.net/pricing</a></p>macOS 14 Sonoma firewall bug fixed!2023-09-22T08:54:49.793629+00:00https://www.mullvad.net/fr/blog/2023/9/22/macos-14-sonoma-firewall-bug-fixed/<p>The firewall bug in macOS 14 Sonoma betas and release candidates that we <a href="https://mullvad.net/blog/2023/9/13/bug-in-macos-14-sonoma-prevents-our-app-from-working/">blogged about last week</a> has been fixed by Apple.</p>
<p>Yesterday Apple released macOS 14 Sonoma Release Candidate 2 (23A344). This version no longer exhibits the invalid firewall rule evaluation that we observed in the earlier release candidate and betas (starting from beta 6). This also means that our VPN app now works fine in latest Sonoma.</p>
<h2>Why we were affected</h2>
<p>Our VPN app is what we call a privacy preserving VPN client. This means its main purpose is not just to establish a tunnel and make sure it works, but also to ensure there are no leaks and no ways to de-anonymize the user.</p>
<p>To uphold the privacy preserving aspect, we do not think it is enough to solely rely on the routing table or Apple’s content filter provider API for making sure traffic that is supposed to go in the VPN tunnel actually does. Because doing so leaves numerous potential leaks, for example <a href="https://mullvad.net/blog/2020/11/16/big-no-big-sur-mullvad-disallows-apple-apps-bypass-firewall/">this one that was introduced in Big Sur.</a> At Mullvad we believe in adding as many safety layers as possible. Denying unwanted traffic at the firewall layer is an obvious design choice for us.</p>
<p>The firewall bugs we saw could only be observed if the rules contained the quick option, meaning they terminate firewall rule evaluation early. Without quick, all network traffic will be evaluated by subsequent rules and anchors injected by Apple or other software on the computer. We see this as a potential risk. While it might be possible to write firewall rules for a VPN without quick, we want our rules to be as final as possible, for security.</p>We have successfully completed our migration to RAM-only VPN infrastructure2023-09-20T07:15:32.195455+00:00https://www.mullvad.net/fr/blog/2023/9/20/we-have-successfully-completed-our-migration-to-ram-only-vpn-infrastructure/<p>Today we announce that we have completely removed all traces of disks being used by our VPN infrastructure!</p>
<p>In early 2022 we announced the<a href="https://mullvad.net/blog/2022/1/12/diskless-infrastructure-beta-system-transparency-stboot/"> beginning of our migration</a> to using diskless infrastructure with our bootloader known as “stboot”.</p>
<h2>Completing the transition to diskless infrastructure</h2>
<p>Our VPN infrastructure has since been audited with this configuration twice (<a href="https://mullvad.net/blog/2023/8/9/infrastructure-audit-completed-by-radically-open-security/">2023</a>, <a href="https://mullvad.net/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/">2022</a>), and all future audits of our VPN servers will focus solely on RAM-only deployments.</p>
<p>All of our VPN servers continue to use our custom and extensively slimmed down Linux kernel, where we follow the mainline branch of kernel development. This has allowed us to pull in the latest version so that we can stay up to date with new features and performance improvements, as well as tune and completely remove unnecessary bloat in the kernel.</p>
<p>The result is that the operating system that we boot, prior to being deployed weighs in at just over 200MB. When servers are rebooted or provisioned for the first time, we can be safe in the knowledge that we get a freshly built kernel, no traces of any log files, and a fully patched OS.</p>Bug in macOS 14 Sonoma prevents our app from working2023-09-13T15:01:14.517773+00:00https://www.mullvad.net/fr/blog/2023/9/13/bug-in-macos-14-sonoma-prevents-our-app-from-working/<p>The macOS 14 Sonoma betas and release candidate contain a bug that causes the firewall to not filter traffic correctly. As a result, our app does not work.</p>
<p>During the macOS 14 Sonoma beta period Apple introduced a bug in the macOS firewall, packet filter (PF). This bug prevents our app from working, and can result in leaks when some settings (e.g. local network sharing) are enabled. We cannot guarantee functionality or security for users on macOS 14, we have investigated this issue after the 6th beta was released and reported the bug to Apple. Unfortunately the bug is still present in later macOS 14 betas and the release candidate.</p>
<p>We have evaluated whether we can patch our VPN app in such a way that it works and keeps users secure in macOS 14. But unfortunately there is no good solution, as far as we can tell. We believe the firewall bugs must be fixed by Apple.</p>
<p>The bug affects much more than just the Mullvad VPN app. Firewall rules do not get applied properly to network traffic, and traffic that is not supposed to be allowed is allowed. We deem this to be a critical flaw in the firewall, anyone relying on PF filtering, or apps using it in the background on their macOS devices should be cautious about upgrading to macOS 14.</p>
<h2>Our recommendations</h2>
<p>MacOS 14 Sonoma is scheduled to be released on the 26th of September, if the bug is still present we recommend our users to remain on macOS 13 Ventura until it is fixed.</p>
<h2>Technical details</h2>
<p>The following steps can be taken on macOS 14 to reproduce the issue. Warning: This will clear out any firewall rules you might have loaded in PF.</p>
<p>In a terminal, create a virtual logging interface and start watching it for traffic matching the rules you will add later:</p>
<pre>
sudo ifconfig pflog1 create
sudo tcpdump -nnn -e -ttt -i pflog1</pre>
<p>Write the following firewall rules to a file named <code>pfrules</code>:</p>
<pre>
pass quick log (all, to pflog1) inet from any to 127.0.0.1
block drop quick log (all, to pflog1)</pre>
<p>In another terminal, enable PF and load the rules:</p>
<pre>
sudo pfctl -e
sudo pfctl -f pfrules</pre>
<p>Ping the <a href="https://mullvad.net">mullvad.net</a> webserver:</p>
<pre>
ping 45.83.223.209</pre>
<h3>Expected results</h3>
<ul>
<li>Ping is blocked, since it does not match the only <code>pass</code> rule’s requirements</li>
<li>The traffic is logged to <code>pflog1</code>. More specifically we expect it to be logged as matching the <code>block</code> rule</li>
</ul>
<h3>Actual results</h3>
<ul>
<li>Ping is allowed out on the internet, and the response comes back</li>
<li>No traffic is being logged to <code>pflog1</code></li>
</ul>
<h3>Cleaning up after the experiment</h3>
<p>Disable the firewall and clear all rules.</p>
<pre>
sudo pfctl -d
sudo pfctl -f /etc/pf.conf</pre>
<p>Follow our blog for future updates to this issue.</p>Tailscale has partnered with Mullvad2023-09-07T15:00:29.282690+00:00https://www.mullvad.net/fr/blog/2023/9/7/tailscale-has-partnered-with-mullvad/<p>Since Tailscale was founded in 2019, customers have been forced to choose between either Tailscale or Mullvad without the ability for them to co-exist.</p>
<p>Today we announce a partnership with Tailscale that allows you to use both in conjunction through the Tailscale app. This functionality is not available through the Mullvad VPN app.</p>
<p>This partnership allows customers of Tailscale to make use of our WireGuard VPN servers as “exit nodes”. This means that whilst connected to Tailscale, you can access your devices across Tailscale’s mesh network, whilst still connecting outbound through Mullvad VPN WireGuard servers in any location.</p>
<p>Some simple examples of this could be:</p>
<p><strong>Mobile phone:</strong></p>
<ul>
<li>Connects to a PC via Tailscale at your home to access private photo albums</li>
<li>At the same time: browses the Internet via a Mullvad VPN server located in Sweden</li>
</ul>
<p><strong>Personal computer:</strong></p>
<ul>
<li>Connects via Tailscale to another PC whilst in a cafe to work on self-hosted documents</li>
<li>At the same time: sends all other traffic through Mullvad VPN whilst on unencrypted WiFi</li>
</ul>
<p>Read more on using Mullvad exit nodes with Tailscales VPN service on Tailscales website here: <a href="https://tailscale.com/kb/1258/mullvad-exit-nodes/">https://tailscale.com/kb/1258/mullvad-exit-nodes/</a></p>Response to "TunnelCrack" vulnerability disclosure2023-08-09T14:39:31.371605+00:00https://www.mullvad.net/fr/blog/2023/8/9/response-to-tunnelcrack-vulnerability-disclosure/<p style="text-align:left">Mullvad is mostly unaffected by the <a href="https://tunnelcrack.mathyvanhoef.com/" style="color:#0000ff; text-decoration:underline" target="https://tunnelcrack.mathyvanhoef.com/"><u>TunnelCrack</u></a> VPN vulnerabilities. This is our response to the recently disclosed set of attack vectors on VPNs.</p>
<p style="text-align:left"> </p>
<h2 style="text-align:left"><strong>LocalNet Attack</strong></h2>
<p style="text-align:left"><strong>TLDR: On Windows, Linux, macOS and Android we are not vulnerable to the LocalNet attack. We never leak traffic to public IPs outside the VPN tunnel. However, on iOS we are affected by this attack vector.</strong></p>
<p style="text-align:left">On Windows, Linux, macOS and Android where we have the <em>local network sharing</em> setting, it is disabled by default. This means all traffic outside the tunnel is blocked by default. When the <em>local network sharing</em> setting is enabled, our app does not just allow traffic to all networks advertised by the DHCP server or set up as local networks in the routing table. We specifically allow traffic only to known standardized local network ranges. These are IPs that can only ever exist on local networks, and are not valid public IPs. If you want to get into the nitty gritty details, <u><a href="https://github.com/mullvad/mullvadvpn-app/blob/5deb1b781c2bb3318b91385762ee0cc64e83724e/talpid-core/src/firewall/mod.rs#L29-L61" style="color:#0000ff; text-decoration:underline" target="https://github.com/mullvad/mullvadvpn-app/blob/5deb1b781c2bb3318b91385762ee0cc64e83724e/talpid-core/src/firewall/mod.rs#L29-L61">here is the list</a></u> of allowed local IP network ranges in our app’s source code.</p>
<h3 style="text-align:left">Desktop</h3>
<p style="text-align:left">What this means is that if a rogue AP advertises some public IP ranges as local network ranges to the victim’s device, our app will block any traffic to those IPs. The traffic will neither go inside nor outside the tunnel, it will be stopped from leaving the device altogether.</p>
<p style="text-align:left">Even if LocalNet is not a traffic leak with Mullvad on desktop, it can be classified as a denial of service attack. The attacker can prevent the victim from communicating with certain IP ranges. The TunnelCrack paper outlines this aspect in section 4.1.2. The paper claims that this poses a security risk since it might block security cameras and software security updates.</p>
<p style="text-align:left">We at Mullvad have been aware of this for a long time but not considered it a practical or important attack vector in the scope of being fixed by a VPN app. If an attacker controls the router/AP, which they need to do to perform this attack, they can block any traffic from the victim’s device anyway. We do not believe that being able to do it selectively for certain IP ranges changes anything significant. Any device that is configured in such a way that it connects to unauthenticated (the only type that can be spoofed like this) WiFi access points is susceptible to denial of service attacks, period.</p>
<h3 style="text-align:left">Android</h3>
<p style="text-align:left">When a VPN is connected on Android, the VPN app decides which IP networks go inside and outside the tunnel. These rules from the VPN app overrule the local routing table. This means that on Android all traffic to public IPs are sent inside the tunnel even if Local network sharing is enabled and a rogue AP falsely advertised public IP networks as part of the local network.</p>
<p style="text-align:left">We do not agree with the conclusion in the TunnelCrack paper where they give the Mullvad VPN Android app a black check mark (“Secure by default LAN-Access-Setting”). We think our app should have a green check-mark. We find no way of triggering either a leak, or a block with our Android app.</p>
<h3 style="text-align:left">iOS</h3>
<p style="text-align:left">On iOS we sadly do not offer any <em>Local network sharing</em> setting and local networks are always allowed in the current versions of our app. This is stated in our <u><a href="https://github.com/mullvad/mullvadvpn-app/#features" style="color:#0000ff; text-decoration:underline" target="https://github.com/mullvad/mullvadvpn-app/#features">feature table in the readme of our app’s source code</a></u>. However, we do confess that we could have made this caveat much more discoverable and visible to users. We can definitely improve on this.</p>
<p style="text-align:left">This means that the device will always send any network traffic to the local network outside the tunnel. Including public IPs advertised by rogue APs and similar.</p>
<p style="text-align:left">The only solution we know against these leaks on iOS is to enable a flag called includeAllNetworks in iOS VPN terminology. We have been aware of this flag for a long time, and we have wanted to enable it for just as long. The problem is that the underlying tunnel implementation that we and most other WireGuard apps on iOS use, wireguard-go, is simply not compatible with includeAllNetworks. We are currently replacing wireguard-go with something allowing us to enable this security feature. We actually have been working on this for quite some time. But it is a pretty large task and we are not there yet.</p>
<h2 style="text-align:left"><strong>ServerIP Attack</strong></h2>
<p style="text-align:left"><strong>TLDR: Mullvad’s app is not vulnerable to any part of the Server IP attack vector on any platform.</strong></p>
<h3 style="text-align:left">Tricking the VPN client into using the wrong server IP</h3>
<p style="text-align:left">This part of the attack is about tricking the VPN client into using an attacker controlled IP as the VPN server IP.</p>
<p style="text-align:left">The Mullvad VPN app does not use DNS in any way to obtain VPN server IPs. Our app fetches the list of VPN server IPs from our own API. We also do not use DNS to find the IP to our API server. All API communication is encrypted with https (TLS 1.3) and uses certificate pinning. This means the app cannot be tricked to talk to, or trust information from the wrong servers. This is true for all platforms.</p>
<h3 style="text-align:left">Sending traffic to the VPN server IP outside the tunnel</h3>
<p style="text-align:left">This part of the attack is about leaking traffic outside the VPN tunnel to the IP address of the VPN server. This attack is possible in many VPN clients due to them often routing and allowing all traffic to the VPN server IP outside the VPN tunnel.</p>
<h4 style="text-align:left"><em>Windows, Linux and macOS</em></h4>
<p style="text-align:left">Our client has never allowed all traffic to to the VPN server IP. Our firewall rules were designed from the start to only allow outgoing traffic outside the VPN tunnel to the VPN server IP, port and protocol combination our tunnel were going to use, not any other port or protocol.</p>
<p style="text-align:left">During <u><a href="https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/" style="color:#0000ff; text-decoration:underline" target="https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/">a security audit in 2020</a></u>, Cure53 found a vulnerability in our app (named <em>MUL-02-002 WP2</em>) that is very similar to the ServerIP attack described in TunnelCrack. However, it is a special case of the attack. This attack was possible even when the firewall only allowed traffic on a specific port and protocol. We responded by patching this so that our firewall rules would be even more strict. The app now only allows outgoing traffic to the VPN server IP+port+protocol from the root user on Linux and macOS and only from the mullvad-daemon.exe process on Windows. This effectively stops all forms of both the ServerIP attack and the attack found by Cure53 and has done so since app version 2020.5.</p>
<h4 style="text-align:left"><em>Android and iOS</em></h4>
<p style="text-align:left">Neither mobile platform is affected by the ServerIP attack vector. This is because they do not use the routing table to exclude the VPN traffic from the VPN tunnel itself. Instead they provide more fine grained mechanisms to allow the VPN apps to exclude the encrypted VPN traffic from being looped back into the VPN itself again.</p>
<p style="text-align:left"> </p>Infrastructure audit completed by Radically Open Security2023-08-09T09:34:56.360962+00:00https://www.mullvad.net/fr/blog/2023/8/9/infrastructure-audit-completed-by-radically-open-security/<p>We tasked the Netherlands based security firm Radically Open Security (RoS) with performing the third audit towards our VPN infrastructure.</p>
<p>We asked them to focus solely on VPN servers that run from RAM, one OpenVPN and one WireGuard server.</p>
<p>We invite you to <a href="https://github.com/radicallyopensecurity/ros-website/blob/main/ros-public-reports/ROS%20-%20Mullvad%20VPN%202023.pdf">read the final report</a><strong> </strong>of our third security audit, concluded in mid-June 2023, with many fixes deployed late June 2023. Further re-tests and a verification pass was performed during July.</p>
<p>RoS discovered a number of new findings, and we would like to thank them for their thorough and detailed report. They stated , amongst other things that: that whilst they found some issues, that: “The Mullvad VPN relays which were the subject of this test showed a mature architecture…” and “During the test we found no logging of user activity data..”</p>
<p>We gave RoS full SSH access to two (2) VPN servers that were running from RAM, using our latest slimmed down Linux kernel (6.3.2) and customised Ubuntu 22.04 LTS based OS. These servers were deployed as though they were <strong>to be</strong> production customer-facing servers, however these servers <strong>have never been utilised </strong>as such.</p>
<p>We asked them to verify:</p>
<ul>
<li>Security and set up of servers internally</li>
<li>Security and set up of servers externally</li>
<li>Whether or not we log customer activity</li>
</ul>
<p>RoS also asked whether they should investigate the source code of various binaries running on our systems, or whether they should take into consideration the hardware-level security. We declined both offers, stating that this is to be considered an <em>“after the system is running and in-use by customers”</em> audit.</p>
<h2>Overview of findings</h2>
<ul>
<li>Radically Open Security found no information leakage or logging of customer data</li>
<li>RoS discovered 1 High, 6 Elevated, 4 Moderate, 10 Low and 4 info-severity issues during this penetration test.</li>
</ul>
<p><strong>Key takeaway:</strong> Our VPN infrastructure has been audited for the third time.</p>
<h2>Miscellaneous issues of interest</h2>
<h3>MLL-024 Production multihop traffic on test system (High)</h3>
<p><strong>To quote RoS:</strong><em> “Impact - Production user traffic is visible to pentest users.”</em></p>
<p><strong>Our comments:</strong></p>
<p>RoS were given production-like servers, provisioned and deployed like all other customer facing servers. The difference between these and the rest of our fleet is that they have never been made available for customers to connect, they were not advertised in our server list, and not offered up to users. However, as these servers are connected to our WireGuard multihop functionality, <strong>any customer scanning for IPs</strong> can send traffic though them whilst connected to another VPN server using a SOCKS5 proxy, as there is nothing blocking it.</p>
<p>In what RoS discovered there was only the IP from the WireGuard internal interface. This interface is only available to SOCKS5 multihop traffic, so it would be the entry WireGuard server.</p>
<p>Without providing RoS with production servers the audit would not have been valid as a production server audit, and there would have been no way to prevent customer traffic from being visible on the servers.</p>
<h3>MLL-019 - LPE to root using systemd timers and insecure directory permissions (Elevated)</h3>
<p><strong>To quote RoS:</strong><em> “Low-privileged system accounts can elevate their privileges to root by manipulating systemd timer script content.”</em></p>
<p><strong>Our comments:</strong></p>
<p>It became obvious after consulting with RoS that the primary issue here is the use of nested home directories, and the addition of administrator users being part of the <code>mad</code> group.</p>
<p>The usage of the nested <code>/home/mad</code> directory structure is a legacy remnant of pre-RAM VPN servers, which is going to be removed in the upcoming updates to our infrastructure. In the short-term we have removed all administrator users from being part of the <code>mad</code> group, but we have also moved all related scripts to <code>/opt/local_checks</code> which RoS acknowledged as resolving the issue.</p>
<h3>MLL-045 — Administrator access to production machines (Moderate)</h3>
<p><strong>To quote RoS:</strong> <em>“VPN servers accept remote logins from administrators, who technically have the ability to tap into production users' VPN traffic”</em></p>
<p><strong>Our comments:</strong></p>
<p>We have been aware of this issue for some time, and conversing with RoS only confirmed our plans to implement such measures:</p>
<ul>
<li>Implement a method by which unauthorised logins can be auditable, and add a log of all the commands (without arguments) used on these servers. We are implementing such a system.</li>
<li>Remove support for SSH entirely, this would mean that even administrators could not enable logging of customer traffic, since no access is enabled over SSH. We are investigating such a system, though this will take more time to perform correctly.</li>
</ul>
<h3>MLL-016 - Telegraf password shared across servers (low)</h3>
<p><strong>To quote RoS: </strong><em>“Shared Influx database credentials used by Telegraf across VPN servers allows manipulation of global server metrics, such as CPU and disk usage or network metrics.”</em></p>
<p><strong>Our comments:</strong></p>
<p>We deemed the best course of action here to implement client certificates for authentication using the PKI infrastructure available within Hashicorp Vault. This has now been implemented, and we will investigate the use of such certificates in other places across our infrastructure.</p>
<p>---</p>
<p>There are more changes to be deployed in the near future, and the listed fixes are examples of the most interesting issues that Radically Open Security found.</p>
<p>For the universal right to privacy,<br />
Mullvad</p>Introducing Mullvad Leta: a search engine used in the Mullvad Browser2023-06-20T09:01:49.635564+00:00https://www.mullvad.net/fr/blog/2023/6/20/introducing-mullvad-leta-a-search-engine-used-in-the-mullvad-browser/<p>Online privacy isn't just about a VPN. That’s why we have developed the <a href="https://mullvad.net/blog/2023/4/3/mullvad-vpn-and-the-tor-project-team-up-to-release-the-mullvad-browser/">Mullvad Browser</a>.<br />
Observant users may have noticed that our browser comes with the DuckDuckGo search engine by default, but also an alternative: <a href="http://leta.mullvad.net/">Mullvad Leta.</a></p>
<p>Mullvad Leta is accessible only with a paid Mullvad VPN account; you can set it as default in the Mullvad Browser, or reach it at <a href="http://leta.mullvad.net/">leta.mullvad.net</a></p>
<p>Mullvad Leta uses the Google Search API as a proxy, caching each search. These cached results are shared amongst all users, reducing costs and improving privacy. This service is user-supported and doesn't rely on ads or data selling.</p>
<p>Our browser extension simplifies access. Once your account number is set in the settings, there's no need to log in each time. To protect against correlation attacks and manage costs, searches are cached for 30 days, possibly resulting in slightly outdated results.</p>
<p>Each account can make 100 direct searches daily, with unlimited cached searches. Viewing subsequent search result pages counts towards your daily limit. Non-cached searches prompt a Google query from Mullvad Leta, sharing only the search term and keeping the rest of your data private.</p>
<p>The search results are free from third-party tracking links, providing a clean, private browsing experience.</p>
<p>Mullvad Leta has been audited by <a href="https://mullvad.net/blog/2023/5/16/security-audit-of-our-letamullvadnet-search-service/">Assured</a></p>Removing the support for forwarded ports2023-05-29T12:08:57.758404+00:00https://www.mullvad.net/fr/blog/2023/5/29/removing-the-support-for-forwarded-ports/<p>Today we announce that we no longer support port forwarding. New port forwards will no longer be supported, and existing ports will be removed 2023-07-01.</p>
<h2>Why are we removing forwarded ports?</h2>
<p>Port forwarding in general has added value if you are wanting to allow a friend or family to access a service running behind our VPN. This could be a legitimate website, a game server, or even access to your self-hosted server.</p>
<p>Unfortunately port forwarding also allows avenues for abuse, which in some cases can result in a far worse experience for the majority of our users. Regrettably individuals have frequently used this feature to host undesirable content and malicious services from ports that are forwarded from our VPN servers. This has led to law enforcement contacting us, our IPs getting blacklisted, and hosting providers cancelling us.</p>
<p>The result is that it affects the majority of our users negatively, because they cannot use our service without having services being blocked.</p>
<p>The abuse vector of port forwarding has caught up with us, and today we announce the discontinuation of support for port forwarding. This means that if you are a user of forwarded ports, you will not be able to add or modify the ports you have in use.</p>
<p>We have removed the ability to add port forwards on all accounts.</p>
<h2>What will happen now?</h2>
<p>As of today we will remove the ability of adding ports to all accounts. 2023-07-01 we will remove all existings ports that are configured. Please update your services accordingly.</p>
<p>You will see a similar warning on the accounts page on our website.</p>
<h2>Will you be affected?</h2>
<p>If you do not know what port forwarding is, you will not be affected. The users that are directly affected are the users that have active ports and are using them through Mullvad as of today.</p>Security audit of our leta.mullvad.net search service2023-05-16T12:00:23.987226+00:00https://www.mullvad.net/fr/blog/2023/5/16/security-audit-of-our-letamullvadnet-search-service/<p>Assured AB were contracted to perform a security assessment of our new Leta search service between 2023-03-27 and 2023-03-31.</p>
<p>Today we announce our new Leta search service, available at <a href="http://leta.mullvad.net/">leta.mullvad.net.</a> This service is available to valid Mullvad VPN customers, with the ability to use it as the default search engine in supported browsers.</p>
<p>Leta is also an option in Mullvad Browser for use as a default search engine. Further information about how Leta functions, how it can be used, and limitations are available on the <a href="https://leta.mullvad.net/faq">Leta FAQ.</a></p>
<p>The <a href="https://leta.mullvad.net/terms-of-service">Terms of Service</a> page explains how the service functions, and what the business model is.</p>
<h2>Quoting the report:</h2>
<p>"Assured was tasked with conducting a penetration test on Mullvad Leta and to assess the web application with regards to security and privacy. Overall, Mullvad Leta is well contained with a small attack surface and good measures have been implemented to strengthen privacy as well as security."</p>
<p>Read the <a href="https://www.assured.se/publications/Assured_Mullvad_Leta_pentest_report_2023.pdf">full audit</a> report on Assured’s website.</p>
<h2>Reports notes and comments</h2>
<h3>3.1.1 (Low) Content Security Policy (CSP) missing</h3>
<p><strong>Assured recommended</strong> configuring a Content Security Policy (CSP) for all documents, adhering to the principle of least privilege.</p>
<p><strong>Mullvad</strong>: We have added a CSP.</p>
<h3><br />
3.1.2 (Low) Partial logging of unique user ID</h3>
<p><strong>Assured recommended </strong>disabling user identifiable log entries entirely in production, and removing the debug calls as soon as the product is ready for release. This is a preemptive measure to prevent accidental exposure in the future.</p>
<p><strong>Mullvad</strong>: We removed all logging of user IDs.</p>
<h3><br />
3.1.3 (Note) HTTP Strict Transport Security Header Missing</h3>
<p><strong>Assured recommended</strong> ensuring that the Strict-Transport-Security response header is properly set as it is good practice to serve this header to inform clients that they should only connect to the server over TLS (HTTPS).</p>
<p><strong>Mullvad</strong>: We have modified the configuration to ensure this is set for all assets served by our web server (however the service is only responding over HTTPS)</p>
<h3><br />
3.2.1 (Low) Potential Cross-Site Scripting (XSS) via Google results</h3>
<p><strong>Assured recommended</strong> using only the plain-text description from the Google results, rather than trusting HTML from an external party. A well-crafted CSP (see Finding 3.1.1) could also mitigate this issue to some extent.</p>
<p><strong>Mullvad</strong>: We no longer use the HTML snippets from Google, just plain text.</p>
<h3><br />
3.3.1 Note Search terms never removed from cache</h3>
<p><strong>Assured recommended </strong>setting a hard expiration time for new entries, and clearing entries from the database upon expiration. The built-in expiration mechanism of Redis is already used to purge each user’s quota entries at the end of each day, and should be suitable and robust for this purpose as well. If the presence of search terms (e.g. personally identifiable terms) is considered sensitive, we also recommend allowing users to exempt their searches from caching.</p>
<p><strong>Mullvad</strong>: We have updated so all entries are expired automatically after <u><em><strong>30 days plus the fact that search queries are hashed</strong></em></u></p>
<h3><br />
3.4.1 Note Plaintext search queries in cache database</h3>
<p><strong>Assured recommended </strong>hashing search terms before insertion / lookup in the cache database. Since search term cache lookups are only performed with exact matching, this should not affect functionality.</p>
<p><strong>Mullvad</strong>: We are now hashing (and salting) the search terms before they are added to Redis</p>Update: The Swedish authorities answered our protocol request2023-05-02T08:52:15.560648+00:00https://www.mullvad.net/fr/blog/2023/5/2/update-the-swedish-authorities-answered-our-protocol-request/<p>Since the events of the search warrant by the Swedish police at Mullvad’s office in Gothenburg, we have tried to get hold of documents and protocols tied to the operation.<br />
This is what the authorities came back with.</p>
<p>On 18th April at least six police officers from the National Operations Department (NOA) of the Swedish Police visited the Mullvad VPN office in Gothenburg with a search warrant. <a href="https://mullvad.net/blog/2023/4/20/mullvad-vpn-was-subject-to-a-search-warrant-customer-data-not-compromised/">They left without taking anything and without any customer information.</a></p>
<p>Since then, Mullvad has requested the search warrant signed by the prosecutor, as well as the house search protocol by the police (which is obligated to be drawn according to Swedish law). We requested the documents to better understand why the police chose to visit us with a search warrant at this time. In all the years up until now it has been clear to them that they are not able to seize non-existing data.</p>
<p>We have now received a response from the Swedish Prosecution Authority and the prosecutor in charge of the operation, who told us that the search warrant was a decision made in international legal cooperation with Germany. However, the Swedish Prosecution Authority does not want to give any more details and we were not given any protocols with reference to confidentiality.</p>
<p>See the letter from the prosecution office in its entirety below:</p>
<p><img alt="" src="/media/uploads/2023/05/02/masked-am-11833-23_tjan_12_1_3.png" /></p>
<h2>Translation:</h2>
<p><em>“Regarding your request for copies of decisions and reports</em></p>
<p><em>The Swedish Prosecution Authority has received a request for an international<br />
judicial cooperation from another state, Germany, regarding a case ongoing in<br />
that state. In accordance with this request, on February 17, 2023, I granted a<br />
search of the premises of Mullvad VPN AB and Amagicom AB. This decision<br />
was implemented on April 18, 2023.<br />
According to Section 17, Chapter 18 of the Swedish Public Access to<br />
Information and Secrecy Act, secrecy applies in activities relating to judicial<br />
cooperation at the request of another state for information relating to an<br />
investigation according to the provisions on preliminary investigation in<br />
criminal cases or matters that concern coercive measures, if it can be assumed<br />
that it was a prerequisite for the other state’s request that the information<br />
should not be disclosed.<br />
Your letter also states that the question has previously been raised with the<br />
Swedish Prosecution Authority regarding this event. Unfortunately I can find<br />
no such request or inquiry.”</em></p>
<p>We have not got any more information from the National Operations Department (NOA) of the Swedish Police, but they gave an interview <a href="https://www.svt.se/nyheter/lokalt/vast/internationell-brottslighet-bakom-husrannsakan-i-goteborg">on Swedish television (SVT)</a>. The Swedish television also got a comment from the German prosecutor:</p>
<p>"According to Paul Pfeiffer, prosecutor in the city of Rostock in northern Germany, the operation was connected to a blackmail attack that hit several municipal institutions in the state of Mecklenburg-Western Pomerania in October 2021. As a result of the attack, the institutions were not able to carry out their tasks.</p>
<p>– During the investigations, which are still ongoing, an IP address was found that led to the VPN service Mullvad. The investigation is not directed towards the VPN service, the prosecutor writes in an email.”</p>
<p>In the television feature, the Swedish police (NOA) also answers the question "You sent six police officers to Mullvad and you didn't get hold of anything, because the data you requested did not exist. Would you still say it was a successful operation?”</p>
<p>NOA: "Based on the investigation order we received, we consider that we did what they requested."</p>
<p>During the house search we argued that they (NOA) had no reason to expect to find what they were looking for and any seizures would therefore be illegal. After demonstrating that this is indeed how our service works and them consulting the prosecutor, they left without taking anything and without any customer information.</p>
<p>However, had they taken something, it would not have given them access to any customer information.</p>
<p>These are the national laws that makes it possible to run a privacy-focused VPN service in Sweden:</p>
<h2>Electronic Communications Act (2022:482) (LEK) Does not apply to Mullvad VPN AB</h2>
<p>According to LEK’s definitions, LEK does not apply to Mullvad since we, as a VPN service provider are not regarded as an electronic communications network nor an electronic communications service.</p>
<h2>Act (2012:278) on Collection of Data in Electronic Communication in the Crime Combating Authorities’ Intelligence Service (IHL)</h2>
<p>This law can only be used to request user data from businesses having the LEK reporting obligation. This means authorities cannot use LEK nor IHL to request information from Mullvad.</p>
<h2>The Swedish Code of Judicial Procedure (1942:740) (RB)</h2>
<p>According to this, a search of premises may be instigated not just on the individual who is suspected on reasonable grounds but on anyone, provided that there is a factual circumstance and that it can be <strong><em>tangibly demonstrated that there is a reasonable expectation of finding items subject to seizure</em></strong>, or other evidence of the offense in question. Objects may also be seized if they are believed to have importance for the investigation.</p>
<h2>Summary</h2>
<p>Since Mullvad VPN by law is not required to collect any data related to our users’ activities online – and since the pure purpose of our service is to protect users from collection of such data – it is in our interest, our customers interest, all our employees and owners’ interest to not collect any data and therefore there is no reasonable grounds to doubt that we do not collect any data about our users’ activities online.</p>
<p>Read all about our <a href="https://mullvad.net/help/tag/policies/">no-logging and privacy policies.</a></p>Mullvad VPN was subject to a search warrant. Customer data not compromised2023-04-20T12:13:52.590571+00:00https://www.mullvad.net/fr/blog/2023/4/20/mullvad-vpn-was-subject-to-a-search-warrant-customer-data-not-compromised/<p>On April 18 at least six police officers from the National Operations Department (NOA) of the Swedish Police visited the Mullvad VPN office in Gothenburg with a search warrant.<br />
They intended to seize computers with customer data.</p>
<p>In line with our <a href="https://mullvad.net/help/tag/policies/">policies</a> such customer data did not exist. We argued they had no reason to expect to find what they were looking for and any seizures would therefore be illegal under Swedish law. After demonstrating that this is indeed how our service works and them consulting the prosecutor they left without taking anything and without any customer information.<br />
<br />
If they had taken something that would not have given them access to any customer information.<br />
<br />
Mullvad have been operating our VPN service for over 14 years. This is the first time our offices have been visited with a search warrant.</p>Stable Quantum-resistant tunnels in the app!2023-04-06T08:27:22.787844+00:00https://www.mullvad.net/fr/blog/2023/4/6/stable-quantum-resistant-tunnels-in-the-app/<p>The quantum-resistant tunnels feature is finally stabilized and can easily be enabled for all WireGuard tunnels in our desktop app.</p>
<p>Back in November we <a href="https://mullvad.net/blog/2022/11/8/post-quantum-safe-vpn-tunnels-available-on-all-wireguard-servers/">blogged about Post-quantum safe VPN tunnels</a> being an experimental feature available on all our WireGuard servers. The protocol has since then been stabilized. The setting for enabling the feature is available from version 2023.3 of our desktop app.</p>
<h2>How to enable</h2>
<p>In the app, go to <strong>Settings → VPN settings → WireGuard settings → Quantum-resistant tunnel</strong> and set the setting to <strong>On</strong>.</p>
<p>When the VPN is connected, the app should now say <strong>QUANTUM SECURE CONNECTION</strong> in green text in the main view of the app.</p>
<h2>The future</h2>
<p>This feature is currently only available in our desktop app (Windows, macOS and Linux). We plan on incorporating this feature on Android and iOS as well.</p>
<p>If it turns out to work as well as we hope it will, we will enable this by default in a future release of the app. There is no reason to not have every tunnel be quantum-resistant.</p>
<h2>What is this?</h2>
<h3>The problem</h3>
<p>The encryption used by WireGuard has no known vulnerabilities. However, the current establishment of a shared secret to use for the encryption is known to be crackable with a strong enough quantum computer.</p>
<p>Although strong enough quantum computers have yet to be demonstrated, having post-quantum secure tunnels today protect against attackers that record encrypted traffic with the hope of decrypting it with a future quantum computer.</p>
<h3>Our solution</h3>
<p>A WireGuard tunnel is established, and is used to share a secret in such a way that a quantum computer can’t figure out the secret even if it had access to the network traffic. We then disconnect and start a new WireGuard tunnel specifying the new shared secret with <a href="https://www.wireguard.com/protocol/">WireGuard’s pre-shared key option</a>.</p>
<p>The Post-Quantum secure algorithms used here are Classic McEliece and Kyber.</p>MULLVAD VPN AND THE TOR PROJECT TEAM UP TO RELEASE THE MULLVAD BROWSER.2023-04-03T10:02:30.959085+00:00https://www.mullvad.net/fr/blog/2023/4/3/mullvad-vpn-and-the-tor-project-team-up-to-release-the-mullvad-browser/<p style="text-align:left"><strong>Mullvad VPN and the Tor Project today present the release of the Mullvad Browser, a privacy-focused web browser designed to be used with a trustworthy VPN instead of the Tor Network.</strong></p>
<p style="text-align:left">“<strong>We want to free the internet from mass surveillance and a VPN alone is not enough to achieve privacy. From our perspective there has been a gap in the market for those who want to run a privacy-focused browser as good as the Tor Project’s but with a VPN instead of the Tor Network," says Jan Jonsson, CEO at Mullvad VPN.</strong></p>
<p style="text-align:left"> </p>
<p style="text-align:left"><u><a href="http://mullvad.net/browser" style="color:#0000ff; text-decoration:underline"><strong>Get the full story: read more about the Mullvad Browser.</strong></a></u></p>
<p style="text-align:left"><u><a href="http://mullvad.net/download/browser" style="color:#0000ff; text-decoration:underline"><strong>Download the Mullvad Browser</strong></a></u></p>
<p style="text-align:left"> </p>
<p style="text-align:left">Mullvad VPN was founded in 2009 with the ambition to make censorship and mass surveillance impractical. To this day we have mainly been working towards that vision offering a VPN service as good as possible. Now we take the next step, with a privacy-focused browser developed together with the Tor Project.</p>
<p style="text-align:left">“The mass surveillance of today is absurd. Both from commercial actors like big tech companies and from governments,” says Jan Jonsson, CEO at Mullvad VPN. “We want to free the internet from mass surveillance and a VPN alone is not enough to achieve privacy. From our perspective there has been a gap in the market for those who want to run a privacy-focused browser as good as the Tor Project’s but with a VPN instead of the Tor Network.”</p>
<p style="text-align:left"> </p>
<p style="text-align:left">The Mullvad Browser is developed by the Tor Project’s engineers to minimize tracking and fingerprinting. The Mullvad Browser is – just like the Tor Browser – designed with the purpose and ambition for all its users to appear as one.</p>
<p style="text-align:left">“The Tor Project is the best in the field of privacy-focused browsers. That’s why we reached out to them. We also share their values of human rights and online privacy. The Mullvad Browser is all about providing more privacy alternatives to reach as many people as possible and make life harder for those who collect data from you.”</p>
<p style="text-align:left"> </p>
<p style="text-align:left">The Tor Project hardly needs any further introduction. They are a nonprofit that advances human rights and defends online privacy by creating and deploying free, open source anonymity and privacy technologies such as the <u><a href="https://www.torproject.org/download/" style="color:#0000ff; text-decoration:underline">Tor Browser</a></u>, <u><a href="https://community.torproject.org/onion-services/overview/" style="color:#0000ff; text-decoration:underline">Onion Services</a></u> and <u><a href="https://snowflake.torproject.org/" style="color:#0000ff; text-decoration:underline">Snowflake</a></u>.</p>
<p style="text-align:left">“Developing this browser with Mullvad is about providing people with more privacy options for everyday browsing and to challenge the current business model of exploiting people’s behavioral data. It demonstrates that you can develop free technology with mass-appeal and privacy in mind,” says Isabela Fernandes, Executive Director, The Tor Project. “When we collaborate, we want to drive change and raise people’s awareness that digital rights are human rights. We hope to inspire others to think of privacy as a ‘feature’ at the core of tech innovation, a building block designed to enhance user experience."</p>
<p style="text-align:left"> </p>
<p style="text-align:left">The Mullvad browser is free of charge, open source, and can be used without Mullvad VPN (although the combination is recommended). It is supported across platforms (Windows, MacOS, Linux) and available for download at <u><a href="http://mullvad.net/download" style="color:#0000ff; text-decoration:underline">mullvad.net/download</a></u></p>THE EUROPEAN COMMISSION DOES NOT UNDERSTAND WHAT IS WRITTEN IN ITS OWN CHAT CONTROL BILL2023-03-28T16:08:05.879629+00:00https://www.mullvad.net/fr/blog/2023/3/28/the-european-commission-does-not-understand-what-is-written-in-its-own-chat-control-bill/<p style="text-align:left">Ylva Johansson is the EU Commissioner in charge of the <u><a href="http://mullvad.net/chatcontrol" style="color:#0563c1; text-decoration:underline">Chat Control Bill</a></u>. In recent days she has taken part in several interviews in Swedish media and also spoken in front of EU parliament members.</p>
<p style="text-align:left">It’s obvious during the interviews that Ylva Johansson does not understand her own bill and what consequences it would have. She constantly repeats misleading and incorrect arguments. Above all, she continues to claim that it’s possible to scan end-to-end encrypted communication without breaking the encryption. It’s remarkable that the responsible EU Commissioner gets away with this, without tremendous criticism from media and members of the EU Parliament (we know, there are some speaking up, but it’s not enough).</p>
<p style="text-align:left">Here are some of her statements during the last week and our comments.</p>
<p style="text-align:left"> </p>
<p style="text-align:left"><strong>PODCAST INTERVIEW IN THE SWEDISH NEWSPAPER SVENSKA DAGBLADET: "SIGNAL IS ALREADY SCANNING ITS USERS' ENCRYPTED COMMUNICATION"</strong></p>
<p style="text-align:left">In a <u><a href="https://www.svd.se/a/wAVRkM/eu-s-chat-control-massovervakning-eller-trygghetsatgard" style="color:#0563c1; text-decoration:underline">podcast interview</a></u> in the Swedish newspaper Svenska Dagbladet, Ylva Johansson claimed, among other things, that scanning for child abuse content in encrypted communication is equivalent to scanning for viruses and that encrypted communication can be scanned without breaking the encryption. She also said that “if you’re on Signal, and you want to send me a link to an interesting Svenska Dagbladet article … when you start typing the address of the article, a picture of the article pops up and that’s because they’re scanning the conversation”.</p>
<p style="text-align:left">Apart from those highlights, here’s a summary of things she said during the interview (in bold) with our comments below.</p>
<p style="text-align:left">“<strong>Next summer, all the scanning taking place right now of child sex will be banned within the EU. That is, if we don’t have special legislation that allows it.”</strong></p>
<p style="text-align:left">· What Ylva Johansson is talking about is the current legislation (which makes it voluntary for internet services to carry out these types of searches). There’s nothing stopping Ylva Johansson, instead of introducing an extension of the law, from extending the current legislation.</p>
<p style="text-align:left">“<strong>This is the special legislation that I proposed last year, which will make it possible to continue the scanning currently being done, except that I’m placing restrictions on what you can and may scan. Today they can scan almost anything anyway, if they’re looking for child sex material; in my Bill it will only be following a court order that permission can be obtained to scan and continue to scan for child sex material, so that we will continue to get the reports that facilitate the apprehension of perpetrators and that allow us to protect and save the children.”</strong></p>
<p style="text-align:left">· It’s very impudent to say “limiting what can be scanned” when the bill will force all services to scan all people’s communications.</p>
<p style="text-align:left">When asked to explain that the new proposal is actually mandatory instead of voluntary, as it is today, Ylva Johansson replies:</p>
<p style="text-align:left">“<strong>If it is judged in a court that the situation is so serious, that the risk is so great that criminal material will be shared here, about little children who are being exposed to violence – if you can scan, then you also have an obligation to do so – that’s a new element I’ve introduced. I don’t want to be dependent on the companies’ goodwill. Today, there are many people who are scanning, but I'm also aware of the fact that they are also being subjected to a variety of pressures saying they should not be scanning the communication and I want to ensure that if a court judges that this is so serious that the communication should be scanned and then that also should be obligatory.”</strong></p>
<p style="text-align:left">· The bill states that the law will apply to services that are likely to be used by children, or can be used to search for other users, or allow users to be contacted directly, or allow images to be shared with others. In other words: all digital services.</p>
<p style="text-align:left">· There’s no mention of courts having to make decisions in the bill. When asked to elaborate, Ylva Johansson backs off:</p>
<p style="text-align:left">“<strong>It doesn't explicitly say “court”. But that’s what it will look like in the vast majority of countries, because that’s where most countries make this type of decision.”</strong></p>
<p style="text-align:left">· This means that Ylva Johansson improperly has used the court argument during the entire legislative period. In addition to that: in this type of discussion, "surveillance after a court order" refers to the fact that there must be a suspicion of a crime in order to monitor. This is not the case in Ylva Johansson’s chat control proposal. In her Bill surveillance orders refer to the surveillance of everyone on a particular messaging service after an authority (doesn't have to be a court) in a country decides to do so (mass surveillance).</p>
<p style="text-align:left">“<strong>It's about sniffing, checking out you could say. It's not as if you read the communication; I mean, it’s like a police dog being able to smell if there’s something there.</strong></p>
<p style="text-align:left">· It’s not possible to “sniff” end-to-end encrypted communication without looking at the encrypted communication.</p>
<p style="text-align:left">“<strong>This scanning has been going on for around ten years and there are incredibly few cases where someone has been falsely reported when contacting their guardian or anyone else.”</strong></p>
<p style="text-align:left">· This type of detection has not been going on for ten years. 1) End-to-end encrypted traffic has not been scanned, 2) a widespread system for AI to assess whether images and videos are criminal or whether conversations are grooming or not, has not existed.</p>
<p style="text-align:left">“<strong>I’m introducing an additional control measure where persons were to share child sex material, and it’s very sharply defined. We need to remember, it’s not nude pictures we’re talking about – we’re talking about sexual abuse of children, and there’s basically no such misreporting today; or perhaps only to a very small degree. So, there’s nothing new in what I am proposing; I’m only proposing that it should be allowed to continue.”</strong></p>
<p style="text-align:left">· Does Ylva Johansson believe that naked pictures of children cannot be a crime? It sounds like she’s not familiar with the legislation as far as what qualifies being a crime and what doesn’t.</p>
<p style="text-align:left">· Swiss police have measured the error rate. It’s around 80-90%. This mainly concerns ‘already known material’. It’s a dizzying thought what the margin of error will be if AI is to judge what’s what.</p>
<p style="text-align:left">· Again, Ylva Johansson says that she’s “just suggesting that it should be allowed to continue”, despite confirming earlier in the interview that new measures will be introduced.</p>
<p style="text-align:left">“<strong>If we take for example a company like Roblox, which caters a lot to children, they promise their users that they scan so as to prevent grooming in their chats. They will no longer be able to promise their users that, if we ban all forms of scanning when it has to do with this type of abuse.”</strong></p>
<p style="text-align:left">· Once again, the same lie. It’s possible to extend existing legislation instead of expanding it.</p>
<p style="text-align:left">“<strong>Sexual abuse of children is clearly defined in our EU legislation; it is not that you can have your own interpretation of what constitutes sexual abuse of children. Rather, it’s clearly defined, so it can’t be used to search for something else that you dislike, but that definition is crystal clear.”</strong></p>
<p style="text-align:left">· AI finds it – to say the least – quite difficult to “clearly define” between a holiday picture on the beach and a nude picture intended for criminal purposes.</p>
<p style="text-align:left">· The technology can be redirected to be used to search for other things. Even before the bill came into force, one MEP suggested that drag queens should be targeted “as they’re often involved in the sexual exploitation of children”.</p>
<p style="text-align:left">· Another point of view: what will the EU look like in ten to twenty years? Ylva Johansson doesn't know that. No-one knows. If you put a tool like this in the hands of people in power, tomorrow's people in power can use it for something else – and then it's too late to back out. Worth pointing out: Already today, the governments of five countries in the EU have been accused of spying on political opponents. Already today there are countries in the EU that are not classified as democratic.</p>
<p style="text-align:left">“<strong>That risk will still exist (risk of false flagged material) it would be minimal I should say, but nonetheless, it will be there. And that's why I've included a special security measure so that no reports go directly to the police, rather they’ll go first to the center we're going to create against sexual abuse of children, and that’s like putting in a filter to preclude other material, which is not abuse, such as the example you’ve just cited, unusual though it was, from cropping up. But if it should happen, I’ve put in such a filter, you could say, so that it does not go to the police.”</strong></p>
<p style="text-align:left">· Again: During investigations, 80-90% of mainly “existing material” has been found to be incorrect flagging.</p>
<p style="text-align:left">· Why would you feel more comfortable with a large EU center reviewing private communications than the police? Such an organization would be a colossus and completely impossible to operate in a safe manner. If organizations can read private communications, sooner or later it will be leaked. This is why data gathering is dangerous. This is why it is incredibly important that end-to-end encryption won’t be forbidden by law.</p>
<p style="text-align:left">“<strong>My Bill is not about encryption, it’s not even mentioned. The Bill includes nothing to do with encryption ... my Bill is technology neutral. This is not a Bill intended to break or weaken encryption. That’s the important thing; it doesn't specify any particular technology. Neither do we not exclude any specific technology in the Bill.”</strong></p>
<p style="text-align:left">· Ylva Johansson says that “it’s not about encryption” and in the next breath she says that “encryption isn’t excluded”. No more counter-arguments.</p>
<p style="text-align:left">“<strong>It is not true that everyone will be obliged to do detection work. What all the companies will be obliged to do is to carry out a risk assessment, if there exists any risk that their services will be used to spread sexual abuse of children.”</strong></p>
<p style="text-align:left">· Again: The bill states that the law will apply to services that are likely to be used by children, or can be used to search for other users, or allow users to be contacted directly, or allow images to be shared with others. In other words: all digital services.</p>
<p style="text-align:left">Let's finish with a part from the interview, where the journalist Andreas Ericson from the Svenska Dagbladet presses Ylva Johansson about encrypted communication. It becomes extra obvious that Ylva Johansson has no idea how the technology works.</p>
<p style="text-align:left"><strong>[Andreas Ericson] Can I just ask you one thing Ylva. If that happens, under this Bill, would you and I be able to have contact in the future, if, for example, you feel that you want to blow the whistle on the European Commission and contact Svenska Dagbladet under source protection regulations? And, would we also be able to have encrypted contact that the authorities are unable to read, with this Bill?</strong></p>
<p style="text-align:left"><strong>[Ylva Johansson] </strong>Yes, that goes without saying.</p>
<p style="text-align:left"><strong>[Andreas Ericson] But if that’s the case, won’t all pedophiles use the same encrypted contacts? And then what’s been gained?</strong></p>
<p style="text-align:left"><strong>[Ylva Johansson] </strong>No, but the thing is – the only thing that, the thing that ... sexual abuse of children, pictures of such, is always criminal.</p>
<p style="text-align:left"><strong>[Andreas Ericson] But if you and I will be able to encrypt our communications, then surely pedophiles will be able to encrypt theirs too?</strong></p>
<p style="text-align:left"><strong>[Ylva Johansson] </strong>If that material is shared, it may be that it is detected, that material.</p>
<p style="text-align:left"><strong>Andreas Ericson] But then, isn't it encrypted?</strong></p>
<p style="text-align:left"><strong>[Ylva Johansson] </strong>But it's not as if you are able to read someone's communication. And there are techniques to detect without breaking the encryption. I think it's very important that we defend the possibility and the right to encrypted communication, but that does not mean that we should say that as long as we use encrypted communication, we will not take steps to apprehend child sexual abuse.</p>
<p style="text-align:left"><strong>[Andreas Ericson] I'm a technology idiot, Ylva. This is how I understand it: if you send me pictures in encrypted documents, the authorities will not be able to read them. But if pedophiles send abuse images to each other, the authorities will be able to read them because there are technological solutions for that. That’s how I understand it; have I understood you correctly?</strong></p>
<p style="text-align:left"><strong>[Ylva Johansson] </strong>No, you haven’t. You can make a comparison. Because encrypted communication today is scanned by the companies. They scan all communications for viruses. So, if you’re on Signal, and you want to send me a link to an interesting Svenska Dagbladet article, when you start typing the address of the article, a picture of the article pops up, because they’re scanning it. And that’s to make sure you aren’t sending me any viruses.</p>
<p style="text-align:left"><strong>[Andreas Ericson] Okay, you can see the image but isn't it encrypted? Karl Emil (opponent in the debate), would you like to come in here?</strong></p>
<p style="text-align:left"><strong>[Karl Emil Nikka] </strong>That's not even how Signal works. The way Signal works is that if you get a preview, it's because your Signal client, from your device, is taking a picture of the website and including it in the message that's being sent. Signal has no access to this information ...</p>
<p style="text-align:left"><strong>[Ylva Johansson] </strong>But that's not what I’m saying.</p>
<p style="text-align:left"><strong>[Karl Emil Nikka]</strong> You said that Signal works the way you said, which it doesn't.</p>
<p style="text-align:left"> </p>
<p style="text-align:left"><strong>INTERVIEW IN THE SWEDISH RADIO: ”IT’S LIKE SCANNING FOR VIRUS”</strong></p>
<p style="text-align:left">In an <u><a href="https://sverigesradio.se/avsnitt/2131900" style="color:#0563c1; text-decoration:underline">interview with the Swedish Radio</a></u>, Ylva Johansson continues to repeat the same misleading arguments. Meanwhile, she refuses to answer how she will ensure that future governments and EU parliaments won’t abuse the system and how the EU center will guarantee that private conversations are not leaked (this question Ylva refuses to answer three times a row). Here’s a few of examples of her repeated argument:</p>
<p style="text-align:left"><strong>"If we protect our mobile phones (against viruses) better than we protect children against very serious sexual abuse …” </strong></p>
<p style="text-align:left">· Once again, Ylva Johansson goes on comparing scanning of communication with scanning of viruses. It’s not possible to do that comparison. Virus scanning never occurs on encrypted content.</p>
<p style="text-align:left"><strong>"A police dog can sniff physical mails to see if they contain drugs, and if they contain drugs the police can intervene.</strong><strong> </strong><strong>It’s an invasion of privacy that we think is reasonable.” </strong></p>
<p style="text-align:left">· Alright, let’s take the Ylva Johansson’s sniffing dog comparison. Ylva Johansson’s chat control law is like having a police dog beside you wherever you go. 24 hours a day. Out in the street. At work. At home. In your bedroom. On the toilet. It’s not like going to the airport, say hi to the sniffing dog and then go to the bar (without the dog). There’s also a difference between the drug sniffing police dogs and this chat control dog – because this dog has poor sense of smell. So, the dog will bark eight times out of ten when you text your partner something dirty. And every time it barks, a bureaucrat from the new EU center will come to your home to check everything you wrote to your partner and all the (legal) nude pictures you have on your phone.</p>
<p style="text-align:left">This won’t happen when you are at home. This will happen without you even know about it. Because the EU center employee has your house key you know. It’s one of the 450 million keys that hang in Europe's largest key cabinet. And this is where it comes down to Ylva Johansson's guarantees: she must guarantee that the EU employee will never enter again for any other reason (you know, he has the ability to go into you house to look for whatever he wants whenever he wants), that no criminal will accidentally come across the house key, that it will never be copied, that it will never get lost in a major key theft (hello data leaks!), that the EU employee does not drop it on the street or sell it for a million euro or that someone otherwise threatens to leak nude photos of the EU employee (of course everyone's communications must be intercepted and therefore there will be some nude photos circulating after a day or two, so to speak), that it is never used for anything else by any middle manager with his boss pressuring him, or that the EU center never gets new bosses who think that it’s a good idea to take a look at other stuff more often for new reasons.</p>
<p style="text-align:left">And when you start to get the feeling that "damn it feels like they're in my house messing around in my living room a little bit from time to time" and it doesn't feel good, then you have to cross your fingers that someone wants to blow the whistle from the EU center and that person can do it without the police dog with a bad sense of smell starting to bark.</p>
<p style="text-align:left">Above all, you can only hope that the situation has not gone so far that undemocratic countries have gained influence and that abortions and homosexuality are being searched for. But now we're just speculating. We mean, the democracies of the free world would never begin to compromise on human rights, right?</p>
<p style="text-align:left"> </p>
<p style="text-align:left"><strong>PRESS CONFERENCE: ”WE HAVE STARTED TO DISCUSS TO USE CHAT CONTROL FOR DRUG DEALS AS WELL”</strong></p>
<p style="text-align:left">At a press conference that <u><a href="https://www.dn.se/varlden/presstraff-om-eus-kamp-mot-organiserad-brottslighet/" style="color:#0563c1; text-decoration:underline">Dagens Nyheter was broadcasting</a></u> Ylva Johansson talked about the chat control proposal as well as the drug problems within EU. Ylva Johansson told the press “they use snapchat for the actual deal” and then talked about using chat control to combat drug dealing. It’s not a wild guess that Ylva Johansson and the EU Commission want to extend the usage of the chat control system. The only question is, where will it end?</p>
<p style="text-align:left">“<strong>I have raised this in the EU internet forum. It was first established together with the big internet companies to fight terrorist content online. Now we are also broadening it to child sexual abuse and to prevent the abuse. But we also started to discuss this drug selling online. It’s true that we have a real challenge here, because it’s not allowed to look into what’s really happening in these conversations, when it’s private conversations, when they are selling the drugs, so that’s a part of the very strong privacy that we have here, but there are some areas where can look into it. But in my view, we have to do more here. I think that we are so often lagging behind and the criminals are going more and more online and online the law enforcements are more with their hands tied back than in the offline world. That’s an imbalance that needs to be addressed It’s not easy to address it. But it’s an area that we cannot leave without new actions that I think is necessary.”</strong></p>
<p style="text-align:left">· The slippery slope is already happening. What’s next Ylva Johansson? An EU parliament member has already proposed to include drag queens in the AI filter.</p>
<p style="text-align:left"> </p>
<p style="text-align:left"><strong>MEETING OF THE JOINT PARLIAMENTARY SCRUTINY GROUP ON EUROPOL – JPSG EUROPOL</strong></p>
<p style="text-align:left">At a <a href="https://www.riksdagen.se/sv/webb-tv/video/session/meeting-of-the-joint-parliamentary-scrutiny-group_HAC220230327ss1en" style="color:#0563c1; text-decoration:underline"><u>meeting with </u><u>the joint parliamentary scrutiny group on Europol</u></a> Ylva Johansson got a comment from Barry Ward saying:</p>
<p style="text-align:left">“You made a comparison between a sniffer dog and the controls that you could put in place to monitor communications and information. My concern is that it’s not quite the same, because a sniffer dog doesn’t have the capacity to understand what what’s inside a package, whereas an algorithm and other search mechanism can do that.”</p>
<p style="text-align:left">And this was Ylva Johansson’s answer:</p>
<p style="text-align:left">“<strong>Theoretically there could be a situation where a court says ‘yes we should scan here’ but there’s no reliable technology available that will not be compliant with the privacy standards we think need to be met, and then it’s not possible to do it. That’s why my proposal is technology neutral.” </strong></p>
<p style="text-align:left">Ylva Johansson also talked about the widespread usage of encrypted communication today:</p>
<p style="text-align:left">“<strong>Only a few years ago encrypted communication was only for governments or law enforcements, banks, things like that. Now encryption is everywhere. And I think that encrypted communication is going to be the normal. So that’s why it’s important that encrypted communication is not out of the scope when we say that we are going to protect children from child sexual abuse, but of course the technology to be used – for example I have set up a special group to develop together with fundamental rights agencies, together with researchers, with companies, different kinds of technologies that is possible to use, also in encrypted environment, and companies are also using these kind of technologies when they are scanning for malware for example in encrypted communication without breaking the encryption. So, there are possibilities but the answer is also: if no technology existing that is acceptable in the way of use, then of course, then you cannot have the detection order. So, this always have to be taken into count for a decision.</strong></p>
<p style="text-align:left">It’s not easy to follow Ylva Johansson on this. After a long day with a lot of interviews she is all of the sudden talking about situations where the scanning won’t be possible.</p>
<p style="text-align:left">We think it’s about time to have Ylva Johansson to clarify:</p>
<p style="text-align:left">· Will you force message apps like Signal to break their encryption, install back doors or scan on the client side? Yes or no? Try to answer without forcing us to write another ten pages with your misleading information and non-answers.</p>Mullvad becomes highest level of Tor Member (Shallot)2023-03-03T07:01:04.734034+00:00https://www.mullvad.net/fr/blog/2023/3/3/mullvad-becomes-highest-level-of-tor-member-shallot/<p>Mullvad has been a Tor Project Vidalia Onion Member since 2021 and has now become a Shallot Onion Member of Tor.</p>
<p>Contributing to communities and organisations that really strive to improve privacy and integrity online is important for Mullvad. Unfortunately, there are very few. Those that understand privacy, actively work to improve anti-fingerprinting and to protect users against more advanced attacks - are even fewer.</p>
<p>We believe that the Tor Project is one such organisation. We share their values when it comes to human rights, freedom of expression, anti-censorship and online privacy.</p>
<p>We want to encourage others who believe in the Tor Projects mission, and we have now decided to upgrade to become a Shallot onion in the <a href="https://www.torproject.org/about/membership/">Tor Project’s Membership Program.</a></p>Profiles to configure our encrypted DNS on Apple devices2023-02-28T08:17:18.361789+00:00https://www.mullvad.net/fr/blog/2023/2/28/profiles-to-configure-our-encrypted-dns-on-apple-devices/<p>For users of Apple devices, we now have macOS, iPadOS and iOS configuration profiles that enable you to use our encrypted DNS service with fewer steps.</p>
<p>These configuration profiles can be found in our Github repository here: https://github.com/mullvad/encrypted-dns-profiles</p>
<p><strong>2023-07-07: The following is no longer valid, as we have more profiles available. Check the above repository for an updated list.</strong></p>
<p>We currently have four options:</p>
<ul>
<li><a href="https://raw.githubusercontent.com/mullvad/encrypted-dns-profiles/main/base/mullvad-encrypted-dns-tls-base.mobileconfig">TLS “base”</a>: This is just TLS based encrypted DNS</li>
<li><a href="https://raw.githubusercontent.com/mullvad/encrypted-dns-profiles/main/blocklists/mullvad-encrypted-dns-tls-adblock.mobileconfig">TLS “ad-blocking”</a>: This is TLS based encrypted DNS with basic ad-blocking</li>
<li><a href="https://raw.githubusercontent.com/mullvad/encrypted-dns-profiles/main/base/mullvad-encrypted-dns-https-base.mobileconfig">HTTPs “base”</a>: This is just HTTPs based encrypted DNS</li>
<li><a href="https://raw.githubusercontent.com/mullvad/encrypted-dns-profiles/main/blocklists/mullvad-encrypted-dns-https-adblock.mobileconfig">HTTPs “ad-blocking”</a>: This is HTTPs based encrypted DNS with basic ad-blocking</li>
</ul>
<p>Further information about our encrypted DNS service can be found here: https://mullvad.net/help/dns-over-https-and-dns-over-tls/</p>Security audit of account and payment services2023-02-17T09:19:47.059899+00:00https://www.mullvad.net/fr/blog/2023/2/17/security-audit-of-account-and-payment-services/<p>Assured AB were contracted to perform a security assessment of our account and payment services between 2022-11-07 and 2022-11-29.</p>
<p>Quoting the report:</p>
<blockquote>
<p>No critical, high or medium rated issues were identified during the penetration test and the overall security of the API is deemed good.</p>
</blockquote>
<p>Read the <a href="https://www.assured.se/publications/Assured_Mullvad_API_audit_report_2022.pdf">full audit report</a> on Assured’s website.</p>
<h2>Issues of note</h2>
<p>Most issues were patched while the report was being finished and were noted as such in the final version. A few issues require a larger redesign however but we consider them low risk enough that we decided to publish the report.</p>
<h3>3.1 (Low) Unencrypted network traffic to Redis</h3>
<p>As the description of the issue points out, the traffic is encrypted on the network layer but the auditors were right to point out that encryption on the application layer would be a good addition. We will follow their recommendation to add server TLS for connections to Redis.</p>
<h3>3.3 (Note) Secrets in docker-compose.yml and environment variables</h3>
<p>These services run on dedicated hardware with full disk encryption so we feel that these credentials are adequately protected. We are aware that this could be improved and have been working towards a better long-term solution based on storing credentials with a more suitable secrets management tool.</p>
<h3>4.3 (Low) IP blocking can be circumvented</h3>
<p>This is also something we are aware and know that there is room for improvement. We’re constantly monitoring all our API endpoints for signs of abuse and adjusting our rate-limit policies as needed. Certain public-facing endpoint tend to attract more abuse and therefore require stricter policies while more internal ones can be more relaxed for ease of use.</p>
<h3>4.4 (Low) Sensitive information in URL</h3>
<p>Most endpoints that reference accounts in this way are internal and have very strict logging policies to make sure nothing sensitive is persisted. We are moving away from this approach however and will follow the auditors’ recommendation to only send account numbers in POST requests.</p>
<h3>4.5 (Low) Admin password change does not enforce policy</h3>
<p>The policies we have are enforced but they are not strict enough to prevent Sommar2022!. This admin UI is limited to a small group of staff users who all use very strict password policies so it’s very unlikely that any weak passwords have been used. It’s also worth pointing out that this web interface is also protected by client certificate validation and bastion IP white lists. There is no reason not to actually enforce the stricter policies we already follow though so we have increased the minimum password length to 48 characters.</p>
<p>We wish to thank Assured AB for their thorough work and excellent collaboration throughout the audit.</p>Stop the proposal on mass surveillance of the EU2023-02-02T09:38:34.339712+00:00https://www.mullvad.net/fr/blog/2023/2/2/stop-the-proposal-on-mass-surveillance-of-the-eu/<p style="text-align:left"><strong>The European Commission is currently in the process of enacting a law called Chat control. If the law goes into effect, it will mean that all EU citizens' communications will be monitored and listened to.</strong></p>
<p style="text-align:left"><img alt="" src="/media/uploads/2023/02/23/chatcontrol-eng.jpg" /></p>
<p style="text-align:left"><strong>This text was originally published as a debate article in the Swedish newspaper Svenska Dagbladet and it calls on Swedish politicians to vote against the law proposal. In order for the law to </strong><strong>not </strong><strong>become reality, more countries need to vote against it. Therefore, we encourage journalists and citizens in all EU countries to question their governments and urge them to vote no.</strong></p>
<p style="text-align:left"><strong>Right now</strong>, the EU Commission is intensely working on a legislative proposal that would monitor and audit the communication of all European Union citizens. The regulation is called Chat Control, and it really does include all types of communication. This means that all of your phone calls, video calls, text messages, every single line that you write in all kinds of messaging apps (including encrypted services), your e-mails — yes, all of this — can be filtered out in real time and flagged for a more in-depth review. This also applies to images and videos saved in cloud services. Basically, everything you do with your smartphone. In other words, your personal life will be fully exposed to government scrutiny. So, why is it that almost no one is talking about this?</p>
<p style="text-align:left">These types of legislative proposals that fully affect and encroach on people's lives — the equivalent of which can only be found in totalitarian states like China — should be discussed on every other news broadcast, and column after column should be written about it in editorial pages. The EU Commissioner responsible for this proposal is Ylva Johansson. Why aren't journalists pursuing her? Why don't they demand answers from the government?</p>
<p style="text-align:left">When the so-called 'espionage law' was recently implemented, it required an amendment to the Constitution. Such a thing should not be done hastily. A constitutional amendment needs to be approved by two different parliaments in order for journalists to have enough time to raise the issue and give the people a chance to form an opinion and make their voices heard. But what happened to those discussions? At that time, the Swedish association of journalists woke up way too late. The fourth estate is one of our democratic cornerstones, and Chat Control might make its work more difficult in the long run. We hope that this time, journalists will wake up sooner with a terrible vengeance. But time is running out.</p>
<p style="text-align:left"><strong>The politicians proposing</strong> this legislation claim to be doing it for the sake of the children. The purpose of implementing Chat Control is to be able to detect child pornography and child grooming. But is the purported end the reason why we are not discussing the means? At least, that's the impression one gets from Ylva Johansson's rhetoric. When she speaks about this legislative proposal, she only talks about the children, not about the effect this totalitarian surveillance will have on society. She isn't talking about how it will affect people's basic rights or about other more adequate law enforcement measures. Ylva Johansson, why can't you debate the tools and their consequences instead of using the children as your protective shield?</p>
<p style="text-align:left"><a href="https://peertube.european-pirates.eu/w/rAp7Zifdi2qdDfXceBDZi8">At an EU conference in January</a>, Ylva Johansson said that a court order would be required to carry out surveillance operations. But this legislative proposal isn't designed that way. Either Ylva Johansson, as the EU commissioner in charge of this proposal, is painting a completely inaccurate picture for her EU colleagues, or she has no idea how her proposal is written. She has previously stated that it is possible to carry out this type of mass surveillance while still protecting people's privacy. However, that is just not the way technology works. Ylva Johansson, how can you make a legislative proposal that <a href="https://www.patrick-breyer.de/en/un-human-rights-commissioner-warns-against-chat-control/">the UN human rights commissioner</a> has torn to shreds, a proposal that counters the European Convention on Human Rights and the EU Charter of Fundamental Rights? And how can you be sure that such a system will never be used for any other type of surveillance?</p>
<p style="text-align:left"><strong>When the National Defense Radio Establishment (NDRE) law was implemented in 2008, </strong>the <a href="https://www.svd.se/a/f23bba52-9625-30c4-b692-cbf1e2768ad7">Director-General of NDRE, Ingvar Åkesson</a>, wrote that "there is this idea that the NDRE is going to listen to all Swedes' phone calls and read their e-mails and text messages. A disgusting thought. How can so many people believe that a democratically elected parliament would treat its people so badly?"</p>
<p style="text-align:left">However, 13 years later, in May 2021, <a href="https://www.advokatsamfundet.se/Nyhetsarkiv/2021/maj/europadomstolen-fra-lagen-strider-mot-europakonventionen/">Sweden was found by the European Court of Human Rights</a> to have violated personal privacy due to the NDRE law. The Swedish government was urged to immediately correct these problems of legal uncertainty. Instead, however, the parliament did the exact opposite: they voted to <a href="https://www.svt.se/nyheter/inrikes/utokning-av-fra-lagen-innan-brister-atgardats">extend</a><u> </u>the NDRE law in November 2021.</p>
<p style="text-align:left">This change in purpose that comes with mass surveillance is a huge problem and should at least be of interest to our journalists. Once a massive system for communication surveillance is put in place, it will be very easy to switch the filter at any given time. It can be switched before you say the word 'constitution'. Journalists who, for example, want to maintain the anonymity of their sources should be very concerned about this.</p>
<p style="text-align:left">Let's be very clear here. Simply implementing this legislation in its current state will be a violation of all EU citizens' privacy. These types of AI systems are not very precise and will thus wrongly select family vacation photos from the beach, video calls with online doctors, intimate text messages between partners, and conversations from dating apps. On the one hand, there is a risk of flooding the police with the task of going through all the material, which will steal resources that could be used to chase those who create this type of material. On the other hand, there is the obvious risk that people's most intimate but completely legal images will end up in the wrong hands.</p>
<p style="text-align:left"><strong>However, the biggest problem</strong> isn't the direct consequences; it's what's waiting around the corner. We will start self-censoring ourselves. In the first place, this will concern material that we believe might get caught in this filter. When there is a change in what is mass-monitored, when we can only guess who is monitoring our communications and with what agenda, we will change our behavior based on that. That is how the democratic functions of a society are worn down. If we install these types of back doors, that is the point at which our freedom will slowly slip away. If we don't want to try to close them in a raging storm, we better not open these doors at all.</p>
<p style="text-align:left"><img alt="" src="/media/uploads/2023/02/02/letters_b.png" /></p>
<p style="text-align:left">Sweden is currently serving as chairman of the EU's Council of Ministers, and, in the end, both Sweden's EU parliamentarians and Sweden in the Council of Ministers will vote on the issue. We will send letters to the politicians involved and ask them to vote against this law. And if someone else opens and reads these letters somewhere along the way, that person would violate postal secrecy, which is regulated in Sweden's constitution. This person could then be sentenced to up to two years in prison, a slightly different view of privacy than the one expressed in the Chat Control proposal.</p>
<p style="text-align:left">Mullvad VPN</p>
<p style="text-align:left"><strong>--- Swedish original text ---</strong></p>
<p style="text-align:left"><strong>Stoppa förslaget om massövervakning i EU</strong></p>
<p style="text-align:left"><strong>EU-kommissionen vill införa en digital övervakning vars motsvarighet bara går att hitta i totalitära stater som Kina. Varför pratar nästan ingen om detta?</strong></p>
<p style="text-align:left">Just nu arbetar EU-kommissionen intensivt på ett lagförslag som innebär att alla medborgare i EU ska få sin kommunikation övervakad och granskad. Lagen kallas för Chat control och den innefattar verkligen all kommunikation: alla dina telefonsamtal, varje gång du ringer i videoläge, alla dina sms, varenda rad du skriver i olika meddelande­appar (även krypterade tjänster), dina mejl, rubbet – allt kommer att kunna filtreras i realtid och potentiellt fastna för djupare genomgång. Det här gäller även bilder och filmer som du sparar i molntjänster, alltså i princip allt du gör med din smart­phone. Med andra ord: ditt privatliv står helt naket inför statlig beskådning. Varför pratar nästan ingen om detta?</p>
<p style="text-align:left">Den här typen av lagförslag, som påverkar och inkräktar i människors liv på ett totalt sätt – vars motsvarighet bara går att hitta i totalitära stater som Kina – borde vara föremål för debatt i var och varannan nyhets­sändning, det borde skrivas spalt­meter efter spalt­meter på ledarsidorna. Ylva Johansson är ansvarig EU-kommissionär för förslaget. Varför ställer inte journalisterna henne mot väggen? Varför krävs inte regering och riksdag på ställnings­taganden?</p>
<p style="text-align:left">När den så kallade spionlagen nyligen infördes krävde den en ändring i grundlagen. Det är inget som ska göras lättvindigt, grundlagar ska klubbas igenom av två olika riksdagar för att journalister ska hinna lyfta frågan och folket få en chans att bilda sig en uppfattning och göra sin röst hörd. Men var fanns diskussionerna? Den gången vaknade Sveriges samlade journalistkår alldeles för sent. Den tredje stats­makten är en av våra demokratiska grundstenar och Chat control riskerar i förlängningen att försvåra dess arbete. Vi hoppas att journalisterna vaknar tidigare den här gången och tar gruvlig revansch – men tiden börjar rinna ut.</p>
<p style="text-align:left">Politikerna som föreslår den här lagen hävdar att de gör det för barnens skull. Chat control ska införas för att upptäcka barn­pornografi och grooming (vuxna som tar kontakt med barn i sexuellt syfte). Är det påstådda ändamålet anledningen till att vi inte diskuterar medlen? Åtminstone ser Ylva Johanssons retorik ut så. När hon pratar om det här lagförslaget pratar hon bara om barnen. Inte om effekten som totalitär övervakning har på samhället. Inte om hur det påverkar människors grund­läggande rättigheter. Inte om andra mer ändamåls­enliga brotts­bekämpande åtgärder. Ylva Johansson, varför kan du inte debattera verktygen och konsekvenserna av dem, i stället för att knuffa barnen framför dig?</p>
<p style="text-align:left"><u><a href="https://peertube.european-pirates.eu/w/rAp7Zifdi2qdDfXceBDZi8" style="color:#0000ff; text-decoration:underline" target="_blank">På en EU-konferens i januari </a></u>sa Ylva Johansson att det kommer att krävas domstols­beslut för övervakning. Men lagförslaget är inte utformat så. Antingen sprider Ylva Johansson, som ansvarig EU-kommissionär, en totalt felaktig bild till sina EU-kollegor, eller så har hon inte koll på hur hennes förslag är skrivet. Tidigare har hon också sagt att det går att bedriva den här typen av massövervakning och ändå värna om människors integritet. Men det är inte så tekniken fungerar. Ylva Johansson, hur kan du lägga fram ett lagförslag som <u><a href="https://www.patrick-breyer.de/en/un-human-rights-commissioner-warns-against-chat-control/" style="color:#0000ff; text-decoration:underline" target="_blank">FN:s människorätts­kommissionär</a></u> sågar och som går emot Europa­konventionen och EU:s rättighets­stadga? Och vad talar för att ett sådant här system aldrig kommer att användas till någon annan typ av övervakning?</p>
<p style="text-align:left">När FRA-lagen infördes 2008 skrev <u><a href="https://www.svd.se/a/f23bba52-9625-30c4-b692-cbf1e2768ad7" style="color:#0000ff; text-decoration:underline">FRA-general­direktören Ingvar Åkesson</a></u> att ”det odlas en uppfattning om att FRA skall lyssna på alla svenskars telefon­samtal, läsa deras e-post och sms. En vidrig tanke. Hur kan så många tro att en demokratisk vald riksdag skulle vilja sitt folk så illa?”</p>
<p style="text-align:left">13 år senare, i maj 2021, <u><a href="https://www.advokatsamfundet.se/Nyhetsarkiv/2021/maj/europadomstolen-fra-lagen-strider-mot-europakonventionen/" style="color:#0000ff; text-decoration:underline" target="_blank">dömdes Sverige i Europa­domstolen</a></u> för att FRA-lagen kränker den personliga integriteten. Den svenska regeringen uppmanades att omedelbart åtgärda rättssäkerhets­brister. Men i stället gick riksdagen i rakt motsatt riktning när man i november 2021 i stället röstade igenom <u><a href="https://www.svt.se/nyheter/inrikes/utokning-av-fra-lagen-innan-brister-atgardats" style="color:#0000ff; text-decoration:underline" target="_blank">en utvidgning</a></u> av FRA-lagen.</p>
<p style="text-align:left">Den här ändamålsglidningen som sker med massövervakning är ett stort problem och borde intressera inte minst journalister. När man väl infört ett massivt system som ska övervaka vår kommunikation är det enkelt att när som helst byta ut filtret. Det går fortare än att säga grundlag. Journalister som värnar om sina anonyma källor borde till exempel vara oroliga.</p>
<p style="text-align:left">Låt oss vara tydliga med detta. Redan vid ett införande av lagen i befintligt skick innebär det en stor kränkning av alla EU-medborgares integritet. Den här typen av AI-system är mycket trubbiga och kommer att filtrera fram familjers semester­bilder från stranden, video­samtal med nätläkare, intima sms mellan partners och konversationer från dejting­appar. Det riskerar dels att dränka polisen i sorterings­arbete och ta resurser från att jaga dem som skapar den här typen av material, dels finns det en uppenbar risk att människors mest intima (helt lagliga) bilder hamnar i fel händer.</p>
<p style="text-align:left">Men det största problemet är inte de direkta konsekvenserna, utan vad som väntar i nästa vända. Vi kommer att börja själv­censurera oss själva. I första hand kommer det innefatta sådant som vi tror kan fastna i det här filtret. När glidningen i vad som massövervakas flyttas, när vi bara kan ana vem som övervakar vår kommunikation och med vilken agenda, då kommer vi att ändra vårt beteende utifrån det. Och så nöts ett samhälles demokratiska funktioner ner. Installerar vi den här typen av bakdörrar är det bakdörrar där friheten sakta sipprar ut. Om vi inte vill försöka stänga dem när det är full storm, då gör vi bäst i att aldrig öppna dem.</p>
<p style="text-align:left">Sverige är för stunden ordförande i EU:s ministerråd och till slut ska både Sveriges EU-parlamentariker och Sverige i ministerrådet rösta i frågan. Vi kommer att skicka brev till inblandade politiker och uppmana dem att rösta nej. Och om någon annan skulle öppna och läsa breven längs med vägen bryter den personen mot den posthemlighet som finns reglerad i Sveriges grundlag och påföljden kan bli upp till två års fängelse – en något annorlunda syn på integritet än den som kommer till uttryck i lagförslaget Chat control.</p>
<p style="text-align:left">Mullvad VPN</p>EU chat control law will ban open source operating systems2023-02-01T08:57:36.725959+00:00https://www.mullvad.net/fr/blog/2023/2/1/eu-chat-control-law-will-ban-open-source-operating-systems/<p><em><strong>Update</strong>: Open source OSes might be saved from being covered depending on the interpretation of <a href="https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32019R1150">EU regulation 2019/1150</a> 2.2.c. </em></p>
<p><em>To be considered an online intermediation service it requires a contractual relationship between the service and any businesses using it. The open source licenses regulating the distribution of the software are legal agreements between the copyright holders and the distributors. Even so, a liberal interpretation might consider that not to count based on the nature of the agreements</em><br />
<br />
The proposed Chat control EU law will not only seize totalitarian control of all private communication. It will also ban open source operating systems as an unintended consequence.</p>
<p>The EU is currently in the process of enacting the <a href="https://chatcontrol.eu/">chat control</a> law. It has been criticized for creating an EU-wide centralized mass surveillance and censorship system and enabling government eavesdropping on all private communication. But one little talked about consequence of the proposed law is that it makes practically all existing open source operating systems illegal, including all major Linux distributions. It would also effectively ban the F-Droid open source Android app archive.</p>
<p><strong>Article 6 of the <a href="https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM%3A2022%3A209%3AFIN&qid=1652451192472">law</a> requires all "software application stores" to:</strong></p>
<ul>
<li>Assess whether each service provided by each software application enables human-to-human communication</li>
<li>Verify whether each user is over or under the age of 17</li>
<li>Prevent users under 17 from installing such communication software</li>
</ul>
<p>Leaving aside how crazy the stated intentions are or the details of what software would be targeted, let's consider the implications for open source software systems.</p>
<p>A "software application store" is defined by Article 2[*] to mean "a type of online intermediation services, which is focused on software applications as the intermediated product or service".</p>
<p>This clearly covers the online software archives almost universally used by open source operating systems since the 1990s as their main method of application distribution and security updates. These archives are often created and maintained by small companies or volunteer associations. They are hosted by hundreds of organizations such as universities and internet service providers all over the world. One of the main ones, the volunteer run Debian package archive, currently contains over 170,000 software packages.</p>
<p>These software archive services are not constructed around a concept of an individual human user with an identity or an account. They are serving anonymous machines, such as a laptop, a server or an appliance. These machines then might or might not be used by individual human users to install applications, entirely outside the control of the archive services.</p>
<p>To even conceptually and theoretically be able to obey this law would require a total redesign of software installation and sourcing and security updates, major organizational restructuring and scrapping, centralizing and rebuilding the software distribution infrastructure.</p>
<p>This is of course only theoretical as the costs and practical issues would be insurmountable.</p>
<p>If and when this law goes into effect it would make illegal the open source software services underpinning the majority of services and infrastructure on the internet, an untold numbers of appliances and the computers used by software developers, among many other things. To comply with the law all of it would have to shut down, globally, as the servers providing software and security updates can't tell the difference between a web server, a Japanese software developer, a refrigerator and an EU teenager.</p>
<p>It may seem unbelievable that the authors of the law didn't think about this but it is not that surprising considering this is just one of the many gigantic consequences of this sloppily thought out and written law.</p>
<p><em>[*] To define a software application store the law makes a reference to the <a href="https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32022R1925">EU Digital Markets Act</a>, Article 2, point 12 which defines “virtual assistant”. What they actually mean is point 14, which does define “software application store”.</em></p>
<p> </p>Review of 20222022-12-30T13:43:47.830718+00:00https://www.mullvad.net/fr/blog/2022/12/30/review-of-2022/<p>We are counting downs the days until 2023 and are excited about the things that will happen next year.</p>
<p>But first, let’s take a look at the special year of 2022. Here is what we remember most fondly.</p>
<h3>Diskless Infrastructure</h3>
<p>We started the year by releasing diskless infrastructure on our servers. As we write this we now have over 500 servers ST booted. You can read more about <a href="https://mullvad.net/blog/2022/1/12/diskless-infrastructure-beta-system-transparency-stboot/">diskless infrastructure here</a>. You can view all the servers running from RAM without any disks in use on <a href="https://mullvad.net/servers/">our servers page</a>. There is a “Running from” filter to select RAM or disk servers.</p>
<h3>DNS block lists</h3>
<p>During March we added another layer of <a href="https://mullvad.net/blog/2022/3/16/adding-another-layer-malware-dns-blocking/">DNS blocking to our VPN servers, with Malware DNS blocking</a>.</p>
<p>At the start of July we expanded our DNS block lists once again, by adding <a href="https://mullvad.net/blog/2022/7/11/aiding-to-break-habits-gambling-and-adult-content-dns-blocking/">habit blocking lists, for gambling and adult content</a>. These are based on lists that are readily available and viewable via our Github page, and are updated on a monthly basis by and large.</p>
<h3>Started accepting Monero</h3>
<p>In May we <a href="https://mullvad.net/blog/2022/5/3/we-now-accept-monero/">implemented Monero as a new crypto payment option</a> which was requested by many of our users. As with our other cryptocurrencies, we run the wallet and node ourselves and do not rely on any third parties. We will continue to research and expand our support for cryptocurrencies.</p>
<h3>Device Management</h3>
<p>The <a href="https://mullvad.net/en/blog/2022/6/13/introducing-names-for-easier-device-management/">app now has</a> an easy-to-remember two word name as its device identifier. This solves both the dreaded “too many keys”-issue and it gives users a more friendly way of identifying their devices.</p>
<h3>Removed Subscriptions</h3>
<p>In order to store less data we <a href="https://mullvad.net/en/blog/2022/6/20/were-removing-the-option-to-create-new-subscriptions/">no longer accept NEW PayPal and Credit card subscriptions</a> (recurring payments). One-time payments are not affected.</p>
<h3>Post-Quantum safe tunnels</h3>
<p>In July, we released <a href="https://mullvad.net/blog/2022/7/11/experimental-post-quantum-safe-vpn-tunnels/">experimental support for quantum computer resistant VPN tunnel encryption</a> in our desktop apps on a few servers. Later during the year we <a href="https://mullvad.net/blog/2022/11/8/post-quantum-safe-vpn-tunnels-available-on-all-wireguard-servers/">expanded this support to all our WireGuard servers</a>. We will continue with this during 2023.</p>
<h3>VPN server security audit</h3>
<p>We released the final report of our <a href="https://mullvad.net/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/">VPN server security audit</a>, performed by Assured AB during June. During which Assured AB said <em>“…the configuration is sound and did not display signs of any direct customer information“.</em></p>
<h3>Authoritative DNS audit</h3>
<p>We are now running our own self-hosted authoritative DNS servers which we have spread around the world for redundancy, trust and performance. Read the <a href="https://www.assured.se/publications/Assured_Mullvad_DNS_server_audit_report_2022.pdf">full report here</a>.</p>
<h3>App security audit</h3>
<p>In October we performed and <a href="https://mullvad.net/blog/2022/10/21/security-audit-report-for-our-app-available/">released the results</a> of a quite extensive security audit of our VPN app for all five platforms it supports. Nothing critical or of high risk was found.</p>
<h3>Amazon</h3>
<p>We are now listed on Amazon in 10 countries. The design of the activation code removes the possibility for third parties to link a payment to a Mullvad account, for privacy. You can gift time and give it to a friend without knowing their account number. This works on new and existing accounts. <a href="https://mullvad.net/help/partnerships-and-resellers/">Find all our resellers here</a>.</p>
<h3>Support for the community</h3>
<p>Lastly, we could not do what we do without other people and organizations innovating in the fields that we rely on. That is why we sponsored Qubes OS, The Tor Project, WireGuard, <a href="https://securityfest.com/">Security Fest</a> and more.</p>
<p>Thank you for this year. Our fight against mass-surveillance and censorship will continue…</p>
<p>For the universal right to privacy,<br />
Mullvad VPN</p>Shutting down our unencrypted public DNS service2022-12-13T07:13:53.842035+00:00https://www.mullvad.net/fr/blog/2022/12/13/shutting-down-our-unencrypted-public-dns-service/<p>On the 16th January 2023 we will shut down our <strong>legacy</strong> public DNS service, currently reachable from this IP: 193.138.218.74</p>
<p>This service is being replaced by our <strong>encrypted</strong> DNS over TLS and DNS over HTTPS offering, which you can <a href="https://mullvad.net/help/dns-over-https-and-dns-over-tls/">learn more about here.</a></p>
<p>This is only impactful to you if you have hard-coded the IP: 193.138.218.74 into a service such as PiHole or another recursive DNS resolver service. We <strong>strongly</strong> recommend verifying whether there are changes or updates that can be applied if this is the case.</p>
<p>Our DNS over TLS and DNS over HTTPS services are available if you are running your own recursive DNS resolver.</p>
<p>This alteration <strong>might not even impact</strong> you as a user, since DNS is hijacked on our VPN servers. Unless you have specified a custom DNS server within our app or configuration file, you will have never touched this IP in recent years.</p>
<p>Our DNS over TLS and DNS over HTTPS services are available worldwide, for anyone, whether they are a customer of Mullvad VPN or not.</p>Ending support for cryptocurrency refunds2022-12-01T15:07:05.823350+00:00https://www.mullvad.net/fr/blog/2022/12/1/ending-support-for-cryptocurrency-refunds/<p>In order to keep less data on our users we will remove support for refunds and account recovery with all cryptocurrency payments, starting next year.</p>
<p>We take privacy very seriously at Mullvad VPN. It’s not uncommon that we find ourselves having to make trade-offs between privacy and usability. In such cases we generally opt for privacy but as we care a great deal about our users we sometimes try to find a compromise. These compromises never go unquestioned however, and we frequently re-evaluate such decisions. <a href="https://mullvad.net/en/blog/2022/6/20/were-removing-the-option-to-create-new-subscriptions/">Removing subscriptions earlier this year</a>, after supporting it for more than 10 years was an example of such a recalibration.</p>
<p>Two other areas where usability stands in direct opposition to privacy are refunds and recovering lost accounts. In order to support either of them we need to store enough information to be able to confirm a connection between a user and their Mullvad VPN account. This is something we’d like to avoid. We do however need to allow refunding payments and because of our unusual approach to account identifiers, lost accounts is one of the most common problems our users run into.</p>
<p>We do make some exceptions to this however. Cash payments are not refundable and when we <a href="https://mullvad.net/en/blog/2022/5/3/we-now-accept-monero/">launched support for the Monero cryptocurrency</a> we decided not to allow refunds or account recovery using the Monero payment history.</p>
<p>As a next step on this path toward better privacy we’ll be removing support for both refunds and account recovery for Bitcoin and Bitcoin Cash payments, meaning all cryptocurrencies will be treated equally. This will allow us to remove the connection between a Mullvad VPN account and the public blockchain transaction records much sooner after the payment is made. This change will take effect on 1st January, 2023. Our <a href="https://mullvad.net/en/help/terms-service/">terms of service</a> have been updated accordingly.</p>Post-quantum safe VPN tunnels available on all WireGuard servers2022-11-08T07:36:36.021518+00:00https://www.mullvad.net/fr/blog/2022/11/8/post-quantum-safe-vpn-tunnels-available-on-all-wireguard-servers/<p>The experimental quantum-resistant tunnel support we <a href="https://mullvad.net/blog/2022/7/11/experimental-post-quantum-safe-vpn-tunnels/">posted about in July</a> is now available on all our WireGuard servers! We also upgraded the protocol to allow even more secure key exchanges in the future.</p>
<p>Good news if you wanted to test out our quantum-resistant tunnel support, but none of the servers getting support for it in July suited your needs! The quantum-resistant key exchange protocol is now available on all our WireGuard servers.</p>
<h3>How to try it</h3>
<p><strong>Please keep in mind that this is still an experimental feature.</strong></p>
<p>We might need to change the protocol more times, so you may experience interruptions and should not consider this stable as of yet.</p>
<p>The feature is still only available on our desktop apps, and can only be enabled in the command line interface.</p>
<p>If you want to try it out, fire up your terminal/console and run the following command:</p>
<pre>
mullvad tunnel wireguard quantum-resistant-tunnel set on</pre>
<p>If you want to stop using this experimental feature, run the same command as above, but replace on with off. As follows:</p>
<pre class="is-warning notification">
mullvad tunnel wireguard quantum-resistant-tunnel set off</pre>
<p>To verify if it works you can check that the GUI now says “<em>QUANTUM SECURE CONNECTION</em>” in green.</p>
<p>The following CLI command should print:</p>
<pre>
mullvad status -v
Quantum resistant tunnel: yes</pre>
<p>We would love your feedback on this feature! If you experience any issues with it, please contact us at support@mullvad.net or on <a href="https://github.com/mullvad/mullvadvpn-app/issues/">Github</a>.</p>Update: OpenSSL critical security issue may cause interruptions2022-11-01T11:54:29.634841+00:00https://www.mullvad.net/fr/blog/2022/11/1/openssl-critical-security-issue-may-cause-interruptions/<p><strong>Update</strong>: Having reviewed the release notes for OpenSSL 3.0.7 we have determined it does not impact our infrastructure. We will continue to patch our servers routinely when it becomes available...</p>
<p>---<br />
<br />
OpenSSL developers have announced an incoming critical issue, with further information due to be released after 13:00 UTC on Tuesday 1st November 2022.</p>
<p>OpenSSL is used in various places across our infrastructure. We have prepared our remediation plan to mitigate any potential exploitation, but this may cause temporary interruptions to some of our services.</p>
<p>If you notice any downtime on our service please be aware that it will likely be related to the patching of this OpenSSL issue.</p>
<p>Our service will be restored to normal after our infrastructure has been patched.</p>
<p>This does not impact our app in any way.</p>
<p>For more information about the OpenSSL issue you can <a href="https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html">view the mailing list here</a></p>v2ray obfuscation supported on our Bridges2022-10-25T10:03:34.068545+00:00https://www.mullvad.net/fr/blog/2022/10/25/v2ray-obfuscation-supported-on-our-bridges/<p>Today we announce that we have added another obfuscation method, v2ray to some of our stbooted bridge servers.</p>
<p>Privacy is becoming more and more essential in situations where restrictive Internet connections and mass surveillance is spreading. In many of these situations it can be challenging to connect to our VPN service.</p>
<p>Our bridges are available for our customers to use for situations where connectivity is challenging.</p>
<p>Our v2ray deployment is accessible by using a plugin to ShadowSocks, which can be set as a custom bridge via our Mullvad app on Windows and Linux. You can find more <a href="https://mullvad.net/help/shadowsocks-with-v2ray/">information about how to get started here</a>. v2ray is a tool to help bypass restrictive networks, it is added as an option alongside ShadowSocks on our bridge servers.</p>
<p>In addition to adding v2ray to some of our bridges, we have also converted the same bridge servers to run from RAM without any disks in use, using our stboot boot loader. You can see all the bridge servers running from RAM on our servers page, by <a href="https://mullvad.net/servers">selecting the RAM checkbox</a>.</p>
<p>All bridge servers that run from RAM allow connections via v2ray. These bridge servers running from RAM are the only bridge servers that run v2ray.</p>
<p>Finally, we have <a href="https://mullvad.net/help/connecting-to-mullvad-vpn-from-restrictive-locations/">added a guide which collates some of the ways to connect</a> to our service when you are unable to access our website, download our app or establish a VPN connection. This could be considered a Hitchhikers Guide to Restrictive Connectivity.</p>
<p> </p>
<p> </p>Security audit report for our app available2022-10-21T07:34:27.318348+00:00https://www.mullvad.net/fr/blog/2022/10/21/security-audit-report-for-our-app-available/<p>A security assessment of the Mullvad VPN apps has concluded that the app is well-architected from a security perspective. Some issues were found, and they have been fixed to the extent possible.</p>
<p>At Mullvad we perform external security audits of our VPN apps every two years. We did this both in <a href="https://mullvad.net/blog/2018/9/24/read-results-security-audit-mullvad-app/">2018</a> and <a href="https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/">2020</a>. Two more years have passed and <a href="https://www.atredis.com/">Atredis Partners</a> have just performed a penetration test and source code audit of our app. The security assessment included all five supported platforms: Windows, Linux, macOS, Android and iOS.</p>
<p>Quoting the key conclusions of the report:</p>
<blockquote>
<p>Overall, Atredis Partners found the Mullvad VPN clients to be well-architected from a security perspective, with limited attack surface that could be reached by an external malicious party, and important protection mechanisms were in place to prevent most unintended traffic leaks. Atredis Partners detected a few edge cases where traffic could be accidentally leaked outside the VPN tunnel. These leaks were either patched quickly by the Mullvad team or were due to the operating system itself, in which case the Mullvad team updated documentation and submitted issues to the operating system vendor where appropriate.</p>
<p>As in any security assessment, some areas for improvement were noted, but overall Atredis Partners would rate the Mullvad VPN clients as sound from a security perspective.</p>
</blockquote>
<h2>Read the report</h2>
<p>The full final report is available <a href="https://www.atredis.com/s/Atredis-Partners-Mullvad-VPN-Platform-Security-Assessment-Report-v10.pdf">on Atredis' website</a> as well as in our <a href="https://github.com/mullvad/mullvadvpn-app/blob/8df7475bc989276c2841d0fa8c290700b6bb3d91/audits/2022-10-14-atredis.md">app's source code repository</a>.</p>
<p>An independent audit helps us to discover potential security vulnerabilities and fix them, all resulting in an even better service for our users. It also gives you the opportunity to judge whether or not we are technically competent enough to provide a service in which security is paramount.</p>
<h2>Upgrade the app</h2>
<p>The audit identified only two findings that were issues in the actual Mullvad app. The rest were limitations and flaws of the underlying operating system, and we could do nothing but document these flaws and put pressure on the operating system vendors to fix them.</p>
<p>The two issues that were fixed were part of the 2022.5 release of our desktop app. Please upgrade if you use something older, it does fix potential leaks during computer startup and shutdown. Android and iOS users do not need to upgrade due to this audit, but we always encourage users to use the latest version.</p>
<h2>Overview of findings</h2>
<p>This chapter will present Mullvad's response to all the security findings from the report. To read what the findings are about, see the report.</p>
<p>Out of the five findings, two are <em>medium</em> level, two are <em>low</em> level and one is <em>info</em> level. This means that the auditors did not find anything of high or critical severity.</p>
<h3>MUL22-01 (Low): Out-of-Bounds Read in win-split-tunnel (Windows)</h3>
<p>The access permissions on the device exposed by the <code>mullvad-split-tunnel</code> kernel driver requires the connecting process to have administrator privileges. It also only allows a single user space process to be connected to it at any point in time. So an attacker would need to both have administrator privileges and stop the <code>mullvad-daemon</code> service before they could connect to the driver and trigger the bug. Mullvad deems this both unlikely to happen and not in scope of what the app should try to protect against. If an attacker has administrator privileges already, they can do worse stuff than exploiting this bug.</p>
<p>This bug will likely not enable privilege escalation. The attacker already needs to be administrator, and we have no indication that an administrator could use this to gain further privileges.</p>
<p>Regardless of the low severity, the bug has been fixed in the kernel driver. <a href="https://github.com/mullvad/win-split-tunnel/pull/34">This PR</a>, fixes the bug, and the patched driver was included in app version <code>2022.5-beta1</code>.</p>
<h3>MUL22-02 (Medium): Leak of Traffic During System Shutdown</h3>
<p>A while before the audit started, Mullvad engineers discovered that there was a time window during boot on both Linux and macOS where traffic could leak, even if "Launch app on start-up" and "Auto-connect" was enabled. This was due to the fact that our system service (<code>mullvad-daemon</code>) was not set up so it must be started before the OS initializes the network. If the OS decided to start <code>mullvad-daemon</code> late in the boot process, other programs could communicate with the network without a VPN for a few seconds. This was reported as known issues to Atredis just before the start of the audit, and a fix was developed simultaneously. The bootup leak was <a href="https://github.com/mullvad/mullvadvpn-app/pull/3904">fixed on Linux</a> at the same time as the audit started.</p>
<p>Just a week after the bootup leak was fixed, Atredis reported <code>MUL22-02</code>, where they found a similar potential leak window during shutdown on Unix based platforms. Upon investigation, Mullvad concluded that the issue was present on Windows as well. The bug was mitigated on all three desktop operating systems in two different PRs. <a href="https://github.com/mullvad/mullvadvpn-app/pull/3940">#3940 for Linux and macOS</a> and <a href="https://github.com/mullvad/mullvadvpn-app/pull/3942">#3942 for Windows</a>. All fixes were included in app version <code>2022.5-beta1</code>, including the one for startup leaks on Linux.</p>
<p>The only issue in this area that we have not been able to fully mitigate is the potential leak during startup on macOS. That is because macOS does not allow a system service to specify dependencies or in which order they need to start. So there is no way known to us to force macOS to start <code>mullvad-daemon</code> before the network is configured. We have <a href="https://github.com/mullvad/mullvadvpn-app/pull/4061">updated our security documentation</a> to reflect this known issue, and we will work towards making it more transparent towards our users.</p>
<h3>MUL22-03 (Medium): Connectivity Checks Bypass VPN (Android)</h3>
<p>In general there is not much Mullvad can do to prevent this traffic leak from happening. We can only raise awareness of it and try to put pressure on Google to allow the user to disable the connectivity check. We have done the following in response to this finding:</p>
<ul>
<li><a href="https://mullvad.net/blog/2022/10/10/android-leaks-connectivity-check-traffic">Blog about the leak more in depth</a></li>
<li><a href="https://mullvad.net/help/configure-connectivity-checks-on-android">Created a guide allowing more technical users to disable the connectivity check</a></li>
<li><a href="https://issuetracker.google.com/issues/249990229">Reported that the Android documentation around Block connections without VPN is misleading</a></li>
<li><a href="https://issuetracker.google.com/issues/250529027">Requested a user facing setting for disabling the connectivity check</a></li>
<li><a href="https://github.com/mullvad/mullvadvpn-app/pull/3996">Updated our security documentation to mention this limitation</a></li>
</ul>
<h3>MUL22-04 (Low): Permissive Inbound Network Filtering (Android)</h3>
<p>As far as we can tell, there is nothing Mullvad or any other VPN app can do about this. Android will not block incoming connections. However, this is still regarded as a low severity issue. The device must actively expose some service to the network for there to be anything to connect to.</p>
<p>We have <a href="https://github.com/mullvad/mullvadvpn-app/pull/3966">updated our security documentation</a> to mention this limitation.</p>
<h3>MUL22-05 (Info): Siri Shortcuts Susceptible to Manipulation (iOS)</h3>
<p>The Siri shortcut integration is opt-in and not enabled by default. On top of that, Mullvad thinks that the attack is more of an attack on Siri's authentication than on our app. Siri is supposed to only listen to the owner's voice.</p>
<p>If this finding is a concern for any user, we recommend that user to disable the Siri integration in the Mullvad app</p>
<h2>Last words</h2>
<p>We wish to thank Atredis Partners for the smooth collaboration, good communication and great security assessment work!</p>Android leaks connectivity check traffic2022-10-10T13:45:33.232092+00:00https://www.mullvad.net/fr/blog/2022/10/10/android-leaks-connectivity-check-traffic/<p>An ongoing security audit of our app identified that Android leaks certain traffic, which VPN services cannot prevent. The audit report will go public soon. This post aims to dive into the finding, called <code>MUL22-03</code>.</p>
<p>We researched the reported leak, and concluded that Android sends connectivity checks outside the VPN tunnel. It does this every time the device connects to a WiFi network, even when the <em>Block connections without VPN</em> setting is enabled.</p>
<p>We understand why the Android system wants to send this traffic by default. If for instance there is a captive portal on the network, the connection will be unusable until the user has logged in to it. So most users will want the captive portal check to happen and allow them to display and use the portal. However, this can be a privacy concern for some users with certain threat models. As there seems to be no way<em>*</em> to stop Android from leaking this traffic, we have <a href="https://issuetracker.google.com/issues/250529027">reported it on the Android issue tracker</a>.</p>
<p>Even if you are fine with some traffic going outside the VPN tunnel, we think the name of the setting (“<em>Block connections without VPN</em>”) and Android’s documentation around it is misleading. The impression a user gets is that no traffic will leave the phone except through the VPN. Due to this, we have <a href="https://issuetracker.google.com/issues/249990229">reported another issue</a>, where we suggest improving the Android documentation.</p>
<p>*: There is no user facing setting to disable connectivity checks, but it can be done using development tools (adb). <a href="https://mullvad.net/help/configure-connectivity-checks-on-android/">We have published a guide</a> on how to do it. Please mind, there that it is quite technical, and involves connecting your device to a computer and installing software.</p>
<h2>Steps to reproduce</h2>
<ol>
<li>Ensure <em>Always-on VPN</em> and <em>Block connections without VPN</em> is enabled in system settings.</li>
<li>Disconnect from your WiFi.</li>
<li>Start monitoring network traffic from and to the Android device, e.g. by running <code>tcpdump</code> on your router.</li>
<li>Connect to your WiFi.</li>
<li>Observe that the traffic isn't limited to VPN traffic, but also consists of DNS lookups, HTTP(S) traffic and potentially also NTP traffic.</li>
</ol>
<p>As a comparison, the privacy and security focused Android based distribution GrapheneOS provides users with the option to disable connectivity checks. If that option is enabled, the above leaks could not be observed by us.</p>
<h2>Privacy concerns</h2>
<p>The connection check traffic can be observed and analyzed by the party controlling the connectivity check server and any entity observing the network traffic. Even if the content of the message does not reveal anything more than "some Android device connected", the metadata (which includes the source IP) can be used to derive further information, especially if combined with data such as WiFi access point locations. However, as such an de-anonymization attempt would require a quite sophisticated actor, most of our users are probably unlikely consider it a significant risk.</p>
<h2>Conclusions and recommendations</h2>
<p>There is nothing we can do in the app to fix the leaks. We can however inform our users that they exist, and be transparent about the limitations of the Android operating system. This allows everyone can make an informed decision.</p>
<p>As a closing note, we would like to recommend Google to adopt the ability to disable the connectivity checks, like on GrapheneOS, into stock Android.</p>Mullvad creates a hardware company2022-09-19T10:52:42.179843+00:00https://www.mullvad.net/fr/blog/2022/9/19/mullvad-creates-a-hardware-company/<p>Mullvad has been working for years to make it possible for hardware - such as VPN servers to prove their<a href="https://mullvad.net/blog/tag/system-transparency/"> trustworthiness to end-users</a>.</p>
<p>A number of the technologies developed during the System Transparency project have materalised into a USB security key that provides combined levels of flexibility and security never seen before.</p>
<p>We are now announcing the creation of our new sister company called Tillitis AB. Today the company announces its upcoming product, the <a href="https://www.tillitis.se">Tillitis Key</a>, first available at the <a href="https://www.osfc.io/">Open Source Firmware Conference</a>.</p>
<p><img alt="" src="/media/uploads/2022/09/19/tillitiskey.jpg" /></p>
<p>The Tillitis Key can be used for purposes such as logging in to computers and websites or to make digital signatures.</p>
<p>Something that makes the key unique is the fact that both its software and hardware are open source. Therefore it can be trusted because of its ability to be inspected and verified. The USB is free to be programmed by end users whilst still being secure. This offers the flexibility to easily be used in a wide variety of new applications.</p>
<p><br />
<em>Mullvad VPN</em></p>Mullvad’s physical voucher cards are now available in 11 countries on Amazon2022-09-16T14:31:30.643077+00:00https://www.mullvad.net/fr/blog/2022/9/16/mullvads-physical-voucher-cards-are-now-available-in-11-countries-on-amazon/<p>We are now available on Amazon in the following countries:<br />
<br />
Amazon <a href="https://www.amazon.com/Mullvad-VPN-Windows-Android-SCRATCH/dp/B092M5G1G7/">US</a><br />
Amazon <a href="https://www.amazon.co.uk/Mullvad-VPN-Devices-Protect-Security/dp/B092M5G1G7?">UK</a><br />
Amazon <a href="https://www.amazon.de/dp/B092M5G1G7/?th=1">DE</a><br />
Amazon <a href="https://www.amazon.ca/Mullvad-VPN-Devices-Protect-Security/dp/B092M5G1G7/">CA</a><br />
Amazon <a href="https://www.amazon.com.mx/Mullvad-VPN-Devices-Protect-Security/dp/B092M5G1G7/">MX</a><br />
Amazon <a href="https://www.amazon.it/Mullvad-VPN-Abbonamento-dispositivi-compatibile/dp/B092M5G1G7/">IT</a><br />
Amazon <a href="https://www.amazon.se/Mullvad-VPN-prenumeration-kompatibel-programvara/dp/B092M5G1G7/?th=1">SE</a><br />
Amazon <a href="https://www.amazon.nl/Mullvad-VPN-Privacy-universal-right/dp/B092M5G1G7/">NL</a><br />
Amazon <a href="https://www.amazon.fr/Mullvad-VPN-logicielle-Abonnement-compatible/dp/B092M5G1G7/">FR</a><br />
Amazon <a href="https://www.amazon.es/Mullvad-VPN-12-months-devices/dp/B092M5G1G7/">ES</a><br />
Amazon <a href="https://www.amazon.pl/Mullvad-VPN-12-miesi%C4%99cy-urz%C4%85dze%C5%84/dp/B092M5G1G7/">PL</a><br />
<br />
<strong>Upcoming countries: AU, JP, TR, BR </strong></p>
<p><img alt="" src="/media/uploads/2022/09/16/paketering_frontview_20220915_01_Y1yVaRb.jpg" /></p>
<h2>Benefits:</h2>
<ol>
<li>The design of the activation code removes the possibility for third parties to link a payment to a Mullvad account, for privacy. </li>
<li>You can gift time and give it to a friend without knowing their account number.</li>
</ol>
<h2>How to get started:</h2>
<p>Buy the activation code from Amazon and wait for delivery.</p>
<ol>
<li>Visit <a href="http://mullvad.net/account">Account | Mullvad VPN</a> to generate your account number, or use your existing Mullvad account.</li>
<li>Choose <strong>“Voucher”</strong> as payment method and scratch the grey area on the back of the card to reveal your activation code.</li>
<li>Enter your code and redeem it - your account has been activated.</li>
<li>Download our app on your preferred devices and sign in with your account number.</li>
<li>Secure your connection and take a look at our guides and blog for more privacy tips.</li>
</ol>
<p>In need of assistance? Contact <a href="http://support@mullvad.net">support@mullvad.net</a></p>
<p> </p>
<p> </p>Authoritative DNS server audit completed by Assured AB2022-09-14T06:59:44.215346+00:00https://www.mullvad.net/fr/blog/2022/9/14/authoritative-dns-server-audit-completed-by-assured-ab/<p>We are now running our own self-hosted authoritative DNS servers which we have spread around the world for redundancy, trust and performance.</p>
<p>These servers were audited by Assured AB who verified that they adhered to the best practices for authoritative DNS servers prior to being put into production.</p>
<p>We invite you to read the final report of our first security audit on Mullvad’s authoritative DNS servers, concluded in May 2022, with fixes deployed during early June 2022 , servers were deployed to production during August 2022.</p>
<p>These servers were audited prior to being used in production, we are releasing this report now that the servers are fully deployed.</p>
<p>We gave Assured AB full access via SSH to copies of our production servers, with separate credentials and asked them to verify the security and setup of them.</p>
<p>The audit report is available on Assured AB's website <a href="https://www.assured.se/publications/Assured_Mullvad_DNS_server_audit_report_2022.pdf">https://www.assured.se/publications/Assured_Mullvad_DNS_server_audit_report_2022.pdf</a></p>
<h2>Overview of findings</h2>
<ul>
<li> Assured AB found no zero critical or high issues</li>
<li> Service and application configurations generally followed best practices</li>
<li> Assured AB identified ten (10) issues that ranged from “low“ to “medium“</li>
<li> Assured AB identified zero (0) issues in the “critical“ or “high“ category</li>
</ul>
<p><strong>Key takeaway:</strong> Our self-hosted authoritative DNS service is fully audited for security issues!</p>
<h2>Identified vulnerabilities of interest</h2>
<h3>MUL006-3.1.2 Shared SNMP credentials (Medium)</h3>
<p><strong>To quote Assured AB:</strong> “We recommend that each deployed machine recieve its own unique credentials for inbound services, to enable revocation in case of a detected compromise“</p>
<p><strong>Our comments:</strong> We have altered the SNMP authentication method by adding unique credentials per server type, which in this instance means that authoritative DNS servers get their own credentials compared to WireGuard VPN servers, compared to OpenVPN servers, and so on.</p>
<p>We have also added the SNMP connectivity to be within our own WireGuard based overlay network, by which all health monitoring and metrics are transferred.</p>
<h3>MUL006-3.1.3 Permissive firewall policy (Low)</h3>
<p><strong>To quote Assured AB:</strong> “We recommend that the default policy for INPUT is set to DROP to make sure no services are exposed by accident“</p>
<p><strong>Our comments</strong>: In general we are ensuring that all servers use a default DROP policy. This was initially implemented on our VPN servers during their audit, and is spreading to all server types.</p>
<h3>MUL006-3.1.6 DNS Logging (Low)</h3>
<p><strong>To quote Assured AB: </strong>“No configuration is specified for the default category. The result of this is that BIND implicitly sends several log categories to syslog with a severity of info“</p>
<p><strong>Our comments:</strong> We have a company policy that ensures that we do not log anything. Before this service went into production we set category default { null; }; in the named.conf.logging configuration file.</p>
<h2>Integrating it into our deployments</h2>
<p>After our authoritative DNS servers were fully audited we started deploying them for production usage and integrating them into our workflow.</p>
<p>By implementing our own authoritative DNS servers, we are able to control the uploading of DNS records using the same Ansible codebase that we use to deploy the rest of our infrastructure.</p>
<p>Our DNS servers get records added or updated when servers are provisioned for the first time, and then updated when required, or removed when servers are decommissioned.</p>
<h2>Trust, reliability and a little bit of time gained</h2>
<p>This migration to our own hardware meant we have full control over what runs on them. Although no customers will ever interact with them, we do have full knowledge of their configuration and know that the set up is audited and approved, at least during this initial audit.</p>
<p>We are grateful to Assured AB for auditing our servers, and we will include these servers in our next audit cycle.</p>
<p>For the universal right to privacy,<br />
Mullvad</p>Expanding diskless infrastructure to more locations (System Transparency: stboot)2022-08-01T14:11:20.833626+00:00https://www.mullvad.net/fr/blog/2022/8/1/expanding-diskless-infrastructure-to-more-locations-system-transparency-stboot/<p>In January 2022 we announced the first pair of VPN servers booted with our stboot bootloader, both located in Sweden. That was the start of our long running System Transparency project.</p>
<p>Now we announce a continuation of this project with even more servers added around the world, all running from RAM with no disks in use.</p>
<p>You can view all the servers running from RAM without any disks in use on our server page (<a href="https://mullvad.net/en/servers/">https://mullvad.net/en/servers/</a> ). There is a “Running from” filter to select RAM or disk servers.</p>
<h3>More diskless infrastructure for VPN servers</h3>
<p>Today we announce the continuation of our System Transparency project with more servers spread around the world. All of the new servers are found within their respective cities in the server list, since our plan is to move all our VPN infrastructure to run on our stboot bootloader in future.</p>
<p>To find these servers, set the “Running from“ toggle to RAM on our server page here: <a href="https://mullvad.net/servers">https://mullvad.net/servers</a></p>
<p><strong>What about the [BETA] servers you had previously?</strong></p>
<p>These are going to be moved and placed into their respective cities in due time. Please<strong> switch away</strong> from these servers and select a new server or location. We will have servers in Sweden running with stboot.</p>
<h3>To recap about “no disks in use”</h3>
<ol>
<li>If the computer is powered off, moved or confiscated, there is no data to retrieve. On servers running from disks, this is also the case as we encrypt all of them to secure their data. Regardless there would still be no logs or customer information.</li>
<li>We get the operational benefits of having fewer breakable parts. Disks are among the components that break often. Therefore, switching away from them makes our infrastructure more reliable.</li>
<li>The operational tasks of setting up and upgrading package versions on servers become faster and easier.</li>
<li>Running the system in RAM does not prevent the possibility of logging. It does however minimise the risk of accidentally storing something that can later be retrieved assuming the server has not been powered off.</li>
</ol>
<h3>What happens next?</h3>
<p>We get your feedback, if any, on how well it works!</p>
<p>We will continue to add more and more servers in different locations running from RAM without any disks in use. We will also improve the deployment and configuration of these servers, and continue to include these servers as a prime focus in our next infrastructure audit.</p>
<h3>Servers that are not running from RAM</h3>
<p>We have detailed how we run our servers previously (<a href="https://mullvad.net/help/server-list/">https://mullvad.net/help/server-list/</a>), explaining that:</p>
<p><em>“We encrypt all of our servers to secure their data. This means that no one can simply unplug a server, boot it up, and mount the disk in order to copy keys without first knowing the encryption passwords. Only relevant Mullvad staff have access to these.</em></p>
<p><em>In addition, the passwords, certificates, and private keys for the VPN tunnels are all unique for each server. In the unlikely event that any of these were to be extracted, only that particular individual server would be affected.“</em></p>
<p>The configuration of these servers has not changed, and we are continuing to encrypt the servers to secure their data.</p>
<h3>Note</h3>
<p>Servers running from both disk and RAM contain WireGuard private keys which we persist across controlled reboots, this means that WireGuard keys are <strong>no longer</strong> wiped on each server restart.</p>
<p>Configuration files that are generated from the accounts page can now be used to connect to these servers.</p>
<h3>Read more</h3>
<p>System Transparency is the future - <a href="https://mullvad.net/blog/2019/6/3/system-transparency-future/">https://mullvad.net/blog/2019/6/3/system-transparency-future/</a></p>
<p>Open Source Firmware is the future - <a href="https://mullvad.net/blog/2019/8/7/open-source-firmware-future/">https://mullvad.net/blog/2019/8/7/open-source-firmware-future/</a></p>
<p>System Transparency home page - <a href="https://www.system-transparency.org/">https://www.system-transparency.org/</a></p>
<p>Our previous blog about where we came from: <a href="https://mullvad.net/blog/2022/1/12/diskless-infrastructure-beta-system-transparency-stboot/">https://mullvad.net/blog/2022/1/12/diskless-infrastructure-beta-system-transparency-stboot/</a></p>Mullvad is now available on Amazon (US & SE)2022-07-26T11:06:22.525127+00:00https://www.mullvad.net/fr/blog/2022/7/26/mullvad-is-now-available-on-amazon-us-se/<p>For the first time in our history you can buy Mullvad VPN physical activation codes on Amazon!</p>
<p><img alt="" src="/media/uploads/2022/07/26/coverv1.jpg" /></p>
<h2>Benefits:</h2>
<ol>
<li>The design of the activation code removes the possibility for third parties to link a payment to a Mullvad account, for privacy. </li>
<li>You can gift time and give it to a friend without knowing their account number.</li>
</ol>
<p><img alt="" src="/media/uploads/2022/07/26/codev1.png" /></p>
<h2>How to get started:</h2>
<ol>
<li>Buy the activation code from Amazon and wait for delivery.</li>
<li>Visit <a href="http://mullvad.net/account">mullvad.net/account</a> to generate your account number, or use your existing Mullvad account.</li>
<li>Choose <strong>“voucher”</strong> as payment method and scratch the grey area on the back of the card to reveal your activation code.</li>
<li>Enter your code and redeem it - your account has been activated.</li>
<li>Download our app on your preferred devices and sign in with your account number.</li>
<li>Secure your connection and take a look at our guides and blog for more privacy tips.</li>
</ol>
<p>In need of assistance? Contact <a href="mailto:support@mullvad.net">support@mullvad.net</a></p>
<p><strong>Note:</strong><br />
<strong>Currently only available on Amazon <a href="https://www.amazon.com/Mullvad-VPN-1M-5-devices/dp/B092M55HJ2">US</a> & <a href="https://www.amazon.se/Mullvad-VPN-prenumeration-kompatibel-programvara/dp/B092M5G1G7">SE</a><br />
Upcoming countries: GB, DE, NO, FI, AU, NL, CA, CH, FR, ES, DK</strong></p>Aiding to break habits: Gambling and Adult content DNS blocking2022-07-11T09:44:51.526044+00:00https://www.mullvad.net/fr/blog/2022/7/11/aiding-to-break-habits-gambling-and-adult-content-dns-blocking/<p>We have expanded our DNS blocking service with Gambling and Adult content filters!</p>
<p>In addition to our Advertising, Tracker, and Malware lists, we have adding 2 more options: Blocks for adult content and gambling websites. Now available in version 2022.2! <strong> Update: Corrected iOS information.</strong></p>
<p>These are based on lists that are readily available and viewable via <a href="https://github.com/mullvad/dns-adblock">our Github page</a>.</p>
<h2>Now available everywhere: Blocking adult content and gambling websites</h2>
<p>This service is an extension to our other blocking services, where we prevent known websites that serve adult content and gambling from displaying content. These features can be used alongside our advertising, tracker and malware website blocking features, and can be enabled either via toggles available in our desktop and iOS apps or via a <em>custom DNS entry</em> if you are on Android, or are using our service via a configuration file.</p>
<p>These are the first iterations of these blocks, <strong><u>so they may not be perfect</u></strong>. We will improve them over time.</p>
<h2>To use these features</h2>
<h3>For desktop</h3>
<ul>
<li>Select the Cog → Preferences →
<ul>
<li>Block adult content</li>
<li>Block gambling</li>
</ul>
</li>
</ul>
<h3>For iOS</h3>
<ul>
<li>Select the Cog → Preferences → Edit (top right corner) -> Add a server and enter one of the following IP addresses listed below that matches your desired state. -> tap on Done (top right corner) → Enable the custom DNS option.</li>
</ul>
<h3>For Android or custom DNS entries (including configuration files):</h3>
<ul>
<li>Select the Cog → Advanced → Use custom DNS and enter one of the following IP addresses that matches your desired state.</li>
</ul>
<p><img alt="" src="/media/uploads/2022/07/11/blocking2.jpg" style="height:631px; width:300px" /></p>
<p>For Android, iOS and configuration file users you will need to use one of the following custom DNS entries to enable this feature:</p>
<h3>Adult content combinations:</h3>
<ul>
<li>100.64.0.8 - Adult content only</li>
<li>100.64.0.9 - Adult content and ads</li>
<li>100.64.0.10 - Adult content and trackers</li>
<li>100.64.0.11 - Adult content, ads and trackers</li>
<li>100.64.0.12 - Adult content and malware</li>
<li>100.64.0.13 - Adult content, ads and malware</li>
<li>100.64.0.14 - Adult content, trackers and malware</li>
<li>100.64.0.15 - Adult content, ads, trackers and malware</li>
</ul>
<h3>Gambling blocks:</h3>
<ul>
<li>100.64.0.16 - Gambling only</li>
<li>100.64.0.17 - Gambling and ads</li>
<li>100.64.0.18 - Gambling and trackers</li>
<li>100.64.0.19 - Gambling, ads and trackers</li>
<li>100.64.0.20 - Gambling and malware</li>
<li>100.64.0.21 - Gambling, ads and malware</li>
<li>100.64.0.22 - Gambling, malware and trackers</li>
<li>100.64.0.23 - Gambling, ads, malware and trackers</li>
<li>100.64.0.24 - Gambling and adult content</li>
<li>100.64.0.25 - Gambling, ads and adult content</li>
<li>100.64.0.26 - Gambling, adult content, and trackers</li>
<li>100.64.0.27 - Gambling, ads, adult content and trackers</li>
<li>100.64.0.28 - Gambling, adult content and malware</li>
<li>100.64.0.29 - Gambling, ads, adult content, and malware</li>
<li>100.64.0.30 - Gambling, adult content, malware, and trackers</li>
<li>100.64.0.31 - Ads, adult content, gambling, malware, trackers ("Everything")</li>
</ul>
<p>Adult content and gambling blocks were made available with the app release 2022.2 on desktop and iOS.</p>
<p>We <u>will add</u> this and all other DNS blocks as toggleable features to Android as well in a future release.</p>
<p>Our <a href="https://github.com/mullvad/dns-adblock">repository</a> demonstrates all of the IP address to list combinations available at the time of writing.</p>
<p><em>If you want to use custom DNS via our app or configuration file, you can use the corresponding IP address from the list on our repository.</em></p>
<p>We are refreshing all theses lists on a monthly basis.</p>
<p>This is <strong><u>not intended to be a replacement</u></strong> for <em>good security practices</em>, nor is it meant to be a replacement for specialised content filtering or parental controls for website blocking. Please ensure you use this in conjunction with other practices to keep your computers and mobile devices safe, secure and up to date.</p>
<p>If you have any thoughts regarding the lists that we utilise please:</p>
<ul>
<li>contact our Support Team by email at <a href="mailto:support@mullvad.net">support@mullvad.net</a> or</li>
<li>Suggest alterations or additions on our <a href="https://github.com/mullvad/dns-adblock">Github page</a></li>
</ul>Experimental post-quantum safe VPN tunnels2022-07-11T05:20:39.369255+00:00https://www.mullvad.net/fr/blog/2022/7/11/experimental-post-quantum-safe-vpn-tunnels/<p>Our latest beta (app version 2022.3-beta1) and some WireGuard servers now support VPN tunnels that protect against attackers with access to powerful quantum computers.</p>
<p>The encryption used by WireGuard has no known vulnerabilities. However, the current establishment of a shared secret to use for the encryption is known to be crackable with a strong enough quantum computer.</p>
<p>Although strong enough quantum computers have yet to be demonstrated, having post-quantum secure tunnels today protect against attackers that record encrypted traffic with the hope of decrypting it with a future quantum computer.</p>
<h2>Our solution</h2>
<p>A WireGuard tunnel is established, and is used to share a secret in such a way that a quantum computer can’t figure out the secret even if it had access to the network traffic. We then disconnect and start a new WireGuard tunnel specifying the new shared secret with <a href="https://www.wireguard.com/protocol/">WireGuard’s pre-shared key option</a>. The Post-Quantum secure algorithm used here is Classic McEliece.</p>
<p>We had a similar experiment running in 2017. Please see <a href="https://mullvad.net/blog/2017/12/8/introducing-post-quantum-vpn-mullvads-strategy-future-problem/">that blog post</a> if you are interested in all the details. There is also a summary of differences at the end of this post.</p>
<h2>How to try it</h2>
<p><strong>Please note that this feature is highly experimental!</strong> We might need to change the protocol in such a way that it will break. Use it with this in mind, or wait until we stabilize the feature.</p>
<p>For now, the feature is only available in the desktop versions of our app, <strong>2022.3-beta1</strong> and newer, and only through our command line interface. It is also only supported on a select few WireGuard servers, see below.</p>
<p>If you want to try it out, fire up your terminal/console and run the following command:</p>
<pre>
mullvad tunnel wireguard quantum-resistant-tunnel set on</pre>
<p>Then connect to one of the below servers, as they are the only ones currently supporting this feature. If you connect to any other server, the app will simply fail and try again and again.</p>
<ul>
<li>au1-wireguard</li>
<li>de12-wireguard</li>
<li>gb5-wireguard</li>
<li>jp13-wireguard</li>
<li>nl2-wireguard</li>
<li>se6-wireguard</li>
<li>se9-wireguard</li>
<li>se17-wireguard</li>
<li>us113-wireguard</li>
<li>us114-wireguard</li>
</ul>
<p>If you want to stop using this experimental feature, run the same command as above, but replace <code>on</code> with <code>off</code>.</p>
<p>To verify if it works you can check that the GUI now says “QUANTUM SECURE CONNECTION” in green. And the CLI command <code>mullvad status -v</code> should print <code>Quantum resistant tunnel: yes</code>.</p>
<p>It is worth noting that this only adds to the security, and does not risk making it weaker. Even if the post-quantum secure algorithm has a flaw and the shared secret can be computed by an attacker, the resulting WireGuard tunnel is still as secure as it would have been without the extra shared key. The main drawback is that it takes an additional second or two to establish the shared secret, but other than that the performance is the same.</p>
<p>We would love your feedback on this feature. And if you are having any issues with it, we would like to know about it, so we can improve it.</p>
<h2>Difference from the 2017 experiment</h2>
<p>The main difference is that the feature is now implemented directly in our app and can easily be enabled by anyone running a new enough version of it. It currently works against our 10 test servers listed above, but it will eventually be available on all our WireGuard servers. The experiment in 2017 only allowed quantum resistant tunnels towards a single experimental server. It was also not integrated in our app. Instead you had to download and run some custom scripts from us, and they would only work on Linux.</p>
<p>Another difference is that we use a different algorithm. In 2017, we used New Hope. Now we switched to <a href="https://csrc.nist.gov/Projects/post-quantum-cryptography/">one of the finalists in the NIST post-quantum cryptography competition</a> instead. We will continue to follow the ongoing standardization, and we might support other algorithms in the future.</p>
<p> </p>VPN server audit found no information leakage or logging of customer data2022-06-22T13:00:26.563536+00:00https://www.mullvad.net/fr/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/<p>We tasked the Gothenburg based security consulting firm, Assured AB with performing a security audit towards our VPN infrastructure.</p>
<p>We invite you to read <a href="https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf">the final report</a> of our second security audit on Mullvad’s VPN infrastructure, concluded in May 2022, with fixes deployed during early June 2022.</p>
<p>We are satisfied with the independent auditors concluding statements, where they say that <em>“…the configuration is sound and did not display signs of any direct customer information“</em>, and <em>“In summary; externally the deployments have quite a strong posture“</em></p>
<p>Prior to the audit we deployed three (3) freshly installed VPN servers which were installed for this specific use-case, meaning they were not being used by customers at the time Assured AB gained access. They audited two (2) WireGuard VPN servers (one (1) of which <a href="https://mullvad.net/en/blog/2022/1/12/diskless-infrastructure-beta-system-transparency-stboot/">runs with no disks in use</a>), and one (1) OpenVPN server.</p>
<p>We gave Assured AB full access via SSH to specially provisioned VPN servers and asked them to verify:</p>
<ul>
<li>Security and set up of servers internally</li>
<li>Security and set up of servers externally</li>
<li>Whether or not we log customer activity</li>
</ul>
<p>The audit report is available on Assured AB's website.</p>
<h2>Overview of findings</h2>
<ul>
<li>Assured AB found no information leakage or logging of customer data</li>
<li>Service and application configurations generally followed best practices</li>
<li>Assured AB identified twenty-one (21) issues that ranged from “low“ to “medium“</li>
<li>Assured AB identified zero (0) issues in the “critical“ or “high“ category </li>
</ul>
<p><strong>Key takeaway:</strong> Mullvad is once again audited on the infrastructure side!</p>
<h2>Identified vulnerabilities of interest</h2>
<h3>MUL006-3.1.1 User-writable scripts run by root (Medium)</h3>
<p><strong>To quote Assured AB:</strong> <em>“This results in a potential privilege escalation vector which could allow an<br />
attacker with access to the promtail service account to obtain root access.“</em></p>
<p><strong>Our comments:</strong> We have resolved the scripts mentioned in the report, and are doing a thorough investigation into reworking and updating other scripts that might potentially result in privilege escalation.</p>
<h3>MUL006-3.1.2 Permissive firewall policy (Medium)</h3>
<p><strong>To quote Assured AB:</strong> <em>“This could allow an attacker to access services or interfaces which were not intended.“</em></p>
<p><strong>Our comments:</strong> Before the audit we had restrictive firewall rules that were set to permit only the correct connections inbound. We have switched to a default DROP rule in INPUT, meaning that we have added more stringent rules. This, along with other improvements we <strong>had already made</strong> prior to the audit now mean that our VPN server firewall rules have become even stronger and more concise.</p>
<h3>MUL006-3.1.8 Shared credentials for consumed services and APIs</h3>
<p><strong>To quote Assured AB:</strong> <em>“We recommend that each deployed machine receive its own unique credentials for outbound use, to enable revocation in case of a detected compromise. Credentials should be generated by a randomized source with sufficient entropy.“</em></p>
<p><strong>Our comments:</strong> We have made sufficient alterations to the relevant services to add credentials with a much higher entropy that are unique per server. We have also implemented a wider range of credentials across servers and differing server types for each consumed API. Having shared credentials for our services was an oversight, made and subsequently remediated when it was highlighted by Assured AB.</p>
<h2>Miscellaneous issues of interest</h2>
<h3>MUL006-3.1.10 Binaries lacking instrumented hardening (Low)</h3>
<p><strong>To quote Assured AB:</strong> <em>“A few binaries/applications running on the target system lack certain automatic<br />
security mitigations.“</em></p>
<p><strong>Our comments:</strong> We have applied patches all the listed binaries that we run on our systems, ensuring that they conform to the recommendations listed in the report. Assured AB went on to say that <em>“A number of OS and third-party applications also lack binary hardening…Our recommendation is to put pressure on the upstream package maintainers“</em>, we intend to contact maintainers of the packages or and software we make use of to inform them of such security concerns.</p>
<h3>MUL006-3.1.18 Service logs disabled (Note)</h3>
<p><strong>To quote Assured AB:</strong> <em>“The following system services were audited, and found to have their system and<br />
customer logging disabled entirely“</em></p>
<p><strong>Our comments:</strong> We are thankful to Assured AB for verifying that we do not have any customer logging enabled on any of our external facing services.</p>
<p>There are more changes to be deployed in the near future, and the listed fixes are examples of the most interesting issues that Assured AB found.</p>
<p>As with our last audit we will endeavor to do audits on as close to a yearly basis as possible. We are grateful to Assured AB for auditing our servers, they were able to highlight new issues that the previous audit did not.</p>
<p>For the universal right to privacy,<br />
Mullvad</p>We are removing the option to create new subscriptions2022-06-20T11:41:36.666841+00:00https://www.mullvad.net/fr/blog/2022/6/20/were-removing-the-option-to-create-new-subscriptions/<p>In order to store less data we will no longer accept <strong>NEW</strong> PayPal and Credit card subscriptions (recurring payments). One-time payments are not affected.</p>
<h2>Payment records and privacy</h2>
<p>At Mullvad VPN we strive to know as little as possible about our users. We are constantly looking for ways to reduce the amount of data we store while still providing a usable service. Nowhere is the tension between privacy and usability more apparent than in the area of payments.</p>
<p>In order to provide refunds and the ability to recover lost accounts we need to store some record of a payment, at least for a short time. As soon as we do not need the data to enable refunding a payment we scrub the record of anything that can link the payment or the account to any personally identifiable information kept by the payment processor (this could be your bank, for example).</p>
<p>The problem, when it comes to subscriptions, or recurring payments, is that this link needs to be preserved for the duration of the subscription. In other words, a subscription lasting 12 months will force us to keep the link for all 12 months while a one-time payment for the same amount of time would only require us to keep it for the first few weeks.</p>
<h2>Our decision to remove subscriptions</h2>
<p>Subscriptions clearly offer a lot of convenience but as we’ve seen that convenience comes at a cost and we no longer think this is an acceptable trade-off. We care deeply about usability but when it comes down to it, privacy has to win.</p>
<p>That is why, as of today, we will no longer accept any new credit card or PayPal subscriptions. All existing subscriptions will keep working as normal for at least 6 months but if they are canceled or expire they cannot be renewed. If you have an active subscription we encourage you to cancel it within the next 6 months and replace it with a one-time payment to avoid any unexpected disruptions. All payments use the same <a href="https://mullvad.net/pricing">flat pricing model</a>. We will keep you informed of what happens next.</p>
<h2>In summary</h2>
<ul>
<li>we are removing the ability to create <strong>new</strong> subscriptions on all accounts</li>
<li>existing subscriptions will be processed for <strong>at least 6 months</strong></li>
<li>one-time payments are <strong>not</strong> affected</li>
<li>we are doing this to store <strong>less data</strong> about our users</li>
</ul>
<p>For your right to privacy,<br />
Mullvad VPN</p>Mullvad is now continuously donating to Qubes OS2022-06-15T08:59:53.524098+00:00https://www.mullvad.net/fr/blog/2022/6/15/mullvad-is-now-continuously-donating-to-qubes-os/<p>We are excited to announce our continuous support for the <a href="https://www.qubes-os.org/">Qubes operating system</a> with a <a href="https://www.qubes-os.org/partners/">donation toward the project's continued development</a>.</p>
<p>We recognise Qubes as one of the most important security-related projects out there at the moment.</p>
<p>The Mullvad team has been using Qubes in its day-to-day operations since early 2015. It allows us to compartmentalise and isolate activities with different security requirements, such as server administration, software development, and password management.</p>
<p>For us Qubes is an important tool in our efforts to make censorship and mass surveillance ineffective. If you're concerned with the security of your computer, then you potentially have a lot to gain from using Qubes.</p>
<p>Qubes OS is free and open source</p>Introducing names for easier device management2022-06-13T14:03:40.170650+00:00https://www.mullvad.net/fr/blog/2022/6/13/introducing-names-for-easier-device-management/<p>The app now has an easy-to-remember two word name as its device identifier. This both solves the dreaded “too many keys”-issue and it gives users a more friendly way of identifying their devices.</p>
<h2>The problem</h2>
<p>For many years, users have been plagued by the error “Too many keys” when they try to log in to our app or manually rotate the WireGuard key it uses. This was because their account already had five WireGuard keys, which is the limit. They then had to go to our website and remove a WireGuard key. How do they know which key to remove? It is just an incomprehensible soup of letters and numbers that is impossible to remember, it is also automatically changed every week due to the privacy enhancing automatic key rotation built into the app. In practice most people just removed a random key or wiped all of them to be able to proceed. And this of course caused issues on their other Mullvad-connected devices.</p>
<h2>Our solution</h2>
<p>Our solution to this is that we generate a random two word name for each device. The name stays the same until the device is removed from the account.</p>
<p>You can find the name of a device in the account view.</p>
<p><img alt="" src="/media/uploads/2022/06/13/device-names-1.png" /></p>
<p>Not only is it easier to identify which device is which now, we also allow logging out other unused devices directly from the app. When you try to log in to an account that already has five registered devices on it, the app will show a list of all devices on the account. No need to go to the website to manage your devices/keys!</p>
<p><img alt="" src="/media/uploads/2022/06/13/device-names-2.png" /></p>
<p>From this view you can easily log out for example the “Fearless Sparrow” device and then continue with the login on your new device.</p>
<p>Please note that this feature is added in <strong>2022.2</strong> on desktop and is yet to be implemented on mobile.</p>
<h2>Change device name?</h2>
<p>Did you get a device name that you <strong>really</strong> do not like for some reason? You can log out and log back in, which will remove and register as a new device, this gives you a new device name!</p>
<h2>Removing the WireGuard key management</h2>
<p>Along with introducing this we also remove the WireGuard key management view from the app at the same time. There should not be any need to manually do the things you could do there.</p>
<h2>Viewing your key</h2>
<p>No one should really need to see the WireGuard key. But if you for some reason still really want to know what WireGuard key the app is currently using, you can view it via our command line interface:</p>
<pre>
mullvad tunnel wireguard key check</pre>
<p>The command line interface is available on all desktop operating systems.</p>
<h2>Validating your key</h2>
<p>We have improved the app is such a way that it should never end up with an invalid key by itself any longer. So no need to validate it manually.</p>
<h2>Rotating your key</h2>
<p>The app automatically rotates the WireGuard key once per week by default (every four days on iOS). This is for improved anonymity. This is enough for most users. If you still really want to change your key at a specific point in time, you can log out and back in to the app. This will create a whole new device (new name!) and also use a new key.</p>
<p>You can also do it via the command line interface on desktop:</p>
<pre>
mullvad tunnel wireguard key regenerate</pre>
<h2>Setting custom device names?</h2>
<p>Many of you have asked if we could allow custom labels on the WireGuard keys associated with your account. Allowing you to name them “Android phone” or “Router at my parents house”. The problem with that is the possibility of revealing something about who you are. We at Mullvad go to great lengths to not allow users to give us personally identifiable information. This is in order to not be able to reveal who you are. That’s why we give you an account number when you sign up, instead of you giving us a username or email. As long as we only give you data, and you don’t give us any data, we don’t have any personally identifiable data that can be stolen or leaked from us.</p>New version of Swedish law on electronic communication (LEK)2022-06-13T03:36:48.641284+00:00https://www.mullvad.net/fr/blog/2022/6/13/new-version-of-swedish-law-on-electronic-communication-lek/<p>Proposed to enter into force on 1 August 2022.</p>
<h2>Which parties are affected by the new provisions?</h2>
<p>The target group is primarily providers of public electronic communications networks and publicly available electronic communications services. However, certain provisions of the new law will also apply to operators providing <strong>so-called interpersonal number-independent communications services, such as instant messengers</strong> and other types of communications services. Providers of these services <strong>may</strong> therefore be subject to the new rules.</p>
<p>Mullvad is conducting this analysis in order to provide its users with a balanced view and understanding regarding how the new legislation affects Mullvad's service.</p>
<p><a href="https://mullvad.net/help/the-new-electronic-communications-act-lek-sweden/">Read the full text</a><br />
</p>
<h2>Summary and conclusion</h2>
<p>It may be considered as far-fetched for a VPN service to be deemed to be a public electronic communications network since this is dependent upon the user being connected to the Internet in order to use the VPN service. Furthermore, in the preparatory works to the current LEK (and also statements from PTS), the legislator has expressed that a VPN service is not subject to a reporting obligation under the LEK. This suggests that a VPN service is also not to be considered as an electronic communications service since, according to the previous positions, the service does not, wholly or mainly, have control, either physical or contractual, over the signal transmission that enables the service to be used. Nor should it be considered that Mullvad's service is the type of service covered by the concept of "machine-to-machine", as such an interpretation would in practice mean that almost all communications that take place today will eventually be covered. Nor is there anything else in the preparatory works to the New LEK (or the Directive) that clearly indicates that the legislator now wishes to change the current scope of the legislation in a way that entails that a service, like the one Mullvad provides, should be covered. </p>
<p>On the whole, it appears to be the reasonable interpretation based on the previous preparatory work and PTS statements that a provider of a VPN service is not subject to a reporting obligation under the New LEK where the provider does not simultaneously provide another service that is subject to a reporting obligation (e.g., an Internet operator).</p>
<p><strong>Pending other statements and/or practice in this area, it should thus be possible to interpret the situation such that the VPN services in question are not covered by the New LEK</strong>. Mullvad will continue to focus on the issue and update its analysis in the event new information arises.</p>Possible DNS leak fixed in our Windows app2022-06-10T12:22:06.901249+00:00https://www.mullvad.net/fr/blog/2022/6/10/possible-dns-leak-fixed-in-our-windows-app/<p>We found that our Windows app’s firewall rules did not properly block DNS outside the VPN tunnel when split tunneling was used. However, programs would not really use this hole or cause any leaks.</p>
<p>When the Mullvad app is connected, DNS is supposed to only ever go inside the VPN tunnel, to the resolver on the VPN server. All other destinations should be blocked, both inside and outside the tunnel. The exception is of course if Custom DNS is being used, then the configured custom resolver is the only one that should be allowed. However, there was an issue with the firewall rules in our split tunneling driver that caused these security guarantees to not be fully upheld. If you excluded any app from the VPN tunnel, the split tunneling driver was activated and you could then also reach any DNS server outside the tunnel.</p>
<p>We don’t classify this as a critical vulnerability. We configure our in-tunnel DNS resolver as the system’s default resolver, and as such, Windows always uses the correct resolver anyway. The only time this would actually cause a leak is if a program explicitly tries to reach some other resolver <em>outside the tunnel</em>. Wrong DNS servers <em>in the tunnel</em> was still being correctly blocked.</p>
<p>The only affected app version is 2022.1 (and the betas preceding it). The bug was fixed in 2022.2-beta1. If you care about this leak, consider upgrading to the beta. This will be in a stable version of the app soon. This leak only affects Windows.</p>
<h2>How to reproduce</h2>
<p>If you have a DNS resolver on your local network, for example in your router, on IP <code>192.168.1.1</code>, and you have our app connected and with no apps excluded from the tunnel, then the following command does not work. It times out without being able to reach the DNS server:</p>
<pre>
nslookup mullvad.net 192.168.1.1</pre>
<p>But, if you exclude any program from the tunnel in the split tunneling settings and re-run the above command, you will see that it is now able to do the lookup.</p>We are taking a tunnel to Stockholm!2022-05-05T08:45:56.179733+00:00https://www.mullvad.net/fr/blog/2022/5/5/we-are-taking-tunnel-stockholm/<p>Come and see us at Stockholm Central Station Monday 9th - Tuesday 10th May. There might be a Cookie to accept.</p>We now accept Monero2022-05-03T09:03:48.918393+00:00https://www.mullvad.net/fr/blog/2022/5/3/we-now-accept-monero/<p>Mullvad is now accepting payments in the Monero cryptocurrency.</p>
<p><a href="https://getmonero.org/">Monero</a> is designed from the ground up with privacy as its main focus. It fulfills this goal admirably, making it a good match for our privacy focused VPN service.</p>
<p>As with our other cryptocurrencies, we run the wallet and node ourselves and do not rely on any third parties.</p>
<p>We do not provide refunds and account recovery for Monero transactions but all purchases using Monero, as well as any other cryptocurrency, get a 10% discount.</p>
<p>You can find the option to pay using Monero alongside our other payment methods on the <a href="https://mullvad.net/account/">account page</a>.</p>Silver-tier donation to WireGuard2022-04-27T06:35:21.472212+00:00https://www.mullvad.net/fr/blog/2022/4/27/silver-tier-donation-wireguard/<p>Mullvad donates to the WireGuard project for 2022.</p>
<p>Mullvad saw a lot of potential in the WireGuard VPN protocol already <a href="https://mullvad.net/blog/2017/9/27/wireguard-future/">back in 2017</a>. We decided to continue supporting the project through 2022 with a Silver tier Donation.</p>
<p>At the time of writing we have nearly 500 WireGuard VPN servers spread across 34 countries, which is a large increase compared to what we had in 2017 with just 10 locations. With our WireGuard servers we have plans to improve our coverage, performance as well as our censorship circumvention starting with our <a href="https://mullvad.net/blog/2021/11/1/introducing-wireguard-over-tcp-and-ipv6/">WireGuard over TCP project</a>.</p>
<p>WireGuard is supported in all our Apps, and our desktop apps support <a href="https://mullvad.net/blog/2022/3/10/wireguard-multihop-now-easy-available-app/">WireGuard multihop</a>, enabling you to enter via one WireGuard server, through another to exit from a totally different server, or even location.</p>
<p>For your right to privacy,<br />
Mullvad VPN</p>
<p>"WireGuard" is a registered trademark of Jason A. Donenfeld.</p>Apple’s Private Relay can cause the system to ignore firewall rules2022-04-25T10:46:07.596897+00:00https://www.mullvad.net/fr/blog/2022/4/25/apples-private-relay-can-cause-the-system-to-ignore-firewall-rules/<p><a href="https://support.apple.com/en-us/HT212614">Apple’s Private Relay</a> (Beta) feature calls home to Apple servers without respecting the firewall rules of the system, creating a leak that neither we, nor you, can stop without <a href="https://support.apple.com/en-us/HT212614#website-not-working">disabling the entire Private Relay feature</a>.</p>
<p>The Private Relay functionality is almost like a VPN tunnel, or somewhat similar to how Tor works. It routes your network traffic in encrypted form via relay servers before it reaches the internet. The feature is still in beta and only available in certain regions, and you need a paid iCloud+ subscription to enable it.</p>
<p>When we at Mullvad monitored our network connections while doing development on our app, we saw something that should not be there: QUIC traffic leaving the computer outside the VPN tunnel! This is a leak! We tracked the sending down to the Private Relay feature, and disabling the Private Relay made the leaks stop. We do not know for sure that the traffic belongs to Private Relay, but it sure does trigger it.</p>
<p>It is worth noting that Private Relay (mostly) disables itself as soon as any firewall rule is added to <a href="https://en.wikipedia.org/wiki/PF_(firewall)">PF</a> (the system firewall on macOS devices). The Mullvad VPN app does add firewall rules. Once you connect the Mullvad app, Private Relay announces that it has disabled itself. We see no correlation between user traffic and the leaking packets. We believe they are just some heartbeat signal calling home to Apple. We do not know what information is transmitted to Apple, but since the destination is Apple servers, it is a strong signal to your local network and ISP that you might be a macOS user.</p>
<h2>How to reproduce the leak</h2>
<p>If you have an iCloud+ subscription you can easily test this yourself. Follow these steps and observe Private Relay not respecting your firewall rules:</p>
<ol>
<li>Set up monitoring of all QUIC traffic via <code>sudo tcpdump udp port 443</code>.</li>
<li><a href="https://support.apple.com/en-us/HT212614#on">Enable private relay</a> and verify that it works (It should show a notification saying “Private Relay is Active”). The Mullvad VPN app will prevent it from working if it connects during boot. If the private relay is unavailable, remove our app or any other offending VPN client, reboot, and start again.</li>
<li>Confirm that QUIC traffic can be observed. Before applying the firewall rule, you should also be able to see traffic in <code>tcpdump</code> if you just send some bytes over <code>nc -u apple.com 443</code></li>
<li>Append a PF rule to block QUIC traffic in <code>/etc/pf.conf</code>, reload the rules and enable the firewall.
<ol>
<li>Append <code>block return out quick proto udp from any to any port 443</code> to <code>/etc/pf.conf</code></li>
<li>Reload rules via <code>sudo pfctl -f /etc/pf.conf</code>.</li>
<li>Flush any firewall state via <code>sudo pfctl -F states</code></li>
<li>Enable PF via <code>sudo pfctl -e</code>.</li>
<li>Verify that you can no longer send traffic over <code>nc -u apple.com 443</code></li>
</ol>
</li>
<li>Now, you may verify that a trickle of QUIC traffic still flows out from your computer as per the output of <code>tcpdump</code>, yet you would not be able to make new QUIC connections over UDP to hosts on port 443. This means that Private Relay does not play by the same rules as <code>nc</code>.</li>
</ol>
<p>It is also worth noting that these QUIC leaks happen on the physical network interface even if you connect a VPN and set up the routing table to route everything through the VPN interface. So it is not only circumventing the firewall rules, it is also not respecting the routing table.</p>
<p>To restore your computer and the firewall again, just remove the rule from <code>/etc/pf.conf</code> and run <code>sudo pfctl -f /etc/pf.conf</code> again.</p>
<h2>What to do now?</h2>
<p>We are not aware of any way to prevent Private Relay from leaking this traffic, other than disabling the feature altogether. This is done in the same place where it is turned on. See <a href="https://support.apple.com/en-us/HT212614#website-not-working">Apple’s instructions</a>.</p>
<p>It is hard to speculate about the severity of this leak since the traffic is encrypted, meaning we cannot really know what it contains. This does however signal to your local network and ISP that you are using a macOS device. If your threat model forbids this, you should disable the Private Relay.</p>Mullvad Privacy Companion is now open source2022-03-22T11:02:34.858176+00:00https://www.mullvad.net/fr/blog/2022/3/22/mullvad-privacy-companion-now-open-source/<p>Mullvad Privacy Companion, a free Firefox extension helping to improve your online privacy – is now open source.</p>
<p>Six months ago, we released Mullvad Privacy Companion, a free Firefox extension helping to improve your online privacy.</p>
<p>Today, we're happy to announce a new version, now open source!</p>
<p>The Mullvad Privacy Companion interface has been reworked around recommendations, making it easier to see what you can do to improve your browser privacy.</p>
<p><img alt="" src="/media/uploads/2022/03/22/privacy-companion.png" /></p>
<h2>Why is it still in beta?</h2>
<p>There are still some bugs to be fixed and some features we want to implement. Before releasing it as stable, we want to get the code audited.</p>
<p>We welcome your feedback! Email us at <a href="mailto:support@mullvad.net">support@mullvad.net</a> or open an issue on our issue tracker*.</p>
<p><em>For your right to privacy,</em><br />
Mullvad VPN</p>
<h3>Links</h3>
<ul>
<li><a href="https://mullvad.net/download/firefox">Download Mullvad Privacy Companion</a></li>
<li><a href="https://github.com/mullvad/browser-extension">Source code</a></li>
<li><a href="https://github.com/mullvad/browser-extension/releases/tag/v0.6.3-firefox-beta">Changelog</a></li>
<li><a href="https://github.com/mullvad/browser-extension/projects/1">Roadmap</a></li>
</ul>
<p><em>*we also welcome code contributions (check out <a href="https://github.com/mullvad/browser-extension/blob/master/CONTRIBUTING.md">our guidelines</a>).</em></p>Adding another layer: Malware DNS blocking2022-03-16T10:51:39.941397+00:00https://www.mullvad.net/fr/blog/2022/3/16/adding-another-layer-malware-dns-blocking/<p>DNS blocking has become a well received addition to our service, particularly via our app. Today we announce an expansion of this service with malware blocking.</p>
<p>Last year we <a href="https://mullvad.net/en/blog/2021/5/27/how-set-ad-blocking-our-app/">announced</a> a new feature for blocking advertising and trackers <a href="https://mullvad.net/en/blog/2021/6/9/how-were-knocking-down-ads-and-tracking/">system wide via our apps</a>. These were based on lists that are readily available and viewable via <a href="https://github.com/mullvad/dns-adblock">our Github page</a>.</p>
<h2>Now available everywhere: Blocking websites serving malware</h2>
<p>This service is an extension to our other blocking services, where we block lists of known websites that serve malicious content. This feature can be used alongside our advertising and tracker blocking features, and can be enabled either via a toggle available in our desktop and iOS apps or via a custom DNS entry if you are on Android, or are using our service via a configuration file.</p>
<h2>To use this feature</h2>
<h3>For desktop and iOS:</h3>
<ul>
<li>Select the Cog → Preferences → Block malware</li>
</ul>
<p><img alt="" src="/media/uploads/2022/03/16/malware-dns-blocking.png" /></p>
<h3>For Android:</h3>
<ul>
<li>Select the Cog → Advanced → Use custom DNS and enter one of the following IP addresses that matches your desired state.</li>
</ul>
<p>For Android and configuration file users you will need to use one of the following <em>custom DNS entries</em> to enable this feature:</p>
<ul>
<li><strong>100.64.0.4</strong> - Malware blocking only</li>
<li><strong>100.64.0.5</strong> - Ad and malware blocking, <strong>no</strong> tracker blocking</li>
<li><strong>100.64.0.6</strong> - Tracker and malware blocking, <strong>no</strong> ad blocking</li>
<li><strong>100.64.0.7</strong> - Ad, tracker and malware blocking (“<em>everything</em>”)</li>
</ul>
<p>Malware blocking was made available with the app release 2022.1 on desktop and iOS.</p>
<p>We <u>will add</u> this toggleable feature to Android as well in a future release.</p>
<h2>Behind the scenes (for the nerds only)</h2>
<p>For malware URL blocking we make use of <a href="https://urlhaus.abuse.ch/downloads/rpz/">URLHaus' RPZ list</a> which we import into our OpenVPN and WireGuard servers. Since this list is frequently updated from URLHaus, we want to ensure that our lists are refreshed to match in a similar cadence.</p>
<p>These lists are included in a new Bind zonefile that sits alongside our other blocking zonefiles. Whereas the other lists are imported from <a href="https://github.com/mullvad/dns-adblock">our Github repository</a>, the malware list we use currently is taken <a href="https://urlhaus.abuse.ch/downloads/rpz/">directly from URLHaus</a>.</p>
<p>Each Bind view is then assigned an IP address which is used to specify which list, or combination of lists should be used.</p>
<p>The following list demonstrates the IP address to list combinations:</p>
<p><em>If you want to use custom DNS via our app, you can use the corresponding IP address from this list.</em></p>
<ul>
<li><strong>100.64.0.1</strong> - Ad blocking only</li>
<li><strong>100.64.0.2</strong> - Trackers only</li>
<li><strong>100.64.0.3</strong> - Ad blocking, trackers, <strong>no</strong> malware blocking</li>
<li><strong>100.64.0.4</strong> - Malware blocking only</li>
<li><strong>100.64.0.5</strong> - Ad blocking, malware blocking, <strong>no</strong> tracker blocking</li>
<li><strong>100.64.0.6</strong> - Tracker, malware blocking, <strong>no</strong> ad blocking</li>
<li><strong>100.64.0.7</strong> - Ad blocking, tracker and malware blocking (“<em>everything</em>”)</li>
</ul>
<p>We now deem our DNS-adblock repository to be stable, and have been investigating more lists that we can add to it. Previously we were refreshing the lists we had on a monthly basis.</p>
<p>This is <u><strong>not intended to be a replacement</strong></u> for <em>good security practices</em>, nor is it meant to be a replacement for an anti-malware tool. Please ensure you use this in conjunction with other practices to keep your computers and mobile devices safe, secure and up to date.</p>
<p>This initial deployment is bare bones, and will be updated in the future once we verify its stability and potentially get our customers feedback. If you have any thoughts regarding the malware list that we utilise please contact our Support Team by email: <a href="mailto:support@mullvad.net">support@mullvad.net</a></p>
<p>"WireGuard" is a registered trademark of Jason A. Donenfeld.</p>WireGuard multihop now easily available in the app2022-03-10T09:12:47.912213+00:00https://www.mullvad.net/fr/blog/2022/3/10/wireguard-multihop-now-easy-available-app/<p>To further increase your privacy and make your traffic harder to analyze, you can now route all your traffic through two servers instead of just one, directly in our desktop app, version <strong>2022.1</strong> and newer.</p>
<p>Our multihop feature allows you to connect to any WireGuard destination server via any WireGuard entry server, using a tunnel within a tunnel.</p>
<p>Selecting different servers in different jurisdictions or from different hosting providers may make data collection slightly harder. Please notice that depending on the location of the two servers, this could potentially degrade the performance to some extent.</p>
<h2>How</h2>
<p>To activate multihop go to <strong>Settings → Advanced → WireGuard settings</strong> and turn on <strong>Enable multihop</strong>.</p>
<p><img alt="" src="/media/uploads/2022/03/10/multihop1.png" /></p>
<p>After doing this, you can select the desired location for the entry end exit server by going back to the main view and opening the <strong>Switch location</strong> view. You’ll notice the two tabs at the top: <strong>Entry</strong> and <strong>Exit</strong>.</p>
<p><img alt="" src="/media/uploads/2022/03/10/multihop2.png" /></p>
<p>All the traffic is encrypted twice directly on your device. It’s a WireGuard tunnel being sent inside another WireGuard tunnel. Anything observing the traffic leaving your device will only see regular WireGuard traffic destined to the entry server. They will not be able to know that the traffic will be forwarded to another server, nor which one. The entry WireGuard server will be able to see your source IP and which exit server the traffic is headed for, but it can’t see any of the traffic. The exit server on the other hand, can see the traffic but it can’t see your original IP, only the IP of your entry server.</p>
<h2>Why</h2>
<p>There might be a number of reasons why you’d want your traffic routed through two VPN servers before it goes out on the internet. You can read our <a href="https://mullvad.net/en/help/multihop-wireguard/">WireGuard multihop guide</a> for details.</p>
<h2>Using multihop in the CLI</h2>
<p>The app has supported WireGuard multihop via the command line interface since version 2021.4. See our <a href="https://mullvad.net/en/help/cli-command-wg/#multihopping">WireGuard CLI guide</a> for details about how to use that. The big news today is that you can easily use this feature from the graphical user interface also.</p>macOS now reconnects instantly after being in sleep mode2022-03-01T13:05:44.516050+00:00https://www.mullvad.net/fr/blog/2022/3/1/macos-now-reconnects-instantly-after-being-sleep-mode/<p>Your Mac should no longer be stuck offline for a while every time it wakes up from sleep or when trying to connect to a new network.</p>
<p>In the blog post <a href="https://mullvad.net/blog/2020/11/16/big-no-big-sur-mullvad-disallows-apple-apps-bypass-firewall/">Mullvad disallows Apple apps to bypass firewall</a>, which we wrote on the 16th of November 2020 we described that the Mullvad app is not allowing Apple’s own apps to bypass our VPN firewall.</p>
<p>We did also mention some side effects, for example, the Mullvad app taking longer to detect that the computer is online. It takes in total roughly 30 seconds longer to wake up your Mac from sleep!</p>
<p>The blog post continues to state that this can only be fixed by leaking traffic to Apple. Or so we thought, but this was not true! All of this has now been fixed! Your Mac should now connect instantly on wake up from sleep, and we did not need to allow any network traffic leaks! Upgrade to app version 2022.1 or newer to get this fix.</p>
<p>If you are interested in a more technical explanation, you can read more details in our <a href="https://github.com/mullvad/mullvadvpn-app/blob/master/docs/allow-macos-network-check.md">open source code repository</a>.</p>Ending support for Windows 7, 8 and 8.1 in our app2022-02-14T14:00:58.585142+00:00https://www.mullvad.net/fr/blog/2022/2/14/ending-support-windows-7-8-and-81-our-app/<p>In June we wrote about ending support for Windows 7, 8 and 8.1, at the end of 2021. Now the time has come to say bye bye to all the older versions of Windows.</p>
<p>From version 2022.1 (yet to be released), Windows 7, 8 and 8.1 are no longer supported in our app.</p>
<p>For your own security, we recommend you to run up to date and supported operating systems. However, if you really want to, you can still continue using our service on these old Windows versions with version <a href="https://github.com/mullvad/mullvadvpn-app/releases/tag/2021.6">2021.6</a> of our app or the third party OpenVPN and WireGuard® apps.</p>
<p>As pointed out in the <a href="https://mullvad.net/blog/2021/6/15/ending-support-windows-7-8-and-81-end-year/">blog post from June last year</a>: Privacy is dependent upon security, and when the operating system does not receive security patches they become vulnerable over time.</p>
<p>Microsoft discontinued extended support for Windows 7 in 2020 and mainstream support for Windows 8.1 in 2018. They still have Extended Security Updates for special volume licenses of Windows 7 and extended support for Windows 8.1 until January 2023. We expect extremely few of our users are on special volume licenses and we know very few of our users use Windows 8.1. Since January 2023 is only 11 months away, it’s about time to upgrade.</p>
<p>This deprecation is not only about the operating systems being unsupported. It’s also about focusing our efforts where it has the most impact and will be of value to the majority of our users. Supporting Windows 7 and 8.1 takes time from both developers and testers. If we spend this time on improving the app on Windows 10 and 11 instead, those improvements will benefit a greater number of of users.</p>Diskless infrastructure in beta (System Transparency: stboot)2022-01-12T08:02:35.109784+00:00https://www.mullvad.net/fr/blog/2022/1/12/diskless-infrastructure-beta-system-transparency-stboot/<p>Diskless infrastructure using stboot (in beta) is now available on a pair of WireGuard servers in Sweden.</p>
<p>Today we are introducing our first VPN servers booted with our new bootloader - stboot. This marks the <strong>start</strong> of our long-running public-facing journey to make our VPN infrastructure transparent and user-auditable.</p>
<h2>Diskless infrastructure for VPN servers</h2>
<p>Today we announce an early beta release of a part of our System Transparency technology running on one VPN server in Gothenburg and one in Stockholm, Sweden. Both of these servers are listed in a “System Transparency [BETA]” city in our server list, viewable within our app as well as on our website.</p>
<p>You can find these servers by selecting: Switch Location → Sweden → System Transparency [BETA]</p>
<p>Make sure you are using the WireGuard protocol (applies to desktop app only).</p>
<p>This means that we now have two servers running entirely on RAM, <strong>without any disks in use</strong>.</p>
<h3>What does “without any disks in use” mean?</h3>
<ol>
<li>If the computer is powered off, moved or confiscated, there is no data to retrieve.</li>
<li>We get the operational benefits of having fewer breakable parts. Disks are among the components that break often. Therefore, switching away from them makes our infrastructure more reliable.</li>
<li>The operational tasks of setting up and upgrading package versions on servers become faster and easier.</li>
<li>Running the system in RAM does not prevent the possibility of logging. It does however minimise the risk of accidentally storing something that can later be retrieved.</li>
</ol>
<h2>Where do you pull data from if you have no disks to store it on?</h2>
<p>For these servers we make use of provisioning servers in order to download an “OS Package”. These provisioning servers have disks but they contain only the signed images and some base configuration data that our System Transparency (or stbooted) servers will use.</p>
<p>Our VPN servers launch the System Transparency bootloader (stboot) which downloads the OS package from a provisioning server and verifies that it originates from relevant Mullvad VPN staff by checking its signatures. If the OS package is valid, the OS is booted. The server then waits for an authorised member of staff to provision and deploy it for customer use.</p>
<p>By and large, these servers will be configured in a similar manner to our other WireGuard servers, except we use no disks, and RAM is the only location where data is kept.</p>
<p><img alt="" src="/media/uploads/2022/01/12/stboot1.jpg" /></p>
<p style="text-align:center">Debug output stboot starting up</p>
<p><img alt="" src="/media/uploads/2022/01/12/stboot2.jpg" /></p>
<p style="text-align:center">Debug output OS package signatures verified</p>
<h2>What happens when the server is restarted?</h2>
<p>At this point, the server would boot up, unaware about its past history due to using no disk. The process would be the same as in the previous step (download, verify, wait for authorisation).</p>
<p>In other words, we have amnesia for servers.</p>
<h2>If this is the first of many steps, what happens next?</h2>
<p>We get your feedback, if any, on how well it works!</p>
<p>We will continue to develop our provisioning and deployment process of stbooted VPN servers, starting with the ones providing WireGuard tunnels. We will start adding more servers in different locations as we get more comfortable and the projects' moving parts become more mature.</p>
<h2>End goal: Trustworthiness through transparency</h2>
<p>We are continuously striving to strengthen the trustworthiness of all aspects of our service. This is why our VPN apps have been open source since we started over 12 years ago. Achieving transparency on the server side is a very different challenge, as merely open sourcing our server software is not enough. We want our users to be able to verify and audit what is currently running on the VPN server they are connected to. This is our end goal with System Transparency.</p>
<h2>Note</h2>
<p>During this beta, WireGuard keys will be wiped on each server restart. If you are using configuration files to connect to the servers you will need to download new ones each time this happens. This does not affect the Mullvad App.</p>
<h2>Read more</h2>
<ul>
<li><a href="https://mullvad.net/blog/2019/6/3/system-transparency-future/">System Transparency is the future</a></li>
<li><a href="https://mullvad.net/blog/2019/8/7/open-source-firmware-future/">Open Source Firmware is the future</a></li>
<li><a href="https://www.system-transparency.org/">System Transparency home page</a></li>
</ul>Revisit 2021 with a walk down the red carpet2021-12-14T13:38:16.308199+00:00https://www.mullvad.net/fr/blog/2021/12/14/revisit-2021-walk-down-red-carpet/<p>It’s been rolled out! Read on to remember this year’s privacy-boosting efforts, count some numbers, and (if you somehow missed it) meet 2021’s furriest hire!</p>
<p><img alt="" src="/media/uploads/2021/12/14/year-review-2021-1.jpg" /></p>
<p>While Mullvad’s teams are busy with end-of-year reviews and discussing the strategy for 2022, CEO Jan Jonsson sat down to reflect on how 2021 shaped up for the company.</p>
<h3>Let’s start with some exciting numbers!</h3>
<p>In January, we finally moved in to our expanded office space. Now we’re on two floors with an extra 450 square meters. Perfect timing because we added nine privacy-conscious individuals (humans and mascots) to the company this year!</p>
<p><img alt="" src="/media/uploads/2021/12/14/year-review-2021-2.jpg" /></p>
<p>We have about 760 servers right now. Compared to last year a larger percentage are WireGuard servers and more have greater bandwidth capacity, at 10 Gbps.</p>
<p>With the addition of Burmese, the Mullvad VPN app is now available in 20 languages. And now customers can choose from 13 payment methods when topping up an account.</p>
<h3>Of all the things accomplished this year, which ones are worth mentioning again?</h3>
<p>Can I say all of them? No? Well, we released a duo of privacy-enhancing features – <a href="https://mullvad.net/blog/2021/6/9/how-were-knocking-down-ads-and-tracking/">Block ads and Block trackers</a> – first rolled out on iOS but now available on all platforms.</p>
<p>Then there’s the launch of <a href="https://mullvad.net/blog/2021/8/19/what-split-tunneling/">our split tunneling feature</a>. A lot of research went into informing our eventual design model.</p>
<p>We started offering <a href="https://mullvad.net/blog/2021/4/15/support-custom-dns-servers-launched/">support for custom DNS</a>.</p>
<p>And we introduced a free, privacy-enhancing tool, the <a href="https://mullvad.net/blog/2021/9/30/test-our-new-browser-privacy-tool-mullvad-privacy-companion-beta/">Mullvad Privacy Companion</a>, an extension for the Firefox browser.</p>
<p><a href="https://mullvad.net/blog/2021/10/7/improving-robustness-our-databases/">We also moved our backend databases to new hardware</a>. It’s very behind-the-scenes but it’s one of those details that helps us to provide a service that seemingly just works. It’s been a busy year!</p>
<h3>Of all the blog posts published this year, the one with the highest number of page visits is “<a href="https://mullvad.net/blog/2021/9/16/ownership-and-future-mullvad-vpn/">The ownership and future of Mullvad VPN</a>”. Why do you think that is?</h3>
<p>I’d say it has to do with a growing public interest in signals of trust from VPN providers. Mullvad’s founders wanted to speak clearly about the company’s long-term strategy so that our customers know where we stand and why.</p>
<h3>Talk about the pop-up store and awareness campaign in London back in September. Was it a success?</h3>
<p>We wanted to do something we’ve never done before and learn from it. We learned a lot, so yes, it was a big success! We now know what it takes to set up and run an ad campaign using traditional media in a foreign country. It was quite the kick to see our ads on the sides of those red double-decker buses.</p>
<p>The pop-up store gave some of our customers the opportunity to meet us in person, ask questions, and give us feedback. We had some great conversations. And it was a perfect team-building event for us after a year-and-a-half of working mostly apart from each other.</p>
<h3>We know Mullvad’s opinion on privacy-invasive cookies, but tell us about the furry one you recently hired.</h3>
<p>Ah yes, <a href="https://youtu.be/aWcCWl_19ZU">our new mascot</a>! Cookie’s first week on the job was helping us in London and our sidekick was a real hit.</p>
<p><img alt="" src="/media/uploads/2021/12/14/year-review-2021-3.jpg" /></p>
<p>Some people are too shy to come up to us on the street or don’t like being approached by strangers, but it’s hard to pass up the chance to get a selfie with a <a href="https://www.youtube.com/watch?v=aWcCWl_19ZU">very cute, seven-foot mole</a>. Then they get curious about what Mullvad VPN is and start asking us questions. Cookie is a great icebreaker. I’m a bit nervous about when it’s time to talk salary reviews…</p>Forget your passwords – except one2021-11-15T14:53:22.106157+00:00https://www.mullvad.net/fr/blog/2021/11/15/forget-your-passwords-except-one/<p>Tired of trying to memorize dozens of passwords while compromising your security in the process? The solution: a password manager! Choose from our five recommendations that cover a range of needs.</p>
<p><img alt="" src="/media/uploads/2021/11/15/passwords.jpg" /></p>
<p>A good password manager offers secure and encrypted storage for all of your login credentials in one convenient location. Just like carrying around one master key that safeguards a cabinet of keys, you only need to memorize one master password to access the rest.</p>
<p>When you need to log in to a website, you unlock the manager and it automatically fills in your username and password for you. And when it’s time to create a new login, the manager will automatically generate a secure password for you. Add an extra layer of security by turning on two-factor authentication, or 2FA as it’s known for short (a topic for another post).</p>
<p>Once you use a password manager, you’ll probably wonder why you waited so long to be freed from the burden of all passwords!</p>
<h2>Choose an option that you’ll actually use</h2>
<p>Does the idea of setting up and learning a new program overwhelm you? Never fear. The options below cover a range of comfort levels and needs. We’ve ordered them from easy-to-use to advanced.</p>
<h3>Level 1: good old-fashioned pen and paper</h3>
<p>Going old school is a pretty secure option because no one can (digitally) hack into your kitchen drawer. Plus, writing a list is pretty straightforward. Just remember to <a href="https://mullvad.net/help/create-better-passwords/">create strong, unique passphrases</a>.</p>
<p>If constantly fetching the list or typing long passphrases becomes a headache, then maybe software is worth considering.</p>
<h3>Level 2: built-in solutions</h3>
<p>Check if your operating system offers its own password manager. “Native” or built-in options will offer a sense of familiarity since they usually have the same look and feel as the platform you’re already used to – but you can do one better!</p>
<h3>Level 3: cross-platform managers</h3>
<p>Ready to try a password manager for the first time and want something that handles your login credentials across your laptop, phone, and tablet? Many of us at Mullvad use <a href="https://bitwarden.com/">Bitwarden</a> for managing our personal passwords. It’s easy enough that some of our parents use it too! As a bonus, it features open-source code, and the option for self hosting is also available.</p>
<h3>Level 4: a multi-solution approach</h3>
<p>Here at Mullvad headquarters, we set our security standards pretty high. That’s why we use different tools that, when used together, provide better security. For password management, some of our teams use <a href="https://keepassxc.org/">KeePassXC</a> in combination with Yubikeys.</p>
<p> </p>
<p><em>One step closer to online privacy,</em><br />
Mullvad VPN</p>
<p> </p>Introducing WireGuard over TCP and IPv62021-11-01T13:30:29.939717+00:00https://www.mullvad.net/fr/blog/2021/11/1/introducing-wireguard-over-tcp-and-ipv6/<p>As we add more advanced settings to Mullvad VPN, we need your feedback more than ever. That’s why we’re encouraging desktop users to test our first implementations of WireGuard over both TCP and IPv6.</p>
<p>To try out either setting, get the latest Windows, macOS, or Linux version of the <a href="https://mullvad.net/download/">Mullvad VPN app</a>. If you’re willing to give us any feedback, send it to support@mullvad.net.</p>
<h2>How to connect to WireGuard servers over IPv6</h2>
<p>This setting has been available in the CLI, but it’s now configurable in the app.</p>
<ol>
<li>Open the desktop app.</li>
<li>Open <strong>Settings > Advanced</strong>.</li>
<li>Set the <strong>Tunnel protocol</strong> to “WireGuard”.</li>
<li>Below that, click on <strong>WireGuard settings</strong>.</li>
<li>Scroll to <strong>IP version</strong> and choose “IPv6”.</li>
</ol>
<p>For this to work, your device needs to not only support IPv6 but also be connected to a network that offers it.</p>
<h2>How to use WireGuard over TCP</h2>
<p>WireGuard out of the box works only over UDP. This can cause problems because UDP is blocked on many public networks like in cafes and on trains. That’s why we’re introducing a solution for WireGuard over TCP.</p>
<p>In this first iteration, we’ve deployed it to only a few servers. If we get feedback that the solution works well, we’ll expand it to all of our WireGuard servers.</p>
<p>Here are the servers that currently support WireGuard over TCP:</p>
<ul>
<li>au1-wireguard</li>
<li>de12-wireguard</li>
<li>gb5-wireguard</li>
<li>jp13-wireguard</li>
<li>nl2-wireguard</li>
<li>se6-wireguard</li>
<li>se9-wireguard</li>
<li>se17-wireguard</li>
<li>us113-wireguard</li>
<li>us114-wireguard</li>
</ul>
<p>To try this, you’ll need to use the <a href="https://mullvad.net/help/how-use-mullvad-cli/">Mullvad CLI</a>.</p>
<ol>
<li>Run <code>mullvad relay set hostname se6-wireguard</code> (use any of the servers mentioned above).</li>
<li>Run <code>mullvad relay set tunnel wireguard --protocol tcp</code> (to reset the configuration, use the same command but with <code>--protocol any</code>).</li>
<li>Once you’re connected, check your status to verify that you’re using TCP.</li>
</ol>Try WireGuardNT for better Windows performance2021-10-28T11:58:03.896288+00:00https://www.mullvad.net/fr/blog/2021/10/28/try-wireguardnt-better-windows-performance/<p>Calling all early adopters on Windows! Blaze a trail with us and test if our experimental implementation of the new WireGuardNT kernel driver gives you a boost in performance.</p>
<p>This addition to the latest Mullvad VPN app release follows close on the heels of the <a href="https://git.zx2c4.com/wireguard-nt/about/">WireGuard developers' recent release of an in-kernel implementation for Windows</a>. It’s great news for our goal of making WireGuard the default protocol in our Windows app.</p>
<p>We hope our Windows customers will experience improved performance, especially over WiFi.</p>
<h2>Here’s how to try WireGuardNT</h2>
<p>This implementation is disabled by default. To turn it on, you’ll need to use the <a href="https://mullvad.net/help/how-use-mullvad-cli/">Mullvad CLI</a>.</p>
<p>Open the command prompt and run <code>mullvad tunnel wireguard use-wireguard-nt set on</code>.</p>
<p>To stop using it, use the same command but with <code>off</code>.</p>
<h2>We want your feedback!</h2>
<p>Since we’re still in the early stages of development, we would greatly benefit from any feedback you’re willing to share with us about your experience. Send your comments to support@mullvad.net.</p>Use filtering to show your preferred hosting providers2021-10-26T09:07:06.782929+00:00https://www.mullvad.net/fr/blog/2021/10/26/use-filtering-show-your-preferred-hosting-providers/<p>Looking for more control over your choice of servers? Try filtering the server location list by hosting provider, available in the desktop version of the Mullvad VPN app.</p>
<p>Released today in the 2021.5 app version for Windows, macOS, and Linux, this feature helps to narrow down the server location list from our 21 hosting providers to the ones that you prefer. For example, if you know which providers give you the best peering or speeds, you can filter out the rest.</p>
<p>Here’s how to filter by hosting provider:</p>
<ol>
<li>Open the app.</li>
<li>Open the location selection view.</li>
<li>Click on the <strong>Filter icon</strong>, located in the top-right corner, then on <strong>Filter by provider</strong>.</li>
<li><strong>Check the boxes</strong> next to the providers you prefer.</li>
<li>Click <strong>Apply</strong> to update the location list.</li>
</ol>
<div class="is-info notification">If you filter out the provider(s) of the currently selected location, the app will block your connection until you choose a server or location from the filtered list.</div>
<p>For more details about our servers, check out our <a href="https://mullvad.net/servers/">servers page</a>.</p>New Reseller: Smartech, inside Selfridges, London2021-10-08T08:44:16.062671+00:00https://www.mullvad.net/fr/blog/2021/10/8/new-reseller-smartech-inside-selfridges-london/<p>As of today, Mullvad VPN has a new reseller - Smartech, inside Selfridges on Oxford Street, London, UK.</p>
<p>Smartech will sell Mullvad VPN scratch coupons in-store at Selfridges and on their online store <a href="https://www.smartech.buzz/">Smartech Virtual Store</a>.</p>
<p><img alt="" src="/media/uploads/2021/10/08/selfridges1.png" /></p>
<p>You can buy the scratch coupon and generate an account at <a href="http://mullvad.net/">mullvad.net</a>, choose “voucher” as the payment method and then download our <a href="https://mullvad.net/download">app</a> on your preferred device(s).</p>
<p><img alt="" src="/media/uploads/2021/10/08/selfridges2.jpg" /></p>
<p><img alt="" src="/media/uploads/2021/10/08/selfridges3.png" /></p>
<p>Mullvad VPN partnerships page has been updated.</p>Improving the robustness of our databases2021-10-07T11:19:18.666484+00:00https://www.mullvad.net/fr/blog/2021/10/7/improving-robustness-our-databases/<p>We really don’t like storing data, but there are some we can't avoid storing. At least we can keep that safe.</p>
<p>We recently migrated our backend databases to new hardware, with the intention of improving robustness and reliability. What does this mean exactly? Did we upgrade something to improve our scaling due to a mass influx of users? What changed? Why new hardware?</p>
<h2>First, a little background</h2>
<p>We really don’t like storing any data about our customers. It is in our privacy model and our reason for being. What we do want to do is provide a reliable and robust service for you.</p>
<p>Our backend servers provide, among other things, the list of servers and their working status, the account tokens, and payment status of your account – inner workings so that we can allow you to use our service. As you can imagine it is a <em>very</em> critical part of our internal infrastructure.</p>
<h2>So what exactly did we do?</h2>
<p>Our backend servers are made up of a number of <em>worker</em> servers. These take in the queries that our website sends it, and returns information to you or the Mullvad app. These <em>worker</em> servers are connected to a number of our databases. That is where the account information (16-digit tokens, payment status) as well as server details are stored.</p>
<p>These databases were moved to new hardware for a number of reasons:</p>
<ul>
<li>We need to scale up. We have a lot of new customers coming in, and we need to ensure that we provide a reliable service for new and current customers.</li>
<li>We cannot afford to lose your trust. We want to have redundant data so that in case of a panic, we do not lose your trust, or your account status.</li>
<li>We want to simplify and internally share the knowledge of how our services are set up.</li>
</ul>
<h2>Some <em>slightly more technical</em> technicalities</h2>
<p>We run a replicating PostgreSQL set up on our database servers. They are located in a number of data centers in Sweden, all with powerful hardware, multiple disks, dedicated power supplies, and their own UPS each (failover batteries).</p>
<p>Our databases replicate from a leader database. The <em>leader</em> is what our backend servers connect to, where the queries that the website, app or other <em>client</em> get sent. The followers are continuously archiving and keeping a local copy of any updates that the leader gets, but they’re in read-only mode: only the leader can answer backend servers' queries.</p>
<p>Having many databases in multiple locations means we have the reliability of different power supplies and redundancy against <em>an entire data center losing power</em>.</p>
<p>To connect these databases together we use our trusted WireGuard® protocol. We are big fans of WireGuard, and we found it fitting to implement it to secure the data sent between each database, especially if they are to be located in many locations. We also make use of TLS certificates and strong encryption on the replication and backend servers' queries. We only want the relevant services to be able to get the relevant information.</p>
<h2>Toward the future</h2>
<p>Simplification of services is our future goal. We will be improving the deployment of all our services moving forward, aiming for trust, reliability and robustness in all that we provide.</p>
<p>For your right to privacy,<br />
Mullvad VPN</p>
<p> </p>
<p>"WireGuard" is a registered trademark of Jason A. Donenfeld.</p>A big welcome to our new mascot!2021-10-06T07:19:05.781491+00:00https://www.mullvad.net/fr/blog/2021/10/6/big-welcome-our-new-mascot/<p>We have a mascot!</p>
<p>Please join us in welcoming our mascot and look at our presentation (youtube) <a href="https://www.youtube.com/watch?v=aWcCWl_19ZU">https://www.youtube.com/watch?v=aWcCWl_19ZU</a></p>Test our new browser privacy tool: Mullvad Privacy Companion Beta2021-09-30T11:52:01.438992+00:00https://www.mullvad.net/fr/blog/2021/9/30/test-our-new-browser-privacy-tool-mullvad-privacy-companion-beta/<p>Today we release a new tool to help anyone along on their privacy journey. Try the free Mullvad Privacy Companion Beta extension for Firefox desktop.</p>
<p>Reclaiming your right to privacy on the web is hard. There’s no single, magical pill that mitigates it all – not even a VPN (although it’s a good start). The fight requires habit changes, tools that block and protect, and sometimes changes to the settings in your browser or device.</p>
<p>For a long time, we’ve been pointing you toward our <a href="https://mullvad.net/help/first-steps-towards-online-privacy/">privacy guides</a>, but we’ve dreamed of making it easier and quicker for everyone to achieve greater privacy online. That’s how the idea of the Mullvad Privacy Companion was born.</p>
<p><img alt="" src="/media/uploads/2021/09/30/mullvad-privacy-companion.png" /></p>
<h2>A companion to anyone’s digital privacy</h2>
<p>Now you can enhance your privacy and anonymity with a number of settings and tools, all conveniently located in one place. Our browser extension is free for anyone – including non-Mullvad VPN customers.</p>
<p>Here’s a short features tour of the Mullvad Privacy Companion Beta.</p>
<h3>Quick installation of privacy tools</h3>
<p>A list of Mullvad-recommended Privacy extensions shows which ones you’ve already installed, plus the ones you’re missing along with an “Install” button that takes you directly to the installation page.</p>
<h3>Disable IP-exposing WebRTC</h3>
<p>Under Privacy settings you’ll find the option to disable WebRTC, <a href="https://mullvad.net/help/webrtc/">a technology that can jeopardize your anonymity</a>.</p>
<h3>Route your browser traffic through a different server</h3>
<p>With one click of the <strong>Connect proxy</strong> button (visible only when connected to Mullvad VPN), <a href="https://mullvad.net/blog/2021/4/8/socks-for-expats-try-ours-on-for-a-better-browsing-experience/">your browser traffic will exit a different location</a> than the one you’re connected to. Without the browser extension, using our SOCKS5 proxy requires a multi-step process to configure Firefox’s network settings.</p>
<p><strong>Don’t see the button?</strong> Remember, it’s only visible when connected to Mullvad VPN. You also need to right click on the extension icon, then choose Manage Extension. Next to Run in Private Windows, choose Allow.</p>
<h3>Reduce those annoying CAPTCHAs</h3>
<p>A nice bonus of using the above-mentioned proxy is that you won’t experience as many of those annoying CAPTCHAs.</p>
<h2>Get the free extension for Firefox</h2>
<p>We invite you to install and try the first public beta version of the Mullvad Privacy Companion:</p>
<ol>
<li>In Firefox, visit our <a href="https://mullvad.net/download/firefox">Mullvad Privacy Companion installation page</a> and click <strong>Install</strong>.</li>
<li>In the pop-up, click <strong>Continue to Installation</strong>.</li>
<li>When asked to “Add Mullvad Privacy Companion”, click <strong>Add</strong>.</li>
<li><strong>Tick the box</strong> next to “Allow this extension to run in Private Windows”, then click <strong>Okay</strong>. This step is required to use the proxy.</li>
<li>You’re all done!</li>
</ol>
<p>And of course, we welcome your feedback! Email us at support@mullvad.net. What you see in the extension might seem limited, but we have a long wish list of items to add – a privacy journey of our own!</p>
<p><em>For your right to privacy,</em><br />
Mullvad VPN</p>Our second week in London2021-09-20T15:59:19.885622+00:00https://www.mullvad.net/fr/blog/2021/9/20/our-second-week-in-london/<p>We are building a future in Online Privacy! Meet us at 33 Great Windmill St – 33 Great Windmill St, London:</p>
<p><img alt="" src="/media/uploads/2021/09/20/london2.jpg" /></p>
<p><strong>This week's hours:</strong></p>
<p>Mo 20th, 1pm-7pm<br />
Tu 21th, 1pm-7pm<br />
We 22nd, 1pm-7pm<br />
Th 23rd, 1pm-7pm<br />
Fr 24th, 1pm-7pm (our app team will be here)</p>The ownership and future of Mullvad VPN2021-09-16T13:17:33.742175+00:00https://www.mullvad.net/fr/blog/2021/9/16/ownership-and-future-mullvad-vpn/<p>This article is by our founders and sole shareholders, Daniel Berntsson and Fredrik Strömberg. Mullvad VPN is here to stay, and we are not interested in ever selling it.</p>
<p>We started building this organization in the summer of 2008 for idealistic reasons, and we are still idealists who think privacy is fundamental to a civilized society.</p>
<p>The best strategy for achieving societal impact through entrepreneurship is consistent, long-term, and value-based ownership. For us, this disqualifies taking outside investment, either through venture capital or going public. Mullvad has instead been growing organically without outside investments. It takes longer but the results are better.</p>
<p>In Swedish business tradition, the most important and foundational document for a corporation is its owner’s directive. It is a steering document that governs the board of directors which in turn sets strategy and long-term goals for the company.</p>
<p>The <a href="https://mullvad.net/en/help/owners-directive-for-mullvad-vpn/">owner's directive of Mullvad VPN (link in Swedish)</a> states the following:</p>
<ul>
<li>Daniel Berntsson and Fredrik Strömberg will continue to own 50% each of the shares.</li>
<li>No further contribution of capital or new issue of shares is expected to be necessary.</li>
<li>Our investment horizon is “to plant trees in the shade of which we will never sit”.</li>
<li>Mullvad's vision is to make censorship and mass surveillance impractical.</li>
<li>Mullvad shall strive to act in accordance with its cultural pillars of trustworthiness, transparency, and trailblazing.</li>
<li>Owners’ restriction on board and CEO: honesty, especially in marketing.</li>
</ul>
<p>These principles have withstood the test of time – more than 10 years. Our conviction has remained unchanged through multiple serious offers of acquisition and outside investment. Words are cheap of course, but consistent action over the course of more than a decade is not.</p>
<p>Those who have known Mullvad VPN for years know how we’ve acted. You can expect more of the same. We will surely make mistakes, some colleagues will leave and others will join, but the organization we’re building together is in it for the long haul.</p>Visit Mullvad pop-up store in London!2021-09-15T04:33:39.796178+00:00https://www.mullvad.net/fr/blog/2021/9/15/visit-mullvad-pop-store-london/<p>Meet the team behind Mullvad! Visit our pop-up store at 33 Great Windmill St.</p>
<p><img alt="" src="/media/uploads/2021/09/15/godnight.jpg" /></p>
<p><strong>This week’s hours:</strong><br />
<br />
We 15th, 10am-7pm<br />
Th 16th, 10am-7pm<br />
Fr 17th, 10am-4pm<br />
Sa 18th, 10am-4pm</p>Foundations of secure split tunneling2021-09-10T06:01:29.367285+00:00https://www.mullvad.net/fr/blog/2021/9/10/foundations-secure-split-tunneling/<p>Congrats, you crossed the finish line of our split tunneling series! We wrap up with Part 5 and explain the key attributes that informed our secure design and invite you to build upon it.</p>
<p>The previous article on split tunneling looked at common mistakes in the design and implementation of existing solutions. When we set out to build our own, we wanted to make something better, something more secure. As we carefully reviewed the list of common issues, certain patterns started emerging.</p>
<h2>Sorting apps into three groups</h2>
<p>What we found is that many existing implementations fail to define and enforce a proper model. In our design, we use a model that sorts all apps into one of three groups: Excluded, Included, and Undecided. This is important because we can now define rules for each group to ensure that apps will behave securely.</p>
<p>The groups' rules are actually pretty simple. The strength in this system lies in the fact that groups have no overlap and that the Undecided group removes any race conditions and ambiguity.</p>
<h3>“Excluded” group</h3>
<ul>
<li>New connections are forced outside the tunnel.</li>
<li>Existing connections inside the tunnel are blocked.</li>
<li>If there is no IPv6 on the LAN interface, all IPv6 for this app is blocked to prevent it from leaking inside the tunnel.</li>
<li>Group association is inherited by child processes.</li>
</ul>
<h3>“Included” group</h3>
<ul>
<li>New connections are forced inside the tunnel.</li>
<li>Existing connections outside the tunnel are blocked.</li>
</ul>
<h3>“Undecided” group</h3>
<ul>
<li>This group does not communicate freely on any network.</li>
<li>New connections are pended until the app is promoted to a different group.</li>
</ul>
<p>Seeing the rules laid out, you can imagine how apps are able to move between groups without issues. An app always exists on either side of the tunnel, never both.</p>
<h2>Why three groups?</h2>
<p>The Undecided group addresses a very important concern. Typically what happens on Windows is that apps start in the Included group and are later moved to the Excluded group. The app is moved at some unspecified time in the future when the VPN is done classifying it. This works well for a lot of apps and applications and is usually pretty quick to happen. But there are no guarantees. Depending on how stars happen to align on a particular day (actually: CPU model, system load, Windows edition, and other factors) the VPN could be slow to react, and meanwhile the app (which is supposed to be excluded!) is sending and receiving data inside the tunnel.</p>
<p>The Mullvad app places all launching apps into the Undecided group. This prevents leaks and removes the uncertainty that otherwise exists when apps are starting up.</p>
<h2>Take our solution and run with it!</h2>
<p>We hope our design and implementation advances the state of art for split tunneling on Windows. All of the issues listed in the previous article on leaks are addressed either in the design or by using proactive coding. As usual, <a href="https://github.com/mullvad/win-split-tunnel">Mullvad’s split tunneling design is open source</a> and we invite others to study our work and build upon it.</p>
<h2>How do I use Mullvad’s split tunneling feature?</h2>
<p>The feature is currently available on Windows, Android, and Linux versions of the Mullvad VPN app.</p>
<p>You can find the setting under <strong>Settings > Advanced > Split tunneling</strong>. Platform-specific details can be found in our <a href="https://mullvad.net/help/split-tunneling-with-the-mullvad-app/">split tunneling guide</a>.</p>
<p><img alt="" src="/media/uploads/2021/09/10/split-tunneling.jpg" style="height:496px; width:300px" /></p>
<h2>That’s it, folks!</h2>
<p>Thanks for following our five-part series on split tunneling! If you missed the previous articles, we invite you to peruse them at your leisure:</p>
<ol>
<li><a href="https://mullvad.net/en/blog/2021/8/19/what-split-tunneling/">What is split tunneling?</a></li>
<li><a href="https://mullvad.net/en/blog/2021/8/25/when-split-tunneling-useful/">When is split tunneling useful?</a></li>
<li><a href="https://mullvad.net/en/blog/2021/9/2/limitations-split-tunneling/">The limitations of split tunneling</a></li>
<li><a href="https://mullvad.net/en/blog/2021/9/8/can-split-tunneling-be-leaking-traffic/">Can split tunneling be leaking traffic?</a></li>
<li>Foundations of secure split tunneling (this article)</li>
</ol>
<p><em>For the universal right to privacy,</em><br />
Mullvad VPN</p>Can split tunneling be leaking traffic?2021-09-08T06:20:35.869088+00:00https://www.mullvad.net/fr/blog/2021/9/8/can-split-tunneling-be-leaking-traffic/<p>As we near the end of our split tunneling series, we look under the hood in Part 4 to examine where leaks tend to occur in split tunneling solutions.</p>
<p>When using a VPN, a traffic leak occurs when data is sent on the wrong side of the tunnel, or more specifically outside of it. With split tunneling, the “wrong side” becomes interesting. If an app has been excluded from the tunnel, leaking would occur if its traffic is sent inside the VPN tunnel.</p>
<h2>Where leaks occur – examples in Windows</h2>
<p>While in the process of designing our own split tunneling implementation, we examined other VPN solutions and noticed that leaks typically occur at certain points. Let’s take a closer look at those points, narrowing our focus specifically to Windows implementations of split tunneling.</p>
<p>Windows is especially interesting, both because it's widely used and because the system has built-in support for traffic splitting. However, the built-in support doesn't address leaks in the slightest, and therefore it's entirely up to the VPN provider to stop leaks from occurring.</p>
<h3>Changing a running app from included to excluded</h3>
<p>If a running app is dynamically updated to become excluded and existing in-tunnel connections are allowed to remain functional, the app now exists on both sides of the tunnel. When you enter data into the app, there are no guarantees as to which side of the tunnel communications will be sent on.</p>
<h3>Changing a running app from excluded to included</h3>
<p>This is just like the scenario above, except the running app is updated to become included.</p>
<h3>If a child process of an excluded app is not automatically excluded</h3>
<p>We have to assume that any child processes share a context with their parent, because they could be. By not excluding the child, the context now exists on both sides of the tunnel. See the first point for why this is bad.</p>
<h3>Through a race condition that may exist before a launching app has been evaluated for splitting</h3>
<p>In a naive implementation of split tunneling, running apps are divided into two categories: excluded apps and all others. However, if an app starting up is by default in the second category, and is later promoted to the first category, there is always going to be a short moment of time during which it can communicate freely inside the tunnel.</p>
<h3>If IPv6 is not supported in the splitting logic</h3>
<p>Default networking logic will send the excluded app's IPv6 traffic inside the tunnel, making the app exist on both sides of the tunnel.</p>
<h3>If connections to localhost are mistakenly considered in the splitting logic</h3>
<p>This is a simple coding bug which is easy to avoid. In unfortunate cases, this can result in private services or daemons being accessible on the local network.</p>
<h2>How do I use Mullvad’s split tunneling feature?</h2>
<p>The feature is currently available on Windows, Android, and Linux versions of the Mullvad VPN app.</p>
<p>You can find the setting under <strong>Settings > Advanced > Split tunneling</strong>. Platform-specific details can be found in our <a href="https://mullvad.net/help/split-tunneling-with-the-mullvad-app/">split tunneling guide</a>.</p>
<p><img alt="" src="/media/uploads/2021/09/08/split-tunneling-4.jpg" style="height:496px; width:300px" /></p>
<h2>Up next</h2>
<p>This article is in a five-part series on split tunneling – all written by a Mullvad developer. Stay tuned for the final installment which will discuss <strong>the foundations of secure split tunneling</strong>.</p>
<p>If you missed the previous articles, we invite you to peruse them at your leisure:</p>
<ol>
<li><a href="https://mullvad.net/en/blog/2021/8/19/what-split-tunneling/">What is split tunneling?</a></li>
<li><a href="https://mullvad.net/en/blog/2021/8/25/when-split-tunneling-useful/">When is split tunneling useful?</a></li>
<li><a href="https://mullvad.net/en/blog/2021/9/2/limitations-split-tunneling/">The limitations of split tunneling</a></li>
<li>Can split tunneling be leaking traffic? (this article)</li>
<li><a href="https://mullvad.net/en/blog/2021/9/10/foundations-secure-split-tunneling/">Foundations of secure split tunneling</a></li>
</ol>
<p><em>For the universal right to privacy,</em><br />
Mullvad VPN</p>The limitations of split tunneling2021-09-02T06:36:45.884691+00:00https://www.mullvad.net/fr/blog/2021/9/2/limitations-split-tunneling/<p>You’ve made it to the halfway point of our split tunneling series! In Part 3, get a little technical as we inspect some limitations of our split tunneling implementation and how to work around them.</p>
<p>Let’s dive right into the limitations that our split tunneling solution presents. We’ll also mention how to work around them.</p>
<h2>Name resolution</h2>
<p>Due to how DNS is configured and used on most platforms, requests will still be sent inside the tunnel, even for applications that are selected to have their traffic excluded.</p>
<h3>Let’s use the gaming scenario to see how this could cause issues</h3>
<p>Imagine that you are located in Japan and connected to a VPN server in California. But to achieve low round-trip times when playing your favorite online game, you use split tunneling to exclude your gaming traffic from traveling across the ocean and back.</p>
<p>As with many online games, the one you play has its servers scattered around the world. It also uses DNS to assign servers to its players. Because of this, it will pick the server closest to your VPN location, in this case California.</p>
<p>So even though your gaming traffic is traveling outside of the VPN tunnel (thanks to split tunneling), it's being sent to a server far, far away. This means you won't experience the performance boost that split tunneling can provide.</p>
<h3>Two ways in which this can be mitigated</h3>
<ul>
<li><strong>Enable DoH/DoT</strong> (DNS over HTTPS/DNS over TLS) in the game client to override DNS hijacking on the VPN server. DNS traffic will then be sent, encrypted, between yourself and your configured DNS server. You can <a href="https://mullvad.net/help/dns-over-https-and-dns-over-tls/">try our DoH/DoT service</a>, but if none of our DNS servers are near you, then nothing will be gained.</li>
<li><strong>Connect to a VPN server in your area.</strong> In this case, the game server will still be selected based on the VPN server’s location. But since you and the server are in the same region, the end result should be the same, as a game server close to both of you will be selected.</li>
</ul>
<h2>Competing network software (in Windows)</h2>
<p>It could happen that split tunneling stops working if you have multiple applications (kernel drivers) that are fighting to manage new network connections. You'll experience this as split apps being offline.</p>
<p>Examples of software that could collide with the split tunneling functionality include proxy software, firewalls, and similar security software. Sometimes the collision is caused by using overlapping configurations, other times, merely having the applications installed simultaneously could result in collisions.</p>
<p>If split tunneling stops working in this manner, it's only the splitting logic that becomes ineffective. Security is guaranteed and anti-leak protection remains intact. In other words, all traffic that can’t be split and is heading for the tunnel is safely blocked. This is in full contrast to other split tunneling implementations we have examined.</p>
<p>This issue can only be resolved by modifying the set of installed apps or their internal configurations.</p>
<h2>Localhost communications (in Windows)</h2>
<p>This issue is only present in the Windows implementation of split tunneling, thanks to somewhat a perfect storm.</p>
<p>There's an issue with client software attempting to connect to localhost. Excluded apps are generally prevented from connecting to local services on a UDP socket. This can be a problem if an excluded app needs to communicate with a daemon on the local machine and uses network sockets for this communication. An example would be if an excluded app tries to use a proxy service running on the local machine.</p>
<p>There's no general workaround for this issue. You'll need to change your configuration on a case-by-case basis.</p>
<h2>Connection lifetimes (in Linux)</h2>
<p>This issue is only present in our implementation of split tunneling on Linux.</p>
<p>Most connections that are established from excluded apps are dependent on the lifetime of the VPN tunnel. An exception to this is any local connection that has the destination address on the local network, in other words, connections to devices on your LAN.</p>
<p>Therefore, anytime you switch VPN servers or explicitly disconnect the VPN tunnel, affected connections will be broken.</p>
<h2>How do I use Mullvad’s split tunneling feature?</h2>
<p>The feature is currently available on Windows, Android, and Linux versions of the Mullvad VPN app.</p>
<p>You can find the setting under <strong>Settings > Advanced > Split tunneling</strong>. Platform-specific details can be found in our <a href="https://mullvad.net/help/split-tunneling-with-the-mullvad-app/">split tunneling guide</a>.</p>
<p><img alt="" src="/media/uploads/2021/09/02/split-tunneling-3_k5CRlaK.jpg" style="height:496px; width:300px" /></p>
<h2>Up next</h2>
<p>This article is in a five-part series on split tunneling – all written by a Mullvad developer. Stay tuned for the next installment which will discuss <strong>split tunneling and traffic leaks</strong>.</p>
<p>If you missed the previous articles, we invite you to peruse them at your leisure:</p>
<ol>
<li><a href="https://mullvad.net/en/blog/2021/8/19/what-split-tunneling/">What is split tunneling?</a></li>
<li><a href="https://mullvad.net/en/blog/2021/8/25/when-split-tunneling-useful/">When is split tunneling useful?</a></li>
<li>The limitations of split tunneling (this article)</li>
<li><a href="https://mullvad.net/en/blog/2021/9/8/can-split-tunneling-be-leaking-traffic/">Can split tunneling be leaking traffic?</a></li>
<li><a href="https://mullvad.net/en/blog/2021/9/10/foundations-secure-split-tunneling/">Foundations of secure split tunneling</a></li>
</ol>
<p><em>For the universal right to privacy,</em><br />
Mullvad VPN</p>When is split tunneling useful?2021-08-25T06:03:18.409439+00:00https://www.mullvad.net/fr/blog/2021/8/25/when-split-tunneling-useful/<p>Go off-roading in Part 2 of our split tunneling series to explore why you might want to use the feature for gaming, banking, and streaming services – and how to use it on Mullvad VPN.</p>
<p>There are a number of use cases for split tunneling. Let’s focus on three that are pretty common.</p>
<h3>Gaming</h3>
<p>Avid gamers know the importance of having low round-trip times. By gaming outside the tunnel, you may get a more direct route to the game server and lower ping times.</p>
<p>Our implementation of split tunneling tracks application association. This means that if you exclude Steam from the tunnel, all games started from within Steam will be excluded as well.</p>
<p>Banking</p>
<p>Certain financial institutions have strict login requirements and may reject VPN connections or even lock your account if they detect that you’re using one. This can be easily avoided by performing all online banking tasks outside the encrypted tunnel.</p>
<p>In the Mullvad VPN app for Windows, it's possible to split and reset your web browser dynamically. You can do the same for Android, but you can also simply exclude your bank’s app from the tunnel. For browser-based banking on either platform, we recommend using a dedicated secondary web browser and configuring it to be permanently split. This will aid in creating a solid process where the browser is excluded from the tunnel.</p>
<h3>Streaming</h3>
<p>There are two common issues when using a VPN to access streaming services:</p>
<ul>
<li>Most providers of streaming content offer geographically adapted catalogs.</li>
<li>Most providers reject VPN connections.</li>
</ul>
<p>Point one implies that if you're connecting through a VPN server outside of your country, you won't be able to access local TV shows. Point two means that even when using a local VPN server, the streaming provider might block you anyway.</p>
<p>Clearly, accessing streaming media outside of the encrypted tunnel is a smoother solution than trying to fight the limitations mentioned.</p>
<h2>How do I use Mullvad’s split tunneling feature?</h2>
<p>The feature is currently only available on Windows, Android, and Linux versions of the Mullvad VPN app.</p>
<p>You can find the setting under <strong>Settings > Advanced > Split tunneling</strong>. Toggle on any gaming, banking, or streaming apps to exclude them from the VPN tunnel.</p>
<p>Platform-specific details can be found in our <a href="https://mullvad.net/help/split-tunneling-with-the-mullvad-app/">split tunneling guide</a>.</p>
<p><img alt="" src="/media/uploads/2021/08/25/split-tunneling-2.jpg" style="height:496px; width:300px" /></p>
<h2>What's next?</h2>
<p>This article is in a five-part series on split tunneling – all written by a Mullvad developer. Stay tuned for the next installment on <strong>the limitations of split tunneling</strong>.</p>
<p>If you missed the first article, we invite you to peruse it at your leisure:</p>
<ol>
<li><a href="https://mullvad.net/en/blog/2021/8/19/what-split-tunneling/">What is split tunneling?</a></li>
<li>When is split tunneling useful? (this article)</li>
<li><a href="https://mullvad.net/en/blog/2021/9/2/limitations-split-tunneling/">The limitations of split tunneling</a></li>
<li><a href="https://mullvad.net/en/blog/2021/9/8/can-split-tunneling-be-leaking-traffic/">Can split tunneling be leaking traffic?</a></li>
<li><a href="https://mullvad.net/en/blog/2021/9/10/foundations-secure-split-tunneling/">Foundations of secure split tunneling</a></li>
</ol>
<p><em>For the universal right to privacy,</em><br />
Mullvad VPN</p>
<p> </p>Terminate cookie-based tracking with “Strict” mode in Firefox2021-08-20T06:15:05.312470+00:00https://www.mullvad.net/fr/blog/2021/8/20/terminate-cookie-based-tracking-with-strict-mode-in-firefox/<p>With a simple change in Firefox settings, you can put a lid on cookies that track you across sites and reclaim a few crumbs of privacy.</p>
<p>How it works is that the cookies on a website get put into an isolated cookie jar. Each website gets its own jar. Cookies are thereby unable access other jars which prevents them from following you around the Internet.</p>
<h2>Here’s how to stop cookies from following you</h2>
<p>The instructions are for desktop, but the steps are similar for mobile.</p>
<ol>
<li>Make sure you have the latest version of Firefox installed.</li>
<li>Open Firefox.</li>
<li>Click on the <strong>menu button</strong> (☰), then <strong>Settings</strong>.</li>
<li>On the left-hand side, click <strong>Privacy & Security</strong>.</li>
<li>Change Enhanced Tracking Protection to <strong>Strict</strong>.</li>
</ol>
<p><img alt="" src="/media/uploads/2021/08/20/strict-mode.png" style="height:344px; width:500px" /></p>
<p>If you browse using Firefox’s private windows, this protection is used by default.</p>
<h2>Tread carefully on broken sites</h2>
<p>If this breaks your favorite site, let them know and be careful. While you’re at it, nibble on these additional <a href="https://mullvad.net/help/first-steps-towards-online-privacy/">ways to reclaim your online privacy</a>.</p>What is split tunneling?2021-08-19T07:11:41.707784+00:00https://www.mullvad.net/fr/blog/2021/8/19/what-split-tunneling/<p>Buckle up! Embark on our 5-part series and learn all about split tunneling, a Mullvad VPN feature now available on three platforms! In Part 1 (out of 5), we explain what split tunneling actually is.</p>
<p>Now that our app supports split tunneling on Windows, Android, and Linux, we’re excited to share our development journey with you. Written by one of our very own developers, this series will get somewhat technical as we go along, but for now let's take a brief moment to explain what split tunneling is.</p>
<h2>What is split tunneling?</h2>
<p>When using a private VPN, <em>all</em> internet traffic is typically sent in an encrypted VPN tunnel. This is a good default configuration that ensures traffic will not unexpectedly leak out unencrypted. However, using an encrypted tunnel in certain scenarios is too inefficient or simply not possible.</p>
<p>As a privacy-conscious person, it’s best to use the VPN tunnel as much as possible and only make exceptions for certain traffic. This is exactly what split tunneling does: <strong>it conditionally sends traffic outside the encrypted tunnel.</strong></p>
<p>Different implementations of split tunneling will use different conditions in order to identify traffic that should be excluded. We've chosen to use a single condition: the application making the network request. And we’ll explain our solution more thoroughly later on.</p>
<h2>How do I use Mullvad’s split tunneling feature?</h2>
<p>The feature is currently available on Windows, Android, and Linux versions of the Mullvad VPN app.</p>
<p>You can find the setting under <strong>Settings > Advanced > Split tunneling</strong>. Platform-specific details can be found in our <a href="https://mullvad.net/help/split-tunneling-with-the-mullvad-app/">split tunneling guide</a>.</p>
<p><img alt="" src="/media/uploads/2021/08/19/split-tunneling-1.jpg" style="height:496px; width:300px" /></p>
<h2>Up next</h2>
<p>This article is in a five-part series on split tunneling – all written by a Mullvad developer. Stay tuned for the next installment which will discuss <strong>when split tunneling is useful</strong>.</p>
<ol>
<li>What is split tunneling? (this article)</li>
<li><a href="https://mullvad.net/en/blog/2021/8/25/when-split-tunneling-useful/">When is split tunneling useful?</a></li>
<li><a href="https://mullvad.net/en/blog/2021/9/2/limitations-split-tunneling/">The limitations of split tunneling</a></li>
<li><a href="https://mullvad.net/en/blog/2021/9/8/can-split-tunneling-be-leaking-traffic/">Can split tunneling be leaking traffic?</a></li>
<li><a href="https://mullvad.net/en/blog/2021/9/10/foundations-secure-split-tunneling/">Foundations of secure split tunneling</a></li>
</ol>
<p><em>For the universal right to privacy,</em><br />
Mullvad VPN</p>Who’s tracking my political beliefs? Find out in under 5 minutes2021-07-22T06:00:49.196154+00:00https://www.mullvad.net/fr/blog/2021/7/22/whos-tracking-my-political-beliefs-find-out-in-under-5-minutes/<p>While we encourage anti-tracking and more privacy, sometimes all you want to know is, “Who is actually tracking me?” You can easily find out.</p>
<ol>
<li>Install <a href="https://www.eff.org/privacybadger">Privacy Badger</a> for your browser (we recommend Firefox), developed by the Electronic Frontier Foundation.</li>
<li>Browse the web as usual.</li>
<li>Click on the Privacy Badger icon to see the trackers it manages to block. (Don’t see the icon? Read below.)</li>
</ol>
<p><img alt="" src="/media/uploads/2021/07/20/privacy-badger.png" /></p>
<p>For some extra fun, visit a website that asks you to “Accept all cookies.” Before accepting, look at the number of blocked trackers. Then click ok and watch the number tick upward.</p>
<p><strong>Don’t see the icon in your browser?</strong> Some browsers hide extensions after installation. To reveal it in Chrome, click the Extensions icon (looks like a puzzle piece) which is located to the right of the address bar. In the pop-up menu, find Privacy Badger and click the pushpin icon next to it.</p>
<h2>Political flavor is just the tip of the iceberg</h2>
<p>Today’s powerful AI tools can use this data to build an accurate picture of you, such as your sex, race, ethnic or social origin, religion or belief, disability, or political opinion.</p>
<p>Yet Article 2 of the Universal Declaration of Human Rights states that everyone shall be free from such distinction. Even the EU Charter of Fundamental Rights prohibits such discrimination.</p>
<p>Ever wondered why this data is collected and if you’re being served the same information and products as everyone else?</p>
<p>Fighting for your right to privacy requires tackling it from multiple angles. View our list of other <a href="https://mullvad.net/help/second-steps-toward-online-privacy/">plugins that block and protect</a>, and stay tuned for our Mullvad browser extension aimed at guiding you more easily on your privacy journey.</p>A new, appeeling Tor onion address2021-07-08T06:33:51.386215+00:00https://www.mullvad.net/fr/blog/2021/7/8/new-appeeling-tor-onion-address/<p>Our web address on the uncensored Tor network has changed. There’s no need to cry; just update your bookmark.</p>
<p>To reach mullvad.net on the Tor browser, use this URL: o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion</p>
<p>You can always find it in the footer on our website.</p>
<p>This change came about because we’ve upgraded our onion server to version 3 of the hidden service protocol.</p>
<h2>Shallots against censorship</h2>
<p>We launched our onion service in 2018 so that people experiencing censorship can access our website and tools. The Tor Project, with its onion routing network, is crucial for providing a private and uncensored web to all.</p>
<p>As a Vidalia onion in the <a href="https://www.torproject.org/about/membership/">Tor Project’s Membership Program</a>, we encourage others who believe in their mission or use their service to support the nonprofit’s development.</p>Release announcements get put out to pasture2021-06-22T08:57:00.521462+00:00https://www.mullvad.net/fr/blog/2021/6/22/release-announcements-get-put-out-pasture/<p>We’re shaking up our routine when it comes to blogging about the app and we want you to know that. And we say goodbye to this 11-year old tradition with a greatest hits list.</p>
<p>If you’re a dedicated reader of our blog, then you’ve come to expect a post every time we launch a new stable version of the app. Nowadays, we have the human capacity to iterate more frequently on app releases. And with a native app for each of our five supported platforms, that translates to a lot of releases.</p>
<p>That’s one reason why we’re pivoting away from a post for every release to posts that focus on what’s truly newsworthy. We want to call your attention to the good stuff; the features that will help to improve your privacy or make the app easier to use.</p>
<h2>But I like the changelog?</h2>
<p>On our download page, we’ve added a link that points to the latest <a href="https://github.com/mullvad/mullvadvpn-app/releases">changelog over on GitHub</a>.</p>
<p>In the future, we’ll have a dedicated page on our website that will offer a more digestible version of the changelog, just like what’s currently included in our listings Google Play and the App Store under “What’s new”.</p>
<h2>Greatest release hits</h2>
<p>Did you know, we’ve been blogging about (almost) every stable release for over 11 years! Before we lay this routine to rest, take one final look back with us at some of the more memorable release moments:</p>
<ul>
<li>28 January 2010 – The one that started it all, with our <a href="https://mullvad.net/blog/2010/1/28/version-20-released/">release of version 20</a>, and on Data Privacy Day to boot!</li>
<li>12 April 2012 – Customers could finally <a href="https://mullvad.net/blog/2012/4/12/choice-of-exit-country/">choose an exit country</a> (and had exactly two options: Sweden or the Netherlands).</li>
<li>15 September 2014 – In this release, we <a href="https://mullvad.net/blog/2014/9/15/ipv6-support/">began tunneling IPv6</a>. What a time to be alive!</li>
<li>1 March 2018 – Our newly redesigned VPN app finally <a href="https://mullvad.net/blog/2018/3/1/get-it-now-official-release-mullvad-vpn-app-macos/">launched</a>!</li>
<li>17 July 2019 – We <a href="https://mullvad.net/blog/2019/6/17/shadowsocks-integrated-new-app-version-20195/">integrated the Shadowsocks proxy</a> into the app, with the hope of helping people to slip past censorship.</li>
<li>13 August 2019 – The app came out with <a href="https://mullvad.net/blog/2019/8/13/wireguard-our-app-macos-and-linux-20197/">full WireGuard support</a>.</li>
<li>20 October 2020 – <a href="https://mullvad.net/blog/2020/10/20/split-tunneling-launched-linux/">Split tunneling debuted</a> in the app for Linux users.</li>
</ul>Ending support for Windows 7, 8 and 8.1 - at the end of this year2021-06-15T06:54:30.436089+00:00https://www.mullvad.net/fr/blog/2021/6/15/ending-support-windows-7-8-and-81-end-year/<p>We’re finally nsync with Windows, and will say bye bye bye to support for 7, 8 and 8.1 at the end of the year.</p>
<p>Privacy is dependent upon security, and when the operating system (Microsoft in this case) ends their support, the OS becomes more vulnerable to security risks. A non-supported operating system will not get security patches – and will therefore not be secure enough for us.</p>
<h2>Microsoft's support lifecycle:</h2>
<ul>
<li>Microsoft Support for Windows 7 ended on the 14th of January 2020</li>
<li>Microsoft ended mainstream support for Windows 8 and 8.1 on the 9th of January 2018, and extended support will end on the 10th of January 2023.</li>
</ul>
<p><strong>We’ve therefore decided to end our support for Windows 7, 8 and 8.1 by the 31st December 2021.</strong></p>
<p>You can still use Mullvad's service from Windows 7 and other non supported operating systems by using third party apps, such as OpenVPN and WireGuard® apps.</p>
<p><em>For the universal right to privacy,</em></p>
<p>Mullvad VPN</p>
<p> </p>
<p>"WireGuard" is a registered trademark of Jason A. Donenfeld.</p>How we’re knocking down ads and tracking2021-06-09T08:26:44.559026+00:00https://www.mullvad.net/fr/blog/2021/6/9/how-were-knocking-down-ads-and-tracking/<p>We have added a feature to our iOS app, that removes another; DNS with ad and/or tracker blocking. Just a swipe away. But first, let’s dig deeper into how we’ve set up this feature.</p>
<p><strong>Mullvad ads and tracker blocking is now available in the iOS app. Go to Settings → Preferences and then turn it on/off</strong></p>
<p>Other platforms? Soon.</p>
<p><img alt="" src="/media/uploads/2021/06/09/adblock.png" style="height:500px; width:256px" /></p>
<h2>What is Mullvad DNS blocking?</h2>
<p>In order to understand how Mullvad implements blocking of unwanted content via DNS we have to define what DNS means.</p>
<p>At the most basic level, DNS (Domain Name System) is a directory of names that translates into numbers, much like a phone book would have been used back in the day to translate names into telephone numbers. It provides a way for a computer to find out which IP address to connect to when trying to reach a service on the Internet.</p>
<p>In order for your device to connect to the web server hosting the website for mullvad.net, it must first resolve the hostname (mullvad.net) to the IP address (45.83.220.101). Your device does this by querying a DNS resolver for the hostname mullvad.net. In return the DNS resolver tries to resolve the hostname into an IP address, which is then handed back to your device.</p>
<p>With that high level description of DNS we can now move on to explain how Mullvad leverages DNS in order to block known domains that provide ads or tracking services. Each Mullvad VPN server (the VPN server your Mullvad app connects to) runs its own DNS resolver in order to provide DNS resolving to the connected VPN clients. We do this because it allows us to hide all our users' queries behind a single IP (the servers) so that no individual's DNS queries can be tracked by other DNS servers on the internet.</p>
<p>By using well known lists of domains that are specifically designed to block ads and tracker services we are able to block resolving for these domains, which causes the unwanted content to not be downloaded and stops the content from being displayed on your device.</p>
<h2>You’re welcome to contribute to the block lists upstream</h2>
<p>At the moment we primarily use EasyList to block ads and trackers but we will continuously develop our DNS blocking feature over time. If you want to contribute and make changes to EasyList now <a href="https://easylist.to/pages/development.html">we suggest you get involved here</a> and you can view the repository we use to update <a href="https://github.com/mullvad/dns-adblock/tree/main/output">our block lists for both our DoH/DoT and VPN servers here. </a></p>
<h2>Browser ad-block plugins - same but different</h2>
<p>Both ad-blocking browser plugins and Mullvad DNS Blocking set out to achieve the same goal - block unwanted content from being loaded on your device. The way these blocking methods work and the results that they deliver are different from each other, and there are pros and cons associated with each method.</p>
<p>Let’s look at the pros and cons when comparing DNS blocking with browser ad-blocking plugins.</p>
<h3>+ Blocks unwanted content on the entire system</h3>
<p>DNS blocking can block unwanted content on the entire system rather than just in the browser. This means that unwanted content can be blocked in places where traditional ad-blocking cannot, such as inside apps and games.</p>
<h3>+ No additional plugins</h3>
<p>DNS blocking does not require any additional plugins in your browser.</p>
<h3>+ Works on systems where traditional ad-blocking isn’t available</h3>
<p>Such as smart TVs etc. If you can run the Mullvad App - you can block unwanted content!</p>
<h3>- Not as effective in the browser</h3>
<p>DNS blocking cannot be as effective as ad-blocking plugins in the browser. This is because some unwanted content is hosted on the same domain which the user connects to. If we were to block this domain the user would not be able to connect to the service at all.</p>
<h3>- Not as smart as browser plugins</h3>
<p>Modern ad-block plugins can adapt to dynamic content by identifying ads based on keywords and selectively block only small parts of websites where the unwanted content resides. DNS blocking is much more blunt - if the domain hosting the unwanted content isn’t in the list we’re using; it does not get blocked.</p>
<h2>DNS blocking & Adblock plugins - Happy Together / Why/when to use DNS ad-blocking</h2>
<p>So should you replace your browser ad-block plugin with DNS blocking?</p>
<p>Probably not, unless you want to. DNS blocking can never be as effective as a traditional ad-blocker. It is an excellent idea to keep that awesome ad-blocking plugin in the browser and then let DNS ad-blocking take care of blocking ads and trackers in apps, games and on devices where traditional ad-blocking isn't available.</p>
<h2>Q&A</h2>
<h3>Q: Website xyz is not working when I use your DNS blocking. Can Mullvad remove xyz from the list of blocked domains?</h3>
<p><strong>A:</strong> Sorry, no. As of <strong>right now</strong> we make use of block lists provided by EasyList. Any changes or contributions need to be performed via the maintainers of those lists. We may expand or erase lists and domains in the future. <a href="https://github.com/easylist/easylist">You can contribute to EasyList here.</a></p>
<h3>Q: Does this replace my browser adblock plugin?</h3>
<p><strong>A:</strong> No, but our service compliments your browser plugin. See the section about DNS blocking & Adblock plugins above.</p>
<h3>Q: Mullvad DNS blocking does not block all ads on website xyz. Can Mullvad add these to the blocklist for me?</h3>
<p><strong>A:</strong> We would <strong>love</strong> to hear your feedback for our DNS blocking feature, <a href="https://github.com/mullvad/dns-adblock">create an issue in the GitHub repository</a>. We will improve this feature over time but we may not be able to respond to individual requests for block lists, however we will consider all of them.</p>
<p> </p>
<p><em>For the universal right to privacy,</em></p>
<p>Mullvad VPN</p>Termination of global ports 1 Aug 20212021-06-01T12:40:03.135422+00:00https://www.mullvad.net/fr/blog/2021/6/1/termination-global-ports-1-aug-2021/<p>We urge you to replace your current ports with city-specific ports as soon as possible, 30th July at the latest. This change only affects global port users.</p>
<p>On the 10th February 2021 we blogged about our <a href="https://mullvad.net/blog/2021/2/10/unfortunate-port-shortage/">Unfortunate port shortage</a> and the necessary change from offering “global ports” to “city ports”.</p>
<p>We also said that the existing global ports would eventually have to be reclaimed, and we recommend you to replace your current ports with city-specific ports at your earliest convenience.</p>
<p><strong>We have now set the date for termination of global ports as the 1st August 2021.</strong></p>
<p>If you want to retain the same port number that you have today, then contact <a href="mailto:support@mullvad.net">support@mullvad.net</a> with the port number and the city you want it assigned to, 30th July at the latest.</p>
<h2>This is an anti-privacy feature</h2>
<p>In <a href="https://mullvad.net/blog/2021/5/12/big-data-big-failure-ii/">big data = big failure II</a> we explained how impossible it is to remain anonymous as soon as a series of data is collected. Use single payments such as cash to pay for accounts tied to ports.</p>How to set up ad blocking in our app2021-05-27T06:39:52.221958+00:00https://www.mullvad.net/fr/blog/2021/5/27/how-set-ad-blocking-our-app/<p>We've all appreciated those award-winning commercials worthy of every bit of praise, but we also got our fair share of dreadful ads. Soon: on/off-button for Ad-blocking in our app. Until, do this if you please.</p>
<p>In March, we released a public DNS service that offered <a href="https://mullvad.net/blog/2021/3/3/mullvad-doh-and-dot-beta-release/">DNS over HTTPS (DoH) and DNS over TLS (DoT)</a>, with QNAME minimization and basic ad blocking. It was audited by the security experts at <a href="https://www.assured.se/wp-content/uploads/2021/03/Assured_Mullvad_DoH_server_audit_report.pdf">Assured</a>.</p>
<p>In April, we added support for <a href="https://mullvad.net/blog/2021/4/15/support-custom-dns-servers-launched/">custom DNS server configuration</a> in the desktop (macOS, Windows, and Linux) and Android versions of the Mullvad VPN app.</p>
<p><strong>Today we release our Ad-blocking and tracker-blocking DNS service</strong>, running on all our servers. This can be used with every Mullvad app version that supports custom DNS. This works on both OpenVPN and WireGuard® connections.</p>
<h2>Until we release an on/off button in our app, test this</h2>
<p>Click on the <strong>gear icon</strong> (Settings), then <strong>Advanced</strong>. Scroll down to <strong>Use custom DNS server</strong> and enable it to add any of these DNS servers:</p>
<ul>
<li><strong>100.64.0.1</strong> – for Ad-blocking</li>
<li><strong>100.64.0.2</strong> – for Tracker-blocking</li>
<li><strong>100.64.0.3</strong> – for Ad- + Tracker-blocking.</li>
</ul>
<p>You will see a warning that says, <em>“The DNS server you are trying to add might not work because it is public. Currently we only support local DNS servers.”</em> You can safely disregard this warning and click <strong>Add anyway</strong>.</p>
<h2>How do I know if it’s working?</h2>
<p>First, restart your browser to clear cache then go to <a href="https://mullvad.net/check">https://mullvad.net/check</a> and find out! You should have no DNS leaks. Click on “No DNS leaks” for details. Then check how it actually response on an ad- and/or track-friendly website. Eager to test all three at once? Not possible, this is a one-at-a-time thing. Test and find your favorite.</p>
<h2>Should I replace my browser ad-block plugin with DNS blocking?</h2>
<p>Probably not, unless you want to. DNS blocking can never be as effective as a traditional ad-blocker. It is an excellent idea to keep that awesome ad-blocking plugin in the browser and then let DNS ad-blocking take care of blocking ads and trackers in apps, games and on devices where traditional ad-blocking isn't available.</p>
<h2>Notes</h2>
<p>We use the following block lists (same as on our DNS over HTTPS service) configured as ‘Zonefiles’ to provide the ad-blocking functionality:</p>
<ul>
<li><strong>easylist</strong></li>
<li><strong>easylist-privacy</strong></li>
</ul>
<p> </p>
<p><em>For the universal right to choose whether or not to block ads and trackers,</em><br />
Mullvad VPN</p>
<p><br />
"WireGuard" is a registered trademark of Jason A. Donenfeld.</p>No more hiccups, or, maybe just one more…2021-05-25T12:19:07.113463+00:00https://www.mullvad.net/fr/blog/2021/5/25/no-more-hiccups-or-maybe-just-one-more/<p>Being an early adopter comes with its fair share of surprises. So, tomorrow, 26th May, you will be forced to jump between continents and servers while we deploy the latency fix on our Wireguard servers.</p>
<p>When we passed half a million WireGuard keys, we got latency spikes every 10 minutes. In the end, we found out that it was our own scheduled task of removing old keys that caused this latency. Removing keys was about 100 times slower than adding them.</p>
<p><strong>This has now been solved by WireGuard, and we will be rolling out the fix to all our servers tomorrow (26th May).</strong></p>
<p>Since this will cause a short amount of downtime, we would like to ask you to bear with us as we deploy this improvement.</p>
<h2>We will roll out the fix as follows:</h2>
<ol>
<li><strong>During the morning (From 06:30 CEST)</strong> we will deploy the fix to 25% of our European WireGuard servers at a time, in batches.</li>
<li><strong>During mid-morning (From 10:30 CEST)</strong> we will deploy the fix to 25% of our American WireGuard servers at a time, in batches.</li>
<li><strong>During the afternoon (From 12:30 CEST)</strong> we will deploy the fix to 50% of all of our Asia and Oceania WireGuard servers, in batches.</li>
</ol>
<p>Each server will be offline for 10 minutes during the deployment.</p>
<p>Get ready to jump between different servers tomorrow!</p>
<p> </p>
<p>"WireGuard" is a registered trademark of Jason A. Donenfeld.</p>Big Data = Big Failure III2021-05-20T06:26:15.724803+00:00https://www.mullvad.net/fr/blog/2021/5/20/big-data-big-failure-iii/<p>Corporate businesses and government agencies are all doing it: collecting data and thereby breaking universal laws. Ready to take action? We know what to do.</p>
<p>Collecting data is not compatible with the UN law <a href="https://mullvad.net/blog/2021/5/6/big-data-big-failure-i/">we mentioned in part 1</a> of this series – even if it's done anonymously, and by the government for good reasons.</p>
<p>The basic, underlying problem is that collecting and storing huge amounts of data series anonymously is simply not possible (<a href="https://mullvad.net/blog/2021/5/12/big-data-big-failure-ii/">as we described in part 2</a>). Moreover, considering the amounts of data collected today, anyone with access to it can analyze it and find out things which are firmly restricted by law. There is nothing to stop this from happening today.</p>
<h2>Even government agencies want to collect data</h2>
<p>The European Convention on Human Rights Article 8 adds to the declaration as follows: “…except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.”</p>
<p>In plain English: government agencies are always allowed to collect everything since they are doing it for “good” reasons.</p>
<h2>Summarizing the series' three blog posts</h2>
<p>To collect data about a specific criminal case upon a court’s approval might be in the public’s interest. These are the good examples told to us. However, anything close to <strong>mass data gathering leads unconditionally to breaking the UN laws and the foundation of democracy</strong>.</p>
<p>Anything other than a minimal data retention policy is unacceptable. We cannot even speculate the horrible things that may happen if all the collected data leaks and falls into the wrong hands for other reasons (for example, change of government, war, malware attack, or human error).</p>
<h2>What could be done?</h2>
<ul>
<li>Take away the cookie-consent loophole in GDPR (the “yes, accept cookie” nightmare).</li>
<li>Only allow the collection of data that is obviously needed for performing the requested service and no more, period. And don’t store data longer than necessary.</li>
<li>Don’t allow any mass-sharing of data between corporations and governments.</li>
<li>Consider countries like Sweden which has its <a href="https://www.government.se/how-sweden-is-governed/the-principle-of-public-access-to-official-documents/">“Principle of public access to official records”</a> (offentlighetsprincipen) where all government-processed information, including individuals’ tax records, is public. Think again if this ideology of openness is sustainable in the age of digitalization where anyone can request this information in bulk.</li>
<li>Companies and governments: focus on making good products; focus on offering good schools, education, and healthcare. Stop tracking your citizens and customers.</li>
</ul>
<h2>Alternatively…</h2>
<ul>
<li>More and more customers realize the problem and revolt against companies with a hostile data collection business model. They start to use services from companies with a more transparent model and better values and ethics. Is your company positioned correctly?</li>
<li>Start with clearing your schedule for the next 30 minutes and lean forward: here is the start of your privacy journey. Ready for your determination!</li>
<li>Talk to people who are in charge and discuss the matter. Together we can drive change.</li>
</ul>
<h2>Sources</h2>
<ul>
<li><a href="https://www.un.org/en/universal-declaration-human-rights/">Universal Declaration of Human Rights</a></li>
<li><a href="https://www.echr.coe.int/documents/convention_eng.pdf">European Convention on Human Rights</a></li>
<li><a href="https://gdpr.eu/gdpr-consent-requirements/%C2%A0">What are the GDPR consent requirements?</a></li>
<li><a href="https://www.government.se/how-sweden-is-governed/the-principle-of-public-access-to-official-documents/">The principle of public access to official documents</a></li>
<li>SolarWinds <a href="https://www.ft.com/content/2bed3013-b21f-4b2c-8572-b2da016d1b4e">hack exploited weaknesses we continue to tolerate</a></li>
<li>Slouching towards dystopia: <a href="https://www.newstatesman.com/2020/02/slouching-towards-dystopia-rise-surveillance-capitalism-and-death-privacy">the rise of surveillance capitalism and the death of privacy</a></li>
<li>Facebook’s <a href="https://www.eff.org/deeplinks/2020/12/facebooks-laughable-campaign-against-apple-really-against-users-and-small">Laughable Campaign Against Apple Is Really Against Users and Small Businesses</a></li>
<li>WhatsApp <a href="https://thehackernews.com/2021/01/whatsapp-will-delete-your-account-if.html">Will Delete Your Account If You Don't Agree Sharing Data With Facebook</a></li>
<li>WhatsApp <a href="https://www.wired.com/story/whatsapp-facebook-data-share-notification/">Has Shared Your Data With Facebook for Years</a></li>
</ul>
<h2>Haven’t read the other two posts in this series?</h2>
<ol>
<li><a href="https://mullvad.net/blog/2021/5/6/big-data-big-failure-i/">Big Data = Big Failure, part I</a></li>
<li><a href="https://mullvad.net/blog/2021/5/12/big-data-big-failure-ii/">Big Data = Big Failure, part II</a></li>
</ol>
<p><em>For the universal right to privacy,</em></p>
<p>Mullvad VPN</p>
<p> </p>Big Data = Big Failure II2021-05-12T08:52:07.168449+00:00https://www.mullvad.net/fr/blog/2021/5/12/big-data-big-failure-ii/<p>It's possible to remain anonymous with a single data point. However, as soon as a series of data is collected, remaining anonymous becomes impossible. Let’s take it step by step.</p>
<p>Last week <a href="https://mullvad.net/blog/2021/5/6/big-data-big-failure-i/">we wrote about how the vast amount of data collected today makes it possible to predict</a> political opinions, beliefs, religion, and interests. This week we will show by example how one single data point put together in a series makes it impossible to stay anonymous.</p>
<h2>One Data Point</h2>
<p>As an example, let’s take a single data point which contains time, location, and temperature:</p>
<table class="table">
<thead>
<tr>
<th scope="col">Time</th>
<th scope="col">Location</th>
<th scope="col">Temperature</th>
</tr>
</thead>
<tbody>
<tr>
<td>2021-05-31 12:00</td>
<td>Gothenburg</td>
<td>
<p>15 degrees Celsius</p>
</td>
</tr>
</tbody>
</table>
<p>A common way of “anonymizing” the data is to remove one of the elements, in this case, the location:</p>
<table class="table">
<thead>
<tr>
<th scope="col">Time</th>
<th scope="col">Temperature</th>
</tr>
</thead>
<tbody>
<tr>
<td>2021-05-31 12:00</td>
<td>
<p>15 degrees Celsius</p>
</td>
</tr>
</tbody>
</table>
<p>Now it would be hard to determine the data point’s location. Even if we had all the available temperature data in the world, a search would most likely find many locations that match this specific data point. If we further remove the time as well, trying to pinpoint specifics becomes pointless.</p>
<h2>A Series of Data Points</h2>
<p>With a series of data points, the scenario changes significantly.</p>
<table class="table">
<thead>
<tr>
<th scope="col">Time</th>
<th scope="col">Location</th>
<th scope="col">Temperature</th>
</tr>
</thead>
<tbody>
<tr>
<td>2021-05-31 12:00</td>
<td>
<p>Gothenburg</p>
</td>
<td>15 degrees Celsius</td>
</tr>
<tr>
<td>2021-06-01 12:00</td>
<td>Gothenburg</td>
<td>14 degrees Celsius</td>
</tr>
<tr>
<td>2021-06-02 12:00</td>
<td>Gothenburg</td>
<td>12 degrees Celsius</td>
</tr>
<tr>
<td>2021-06-03 13:00</td>
<td>Gothenburg</td>
<td>15 degrees Celsius</td>
</tr>
</tbody>
</table>
<p>If we remove the location, we still have 4 values for temperature and time in a sequence which we can match to measurements throughout the world.</p>
<table class="table">
<thead>
<tr>
<th scope="col">Time</th>
<th scope="col">Temperature</th>
</tr>
</thead>
<tbody>
<tr>
<td>2021-05-31 12:00</td>
<td>15 degrees Celsius</td>
</tr>
<tr>
<td>2021-06-01 12:00</td>
<td>14 degrees Celsius</td>
</tr>
<tr>
<td>2021-06-02 12:00</td>
<td>12 degrees Celsius</td>
</tr>
<tr>
<td>2021-06-03 13:00</td>
<td>
<p>15 degrees Celsius</p>
</td>
</tr>
</tbody>
</table>
<p>This narrows down the number of locations the data series could have originated from to about 1 or 2 locations. In terms of location data, 4 data points is the typical number of data samples needed in order to identify a person.</p>
<p>If we were to remove the time data points, we would need a longer series of data in order to determine the location as “Gothenburg”. This is possible as long as we have a sequence of data points in chronological order.</p>
<p>For instance, if we have 365 data points, it would be pretty easy to spot that these temperature readings follow the typical Scandinavian weather cycle; we can determine what year the data is from and narrow it down further to Gothenburg. With the amount of reference data available today and the possibilities of AI, this would be easy to do.</p>
<p>As the number of collected data sets grows and the number of identifiable data series for comparison also steadily grows, staying anonymous becomes impossible.</p>
<h2>More about the de-anonymization of data series</h2>
<ul>
<li>“Researchers from two universities in Europe have published a method they say is able to correctly re-identify 99.98% of individuals in anonymized data sets with just 15 demographic attributes.” <a href="https://techcrunch.com/2019/07/24/researchers-spotlight-the-lie-of-anonymous-data/">Researchers spotlight the lie of ‘anonymous’ data – TechCrunch</a></li>
<li>“We study 3 months of credit card records for 1.1 million people and show that four spatiotemporal points are enough to uniquely re-identify 90% of individuals.” <a href="https://science.sciencemag.org/content/347/6221/536">A study published in Science</a></li>
<li><a href="https://www.cs.utexas.edu/~shmat/shmat_oak08netflix.pdf">Netflix users were identified from a database of nameless customer records</a> in a study at the University of Texas at Austin</li>
<li>In a Harvard study, <a href="https://dataprivacylab.org/projects/wa/1089-1.pdf">patients in an anonymized hospitalization data set were reidentified by name</a></li>
<li><a href="https://www.nature.com/articles/s41467-019-10933-3">Researchers are able to estimate the likelihood of re-identifying people in incomplete data sets</a>, as published in Nature Communications</li>
<li>De-anonymization <a href="https://www.sciencedirect.com/science/article/pii/S0022000014000683">attack on geolocated data</a></li>
<li><a href="https://www.cs.utexas.edu/~shmat/shmat_oak09.pdf">De-anonymizing Social Networks</a></li>
</ul>
<p>Did you miss <a href="https://mullvad.net/blog/2021/5/6/big-data-big-failure-i/">part one</a> in this series? Or do you want to read <a href="https://mullvad.net/en/blog/2021/5/20/big-data-big-failure-iii/">part three</a> right away?</p>
<p><em>For the universal right to privacy,</em></p>
<p>Mullvad VPN</p>Big Data = Big Failure I2021-05-06T07:16:59.324763+00:00https://www.mullvad.net/fr/blog/2021/5/6/big-data-big-failure-i/<p>The vast amount of data collected today makes it possible to predict political opinions, beliefs, religion, and interests, a collection of data that is strictly forbidden by law. And in great need of abidance.</p>
<p>Possession of data equals possession of power, and we can’t in good conscience trust anyone with that power. Welcome to a three-part series, introduced today and continued over the next two Thursdays, about how big data collection is one of the biggest failures to mankind. And yes, <a href="https://mullvad.net/blog/2019/10/30/big-data-big-no/">we are repeating ourselves</a>.</p>
<ol>
<li>In this blog, we explain the background in which a privacy-focused VPN provider feels the need to address this kind of question.</li>
<li>In <a href="https://mullvad.net/blog/2021/5/12/big-data-big-failure-ii/">part two</a>, we explain how storing series of anonymous data is simply not possible.</li>
<li><a href="https://mullvad.net/en/blog/2021/5/20/big-data-big-failure-iii/">Part three</a> ties it all together as we explain why everyone is breaking the law and what to do about it.</li>
</ol>
<h2>Foundation of democracy</h2>
<p>One of the biggest consensuses in history and a foundation of democracy is the United Nations Universal Declaration of Human Rights (UDHR). UDHR is an international document which enshrines the rights and freedoms of all human beings. It was adopted by the United Nations General Assembly on 10 December 1948 (58 members at the time).</p>
<h2>Privacy and the right of the individual</h2>
<p>UDHR Article 12 covers privacy. It declares that “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.”</p>
<h2>The right to privacy in the digital era</h2>
<p>For instance, the more recent EU law on data protection, the General Data Protection Regulation (GDPR), clearly states as a main rule that <strong>you may not</strong> process personal data about a person’s</p>
<ul>
<li>racial or ethnic origin</li>
<li>sexual orientation</li>
<li>political opinions</li>
<li>religious or philosophical beliefs.</li>
</ul>
<h2>But they all do</h2>
<p>We all know that search engines and social media store enough data to predict all of the above and more based on Facebook pixel's technology, cookies, and other tracking techniques. For some odd reason, they are allowed to continuously do so.</p>
<p>The problem is that only so much data can be kept before someone is enticed by the amount stored and processes it. In our next blog about Big Data, we will examine how one data point in a series can be de-anonymized at any time.</p>
<h2>What you can do</h2>
<p>Start by clearing your schedule for the next 30 minutes and lean forward: here is <a href="https://mullvad.net/help/first-steps-towards-online-privacy/">the start of your privacy journey</a>. Ready for your determination!</p>
<p><em>For the universal right to privacy,</em></p>
<p>Mullvad VPN</p>Newest app release for desktop could improve performance (2021.3)2021-04-28T12:38:53.756152+00:00https://www.mullvad.net/fr/blog/2021/4/28/newest-app-release-desktop-could-improve-performance-20213/<p>What’s new in the latest app for Windows, Linux, and macOS? For one, an upgrade that we hope will improve performance for many of you. Read on, then download and see for yourself.</p>
<h2>What’s new</h2>
<ul>
<li>Windows users connecting with WireGuard® will hopefully experience a noticeable improvement in performance and a decrease in bugs thanks to our <strong>Wintun upgrade</strong> from version 0.9.2 to 0.10.1.</li>
<li>The desktop app is now translated and available in the <strong>Burmese</strong> language.</li>
<li>In the login field, the app now locally remembers one account number instead of three. We might remove this feature altogether; let us know what you think.</li>
<li>We have discontinued the use of TLS 1.2 when the app connects to the API and now only use the latest version, <strong>TLS 1.3</strong>.</li>
<li>(Linux) Drop packets being forwarded unless they are approved by the same rules as incoming or outgoing traffic. This <strong>tightens security</strong> for all Linux devices that act as routers and/or have VMs/containers.</li>
<li>We <strong>added port 51820</strong> to the list of WireGuard ports, available under Settings > Advanced.</li>
</ul>
<h2>Download the app</h2>
<p><a href="https://mullvad.net/download">Download the Mullvad VPN app</a>. If needed, we've got <a href="https://mullvad.net/guides/category/mullvad-app/">help guides</a> for installation and usage.</p>
<p>Know of someone unable to access our website? Point them to <a href="http://xcln5hkbriyklr6n.onion/">Mullvad’s onion</a> address on Tor or to <a href="https://github.com/mullvad">Mullvad on GitHub</a>.</p>
<p>--<br />
"WireGuard" is a registered trademark of Jason A. Donenfeld.</p>No risky business, just a new Windows certificate2021-04-23T09:02:32.893735+00:00https://www.mullvad.net/fr/blog/2021/4/23/no-risky-business-just-new-windows-certificate/<p>Windows users, install our new Win-only beta (2021.3-beta2)! It has only one change: it’s signed with our new certificate. A certificate Microsoft hasn’t yet verified, but enough installs might help to speed up that process.</p>
<p>Did you install a Windows version of the app and get a warning that your computer might be at risk? Have no fear. It’s simply a consequence of our brand new code signing certificate.</p>
<p>The certificate is so new (published 21 April) that Microsoft hasn’t yet verified it. And until it does, installing the Mullvad VPN app on Windows will prompt a pop-up warning. To circumvent, just click <strong>More info > Run anyway</strong>.</p>
<p><img alt="Windows install warning" src="/media/uploads/2021/04/23/windows-install-warning.png" style="height:500px; width:534px" /></p>
<p>Your pop-up might look different.</p>
<h2>The new beta with (almost) no changes</h2>
<p>In tandem with the new certificate, we also released a new, Windows-only beta (2021.3-beta2) that has only one change: <strong>it’s signed with our new certificate</strong>. Enough installations might help to speed up the verification process, so don’t hesitate to <a href="https://mullvad.net/download/windows/#beta">download and install it</a>!</p>
<h2>How can I verify that it’s legit?</h2>
<p>Every release of the Mullvad VPN app comes with a GPG signature (also found on the <a href="https://mullvad.net/download/windows/#beta">download page</a>) so that you can verify them. Here’s a <a href="https://mullvad.net/help/verifying-signatures/">guide on how to verify signatures</a>.</p>(L)awful interception2021-04-22T07:44:48.367841+00:00https://www.mullvad.net/fr/blog/2021/4/22/lawful-interception/<p>One of democracy's foundations is the fact that all human beings have certain inalienable rights and freedoms. Suspended by trust and shared values. Today, trust and shared values are being replaced by “control and surveillance”.</p>
<p>First off, there are three major differences – and consequently huge implications:</p>
<ol>
<li>Between the concepts of nations spying on other nations,</li>
<li>nations spying on their own citizens,</li>
<li>and of nations forcing their own corporations – by law – to become involved in collecting information about their own citizens.</li>
</ol>
<h2>Globally</h2>
<p>The existence of multilateral agreements such as the <a href="https://mullvad.net/blog/2019/10/18/5-9-or-14-eyes-your-vpn-actually-safe/">5, 9, and 14 eyes</a> means that all <strong>traffic</strong> that crosses international borders is intercepted and shared between a number of nations.</p>
<p>Many countries insist that they do not spy on their own citizens. However, <a href="https://www.bbc.com/news/world-us-canada-23123964">Edward Snowden’s leaks</a> proved that this was false. Domestically, governments require telecommunications operators to provide legal interception <a href="https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/lawful/intercept/book/65LIch1.html">gateways</a> and nodes for the interception of communications. The interfaces of these gateways have been standardized by telecommunication standardization organizations.</p>
<p>This means that “meta data” (i.e. who is talking to who, and who is using what service) is mass collected for essentially all activities on the Internet. Rumor has it that even encrypted data is saved so that it in the future, when the encryption is breached this data can be read and fully analyzed.</p>
<h2>The United States of America</h2>
<p>Services based in the United States are exposed to the country's surveillance programs and use of National Security Letters (NSLs) with its accompanying gag orders, which forbid the recipient from talking about any request. This combination allows the government to secretly force any US companies to grant complete access to customer data – without anybody ever necessarily finding out.</p>
<p>The <a href="https://en.wikipedia.org/wiki/Lavabit#Suspension_and_gag_order">Lavabit</a> mail service is a good example of this. In fact, this remains true even in cases in which US corporations are active in the EU, and claim to store data only in EU; US companies are even legally obligated to lie. Any data “stumbled upon” in this manner can be used as the sole basis on which to file charges. No court order has to exist and no “reasonable suspicion of aggravated criminality” comes into play.</p>
<h2>The People's Republic of China</h2>
<p>China’s <a href="https://www.lawfareblog.com/beijings-new-national-intelligence-law-defense-offense">2017 National Intelligence Law</a> requires organizations and citizens to “support, assist and cooperate with the state’s intelligence work.”</p>
<h2>The European Union</h2>
<p>Under the <a href="https://gdpr.eu/">GDPR</a>, cross-border data transfers outside the EU may take place if the country to which data is exported is deemed to ensure an adequate level of data protection (currently: Andorra, Argentina, Canada, the Faroe Islands, Guernsey, Israel, the Isle of Man, Japan, Jersey, New Zealand, Switzerland and Uruguay).</p>
<p>On 16 July 2020, the Court of Justice of the European Union (<strong>CJEU</strong>) <a href="https://www.clydeco.com/en/insights/2020/07/schrems-ii-transfer-of-data-between-the-eu-a-1">issued its judgment</a> which invalidated the EU-US Privacy Shield (a framework for regulating exchanges of personal data for commercial purposes between the EU and the United States).</p>
<p>The <a href="https://www.europarl.europa.eu/RegData/etudes/ATAG/2020/652073/EPRS_ATA(2020)652073_EN.pdf">Schrems II</a> case concerns an Austrian privacy advocate, Maximillian Schrems, who filed a complaint with the Irish Data Protection Commissioner in 2015 challenging Facebook Ireland's reliance on the SCCs as a legal basis for transferring personal data to Facebook Inc. in the USA. Schrems argued that due to the surveillance activities undertaken by US intelligence agencies, adequate protection was not provided to personal data transferred from the EU to the USA under either the SCCs or the EU-US Privacy Shield.</p>
<p>Additionally, the CJEU held that there is no effective remedy available for EU individuals to ensure protection of their personal data after they have been transferred to the US.</p>
<p>According to Article 48 of the GDPR, any judgement of a court or tribunal and any decision of an administrative authority of a third country requiring a controller or processor to transfer or disclose personal data may only be recognized or enforceable if based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the EU or one of its member states (without prejudice to other grounds for transfer pursuant to chapter V of the GDPR).</p>
<h2>Sweden</h2>
<p>Sweden is a member of the EU. This means that Sweden needs to transpose EU directives into national legislation. This process sometimes “goes wrong” as when <a href="https://curia.europa.eu/jcms/upload/docs/application/pdf/2020-10/cp200123en.pdf">CJEU announced that Sweden’s existing law, the Electronic Communications Act, was too general and lacked safeguards for implementation.</a></p>
<p>Read more about how <a href="https://mullvad.net/en/help/swedish-legislation/">Swedish law</a> is affecting Mullvad VPN AB.</p>
<h2>The Digital Dilemma</h2>
<p>The real change is that we are “going digital.” Not just events, but also money, signatures, evidence, proofs, etc. have now moved out of the realm of the physical. Once digital, they can, in addition to being easily collected as described here, also be easily changed and manipulated. You can be charged for anything online, and endless “proofs” of various kinds are collected automatically. But there is no way to prove that any of them are actually real! Example: <a href="https://www.bbc.com/news/technology-55424730">Deepfake Queen Elisabeth II to deliver Channel 4 Christmas message.</a></p>
<h2>Memorable summary</h2>
<p>It is all about <strong>trust and shared values</strong>. One of the biggest points of international consensus in history and part of the foundations for democracy is the fact that all human beings have certain inalienable rights and freedoms. These are codified and enshrined in the United Nations’ Universal Declaration of Human Rights (UDHR), an international document which was adopted by the United Nations’ General Assembly on December 10, 1948 (58 members at the time).</p>
<p>Notably, the UDHR’s Article 12 covers privacy. It declares that “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks.”</p>
<p>Today, trust and shared values are being replaced by “control and surveillance”; a path that has been proven to only lead to <a href="https://www.econstor.eu/bitstream/10419/44134/1/394929810.pdf">civil war</a>.</p>
<h2>It all comes down to You</h2>
<p>We highly recommend you to not use any services that are not encrypted end-to-end. Mask your IP (meta data) with a trusted VPN service or TOR. If you would like to communicate in a truly safe manner, do not trust any 3rd party – <a href="https://mullvad.net/blog/2017/4/27/learn-use-encrypted-email/">encrypt yourself</a>. Do not use any US-based service for anything secret, especially if you are a company or government handling PII information.</p>
<p>Closely monitor the laws in the <a href="https://mullvad.net/en/blog/2020/10/7/eu-court-last-bastion-privacy/">EU – the last bastion</a> of data privacy(?) – before they are silently defanged.</p>
<p>And conclusively, we hope that <a href="https://mullvad.net/en/blog/2019/6/3/system-transparency-future/">system transparency</a> will be a reality – soon.</p>
<p> </p>
<p><em>For the universal right to privacy,</em></p>
<p>Mullvad VPN</p>Support for custom DNS servers launched2021-04-15T06:45:47.234719+00:00https://www.mullvad.net/fr/blog/2021/4/15/support-custom-dns-servers-launched/<p>We now offer support for custom DNS server configuration on the desktop and Android versions of the Mullvad VPN app. We haven’t yet evaluated this option for iOS.</p>
<h2>How to use custom DNS</h2>
<p>To use this setting in the app, open <strong>Settings > Advanced</strong>, then enable <strong>Use custom DNS server</strong>.</p>
<h3>Using a public server?</h3>
<p>If you add a <em>public</em> DNS server, you’ll get a pop-up that says, “Currently we only support local DNS servers.” Simply ignore the message and click “Add anyway”. This outdated message is hard-coded into the app and will remain there until we release new app versions.</p>
<h3>How do I know it’s working?</h3>
<p>To verify that your custom DNS server is being used, <a href="https://mullvad.net/check/">go to our connection check page</a>. An indication that it’s working is if the DNS box is red and says “Leaking DNS servers”. If you know the public IP address of your custom DNS server, you can expand the box to verify that it’s listed.</p>
<h3>It’s not working. Now what?</h3>
<p>Generate a new WireGuard® key for your device: Settings > Advanced > WireGuard key > Regenerate key.</p>
<h2>Privacy and the role of DNS servers</h2>
<p><strong>Using a custom DNS server can have potential downsides to your privacy.</strong> So why do we, as a privacy-focused VPN, offer the option?</p>
<p>(Read more: <a href="https://mullvad.net/help/all-about-dns-servers-and-privacy/">Why DNS servers are important from a privacy perspective</a>)</p>
<p>While we strive to make privacy accessible to all, we know that everyone has different needs. Many of our customers have requested custom DNS and their reasons might be just as diverse, such as for filtering services, ad blocking, or better performance.</p>
<p>Even though using a custom DNS server can potentially decrease privacy, doing so with a VPN is better from a privacy perspective than without. We therefore choose to offer options that <strong>allow people to find a privacy solution that best fits them</strong>. That is, until we create even better alternatives.</p>
<h2>What about encrypted DNS?</h2>
<p>Encrypted DNS is something entirely different and isn’t supported in the app. If you’re still curious, then check out the beta version of our new <a href="https://mullvad.net/help/dns-over-https-and-dns-over-tls/">public DNS service</a> which utilizes encrypted DNS and offers DoH and DoT.</p>
<p>--<br />
"WireGuard" is a registered trademark of Jason A. Donenfeld.</p>SOCKS for expats – try ours on for a better browsing experience2021-04-08T07:55:57.198658+00:00https://www.mullvad.net/fr/blog/2021/4/8/socks-for-expats-try-ours-on-for-a-better-browsing-experience/<p>If you’ve got your feet (and your browsing habits) planted in two different countries, you might want to try our SOCKS proxy – utilitarian but beautifully knitted together with our WireGuard® servers.</p>
<p>Let’s say you live in Japan but are originally from Canada. You want most applications on your computer to connect through a Tokyo-based VPN server. But you still want to access local Canadian news sites without the hassle of switching VPN locations when you do this.</p>
<p>Our implementation of the SOCKS proxy makes this possible because you can precisely specify where you want to use it. In this scenario, simply configure only your browser to be routed through a Canadian VPN server.</p>
<p>You can go one step further: designate one browser purely for your Canadian news feed and another one for Japanese browsing = Magic!</p>
<h2>We offer fancy SOCKS</h2>
<p>Some implementations of SOCKS proxies are outward facing, meaning that your traffic isn’t secure. But with ours, your traffic is always encrypted. This is because we establish the proxy inside our encrypted tunnel.</p>
<p>And if you forget to connect the Mullvad VPN app, connecting to the proxy also won’t happen which means your browser traffic won’t leak.</p>
<p>Another little benefit: you won’t experience as many of those annoying CAPTCHAs.</p>
<h2>11 steps to SOCKS success</h2>
<p>Ready to see the magic for yourself? Here’s how, using the Firefox desktop browser! (For other browsers, see our detailed <a href="https://mullvad.net/help/socks5-proxy/">SOCKS guide</a>.)</p>
<h3>First, choose your proxy server</h3>
<ol>
<li>Go to our <a href="https://mullvad.net/servers/">Servers page</a> and choose a WireGuard® server in the country that you want to route your browser through.</li>
<li>Click on the server to reveal the SOCKS5 proxy address.</li>
<li>Copy the address up to and including “.net”, for example <code>ca10-wg.socks5.mullvad.net</code>.</li>
</ol>
<h3>Next, set up your browser</h3>
<ol>
<li>In a Firefox browser window, click the menu button and choose <strong>Options</strong>.</li>
<li>In the search box, type “<strong>socks</strong>”, then click on the <strong>Settings</strong> button in the results.</li>
<li>Choose <strong>Manual proxy configuration</strong>.</li>
<li>Next to <strong>SOCKS Host</strong>, paste the address you copied earlier.</li>
<li>Next to <strong>Port</strong>, enter “1080”.</li>
<li>Under this, choose <strong>SOCKS v5</strong>.</li>
<li>Check the box for <strong>Proxy DNS when using SOCKS v5</strong>.</li>
<li>Click <strong>OK</strong>.</li>
</ol>
<h3>Finally, experience the magic!</h3>
<p>Now for the fun part.</p>
<ol>
<li>In your newly configured Firefox browser, open our <a href="https://mullvad.net/check/">Connection check page</a>.</li>
<li>Click on “Using Mullvad VPN” to expand the details.</li>
<li>You should see that you are using the SOCKS proxy through the server you chose.</li>
<li>For extra credit, open a different browser and repeat steps 1 and 2. This time, you should see the server that you have selected in the Mullvad VPN app. Mind = blown.</li>
</ol>
<p>--<br />
"WireGuard" is a registered trademark of Jason A. Donenfeld.</p>Four-month drought is over! New Android release is here (2021.1-beta1)2021-04-06T13:56:53.345793+00:00https://www.mullvad.net/fr/blog/2021/4/6/four-month-drought-over-new-android-release-here-20211-beta1/<p>While you’ve been waiting, we’ve been busy! Read about the latest Mullvad VPN app release for Android, which includes support for custom (local) DNS servers, Burmese translation and more.</p>
<h2>What’s new</h2>
<h3>Support for custom, local DNS servers</h3>
<p>We just released this much-requested feature to our desktop app, and now it’s here on Android too! Currently, the setting only works for local DNS servers.</p>
<p>You can find it under <strong>Advanced settings > Use custom DNS server</strong>, and you will also need to enable <strong>Local network sharing</strong>.</p>
<h3>We speak မြန်မာဘာသာ</h3>
<p>Not quite, but the Android version is now translated and available in the <strong>Burmese language</strong>.</p>
<h3>View app logs</h3>
<p>In the problem report form, we’ve added a <strong>“View app logs” button</strong> which allows you to (you guessed it) view your app’s anonymized log files.</p>
<h3>Quicker access to FAQs and guides</h3>
<p>Want to know how a particular app setting works or have a question? Go into <strong>Settings</strong> and tap on <strong>FAQs and Guides</strong>; you’ll be redirected to the Help section of our website.</p>
<h3>Smarter split tunneling screen</h3>
<p>The list of apps in the split tunneling screen is now considerably shorter and more relevant. Only apps that have Internet permission and can be launched are shown.</p>
<h3>Minor but mentionable</h3>
<ul>
<li>WireGuard® keys are now rotated every four days instead of seven.</li>
<li>The app will only download a new server list if it has been modified.</li>
<li>We made a few changes to improve the experience of using the app on Android TVs.</li>
<li>In the login field, the app now locally remembers just one account number instead of three. We might remove this feature altogether; let us know what you think.</li>
<li>We applied various fixes to improve the app’s design and made the user experience less buggy.</li>
</ul>
<h2>Download the app</h2>
<p>Choose your preferred platform:</p>
<ul>
<li><a href="https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn">Download Mullvad VPN on Google Play.</a></li>
<li><a href="https://f-droid.org/packages/net.mullvad.mullvadvpn/">Download Mullvad VPN on F-Droid.</a></li>
<li><a href="https://mullvad.net/download/app/apk/latest-beta/">Download the .apk file from our website.</a></li>
</ul>
<p>We've got an <a href="https://mullvad.net/help/install-mullvad-app-android/">Android set-up guide</a> if you need help with installation and usage.</p>
<p>We appreciate all feedback and problem reports that come in, so keep them coming! Knowing what you experience helps us to more quickly identify issues and gets us one step closer to that first stable release. Send your feedback to <a href="mailto:support@mullvad.net">support@mullvad.net</a>. And thank you in advance!</p>
<p>--<br />
"WireGuard" is a registered trademark of Jason A. Donenfeld.</p>Step up your privacy game with encrypted email (not just for techies)2021-03-31T06:45:30.476674+00:00https://www.mullvad.net/fr/blog/2021/3/31/step-your-privacy-game-encrypted-email-not-just-techies/<p>As a kid, did you also assign each letter of the alphabet to another and write secret messages to your friends, perhaps even invisibly with lemon juice?</p>
<p>Caesar or Atbash cipher is a great start, but it isn’t very secure, online. Making the leap to <strong>communicating with encrypted emails</strong> isn’t very difficult, and it’s a great way to improve your online privacy game.</p>
<p>In fact, our guide on <a href="https://mullvad.net/help/using-encrypted-email/">how to send and receive encrypted email</a> walks you through those steps. With the newest release of Mozilla’s email program Thunderbird, it’s even easier.</p>
<p>So gather those childhood friends of yours, have a key generating party, and reclaim your private conversations with them. This time using encryption that’s a bit harder to crack.</p>
<p><em>One step closer to privacy online,</em><br />
Mullvad VPN</p>Update: A minor change in our Terms of service2021-03-22T13:28:56+00:00https://www.mullvad.net/fr/blog/2021/3/22/minor-change-our-terms-service/<p>As strong believers in privacy and as allergic to any static information we made a minor change in our Terms of service. Port forwarding is no longer allowed on an account with an active subscription.</p>
<p>This does not impact "one-time payments".</p>
<p>This is only applicable to PayPal or credit card subscriptions.</p>
<p>You can see our payment options here: <a href="https://mullvad.net/account/">https://mullvad.net/account/</a></p>
<p><strong>It is therefore not possible to:</strong></p>
<ol>
<li>Add forwarding ports to accounts that has a subscription</li>
<li>Add a subscription to an account that has forwarded ports</li>
</ol>
<p><a href="https://mullvad.net/help/terms-service/">Our Terms of service</a></p>
<h2>Questions</h2>
<p>Send an email straight to <a href="mailto:support@mullvad.net">support@mullvad.net</a></p>
<p><a href="https://mullvad.net/media/mullvad-support-mail.asc">GPG key</a></p>Fresh catch: iOS release (2021.1) swims upstream2021-03-18T07:02:34+00:00https://www.mullvad.net/fr/blog/2021/3/18/fresh-catch-ios-release-20211-swims-upstream/<p>Be part of the bigger picture! Simply get the newest release of the Mullvad VPN app for iOS, and you’ll have some updated code in your pocket that we’ve made available to the wider community.</p>
<p>The list of new features is short; read on to learn why. And stay tuned: we’ve got some new iOS stuff in the works, including support for iPad!</p>
<h2>What’s new</h2>
<h3>In-app problem reporting</h3>
<p>We hope we won’t give you a reason to report an issue, but if you need to, the iOS version now offers an in-app report form.</p>
<p>An email address isn’t necessary so you can still remain anonymous. Your app’s log files, which are attached to your message, will be anonymized before being securely sent to us.</p>
<h3>WireGuardKit gets upstreamed</h3>
<p>Over the past few months our iOS team has been focusing its efforts on WireGuardKit, an open-source software library that both our app and the official WireGuard® app now use.</p>
<p>We bundled up all the improvements into a more generic framework and <a href="https://lists.zx2c4.com/pipermail/wireguard/2020-December/006161.html">merged them with WireGuard’s official code</a>, making it easier for anyone wanting to use WireGuard in their iOS apps.</p>
<h2>Download the app</h2>
<p>Download <a href="https://apps.apple.com/app/mullvad-vpn/id1488466513">Mullvad VPN on the App Store</a>. We've got a <a href="https://mullvad.net/help/using-mullvad-app-on-ios/">user guide</a> if you need help with installation and usage.</p>
<p><br />
--<br />
"WireGuard" is a registered trademark of Jason A. Donenfeld.</p>Making ourselves more instantly available in central Europe2021-03-16T07:36:50+00:00https://www.mullvad.net/fr/blog/2021/3/16/making-ourselves-more-instantly-available-central-europe/<p>Hallo Deutschland, Österreich, Nederland en België! Coucou la Belgique ! Witaj Polsko! Announcing Mullvad’s biggest payment method expansion ever: now you can top up your account with either giropay, EPS, iDEAL, Bancontact or Przelewy24.</p>
<p>With our ambition to be easy to use and after payment suggestions from customers (thank you!), we happily announce the addition of five European payment methods.</p>
<p>We reserve ourselves from any bugs and welcome you to send feedback to <a href="mailto:support@mullvad.net">support@mullvad.net</a>. Please save your cryptocurrency payment requests for another time; we are doing our best to investigate potential additions to that payment section as well.</p>
<h2>Our five new payment methods</h2>
<ul>
<li><strong>giropay</strong> is a German payment method based on online banking.</li>
<li><strong>EPS</strong> is an Austria-based payment method that allows customers to complete transactions online using their bank credentials.</li>
<li><strong>iDEAL</strong> is the most popular online payment method in the Netherlands.</li>
<li><strong>Bancontact</strong> is the most popular and secure online payment method in Belgium.</li>
<li><strong>Przelewy24</strong> is a Poland-based payment method aggregator that allows customers to complete transactions online using bank transfers and other methods.</li>
</ul>
<p><a href="https://mullvad.net/account/#/">Top up my account right away</a></p>
<h2>Timestamp is deleted 40 days after payment</h2>
<p>These five payment methods go through Stripe, and in our <a href="https://mullvad.net/help/no-logging-data-policy/#payments">no-logging of user activity policy</a> you can read about which kind of information we store for 40 days.</p>
<p>Here's the information we store for payments via Stripe:</p>
<pre>
payment | account number | amount | currency | timestamp* | stripe_charge_id*
xxxxxx | xxxxxxxxxxxx | 10 | EUR | 2016-12-15 20:42:26 | xxxxxxxxx</pre>
<p>*stripe_charge_id and the time part (hh:mm:ss) of timestamp is deleted 40 days after payment.</p>
<p> </p>
<p><em>For the universal right to privacy – five new payment methods at a time,</em><br />
Mullvad VPN</p>Mullvad DoH and DoT – beta release2021-03-03T08:18:40+00:00https://www.mullvad.net/fr/blog/2021/3/3/mullvad-doh-and-dot-beta-release/<p>We have released a beta of our encrypted DNS. Hosted and created by us, an audited non-logging VPN service. We are thirsting for your input before we take this service to the next level.</p>
<p>Starting today, we now have a public DNS service up as a <strong>beta</strong> that offers DNS over HTTPS (DoH) and DNS over TLS (DoT), with QNAME minimization and basic ad blocking. It has been <a href="https://www.assured.se/publications/Assured_Mullvad_DoH_server_audit_report.pdf">audited by the security experts at Assured.</a></p>
<p>Our DoH/DoT servers are located in AU, US, DE, GB, SG, and SE. If you follow our <a href="https://mullvad.net/help/dns-over-https-and-dns-over-tls/">guide</a> and use Mullvad’s DNS, you should get the nearest server.</p>
<p>DoH/DoT is not necessarily more private or secure than our normal DNS running on our VPN servers, but it acts like kind of a safe guard for DNS.</p>
<p>If your VPN is turned off, DNS requests will travel encrypted to Mullvad and will not be visible in cleartext to your ISP. Make sure your lookups are not sent in cleartext – even when your VPN is turned off.</p>
<h2>Our two DoH services</h2>
<p>Ad-blocking version – <a href="https://adblock.doh.mullvad.net/">adblock.doh.mullvad.net</a></p>
<p>Without ad blocking – <a href="https://doh.mullvad.net/">doh.mullvad.net</a></p>
<p>Check out our <a href="https://mullvad.net/help/dns-over-https-and-dns-over-tls/">guide</a>.</p>
<h2>What value does Mullvad DoH offer?</h2>
<ul>
<li>If you are planning to use DoH, now you have an option to select one with a focus on privacy (<a href="https://mullvad.net/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/">infrastructure audited</a>).</li>
<li>It works without a VPN, it works for non-Mullvad customers, and it even works if you use another VPN provider.</li>
<li>If you forget to turn on your VPN, it still runs and offers somewhat more privacy.</li>
</ul>
<h2>Why are DNS servers important from a privacy perspective?</h2>
<p>A DNS (Domain Name System) server is the first point of contact that your browser makes when you try to access information over the Internet. This is the case for every URL you visit, every file you download, and every image that loads on a website, including ads.</p>
<p>Since your browser contacts the DNS server for each and every new domain name request, the DNS server will know which websites you are looking at and links from that pages to other resources (like ads).</p>
<p>Therefore, you are constantly leaking information about what you are doing, and when, to your DNS server provider, which is usually your ISP (Internet Service Provider).</p>
<h2>DoH can increase your privacy</h2>
<p>DNS over HTTPS (DoH) can increase your privacy and security by performing DNS resolution via the encrypted HTTPS protocol. It also prevents eavesdropping and manipulation of DNS data by man-in-the-middle attacks.</p>
<p>However, the individual or company operating your DoH server can still see everything you do. If you have privacy concerns, it is therefore important to select a DoH server that your trust, and in a country where the <a href="https://mullvad.net/help/swedish-legislation/">laws comply with privacy</a>.</p>
<p><em>For the universal right to privacy,</em><br />
Mullvad VPN</p>Don’t duck the issue – consider your privacy and search engines2021-02-24T09:33:49+00:00https://www.mullvad.net/fr/blog/2021/2/24/dont-duck-the-issue-consider-your-privacy-and-search-engines/<p>Is your search engine tracking and saving your every query? If this sounds like an invasion of your privacy, give them the slip by using a privacy-friendly alternative.</p>
<p>Thanks to the ubiquitous search engine, we can freely and easily get relevant answers to persistent questions like “How do I make a time machine?” and “What does a mole look like from the neck down?”</p>
<p>But online privacy suffers at the convenience of “free”, “easy”, and “relevant”.</p>
<h2>How to determine if sacrificing your privacy is worth it</h2>
<p>Here are 3 questions to help you determine if the convenience of your search engine is truly worth it.</p>
<h3>Am I ok with revealing my medical history to strangers?</h3>
<p>We’ve all done it, searched online for answers to intimate questions about our health, relationships, and finances. Many search engines not only save that info but also share it with their advertisers.</p>
<h3>Do I like it when ads track me everywhere?</h3>
<p>With the help of various hidden techniques, like embedded cookies and favicons, a search engine’s advertising network is able to track you well after you’ve left the search page. That’s why if you search for “jeans”, jeans ads will be all over you like a bad rash.</p>
<h3>Do I need customized results for this particular search?</h3>
<p>Sometimes the convenience of results tailored to your preferences or current location, like a nearby restaurant that caters to your diet, is worth it – and that’s ok. Consider using one search engine for those queries and a privacy-friendly one for everything else.</p>
<h2>DuckDuckGo – a privacy-friendly search alternative</h2>
<p>If you’re interested in taking back some of your online privacy, then check out <a href="https://duckduckgo.com/">DuckDuckGo</a>.</p>
<p>Although its name falls short of becoming a verb – “I DuckDuckGo’d that movie you told me about!” – it ticks the boxes for keeping searches private:</p>
<ul>
<li>DuckDuckGo’s privacy policy states that it “does not collect or share personal information.”</li>
<li>DuckDuckGo does make money from ads. However, since they don’t save your search history, the ads are generated only from your current search.</li>
<li>DuckDuckGo doesn’t use tracking cookies.</li>
</ul>
<p>Remember, reclaiming your online privacy can’t be achieved with one magical tool. It’s about replacing your habits and tools with more privacy-focused options.</p>
<p>Motivated to take the next step? Choose from our list of <a href="https://mullvad.net/help/first-steps-towards-online-privacy/">simple, privacy-friendly actions</a>.</p>
<p><em>For the universal right to privacy,</em><br />
Mullvad VPN</p>Long-awaited feature introduced to desktop app (2021.1)2021-02-11T08:31:37+00:00https://www.mullvad.net/fr/blog/2021/2/11/long-awaited-feature-introduced-desktop-app-20211/<p>This stable release for desktop makes using custom (local) DNS servers a reality! Get the latest Mullvad VPN app for Windows, macOS, and Linux.</p>
<h2>What’s new</h2>
<h3>Support for custom, local DNS servers</h3>
<p>Many of you have been requesting this feature for years. Thanks for hanging in there! Found under the Advanced settings, this currently only works for local DNS servers.</p>
<h3>New hotkey</h3>
<p>Hit the Esc key while in the app to automatically navigate to the connection screen.</p>
<h3>Unpin app from Windows taskbar</h3>
<p>This new Windows feature, under the Preferences menu, allows you to move the app interface around on the desktop.</p>
<h3>Music to some ears</h3>
<p>We’ve improved the app’s accessibility which can now be used with a screen reader.</p>
<h3>Turkish delight</h3>
<p>For the Turkish translation of the bridge feature, the “on” and “off” settings are now correctly labeled.</p>
<h3>OpenVPN improvements</h3>
<p>We upgraded our client-side OpenVPN to 2.5.0. This allowed us to improve our Windows app which now uses Wintun instead of the OpenVPN TAP driver. In addition, we now force OpenVPN to use TLS 1.3 or newer.</p>
<h3>Security-related</h3>
<ul>
<li>[Linux] We addressed the CVE-2019-14899 vulnerability as it pertains to IPv6 addresses (we <a href="https://mullvad.net/blog/2019/12/6/closer-look-vpn-vulnerability-cve-2019-14899/">previously</a> fixed the issue for IPv4).</li>
<li>[Windows] We added special firewall rules that prevent unlikely but potential leaks early on during the boot-up sequence, before Windows enables its own firewall.</li>
</ul>
<h3>Minor but mentionable</h3>
<ul>
<li>The default setting for Auto-connect has been changed to “off”, and the app now respects this setting during login. In other words, when you log in with Auto-connect disabled, the app will not automatically connect.</li>
<li>To counter censorship, we no longer use DNS to contact our API.</li>
<li>When the app queries our API for updates, it now includes the version of the device’s operating system. This will help us to more effectively release version-specific updates or vulnerability fixes.</li>
</ul>
<h3>Download the app</h3>
<p><a href="https://mullvad.net/download">Download the Mullvad VPN app</a>. If needed, we've got <a href="https://mullvad.net/guides/category/mullvad-app/">help guides</a> for installation and usage.</p>
<p>Know of someone unable to access our website? Point them to <a href="http://xcln5hkbriyklr6n.onion/">Mullvad’s onion</a> address on Tor or to <a href="https://github.com/mullvad">Mullvad on GitHub</a>.</p>
<p>--<br />
"WireGuard" is a registered trademark of Jason A. Donenfeld.</p>Unfortunate port shortage2021-02-10T12:21:49+00:00https://www.mullvad.net/fr/blog/2021/2/10/unfortunate-port-shortage/<p>That's it. We are officially out of ports. We knew this day would come; that 16 bits of memory in the TCP packet simply wouldn't be enough to provide port forwarding for everyone.</p>
<p>That's why, from now on, it will no longer be possible to request a port that will forward inbound traffic through whichever server you are connected to. However, we didn't want to abandon this feature entirely, so we came up with a compromise: Allocate ports on a per-city basis. This means that in order to request a port, you have to select a city and as long as you are connected to a server within that city, inbound traffic to that port will be forwarded as usual.</p>
<p>If you currently have port forwarding set up with "global" ports assigned to your account, they will keep working on all servers for the time being. They will eventually have to be reclaimed however and we will give you a heads up before that happens but to guarantee a stable service, we recommend that you replace your current ports with city-specific ports at earliest convenience.</p>
<p>We apologize for having to impose this additional constraint on the service. This decades-old protocol simply wasn't built for this and we have stretched it to its very limit.</p>
<p>If you don't know what any of this technobabble means, this probably doesn't apply to you! Port-forwarding is after all a niche feature and unless you belong to that niche, none of this will affect you.</p>
<p><em>For the universal right to privacy,</em><br />
Mullvad VPN</p>Why we don't have servers everywhere2021-02-08T12:27:37+00:00https://www.mullvad.net/fr/blog/2021/2/8/why-we-dont-have-servers-everywhere/<p>Whenever you or our other dear customers reach out asking if we could please, please, pleeeease, set up a server in your country, those pleas do not go unnoticed.</p>
<p>As with most choices in life, there are always upsides and downsides, and choosing where to put servers is no exception.</p>
<p>Since we're a company built on the trust of our customers (we’re a VPN provider, in case you randomly stumbled upon this article), we need to trust everything along the VPN supply chain, including the hosting providers of <a href="https://mullvad.net/help/server-list/">our servers</a>.</p>
<p>If we could wave a wand and have servers magically appear wherever they’re needed, we would! But in reality, we have to take many factors into consideration: network performance of the location in question, cost of the server, and if the provider has IPv6 or allows peer-to-peer networking are just a few. Many hosting providers don’t even want to deal with VPN providers for fear of network abuse or DMCA requests.</p>
<p>When we’ve finally found a potential server provider that meets a certain benchmark, we go through a long and time-consuming checklist to ensure our trust in them. And that’s before we’ve even begun our long and time-consuming process of actually setting up and configuring <a href="https://mullvad.net/servers/">actual servers!</a></p>
<p>So, dear customers, we hear you! And we are constantly searching for hosts that are worthy of our trust and, most importantly, yours.</p>
<p><em>For the universal right to privacy,</em><br />
Mullvad VPN</p>We have upgraded all our OpenVPN servers to OpenVPN 2.52021-02-04T15:03:50+00:00https://www.mullvad.net/fr/blog/2021/2/4/we-have-upgraded-all-our-openvpn-servers-openvpn-25/<p>By upgrading OpenVPN to 2.5 on our server side, we have improved some security issues that our audit highlighted and enabled support for ChaCha20-Poly1305 in the process.</p>
<p>The final parts of our 2020 Infrastructure audit report are now in place; an upgrade to OpenVPN 2.5 on all our OpenVPN. This improves some security issues that our audit highlighted, in the form of <em>MUL-03-008</em>. The most ideal solution we found was to upgrade OpenVPN and the relevant code at the same time.</p>
<p>As a bonus we have removed Blowfish as one of our fallback ciphers and in its place we have added <em>ChaCha20-Poly1305</em>; the same that our WireGuard® relays make use of. Though we haven’t set ChaCha20-Poly1305 as the default, it is in place now for potential usage in future upgrades.</p>
<p>This upgrade to OpenVPN also scales the initial and ongoing performance of OpenVPN, the performance of network throughput along with our next App Beta can see speed improvements.</p>
<p>However, as with all positives, there also have to be some negatives: these changes have also meant that our server-side upgrade has removed support for client-side versions of OpenVPN lower than 2.4.</p>
<p>To read up exactly what technical issue we solved, have a look at our recently published <a href="https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/">Infrastructure audit</a>.</p>
<p>"WireGuard" is a registered trademark of Jason A. Donenfeld.</p>“Privacy is when restrooms have doors”2021-01-28T09:15:34+00:00https://www.mullvad.net/fr/blog/2021/1/28/privacy-is-when-restrooms-have-doors/<p>As kids, it’s something that our parents try to invade. Sometimes the only place we can find it is in the bathroom. On this year’s Data Privacy Day, we explore what privacy means to us.</p>
<p>“Privacy is a universal right” – that’s the definition our VPN service has upheld since the beginning. But what do the individuals that make up Team Mullvad think? We asked what privacy means to them and got a diverse range of answers.</p>
<p>“Privacy, for me in short, means that I am <strong>not being watched or tracked</strong>. I get to decide who/when/what information I want to share with the world.” — Mullvad UX/UI designer</p>
<p>“The <strong>freedom to limit</strong> how I expose myself to the world.” — Mullvad Android app developer</p>
<p>“Privacy for me is largely about <strong>self-determination</strong>. The definition of Alan Westin sums it up pretty well: ‘The right of the individual to decide what information about himself should be communicated to others and under what circumstances.’ This view implies the right to be "left alone" (Warren and Brandeis).” — Mullvad software developer</p>
<p>“Privacy is when restrooms have <strong>doors</strong>.” — Mullvad iOS app developer</p>
<p>“To me privacy means having a <strong>trusted space</strong> (physical or digital) where I can discuss, message, or write about matters that I define as private and with whom I invite into that space.” — Mullvad communicator</p>
<p>“Privacy <strong>prevents what I do, say, think, or feel from being used to manipulate</strong> or nudge me or those around me into thinking or doing things according to someone else's agenda. This is especially true on modern computers and phones that are connected to the internet where tracking is so fine-grained, all in a world where disinformation is abundant.” — Mullvad infrastructure engineer</p>
<p>What are your views on privacy? Feel free to join our conversation on <a href="https://twitter.com/mullvadnet">Twitter</a> or <a href="https://mastodon.online/@mullvadnet">Mastodon</a>, or find your own private space to discuss with people of your own choosing!</p>
<p><em>For the universal right to privacy,</em><br />
Mullvad VPN</p>Problem resolved: API problem 2021-01-272021-01-27T08:17:31+00:00https://www.mullvad.net/fr/blog/2021/1/27/APIproblem2021-01-27/<p>Problem resolved: 9.47am CET<br />
<br />
8.17am CET: We currently have problem with our API. Some part of our homepage such as payment and time left in the app currently does not work. Work in progress.</p>No PII or privacy leaks found in Cure53's Infrastructure audit2021-01-20T07:42:55+00:00https://www.mullvad.net/fr/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/<p>We invite you to read the final report of the first security-focused audit on Mullvad’s infrastructure, completed in December 2020.</p>
<p>As Mullvad exists to protect users and their data, we are rather happy with independent auditor Cure53's statement, “The security awareness and overall security posture should be regarded as rather good, as expected Cure53 were not able to discover any Personally-Identifiable-Information attached to Mullvad's end-users.”</p>
<p>The <a href="https://cure53.de/pentest-report_mullvad_2021_v1.pdf">audit report</a> is available on Cure53's website.</p>
<h2>Overview of findings</h2>
<ul>
<li>Cure53 did not find any Personally Identifiable Information (PII) or potentially privacy-compromising information.</li>
<li>Cure53 identified six (6) vulnerabilities that ranged from “informative” to “high”.</li>
<li>An additional six (6) miscellaneous issues were noted, again ranging from informative to high. Below you can see our responses to a select few of Cure53’s findings.</li>
<li>We have resolutions to all of the vulnerabilities that Cure53 identified. Some are already in place while the rest will be rolled out in the coming days after proper testing.</li>
</ul>
<p><strong>Key takeaway:</strong> Mullvad is now audited on both the infrastructure and the app! Completing external and regular audits on the entirety of our VPN service has been a long-term goal of ours.</p>
<h2>Identified vulnerabilities of interest</h2>
<h3>MUL-03-005 WP2: OpenVPN users can be disconnected by attackers (High)</h3>
<p><strong>To quote Cure53:</strong> “It was found that attackers can close the connection of other OpenVPN peers who are using the same entry gate. An OpenVPN monitor.py script frequently connects to the OpenVPN management interface of an OpenVPN-configured server instance. The script intends to fetch all connected OpenVPN users and check through the API if any of these accounts are expired. Finally, expired accounts are disconnected via the client-kill command issued through the OpenVPN management interface.”</p>
<p><strong>Our comments:</strong> Cure53 found this vulnerability in a script that had not been updated in some time. We have never experienced this vulnerability having been exploited. We have since deployed fixes for this exploit by improving the input sanitization on the client's username.</p>
<h3>MUL-03-002 WP2: OpenVPN user-authentication can be bypassed (Medium)</h3>
<p><strong>To quote Cure53:</strong> “It was found that attackers could make use of Mullvad’s OpenVPN service without paying for it.”</p>
<p><strong>Our comments:</strong> There is a fine line between preserving a high uptime and losing potentially happy customers. We felt that our original approach was a good balance between the two.</p>
<p>This vulnerability identified our approach for <em>if and when</em> our API were to become unavailable, specifically for OpenVPN relays. The negative implication identified by Cure53 was that malicious individuals or bots could have gained free time on our OpenVPN relays.</p>
<p>For paying customers, functionality on OpenVPN relays should still be available as before in the event of API downtime, while abuse prevention has been upgraded.</p>
<h2>Miscellaneous issues of interest</h2>
<h3>MUL-03-010 WP2: Insecure Docker configuration leads to breakout (High)</h3>
<p><strong>To quote Cure53:</strong> “The overall Docker configuration offers neither additional separation nor further security boundaries for the host environment. The configuration concerns addresses should be further investigated by Mullvad, in order to determine if the use of docker as a technology stack offers any meaningful performance or security enhancing features for the overall integrity of the hosts. If this results in a decision to further use docker an overall hardening project should be initiated in order to minimize the attack surface of the current configuration.”</p>
<p><strong>Our comments:</strong> Docker, on the VPN relays, is not being used to compartmentalize from a security perspective, but rather to improve dependency handling for services that rely on differing software versions.</p>
<p>We have resolved their areas of concern as they stand now, but the focus going forward will be to move toward a <a href="https://mullvad.net/blog/2019/6/3/system-transparency-future/">more trustworthy and transparent infrastructure.</a></p>
<h3>MUL-03-001: Timing-unsafe comparison used in authentication (Low)</h3>
<p><strong>To quote Cure53:</strong> “It was found that the web application uses the SQL timing-unsafe comparison operator to query the account identified by the account token from the database. This induces a linear relationship between the runtime of the query and the equivalent prefix-length of the queried account-token, which is compared with the account tokens of the stored data.”</p>
<p><strong>Our comments:</strong> We determined that the proper solution to this problem would require some refactoring of the account database that we were not prepared to do on short notice. Given that the vulnerability was considered a low risk and that it would require a fairly involved attack to exploit, we decided not to act on it immediately. It will be fixed in the weeks to come.</p>
<h3>MUL-03-006 WP2: Shadowsocks-libev outdated and runs as root (Low)</h3>
<p><strong>To quote Cure53:</strong> “It was found that the shadowsocks-libev library version 3.1.3 is outdated and vulnerable to multiple known attack-vectors that led to the decryption of the encrypted traffic. This induces the risk of VPN-usage-detection by censors, next to a publicly known static key. At the same time, one of the ss-server instances runs as root, therefore exposing an unnecessarily elevated risk.</p>
<p>”It is recommended that the ss-server runs as a standard user on a port that requires no root privileges. Port-forwarding could be deployed via iptables to route all traffic destined to the root port(443) to the non-root port of the ss-server. Additionally, it should be considered to use a different Socks proxy that deploys user-authentication instead of a static key in order to circumvent potential censorship.</p>
<p>”Note: This issue is not applicable to VPN traffic that passes through. The integrity of these services is protected by the use of the encryption schemes offered by OpenVPN and WireGuard.”</p>
<p><strong>Our Comments:</strong> The public static key is a design choice so that users can connect to the server without credentials. Running the ss-server process as root for port 443 has been fixed. We will update our Shadowsocks servers to change ciphers that will coincide with an app release.</p>
<h3>Our intentions to perform regular audits</h3>
<p>Now that we’ve completed the first-ever audit on our infrastructure, we will endeavor to do so on a yearly basis, <a href="https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/">just like our app audits</a>. Our future audits will revolve more predominantly around our System Transparency focus.</p>
<p><em>For the universal right to privacy,</em><br />
Mullvad</p>Three signals of a more privacy-friendly messaging app2021-01-15T10:14:38+00:00https://www.mullvad.net/fr/blog/2021/1/15/three-signals-more-privacy-friendly-messaging-app/<p>Does your messaging app truly respect your privacy? Here are a few simple questions to ask to get a helpful answer. Plus, we tell you which messaging tool sends us all the right signals.</p>
<p>When a friend visits your home, you probably take for granted that your conversations are private. And the idea of someone keeping track of when you come and go, who visits, and how long they stay is something only found in a gripping thriller, right?</p>
<p>Now that most of our interactions have gone online, how do you know that your digital communications and encompassing habits are also private? Here are few ways to tell if a messaging app is privacy-friendly.</p>
<h2>1. Does it use end-to-end encryption?</h2>
<p>While it’s a buzzphrase, end-to-end encryption (E2EE) used in messaging apps ensures that <strong>the content of your chats can’t be accessed by anyone</strong> (not even the app provider) except you and your conversation partner(s).</p>
<h2>2. Why is it free?</h2>
<p>In a world of <a href="https://mullvad.net/blog/2019/10/30/big-data-big-no/">big data</a>, when you don’t pay for a product or service, it’s very likely that <strong>you are the product</strong>. Find out how the company is otherwise funded and what its long-term goals are.</p>
<h2>3. Do the terms of service promote privacy?</h2>
<p>E2EE is all well and good, but the app may be <strong>collecting unnecessary metadata</strong> about your usage or device. The company’s terms of service agreement is a great place to read which data is collected, how that data is used, and if it’s shared with third parties.</p>
<h2>Signal sends all the right ones</h2>
<p>If you’re on the hunt for a privacy-worthy messaging app, take a look at <a href="https://signal.org/">Signal</a>, an open-source option that we have used for years. Here’s how it measures up against our own set of questions:</p>
<ul>
<li>Signal uses end-to-end encryption.</li>
<li>Signal is owned and funded by the nonprofit Signal Foundation whose mission is “to develop open source privacy technology that protects free expression and enables secure global communication.”</li>
<li>Signal’s terms of service states that it “does not sell, rent or monetize your personal data or content in any way - ever.”</li>
</ul>
<p>As always, do your homework! Your privacy, now and in the future, is worth it!</p>A review of an API and certificate issue during the holidays2021-01-08T08:18:03+00:00https://www.mullvad.net/fr/blog/2021/1/8/review-api-and-certificate-issue-during-holidays/<p>Over the Christmas holiday, we were alerted to and fixed an API issue that briefly prevented customers from making payments and creating new accounts. We invite you behind the scenes to learn what happened.</p>
<h2>Overview of what happened</h2>
<p>On 29 December 2020 we were alerted to our API not responding as it should. Initial inspection gave us the impression that our Keepalived service (used for sharing a floating IP to a healthy node) was not functioning correctly as a result of an incorrectly renewed Let’s Encrypt certificate.</p>
<p>Over the course of five hours, we investigated the issue and deployed a fix that forces our app to use the correct intermediate certificate.</p>
<p>We verified after the fact that the hard coding of our intermediate certificate (performed within our Certbot Dockerfile over the summer of 2020) caused the problem.</p>
<h2>How this affected customers</h2>
<p>During this time, customers were unable to generate new accounts and make payments to existing ones.</p>
<h2>Contributing factors</h2>
<p>We mistakenly assumed that Let’s Encrypt would not change their default intermediate certificate (the one we were using) before the X3 version was to be invalidated on 17 March 2021, <a href="https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.txt">as shown on Let’s Encrypt’s website.</a></p>
<p>Using historical certificates as reference, the <a href="https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.txt">X2 version expired</a> on 20 October 2020. Looking at X2 helped us confirm that Certbot starts using newer intermediate certificates before the old ones expire.</p>
<p>What caused our issue was that the intermediate certificate, R3, starting being used before the X3 intermediate certificate (that our Certbot had opted to use on our servers) became invalid.</p>
<h2>Our long-term solution</h2>
<p>We have prepared a long-term solution that will prevent the issue from happening again. It will be deployed before the end of this month and will coincide with the renewal of our Let’s Encrypt certificates across all of our web-facing applications.</p>
<h2>Detailed timeline of events</h2>
<p>All times are local time, Sweden.</p>
<ul>
<li>2020-12-29 13:15 The Infrastructure and Services teams are alerted to a somewhat faulty API.</li>
<li>2020-12-29 13:50 Investigation begins with members of both teams after they have all gathered online.</li>
<li>2020-12-29 14:15 Our initial investigation is completed, and we start deploying potential fixes to what we think is the issue, relating to Keepalived.</li>
<li>2020-12-29 14:30 We add further tweaks to mitigate the Keepalived issue to add static networking settings. This is a temporary workaround.</li>
<li>2020-12-29 14:45 Continuing with investigation leads us to read through our Nginx configuration and Nginx error logs (here we can view only the server-side errors, no user data can be found here as you would expect). Research is ongoing, with other team members helping where appropriate, and some tweaks are prepared to be deployed.</li>
<li>2020-12-29 15:00 We deploy some tweaks to our Nginx configuration, then monitor the situation and keep investigating.</li>
<li>2020-12-29 15:30 Discussions and theories about our Let’s Encrypt certificate being the issue start to come to light, and there are more direct workarounds in progress.</li>
<li>2020-12-29 16:00 The Let’s Encrypt theory seems to be correct, and work begins on a fix to be deployed.</li>
<li>2020-12-29 16:30 The fix is deployed to the main server in our API cluster and is resolved as functioning. This is then rolled out to the other servers in the cluster.</li>
<li>2020-12-29 17:45 After a postmortem and continued discussions across teams, the issue is marked as resolved.</li>
</ul>Ending support for 2020.3 and 2020.42021-01-07T12:17:02+00:00https://www.mullvad.net/fr/blog/2021/1/7/ending-support-20203-and-20204/<p>On January 28, app versions 2020.3 and 2020.4 will stop working as we are discontinuing support for them. Begin the New Year right update now to the latest, most secure version of Mullvad VPN.</p>
<p><a href="https://mullvad.net/download/">Download the latest app version.</a></p>
<p>All versions older than 2020.3 are already unsupported.</p>If we are seen, you won’t be - our marketing approach2021-01-05T07:36:01+00:00https://www.mullvad.net/fr/blog/2021/1/5/if-we-are-seen-you-wont-be-our-marketing-approach/<p><strong>Updated</strong>: 2021 October 05 (The incorrect statement regarding google ads was removed)<br />
<br />
Since our humble beginning, we’ve struggled with one question: how do we spread our message without supporting a data-hungry industry we don’t believe in? That’s why we've started using advertising methods that don’t track.</p>
<p>Starting this year, you may see us on national TV, in a newspaper article, or on a bus poster. Some, including us, might ask themselves: why spend on advertising when we could invest everything into improving our VPN service?</p>
<h2>Awareness and development go hand in hand</h2>
<p>We want to increase the awareness of Mullvad as a choice-worthy VPN provider and reach out to fellow privacy ninjas, and in doing so, enable more resources for the development of our service. With an increasing community, we will discover and learn about different needs and problems for us to address. Without being seen, we might lose that very same customer.</p>
<p>Ironically, we have to be seen so that you won’t. We will never pay for an opinion review. Instead, we’re opting for the unconventional journey by moving toward untraceable marketing. If that's even possible.</p>
<h2>For the universal right – again and again</h2>
<p>Our advertising must never be exaggerated, initiate fear, nor violate the universal right to privacy. Plain and simple, we’re just going to repeat the urge for that right. Then whomever sees our message can choose for themselves without seeing an endless parade of discount banners.</p>
<p><strong>Important disclaimer:</strong> Yes, we have tested different social media sites. And yes, we believe that we need to keep our presence there.</p>
<p><em>For the universal right to privacy,<br />
Mullvad VPN</em></p>Bring on 2021 - we’re ready!2020-12-14T06:00:44+00:00https://www.mullvad.net/fr/blog/2020/12/14/bring-on-2021-were-ready/<p>But first, our annual retrospective! In 2020, we launched our app on iOS (now on every major platform), made our first video, advertised on trams, and investigated a couple of laws.</p>
<h2>You are our keystone</h2>
<p>Thanks to you, we’ve been able to invest in our teams (they’ve all grown this year!) which has enabled us to reach new heights in the name of privacy. Whether you’ve been with us since 2009 or just recently found us, your support and feedback are so crucial and valuable. Thank you for this year, and yes, you can expect more from us in 2021!</p>
<h2>App, app, and away</h2>
<p>Built on minimal amount of code (WireGuard®) and after months of testing and years of development, we launched our app to the last major platform: iOS. Since April, we’ve been available on <a href="https://mullvad.net/download/windows/">Windows</a>, <a href="https://mullvad.net/download/macos/">macOS</a>, <a href="https://mullvad.net/download/linux/">Linux</a>, <a href="https://mullvad.net/download/ios/">iOS</a>, and <a href="https://mullvad.net/download/android/">Android</a>, all crafted with three ambitions:</p>
<ol>
<li>It’s easy to use, from installation to usage.</li>
<li>It’s privacy focused, from crucial features to <a href="https://mullvad.net/en/help/no-logging-data-policy/">our No-logging of user activity policy</a>.</li>
<li>It’s hopefully trustworthy, from external audits (<a href="https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/">by Cure53 in June</a>) to <a href="https://github.com/mullvad/mullvadvpn-app">open source code</a>.</li>
</ol>
<h2>New features 2020</h2>
<p>While there were many, here are a few gold nuggets:</p>
<ul>
<li><a href="https://mullvad.net/en/help/split-tunneling-with-the-mullvad-app/">Split tunneling</a> launches on Android and Linux (soon on Windows).</li>
<li>WireGuard becomes default for Linux, macOS, and iOS.</li>
<li>We automate WireGuard key rotation.</li>
<li>Create a new account and redeem vouchers directly in the app.</li>
<li>The app becomes compatible with TVs (using Android version).</li>
</ul>
<h2>From our Privacy Diaries</h2>
<p>We shared a few pages with you:</p>
<ul>
<li>The Swedish Covert Surveillance of Data Act <a href="https://mullvad.net/help/swedish-covert-surveillance-data-act/">ain’t April fooling us</a>.</li>
<li>This is why we chose to <a href="https://mullvad.net/blog/2020/7/18/faq-new-national-security-law-hong-kong/">keep our servers in Hong Kong</a>.</li>
<li>Is the EU Court <a href="https://mullvad.net/blog/2020/10/7/eu-court-last-bastion-privacy/">the last bastion for privacy</a>?</li>
<li>Apple apps on Big Sur <a href="https://mullvad.net/blog/2020/11/16/big-no-big-sur-mullvad-disallows-apple-apps-bypass-firewall/">aren’t allowed to bypass our firewall</a>.</li>
<li>Linux under WSL2 <a href="https://mullvad.net/blog/2020/9/30/linux-under-wsl2-can-be-leaking/">might be leaking</a>.</li>
<li>There’s a <a href="https://mullvad.net/blog/2020/3/4/dont-eat-forbidden-cookie/">worldwide cookie dilemma</a>.</li>
<li>We made positive <a href="https://mullvad.net/blog/2020/11/11/your-privacy-your-privacy-updated-policy/">updates to our Privacy policy</a>.</li>
</ul>
<h2>The traditional way isn’t dead!</h2>
<p>This summer we advertised on the trams and buses in our hometown of Gothenburg, Sweden. The outcome, you might ask? Job applications increased by several percentage points, local companies reached out wanting to collaborate with us, and we got our brand out there without pushing too hard. As they say: <a href="https://www.linkedin.com/feed/update/urn:li:activity:6722052177122123776/">if you are seen, you exist</a> (this link leads to LinkedIn).</p>
<h2>It’s like a lottery ticket…</h2>
<p>But with our scratch cards, your privacy wins! (#stayanonymous) They became available at two Swedish brick-and-mortar stores: <a href="https://mullvad.net/help/partnerships-and-resellers/">Inet and Webhallen</a>.</p>
<h2>Digital stalking</h2>
<p>Try something new, they said! Film would be fun, they said! We nodded enthusiastically and really enjoyed making <a href="https://www.youtube.com/watch?v=_t5uj_Djqc4">this video</a> (this link leads to YouTube).</p>
<h2>Supporting the community</h2>
<p>Reclaiming Privacy is impossible without our community. Totally impossible. This year we donated money and resources to a few causes:</p>
<ul>
<li>Qubes</li>
<li>The Tor Project</li>
<li>WireGuard</li>
<li>IFCAT</li>
<li>RustFest.</li>
</ul>
<h2>Digging the digits</h2>
<ul>
<li>Our server count has grown from 511 to 764.</li>
<li>WireGuard servers more than doubled, from 150 to 382.</li>
<li>Bridge servers increased from 24 to 38.</li>
<li>New languages appeared in the app Polish, Korean, and Thai.</li>
<li>Team Mullvad grew with six privacy-concerned individuals, and we have expanded our office!</li>
</ul>
<h2>Bring on 2021 — we’re ready!</h2>
<p>We are pumped for some projects to take flight in the New Year (rubs hands together excitedly). We’ve also been upgrading our merchandise and prepping for any happenings where we might get to meet you. Until then, don’t forget to tamperproof your computer and make the switch from a passworder to a passphraser.</p>
<p>For the universal right to privacy,<br />
Team Mullvad</p>
<p>"WireGuard" is a registered trademark of Jason A. Donenfeld.</p>Bring Mullvad VPN to your TV with new Android release (2020.8-beta1)2020-12-07T14:32:59+00:00https://www.mullvad.net/fr/blog/2020/12/7/bring-mullvad-vpn-your-tv-new-android-release-20208-beta1/<p>Bring Mullvad VPN to your TV with new Android release (2020.8-beta1)</p>
<h2>What’s new</h2>
<h3>Forget your account number</h3>
<p>On the login screen’s drop-down list of remembered account numbers, we’ve added a delete icon to the right of each number. Click on the icon to remove the account and its corresponding WireGuard key from history (not all of history, just on your device).</p>
<h3>Goodbye, quit button</h3>
<p>Most Android apps don’t have a quit button, and ours was causing issues for some, so we removed it.</p>
<p>If you want to fully quit the app (including background services), first disconnect the app and make sure it isn’t visible on your screen, then swipe away the Mullvad notification in your device’s notification bar.</p>
<h3>Use on your TV</h3>
<p>The Android app is now compatible with TVs! The app is now displayed upright rather than sideways. In addition, you can use the arrow keys on your TV remote to navigate in the app.</p>
<h3>Things we fixed</h3>
<ul>
<li>We fixed an issue where split tunneling was not being correctly configured after restarting the app.</li>
<li>We marked the VPN connection as not metered so that Android relies solely on the underlying network’s settings for how to handle data usage.</li>
<li>We hunted down and resolved a large assortment of exotic problems and edge-case bugs.</li>
</ul>
<h3>Download the app</h3>
<p>Choose your preferred platform:</p>
<ul>
<li><a href="https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn">Download Mullvad VPN on Google Play.</a></li>
<li><a href="https://f-droid.org/packages/net.mullvad.mullvadvpn/">Download Mullvad VPN on F-Droid.</a></li>
<li><a href="https://mullvad.net/download/app/apk/latest-beta/">Download the .apk file from our website.</a></li>
</ul>
<p>We've got an <a href="https://mullvad.net/help/install-mullvad-app-android/">Android set-up guide</a> if you need help with installation and usage.</p>
<p>We appreciate all feedback and problem reports that come in, so keep them coming! Knowing what you experience helps us to more quickly identify issues and gets us one step closer to that first stable release.</p>7 DEC (Monday) There will be a service window in Gothenburg2020-12-05T12:27:05+00:00https://www.mullvad.net/fr/blog/2020/12/5/7-dec-monday-there-will-be-service-window-gothenburg/<p>7 DEC (Monday) There will be a service window in Gothenburg to upgrade the Switches, this means all servers in Gothenburg will be unavailable between 08:00 and 14:00 CET.</p>Linux issues resolved in latest desktop release (2020.7)2020-11-19T13:13:40+00:00https://www.mullvad.net/fr/blog/2020/11/19/linux-issues-resolved-latest-desktop-release-20207/<p>The newest version of the Mullvad VPN app for desktop fixes a number of bugs experienced by Linux users.</p>
<h2>What’s new</h2>
<p>This release is also available for Windows and macOS but it only contains bug fixes for Linux.</p>
<h2>Download the app</h2>
<p><a href="https://mullvad.net/download">Download the Mullvad VPN app</a>. If needed, we've got <a href="https://mullvad.net/guides/category/mullvad-app/">help guides</a> for installation and usage.</p>
<p>Know of someone unable to access our website? Point them to <a href="http://xcln5hkbriyklr6n.onion/">Mullvad’s onion address on Tor</a> or to <a href="https://github.com/mullvad">Mullvad on GitHub</a>.</p>Big no on Big Sur: Mullvad disallows Apple apps to bypass firewall2020-11-16T17:13:18+00:00https://www.mullvad.net/fr/blog/2020/11/16/big-no-big-sur-mullvad-disallows-apple-apps-bypass-firewall/<p>Despite Apple’s changes to macOS with the release of Big Sur, we can confirm that the Mullvad app still performs as intended by not allowing Apple’s own apps to bypass our VPN firewall.</p>
<p>Starting in Big Sur, the latest version of macOS released 12 November 2020, Apple excludes its own apps from the content filter provider APIs. As a result, any network monitoring and security software using these APIs is unable to detect and block traffic from Apple apps.</p>
<p>Mullvad does not use content filter provider APIs to secure the device. Instead, we use the Packet Filter (PF) firewall which is built into macOS. This is a packet firewall, not an application firewall, which means that it does not exclude packets from any apps, including Apple's own apps.</p>
<p>In other words, our usage of the PF firewall does not allow Apple apps to leak when Mullvad VPN is blocking the Internet. We have verified this by observing the network traffic from outside of the Apple machine.</p>
<p>It’s worth noting that Big Sur and its predecessors are built to assume that they can talk to Apple at any time, but when we don’t allow it, a few unwanted side effects pop up. For example, the keyboard sometimes takes longer to wake up from sleep mode. Or, in certain situations, the Mullvad app takes longer to detect that the computer is online.</p>
<p>However, these issues can only be solved by choosing to leak traffic to Apple. We consider them a reasonable trade-off in order to achieve strict blocking rules.</p>Your privacy is your privacy - updated policy2020-11-11T05:03:24+00:00https://www.mullvad.net/fr/blog/2020/11/11/your-privacy-your-privacy-updated-policy/<p>Our long-term goal is to not store any PII (Personally Identifiable Information). For this purpose we recently made two changes in our Privacy Policy and our No-logging of user activity Policy.</p>
<p>Decisions are hard to make. They always involve trade-offs. In our quest to distinguish ourselves as the most privacy-focused VPN, we often weigh “privacy + ease-of-use” against “privacy + cool features”.</p>
<p>For example, for user login we choose to have anonymous numbered accounts (privacy friendly but no easy way to recover a lost account) instead of the typical email/password combo (not so privacy friendly but easy for recovery).</p>
<p><strong>Updates in two of our policies:</strong></p>
<ol>
<li>We no longer store e-mail addresses associated with PayPal payments AT ALL. As a consequence, if you forget your Mullvad account number, you’ll have to follow <a href="https://mullvad.net/account/#/recover/paypal">this guide</a>. There is no other way for us to help you recover your account number - because <strong>you have been deleted.</strong></li>
<li>For payments made with credit card, PayPal, and cash we use a temporary token to connect the payment with a Mullvad account. From now on, we will save an unused token for 120 days and a used token for 40 days. This means that we won’t be able to help you recover an account 40 days after the last payment. <strong>Your payment trace will have been deleted.</strong></li>
</ol>
<p>Our <a href="https://mullvad.net/help/privacy-policy/">Privacy policy</a> and <a href="https://mullvad.net/help/no-logging-data-policy/">No-logging of user activity policy</a> have been updated to reflect these changes.</p>
<p><em>For the universal right to privacy,</em><br />
Mullvad</p>Split tunneling launched on Linux (2020.6)2020-10-20T11:40:40+00:00https://www.mullvad.net/fr/blog/2020/10/20/split-tunneling-launched-linux/<p>In the newest version of the Mullvad VPN desktop app (2020.6), Linux users can now route programs outside of the VPN tunnel with our split tunneling feature.</p>
<h2>What’s new</h2>
<h3>Split tunneling for Linux</h3>
<p>The split tunneling feature (Settings → Advanced → Split tunneling) allows you to launch apps outside of the VPN tunnel while you are connected. This is particularly useful in situations where some apps and services require you to access them via your regular Internet connection. In essence, you are splitting your traffic and routing them down two separate paths.</p>
<p>In the <a href="https://mullvad.net/help/split-tunneling-with-the-mullvad-app/">Split tunneling menu</a>, click on a program to launch it. The program’s traffic will bypass the VPN tunnel until you close it.</p>
<p><img alt="" src="/media/uploads/2020/10/20/mullvad-vpn-split-tunneling_smaller_mpgjwAW.png" /></p>
<h3>Quick actions in new Linux context menu</h3>
<p>In Linux, we’ve added a context menu of quick actions for connecting and disconnecting. Simply click on the padlock icon in the menu bar to access it.</p>
<p><img alt="" src="/media/uploads/2020/10/20/mullvad-vpn-linux-context-menu.png" /></p>
<h3>A few WireGuard improvements</h3>
<p>If the app is connected during the WireGuard® key’s weekly automatic rotation, it will reconnect instantly with the new key for you.</p>
<p>(Linux) We’ve added support for WireGuard via the Linux kernel module if it’s loaded.</p>
<p>(Windows) We fixed an issue that prevented WireGuard from connecting if a user had IPv6 disabled.</p>
<h3><br />
Minor but mentionable</h3>
<p>For CLI users, <strong>mullvad relay list</strong> and <strong>mullvad bridge list</strong> now include hosting provider information.</p>
<p>In order to prevent potential temporary traffic leaks during an app upgrade, the firewall is no longer reset after the upgrade has completed.</p>
<p>We improved error messages relating to firewall issues.</p>
<p>During the uninstall process, the app is now better at cleaning up after itself (just as mother would want).</p>
<p>We fixed a variety of bugs.</p>
<h3><br />
Download the app</h3>
<p><a href="https://mullvad.net/download">Download the Mullvad VPN app</a>. If needed, we've got <a href="https://mullvad.net/guides/category/mullvad-app/">help guides</a> for installation and usage.</p>
<p>Know of someone unable to access our website? Point them to <a href="http://xcln5hkbriyklr6n.onion/">Mullvad’s onion address on Tor</a> or to <a href="https://github.com/mullvad">Mullvad on GitHub.</a></p>
<p>--"WireGuard" is a registered trademark of Jason A. Donenfeld.</p>EU Court - the last bastion for privacy?2020-10-07T08:57:07+00:00https://www.mullvad.net/fr/blog/2020/10/7/eu-court-last-bastion-privacy/<p><strong>The Court of Justice of the European Union has announced that Sweden’s existing and proposed law, the Electronic Communications Act, is too general and lacks safeguards for implementation.</strong></p>
<p>In a <a href="https://curia.europa.eu/jcms/upload/docs/application/pdf/2020-10/cp200123en.pdf" target="_blank">press release</a> dated October 6, 2020, the Court of Justice of the European Union delivered a slap in the face to <a href="https://mullvad.net/help/new-law-for-electronic-communications/" target="_blank">Sweden's law for electronic communications (LEK)</a> and its <a href="https://mullvad.net/help/swedish-covert-surveillance-data-act/" target="_blank">Covert Surveillance of Data Act</a>, as well as similar implementations in other EU countries.</p>
<h2>The court’s conclusion in short</h2>
<ol>
<li>General and indiscriminate retention of traffic data and location data is not allowed.</li>
<li>Even if a serious threat to national security exists and it proves to be genuine and present or foreseeable, an order to collect data for a limited period of time deemed strictly necessary <strong>must be reviewed either by a court or by an independent administrative body.</strong></li>
<li><strong>Internet Service Providers can only retain IP addresses for a limited period of time</strong> that is deemed strictly necessary. Legislative measures regarding general and indiscriminate retention of IP addresses assigned to the source of a communication are not allowed.</li>
<li><strong>Violating any of the above</strong> invalidates any evidence or information that has been gathered and bans it from being used in court.</li>
</ol>
<p>The laws, which lack safeguards to ensure that they are implemented and executed correctly, must be rewritten.</p>
<p>We will keep an eye out for how affected member states adhere to this.</p>
<p><em>For the universal right to privacy,<br />
Mullvad VPN</em></p>Linux under WSL2 can be leaking2020-09-30T08:50:04+00:00https://www.mullvad.net/fr/blog/2020/9/30/linux-under-wsl2-can-be-leaking/<p><strong>We have found that you could be leaking your Internet traffic when running Linux under WSL2 (Windows Subsystem for Linux 2).</strong></p>
<p>Our investigation has shown that these leaks also occur on other VPN software, and even though we do not have a solution to present for now, we feel the need to address the problem. As you read this we are working on a solution to this problem.</p>
<p>Recently, we got a report that said there were leaks from Linux under WSL2. Our investigations concluded that traffic from the Linux guest bypasses all normal layers of WFP (the firewall on the Windows host) and goes directly out onto the network. As such, all the blocking the app does in the firewall is ignored.</p>
<p>Network traffic from the Linux guest always goes out the default route of the host machine without being inspected by the normal layers of WFP. This means that if there is a VPN tunnel up and running, the Linux guest’s traffic will be sent via the VPN with no leaks! However, if there is no active VPN tunnel, as is the case when the app is disconnected, connecting, reconnecting, or blocking (after an error occurred) then the Linux guest’s traffic will leak out on the regular network, even if “Always require VPN” is enabled.</p>
<h2>How it leaks</h2>
<p>WSL2 uses Hyper-V virtual networking and therein lies the problem. The Hyper-V Virtual Ethernet Adapter passes traffic to and from guests without letting the host’s firewall inspect the packets in the same way normal packets are inspected. The forwarded (NATed) packets are seen in the lower layers of WFP (OSI layer 2) as Ethernet frames only. This type of leak can happen to any guest running under Windows Sandbox or Docker as well if they are configured to use Hyper-V for networking.</p>
<h2>Other VPN software</h2>
<p>We have tested a few other VPN clients from competitors and found that all of them leak in the same way. Therefore, this is not a problem with Mullvad VPN specifically, but rather an industry-wide issue that no-one, or very few, have addressed yet. The way Microsoft has implemented virtual networking for Linux guests makes it very difficult to properly secure them.</p>
<h2>Beware</h2>
<p>We are currently investigating if and how we can block unwanted traffic on the Hyper-V virtual switches. We will present more information about the issue when we have any. In the meantime, know that if you use Linux under WSL2, or any other guests/containers under Hyper-V networking, <strong>the guest’s traffic might leak during the connect and reconnect phases as well as all states where there is no tunnel up and running.</strong></p>
<h2>The history of the issue</h2>
<p>This was first reported to us by a tip on August 12, 2020. In the first iteration, this was handled by our Support Team only but they were not able to reproduce the leak due to an unfortunate combination of software being installed on the testing machines at the time. So, the issue was never forwarded to developers. Then, it was reported to us again on September 17, 2020, by the same tipster, and passed on to developers right away who were able to verify that this was an issue we should take seriously. We are now working on a solution.</p>
<p>To be continued,<br />
Mullvad VPN</p>Mullvad VPN, also available for iOS 122020-09-11T08:55:17+00:00https://www.mullvad.net/fr/blog/2020/9/11/mullvad-vpn-also-available-ios-12/<p>A number of iPhone users reached out and asked if we could make our VPN app compatible with iOS 12. In this iOS release (2020.4) of Mullvad VPN, we’ve done just that.</p>
<h2>What’s new</h2>
<p>The Mullvad VPN app now <strong>supports iOS 12</strong>.</p>
<p>When connected, you’ll see the new <strong>quick reconnect button</strong> (the ↻ symbol). Tap this button and the app will reconnect to a server in your chosen location.</p>
<p>The app detects when you’re offline and turns off the WireGuard® backend. This saves you some <strong>battery</strong> juice!</p>
<p>When you visit Settings > Account, we’ve made sure that your <strong>account expiration date</strong> is always up to date.</p>
<p>To prevent your account from unnecessarily reaching the maximum number <strong>WireGuard keys</strong>, the key on your device is removed when you log out.</p>
<p>And of course we eliminated some <strong>pesky bugs</strong>.</p>
<h2>Download the app</h2>
<p>Download <a href="https://apps.apple.com/app/mullvad-vpn/id1488466513">Mullvad VPN on the App Store</a>. We've got a <a href="https://mullvad.net/help/using-mullvad-app-on-ios/">user guide</a> if you need help with installation and usage.</p>
<p> </p>
<p>"WireGuard" is a registered trademark of Jason A. Donenfeld.</p>New Android beta with bug fixes (2020.6-beta2)2020-08-28T16:28:06+00:00https://www.mullvad.net/fr/blog/2020/8/28/new-android-beta-bug-fixes-20206-beta2/<p>About a week ago we released version <a href="https://mullvad.net/blog/2020/8/21/new-android-beta-split-tunneling-20206-beta1/">2020.6-beta1</a> of the app with some great new features.<br />
Sadly we also introduced some bugs. Most notably, the app would just crash and not work at all on some devices. It also consumed more battery than the previous releases. We have now fixed all of these known issues, and today we released version<a href="https://mullvad.net/download/#android"> 2020.6-beta2.</a></p>New Android beta with split tunneling (2020.6-beta1)2020-08-21T12:50:06+00:00https://www.mullvad.net/fr/blog/2020/8/21/new-android-beta-split-tunneling-20206-beta1/<p>You requested it, we added it. Here are the latest features in the Android version of the Mullvad VPN app.</p>
<h2>What’s new in this version</h2>
<p><strong>Split tunneling!</strong> You can now make selected apps go outside the VPN tunnel. This can be very useful for situations where some apps and services require you to access them from your own location/internet connection.</p>
<p><img alt="" src="/media/uploads/2020/08/21/split-tunneling-screenshot.png" /></p>
<p>Just go to Settings → Advanced → Split tunneling. By default (red state) an app goes inside the VPN tunnel. But flip the setting to green and voila: That app now uses your internet connection without going though the Mullvad VPN tunnel.</p>
<p>We have also <strong>localized</strong> the app. So if your Android device is set to a language that we support, the app should automatically be shown in that language.<br />
</p>
<h2>Download the app</h2>
<p><a href="https://mullvad.net/download/#android">Download</a> the Mullvad VPN beta app for Android. We've got an <a href="https://mullvad.net/help/install-mullvad-app-android/">Android set-up guide</a> if you need help with installation and usage.</p>
<p>We appreciate all feedback and problem reports that come in, so keep them coming! Knowing what you experience helps us to more quickly identify issues and gets us one step closer to that first stable release.</p>
<p> </p>
<p> </p>Check out our new connection check!2020-08-20T08:49:39+00:00https://www.mullvad.net/fr/blog/2020/8/20/check-out-our-new-connection-check/<p>The connection check and leak detection page, previously at <a href="https://am.i.mullvad.net" target="_blank">am.i.mullvad.net</a>, has been moved to <a href="https://mullvad.net/check">mullvad.net/check</a>. A bunch of problems have been fixed, it has a fresh new look, and it's a lot faster!</p>
<p><img alt="New connection check page" src="/media/uploads/2020/08/20/new_connection_check.png" /></p>
<h3>But what about the API?</h3>
<p>Don't worry! <a href="https://am.i.mullvad.net" target="_blank">am.i.mullvad.net</a> will continue to exist to serve the API endpoints such as <a href="https://am.i.mullvad.net/json" target="_blank">am.i.mullvad.net/json</a>. Only the web front-end has been moved.</p>FAQ: New national security law - Hong Kong2020-07-18T05:53:09+00:00https://www.mullvad.net/fr/blog/2020/7/18/faq-new-national-security-law-hong-kong/<p>We frequently get questions about HK and its new security law.<br />
The most common question is “Why haven’t you already pulled out of HK altogether?”, but some customers emphasize the need of servers in HK and voice their concern that we might withdraw.</p>
<p>Our VPN service, as well as our relays and bridges, can be used for many reasons and in many different ways. However, if you have privacy concerns, it might be good to choose a server location in a jurisdiction YOU prefer. Also consider using Multihop. Deciding on a location could be based on jurisdiction, network quality, blocking and throttling, and many other factors.</p>
<p>For instance, you can use our bridge service with Singapore as an entry location and the U.S. as an exit location if that’s a combination that fits your needs. Alternatively, you can use the Multihop function in WireGuard. The traffic will be encrypted from your computer to the exit server, and the bridge or WG server in the middle will just route traffic to the exit node without being able to decrypt it. Depending on your threat model, using two locations with different jurisdictions might be beneficial.</p>
<h3>Different Multihop options</h3>
<p>You -> Bridge -> OpenVPN<br />
You -> WG server entry -> WG server exit<br />
You -> WG server entry -> SOCKS5 proxy on another WG server as an exit point</p>
<p>Any of the above in combination with another VPN service or the TOR network is also an option.</p>
<p>Due to SOCKS5 not being encrypted, we don’t recommend using the You -> WG -> SOCKS5 setup if the WG server is deemed to be in an non-preferred country. (Though SOCKS5 traffic is sent via a WireGuard tunnel between the WireGuard servers.)</p>
<p>Completely removing all servers from a given location will block all the above options for that location. We let the client choose what locations to use and not to use.</p>
<p><strong>Conclusion</strong>: If you are in a l­­ocation and are expressing opinions against that location’s regime, you should most likely not use any VPN server location accessible to that regime. We will keep our servers in HK.</p>
<p>We will continue monitoring the situation, and our decision might change over time</p>
<h3>Read more</h3>
<ol>
<li><a href="https://mullvad.net/help/multihop-wireguard/">Multihop with WireGuard</a></li>
<li><a href="https://mullvad.net/help/different-entryexit-node-using-wireguard-and-socks5-proxy/">Different entry/exit node using WireGuard and SOCKS5 proxy </a></li>
<li><a href="https://mullvad.net/help/how-use-bridge-mode/">How to use Bridge mode (in the app) </a></li>
<li><a href="https://mullvad.net/help/swedish-legislation/">Swedish legislation relevant to us as a VPN provider </a></li>
<li><a href="https://mullvad.net/blog/2019/10/18/5-9-or-14-eyes-your-vpn-actually-safe/">5, 9, or 14 Eyes: Is your VPN actually safe? </a></li>
</ol>
<p> </p>Automatic WireGuard key rotation broken in app version 2020.52020-07-14T13:00:26+00:00https://www.mullvad.net/fr/blog/2020/7/14/automatic-wireguard-key-rotation-broken-app-version-20205/<p>We recently discovered that the automatic WireGuard key rotation is broken in the latest app release, version 2020.5. This affects all desktop operating systems and Android, but not iOS.</p>
<p>This does not compromise the security of your tunnels in any way. It just means you will not get a new tunnel IP every seven days. The reason the automatic key rotation exist is to make it somewhat harder to track and fingerprint a single user, by figuring out their tunnel IP, which is bound to the WireGuard key.</p>
<p>The WireGuard key, and tunnel IP, can still be rotated manually by going into Settings → Advanced → WireGuard key and clicking on “Regenerate key”.</p>New stable release (2020.5)2020-06-25T15:24:14+00:00https://www.mullvad.net/fr/blog/2020/6/25/new-stable-release-20205/<h2>Upgrade your desktop app for latest security updates</h2>
<p>The latest Mullvad VPN stable release (2020.5) for Windows, macOS, and Linux addresses findings from our latest external security audit and includes a number of other new items.</p>
<h3>Looking for the audit?</h3>
<p>We’ve written a <a href="/blog/2020/6/25/results-available-audit-mullvad-app/">separate blog post about the audit</a> and its findings. You can also access the final report there.</p>
<h3>What’s new in this version</h3>
<h4>Additions and changes</h4>
<ul>
<li>Renamed the "Block when disconnected" setting to "Always require VPN" and added text explaining the difference between this setting and the built-in kill switch.</li>
<li>Korean, Polish, and Thai have been added to the list of languages in the app.</li>
<li>(macOS) The app now connects faster after the computer wakes from sleep mode.</li>
<li>Installing a beta version automatically enables the Beta program option under Settings.</li>
<li>CLI commands for server selection (country and city codes and server hostnames) are no longer case sensitive.</li>
<li>Changed firewall rules to make local apps more responsive.</li>
<li>Added a new Let's Encrypt root certificate.</li>
<li>Upgraded to latest versions of OpenVPN and OpenSSL.</li>
<li>Upgraded to the latest version of shadowsocks-rust.</li>
</ul>
<h4>Fixes</h4>
<ul>
<li>(macOS, Linux) When the tunnel protocol is set to Automatic, the location list now also shows WireGuard servers instead of only OpenVPN servers.</li>
<li>(macOS, Linux) The app now has enough time to create a WireGuard key on first login rather than falling back to an OpenVPN connection.</li>
<li>(Windows) Fixed various bugs.</li>
<li>(Windows) Upgraded a dependency to prevent system service from crashing.</li>
</ul>
<h4>Security</h4>
<p>The following improvements address issues found in the recent independent security audit of the Mullvad VPN app. Please read our <a href="/blog/2020/6/25/results-available-audit-mullvad-app/">dedicated blog post about the audit</a> for detailed information on these issues.</p>
<ul>
<li>Fixed possible deanonymization attack by tightening the firewall rules that were allowing traffic to the relay server over the physical network interface. This fix addresses audit finding MUL-02-002.</li>
<li>(Windows) Fixed possible deanonymization attack by tightening the firewall rule allowing traffic on port 53 to the relay server IP on the physical interfaces if the VPN tunnel is established on port 53 to only allow UDP. This fix addresses audit finding MUL-02-004.</li>
<li>Made changes to always deny access to the system service from the local area network. This fix addresses audit finding MUL-02-007.</li>
</ul>
<h3>Download the app</h3>
<p><a href="/download">Download the Mullvad VPN app.</a> We've got set-up guides if you need help with installation and usage.</p>
<p>Know of someone unable to access our website? Point them to Mullvad's onion address on Tor or Mullvad's GitHub page.</p>Results available from audit of Mullvad app2020-06-25T15:15:13+00:00https://www.mullvad.net/fr/blog/2020/6/25/results-available-audit-mullvad-app/<p>We invite you to read the final report of the independent security audit performed on the Mullvad VPN app.</p>
<p>As stated in the report, “The results of this May-June 2020 project targeting the Mullvad [app] are quite positive.” The audit was performed on the five supported platform versions of the app: desktop version 2020.4, Android version 2020.5-beta1, and the iOS test flight version of 2020.3.</p>
<p>The auditors “could only spot seven security-relevant items. Moreover, penetration tests and audits against application branches of Mullvad exclusively pointed to issues with limited severities, as demonstrated by the most impactful flaw scoring as Medium only.”</p>
<p>Six testers from <a href="https://cure53.de/">Cure53</a> performed the audit over the course of 20 days.</p>
<h2>Read the report</h2>
<p>The <a href="https://cure53.de/pentest-report_mullvad_2020_v2.pdf">final audit report</a> is available on Cure53's website.</p>
<p>For full transparency, the <a href="https://cure53.de/pentest-report_mullvad_2020_v1.pdf">initial report</a> is also public. This is the version that was initially presented to us. After a discussion with the auditors about the use of certain terminology and requesting that they specify which app versions had been audited, they adjusted the report and produced the final version.</p>
<p>An independent audit helps us to discover potential security vulnerabilities and fix them, all resulting in an even better service for our users. It also gives you the opportunity to judge whether or not we are technically competent enough to provide a service in which security is paramount.</p>
<h2>Upgrade your app</h2>
<p>Based on the auditors' findings, we’ve prioritized our improvements accordingly and released new versions for all platforms:</p>
<ul>
<li><strong>Windows, macOS, and Linux:</strong> 2020.5</li>
<li><strong>Android:</strong> 2020.5-beta2</li>
<li><strong>iOS:</strong> 2020.3.</li>
</ul>
<p><a href="/download">Download Mullvad VPN</a> to get the latest version.</p>
<h2>Overview of findings</h2>
<p>Of the seven issues found, two were classified by the auditors as “Medium”, two as “Low”, and the remaining three as “Info”. The auditors did not find anything that they would classify as dangerous or critical, and according to the report, “Mullvad does a great job protecting the end-user from common PII [personally identifiable information] leaks and privacy related risks.”</p>
<p>We fixed five of the seven issues and merged them before the final report was finished and sent to us. The remaining two are items that we do not deem as serious problems nor are they a threat to us or our users. Furthermore, we have no way of patching those two as they are out of our control.</p>
<h3>Identified vulnerabilities</h3>
<h4>MUL-02-002 WP2: Firewall allows deanonymization by eavesdropper (Medium)</h4>
<p>Our comment: Fixed in desktop version 2020.5. This is a legitimate and fully possible deanonymization attack. However, as it is not trivial to execute, Cure53 classifies it as Medium only. This vulnerability is not an issue for any normal user. But as outlined in the report’s conclusion, a "state-funded and persistent threat" could very well use it to identify users.</p>
<p>Since anonymity for our users, including those with high threat models, is paramount for us, we regard this finding as a rather serious one. But not critical enough to justify rushing out a stable release.</p>
<h4>MUL-02-006 WP1: Blind HTML Injection via Problem Report (Low)</h4>
<p>Our comment: This finding does not put any user or the service itself at risk. The problem reports are handled as plaintext and not HTML, all the way from the app to the support team. The pingback observed in the report comes from Google's Gmail servers which simply seem to query any URL they can parse in email bodies passing through their servers.</p>
<p>As such, we do not agree with the classification as an HTML injection issue. There is likely no way for us to disable this, and even if it was exploitable, it would be Google that would be compromised and not Mullvad.</p>
<h4>MUL-02-007 WP2: Named Pipe exposed via SMB accessible to everyone (Medium)</h4>
<p>Our comment: Fixed in desktop version 2020.5. This vulnerability allows for controlling Mullvad VPN on a Windows machine from the network. However, it requires the user to both enable "Local network sharing" in the app and disable Windows' "password protected sharing", neither of which is done by default.</p>
<p>We do not see this as a large security flaw since the user must explicitly turn off important security settings for this to be exploitable to begin with. However, since the VPN is only supposed to be possible to control from the local computer and since the report presents an easy fix for the issue, we have addressed this.</p>
<h3>Miscellaneous issues</h3>
<h4>MUL-02-001 iOS: Lack of filesystem protections (Info)</h4>
<p>Our comment: Fixed in iOS version 2020.3. The app does not in any way need the cache file that was found. Since the exposed data is not very sensitive and getting the data out of the device is far from trivial, we agree with the auditors that this not a serious leak.</p>
<h4>MUL-02-003 WP1: General hardening recommendations for Android app (Info)</h4>
<p>Our comment: Fixed in Android version 2020.5-beta2. These are good recommendations from Cure53 and we have implemented them in order to better practice defense-in-depth.</p>
<h4>MUL-02-004 WP2: Firewall allows TCP connections to WireGuard® gateway (Low)</h4>
<p>Our comment: Fixed in desktop version 2020.5. This vulnerability is very similar to MUL-02-002 but is less dangerous since no custom token can be sent out, making it harder to identify a specific user.</p>
<h4>MUL-02-005 WP1: VpnService logs static internal IPs to Android’s syslog (Info)</h4>
<p>Our comment: Leaking the private tunnel IP in use is considered bad but not critical. We agree with the classification level of “Info” on this security finding since the attacker needs either adb access or the phone to be rooted. The logging of the IP is done by the Android operating system as soon as any VPN app uses the system's VPN API, and as far as we can tell, there is no way to disable this nor for us to fix this potential information leak. All Android VPN apps are subject to the same type of leak.</p>
<h2>Last words</h2>
<p>This audit overview is also available in our <a href="https://github.com/mullvad/mullvadvpn-app/blob/master/audits/2020-06-12-cure53.md">open-source repository on GitHub</a>. In that version we attach the audit findings with their respective source code implementations.</p>
<p>Finally, we wish to thank Cure53 not only for their work but also for a smooth collaboration through the entire process!</p>
<p>"WireGuard" is a registered trademark of Jason A. Donenfeld.</p>
<p> </p>Mullvad VPN Android app available on F-Droid!2020-06-23T05:12:37+00:00https://www.mullvad.net/fr/blog/2020/6/23/mullvad-vpn-android-app-available-f-droid/<p>Our Android app is now available through yet another distribution channel: F-Droid.</p>
<p>It was the plan all along to offer the Android app via three different distribution channels. It was first made available on our website as a standalone installer APK in version <a href="https://mullvad.net/blog/2019/9/20/new-desktop-and-android-beta/">2019.8-beta1 on 2019-09-19</a>. It was then made available on Google Play in version <a href="https://mullvad.net/blog/2020/4/7/get-mullvad-vpn-google-play/">2020.4-beta1 on 2020-03-31</a>. And now, finally! Catering more to the Open Source community, we are available via F-Droid with the recent <a href="https://mullvad.net/blog/2020/6/17/new-android-release-20205-beta2-integrates-audit-recommendations/">2020.5-beta2 release.</a></p>
<p><a href="https://f-droid.org/packages/net.mullvad.mullvadvpn/"><img alt="" src="/media/uploads/2020/06/23/f-droid-get-it-on-en.png" /></a></p>
<p>The app is still classified as a beta due to stability issues on some devices and versions of Android. But it gets better with every release, and we are pretty close to making a stable release now.</p>Once in Paris (and Zürich)2020-06-23T03:53:12+00:00https://www.mullvad.net/fr/blog/2020/6/23/once-paris-and-zurich/<p><strong>It’s not exactly news that our servers with 10GbE network cards are now up and running in both Paris and Zürich. For months you’ve been able to test them out.<br />
Meanwhile, we've been testing and improving network connectivity to the point that they’re so optimized that we can announce their existence.</strong></p>
<p>With three different server set-ups (OpenVPN, WireGuard® and Bridges), we’ve seen an exponential increase from December last year (511 servers in total, read here under “<a href="https://mullvad.net/blog/2019/12/17/decade-mullvad-another-come/">Numbers are for lovers”</a>) to today (661 servers in total, find fresher numbers <a href="https://mullvad.net/servers/#/wireguard">here</a>).</p>
<h2>Security and privacy at the forefront</h2>
<p>We never know who’s watching that’s why we, step by step, install our own servers around Europe (Helsinki, Stockholm, Oslo, Gothenburg, Copenhagen, Malmö, Amsterdam, London, Paris, Zürich and Frankfurt), many of them with 10GbE network cards to reduce potential bottlenecks. Multiple systems equal a strong defense. Layers and multiple tunnels are today’s answer. Our dream is a public Internet where privacy and security are respected, until then: we keep securing our connections with OpenVPN, WireGuard and Bridges.</p>
<p><br />
<em>For the universal right to privacy,<br />
Mullvad</em></p>
<p> </p>Transparency about minor security vulnerability patched in 2020.42020-06-22T10:45:26+00:00https://www.mullvad.net/fr/blog/2020/6/22/transparency-about-minor-security-vulnerability-patched-20204/<p>A while back we were notified by an external person about a potential privilege escalation attack towards the Windows version of our app. The attack works against 2020.3 and older versions of the app.<br />
By the time this blog post is published, the majority of our users have already upgraded to 2020.4 and are thereby already protected. Furthermore, the threat is only relevant if you have a Windows user account named <strong>build</strong> and you do not want the people that are controlling said account from being able to become administrators on the machine. <strong>In summary: This is very likely not an issue for you!</strong></p>
<p>At the time when we were notified of this vulnerability we were already working on an unrelated code change that would make the attack impossible. This together with the fact that exploiting the vulnerability require a very unusual setup, we classified it as unlikely and not critical. We continued with our unrelated code change and released version 2020.4 where the attack was no longer possible, and without announcing there was a known vulnerability.</p>
<p>In hindsight we realize it was clearly against our own transparency culture to not communicate this known vulnerability to our users, even if it was not likely to affect anyone. We are sorry about that and want to set the record straight now. And to be very clear, we do not think any of our users has come to harm or has had the setup needed for the attack to ever be possible or relevant.</p>
<p>The privilege escalation attack is based on our <strong>mullvad-daemon.exe</strong> system service running with <strong>SYSTEM</strong> privileges trying to load an OpenSSL config file from <strong>C:\Users\build\mullvadvpn-app\dist-assets\binaries\msvc-openssl\openssl.cnf.</strong> If this file existed it would load and use it. This file could then contain instructions that made the process load and execute a malicious DLL-file as the <strong>SYSTEM</strong> user. This could compromise the entire system.</p>
<p>The reason why we did not classify this as a critical vulnerability is that the attacker would need to be able to write to <strong>C:\Users\build\mullvadvpn-app\dist-assets\binaries\msvc-openssl\openssl.cnf</strong> to carry out the attack. The only realistic way this could happen is if the attacker were in control of a user account named <strong>build</strong>. Having a user with this name is of course fully possible, but we do not think it is very common. The most likely place where this would exist would be on some build server, and on such a server it is probably not very common to run a VPN client. Also, most people having access to a build server are likely already admin users, meaning a privilege escalation is pointless.</p>
<p>The unrelated change in the app that made the attack impossible in 2020.4 is that we got rid of OpenSSL completely and replaced it with rustls. As a result, the code loading the OpenSSL configuration file is no longer present in our VPN client.</p>New Android release (2020.5-beta2) integrates audit recommendations2020-06-17T13:30:55+00:00https://www.mullvad.net/fr/blog/2020/6/17/new-android-release-20205-beta2-integrates-audit-recommendations/<p>Among the improvements in the latest beta version of the Mullvad VPN app for Android are two suggestions for improvement from a recent external audit.</p>
<h2>Android app leaves “good impression”</h2>
<p>The auditors reported that the Android “application makes a really good impression. No serious issues were spotted and the attack surface is kept very small in this case.” Read <a href="https://mullvad.net/blog/2020/6/17/mullvad-vpn-assessed-external-security-audit-new-beta-version-20205-beta2-available/">about the audit</a> and when to expect the final report to go public.</p>
<h2>What’s new in this version</h2>
<ul>
<li>In the Settings menu, the amount of time left on an account is now shown in days if less than three months remain.</li>
<li>In split-screen and pop-up modes, the app is now fully scrollable.</li>
<li>Fixed various small bugs.</li>
</ul>
<h3>Security fixes</h3>
<ul>
<li>Disable the ability to take screenshots or screen recordings of app views that show potentially sensitive data (such as account number). This fix addresses audit finding MUL-02-003.</li>
<li>Ignore touch events when another view is shown on top of the app in order to prevent tapjacking attacks. This fix addresses audit finding MUL-02-003.</li>
<li>Disable the ability to disconnect or connect the app from a locked screen.</li>
</ul>
<h2>Download the app</h2>
<p>Download <a href="https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn">Mullvad VPN on Google Play</a>.</p>
<p><a href="https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn"><img alt="" src="/media/uploads/2020/05/04/googleplay.png" /></a></p>
<p>We've got an <a href="https://mullvad.net/help/install-mullvad-app-android/">Android set-up guide</a> if you need help with installation and usage.</p>
<p>We appreciate all feedback and problem reports that come in, so keep them coming! Knowing what you experience helps us to more quickly identify issues and gets us one step closer to that first stable release.</p>Mullvad VPN assessed in external security audit new beta version (2020.5-beta2) available2020-06-17T10:08:23+00:00https://www.mullvad.net/fr/blog/2020/6/17/mullvad-vpn-assessed-external-security-audit-new-beta-version-20205-beta2-available/<p>An independent security audit of the Mullvad VPN app was recently completed. Based on the auditors' findings, we’ve prioritized our improvements accordingly and released a new beta version for desktop and Android.</p>
<p>Here are the new beta versions:</p>
<ul>
<li><strong>Windows, macOS, Linux</strong>: 2020.5-beta2 which you can <a href="https://mullvad.net/download/">download on our website</a> or wait until we release the next stable version, which we always recommend that you have.</li>
<li><strong>Android</strong>: 2020.5-beta2, to be released shortly.</li>
</ul>
<p>During the assessment, auditors from <a href="https://cure53.de/">Cure53</a> found nothing that they define as critical and were “unable to compromise the [app].”</p>
<h3>Why you should care about VPN audits</h3>
<p>An independent audit helps us to discover potential security vulnerabilities and fix them, all resulting in an even better service for our users. It also gives you the opportunity to judge whether or not we are technically competent enough to provide a service in which security is paramount.</p>
<h3>Final audit report coming soon</h3>
<p>We will publish a link to the audit report and an overview of the findings when it becomes available on Cure53’s website.</p>Automatic key rotation in new iOS version (2020.3)2020-06-12T17:43:33+00:00https://www.mullvad.net/fr/blog/2020/6/12/automatic-key-rotation-new-ios-version-20203/<p>iOS users of the Mullvad VPN app now have automatic WireGuard® key rotation in the latest release.</p>
<h2>What’s new in this version</h2>
<ul>
<li>WireGuard keys are now automatically rotated, or replaced with new ones, every 4 days. This gives the device a new IP which helps improve anonymization and limit tracking.</li>
<li>IPv6 is now supported.</li>
<li>Dates are now displayed in a more readable format.</li>
<li>We disabled the `URLSession` cache. Doing so prevents someone with physical access to a jailbroken device from leaking minor data files.</li>
</ul>
<h2>Download the app</h2>
<p>Download <a href="https://apps.apple.com/app/mullvad-vpn/id1488466513">Mullvad VPN on the App Store</a>. We've got a <a href="https://mullvad.net/help/using-mullvad-app-on-ios/">user guide</a> if you need help with installation and usage.</p>Connection issues mostly resolved2020-06-10T10:51:18+00:00https://www.mullvad.net/fr/blog/2020/6/10/connection-issues-mostly-resolved/<p>The problems that prevented many of our users from connecting to the OpenVPN servers over the past weeks have largely been fixed. If you’ve taken a break from Mullvad VPN, give it a try now!</p>
<p>We are still working to implement a long-term solution to the connectivity issue that we <a href="https://mullvad.net/blog/2020/5/12/problem-openvpn-potentially-affecting-connectivity-users/">initially reported about on 12 May</a>, but users should no longer experience extended periods of downtime.</p>
<p>If you’re a Windows user and still have trouble reaching the internet, then try using WireGuard instead of OpenVPN: Click on the <strong>gear icon > Advanced</strong>. Under T<strong>unnel protocol</strong>, select <strong>WireGuard</strong>®.</p>
<p>Thank you for your patience, and as always, we appreciate any problem reports that help us to improve your experience.</p>Mullvad VPN sponsors The Tor Project2020-05-27T08:56:18+00:00https://www.mullvad.net/fr/blog/2020/5/27/mullvad-vpn-sponsors-tor-project/<p>To support the ongoing, critical work in defending online privacy, we have made a donation to The Tor Project.</p>
<p>The Tor community has had a significant impact on the way Mullvad thinks about privacy, security, and censorship circumvention.</p>
<p>The Tor Project is a nonprofit that believes everyone should be able to explore the internet with privacy. <a href="https://donate.torproject.org/">Support Tor with a donation</a>, or consider becoming a <a href="https://www.torproject.org/about/sponsors/">sponsor</a>.</p>No change for VPNs in proposed new LEK2020-05-22T06:46:32+00:00https://www.mullvad.net/fr/blog/2020/5/22/no-change-vpns-proposed-new-lek/<p>The Swedish government will be updating its Electronic Communications Act (LEK) by the end of 2020. Just like the current version, the new one will not apply to VPN services.</p>
<p>While the new act will implement the European Electronic Communications Code (EECC), it will essentially contain the same provisions as the current version. With the help of our legal experts, we have therefore concluded that it will not apply to us.</p>
<p>The proposal for the new LEK is still under governmental review and not set to go into effect until 22 December 2020. Until then, we are monitoring its development. A <a href="https://mullvad.net/help/new-law-for-electronic-communications/">full analysis of the proposed new LEK</a> (also <a href="https://mullvad.net/help/forslag-till-ny-lag-for-elektronisk-kommunikation/">in Swedish</a>) is available on our website.</p>
<p><strong>Related</strong>: <a href="https://mullvad.net/help/swedish-legislation/">Swedish legislation relevant to Mullvad VPN</a></p>New Android beta (2020.5-beta1) reduces crashes2020-05-18T14:16:02+00:00https://www.mullvad.net/fr/blog/2020/5/18/new-android-beta-20205-beta1-reduces-crashes/<p>Using Mullvad VPN for Android? Update to the latest beta version for a more stable experience.</p>
<h3>What’s new in this version</h3>
<h3>Fewer crashes</h3>
<p>We fixed a number of crashes that users have been experiencing.</p>
<h3>Create new account in the app</h3>
<p>Need a new account number? You can now create one directly in the app. On the login screen, click <strong>Create account</strong> and a number will automatically be generated.</p>
<p><img alt="" src="/media/uploads/2020/05/18/android_create_account.png" /></p>
<h3>Know when you’re out of time</h3>
<p>When your account has no more VPN time, the app will clearly let you know with the new <strong>Out of time</strong> screen. From here you can buy more credit on our website or redeem a voucher directly in the app.</p>
<p><img alt="" src="/media/uploads/2020/05/18/andorid_out_of_time.jpg" /></p>
<h3>Redeem voucher in the app</h3>
<p>Now you can redeem a voucher or activation code in the app. The <strong>Redeem voucher </strong>button is available once you’ve created a new account and when you run out of time.</p>
<p><img alt="" src="/media/uploads/2020/05/18/android_redeem_voucher.jpg" /></p>
<h2>Other changes</h2>
<ul>
<li>To prevent WireGuard keys from being removed when the system cache is cleared, we changed the location of where account details are stored on the device.</li>
</ul>
<h3>Download the app</h3>
<p>Download <a href="https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn">Mullvad VPN on Google Play.</a></p>
<p><a href="https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn"><img alt="" src="/media/uploads/2020/05/18/googleplay.png" /></a></p>Latest desktop release (2020.4) packed with updates2020-05-13T12:25:56+00:00https://www.mullvad.net/fr/blog/2020/5/13/latest-desktop-release-20204-packed-updates/<h2>What’s new in this version</h2>
<h3>WireGuard® becomes default in Linux and macOS</h3>
<p>Linux and macOS now use WireGuard automatically in the app. This makes WireGuard the default protocol on four of the five platforms that Mullvad VPN is available for.</p>
<h3>Option to join the beta program</h3>
<p>Go to <strong>Settings</strong> and enable the <strong>Beta program</strong> option to get notified directly in the app when a new beta version is available.</p>
<p><img alt="" src="/media/uploads/2020/05/13/beta-program.png" /></p>
<p>Your feedback and problem reports help us to more quickly identify issues and bring us one step closer to the next stable release.</p>
<h3>Create account and redeem voucher in the app</h3>
<p>Need a new account number? You can now create one directly in the app. On the login screen, click <strong>Create account </strong>and a number will automatically be generated.</p>
<p><img alt="" src="/media/uploads/2020/05/13/create-account.png" /></p>
<p>You can also redeem a voucher in the app. The Redeem voucher button is available once you’ve created a new account and when you run out of time.</p>
<h3>Improved stability on Windows 7</h3>
<p>Windows 7 users should experience better app performance and stability now that we have reverted back to an older TAP adapter driver.</p>
<h3>Other additions</h3>
<ul>
<li>In the Advanced settings, we’ve added the option to set a <strong>WireGuard MTU</strong> value if you need to change your maximum packet size.</li>
<li>CLI users can now hit Tab to auto-complete commands.</li>
</ul>
<h3>Other changes and fixes</h3>
<ul>
<li>(Windows) If the app requires IPv6 but the user has disabled it on the network adapter, the app will attempt to enable it.</li>
<li>(Windows) Fixed a bug to improve offline detection.</li>
<li>(Windows) Fixed a bug to ensure that all of the app’s log files are removed on uninstall and erases the install.log content on upgrade.</li>
<li>(Linux) We now only officially support Ubuntu 18.04 or newer and Fedora 30 or newer.</li>
<li>Fixed a bug that didn’t show update notifications.</li>
<li>When Local network sharing is enabled, more local networks are more reachable.</li>
<li>(macOS) DNS over TCP should now work.</li>
<li>We now use rustls instead of OpenSSL for TLS encryption to the API and GeoIP location service.</li>
<li>Various other bug fixes.</li>
</ul>
<h3>Security</h3>
<ul>
<li>From this version onward, when upgrading or reinstalling the app while connected, the firewall now remains blocked during this process.</li>
<li>(Windows) Removed a bug that potentially caused traffic to leak if the system service unexpectedly crashed while Block when disconnected was enabled.</li>
</ul>
<h3>Download the app</h3>
<p><a href="http://mullvad.net/download">Download</a> the Mullvad VPN app for Windows, macOS, and Linux. We've got <a href="https://mullvad.net/guides/category/mullvad-app/">set-up guides</a> if you need help with installation and usage.</p>
<p>Know of someone unable to access our website? Point them to <a href="http://xcln5hkbriyklr6n.onion/">Mullvad's onion address on Tor</a> or Mullvad's GitHub page.</p>
<p> </p>Reopened: Resolved: Update: Problem with OpenVPN potentially affecting connectivity for users2020-05-12T11:42:09+00:00https://www.mullvad.net/fr/blog/2020/5/12/problem-openvpn-potentially-affecting-connectivity-users/<p>Reopened 2020-05-20: there is still some connectivity issues (OpenVPN) - we're investigating </p>
<p>---</p>
<p>Resolved. Please send a mail to support@mullvad.net if you still have problem. Thanks.<br />
---<br />
<br />
Update 2020-05-12: We are rebooting all the OpenVPN servers, you might be disconnected briefly</p>
<p>---</p>
<p>If you’re connected to Mullvad VPN but still have trouble reaching the internet, please try another location server or switch to WireGuard®.</p>
<p>We are currently investigating a problem in which ports on our OpenVPN servers fail to pass traffic through the VPN tunnel. If you are experiencing this, try one of these two options in the Mullvad VPN app:</p>
<ul>
<li>click on the <strong>Switch location</strong> button and choose a different location or server</li>
<li>use WireGuard instead of OpenVPN: Click on the <strong>gear icon > Advanced</strong>. Under <strong>Tunnel protocol</strong>, select <strong>WireGuard</strong>.</li>
</ul>
<p>A new version of the Mullvad VPN app (2020.4) was released earlier today and uses WireGuard by default on macOS and Linux. Android and iOS users of the Mullvad app are not affected by this issue.</p>Cash payments are delayed due to corona2020-05-06T16:23:30+00:00https://www.mullvad.net/fr/blog/2020/5/6/cash-payments-are-delayed-due-corona/<p>If sending cash is your preferred method for topping up your Mullvad VPN account, please plan ahead. The coronavirus is causing delays in postal delivery.</p>
<p>To avoid being stuck with no time on your account, send your payment well in advance. Mail coming from the US is taking four weeks longer than usual, and even post from countries in southern Europe and England are delayed.</p>New Android release (2020.4-beta3) supports SD cards2020-05-04T15:52:11+00:00https://www.mullvad.net/fr/blog/2020/5/4/new-android-release-20204-beta3-supports-sd-cards/<p>Get the latest improvements of the Mullvad VPN app for Android.</p>
<h2>What’s new in this version</h2>
<h3>Advanced settings</h3>
<p>We’ve added an <strong>Advanced settings</strong> menu (just like in the desktop version). Tap on the <strong>gear icon > Advanced.</strong></p>
<p>The <strong>WireGuard</strong>®<strong> key</strong> options have been moved to this new menu.</p>
<p>Also available here is the option to set a <strong>WireGuard MTU</strong> value, if you need to change your maximum packet size.</p>
<h3>Runs on SD cards and work profiles</h3>
<p>We fixed a bug so that the app no longer crashes when run on SD cards or Android Enterprise work profiles.</p>
<h3>No longer supporting Android 5, 6</h3>
<p>We now only officially support Android 7 or newer. Although the app is still available on Android 5 and 6, we no longer test them ourselves.</p>
<h3>Other changes and fixes</h3>
<ul>
<li>Fixed failure to create tunnel when app is started with auto-connect enabled. This would sometimes lead to a traffic leak.</li>
<li>We now use rustls instead of OpenSSL for TLS encryption to the API and GeoIP location service.</li>
</ul>
<h2>Download the app</h2>
<p>Download <a href="https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn">Mullvad VPN on Google Play.</a></p>
<p><a href="http://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn"><img alt="" src="/media/uploads/2020/05/04/googleplay.png" style="height:250px; width:646px" /></a></p>
<p>We've got an <a href="https://mullvad.net/help/install-mullvad-app-android/">Android set-up guide</a> if you need help with installation and usage.</p>
<p>We appreciate all feedback and problem reports that come in, so keep them coming! Knowing what you experience helps us to more quickly identify issues and gets us one step closer to that first stable release.</p>iOS vulnerability puts VPN traffic at risk2020-05-04T06:34:10+00:00https://www.mullvad.net/fr/blog/2020/5/4/ios-vulnerability-puts-vpn-traffic-risk/<p>Apple's iOS version 13.3.1 and likely all newer versions contain a vulnerability that prevents any VPN from encrypting all traffic.</p>
<p>Until Apple fixes the problem, please use the following solution to mitigate the issue.</p>
<h2>How to mitigate the iOS vulnerability</h2>
<p>Internet connections that are established after connecting to a VPN are unaffected, but connections that are already running are at risk.</p>
<p>To ensure that all of your traffic is secure, do the following:</p>
<ol>
<li>Connect to Mullvad VPN.</li>
<li>Enable Airplane Mode.</li>
<li>Turn off Wi-Fi if it’s on.</li>
<li>Disable Airplane Mode.</li>
</ol>Post mortem - WireGuard server connectivity issues2020-04-29T11:13:51+00:00https://www.mullvad.net/fr/blog/2020/4/29/post-mortem-wireguard-server-connectivity-issues/<h2>What happened</h2>
<p>On the evening of April 27, we suffered a partial WireGuard® outage approximately between 19:00 and 23.30 Swedish time. Some servers stopped forwarding traffic due to a NAT issue on servers running kernel version 4.15.<br />
In total, about 130 of 200 servers were affected during this time.</p>
<h2>Contributing factors</h2>
<p>It has been concluded that only servers running kernel version 4.15 were affected. This was true regardless of OS version, on servers running either Ubuntu 16.04 or 18.04.</p>
<p>The exact reason as to why this kernel version was the culprit, and what caused the issue during this deployment is still unknown.</p>
<h2>Resolution</h2>
<p>The problem was remedied by updating/downgrading the kernel on the affected servers to a version unaffected by the issue.</p>
<h2>Impact</h2>
<ul>
<li>
<p>Time with partially degraded service - 4.5h.</p>
</li>
<li>
<p>Affected servers - 132 of 202 WireGuard servers.</p>
</li>
</ul>
<h2>Timeline</h2>
<p>All times are local time, Sweden.</p>
<ul>
<li>
<p>2020-04-27 18:14 - Deployment of extended port ranges and system monitoring changes to our WireGuard servers starts.</p>
</li>
<li>
<p>2020-04-27 19:16 - Sharp increase in customers emails about WireGuard servers being down.</p>
</li>
<li>
<p>2020-04-27 19:30 - Engineers begin troubleshooting the issue.</p>
</li>
<li>
<p>2020-04-27 19:40 - Issue is identified to be NAT related, servers are not correctly passing traffic.</p>
</li>
<li>
<p>2020-04-27 20:32 - Issue is identified to be due to kernel version 4.15, same issue was identified on a few servers on the 24th.</p>
</li>
<li>
<p>2020-04-27 20:35 - A mitigation in form of replacing the kernel with a non-affected version is verified.</p>
</li>
<li>
<p>2020-04-27 20:42 - Work begins on compiling a list of affected servers.</p>
</li>
<li>
<p>2020-04-27 21:08 - Remediation starts. Servers starts coming back online one by one.</p>
</li>
<li>
<p>2020-04-27 23:30 - Remediation of the majority of the servers is complete. Remaining servers are marked as being down.</p>
</li>
<li>
<p>2020-24-28 06:50 - 6 servers which died during the original remediation are brought back online.</p>
</li>
</ul>
<h2>Improvements to our deployment procedures</h2>
<p>In order to minimize the likelihood of another similar incident occurring, as well as its impact, we are making adjustments to our deployment procedures, including the following:</p>
<ul>
<li>Extending the minimum time during which changes are deployed and verified working to a subset of production servers, to at least 24 hours before being deployed to remaining servers.</li>
<li>Ensuring that deployments start at 13:00 or earlier (local Swedish time), to ensure that the majority of our engineers are available in-case of any deployment issues.</li>
<li>Improving our existing end to end and functional test utilities to verify functionality of servers post deployment.</li>
</ul>Resolved, Update: WireGuard server connectivity issues2020-04-27T19:21:18+00:00https://www.mullvad.net/fr/blog/2020/4/27/wireguard-server-connectivity-issues/<p><strong>This issue has now been resolved.</strong><br />
<br />
We are currently investigating some WireGuard® server connectivity issues. We are working on getting it fixed.</p>
<p><strong>- update 2020-04-28 7am CEST -</strong></p>
<p>We will publish a post-mortem once it is ready</p>
<p> </p>Mullvad makes another donation to Qubes2020-04-22T12:33:55+00:00https://www.mullvad.net/fr/blog/2020/4/22/mullvad-makes-another-donation-qubes/<p>Secure systems are required for privacy, which is why we are once again donating to the development of the Qubes operating system.</p>
<p>The Mullvad team has been using Qubes in its day-to-day operations since early 2015. It allows us to compartmentalize and isolate activities with different security requirements, such as server administration, software development, and password management.</p>
<p>Qubes plays an important role in the increasing need for secure computers, from <a href="https://mullvad.net/help/how-blog-anonymously/">maintaining an anonymous blog</a> to projects like the Freedom of the Press Foundation’s new <a href="https://securedrop.org/news/piloting-securedrop-workstation-qubes-os/">SecureDrop Workstation for journalists.</a></p>
<p>Qubes is free and open source, so whether you are a user or recognize the value in this project, then consider <a href="https://www.qubes-os.org/donate/">donating to the Qubes project</a> too.</p>Mullvad app and servers unaffected by OpenSSL CVE-2020-19672020-04-21T17:38:28+00:00https://www.mullvad.net/fr/blog/2020/4/21/mullvad-app-and-servers-unaffected-openssl-cve-2020-1967/<p>On the 14th of April, we were alerted that a vulnerability would be released today via <a href="https://mta.openssl.org/pipermail/openssl-announce/2020-April/000170.html">https://mta.openssl.org/pipermail/openssl-announce/2020-April/000170.html</a>.<br />
Since the severity was reported as HIGH, we investigated which portions of our service would be vulnerable to this. We did the following:</p>
<ul>
<li>We put up a notification on our servers page <a href="https://mullvad.net/servers/#/">https://mullvad.net/servers/#/</a> warning users of a short per-server downtime last week so that users could make preparations as needed. At the same time we planned to make OpenVPN upgrades with other improvements</li>
<li>We made preparations for making a new release of the Mullvad VPN app with the fixed OpenSSL version if needed.</li>
<li>We made preparations to be able to deploy our servers with an unaffected version as soon as it became available in the repositories of Debian and Ubuntu.</li>
</ul>
<p>Today, the OpenSSL project released security advisory <a href="https://www.openssl.org/news/secadv/20200421.txt">https://www.openssl.org/news/secadv/20200421.txt</a>, CVE-2020-1967. It is clear that this vulnerability is limited to a Denial of Service attack by a malicious TLS client or server as a worst case scenario. Additionally, this vulnerability only affects OpenSSL versions 1.1.1d, 1.1.1e and 1.1.1f.</p>
<h2>No impact on the app</h2>
<p>The Mullvad VPN app uses OpenSSL in three places; in OpenVPN, Shadowsocks and when communicating with our API servers.</p>
<p>Both OpenVPN and Shadowsocks run as subprocesses to the daemon. The bug itself is a null pointer dereference which can only cause the process that triggers the bug to crash. This means that if the bug were to be triggered in OpenVPN or Shadowsocks, the subprocesses would crash/exit. The daemon would treat it as a normal connection interruption, clean up and establish a new tunnel, all while keeping the system security tight with the firewall.</p>
<p>The part of the daemon that communicates with our API servers does not call the function with the null pointer dereference bug (SSL_check_chain), so it can not trigger it.</p>
<h2>Impact on our infrastructure</h2>
<p>We only use affected versions of OpenSSL on a few servers for reporting system metrics for our internal infrastructure. All of our other servers, including OpenVPN and Wireguard VPN relays, as well as our API and website, are unaffected.</p>
<p>In summary, this vulnerability does not affect any of our public facing infrastructure, and for our internal infrastructure, access to the monitoring server is limited to our own internal servers.</p>
<p>We will be making the aforementioned upgrades to OpenVPN, along with upgrading the OpenSSL version we use for server metrics, as planned. We expect this work to be completed on or before Friday, April 24th, 2020.</p>
<p> </p>iOS app release improves VPN connection (2020.2)2020-04-20T10:40:52+00:00https://www.mullvad.net/fr/blog/2020/4/20/ios-app-release-improves-vpn-connection-20202/<p>A new iOS version of the Mullvad VPN app should mean fewer disconnections.</p>
<h2>What’s new in this version</h2>
<p>To provide a more stable connection, the app now automatically enables the device’s on-demand VPN setting whenever a connection is made. Users should experience fewer sudden disconnections.</p>
<p>Other updates:</p>
<ul>
<li>Format account number in groups of 4 digits separated by whitespace on login screen.</li>
<li>Fix "invalid account" error that was mistakenly reported as "network error" during log in.</li>
</ul>
<p> </p>
<h2>Download the app</h2>
<p>Download <a href="https://apps.apple.com/app/mullvad-vpn/id1488466513">Mullvad VPN on the App Store</a>. We've got a <a href="https://mullvad.net/help/using-mullvad-app-on-ios/">user guide</a> if you need help with installation and usage.</p>Launched: Mullvad VPN for iOS is here2020-04-08T11:58:44+00:00https://www.mullvad.net/fr/blog/2020/4/8/launched-mullvad-vpn-ios-here/<p>The official Mullvad VPN app is now available for iOS users! Pull out your iPhone and get it in the App Store.</p>
<p><a href="http://apps.apple.com/app/mullvad-vpn/id1488466513"><img alt="" src="/media/uploads/2020/04/08/iphone-8-mullvad-vpn_transparent.png" /></a></p>
<p><strong>Download now:</strong> <a href="https://apps.apple.com/app/mullvad-vpn/id1488466513">Mullvad VPN on the App Store</a></p>
<p><strong>Quick-start user’s guide</strong>: <a href="https://mullvad.net/help/using-mullvad-app-on-ios/">How to use the Mullvad VPN app on iOS</a></p>
<h2>What to expect</h2>
<p>The iOS version of the Mullvad VPN app exclusively uses the <a href="https://mullvad.net/help/why-wireguard/">WireGuard® VPN</a> protocol. In the app, you can both regenerate and verify WireGuard keys.</p>
<p>Running out of time on your account? You can top it up using the in-app payment feature, but the option to add time via the Mullvad website is still available.</p>
<p>The Mullvad VPN app on iOS contains the same essential functions as its desktop counterpart: login with only your account number, secure your connection with the tap of a button, and easily change your location.</p>
<p>Got feedback for us? Send it our way! Knowing what you experience helps us more quickly identify issues and prioritize features for future releases.</p>Get Mullvad VPN on Google Play2020-04-07T12:04:13+00:00https://www.mullvad.net/fr/blog/2020/4/7/get-mullvad-vpn-google-play/<p>The Android beta version of the Mullvad VPN app is now available for download on Google Play Store.</p>
<p><a href="https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn"><img alt="" src="/media/uploads/2020/04/07/mullvad-vpn-google-play-button.png" style="height:225px; width:400px" /></a></p>
<p><strong>Download now</strong>: <a href="https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn">Mullvad VPN on Google Play</a> (currently not searchable)</p>
<p><strong>Quick-start user’s guide:</strong> <a href="https://mullvad.net/help/using-mullvad-vpn-on-android/">How to use Mullvad VPN on Android</a></p>
<h2>Don’t have access to Google Play?</h2>
<p>If you don’t use Google Play, you can still<a href="https://mullvad.net/download/#android"> download the .apk file</a> from our website and install it manually.</p>
<p> </p>Sweden’s Inet and Webhallen now offer Mullvad2020-04-06T12:48:48+00:00https://www.mullvad.net/fr/blog/2020/4/6/swedens-inet-and-webhallen-now-offer-mullvad/<p>Swedish-based electronics retailers Inet and Webhallen are now selling Mullvad VPN in their stores and online.</p>
<p><img alt="" src="/media/uploads/2020/04/06/mullvad_vpn_6months_scratchcard_front.png" style="height:299px; width:207px" /></p>
<h2>Get it here</h2>
<ul>
<li><a href="https://www.inet.se/tillverkare/921/mullvad">Mullvad VPN on Inet’s website</a></li>
<li><a href="https://www.webhallen.com/se/category/4058-Antivirusprogram-Sakerhetsprogram?f=manufacturer%5E25673">Mullvad VPN on Webhallen’s website</a></li>
</ul>
<p>Packaged as a scratch card that contains an activation code, you can buy Mullvad VPN to top up your own account or as a gift to your privacy-conscious friends. Currently, the cards are available in 6- and 12-month options.</p>
<p>Our <a href="https://mullvad.net/help/partnerships-and-resellers/">Partnerships and resellers page</a> has been updated to reflect these additions.</p>WireGuard is no longer the new kid2020-03-30T14:26:55+00:00https://www.mullvad.net/fr/blog/2020/3/30/wireguard-no-longer-new-kid/<p>It’s been three years since we first started offering the chance to test a new VPN protocol called WireGuard with Mullvad. Yesterday evening, WireGuard’s first stable version was distributed with the release of Linux 5.6.</p>
<p>This event marks a major milestone for WireGuard. Although the VPN protocol has been stable for a while, features that are included in Linux kernel releases must first make it through an extensive review process.</p>
<p>If you haven’t tried it yet, <a href="https://mullvad.net/help/how-turn-wireguard-mullvad-app/">using WireGuard in the Mullvad VPN app</a> is pretty straightforward. Or check out our repository of <a href="https://mullvad.net/help/tag/wireguard/">WireGuard guides and FAQs</a>.</p>
<p>WireGuard will automatically be built in to all Linux kernels from this point forward. For Linux distributions that don’t already have WireGuard support, it’s only a matter of time.</p>Auto-connect feature in new Android release (2020.4-beta1)2020-03-30T11:56:50+00:00https://www.mullvad.net/fr/blog/2020/3/30/auto-connect-feature-new-android-release-20204-beta1/<p>You requested it, we added it. Here are the latest features in Android version of the Mullvad VPN app.</p>
<h2>What’s new in this version</h2>
<p>An <strong>Auto-connect</strong> option is now available under the Preferences menu. Enable this and the app will automatically connect to a server when it launches. If your Android device has the “Always-on VPN” feature, you can combine these two functionalities to automatically secure your connection from the moment you power on your phone.</p>
<p><img alt="" src="/media/uploads/2020/03/30/mullvad-android-auto-connect.jpg" style="height:250px; width:320px" /></p>
<p>When connected, you’ll see the new <strong>quick reconnect</strong> button (the ↻ symbol). Tap this button and the app will reconnect to another server in your chosen location.</p>
<p><img alt="" src="/media/uploads/2020/03/30/mullvad-android-reconnect.jpg" style="height:136px; width:320px" /></p>
<p>You can now add an <strong>app shortcut tile</strong> to Android’s Quick Settings menu. A single tap on the tile will connect or disconnect you while tapping and holding opens the app.</p>
<p><img alt="" src="/media/uploads/2020/03/30/mullvad-android-shortcut-tile.jpg" style="height:167px; width:320px" /></p>
<p>The app now comes pre-bundled with a list of server locations.</p>
<p>All IPv6 traffic is now routed through the VPN tunnel. This improvement addresses a bug in which IPv6 traffic could have potentially leaked outside of the VPN tunnel instead of being blocked.</p>
<h2>Download the app</h2>
<p><a href="https://mullvad.net/download/#android">Download</a> the Mullvad VPN beta app for Android. We've got an <a href="https://mullvad.net/help/install-mullvad-app-android/">Android set-up guide</a> if you need help with installation and usage.</p>
<p>We appreciate all feedback and problem reports that come in, so keep them coming! Knowing what you experience helps us to more quickly identify issues and gets us one step closer to that first stable release.</p>New Swedish law does not affect Mullvad2020-03-24T11:58:14+00:00https://www.mullvad.net/fr/blog/2020/3/24/new-swedish-law-does-not-affect-mullvad/<p>Confused about Sweden’s new legislation on the covert surveillance of data? In short, it does not pertain to Mullvad VPN.</p>
<h2>So what does the Covert Surveillance of Data Act do?</h2>
<p>This law, which goes into effect on 1 April 2020, enables Swedish law enforcement agencies to digitally spy on criminal suspects located in Sweden. In order to do so, such agencies would first have to be granted authorization.</p>
<p>You can read a <a href="https://mullvad.net/help/swedish-covert-surveillance-data-act/">full overview of the Covert Surveillance of Data Act (2020.62</a>) on our website.</p>
<h2>If the act doesn’t affect Mullvad, why are you telling us about it?</h2>
<p>We strive to educate people on how privacy is hard to come by in this digital age, and one way of doing that is to inform you of any new legislation that has an impact on individual privacy. This also helps us to stay up to date on how governments reason about privacy and the role that VPN providers play.</p>
<h2>Privacy-invasive laws already exist (in case you forgot)</h2>
<p>Let’s disregard the new law for a minute to talk about what’s been going on for years. Government agencies around the world already have the ability to survey traffic passing through their national borders or ISPs, and they do so systematically.</p>
<p>Even more concerning is that nearly all internet traffic passes through U.S.-based providers and is therefore susceptible to U.S. surveillance laws. This includes service giants like Amazon, Facebook, Google, and Twitter.</p>
<p>This fact, in combination with the use of subpoenas and gag orders which forbid recipients from talking about surveillance requests, allows the U.S. government to secretly force companies to grant complete access to customer data and transform the service into a tool of mass surveillance.</p>
<p>All U.S.-based providers are required to comply with the Communications Assistance for Law Enforcement Act (CALEA). You can imagine why we closely follow legislative developments in our own country of Sweden.</p>
<h2>How you can boost your privacy game</h2>
<h3>Use Bridge mode</h3>
<p>With the app’s Bridge mode, your traffic will be routed through two secure locations instead of one. You can even choose two separate jurisdictions. Read our guide on <a href="https://mullvad.net/help/how-use-bridge-mode/">how to use Bridge mode.</a></p>
<h3>Become a privacy ninja</h3>
<p>Try some of our <a href="https://mullvad.net/help/first-steps-towards-online-privacy/">simple solutions to change your online habits</a> and, as a result, improve your online privacy. Ninja mask is optional.</p>
<h2>How Mullvad upholds your right to privacy</h2>
<p>First and foremost, we <a href="https://mullvad.net/help/no-logging-data-policy/#no-logs">do not store any user activity</a>, and all traffic that passes through our servers is encrypted. Our company culture is strongly centered around security and privacy from our developers all the way up to our board and we are constantly refining it.</p>
<p>And with regard to the <a href="https://mullvad.net/help/swedish-legislation/">Swedish legislation that actually is relevant to us</a>, our lawyers help us to stay informed and to adapt when necessary.</p>New law 1 April 2020 - Swedish Covert Surveillance of Data Act2020-03-17T15:35:35+00:00https://www.mullvad.net/fr/blog/2020/3/17/new-law-1-april-2020-swedish-covert-surveillance-data-act/<p>New law in Sweden 1 April 2020<br />
<br />
Covert Surveillance of Data Act (SFS 2020:62) (the act is short-term legislation and will enter into force on 1 April 2020)</p>
<h2>Short Summary:</h2>
<p>Since Mullvad VPN is not to be regarded as an electronic communications service with a reporting obligation according to LEK, Chapter 2, Section 1, Mullvad VPN cannot be subject to a duty to cooperate in connection with the enforcement of a decision authorising covert surveillance of data in accordance with the new Covert Surveillance of Data Act.<br />
<br />
For users (of computers and other electronic devices), the new Covert Surveillance of Data Act grants law enforcement agencies the authority, upon a special permit (in each specific case) from a competent Swedish court, to secretly install software or hardware on suspect users' devices or devices which the suspect in special cases have or will most likely contact. This implies that law enforcement agencies may access a suspect user's information before it is encrypted by VPN-services such as Mullvad VPN.</p>
<h2><br />
To read the full text:</h2>
<p>Swedish: <a href="https://mullvad.net/help/lagen-om-hemlig-dataavlasning/">https://mullvad.net/help/lagen-om-hemlig-dataavlasning/ </a><br />
English: <a href="https://mullvad.net/help/swedish-covert-surveillance-data-act/">https://mullvad.net/help/swedish-covert-surveillance-data-act/ </a></p>Don't eat the forbidden cookie2020-03-04T05:37:01+00:00https://www.mullvad.net/fr/blog/2020/3/4/dont-eat-forbidden-cookie/<p>From a few seemingly mundane data points to thousands, from anonymous to identified. Our increasingly naive attitude toward data collection is allowing companies to get to know us in the most personal and intimate way.</p>
<p>In this digital world, companies possess a hoarder-like mentality when it comes to collecting and storing user data. Some enterprises even make it their sole business to collect and monetize online activity. This reality that we consumers have simply learned to accept is leading to dangerous outcomes for our privacy.</p>
<h2>They know everything about you</h2>
<p>It only takes a few pieces of information to identify a specific person. You may think that since you don’t share your name, address, or phone number, you’re safe. Unfortunately, you’re not.</p>
<p>Research shows that it only takes four anonymized data points out of a collected set to identify a specific person. For example, if you click on four ads, make four credit card purchases, or visit four different locations.</p>
<p>But your data doesn’t get collected here and there in such tiny batches. Companies have thousands of data points on you alone. And while that information may have become “anonymized” by deleting any uniquely identifiable details, with just a few of them, you can be re-identified, not just in that series but potentially across all data ever collected. Suddenly, someone can ascertain an astonishing amount about you.</p>
<p>Read more: TechCrunch, <a href="https://techcrunch.com/2019/07/24/researchers-spotlight-the-lie-of-anonymous-data/?guccounter=1">“Researchers spotlight the lie of ‘anonymous’ data”</a></p>
<h2>The worldwide cookie dilemma</h2>
<p>Does the message “by continuing, you agree to our use of cookies” look familiar? Cookies are the means by which websites track and gather user data, and agreeing to this multiple times daily means that you’re leaving breadcrumbs of personal, identifiable information all over the internet.</p>
<p>When the <a href="https://mullvad.net/blog/2018/5/24/gdpr-and-your-right-data-privacy/">GDPR</a> (Europe’s General Data Protection Regulation) came into effect in 2018, companies that wanted to collect user information that otherwise wasn’t strictly necessary for the website’s functionality were suddenly required to notify website visitors of the use of such cookies and gain their active consent.</p>
<p>Not all cookies are used in this way. Some are essential to technical functions (like logging in to a website or adding an item to a cart) and do not need your consent. Therefore, any website that asks for cookie consent is, by definition, collecting unnecessary data about its visitors. These days, that can seem like the entire World Wide Web, and many are all too quick to click “I agree” without giving second thought to the consequences.</p>
<p>Read more: The Guardian, <a href="https://www.theguardian.com/technology/2019/jul/23/anonymised-data-never-be-anonymous-enough-study-finds">“'Anonymised' data can never be totally anonymous, says study”</a></p>
<h2>Returning to anonymity requires a change in mindset</h2>
<p>It’s pretty clear that we have a digital-age problem. Knowing just a few uninteresting facts about someone immediately leads to knowing all there is to know. We haven’t even examined what happens when data sets (i.e. you) fall victim to a security hack.</p>
<p>Credit card purchases, browsing history, clicks, views all of our internet activity is impossible to keep anonymous. That’s why adopting a mindset of collecting and retaining as little data as possible is the only solution that works today.</p>
<p>Keeping unnecessary data should strictly be forbidden. If we continue down the current path, a society built on surveillance and control is just over the horizon.</p>
<h2>Read more</h2>
<ul>
<li>In a study published in Science, <a href="https://science.sciencemag.org/content/347/6221/536">credit card metadata could be used to identify unique shoppers.</a></li>
<li><a href="https://www.cs.utexas.edu/~shmat/shmat_oak08netflix.pdf">Netflix users were identified from a database of nameless customer records</a> in a study at the University of Texas at Austin.</li>
<li>In a Harvard study, <a href="https://dataprivacylab.org/projects/wa/1089-1.pdf">patients in an anonymized hospitalization data set were reidentified by name.</a></li>
<li>Researchers are able to <a href="https://www.nature.com/articles/s41467-019-10933-3">estimate the likelihood of re-identifying people in incomplete data sets</a>, as published in Nature Communications.</li>
</ul>Upgrade to new app (2020.3) all previous versions no longer supported2020-02-20T15:11:31+00:00https://www.mullvad.net/fr/blog/2020/2/20/upgrade-new-app-20203-all-previous-versions-no-longer-supported/<p>All users (Android, Windows, macOS, and Linux) of Mullvad VPN app are urged to upgrade to the latest release. All versions older than 2020.3 are now unsupported.</p>
<div class="is-info notification"><a href="https://mullvad.net/download">Download</a> the latest version of the Mullvad VPN app.</div>
<p>Because of two bugs recently found and fixed, we have deprecated all previous versions and encourage all users to <a href="https://mullvad.net/download">upgrade</a>, even if you are not affected. Moving forward, we’re making changes to our pre-release testing process in order to prevent similar situations.</p>
<h2>What’s new in this version</h2>
<p><strong>Resolved potential for traffic leaks</strong></p>
<p>In this version, we fixed a bug that exists in versions 2020.1 and 2020.2 and causes the app to disconnect every few hours under the default settings. Users with both “Launch app on start-up” and “Auto-connect” enabled would not be affected as the app would automatically reconnect.</p>
<p>Affected users would be at risk of involuntarily leaking traffic until they reconnected, so we no longer support those versions.</p>
<h2>Recapping last week’s DNS leak vulnerability</h2>
<p>As mentioned in<a href="https://mullvad.net/blog/2020/2/14/additional-dns-leaks-fixed-latest-desktop-release-20202/"> last week’s release of 2020.2</a>, we found and fixed a DNS leak vulnerability that can happen under specific circumstances. While debugging the issue, we discovered that it has been present on all previous versions of the desktop app (2018.1 through 2020.1). As a result we deprecated all previous versions.</p>
<p>With these older versions, you are not affected if you have “Local network sharing” disabled (this is the app’s default setting).</p>
<p>If the setting is enabled, and if your default DNS resolver is located on the local private network, then DNS leaks can occur while the app is in one of three non-connected states:</p>
<ul>
<li>while trying to connect</li>
<li>while blocked because of an error</li>
<li>while disconnected with the “Block when disconnected” setting enabled.</li>
</ul>
<p>You are not affected while connected.</p>
<h2>Download the app</h2>
<p><a href="http://mullvad.net/download">Download</a> the Mullvad VPN app for Android (beta), Windows, macOS, and Linux users. We've got <a href="https://mullvad.net/guides/category/mullvad-app/">set-up guides</a> if you need help with installation and usage.</p>
<p>Know of someone unable to access our website? Point them to <a href="http://xcln5hkbriyklr6n.onion/">Mullvad's onion address on Tor</a> or Mullvad's GitHub page.</p>Popular feature added in Android release (2020.2-beta1)2020-02-14T08:53:19+00:00https://www.mullvad.net/fr/blog/2020/2/14/popular-feature-added-android-release-20202-beta1/<p>What could it be? Upgrade to the latest beta version of the Mullvad VPN app for Android to find out!</p>
<h2>What’s new in this version</h2>
<p>We’ve finally added the much-requested option to enable Local network sharing. In the app, go to Settings, Preferences, and there it is.</p>
<p>Also, the app now locally saves your most recent account numbers, making it easy to log in without having to remember the number each time. Whenever you're logged out, just tap in the login field and a drop-down list will appear.</p>
<p>We’ve also managed to fix three bugs that caused the app to crash in various ways.</p>
<h2>Download the app</h2>
<p><a href="https://mullvad.net/download/#android">Download</a> the Mullvad VPN beta app for Android. We've got an<a href="https://mullvad.net/help/install-mullvad-app-android/"> Android set-up guide</a> if you need help with installation and usage.</p>
<p>We appreciate all feedback and problem reports that come in, so keep them coming! Knowing what you experience helps us to more quickly identify issues and gets us one step closer to that first stable release.</p>Additional DNS leaks fixed in latest desktop release (2020.2)2020-02-14T04:34:05+00:00https://www.mullvad.net/fr/blog/2020/2/14/additional-dns-leaks-fixed-latest-desktop-release-20202/<p>The latest version of the Mullvad app resolves DNS leak vulnerabilities affecting users who have “Local network sharing” enabled on either Windows, macOS, or Linux. We strongly recommend all users to upgrade.</p>
<div class="is-info notification">This release does not include any updates for Android which is <a href="https://mullvad.net/download/#android">still in beta.</a></div>
<h2>Risk of DNS leaks during “transition” states</h2>
<p>Since the previous release a few days ago, we have found and fixed a DNS leak vulnerability affecting Windows, macOS, and Linux users (separate from the Window-specific DNS leak below). This bug requires “Local network sharing” to be enabled in the app and for the default DNS resolver to be located on the local private network.</p>
<p>If the above conditions are met, then DNS leaks can occur while the app is in one of the following “transition” states: while trying to connect, while blocked because of an error, or while disconnected with the “Block when disconnected” setting enabled. In other words, not while you are connected.</p>
<h2>Windows DNS leak resolved</h2>
<p>This release also fixes a vulnerability found specifically in the Windows app version 2020.1. As we had <a href="https://mullvad.net/blog/2020/2/11/potential-dns-leak-latest-release-windows/">alerted here on the blog</a>, if Windows users had “Local network sharing” enabled in that version, it could enable DNS leaks.</p>
<h2>What (else) is new in this version</h2>
<p><strong>New visuals</strong></p>
<p>You’ll probably notice these changes at some point, but we’ll point them out to you anyway:</p>
<ul>
<li>Perhaps most noticeable is the new reconnect button on the connection screen (look for the ⟳ symbol). Click this and the app will reestablish your connection.<br />
<img alt="" src="/media/uploads/2020/02/14/mullvad-vpn-app-reconnect-button.png" style="height:132px; width:320px" /></li>
<li>On the connection screen, the map view gives a more zoomed-out view of your connection location. We’ve also removed the city and country labels from the map.</li>
<li>When your account is almost out of time, a system notification will remind you.</li>
<li>If you’re using an old app version and try to report a problem, a notification will ask you to first upgrade to the latest version and see if the problem still exists.<br />
<img alt="" src="/media/uploads/2020/02/14/problem-report-upgrade.png" style="height:568px; width:321px" /></li>
<li>(Windows, Linux) The tray icon is larger, and the option to make it monochromatic is now available under the Preferences menu.</li>
</ul>
<p><strong>Other changes and fixes</strong></p>
<ul>
<li>When changing a setting, the app will no longer refresh its connection unless the change is relevant to the connection setup.</li>
<li>With WireGuard®, the app sometimes got stuck in “creating a secure connection” even though it had successfully connected. This is now fixed.</li>
<li>(Windows) We fixed "exhausted namespace" installation error that some users on non-English systems experienced with app version 2020.1.</li>
</ul>
<h2>Download the app</h2>
<p><a href="http://mullvad.net/download">Download</a> the Mullvad VPN app for Windows, macOS, Linux users. We've got <a href="https://mullvad.net/guides/category/mullvad-app/">set-up guides</a> if you need help with installation and usage.</p>
<p>Know of someone unable to access our website? Point them to <a href="http://xcln5hkbriyklr6n.onion/">Mullvad's onion address on Tor</a> or Mullvad's GitHub page.</p>
<p>"WireGuard" is a registered trademark of Jason A. Donenfeld.</p>Potential for DNS leak in latest release for Windows2020-02-11T18:36:20+00:00https://www.mullvad.net/fr/blog/2020/2/11/potential-dns-leak-latest-release-windows/<p>If you have “Local network sharing” enabled in the latest Windows version of the app (2020.1), this can potentially cause a DNS leak. Here’s what you can do while we work on a bug fix.</p>
<p>You can easily check your status by visiting <a href="https://am.i.mullvad.net/">am.i.mullvad.net</a> where you can see whether or not you are safe from DNS leaks.</p>
<p>Then you can either turn off “Local network sharing” in the Preferences menu or <a href="https://mullvad.net/download/all/">downgrade</a> to the previous stable version of the app, 2019.10.</p>Scheduled maintenance 2020-02-122020-02-11T14:42:57+00:00https://www.mullvad.net/fr/blog/2020/2/11/scheduled-maintenance-2020-02-12/<p>On Wednesday, maintenance is planned for parts of our infrastructure. This may cause temporary disruption of the service during the day.</p>
<p>During the maintenance the following things might not work:</p>
<ul>
<li>The account and server pages on our website, including account creation, making new payments and managing ports.</li>
<li>Port forwarding for OpenVPN. It will however work if you've logged on before the maintenance.</li>
<li>Information about time left and forwarded ports in the client / App and on the website.</li>
<li>Downloading OpenVPN and WireGuard configuration files.</li>
<li>Payment processing. Any payments made during this time will be processed once the maintenance is done.</li>
</ul>Start your decade right! (new app release, 2020.1)2020-02-10T15:58:25+00:00https://www.mullvad.net/fr/blog/2020/2/10/start-your-decade-right-new-app-release-20201/<p>Find out what’s new in the Mullvad VPN app’s latest release for Windows, macOS, and Linux. And most importantly, be sure to update your app!</p>
<div class="is-info notification">This release does not include any updates for Android which is <a href="https://mullvad.net/download/#android">still in beta.</a></div>
<h2>What’s new in this version</h2>
<p><strong>WireGuard</strong></p>
<ul>
<li>We’ve made a few improvements to your experience with WireGuard:</li>
<li>WireGuard keys are now automatically rotated, or replaced with new ones, every 7 days. This helps improve anonymization and limit tracking.</li>
<li>Clicking on your public WireGuard key (if you’ve generated one) will copy it.</li>
<li>We’ve changed how WireGuard keys are handled so that most users won't run into the issue of having too many keys.</li>
<li>If the app doesn't have a WireGuard key, the option to choose WireGuard under the "Tunnel protocol" setting will be disabled. A message will instruct you to first generate a key under the "WireGuard key" setting.</li>
<li>(Windows) We fixed an issue so that WireGuard works with IPv6 enabled even if there is no functioning TAP adapter for OpenVPN.</li>
</ul>
<p><strong>Additions and changes</strong></p>
<ul>
<li>The app is now available in Danish and Finnish.</li>
<li>The app is more stable and uses less power.</li>
<li>(Windows) The app now uses a branded TAP driver for OpenVPN to prevent conflicts with other software and solve issues related to driver upgrades.</li>
</ul>
<p><strong>Fixes</strong></p>
<ul>
<li>When upgrading to the newest version, the app no longer incorrectly displays the error message that you are running an unsupported version.</li>
<li>(Windows) Improved error messages about TAP adapter issues that help the user troubleshoot.</li>
<li>(Windows) When turning on a computer from hibernation, the app no longer tries to automatically connect unless the user has auto-connect enabled.</li>
<li>(Windows) Fixed the reported problem of system service crashes with newer CPU models.</li>
<li>(Linux) Better DNS management.</li>
</ul>
<p><strong>Security improvement</strong></p>
<p>On Windows only, we addressed a potential exploit, one that would have required physical access to the target computer.</p>
<h2>Download the app</h2>
<p><a href="http://mullvad.net/download">Download</a> the Mullvad VPN app for Windows, macOS, Linux users. We've got <a href="https://mullvad.net/guides/category/mullvad-app/">set-up guides</a> if you need help with installation and usage.</p>
<p>Know of someone unable to access our website? Point them to <a href="http://xcln5hkbriyklr6n.onion/">Mullvad's onion address on Tor</a> or Mullvad's GitHub page.</p>
<p>"WireGuard" is a registered trademark of Jason A. Donenfeld.</p>Crash issues fixed in Android (2020.1-beta1)2020-02-05T16:47:22+00:00https://www.mullvad.net/fr/blog/2020/2/5/crash-issues-fixed-android-20201-beta1/<p>This new Android beta release of the Mullvad VPN app promises more connections and less crashes, so put on a helmet and take it for a test drive!</p>
<h2>What’s new in this version</h2>
<p>A number of crash issues were addressed in this release. The app is also more stable and uses less battery.</p>
<p>You can now dismiss/swipe away the notification in the notification bar when the app is disconnected and not open.</p>
<p>Tapping on your public WireGuard key (if you’ve generated one) will copy it.</p>
<p>WireGuard keys are now automatically rotated, or replaced with new ones, every 7 days. This helps improve anonymization and limit tracking.</p>
<p>For Android versions that support the “Always-on VPN” feature, enabling this option now works as intended.</p>
<h2>Download the app</h2>
<p><a href="https://mullvad.net/download/#android">Download</a> the Mullvad VPN beta app for Android. We've got an <a href="https://mullvad.net/help/install-mullvad-app-android/">Android set-up guide</a> if you need help with installation and usage.</p>
<p>We appreciate all feedback and problem reports that come in, so keep them coming! Knowing what you experience helps us to more quickly identify issues and gets us one step closer to that first stable release.</p>
<p>"WireGuard" is a registered trademark of Jason A. Donenfeld.</p>Doing the corporate shuffle (Updated)2020-02-03T06:48:41+00:00https://www.mullvad.net/fr/blog/2020/2/3/doing-corporate-shuffle/<p>As you may know (and we’re impressed if you do), the company that operates Mullvad VPN is Amagicom AB. That’s changing.</p>
<p>Amagicom is dividing its operations among a number of subsidiaries. As a result, everything surrounding Mullvad VPN is getting shuffled into a newly created daughter company aptly called Mullvad VPN AB.</p>
<p>This means that we’ve updated our <a href="https://mullvad.net/help/terms-service/">Terms of Service</a> to reflect this change (No terms have changed except the change of company operating Mullvad VPN).</p>
<p>Changes will be effective 1st of March 2020.</p>
<p>Update 2020-02-03: Amagicom is 100% owned by founders Fredrik Strömberg and Daniel Berntsson. Mullvad is 100% owned by Amagicom. Amagicom will have other subsidiaries separated from Mullvad. Main reason for doing a split is separation of businesses.</p>No tears, let’s get carried away with our new tier one provider2020-01-24T06:04:44+00:00https://www.mullvad.net/fr/blog/2020/1/24/no-tears-lets-get-carried-away-with-our-new-tier-one-provider/<p>The Internet is not a homogeneous entity providing equal access for everybody; it is a tiered service.<br />
The so-called Tier 1 providers “at the top” exchange traffic with each other for free, while “everyone else has to pay” to reach all destinations, the so called transit service.</p>
<p>Today we can announce that Telia Carrier, ranked as one of the top global Internet backbones and Tier 1 provider, is up and running with our hosting provider 31173.</p>
<h2>Telia Carrier has been added as a transit provider in:</h2>
<ul>
<li>Malmö</li>
<li>Stockholm</li>
<li>Amsterdam</li>
<li>London</li>
<li>Frankfurt</li>
<li>Paris</li>
<li>Zürich</li>
</ul>
<h2>In each of these locations, we have extra good connectivity, consisting of:</h2>
<ol>
<li>Transit providers Telia Carrier and at least one other Tier 1 provider.</li>
<li>Public and private peering* connecting to local Internet exchange points and providers in each location in order to maximize bandwidth and minimize latency</li>
<li>Connectivity between locations using fiber wavelengths** (Under installation in Paris & Zurich)</li>
</ol>
<p>* = Everyone likes to peer with equals, therefore, as the traffic from Mullvad VPN’s users increases, more providers are likely to peer directly with us for the benefit of all users. If they do not, they have to pay their internet transit provider for the traffic.</p>
<p>** = Wavelengths are used to send traffic between our sites without “being on the internet”. For example, if you’re sitting in Amsterdam and connect to our servers in Malmö, your traffic will go on the Internet from your home to 31173’s datacenter in Amsterdam, disappear from the Internet and take the wavelength to Malmö, then pop up on the Internet again.</p>
<p>As our network grows, and we add more and more wavelengths, we can keep the traffic off the Internet. The ultimate way to strengthen privacy on the Internet is to not be there at all.</p>
<h2>Test it!</h2>
<p>Please look at our <a href="https://mullvad.net/en/servers/">server list</a> at these locations and choose a server having 31173 as provider, for maximum bandwidth, the lowest latency, and maximized privacy.</p>
<p><br />
<em>For the universal right,</em><br />
Team Mullvad</p>A decade of Mullvad - another to come2019-12-17T06:49:05+00:00https://www.mullvad.net/fr/blog/2019/12/17/decade-mullvad-another-come/<p><strong>Wow, what a year it’s been! The one that closed out our first decade and began a new one. Here’s what we remember most fondly from 2019:</strong></p>
<h2>Our privacy ninjas - that’s you!</h2>
<p>In previous end-of-year reflections, we’ve always saved the best for last by thanking our customers at the end, but this year we want to tell your right from the get-go. Whether you’ve been with us for a whole decade or just recently found us, we are grateful for your feedback, your support, and your shared value in privacy!</p>
<h2>Numbers are for lovers</h2>
<ul>
<li>WireGuard servers tripled in number, from 49 to 150.</li>
<li>OpenVPN servers grew from 281 to 337.</li>
<li>We introduced Bridge mode in the app, and we now have a total of 24 bridge servers.</li>
<li>We added four new languages to our website Arabic, Danish, Farsi, and Finnish making a total of 17.</li>
<li>While the Mullvad app started out only in English, it’s now available in 16 languages.</li>
<li>Team Mullvad grew by three talented individuals (<a href="https://www.oddwork.se/jobb/third-line-support-and-operations-for-mullvad-vpn-gothenburg/">and right now we are looking for a third line support!</a>)</li>
</ul>
<h2>Mirror, mirror, on the wall</h2>
<p>Remember <a href="https://mullvad.net/blog/2017/9/27/wireguard-future/">“WireGuard is the future”</a> from two years ago? Well now we’ve really established a tradition of looking into our crystal ball.<br />
In June, we published <a href="https://mullvad.net/blog/2019/6/3/system-transparency-future/">“System Transparency is the future”</a>, and in August followed <a href="https://mullvad.net/blog/2019/8/7/open-source-firmware-future/">“Open-source firmware is the future.”</a></p>
<h2>The naked VPN</h2>
<p>Calm down, we’ve kept our clothes on. But that doesn’t stop us from trying to remain as transparent as we possibly can about why we do what we do (ahem, for the universal right to privacy) and how our business is built to support that.</p>
<ul>
<li>We bared all in our (very short) <a href="https://mullvad.net/help/terms-service/">821 words long terms of service.</a></li>
<li>We updated our <a href="https://mullvad.net/servers/">server list</a> to show exactly which servers we own vs. rent and who our providers are.</li>
<li>We explained <a href="https://mullvad.net/help/policy-disclosure-security-incidents/">how we disclose security incidents.</a></li>
<li>We published a <a href="https://mullvad.net/help/swedish-legislation/">list of Swedish laws</a> that are relevant to our VPN service.</li>
<li>And we fully explained our<a href="https://mullvad.net/help/pricing-discounts/"> transparent pricing model. </a></li>
</ul>
<p>Our website is jam-packed with information just waiting for you to discover, so we improved the searchability of our <a href="https://mullvad.net/help/">Help section.</a></p>
<h2>Bring on the features</h2>
<p>Last year we celebrated the launch of our new app, but we didn’t stop there! We’ve steadily been adding back features from the old one (remember that sight for sore eyes?) and improving along the way.</p>
<ul>
<li>We added a “<a href="https://mullvad.net/help/how-use-bridge-mode/">Bridge mode</a>” feature, helpful if you’re trying to circumvent censorship or just want to multihop.</li>
<li>We released our first beta version <a href="https://mullvad.net/download/#android">for Android!</a> (iOS, we hope to include you in next year’s celebrations!)</li>
<li>All of our desktop platforms finally offer full <a href="https://mullvad.net/help/how-turn-wireguard-mullvad-app/">in-app support for WireGuard!</a></li>
</ul>
<h2>Spreading the WireGuard cheer</h2>
<p>Speaking of WireGuard, we’re thrilled to see the support for WireGuard continue to grow. To help continue its development, we provided a third annual donation to the project.</p>
<p>If you’re still wondering what the big deal is, read our aptly titled article <a href="https://mullvad.net/help/why-wireguard/">“Why WireGuard?”</a></p>
<h2>M is for…</h2>
<p>Mullvad, of course! But also Malwarebytes and Mozilla, two noteworthy Ms that we added to our <a href="https://mullvad.net/help/partnerships-and-resellers/">list of partnerships and resellers</a>.</p>
<h2>The ninja diaries</h2>
<p>We obviously see the need for VPN Services, but we want you to understand why you would use one, how your privacy is jeopardized online, and what to think about when choosing a VPN service.<br />
We rolled out a number of articles to help you become a better privacy ninja:</p>
<ul>
<li><a href="https://mullvad.net/blog/2019/6/28/secure-wifi-happy-lifi/">WiFi networks and how to protect yourself from eavesdropping</a></li>
<li><a href="https://mullvad.net/help/facebook-pixel-privacy-invasive-tracking-technique/">Facebook’s privacy-invasive technique and how to block it</a></li>
<li><a href="https://mullvad.net/blog/2019/5/28/cookie-monsters/">Cookies and how to prevent the tracking ones</a></li>
<li><a href="https://mullvad.net/blog/2019/10/30/big-data-big-no/">Big data and how to say ‘no’</a></li>
<li><a href="https://mullvad.net/blog/2019/10/18/5-9-or-14-eyes-your-vpn-actually-safe/">The “14 Eyes” spy network and how to know if your VPN is actually safe.</a></li>
</ul>
<h2>Support for the community</h2>
<p>Lastly, we couldn’t do what we do without other people and organizations innovating in the fields that we rely on. That’s why we sponsored <a href="https://securityfest.com/">Security Fest</a>, RustFest, and OWASP Gothenburg (in case you missed it, <a href="https://youtu.be/Y6J1Yt8YYj0">Steve Gibson’s talk</a> is available).</p>
<p>Even privacy ninjas need a break, so we hope you can enjoy some peace and privacy! during these last few days of 2019.</p>
<p>For the universal right,<br />
Team Mullvad</p>
<p> </p>WireGuard for Windows in new app release (2019.10)2019-12-12T15:14:40+00:00https://www.mullvad.net/fr/blog/2019/12/12/wireguard-windows-new-app-release-201910/<p>The latest version of the Mullvad VPN app finally brings WireGuard to Windows users.</p>
<div class="is-info notification">This release does not include any updates for Android which is <a href="https://mullvad.net/download/#android">still in beta.</a></div>
<h2>What’s new in this version</h2>
<h3>WireGuard comes to Windows</h3>
<p>Windows users, the wait is over! You can now turn on the <a href="https://mullvad.net/help/how-turn-wireguard-mullvad-app/">WireGuard protocol directly in the app.</a></p>
<h3>New CLI commands</h3>
<p>Terminal users, try these out in the command line interface:</p>
<ul>
<li><strong>mullvad relay set tunnel-protocol</strong> lets you specify which tunnel protocol you want to use, independently of setting other tunnel constraints.</li>
<li><strong>mullvad reconnect</strong> tells the app to randomly choose a new server and reconnect to it.</li>
</ul>
<h3>Fixes</h3>
<ul>
<li>Improved WireGuard port selection by automatically falling back to port 53 if connection fails.</li>
<li>(Linux) A few bug fixes have improved overall stability and DNS management.</li>
<li>(Windows) Addressed a number of issues relating to the TAP adapter, which should eliminate problems experienced when the computer goes into sleep mode.</li>
<li>(Windows) Fixed the issue of users getting stuck in the app’s offline state.</li>
<li>(Windows) DNS management is more stable.</li>
</ul>
<h3>Additions and changes</h3>
<ul>
<li>System notifications now show the name of the server you’re connecting to.</li>
<li>(Windows) The uninstall process is improved.</li>
<li>(Windows) Increased time window between crashes to troubleshoot and send problem report.</li>
</ul>
<h3>Security improvements</h3>
<ul>
<li>We addressed the recent <a href="https://mullvad.net/blog/2019/12/6/closer-look-vpn-vulnerability-cve-2019-14899/">CVE-2019-14899 vulnerability </a>affecting Linux and *nix systems.</li>
<li>We tightened the security of OpenVPN by further limiting the ciphers it may use.</li>
</ul>
<h2>Download the app</h2>
<p><a href="http://mullvad.net/download">Download</a> the Mullvad VPN app for Windows, macOS, Linux users. We've got<a href="https://mullvad.net/guides/category/mullvad-app/"> set-up guides </a>if you need help with installation and usage.</p>
<p> </p>A closer look at VPN vulnerability CVE-2019-148992019-12-06T16:19:55+00:00https://www.mullvad.net/fr/blog/2019/12/6/closer-look-vpn-vulnerability-cve-2019-14899/<p>A recent vulnerability affecting Linux and *nix systems can compromise VPN tunnel security. If you are using the Mullvad app with default settings, you are not affected. No action is necessary.</p>
<p>If you use the Mullvad app on Linux with local network sharing enabled, you are vulnerable to the first of three stages of the attack. A fix will be included in the next version of the app, due to be released next week. Read on for more details.</p>
<p>In order to exploit the vulnerability, an attacker needs to be on the same local network as your device. The attack consists of three stages:</p>
<ol>
<li>In the first stage of attack, the internal IP address of your VPN connection is revealed.</li>
<li>The second stage leverages the previous stage to determine if you are currently visiting a specific website.</li>
<li>The third stage leverages the second stage in order to eavesdrop on and hijack your web session for the website, assuming it is not protected by HTTPS.</li>
</ol>
<p>Even with local network sharing enabled, the Mullvad app is only vulnerable to stage one while stage two and three are prevented by the app’s existing network protections.</p>
<p>As always, if you are using Mullvad on a local network that you don’t trust, we strongly recommend that you disable local network sharing. In order to keep you protected from this vulnerability, even in the event that you do enable local network sharing, we will include additional protections in the next release of the app.</p>
<p>For technical details on the vulnerability, see the <a href="https://seclists.org/oss-sec/2019/q4/122">original post on the oss-sec mailing list</a>. For technical details on our security patch, see our <a href="https://github.com/mullvad/mullvadvpn-app/pull/1315">GitHub Pull request</a>. At Mullvad, we believe in the open-source model in which a program's source code is made available, or open, to anyone for viewing and using.</p>Mullvad partnerships page has been updated - Mozilla2019-12-03T13:54:49+00:00https://www.mullvad.net/fr/blog/2019/12/3/mullvad-partnerships-page-has-been-updated-mozilla/<p>Mozilla has partnered with Mullvad in order to utilize our global network of VPN servers for its own VPN application.</p>
<p>Mozilla VPN: <a href="https://vpn.mozilla.org/">https://vpn.mozilla.org/</a></p>
<p>Mullvads list of Partnerships and Resellers has been updated: <a href="https://mullvad.net/help/partnerships-and-resellers/">https://mullvad.net/help/partnerships-and-resellers/</a></p>Test the latest Android beta (2019.10-beta1)2019-11-06T13:46:30+00:00https://www.mullvad.net/fr/blog/2019/11/6/test-latest-android-beta-201910-beta1/<p>We’ve addressed a number of bugs in the newest beta version of the Mullvad VPN app for Android.</p>
<p><a href="https://mullvad.net/download/#android">Download</a> the Mullvad VPN beta app for Android. We've got an Android-specific <a href="https://mullvad.net/help/install-mullvad-app-android/">set-up guide</a> if you need help with installation and usage.</p>
<p>We appreciate all feedback and problem reports that come in, so keep them coming! Knowing what you experience helps us to more quickly identify issues and gets us one step closer to that first stable release.</p>Faster rotation of WG keys and static IP addresses2019-11-03T16:24:47+00:00https://www.mullvad.net/fr/blog/2019/11/3/faster-rotation-wg-keys-and-static-ip-addresses/<p>Update: It now takes a few seconds to propagate new WireGuard® keys and internal static IP-addresses to all servers.</p>
<p>In the latest Mullvad App (Linux, macOS and Android beta) you can manually rotate WireGuard keys and internal static IP-addresses.<br />
The rotation will take a few seconds to propagates to all servers.</p>
<h2>Desktop</h2>
<p>Settings, Advanced, WireGuard Key and press <strong>Regenerate key.</strong></p>
<h2>Mobile</h2>
<p>Settings, WireGuard Key and press <strong>Replace key. </strong></p>
<p><strong><img alt="" src="/media/uploads/2019/09/24/mullvad-vpn-app-wireguard-key.png" style="height:442px; width:250px" /></strong></p>
<p>"WireGuard" is a registered trademark of Jason A. Donenfeld.</p>Big data. Big no!2019-10-30T08:02:56+00:00https://www.mullvad.net/fr/blog/2019/10/30/big-data-big-no/<p>Not so very long ago, privacy was still regarded as the right of the individual to be physically alone without being observed.<br />
However, with the advent of the Internet and the proliferation of a burgeoning digital society, our lives have become increasingly less private and more accessible.</p>
<p>Most of our online searches, posts, shares, tweets, and pictures are not only seen by others but, potentially, can also be used against us. On top of this, there is a trend of bringing everything online (cameras, cars, microwaves, hospital journals), which generates a ton of data that is stored online.</p>
<p>Sometimes data is stored without personal information. But if, at any point in time, an anonymous set of data becomes linked to an identified set of data (such as when you pay for a drink with your VISA card), all that data makes the user identifiable. This applies to information not only from the present, but also from the past as well as the future.</p>
<h2>When it falls into wrong hands</h2>
<p>It may seem innocent until you realize that your statistics are a commodity that can be sold to the highest bidder. And if, as a result, all that data ends up in the hands of a few big organizations, suddenly your insurance premiums go up and all your vulnerabilities are targeted for commercial reasons. </p>
<p>There is also a governmental angle to this. Over time, think about the danger of putting this perfect information and classification tool in the hands of a future unknown power broker, and the main question becomes:</p>
<h2>Can you trust every existing and future holder of information about you? Forever?</h2>
<p>Data once collected can also be stolen, while its security is often neglected. And at this stage we can conclude that we are not ready for the data age. We are like children playing with loaded guns, while laws and governments lag way behind in putting legislation in place. You need to understand the business models of the apps you are using. If it’s free you are the product. And if you’re a business owner: think twice before you begin collecting personal information. Don’t confuse data with product strategy.</p>
<p>Next step: <a class="external-link" href="https://mullvad.net/guides/first-steps-towards-online-privacy/" rel="nofollow">Become a privacy ninja!</a></p>
<p>For the universal right to privacy,<br />
Mullvad</p>
<p> </p>Server list updated with provider and ownership2019-10-25T09:14:59+00:00https://www.mullvad.net/fr/blog/2019/10/25/server-list-updated-provider-and-ownership/<p>Our <a href="https://mullvad.net/servers/">server list</a> has been updated to contain the following two major additions:</p>
<ol>
<li><strong>Provider</strong> - The name of the hosting provider that we rent the server or server space from</li>
<li><strong>Ownership</strong> - A flag describing if Mullvad owns or rents the server</li>
</ol>
<p>With the updated server list in place, you as a customer can make a more informed decision about which server(s) you want to use. At the moment we have two kinds of servers, rented and hardware that we own ourselves.</p>
<p>Before we go into details about these two kinds of servers, it's important to understand that for all VPN servers we use encryption to secure their data. You cannot simply unplug a server and boot it up and mount the disk to copy any keys, unless you know the encryption passwords. The encryption passwords are only known and accessible to relevant Mullvad staff. Furthermore, each server has unique encryption passwords, as well as certificates and private keys for their VPN tunnels. This means that in the unlikely event that any of these were to be extracted from a server, they would only affect that one individual server.</p>
<h2>Ownership</h2>
<h3>Rented servers</h3>
<p>We rent dedicated servers only. No virtual servers. In order to ensure sound and secure deployment procedures we always perform hardening and sanity checks on all servers before provisioning our own software and letting customers connect to them.</p>
<p><strong>Remote management software (IPMI/iLO/iDRAC/KVM)</strong></p>
<ol>
<li>If the server has remote management, it should be on a dedicated port only accessible via or by the hosting provider and not available on the public Internet.</li>
<li>We recheck our configurations regularly to ensure that no public addresses are attached to our IPMI interfaces.</li>
</ol>
<p><strong>On which level and for what purposes do external parties have access to rented servers?</strong></p>
<p>Hosting providers do the initial operating system installations (most often through the remote management software), after that we remove their access from the server. After this they may have access to the remote management software of the servers, so that they may aid in rebooting and reinstalling faulty servers, but they have no direct access to the operating system or the software running on the server itself.</p>
<h3>Mullvads own servers</h3>
<p><strong>Remote management software (IPMI/iLO/iDRAC/KVM)</strong></p>
<p>On our own servers, remote management resides behind bastion hosts (a special-purpose computer on a network specifically designed and configured to withstand attacks). In order to use the remote management software on these servers you first have to connect to a bastion host. Apart from requiring access through a bastion, each server has their own specific network port for remote management that resides on a LAN that is separate from the rest of the network. Some hosting providers have KVMs that they can enable if we ask them to, if the remote management should for some reason be unavailable.</p>
<p><strong>On which level and for what purposes do external parties have access to our own servers?</strong></p>
<p>For hosting providers where we host our own servers, most of the time we troubleshoot, reinstall or do initial operating system installation ourselves through the remote management behind the bastion. On a few occasions, hosting providers may be asked to troubleshoot hardware issues or reinstall servers that are not working as intended, but in contrast to rented providers, they will either have to enable and use their KVM (if available) or physically plug themselves into the server.</p>
<p><strong>The hosting provider 31173</strong><br />
A special focus on network performance and connectivity for all servers hosted at 31173’s locations exist. We actively invest time into making sure the network runs well, and that connectivity between locations have fiber wavelengths to other locations. For instance there are wavelengths from Amsterdam to Malmö, London, and Frankfurt to improve performance and reduce latency, and also to ensure that the users traffic can travel as far as possible within 31173’s network without using other network providers.</p>
<h3>Future management of servers</h3>
<p>The management software provided by computer manufacturers are closed source and riddled with bugs and security vulnerabilities, therefore we are active in these two projects:</p>
<p><a href="https://mullvad.net/blog/2019/8/7/open-source-firmware-future/">Open-source firmware is the future</a> and <a href="https://mullvad.net/media/system-transparency-rev5.pdf">System Transparency</a></p>Mullvad October 2019 donation to WireGuard2019-10-25T04:48:01+00:00https://www.mullvad.net/fr/blog/2019/10/25/mullvad-donates-wireguard-oct2019/<p>If you've been following our blog recently, then you're well aware that we see potential in the WireGuard VPN protocol. We've therefore decided to support the project's development yet again with a <a href="https://www.wireguard.com/donations/">donation</a>.</p>Our policy on disclosing security incidents2019-10-24T15:42:12+00:00https://www.mullvad.net/fr/blog/2019/10/24/our-policy-disclosing-security-incidents/<p>When does a security incident of a VPN provider warrant public disclosure?</p>
<p>Give <a href="https://mullvad.net/help/policy-disclosure-security-incidents/">our policy on the disclosure of security incidents</a> a quick read.</p>5, 9, or 14 Eyes: Is your VPN actually safe?2019-10-18T05:18:14+00:00https://www.mullvad.net/fr/blog/2019/10/18/5-9-or-14-eyes-your-vpn-actually-safe/<p>There is no doubt that the secret European branch of the "SIGINT Seniors" spy network (known commonly as "14 Eyes") existed at the time the Snowden files were released.<br />
Today, however, it is hard to confirm that the network still exists, or that the secret treaty on signals intelligence is still in force. We assume it does until proven otherwise.</p>
<p>Even if we currently cannot prove the existence of the network or the treaty, many other undisclosed alliances likely exist between countries outside of the hypothetical 14 Eyes network. Let’s assume there are least as many secret networks as there are countries.</p>
<p>Does this matter? Not really. Just assume all communication is secretly tapped. This is likely the most correct assumption.</p>
<p>What matters are the laws that apply to your VPN provider based on the country that it's located in. One should be particularly cautious of countries that are less transparent than those within the EU.</p>
<p>Sweden as an EU member state, where Mullvad VPN is located, is subject to strict European privacy laws such as the General Data Protection Regulation (GDPR). Most importantly, none of the <a href="https://mullvad.net/help/swedish-legislation/">Swedish regulations</a> can force VPN providers to secretly collect traffic-related data. In our case, it would be impossible for any government to attain data logs from us because we have none to give.</p>
<p>In that sense, Sweden is still a very safe country from a privacy perspective for both VPN providers and users of VPN services.</p>New Settings feature and a Windows fix in Mullvad app (2019.9)2019-10-11T14:41:31+00:00https://www.mullvad.net/fr/blog/2019/10/11/new-settings-feature-and-windows-fix-mullvad-app-20199/<p>Change the app’s language yourself in the latest version of the Mullvad VPN app which also comes with a resolved issue that has affected many Windows users.</p>
<div style="background:#eeeeee; border:1px solid #cccccc; padding:5px 10px"><strong>Note</strong>: This release does not include any updates for Android which is <a href="https://mullvad.net/download/#android">still in beta.</a></div>
<h2>What’s new in this version (2019.9)</h2>
<h3>Choose your language</h3>
<p>You can now change the app’s display language yourself. Click on the Settings icon and look for Language at the bottom.</p>
<p><img alt="" src="/media/uploads/2019/10/11/app_language_select.png" style="height:57px; width:321px" /></p>
<h3>Windows issue resolved</h3>
<p>We’ve made a few fixes to prevent more Windows users from being stuck in the offline state. The app will also detect disconnects (for example if your WiFi drops) more quickly.</p>
<h3>More powerful CLI</h3>
<p>The big news here is that we’ve synced usability and commands across all desktop platforms. For Windows users, just as with Linux and macOS, you can now access the <a href="https://mullvad.net/help/how-use-mullvad-cli/">Mullvad CLI</a> from anywhere in the terminal. Simply open a terminal window, type <code>mullvad</code>, and you’ll see a list of all subcommands, including a few new ones.</p>
<p>If you want to report a problem, the universal command is now<code>mullvad-problem-report.</code></p>
<h3>Other goodies</h3>
<ul>
<li>If you are logged in to the app and click on any links having to do with managing your account (Buy more credit or Manage WireGuard keys), you will be automatically logged in to your account page on our website instead of having to log in again.</li>
<li>(Windows 8 and newer) The installation warning window that pops up for many Windows users is now a thing of the past with this release.</li>
<li>Compatible with macOS Catalina.</li>
</ul>
<h3>Small fix</h3>
<ul>
<li>The app for users with Norwegian (Bokmål) as the system language will now default to Bokmål instead of English.</li>
</ul>
<h3>Download the app</h3>
<p><a href="http://mullvad.net/download">Download</a> the Mullvad VPN app for Windows, macOS, and Linux users. We've got <a href="https://mullvad.net/guides/category/mullvad-app/">set-up guides</a> if you need help with installation and usage.</p>
<p>Know of someone unable to access our website? Point them to <a href="http://xcln5hkbriyklr6n.onion/">Mullvad's onion address on Tor</a> or <a href="https://github.com/mullvad/mullvadvpn-app/releases/">Mullvad's GitHub page.</a></p>
<p> </p>New Android beta released (2019.9-beta1)2019-10-11T10:42:44+00:00https://www.mullvad.net/fr/blog/2019/10/11/new-android-beta-released-20199-beta1/<p>Although the Android version is not yet ready for its first stable release, this beta version (2019.9-beta1) is an improvement over the previous one.</p>
<ul>
<li>We added support for Android 5.x Lollipop.</li>
<li>The Settings icon (cogwheel) was added to the login and launch screens, allowing you to reach the problem report form even when the app isn’t connected.</li>
<li>The creation date of the WireGuard key is now displayed in your local timezone instead of UTC.</li>
<li>If the app temporarily can't verify your account number when logging in, you will still be able to use the app as normal; if you've entered an invalid number, the app will signal this once you try connecting</li>
</ul>
<p><a href="https://mullvad.net/download/#android">Download</a> the Mullvad VPN beta app for Android. We've got an Android-specific <a href="https://mullvad.net/help/install-mullvad-app-android/">set-up guide</a> if you need help with installation and usage.</p>Wireguard - rotate internal static IP-address2019-09-25T08:06:44+00:00https://www.mullvad.net/fr/blog/2019/9/25/wireguard-rotate-internal-static-ip-address/<p>In the latest Mullvad App (Linux, macOS and Android beta) you can manually rotate WireGuard keys and internal static IP-addresses.<br />
Keep in mind: The rotation can take up to two minutes before it propagates to all servers.</p>
<h2>Desktop</h2>
<p>Settings, Advanced, WireGuard Key and press <strong>Regenerate key.</strong></p>
<h2>Mobile</h2>
<p>Settings, WireGuard Key and press <strong>Replace key. </strong></p>
<p><strong><img alt="" src="/media/uploads/2019/09/24/mullvad-vpn-app-wireguard-key.png" style="height:442px; width:250px" /></strong></p>Expanded bridge and WireGuard features in latest release (2019.8)2019-09-24T09:26:03+00:00https://www.mullvad.net/fr/blog/2019/9/24/expanded-bridge-and-wireguard-features-latest-release-20198/<p>The newest stable version of the Mullvad VPN app for Windows, macOS, and Linux gives you more control over bridge connections and WireGuard key management.</p>
<div style="background:#eeeeee; border:1px solid #cccccc; padding:5px 10px">Note: This release does not include any updates for Android which is <a href="https://mullvad.net/download/#android">still in beta.</a></div>
<h2>What's new in this version (2019.8)</h2>
<p>If you're a fan of the Bridge mode feature, it just got better! In the app, you can now choose your bridge server. Just go into Advanced settings, turn <strong>Bridge mode</strong> to <strong>On</strong>, and then navigate to the Select location where you'll now see two location lists Entry (the bridge server) and Exit.</p>
<p><img alt="" src="/media/uploads/2019/09/24/mullvad-vpn-app-entry-exit_k9oOur4.png" style="height:445px; width:250px" /></p>
<p>Read our guide <a href="https://mullvad.net/guides/how-use-bridge-mode/">How to use bridge mode</a> for full details.</p>
<h3>More WireGuard key features</h3>
<p>For Linux and macOS users (Windows, each day brings us closer to releasing WireGuard for you!), you can now generate a new WireGuard key right in the app (if you already have one, this will replace it). You can also see when your current key was created. <strong>This will also replace the static ip.</strong></p>
<p><img alt="" src="/media/uploads/2019/09/24/mullvad-vpn-app-wireguard-key.png" style="height:442px; width:250px" /></p>
<p>We also improved WireGuard performance over 4G networks.</p>
<h3>Major bug fixed for Windows</h3>
<p>Many of our Windows users were suffering from DNS issues with the app. We've resolved this headache, and as a result, most Windows users should experience noticeably quicker connection times.</p>
<h3>Other notables</h3>
<ul>
<li>Servers are now listed using natural sorting.</li>
<li>The list of countries and cities is now sorted alphabetically according to your app's language setting.</li>
<li>Unavailable servers are now shown in the list rather than hidden from view.</li>
<li>(CLI users) The mullvad status command now returns only your current VPN status. If you also want your location, add --location to the command.</li>
<li>(macOS) Uninstallation is now much cleaner.</li>
</ul>
<h3>2019.1 no longer supported</h3>
<p>With this release, we no longer support version 2019.1. Please upgrade to the latest version.</p>
<h2>Download the app</h2>
<p><a href="http://mullvad.net/download">Download</a> the Mullvad VPN app for Windows, macOS, and Linux users. We've got <a href="https://mullvad.net/guides/category/mullvad-app/">set-up guides</a> if you need help with installation and usage.</p>
<p>Know of someone unable to access our website? Point them to <a href="http://xcln5hkbriyklr6n.onion/">Mullvad's onion address on Tor</a> or <a href="https://github.com/mullvad/mullvadvpn-app/releases/">Mullvad's GitHub page.</a></p>New desktop and Android beta2019-09-20T05:53:21+00:00https://www.mullvad.net/fr/blog/2019/9/20/new-desktop-and-android-beta/<p>We've got a new beta version of our VPN app ready to go for macOS, Linux, and Windows users. <a href="https://mullvad.net/download/beta/">https://mullvad.net/download/beta/</a></p>
<p>We also have our first Android beta! <a href="https://mullvad.net/guides/install-mullvad-app-android/">https://mullvad.net/guides/install-mullvad-app-android/</a></p>
<p> </p>
<h2>What is a beta release?</h2>
<p>A beta release is usually the final test version of a piece of software before the next official version is released. This means that bugs may still exist even though the software has been tested internally.</p>
<p>But that's exactly why beta releases occur, so that external users like yourself can test the software and give us valuable feedback.</p>
<p>If you'd rather wait for the next official release, though, that's ok too. The latest official, non-beta version is always available on our download page.</p>The Perks of Being a Shadow Jumper2019-08-30T05:02:09+00:00https://www.mullvad.net/fr/blog/2019/8/30/perks-being-shadow-jumper/<p style="text-align:left">Let’s jump right into how to hop from one place to another – all the way into the shadows.<br />
We’ll take a closer look at why multihop makes the likelihood of internet surveillance harder and puts you a jump closer to internet privacy.</p>
<p style="text-align:left">A single hop is when you connect from your IP-address to a VPN service of your choice and only makes one jump to a specific country or city. With multihop routing, you can jump from any location (other than your own) and eventually land at the desired location (for example: by using a setting on our Mullvad VPN app). Shadowsocks (read more about it <u><a href="https://mullvad.net/guides/intro-shadowsocks/" style="text-decoration:underline">here</a></u>) is the enabler of multihop routing. Automatically, it jumps for you. And in a couple of weeks, we will be launching an upgrade in our app that will make it possible for you to choose your own jump-locations.</p>
<p style="text-align:left"><strong>Why? – It increases your privacy </strong></p>
<p style="text-align:left">Routing your traffic through two or more servers in separate jurisdictions gives you a higher level of privacy and security, even if one server were to be compromised. With multihop routing, correlated attacks become harder, simply because with the Shadowsocks multihopping tool your exit server will not have your own public IP, but instead the IP to the Shadowsocks IP server you have connected through.</p>
<p style="text-align:left"><strong>The gritty list: </strong></p>
<ul>
<li>
<p style="text-align:left">Shadowsocks – <u><a href="https://mullvad.net/guides/intro-shadowsocks/" style="text-decoration:underline">the introduction</a></u></p>
</li>
<li>
<p style="text-align:left">How Shadowsocks <u><a href="https://mullvad.net/guides/shadowsocks-newer-app-versions/" style="text-decoration:underline">work in the Mullvad App</a></u></p>
</li>
<li>
<p style="text-align:left">Multihop with Wireguard – <u><a href="https://mullvad.net/guides/multihop-wireguard/" style="text-decoration:underline">the what, how and why</a></u></p>
</li>
</ul>
<p style="text-align:left"><em>For the universal right to privacy,</em></p>
<p style="text-align:left">Mullvad</p>Mullvad sponsors OWASP security meetup2019-08-29T06:15:08+00:00https://www.mullvad.net/fr/blog/2019/8/29/mullvad-sponsors-owasp-security-meetup/<p>We are proud to be sponsoring the <a href="https://www.eventbrite.com/e/owasp-gothenburg-presents-steve-gibson-sqrl-secure-quick-reliable-login-tickets-68314034115">upcoming security meetup</a> hosted by OWASP Gothenburg, a local chapter of the Open Web Application Security Project - September 26</p>
<p> </p>
<p><img alt="" src="/media/uploads/2019/08/29/owasp_logo_1c.jpg" style="height:143px; width:400px" /></p>WireGuard in our app, for macOS and Linux (2019.7)2019-08-13T09:19:24+00:00https://www.mullvad.net/fr/blog/2019/8/13/wireguard-our-app-macos-and-linux-20197/<p>The latest version of the Mullvad VPN app has full WireGuard support on macOS and Linux! (Windows users will have to wait a little bit longer)</p>
<h2>What's new in this version (2019.7)</h2>
<h3>Upgrade warning!</h3>
<p>This is only relevant if you are running Mullvad VPN <strong>2019.5 or older</strong>! For everyone using 2019.6 this is not relevant.</p>
<p>Before we move on to tell you about the awesome new features we need to tell you about an upgrade bug. If you are on Mullvad VPN <strong>2019.5 or older</strong> and upgrade to this new 2019.7 version, your settings will be reset to the defaults. This is due to a bug in our settings migration code. To avoid this please:</p>
<ol>
<li>First upgrade to 2019.6</li>
<li>Start 2019.6</li>
<li>Log out of your account (It should still be saved in your account history. But write it down to be extra sure you don't lose it)</li>
<li>Upgrade to 2019.7 and log back in in the app.</li>
</ol>
<h3>WireGuard</h3>
<p>We added limited WireGuard support back in 2019.2. But using it was not meant for mainstream. Activating it required using the command line, and it had a number of bugs. We have worked on improving it ever since, and today we are proud to announce it becomes a mainline feature on macOS and Linux! WireGuard for Windows is slightly behind and is not included in this release, but it will arrive in a later release!</p>
<p>WireGuard is not used by default, you still have to activate it manually if you want to use it. To do so, go to the advanced settings and select <strong>WireGuard</strong> under Tunnel protocol. That's it!</p>
<p><img alt="WireGuard under advanced settings" src="/media/uploads/2019/08/13/wireguard-in-gui.png" style="height:410px; width:320px" /></p>
<h3>Upgraded OpenVPN and OpenSSL</h3>
<p>A change that will not be directly noticeable for users, but that is good nonetheless is the upgrade of OpenVPN and OpenSSL. This new version of the app now uses the latest release of both:</p>
<ul>
<li>OpenVPN 2.4.7</li>
<li>OpenSSL 1.1.1c</li>
</ul>
<h3>The more technical stuff</h3>
<ul>
<li>(Windows) The VPN service on Windows will now be restarted when it crashes.</li>
<li>(Linux) Improve resolv.conf based DNS management to detect changes to file.</li>
<li>Add `factory-reset` CLI command for removing settings, logs and clearing the cache.</li>
<li>Add more details to the error messages shown during some issues on certain platforms.</li>
</ul>
<h2>Download the app</h2>
<p><a href="http://mullvad.net/download">Download</a> the Mullvad VPN app for Windows, macOS, and Linux users. We've got <a href="https://mullvad.net/guides/category/mullvad-app/">set-up guides</a> if you need help with installation and usage.<br />
Know of someone unable to access our website? Point them to <a href="http://xcln5hkbriyklr6n.onion/">Mullvad's onion address on Tor</a> or <a href="https://github.com/mullvad/mullvadvpn-app/releases/">Mullvad's GitHub page.</a></p>Open-source firmware is the future2019-08-07T13:38:45+00:00https://www.mullvad.net/fr/blog/2019/8/7/open-source-firmware-future/<p>Today we are proud to announce the porting of coreboot, an open-source firmware, to the Supermicro X11SSH-TF server platform.</p>
<p>This is the first time a modern off-the-shelf server platform <a href="https://review.coreboot.org/c/coreboot/+/32734">gains coreboot support</a>, and it is an integral part of realizing our vision of transparent and independently auditable VPN servers.</p>
<p>Running coreboot on our VPN servers is one of many parts which, when combined, will allow us within some constraints to prove what our VPN servers do and don’t do with your internet traffic. This work was made possible <a href="https://9esec.io/blog/first-modern-coreboot-server-platform/">thanks to 9elements Cyber Security</a>, our technology partner in the <a href="https://mullvad.net/blog/2019/6/3/system-transparency-future/">System Transparency</a> project.</p>
<p>It is important that firmware is open source because it is the software that provides low-level control of a computer’s hardware. Such a critical component must be secure, but as most firmware is closed source, we are unable to verify its security and it can therefore not be trusted.</p>
<p>Modern Intel and AMD processors unfortunately still require some closed-source (and encrypted!) firmware in order to boot. This insanity is unfortunately very much a part of the technological foundations on which we rely daily.</p>
<p>We hope and believe that this situation will change. Either Intel and AMD will change their technologies because the market demands it, or a viable alternative will emerge, or both. In any case, closed -source firmware has no place in a modern computer system.</p>
<p>Today marks the day when (mostly) open-source firmware for off-the-shelf modern servers becomes an option.</p>
<p>Open-source firmware is the right choice for humanity. As our devices effectively become extensions of our minds, it becomes critical that the hardware and software we use are trustworthy. We and others are working to make sure that the technological foundations on which we rely serve us all as users, and no one else. It is the way our devices SHOULD work, because the trustworthiness of our devices is critical for privacy, and privacy is fundamental to a well-functioning society.</p>
<h2>Our ongoing call to action</h2>
<p>To all VPN users, security experts, VPN providers, and reviewers:</p>
<ul>
<li>Let’s pioneer the development of transparent systems.</li>
<li>Let’s encourage their use and continuous improvement through our individual choices.</li>
<li>Let’s make sure our technological foundations are as transparent as possible.</li>
<li>Let’s make sure that those foundations serve the users, and no one else.</li>
</ul>
<p>Read our paper on <a href="https://www.mullvad.net/media/system-transparency-rev5.pdf">System Transparency</a>.</p>
<p> </p>Cash is Still King2019-07-24T09:42:26+00:00https://www.mullvad.net/fr/blog/2019/7/24/cash-still-king/<p>We want you to remain anonymous. All. The. Way. So, when you sign up for our VPN, we don't ask for any personal information no username, no password, no e-mail address.<br />
Instead, we create a so-called "numbered account" associated with a random account number. What about payment? Well, when it comes to paying, cash is still king.</p>
<p style="text-align:left">As you should know well by now, Mullvad’s underlying policy is never to store any activity logs of any kind. We strongly believe in having a minimal data retention policy because we want you to remain anonymous.</p>
<p style="text-align:left">This is why we create 16-digit account numbers in the "1,000,000,000,000,000" to "9,999,999,999,999,999" range. This allows for a total of 8.99 quadrillion possible account numbers. While we are fortunate to have a lot of users, you guys are not that many, yet.</p>
<h2 style="text-align:left">Damn Payment Norms</h2>
<p style="text-align:left">All of this said, in some situations we might need to process your personal data. This is the case if, for example, you make a payment via bank wire transfer, PayPal, Swish, or Stripe, send an e-mail or report a problem (read our <u><a href="https://mullvad.net/guides/privacy-policy/" style="text-decoration:underline">Privacy Policy</a></u>). But… you didn’t see cash there, right? Use cash as payment (<u><a href="https://mullvad.net/blog/2019/1/29/sending-cash-use-our-new-address/" style="text-decoration:underline">read how</a></u>), and keep your privacy to yourself.</p>
<p style="text-align:left">For the universal right to privacy,</p>
<p style="text-align:left">Mullvad</p>Connect faster to multihop and Shadowsocks, directly in the Mullvad app2019-07-23T11:47:33+00:00https://www.mullvad.net/fr/blog/2019/7/23/connect-faster-multihop-and-shadowsocks-directly-mullvad-app/<p>Did you know that the Mullvad VPN app is automatically equipped to use <a class="external-link" href="https://mullvad.net/guides/intro-shadowsocks/" rel="nofollow">Shadowsocks</a> and multihopping? It's true! We'll tell you how to speed up your connection time.</p>
<h2>Set Bridge mode to On</h2>
<p>In the latest <a class="external-link" href="https://mullvad.net/download/" rel="nofollow">Mullvad VPN app,</a> look for Bridge mode under Advanced settings. To multihop or connect with Shadowsocks more quickly, select <strong>On</strong>. Yes, it's that simple!</p>
<p><img alt="Red arrow pointing to the On setting of Bridge mode in the Mullvad VPN app." src="/media/uploads/2019/07/23/mullvad-vpn-app-bridge-mode-on.png" style="height:568px; width:320px" /></p>
<p>With the default Automatic setting, the app will first try three times to connect normally before attempting a bridge connection. Selecting On will skip over that part and immediately prioritize a bridge connection.</p>
<p>When using a bridge connection, your traffic will first travel through a Mullvad bridge server using the Shadowsocks proxy and then hop to a second server – multihopping! – before exiting.</p>
<h2>Why you might use Bridge mode</h2>
<p>Bridge mode is worth trying if you're</p>
<ul>
<li>in a restrictive country such as Turkey</li>
<li>behind a corporate firewall</li>
<li>affected by peering issues and want to try improving your speed (for example, users in Germany affected by peering to Cogent)</li>
<li>wanting to add an extra layer of privacy, since your traffic will travel through two of our servers instead of one.</li>
</ul>
<p>The app will automatically choose the <a class="external-link" href="https://mullvad.net/servers/#bridge" rel="nofollow">bridge server</a> that is geographically closest to your chosen location. For example, if you connect to Manchester in the UK, the nearest bridge server that we currently have is also in the UK, in London.</p>
<p>In most situations, you will experience slower speeds when using bridge mode.</p>See what's in our newest app release (2019.6)2019-07-15T09:17:56+00:00https://www.mullvad.net/fr/blog/2019/7/15/see-whats-our-newest-app-release-20196/<p>The latest version of the Mullvad VPN app is a nice mixture of additions and fixes. Come and get it!</p>
<h2>What's new in this version (2019.6)</h2>
<h3>Chinese, simplified</h3>
<p>We've added simplified Chinese to the growing list of languages that our app supports.<br />
Traditional Chinese has been around since version 2019.2, but in the areas where translation is missing, we have adjusted it to default to English instead of simplified Chinese.</p>
<h3>Turn off system notifications</h3>
<p>Under Preferences, you'll find a new toggle button that allows you to disable those (very helpful but sometimes annoying) pop-up system notifications. However, we'll still feed you the critical ones, like if you're running an outdated app version.</p>
<p><img alt="" src="/media/uploads/2019/07/15/mullvad-vpn-app-notifications.png" style="height:130px; width:320px" /></p>
<h3>Easier CLI (macOS)</h3>
<p>We added the Mullvad CLI to a systemwide PATH directory, so CLI commands can now be run directly in the macOS terminal. As an example, you can open a terminal window and type in mullvad --help to see a list of available commands.</p>
<h3>The more technical stuff</h3>
<ul>
<li>(Windows) Add migration logic to restore lost settings after major Windows update.</li>
<li>(Windows) Adjust network interface checks in offline detection logic. Prevents the app from being stuck in the offline state when the computer is in fact online.</li>
<li>(Linux) Fix some netlink packet parsing error in DNS handling.</li>
<li>(Linux) Improve offline check so if it fails, it always fails as online.</li>
</ul>
<h2>Download the app</h2>
<p><a href="http://mullvad.net/download">Download</a> the Mullvad VPN app for Windows, macOS, and Linux users. We've got <a href="https://mullvad.net/guides/category/mullvad-app/">set-up guides</a> if you need help with installation and usage.<br />
Know of someone unable to access our website? Point them to <a href="http://xcln5hkbriyklr6n.onion/">Mullvad's onion address on Tor</a> or <a href="https://github.com/mullvad/mullvadvpn-app/releases/">Mullvad's GitHub page.</a></p>What’s App?2019-07-12T11:31:24+00:00https://www.mullvad.net/fr/blog/2019/7/12/whats-app/<p style="text-align:left">How does our “Kill Switch” work? Are you really safe with our app when your computer joins a new WiFi network? And which default setting should you change (scroll down to number 4!)?<br />
Let’s pop the hood on our own app and list our top five features.</p>
<p style="text-align:left">For us, safety is always first, so it’s no shocker that all five involve safety:</p>
<p style="text-align:left">First of all (1), we have been working long and hard for a tighter integration with the system firewall. This keeps you safe when your computer is sleeping, disconnecting, reconnecting or changing servers.</p>
<p style="text-align:left">Secondly, and probably the first thing you expect (2): we replace all DNS calls to your default provider, most likely your ISP, to the Mullvad DNS (a DNS translates names like www.mullvad.net into an IP address). If we didn’t do this, you would be leaking metadata about what you are doing, and when. Note that, even if some other program somehow changes your DNS settings after Mullvad has started, our app will change them back – immediately.</p>
<p style="text-align:left">Thirdly, the feature we mentioned at the beginning of this article; a real Kill Switch (3). Implemented as rules in the firewall mean that they run ALL THE time. But what happens if things break down, if our app stops working? Well, in order to prevent any leaks and problems, the kill switch kicks in, and no traffic leaves your device. The rules in place only allow traffic to the selected Mullvad VPN server via our VPN tunnel. No working tunnel – no traffic.</p>
<p style="text-align:left">Fourth (4): Traffic can go outside our VPN tunnel ONLY if you are disconnected. However, if you activated the "block when disconnected" setting, no traffic will leave your device (except connection attempts to establish a VPN connection), even if you turn off the app! Change your default settings for constant privacy.</p>
<p style="text-align:left">Fifth, and perhaps smoothest (5): If you use the "block when disconnected" setting, you won’t leak any information at all, even if you accidentally quit the app. Make sure to turn on our “auto-connect on startup” feature. This will ensure that your online presence is secure, even before you log in to your computer.</p>
<p style="text-align:left">These are our five favourite features, but what about you? Which feature is your favourite? Discuss on our Facebook or Twitter page.</p>
<p style="text-align:left">For the universal right to privacy,</p>
<p style="text-align:left">Mullvad</p>
<p style="text-align:left"> </p>Mullvad VPN in 821 words2019-06-28T07:38:50+00:00https://www.mullvad.net/fr/blog/2019/6/28/mullvad-vpn-821-words/<p>What are you agreeing to when you decide to use our VPN service? More importantly, what are we promising to you?<br />
The answers to those big questions now live in one place – in our <a href="https://mullvad.net/guides/terms-service/">Terms of Service</a>.</p>
<p>"Ugh, yet another endless scrolling page of legal terms that I will never read but will blindly accept." If that was your instant reaction on reading "Terms of Service," then we're right there with you</p>
<p>In this day and age, having a ToS is a legal obligation, but for us that doesn't mean it also has to be complex and ridiculously long (although our lawyers might disagree). That's why we worked really hard to write ours in plain, understandable English and keep it as short as possible.<br />
</p>
<h2>Brand new page, same great service</h2>
<p>Don't fret, our service hasn't changed. We've had the equivalent of a Terms of Service all over our website, only now we've consolidated that information into one place. We want to be very clear about what we offer, and publishing a readable ToS ensures that we are committing ourselves to what we say.</p>
<p>The process of creating our ToS has also revealed the information that we've made unclear to our customers or that has been difficult for them to find. For example, we have often lamented when reading reviews of our VPN service stating that we have no refund policy. <a href="https://mullvad.net/guides/refunds/">We do!</a> But it's our own fault for not putting that fact front and center. All the good and important stuff is now in our lovely, little <a href="https://mullvad.net/guides/terms-service/">Terms of Service</a>.<br />
</p>
<h2>What exactly is 821 words?</h2>
<p>As quoted from our <a href="https://mullvad.net/blog/2016/12/5/privacy-universal-right/">Privacy is a universal right post</a>, "The user agreement for the app of a certain hamburger chain in Sweden contains 3,094 words, with a link to a privacy policy that is 3,092 words long – in total, around 22 printed pages."</p>
<p>The Beatles' song "Yellow Submarine" contains 228 words. "Dancing Queen" by Swedish pop group ABBA contains 202.</p>
<p>In essence, Mullvad's 821-word <a href="https://mullvad.net/guides/terms-service/">Terms of Service</a> is the equivalent to four pop songs (821 as of publishing this post).</p>
<p>If you've made it to the end, impressive! Now reward yourself by actually <a href="https://mullvad.net/guides/terms-service/">reading those words</a>.</p>Secure WiFi, happy LiFi2019-06-28T07:18:41+00:00https://www.mullvad.net/fr/blog/2019/6/28/secure-wifi-happy-lifi/<p><strong>Is anybody reading over your shoulder? Sure? Look again. Hard to know when you are on your device, but some WiFi networks are hostile networks that see every move you make.</strong></p>
<p style="text-align:left">The Man-in-the-Middle attack (MitM), a form of eavesdropping, is one of the most common hazards on public networks. Not on all WiFi networks, but definitely some.</p>
<p style="text-align:left">To put it briefly (and really skip at least 71 hops): when you use a device, that doesn't use strong encryption, to send any data through the Internet, from point Wi (device) to Fi (website), it is entirely exposed. It will be open for a cyber attacker to get in between these transmissions. Some might read, steal and even use that information against you.</p>
<p style="text-align:left">Even when using encryption, you reveal to all the hops between you and the site you are visiting the fact that YOU are visiting site X, when and for how long. This makes profiling of you and your interests possible and this information can then be used or sold to third parties in order to target ads, or even something worse.</p>
<p style="text-align:left"><strong>Solution: secure your information! </strong><br />
However, if you use a VPN all your internet traffic is encrypted and you are protected from being spied on, protected from all other users on that local WiFi and also the WiFi service provider. You also mask what site(s) you are visiting.</p>
<p style="text-align:left">You will most certainly be more secure. Clothed with both belt and suspenders from online threats. Now that eavesdropper needs to be in the same room as you, IRL and they would be revealed to you in a split second.</p>
<p style="text-align:left"> </p>
<p style="text-align:left"><strong>How to get Happy LiFi:</strong></p>
<ul>
<li>
<p style="text-align:left">Change the default password on your WiFi, turn on WPA2!</p>
</li>
</ul>
<ul>
<li>
<p style="text-align:left">Lock your company’s WiFi and open a guest WiFi for visitors</p>
</li>
<li>
<p style="text-align:left">When you use public WiFi, use a VPN service. It will encrypt all internet traffic and protect you from your local environment eavesdropping on you.</p>
</li>
<li>
<p style="text-align:left"><a href="https://mullvad.net/guides/first-steps-towards-online-privacy/">Read more</a> about how you can take control over your privacy</p>
</li>
</ul>
<p style="text-align:left"> </p>
<p style="text-align:left">For the universal right to privacy,</p>
<p style="text-align:left">Mullvad</p>
<p style="text-align:left"> </p>
<p style="text-align:left"> </p>
<p style="text-align:left"> </p>Scheduled maintenance 2019-06-262019-06-19T14:05:12+00:00https://www.mullvad.net/fr/blog/2019/6/19/scheduled-maintenance-2019-06-26/<p>On Wednesday, maintenance is planned for parts of our infrastructure. This may cause temporary disruption of the service during the day.</p>
<p>During the maintenance the following things might not work:</p>
<ul>
<li>The account page on our website, including account creation, making new payments and managing ports.</li>
<li>Port forwarding. It will however work if you've logged on before the maintenance.</li>
<li>Information about time left and forwarded ports in the client / App and on the website.</li>
<li>Downloading OpenVPN and WireGuard configuration files.</li>
<li>Payment processing. Any payments made during this time will be processed once the maintenance is done.</li>
</ul>Shadowsocks integrated into new app version (2019.5)2019-06-17T12:17:11+00:00https://www.mullvad.net/fr/blog/2019/6/17/shadowsocks-integrated-new-app-version-20195/<p>We've got quite a laundry list of changes to the newest stable release of the Mullvad VPN app. Most exciting is our in-app integration of the Shadowsocks proxy!</p>
<h2>What's new in this version (2019.5)</h2>
<p><strong>Use Shadowsocks in the app</strong></p>
<p>Connecting with bridges using the Shadowsocks proxy can now be done directly in the app and is even fully automatic. You can find the <strong>Bridge mode</strong> options under Advanced settings (scroll down).</p>
<p><img alt="" src="/media/uploads/2019/06/17/mullvad-vpn-app-bridge-mode.png" style="height:403px; width:227px" /></p>
<p>The default mode is set to Automatic which means that if the app fails to connect three times (often a sign that you're stuck behind a censorship firewall), it will then attempt a bridge connection.</p>
<p>Once connected, you'll be able to see the bridge details on the connection screen.</p>
<p><img alt="" src="/media/uploads/2019/06/17/mullvad-vpn-app-bridge-connection.png" style="height:403px; width:315px" /></p>
<p><strong>New languages</strong></p>
<p>The app now supports Dutch, Italian, Japanese, Norwegian, Portuguese, Russian, and Turkish. The language will be automatically determined based on your computer's language settings.</p>
<p>In addition, the city and country displayed on the connection screen are now displayed in that particular language instead of defaulting to English.</p>
<p><strong>WireGuard improvement</strong></p>
<p>When using WireGuard, you can now roam between different WiFi's and other connections.</p>
<p><strong>Better troubleshooting</strong></p>
<p>Problem reports sent via the terminal now automatically include the app's front end log files to help troubleshoot app crashes.</p>
<p><strong>iPhones included in local network sharing</strong></p>
<p>For macOS users with iPhones connected to the same network, those iPhones are now discoverable when the Local network sharing option is enabled.</p>
<p><strong>Fixes</strong></p>
<ul>
<li> (macOS) Thanks to user input, we've made a few adjustments to prevent the macOS system service from crashing.</li>
<li> (Windows) The app now better detects when Windows users are offline and therefore waits to connect.</li>
<li> (Linux) Resolved a few bugs resulting in fewer DNS errors and more stable connectivity.</li>
</ul>
<p><strong>The more technical stuff</strong></p>
<ul>
<li>Allow incoming DHCPv4 requests and outgoing responses if allow local network is enabled.</li>
<li>Allow a subset of NDP (Router solicitation, router advertisement and redirects) in the firewall.</li>
<li>(Linux) Add standard window decorations to the application window.</li>
<li>Relax the allow local network rules slightly, only checking either source or destination IP field instead of both. They are still unroutable.</li>
<li>CLI commands that are just intermediate commands, and require another level of subcommands, will automatically print the available subcommands, instead of an error if none is given.</li>
<li>Remove the `help` subcommand in the CLI. Instead get help with the `--help` long flag.</li>
</ul>
<p><strong>Download the app</strong></p>
<p><a href="http://mullvad.net/download">Download now</a> the Mullvad VPN app for Windows, macOS, and Linux users. We've got <a href="https://mullvad.net/guides/category/mullvad-app/">set-up guides</a> if you need help with installation and usage.</p>
<p>Know of someone unable to access our website? Point them to <a href="http://xcln5hkbriyklr6n.onion/">Mullvad's onion address on Tor </a>or <a href="https://github.com/mullvad/mullvadvpn-app/releases/">Mullvad's GitHub page</a>.</p>
<p> </p>System Transparency is the future2019-06-03T14:03:51+00:00https://www.mullvad.net/fr/blog/2019/6/3/system-transparency-future/<p>Since we started Mullvad VPN over 10 years ago, we have been obsessed with the question, “How do we demonstrate our trustworthiness to our users?”</p>
<p>This query is closely related to two thoughts often asked by the VPN users themselves:</p>
<ul>
<li>How can I trust my VPN provider?</li>
<li>How do I know my VPN provider doesn’t keep logs?</li>
</ul>
<p>We are here to describe our perspective on trustworthiness and to finally present a new security architecture for our infrastructure which we are currently working on. This architecture will greatly diminish the need for trust and instead enable verification through cryptography.<br />
</p>
<h2>A market for lemons</h2>
<p>A trustworthy VPN provider is characterized by skill, transparency, honesty, and conscientiousness. You should feel confident in expecting us to fulfill our commitment toward you, now and in the future. This is also the reason security will forever be deeply ingrained in Mullvad’s culture. Security is how we gain trust in our systems so that we may, in turn, earn it from you.</p>
<p>Unfortunately, the reality of VPN services like Mullvad is that we ask you to trust us without much verification. You try to judge our honesty through our words, but talk is cheap. You try to choose a provider based on reviews, but by now you know that few review sites are themselves honest or unbiased. These insights provoked us to build solutions that rely less on trust of human character and more on technology and mathematics so that trust within certain constraints can be cryptographically verified. In other words, we need transparent and verifiable systems.</p>
<p>Just as powerful people should be scrutinized more than others, so should computing systems in positions of power. With power comes the ability to acquire more, conceal it, and do damage. Transparency and accountability should be expected from those to whom we delegate responsibilities – the greater the responsibility, the more accountability. Anyone claiming to offer privacy and security should to the same extent offer transparency and verifiability.</p>
<p>Within certain constraints, we believe System Transparency gives you the ability to cryptographically verify the inner workings of Mullvad’s VPN servers while you are using them, and without compromising the privacy of other users. As it combines many diverse security technologies to form something new, System Transparency requires a technical background to grasp. Eventually we hope to educate less technical audiences as well.<br />
</p>
<h2>A market for peaches</h2>
<p>We are certain this concept has potential far beyond the VPN industry. Nevertheless it is worth observing that this idea introduces an interesting new game to our line of business. The currently dominating strategy in the VPN service industry seems to be a short-term marketing ploy: pay as many marketing partners as possible to promote the “exceptional” security and no-log-ness of your VPN service, whether it is true or not.</p>
<p>Paying for good reviews is not a signal of trustworthiness, nor is making hyperbolic claims of security a sign of technical skill. In the current market, a technically incompetent or even malicious player can promise trustworthiness, as no one is able to verify it.</p>
<p>System Transparency has the potential to move our industry to a state where even a technically competent player must go to great lengths in order to deceive. In a market that demands System Transparency, bad actors will eventually be detected and weeded out.</p>
<p>Finally, a market that constantly demands more transparent systems compels players to reinvest in open source and open hardware security technology, to the benefit of all.<br />
</p>
<h2>Our call to action</h2>
<p>To all VPN users, security experts, VPN providers, and reviewers:</p>
<ul>
<li style="list-style-type:disc">Let’s pioneer the development of transparent systems.</li>
<li style="list-style-type:disc">Let’s encourage their use and continuous improvement through our individual choices.</li>
<li style="list-style-type:disc">Let’s make sure our technological foundations are as transparent as possible.</li>
<li style="list-style-type:disc">Let’s make sure that those foundations serve the users, and no one else.</li>
</ul>
<p>Read <a href="https://www.mullvad.net/media/system-transparency-rev5.pdf" style="text-decoration:none;" target="_blank"><u>our paper on System Transparency</u></a>.</p>Cookie monsters2019-05-28T09:26:33+00:00https://www.mullvad.net/fr/blog/2019/5/28/cookie-monsters/<p style="text-align:left"><strong>It all started out as an improver of your browser experience. The cookie evolution, or the different ways to cook that recipe, has developed the use, appearance, and taste of cookies.</strong><br />
<strong>Today’s cookie basket is full of both good UX-ones and really bad-tasting, information tracker-ones.</strong></p>
<p style="text-align:left">Not all browser cookies are bad. HTTP/HTTPS cookies (the formal name for web cookies) are quite useful and allow you to continue accessing websites without re-entering your password on every page. More generally, they also remember your settings and preferences for you. Alongside your browser’s cache, cookies also help webpages load faster and make it easier for you to simply browse the web.</p>
<p style="text-align:left"><strong>What is a tracking cookie?</strong></p>
<p style="text-align:left">Not all cookies are tracking cookies. But those that are might put your privacy at risk by tracking sites that you visit and report them back to wherever the cookies designer wants your data to go. They are distributed, shared and read across two or more unrelated websites for the purpose of gathering information and/or potentially presenting customized data back to you.</p>
<p style="text-align:left">Moreover, cookies can affect your system’s operation by saving information about your location. That’s why there is no existing single-step solution when it comes to protect your online privacy. Therefore, regularly clearing your cookies and cache is not just useful but<strong> a must-have daily routine. </strong>Read our guide <u><a href="https://mullvad.net/guides/second-steps-toward-online-privacy/" style="color:#0563c1; text-decoration:underline">“Plugins that block and protect”</a></u> to get a good start with this.</p>
<p style="text-align:left">Don’t let the bad cookies scare you away. Instead, learn how to eat them up.</p>
<p style="text-align:left"><em>Om nom nom! </em></p>
<p style="text-align:left">For the universal right to privacy,</p>
<p style="text-align:left"><em>Mullvad</em></p>
<p style="text-align:left"> </p>Chocolate with a pinch of privacy2019-05-22T08:33:35+00:00https://www.mullvad.net/fr/blog/2019/5/22/chocolate-pinch-privacy/<p>If you're attending this year's <a href="https://securityfest.com/" target="_blank">Security Fest</a> in Gothenburg, then you're in luck!</p>
<p>Not only are we pleased to <a class="external-link" href="https://securityfest.com/sponsors/" rel="nofollow" target="_blank">sponsor</a> the fourth annual instance of this growing IT security conference in our home town, but also we're giving out chocolate oatmeal balls at our booth! Swing by this Thursday or Friday to say hello and, more importantly, to give this Swedish confectionery delight a try. They are a staple at our office!</p>
<p><img alt="hand grabbing a treat from a bowl" src="/media/uploads/2019/05/22/delicatoboll.jpg" style="width:100%" /></p>WireGuard pre-alpha for Windows2019-05-09T08:31:44+00:00https://www.mullvad.net/fr/blog/2019/5/9/wireguard-pre-alpha-windows/<p>The WireGuard Team has released a pre-alpha version for Windows, for testing!<br />
<br />
32bit and 64bit versions are available!</p>
<p><a href="https://mullvad.net/guides/wireguard-app-windows/">Read more </a></p>Requested fixes available in new app version2019-05-08T14:00:05+00:00https://www.mullvad.net/fr/blog/2019/5/8/requested-fixes-available-new-app-version/<p>The latest stable release of the Mullvad VPN app is here with some fixes and small additions.</p>
<h2>What's new in this version (2019.4)</h2>
<p><strong>Windows fixes</strong></p>
<ul>
<li>We resolved the installation problem some users were experiencing due to TAP adapter errors.</li>
<li>The timeout length for updating DNS settings has been increased which will result in more successful connections and less DNS errors.</li>
<li>The firewall rules will remain in place, even in the rare event that the system service unexpectedly crashes, improving the kill switch function.</li>
</ul>
<p><strong>Login works for Windows Surface users</strong><br />
The on-screen keyboard now appears when trying to enter an account number in the app's login screen.</p>
<p><strong>Server locations translated</strong><br />
The app's map view and list of countries and cities are now translated into the five non-English languages that we support.</p>
<p><strong>Padlock icon synced with app</strong><br />
The system tray will now show the correct red padlock icon when connectivity is lost.<br />
</p>
<h2>Download the app</h2>
<p><a href="https://mullvad.net/download">Download now</a> the Mullvad VPN app for Windows, macOS, and Linux users. We've got <a href="https://mullvad.net/guides/category/mullvad-app/">set-up guides</a> if you need help with installation and usage.</p>
<p>Know of someone unable to access our website? Point them to <a href="http://xcln5hkbriyklr6n.onion/" target="_blank">Mullvad's onion address on Tor</a> or <a href="https://github.com/mullvad/mullvadvpn-app/releases/" target="_blank">Mullvad's GitHub page</a>.</p>Eat, sleep, repeat: what is a VPN?2019-04-18T12:07:44+00:00https://www.mullvad.net/fr/blog/2019/4/18/eat-sleep-repeat-what-vpn/<p style="text-align:left"><strong>A VPN (virtual private network) is a technology that establishes a secure tunnel between your device and our server.<br />
It allows you to browse the web securely and privately, even when using a public WiFi network at a cafe or hotel.</strong></p>
<p style="text-align:left">Online privacy is hard to come by. Nearly everything we do on the Internet is logged. How can that be condoned these days, right?</p>
<p style="text-align:left">Well, as you read this, your internet service provider (ISP) has the ability to track which websites you visit. Some even keep records of your activity. And that's just the beginning. Furthermore, and based on your country's laws, your ISP may even be required by the government to log the websites you visit.</p>
<p style="text-align:left"><strong>VPN = freedom</strong></p>
<p style="text-align:left">If you use a <u><a href="https://cdt.org/insight/unedited-answers-signals-of-trustworthy-vpns/" style="color:#0563c1; text-decoration:underline">trustworthy VPN service</a></u> – one that doesn't log any user information – the traceable chain that links you and your online activity is broken.</p>
<p style="text-align:left">All your traffic first travels from your computer, through an encrypted tunnel, to our VPN's servers and then onward to the website you are visiting. Thus, websites will only see the VPN server’s identity (IP-address), and not your device’s IP. This way, any information that your ISP saves cannot be specifically tied to you.</p>
<p style="text-align:left"><u><a href="https://mullvad.net/account/create/" style="color:#0563c1; text-decoration:underline">Get your account.</a></u></p>
<p style="text-align:left">Using a VPN is a great first step toward protecting your privacy, but it's not the ultimate solution (we wish it were!). However, it's easy to improve your <u><a href="https://mullvad.net/guides/first-steps-towards-online-privacy/" style="color:#0563c1; text-decoration:underline">privacy ninja skills</a></u>.</p>
<p style="text-align:left"><strong>Looking for the nitty gritty? We support:</strong></p>
<ul>
<li>
<p style="text-align:left">Port forwarding</p>
</li>
<li>
<p style="text-align:left">DNS leak protection</p>
</li>
<li>
<p style="text-align:left">Teredo (IPv6 over IPv4) leak protection</p>
</li>
<li>
<p style="text-align:left">IPv6 tunneling as well as IPv6 blocking and leak protection</p>
</li>
<li>
<p style="text-align:left">OpenVPN on a range of custom ports, including but not limited to 53/udp (DNS), 80/tcp (HTTP), 443/tcp (HTTPS)</p>
</li>
<li>
<p style="text-align:left">Only the OpenVPN and Wireguard VPN protocols</p>
</li>
<li>
<p style="text-align:left">SSH tunneling and Shadowsocks through our bridge servers.</p>
</li>
</ul>
<p style="text-align:left"><u><a href="https://mullvad.net/what-is-vpn/" style="color:#0563c1; text-decoration:underline">For the whole picture.</a></u></p>
<p style="text-align:left">For the universal right to privacy,</p>
<p style="text-align:left"><em>Mullvad</em></p>Windows install error fixed in latest app release2019-04-08T08:21:29+00:00https://www.mullvad.net/fr/blog/2019/4/8/windows-install-error-fixed-latest-app-release/<p>The newest version (2019.3) of the Mullvad VPN app fixes an installation error that Windows 7 and Windows 8.1 users encountered.</p>
<p>This fix is the only change in 2019.3, and while you may not be affected, we still recommend that you always keep your app up to date.</p>
<p><a href="https://mullvad.net/download/">Download now</a> the latest app version.</p>New app version brings WireGuard one step closer2019-03-29T11:05:02+00:00https://www.mullvad.net/fr/blog/2019/3/29/new-app-version-brings-wireguard-one-step-closer/<div>
<p>That's right, with the latest stable release of the Mullvad VPN app, we're one step closer to full in-app support for WireGuard!<br />
</p>
<h2>What's new in this version</h2>
<div>
<p><strong>WireGuard CLI with the app (macOS and Linux)</strong><br />
Once you've completed our terminal-based instructions to turn WireGuard on, you'll be able to use the app to connect to WireGuard servers.</p>
<ul>
<li><a class="external-link" href="https://mullvad.net/guides/wireguard-mullvad-app/" rel="nofollow">Guide: WireGuard in the Mullvad app</a></li>
</ul>
</div>
<p>This feature is currently available for macOS and Linux users. Support for Windows will be added as soon as WireGuard's official Windows release is available.<br />
</p>
<p><strong>Shadowsocks CLI, simplified</strong><br />
Using our Shadowsocks CLI is now much easier, so if you're stuck behind a restrictive firewall, give it a try!</p>
<ul>
<li><a class="external-link" href="https://mullvad.net/guides/shadowsocks-newer-app-versions/" rel="nofollow">Guide: Shadowsocks for newer app versions</a><br />
</li>
</ul>
<p><strong>Multilingual app</strong><br />
The app now supports Chinese, French, German, Spanish, and Swedish, and will change automatically based on your computer's language settings.<br />
<img alt="The Mullvad VPN app, here shown in Swedish, now supports multiple languages." src="/media/uploads/2019/03/29/app-swedish-svenska.png" style="height:295px; width:167px" /><br />
</p>
</div>
<p><strong>Improved notifications in Linux</strong><br />
We've added our name and logo to the system notifications.<br />
</p>
<p><strong>Fixes</strong><br />
Here are a few of the bugs we've taken care of:</p>
<ul>
<li>We fixed a problem in which the app showed that it was constantly trying to connect.</li>
<li>The most recent account number that was used should no longer be missing from the login drop-down.</li>
<li>System notifications no longer block the app window.</li>
<li>Enabling IPv6 in the Advanced menu should now work for users who previously had issues with it.</li>
<li>Users won't be stuck in the "Out of time" app window.</li>
<li>The location list is now alphabetical.</li>
<li>(Windows) Users will experience fewer DNS errors.</li>
<li>(Linux) Solved a number of system service bugs.<br />
</li>
</ul>
<h2>Download the app</h2>
<p><a class="external-link" href="https://www.mullvad.net/download" rel="nofollow">Download now</a> the latest for Windows, macOS, and Linux users. We've got <a class="external-link" href="https://mullvad.net/guides/category/mullvad-app/" rel="nofollow">app set-up guides</a> if you need help with installation and usage.</p>
<p>Know of someone unable to access our website? Point them to <a class="external-link" href="http://xcln5hkbriyklr6n.onion/" rel="nofollow">our onion address on Tor</a> or <a class="external-link" href="https://github.com/mullvad/mullvadvpn-app/releases/" rel="nofollow" target="_blank">our GitHub page</a>.</p>Are We Worthy of Your Trust?2019-03-28T04:44:57+00:00https://www.mullvad.net/fr/blog/2019/3/28/are-we-worthy-your-trust/<p>Our privacy tools require that you, our users, trust us. You should feel confident in expecting us to fulfill our commitment toward you, now and in the future.<br />
This is also the reason why security will be deeply ingrained in our company’s culture, forever.</p>
<p>Users expect their VPN provider to be honest with them and, in turn, the VPN provider merits their trust. The user must feel confident that their personal information isn’t misused, their web browsing habits won’t be abused, and that their data isn’t handed over to third parties unexpectedly.</p>
<h2>Trust is a fragile thing; difficult to build, easy to lose</h2>
<p style="text-align:left">Security is the way we gain trust in our systems, so that we can earn it from our users in return. Ultimately, our philosophy calls upon us to build solutions that rely less on trusting human character, and more on technology and mathematics.</p>
<p style="text-align:left">Your privacy is essential, fundamental and crucial to us. This is why we, together with other VPN providers, are working with the non-profit, human rights focused <u><a href="https://cdt.org/" style="color:#0563c1; text-decoration:underline"><strong>Center for Democracy & Technology</strong></a></u><strong> </strong>(CDT). Together, we have developed a list of questions we believe a trustworthy VPN service should be able to answer truthfully and thoroughly (<u><a href="https://mullvad.net/blog/2018/10/17/signals-trustworthy-vpns/" style="color:#0563c1; text-decoration:underline">you’ll find them here</a></u>).</p>
<h2 style="text-align:left">Ten years striving for trust</h2>
<p style="text-align:left">We launched Mullvad VPN service in March of 2009, blazing the trail for internet security, to protect the universal right to privacy. Ten years have passed and we can’t predict the future, but the next 10 years of development will be crucial for privacy. At Mullvad VPN we will do our best to keep you secure.</p>
<p style="text-align:left">All for the right, all for trust,</p>
<p style="text-align:left"><em>Mullvad</em></p>Suddenly can't connect to Mullvad?2019-03-22T06:27:15+00:00https://www.mullvad.net/fr/blog/2019/3/22/suddenly-cant-connect-mullvad/<p>It's a simple explanation with a simple solution – download the latest app or config files!</p>
<p>Today, 22 March, we're replacing our expired root certificate, and you're likely using an incompatible app version or old configuration file.</p>
<p>Read on to find out if you're affected and what you need to do.<br />
</p>
<h2>Mullvad VPN app users</h2>
<p>Simply <a href="https://mullvad.net/download/">download the latest app version.</a> Versions 2018.5 and newer are not affected.<br />
</p>
<h2>Configuration file users</h2>
<p>If you're using Mullvad on</p>
<ul>
<li>iOS</li>
<li>Android</li>
<li>Chromebook</li>
<li>a router</li>
<li>another OpenVPN client</li>
</ul>
<p>then you need to <a href="https://mullvad.net/download/config/">download new configuration files</a>. Any files downloaded after 19 November 2018 are fine.<br />
</p>
<h2>WireGuard users</h2>
<p>You don't need to do anything.<br />
</p>
<h2>What exactly is a root certificate?</h2>
<p>Our root certificate lets your computer know that the VPN server it's trying to connect to is actually one of ours instead of belonging to someone pretending to be us (flattering, but not nice).</p>
<p>When Mullvad launched in 2009, we set the original certificate to last for 10 years. Now it's time for a new one!</p>Help us beta test in-app WireGuard!2019-03-21T15:46:36+00:00https://www.mullvad.net/fr/blog/2019/3/21/help-us-beta-test-app-wireguard/<p>Our newest beta version (2019.2-beta1) of the Mullvad VPN app is now out for testing. This version brings us one step closer to fully integrated in-app support for WireGuard!</p>
<p><a class="external-link" href="https://mullvad.net/download/beta/" rel="nofollow">Download: test the beta</a><br />
</p>
<h2>WireGuard in the app</h2>
<p>Yes! We're as excited as you are. Our WireGuard support is not 100% in-app compatible yet – you still need to use the terminal to set it up – but we're getting there.</p>
<p>This feature is currently available only for macOS and Linux users. Support for Windows will be added as soon as WireGuard's official Windows release is available.</p>
<p><a class="external-link" href="https://mullvad.net/guides/wireguard-mullvad-app/" rel="nofollow">Guide: WireGuard in the Mullvad app</a><br />
</p>
<h2>Shadowsocks</h2>
<p>With this beta version, using Shadowsocks gets way easier.</p>
<p><a href="https://mullvad.net/guides/shadowsocks-newer-app-versions/">Guide: Shadowsocks for newer app versions</a></p>Two-year anniversary2019-03-15T06:25:33+00:00https://www.mullvad.net/fr/blog/2019/3/15/two-year-anniversary/<p>Two years fly fast. They pass you by and leave us with a load of memories. Sometimes it’s important to stop running and instead sit down and reflect upon what has happened with time.<br />
Therefore, let’s look back on the two years that have passed.</p>
<p>This week marks the second anniversary of our VPN services using the non-battery-draining, super smooth protocol WireGuard. It started out with one Mullvad server back in March 2017. Like a flag on the moon, we were the first live VPN service with WireGuard (!). One month later, our first server was set up in the US.</p>
<p>Since we'd been supporting WireGuard with both money and thoughts, and when summer peaked that same year, we finally could set up server-to-server connectivity to put multiple server jumps between the users and the Internet, thus enhancing privacy even more.</p>
<h2>Superfast</h2>
<p>In May 2018, we reached another hallmark: eighteen Mullvad VPN locations with WireGuard servers. Fast-forward to July that same year and our first Mullvad VPN WireGuard server with 40Gbps Internet was up and running. Normally, a VPN server has a 1Gbps interface to the Internet!</p>
<p>When Santa Claus dusted off his sleigh last year, after hard work by the brilliant WireGuard team, their super smooth VPN protocol app was released on Appstore for iOS. It doesn´t matter which mobile device you’re on: you can now surf anonymously with our VPN service.</p>
<p>In order to support every user, we have been adding server after server and country after country. Today, as of this week, we have 57 servers in 42 locations!</p>
<p>We’re getting local, we’re getting global and most of all we look forward to seeing what the future holds.</p>
<h2>Further awesome reading:</h2>
<ul>
<li><a href="https://mullvad.net/help/why-wireguard/">Why we embrace WireGuard</a>, </li>
<li>It doesn’t matter which device you’re on, <a href="https://mullvad.net/guides/category/wireguard/">we’ve got a guide that helps you connect to WireGuard!</a></li>
</ul>
<p>For the universal right to privacy,<br />
Mullvad</p>Resolved: Stockholm Offline2019-03-08T14:14:36+00:00https://www.mullvad.net/fr/blog/2019/3/8/stockholm-offline/<h2>Update: Stockholm is now back and running.</h2>
<h2> </h2>
<h2>Our Stockholm site is currently down due to a hardware failure of the core router.</h2>
<p> </p>
<p>Our current estimate is that Stockholm will be back online next weekend (March 17) .</p>
<p>We recommend users to use our other locations in Sweden, ie Malmö, Gothenburg or Helsingborg.</p>
<p>Keep in mind if you use WireGuard and use Stockholm as a first or second server, this will affect you as well.</p>
<p>We apologize for the inconvenience.</p>Final warning: update Mullvad2019-03-05T08:33:37+00:00https://www.mullvad.net/fr/blog/2019/3/5/final-warning-update-mullvad/<p>Don't risk being unable to connect to our servers on 22 March. Update your Mullvad VPN app or configuration files!</p>
<p>We blogged about this <a class="external-link" href="https://mullvad.net/blog/2018/11/19/all-users-must-update-just-time-celebrate/" rel="nofollow">back in November</a>, but below is a recap on what you need to do.<br />
</p>
<h2>Mullvad VPN app users</h2>
<p>Simply <a class="external-link" href="https://mullvad.net/download/" rel="nofollow">download the latest app version</a> if yours is older than 2018.5.<br />
</p>
<h2>Configuration file users</h2>
<p>If you're using Mullvad on</p>
<ul>
<li>iOS</li>
<li>Android</li>
<li>Chromebook</li>
<li>a router</li>
<li>another OpenVPN client</li>
</ul>
<p>then you need to <a class="external-link" href="https://mullvad.net/download/config/" rel="nofollow">download new configuration files</a>. Any files downloaded after 19 November 2018 are fine.<br />
</p>
<h2>WireGuard users</h2>
<p>You don't need to do anything.<br />
</p>
<h2>What exactly is happening?</h2>
<p>Glad you asked. Our root certificate is expiring. It lets your computer know that the VPN server it's trying to connect to is actually one of ours instead of belonging to someone pretending to be us (flattering, but not nice).</p>
<p>When Mullvad launched in 2009, we set the original certificate to last for 10 years. Now it's time for a new one!</p>The Digital Stalker2019-03-01T06:04:27+00:00https://www.mullvad.net/fr/blog/2019/3/1/digital-stalker/<p>Have you ever been to a clothing store and walked away without buying even a pair of socks? Then on the way home the manager of that same store chases you down the street?<br />
No? On the web that happens every day and one of these digital stalkers is Facebook Pixel.</p>
<p>Imagine yourself on the couch searching for a trip to New Zealand. Or better yet, searching for a VPN service that is in line with your values and needs. Later, you’re scrolling down Facebook Avenue and those same websites you just visited minutes ago (and left for a reason) are everywhere. They pop up right in front of your eyes, in your feed, prompting you to go back and purchase. For some, this may be convenient, but for others (like us), it’s an invasion of our personal space. Come on, we left for a reason.</p>
<h2>What about privacy?</h2>
<p>Facebook builds a huge knowledge base on every user who visits a site that has Facebook Pixel installed. You’d be amazed at how granular these target ads can be. Facebook also tracks every page that has a Facebook Pixel and therefore can see the user’s browsing pattern between sites, as well as the order in which they do things. Privacy is limited; basically everything we do online is seen by someone, especially Facebook. Who do we blame? This tracking technology and the information it collects is actually Facebook’s primary business model. This is how they make money.</p>
<h2>How am I tracked?</h2>
<p>If you’re logged into your Facebook account and visit any sites that have Facebook Pixel installed, it’s easy for Facebook to track you. Even if you aren’t logged in, they can still collect information from cookies and your IP address, and most likely connect it to your profile.</p>
<h2>One very important note</h2>
<p>We do NOT have Facebook Pixel or any other tracking technology on our web page. We never will! In order to fulfill our mission (making mass surveillance and internet censorship ineffective), we use Facebook only to communicate with you and warn you.</p>
<p>Read more about <a href="https://mullvad.net/guides/facebook-pixel-privacy-invasive-tracking-technique/">Facebook pixel: the privacy-invasive tracking technique</a></p>
<p>Want to change online habits? <br />
<a href="https://mullvad.net/guides/first-steps-towards-online-privacy/">Here’s a quick and easy guide.</a></p>
<p>For the universal right to privacy,<br />
Mullvad</p>Our public DNS is changing2019-02-20T15:34:20+00:00https://www.mullvad.net/fr/blog/2019/2/20/our-public-dns-changing/<p>If you are using our public DNS, please change your configurations to use its new IP: 193.138.218.74</p>
<p>The old IP (193.138.219.228) will stop working on 20 March 2019, so make sure you update your configuration before then.<br />
</p>
<h2>Am I affected?</h2>
<p>Only those who have manually configured this somewhere, or are using our Wireguard configurations, will need to change it.</p>
<p>If you're using our app or OpenVPN configuration files, you don't need to do anything.</p>WireGuard just got easier for macOS2019-02-20T08:14:46+00:00https://www.mullvad.net/fr/blog/2019/2/20/wireguard-just-got-easier-macos/<p>Don't you love it when someone tells you, "There's an app for that!"? Well, you macOS users who've been dying to try WireGuard, you know what we're about to say...</p>
<p>Thanks to the new WireGuard app released by the team that developed the protocol, it just got much easier to connect to Mullvad's dedicated WireGuard servers.<br />
<img alt="Mullvad VPN blog - WireGuard on macOS" src="/media/uploads/2019/02/20/mullvad-header-wireguard-on-macos.jpg" /></p>
<h2>How do I get Mullvad VPN with WireGuard?</h2>
<p>We've got a <a class="external-link" href="https://mullvad.net/guides/wireguard-macos-app/" rel="nofollow">macOS guide</a> to walk you through the steps!</p>
<p>So what are you waiting for? Go give it a try!<br />
</p>
<h2>P.S.</h2>
<p>Did you also know you that the WireGuard app also works <a class="external-link" href="https://mullvad.net/guides/wireguard-ios/" rel="nofollow">for iOS (iPhone)</a>? For you cross-platform users, it's also available <a class="external-link" href="https://mullvad.net/guides/wireguard-android/" rel="nofollow">for Android</a>!</p>One price to rule them all2019-02-14T16:01:21+00:00https://www.mullvad.net/fr/blog/2019/2/14/one-price-rule-them-all/<p>Our VPN service costs €5/month. No holiday sales, no locked-in year-long subscriptions, no "free" plan. And these are just a few of the benefits!</p>
<p>That's right, these are actually <strong>positive</strong> aspects of our transparent and flexible price model. <a class="external-link" href="https://mullvad.net/guides/pricing-discounts/" rel="nofollow">Let us convince you</a>.</p>The meaning of (mobile device) life2019-02-14T06:42:40+00:00https://www.mullvad.net/fr/blog/2019/2/14/meaning-mobile-device-life/<p style="text-align:left">It helps to protect your phone from surveillance without draining your battery, connects and disconnects instantly and is really fast. Of course, we’re talking about WireGuard.</p>
<video width="100%" controls>
<source src="https://mullvad.net/media/files/WireGuard_on_iOS-MullvadVPN.mp4" type="video/mp4">Your browser does not support the video tag.
</video>
<p style="text-align:left">WireGuard, developed by Jason A. Donenfeld is a secure, fast, simple but most of all, non-battery-draining VPN tunnel for both <u><a href="https://mullvad.net/en/guides/wireguard-android/" style="color:#0000ff">Androids</a></u> and <u><a href="https://mullvad.net/en/guides/wireguard-ios/" style="color:#0000ff">iPhones</a></u>. And the best part is that you can use Mullvad VPN with WireGuard.</p>
<p style="text-align:left"><strong>How come we love it?</strong><br />
Mostly because the code is super small – less than 4,000 lines – which is really good for the battery. Jason A. Donenfeld and the WireGuard team aim to keep it really nice and clean. Or as he said in this <u><a href="https://www.youtube.com/watch?v=QD2rdyWMZ3M" style="color:#0000ff">review (1:18 in): </a></u></p>
<p style="text-align:left">“Anybody can read it in an afternoon.”</p>
<p style="text-align:left">No secret tricks. The code is readable. So pour up a cup of coffee and read it <u><a href="https://git.zx2c4.com/WireGuard/" style="color:#0000ff">here</a></u>!</p>
<p style="text-align:left"><strong>Can I get Mullvad VPN with WireGuard globally?</strong><br />
Yes siree, Bob! Install the app, follow the instructions and get going!</p>
<ul>
<li>
<p style="text-align:left"><u><a href="https://mullvad.net/guides/wireguard-ios/" style="color:#0000ff" target="_blank">Try Mullvad on your iOS (iPhone</a></u>) </p>
</li>
<li>
<p style="text-align:left"><u><a href="https://mullvad.net/guides/wireguard-android/" style="color:#0000ff" target="_blank">Try Mullvad on Android phone</a></u></p>
</li>
<li>
<p style="text-align:left"><u><a href="https://mullvad.net/guides/category/wireguard/" style="color:#0000ff" target="_blank">On other devices</a></u></p>
</li>
</ul>
<p style="text-align:left">By the way: This is not facts and figures: it is our own opinion, any objections? Comment on our Facebook or Twitter page.</p>Resolved: Problems with Bitcoin/BCH payments2019-02-10T17:24:29+00:00https://www.mullvad.net/fr/blog/2019/2/10/problems-bitcoinbch-payments/<p>Resolved: We're currently having issues with Bitcoin and Bitcoin Cash payments not getting credited and working to get it fixed</p>Backend Developer to Mullvad VPN - Gothenburg2019-02-06T16:14:08+00:00https://www.mullvad.net/fr/blog/2019/2/6/backend-developer-mullvad-vpn-gothenburg/<p>Backend Developer to Mullvad VPN - Gothenburg</p>
<p>Read more and apply (External link to OddWork.se): <a href="https://www.oddwork.se/jobb/backend-developer-to-mullvad-vpn-gothenburg/">https://www.oddwork.se/jobb/backend-developer-to-mullvad-vpn-gothenburg/</a></p>Critical: Linux users at risk2019-02-01T10:28:03+00:00https://www.mullvad.net/fr/blog/2019/2/1/critical-linux-users-risk/<p>We strongly urge all Linux users to <a href="https://mullvad.net/download">install the latest Mullvad VPN app version</a> and upgrade their Linux kernel to at least version 4.8.0 to ensure a working kill switch.</p>
<p>Linux kernels 4.4.0 and older do not support certain firewalls, which means that the Mullvad VPN app kill switch doesn't work for those kernels.<br />
</p>
<h2>What do I do? Step-by-step guide</h2>
<ol>
<li>First, <a href="https://mullvad.net/download">install the newest Mullvad VPN app version</a>.</li>
<li>Run the app. If you have an unsupported Linux kernel, you will see an error message in the app.<br />
<img alt="Mullvad VPN app showing a red error message" src="/media/uploads/2019/02/01/linux-firewall-error.png" style="height:287px; width:318px" /></li>
<li>If you see the error message, upgrade your kernel to 4.8.0 or newer.</li>
<li>Reboot your computer and run the app. You should no longer see the warning message.</li>
</ol>
<p><strong>How do I upgrade my kernel?</strong><br />
If you're running Ubuntu 16.04, open a terminal and run this command:</p>
<p><code>sudo apt-get install linux-generic-hwe-16.04</code></p>
<h2><br />
More details</h2>
<p>We only support app versions 2019.1 and newer. Therefore, we urge you to never downgrade to older versions.</p>
<p>Distributions that we have tested:</p>
<ul>
<li>Ubuntu 14.04 and derivatives – you are affected</li>
<li>Ubuntu 16.04 and derivatives – you may be affected</li>
<li>Ubuntu 18.04, Debian 9+, Fedora 29+ – you are not affected.</li>
</ul>
<p>Regardless of whichever distribution you have, follow the step-by-step guide above.</p>
<p>We have no plans of implementing workarounds for the affected kernel versions.</p>
<p>Windows and macOS users are not affected by this issue in any way, but we always encourage all users to <a href="https://mullvad.net/download">upgrade to the latest app</a>.</p>Our reason for being2019-02-01T08:16:03+00:00https://www.mullvad.net/fr/blog/2019/2/1/our-reason-being/<p>As our habits change and our lives are shared online, the necessity to seriously consider all aspects of online privacy increases.</p>
<p>This is because most of our online searches, posts, shares, tweets, and pics are not only seen by others but can potentially also be used against us.<br />
</p>
<h2>There ain’t no such thing as a free lunch</h2>
<p>Search engines and social media sell our personal information to private corporations every day. And at the same time, companies and governments are methodically gathering more and more knowledge about us. We believe that this can be dangerous since certain opinions and actions which are socially accepted today may become frowned upon or even illegal in the future.</p>
<p>The ability to control and manage our individual privacy has become crucially dependent upon security. Without security, you have no guarantee that your information will remain private. That’s why we exist.<br />
</p>
<h2>For the universal right: privacy</h2>
<p>Privacy is fundamental to a well-functioning society, because it allows norms, ethics, and laws to be safely discussed and challenged. Its absence leads to a repressed and withering public discourse, which only serves the malevolent. A free and open society, therefore, cannot flourish and develop nor exist without privacy. That is why privacy is paramount, and why we strive to make internet censorship and mass surveillance ineffective.</p>
<p>For the universal right to privacy,<br />
Mullvad</p>Update your app – new stable version (2019.1)2019-01-30T09:33:43+00:00https://www.mullvad.net/fr/blog/2019/1/30/update-your-app-new-stable-version-20191/<p>Upgrade now to the newest version of the Mullvad VPN app!</p>
<p><a href="https://www.mullvad.net/download" rel="nofollow">Download now</a> version 2019.1 for Windows, macOS, and Linux users. If you need help with installation and usage, we've got <a class="external-link" href="https://mullvad.net/guides/category/mullvad-app/" rel="nofollow">guides</a> for that!</p>
<p>Unable to access our website? Visit <a class="external-link" href="http://xcln5hkbriyklr6n.onion/" rel="nofollow">our onion address on Tor</a> or check out <a class="external-link" href="https://github.com/mullvad/mullvadvpn-app/releases/tag/2019.1" rel="nofollow">our GitHub page</a> which also hosts the app's download file.<br />
</p>
<h2>What's new in this version</h2>
<p>We reworked a couple of the options under Preferences:</p>
<ul>
<li><strong>Launch app on start-up</strong> does just as it describes.</li>
<li><strong>Auto-connect</strong> prompts the app to automatically connect to a server when it launches.</li>
</ul>
<p><img alt="The Preferences window in the Mullvad VPN app" src="/media/uploads/2019/01/30/mullvad-vpn-app-preferences.png" style="height:353px; width:200px" /></p>
<p><strong>Block when disconnected</strong> is a new option under Advanced settings. Enabling this activates an extra kill switch that blocks all network traffic outside the tunnel, even when you yourself have disconnected from Mullvad.<br />
<img alt="The advanced settings window in the Mullvad VPN app." src="/media/uploads/2019/01/30/mullvad-vpn-appblock-when-disconnect.png" style="height:355px; width:200px" /></p>
<p>We've improved the confirmation dialog box that appears when submitting a bug report without specifying an email address.<br />
<img alt="A dialog box that has popped up in front of the Report a problem screen in the Mullvad VPN app." src="/media/uploads/2019/01/30/mullvad-vpn-app-problem-report-confirm-sending.png" style="height:355px; width:200px" /></p>
<p>Unaware that you're <strong>low on account credit?</strong> You'll be notified in the connection screen three days beforehand.</p>
<p>Private IPs from <strong>169.254.0.0 to 169.254.255.255</strong> are now allowed when Local network sharing is enabled.</p>
<p>macOS users, <strong>Monochromatic tray icon</strong> under Preferences allows for a grayscale tray icon instead of a colored one.</p>
<p>Linux users, <strong>Start minimized</strong> under Preferences allows you to choose if you only want to show the tray icon when the app starts.<br />
</p>
<h2>A few bug fixes</h2>
<p>First, a big one for <strong>Windows</strong>. Some users were stuck with the app unsuccessfully trying to connect, the reason being that the app couldn't detect a working TAP adapter on the computer. If this is the case now, you'll be notified in the app, asking you either to re-enable your existing TAP adapter or to reinstall the app.</p>
<p>And a few other general fixes:</p>
<ul>
<li>Users who were stuck in the log-in screen after backing out of Settings should no longer experience this.</li>
<li>The list of server locations now updates every hour, even if your computer has been in sleep mode.</li>
<li>The pop-up system notifications now automatically disappear after four seconds on all platforms.</li>
<li>If you change account numbers in the CLI, the app will reflect this change.</li>
<li>(Linux) Fewer people should experience start-up related DNS issues. We also fixed a bug related to app upgrades in the .deb installer.<br />
</li>
</ul>
<h2>Linux security fix</h2>
<p>As recently explained on our blog, we're <a class="external-link" href="https://mullvad.net/blog/2019/1/25/mullvad-app-drops-support-ubuntu-1404/" rel="nofollow">dropping app support for Ubuntu 14.04.</a> This is due to improperly working firewall rules, an issue that exists on all Linux kernels older than 4.8.0.</p>
<p>If you're affected, a warning will display in the app's connection screen.</p>
<p>We strongly encourage Linux users to upgrade their kernels AND to install the latest Mullvad app version.</p>Sending cash? Use our new address2019-01-29T14:31:38+00:00https://www.mullvad.net/fr/blog/2019/1/29/sending-cash-use-our-new-address/<p>Updated: 2023-SEP-28 to use Mullvad VPN as recipient.<br />
<br />
Do you pay in cash for your Mullvad VPN subscription, or like to send us fan mail? Send it to our new address!</p>
<p>Our new postal address is effective immediately.</p>
<p>Mullvad VPN<br />
Box 53049<br />
400 14 Gothenburg<br />
Sweden</p>
<p>Don't worry if you've recently sent a payment to the old address. We still have access to it for a couple of months.</p>
<p>An even bigger change is that we're moving our offices to a place that's entirely our own, complete with freshly painted walls and furniture that match our logo! Adult points for us!</p>There’s a day for everything2019-01-25T10:11:54+00:00https://www.mullvad.net/fr/blog/2019/1/25/theres-day-everything/<p>Nowadays, there's a day for everything, from Ice Cream for Breakfast Day (2nd Feb.) to International Talk Like a Pirate Day (19th Sept.).</p>
<p>We know that it´s overwhelming, but then again: deep down, don’t we all love it? An excuse to eat popcorn in the middle of the week, International Popcorn Day, or the benefit and the freedom on Eat What You Want Day (you’ll have to wait until May). In all this madness, there actually is one day for us privacy ninjas, us that live and breathe for the sake of online freedom.</p>
<h2><img alt="" src="/media/uploads/2019/01/25/dataprivacydayfinal.jpeg" style="height:302px; width:576px" /></h2>
<h2>Data Privacy Day</h2>
<p>On this beautiful and important day, 28th January, we celebrate the universal right to privacy. And our gift to you and ourselves is the possibility to <a href="https://mullvad.net/guides/category/privacy/">read all day long how easy it is to improve protection</a> and, more freely, explore the web.</p>
<p>Instead of an Instagram post, where we express our excitement with balloons and glitter, we toast to the fact that on this day in 1981, the Council of Europe's Convention signed for the Protection of Individuals with regard to Automatic Processing of Personal Data.</p>
<h2>We know, big right?</h2>
<p>Even if you missed this wonderful day (HELLO! Lesson learned: put it in your calendar, now!), let us all celebrate this day by spreading the fact that privacy is fundamental to a well-functioning society. That this universal right is ours to protect and praise. That’s what many companies and governments have been doing on this day since 2007. And we have been putting our soul into this since the birth of Mullvad back in 2009. Our promise on this lovely day: we won’t stop until mass surveillance and internet censorship are as dead as the dinosaurs.</p>
<p>Ready to become a privacy ninja?<br />
Start with: <a href="https://mullvad.net/blog/2016/12/5/privacy-universal-right/">Privacy is a universal right</a></p>
<p> </p>Mullvad App drops support for Ubuntu 14.042019-01-25T09:21:42+00:00https://www.mullvad.net/fr/blog/2019/1/25/mullvad-app-drops-support-ubuntu-1404/<p>Mullvad App drops support for Ubuntu 14.04 and all Linux distributions based on Ubuntu 14.04.</p>
<p>Our integration with the Nftables firewall does not work correctly under Ubuntu 14.04. Therefore the Mullvad App firewall rules, including the kill-switch are not working. This means all traffic goes through the tunnel as normal when you are connected. But during connection setup and other states where the kill-switch would have been active, the computer might leak network traffic. This is true for all version of the app older than 2019.1. From Mullvad VPN app version 2019.1 (soon to be released) and newer the app will properly show the user that it failed to set up the firewall.</p>
<p>Another reason is that Canonical will stop the support of Ubuntu 14.04 March 2019 and given the short life span left we have decided to cut the support and focus on remaining operating systems that will be supported for years to come.</p>
<p><br />
We strongly recommend users to upgrade to Ubuntu 16.04 or newer.</p>Job: Front-end Developer to Mullvad - Gothenburg2019-01-24T12:22:04+00:00https://www.mullvad.net/fr/blog/2019/1/24/job-front-end-developer-mullvad-gothenburg/<p>Job: Front-end Developer to Mullvad - Gothenburg</p>
<p>Read more and apply (External link to OddWork.se): <a href="https://www.oddwork.se/jobb/front-end-developer-to-mullvad-vpn-gothenburg/">https://www.oddwork.se/jobb/front-end-developer-to-mullvad-vpn-gothenburg/</a></p>50 WireGuard servers in 24 countries!2019-01-17T16:32:41+00:00https://www.mullvad.net/fr/blog/2019/1/17/50-wireguard-servers-24-countries/<p>Now we have WireGuard servers in: Australia, Austria, Belgium, Brazil, Bulgaria,Canada, Czech Republic, Denmark, Finland, France, Germany, Hong Kong, Italy, Japan, Netherlands, Norway, Poland, Romania, Singapore, Spain, Sweden, Switzerland, UK, and US</p>
<p>Read more: <a href="https://mullvad.net/guides/category/wireguard/">https://mullvad.net/guides/category/wireguard/</a></p>Upgrade your OpenVPN client2019-01-15T12:25:41+00:00https://www.mullvad.net/fr/blog/2019/1/15/upgrade-your-openvpn-client/<p>From 22 March 2019, all Mullvad app versions older than 2018.5 will not be able to connect to our servers.</p>
<p>If you are one of the few still using our deprecated, unsupported client, it's time for you to <a href="https://mullvad.net/download">upgrade to the new app</a>.</p>
<p>(Note: the new app is only available for 64-bit operating systems; if you have a 32-bit operating system, you will need to use <a href="https://mullvad.net/guides/category/mullvad-other-vpn-software/">another OpenVPN client instead</a>.)</p>
<p>If you use Mullvad on iOS, Android, Chromebook, a router, or with another OpenVPN client, you need to <a href="https://mullvad.net/download/config/">download new configuration files</a>. Any files downloaded after 19 November 2018 are fine.</p>
<p>If you're using WireGuard, then you don't need to do anything.</p>
<p><a href="https://mullvad.net/blog/2018/11/19/all-users-must-update-just-time-celebrate/">Read more</a></p>WireGuard for iOS2018-12-20T17:19:18+00:00https://www.mullvad.net/fr/blog/2018/12/20/wireguard-ios/<p>WireGuard for iOS - now in the App Store.</p>
<p>Works with Mullvad VPN!</p>
<p><a href="https://mullvad.net/guides/wireguard-ios/">Read our guide!</a></p>
<p> </p>Final glance at the year of the app2018-12-19T15:25:53+00:00https://www.mullvad.net/fr/blog/2018/12/19/final-glance-year-app/<p>While not yet over, 2018 has been a year for the books for us. Join us in a quick, nostalgic stroll back through the past 12 months and the highlights that made us extra misty-eyed.<br />
</p>
<h2>The launch of our new app</h2>
<p>Easily taking the cake (and we like cake) for our biggest achievement was the much-anticipated revamp of our Mullvad VPN app, hooray! We are over the moon to be offering a much better user experience to our macOS, Windows, and Linux customers.</p>
<p><img alt="" src="/media/uploads/2017/10/12/mullvad-vpn-app-screenshot-macos.jpg" style="height:400px; width:600px" /></p>
<p>A second set of eyes is always valuable, so we even subjected the app to an <a href="https://mullvad.net/blog/2018/9/24/read-results-security-audit-mullvad-app/">independent security audit</a>.<br />
</p>
<h2>Brand new online tools to help you</h2>
<p>Who doesn't love a good shortcut or time saver? That's why we implemented a few right on our website:</p>
<ul>
<li>We launched our <a href="https://am.i.mullvad.net/torrent">online torrent check</a> that allows you to test if your torrent client is leaking.</li>
<li>And our <a href="https://am.i.mullvad.net/portcheck">online port check</a> helps you ensure that your forwarded ports with Mullvad are working.</li>
<li>To simplify life for WireGuard users, we created a <a href="https://mullvad.net/download/wireguard-config/">configuration file generator.</a></li>
</ul>
<p><img alt="screenshots from Mullvad's website" src="/media/uploads/2018/12/19/mullvad-online-tools.png" style="height:316px; width:600px" /><br />
</p>
<h2>Expansions and upgrades</h2>
<ul>
<li>We started <a href="https://mullvad.net/blog/2018/2/13/bitcoin-cash-now-accepted/">accepting Bitcoin Cash</a>.</li>
<li>We <a href="https://mullvad.net/blog/2018/6/8/delivering-faster-speeds-malmo/">upgraded server connectivity</a> in parts of Sweden, Amsterdam, and Frankfurt.</li>
<li>We renewed our <a href="https://mullvad.net/blog/2018/11/19/all-users-must-update-just-time-celebrate/">root certificate</a>.</li>
<li>We transitioned from renting to fully owning all of our servers in <a href="https://mullvad.net/blog/2018/5/28/level-helsinki/">Finland</a> and our hometown of <a href="https://mullvad.net/blog/2018/5/25/gothenburg-goes-live/">Gothenburg</a>.</li>
<li>End-of-year bonus: as of recently, we now own a number of our Frankfurt-based servers (designated by a number that begin with zero, for example "de-fra-014").<br />
</li>
</ul>
<h2>Privacy measures</h2>
<p>We're always looking for ways to help you improve your online privacy. Here are a few from 2018:</p>
<ul>
<li>Need a New Year's resolution? We published a guide on how to <a href="https://mullvad.net/guides/create-better-passwords/">create better passwords</a>. It's never too late to start!</li>
<li>We launched our very own <a href="https://mullvad.net/blog/2018/11/29/mullvad-onions-served-best-anonymity/">onion service</a> on the Tor network.</li>
<li>We reduced the amount of time information on our web servers is stored, <a href="https://mullvad.net/blog/2018/10/18/less-more-web-servers-wiped-sooner/">from 24 hours to one</a>.</li>
</ul>
<p><img alt="illustration of a green laptop with a pixelated screen" src="/media/uploads/2018/12/19/laptop-encrypted.jpg" style="height:380px; width:600px" /><br />
</p>
<h2>Involvement in the greater community</h2>
<p>In addition to attending a variety of conferences on privacy, security, and technology, we proudly sponsored <a href="https://mullvad.net/blog/2018/4/6/mullvad-sponsors-security-fest/">Security Fest.</a></p>
<p>And we collaborated on an important <a href="https://mullvad.net/blog/2018/10/17/signals-trustworthy-vpns/">initiative to increase trustworthy behavior in VPN providers</a>.<br />
</p>
<h2>The final count</h2>
<p>Last but not least, numbers!</p>
<ul>
<li>We welcomed four new and talented members to our team, three developers and one in support.</li>
<li>Up from 27 last year, you can now connect to Mullvad servers in 36 countries around the world.</li>
<li>Our number of VPN servers jumped from 162 to 281. And WireGuard servers are now up to 49.</li>
<li>Our website now speaks Japanese and Italian for a total of 13 languages.<br />
</li>
</ul>
<h2>We don't know you, but you're still appreciated!</h2>
<p>And last but certainly not least, thanks to our customers and your feedback, wherever in the world you may be (don't tell us!). We're grateful for yet another positive year and are already looking forward to sharing what we've got in store for 2019. See you on the flip side!</p>Update your app – new stable version (2018.6)2018-12-12T13:22:21+00:00https://www.mullvad.net/fr/blog/2018/12/12/update-your-app-new-stable-version-20186/<p>Upgrade now to the newest version of the Mullvad VPN app!</p>
<p><a href="https://mullvad.net/download" rel="nofollow">Download now</a> version 2018.6 for Windows, macOS, and Linux users. If you need help with installation and usage, we've got <a class="external-link" href="https://mullvad.net/guides/category/mullvad-app/" rel="nofollow">guides</a> for that!</p>
<p>Unable to access our website? Visit <a class="external-link" href="http://xcln5hkbriyklr6n.onion/" rel="nofollow">our onion address on Tor</a> or check out <a class="external-link" href="https://github.com/mullvad/mullvadvpn-app/releases/tag/2018.6" rel="nofollow" target="_blank">our GitHub page</a> which also hosts the app's download file.<br />
</p>
<h2>What's new in this version</h2>
<ul>
<li>CLI users can now use the command <kbd>block-when-disconnected</kbd> to activate an <strong>extra kill switch</strong> that blocks all network traffic, even when you yourself have disconnected from Mullvad.</li>
<li>We continue to <strong>improve error messages</strong> that provide more specific details about the issue at hand.</li>
<li>The pop-up system notifications disappear when you open the app, instead of covering it.</li>
<li>(Windows) The <strong>padlock icon</strong> in the taskbar is now <strong>visible</strong> instead of hidden.<br />
</li>
</ul>
<h2>A few bug fixes</h2>
<p>In the connection screen, click on <strong>"connection details"</strong> (previously "MORE") and you should now always see both your IP and exit IP.</p>
<p><strong>Windows users</strong>, we've hopefully decreased a number of headaches for you:</p>
<ul>
<li>Various antivirus software will now complain a bit less about the app's installation.</li>
<li>The VPN connection will be restored more quickly after the computer has been in sleep mode.</li>
<li>When you are successfully connected to Mullvad, the network connection tray icon should no longer show a warning triangle signaling that you have no internet (even though you do).</li>
<li>We got rid of the WMI error in the installer.</li>
<li>If your internet broke after disconnecting from Mullvad: the disconnecting process may now take a bit longer but your internet will remain intact afterward.</li>
</ul>
<p>And for <strong>macOS</strong>, the app now detects when your internet isn't working, shows an error message, and stops attempting to make a VPN connection until your computer is back online.</p>Mullvad onions – served best with anonymity2018-11-29T11:04:24+00:00https://www.mullvad.net/fr/blog/2018/11/29/mullvad-onions-served-best-anonymity/<p>We are proud to announce the launch of our very own onion service on the Tor network!<br />
</p>
<h2>Mullvad's onion address</h2>
<p>Here it is! <a class="external-link" href="http://xcln5hkbriyklr6n.onion/" rel="nofollow" target="_blank">http://xcln5hkbriyklr6n.onion/</a><br />
<img alt="yellow onions with skins on" src="/media/uploads/2018/11/29/onions.jpg" style="height:267px; width:400px" /></p>
<h2>What is an onion address?</h2>
<p>It's the address for a website that can only be accessed if you are using the Tor browser. The browser secures user traffic with three layers of encryption and makes use of the Tor network, allowing the user to surf the Internet anonymously.</p>
<p>On the Tor Project's website you can <a class="external-link" href="https://www.torproject.org/projects/torbrowser.html" rel="nofollow" target="_blank">download the Tor browser</a>, get an overview of <a class="external-link" href="https://www.torproject.org/about/overview.html" rel="nofollow" target="_blank">how Tor works</a>, or learn more about <a class="external-link" href="https://www.torproject.org/docs/onion-services" rel="nofollow" target="_blank">onion services</a>.</p>
<p><a href="https://www.torproject.org/projects/torbrowser.html" target="_blank"><img alt="Tor browser logo" src="/media/uploads/2018/11/29/tor-browser.png" style="border-style:solid; border-width:0px; height:67px; margin:15px; width:330px" /></a></p>
<p><small>Logo: <a href="https://www.torproject.org/" target="_blank">Tor Project</a>, made available through <a href="https://creativecommons.org/licenses/by/3.0/" target="_blank">CC BY 3.0</a></small><br />
</p>
<h2>Why do we have one?</h2>
<p>So that people under extreme censorship can reach mullvad.net to download our software and make use of our services. This also means greater privacy and anonymity for current Tor users.</p>
<p>Go on, have a bite!</p>All users must update – just in time to celebrate2018-11-19T12:42:40+00:00https://www.mullvad.net/fr/blog/2018/11/19/all-users-must-update-just-time-celebrate/<p>Help us celebrate our upcoming 10th birthday (yay!) – and ensure that your VPN connection continues working – by making sure your version of Mullvad is up to date.</p>
<p>From 22 March 2019, only app versions 2018.5 and later will be supported. All others will be unable to connect to our servers.<br />
</p>
<h2>What you need to do</h2>
<p>Unless you are using WireGuard, you must upgrade.</p>
<p><strong>I use the Mullvad VPN app on Windows, macOS, or Linux</strong><br />
Very simply, <a href="https://mullvad.net/download">download the app</a> if you have a version older than 2018.5.<br />
<img alt="Make sure you have version 2018.5 or later of the Mullvad VPN app." src="/media/uploads/2018/11/21/mullvad-app-2018-5.jpg" style="height:444px; width:250px" /></p>
<p>If you are one of the few still using our deprecated, unsupported client, it's time for you to upgrade to the app.</p>
<p>(Note: the new app is only available for 64-bit operating systems; if you have a 32-bit operating system, you will need to use <a href="https://mullvad.net/guides/category/mullvad-other-vpn-software/">another OpenVPN client instead</a>.)<br />
</p>
<p><strong>I use Mullvad's configuration files</strong><br />
If you use Mullvad on iOS, Android, or Chromebook, on a router, or with another OpenVPN client, you need to <a href="https://mullvad.net/download/config/">download new configuration files.</a> Any files downloaded after 19 November 2018 are fine.<br />
</p>
<p><strong>I use WireGuard</strong><br />
You don't need to do anything.<br />
</p>
<h2>What's the update about?</h2>
<p>Well, our current root certificate is expiring and needs to be replaced. The certificate lets your computer know that the VPN server it's trying to connect to is actually one of ours and not belonging to someone pretending to be us (flattering, but not nice).</p>
<p>When Mullvad launched in 2009, we set the certificate to last for 10 years. And now it's time for a new one!</p>
<p>As long as you update in time, you should be all set. Just take our advice and do it now rather than later. Doing so would make for a festive birthday!</p>Update your app – new stable version (2018.5)2018-11-15T12:59:38+00:00https://www.mullvad.net/fr/blog/2018/11/15/update-your-app-new-stable-version-20185/<p>Upgrade now to the newest version of the Mullvad VPN app!</p>
<p>Version 2018.5 is now <a href="https://mullvad.net/download" rel="nofollow">available for download</a>, for Windows, macOS, and Linux users. If you need help with installation and usage, we've got <a class="external-link" href="https://mullvad.net/guides/category/mullvad-app/" rel="nofollow">guides</a> for that!</p>
<p>For those unable to access our website, <a class="external-link" href="https://github.com/mullvad/mullvadvpn-app/releases/tag/2018.5" rel="nofollow">GitHub</a> also hosts the app's download file.<br />
</p>
<h2>What's new in this version</h2>
<ul>
<li>A <strong>warning message</strong> in the connection screen will now notify you if you aren't running the latest version. The message will also pop up as a system notification on your desktop.</li>
<li>In the connection screen, <strong>click on "MORE"</strong> to have a look at your IP and the exit IP.</li>
<li>We now <strong>allow DHCPv6</strong> in the firewall.</li>
<li><strong>Bridges and proxies</strong> are now possible to configure via the CLI (<a class="external-link" href="https://mullvad.net/guides/bridges-and-proxies-mullvad-cli/" rel="nofollow">see our guide</a>).</li>
<li>This is the first version to come bundled with our <strong>new root certificate</strong>. When our current certificate expires in March, all app versions older than this one will stop working.<br />
</li>
</ul>
<h2>A few bug fixes</h2>
<p>Overall, <strong>DNS now works much better</strong> thanks to a number of fixes:</p>
<ul>
<li>Sending a problem report should no longer be blocked by DNS issues.</li>
<li>(macOS) We fixed a bug in DNS management that previously messed up advanced users' settings.</li>
<li>(Linux) We improved DNS management detection.</li>
<li>(Linux) We fixed a security hole that, if you had local network sharing turned on, potentially leaked DNS requests to your local network (i.e. not to the Internet).</li>
</ul>
<p>In addition:</p>
<ul>
<li>Problems with reconnection attempts have been fixed.</li>
<li>(Windows 7) The installer no longer crashes at the end.</li>
<li>(Linux) We fixed a bug from the previous version in which the app's user interface didn't start.</li>
<li>(Fedora) The app will now update without needing a computer restart.</li>
</ul>Ascii codec errors2018-11-06T19:25:29+00:00https://www.mullvad.net/fr/blog/2018/11/6/ascii-codec-errors/<p>If you are getting ascii codec errors when using the mullvad client, then please first uninstall the Mullvad client and then<br />
install our new Mullvad VPN app (64bit OS only).<br />
<br />
<a class="external-link" href="https://mullvad.net/download/" rel="nofollow">Download the app</a> now. If you need help with installation and usage, we've got <a class="external-link" href="https://mullvad.net/guides/category/mullvad-app/" rel="nofollow">guides</a> for that!</p>
<p>For those unable to access our website, <a class="external-link" href="https://github.com/mullvad/mullvadvpn-app/releases/tag/2018.4" rel="nofollow">GitHub</a> also hosts the app's download file.</p>
<p><strong>Linux users:</strong> If you have the old, deprecated Mullvad client installed, please uninstall it before installing the new app, otherwise it will fail to install.</p>Scheduled maintenance 2018-11-052018-10-30T12:09:14+00:00https://www.mullvad.net/fr/blog/2018/10/30/scheduled-maintenance-2018-11-05/<p>On Monday, maintenance is planned for parts of our infrastructure. This may cause temporary disruption of the service during the day.</p>
<p>During the maintenance the following things might not work:</p>
<ul>
<li>The account page on our website, including account creation, making new payments and managing ports.</li>
<li>Port forwarding. It will however work if you've logged on before the maintenance.</li>
<li>Information about time left and forwarded ports in the client / App and on the website.</li>
<li>Downloading OpenVPN and WireGuard configuration files.</li>
<li>Payment processing. Any payments made during this time will be processed once the maintenance is done.</li>
</ul>Scheduled maintenance 2018-10-292018-10-25T08:43:16+00:00https://www.mullvad.net/fr/blog/2018/10/25/scheduled-maintenance-2018-10-29/<p>On Monday, maintenance is planned for our website. This may cause temporary disruption of the service during the day.</p>
<p>During this time, your Mullvad connection will continue to work as normal, but you may be unable to access the website to manage your account or make payments.</p>Improved connectivity within Sweden2018-10-25T08:12:13+00:00https://www.mullvad.net/fr/blog/2018/10/25/improved-connectivity-within-sweden/<p>Our hosting provider in Sweden has upgraded their network and made the following changes:</p>
<ul>
<li>Connected to Netnod in Stockholm with 10GbE</li>
<li>Upgraded Netnod Comix to 10GbE</li>
<li>Upgraded STHIX to 10GbE</li>
<li>Added a 10GbE connection between Stockholm and Gothenburg.</li>
</ul>Less is more – web servers wiped sooner2018-10-18T15:12:22+00:00https://www.mullvad.net/fr/blog/2018/10/18/less-more-web-servers-wiped-sooner/<p>We've reduced the length of time that information on our web servers is stored before deleting – from 24 hours to just one.</p>
<p>The one hour in question allows us to protect the operations of our web servers. Reducing the amount is part of our constant efforts toward having as little data about anything that we possibly can. </p>
<p>Our privacy policy has been updated to reflect this change. The corresponding sentence, which can be found under the section <a href="https://mullvad.net/guides/no-logging-data-policy/#data-handling">Data that we do handle</a>, now reads, "Information older than 1 hour is deleted, and only aggregated information about the number of hits and visitors to our website is saved."</p>Signals of trustworthy VPNs – a multilateral initiative2018-10-17T11:10:33+00:00https://www.mullvad.net/fr/blog/2018/10/17/signals-trustworthy-vpns/<p>What makes a VPN provider trustworthy, and how do you know?</p>
<p>Users reasonably expect their VPN provider to be honest with them and that the VPN provider is, in turn, worthy of its users' trust. The user has to trust that any personal information is not misused, that their web browsing habits won’t be abused, and that their data is not unexpectedly handed to external parties.</p>
<p>In short, VPN providers are in a great position of power over their users. To that end, users deserve more honest behavior and transparency from their VPNs.</p>
<p>Working together with the <a href="https://cdt.org/">Center for Democracy & Technology</a> (CDT) – a non-profit organization working to strengthen online civil liberties and human rights – and a few other VPN providers, we have developed a list of questions that we believe a trustworthy VPN service should be able to answer truthfully and thoroughly. These questions address issues around VPNs’ corporate accountability and business models, privacy practices, and security protocols and protections.</p>
<p>A trustworthy provider is characterized by consistent actions that show transparency, honesty, and conscientiousness. The purpose of these questions is to increase trustworthy behavior in VPN providers and to help consumers recognize such behavior in order to make more informed decisions when choosing a provider.<br />
</p>
<h2>Questions Trustworthy VPNs Should Be Able to Answer</h2>
<p>Below you can read our answers. You can also find them and other providers' <a href="https://cdt.org/insight/unedited-answers-signals-of-trustworthy-vpns/" target="_blank">unedited answers on the CDT's website</a>.<br />
</p>
<p><strong>What is the public facing and full legal name of the VPN service and any parent or holding companies? Do these entities have ownership or economic stakes in in other VPN services, and if so, do they share user information? Where are they incorporated? Is there any other company or partner directly involved in operating the VPN service, and if so, what is its full legal name?</strong></p>
<p>The public-facing name is Mullvad VPN.</p>
<p>The legal name of the company is Amagicom AB which is directly owned by the founders Fredrik Strömberg and Daniel Berntsson. Amagicom AB is incorporated in Sweden.</p>
<p>Neither Amagicom AB nor Fredrik Strömberg nor Daniel Berntsson has ownership or economic stakes in other VPN services.</p>
<p>No other companies are directly involved in operating Mullvad VPN.<br />
</p>
<p><strong>Does the company, or other companies involved in the operation or ownership of the service, have any ownership in VPN review websites?</strong></p>
<p>No.<br />
</p>
<p><strong>What is the service’s business model (i.e. how does the VPN make money)? For example, is the sole source of the service’s revenue from consumer subscriptions?</strong></p>
<p>All revenue comes from VPN customer subscriptions.<br />
</p>
<p><strong>Does the service store any data or metadata generated during a VPN session (from connection to disconnection) after the session is terminated? If so what data?</strong></p>
<p>No. For details, see <a href="https://www.mullvad.net/guides/no-logging-data-policy/">our privacy policy.</a><br />
</p>
<p><strong>Does your company store (or share with others) any user browsing and/or network activity data, including DNS lookups and records of domain names and websites visited?</strong></p>
<p>No. For details, see <a href="https://www.mullvad.net/guides/no-logging-data-policy/">our privacy policy</a>.<br />
</p>
<p><strong>Do you have a clear process for responding to legitimate requests for data from law enforcement and courts?</strong></p>
<p>Yes, see our article “<a href="https://mullvad.net/guides/how-we-handle-government-requests-user-data/">How we handle government requests for user data</a>”.<br />
</p>
<p><strong>What do you do to protect against unauthorized access to customer data flows over the VPN?</strong></p>
<p>Secure systems are required for privacy, and since Mullvad’s beginning, security has always been deeply ingrained in our culture.</p>
<ul>
<li>In our app we offer such security features as a kill switch, DNS leak protection, and IPv6 support, all of which we were either first or among the first.</li>
<li>We only utilize the two best VPN protocols, OpenVPN and WireGuard (we were an early adopter of the former and we pioneered the latter).</li>
<li>Because reliability is paramount, our app is built in Rust, a programming language made for building secure programs.</li>
<li>We use code signing for app and server code.</li>
<li>All of our sysadmins use the Qubes operating system, as does most of our team.</li>
<li>We also protect our laptops against tampering.<br />
</li>
</ul>
<p><strong>What other controls does the service use to protect user data?</strong></p>
<p>We offer a number of features to protect our users’ privacy, including these industry firsts:</p>
<ul>
<li>We accept payment with cash in the mail and Bitcoin.</li>
<li>In our account sign-up process, we ask for no personal information whatsoever, not even an email address.</li>
<li>Our VPN app is open source (find an independent audit report of it on our website).</li>
</ul>
<p>We are also contributors to the privacy and security communities at large. When we discovered that OpenVPN was vulnerable to Heartbleed and later Shellshock, our warning to the community benefited many other VPN services who took action based on our advice.</p>
<p>In addition, we are the only VPN service to currently offer VPN tunnels with experimental post-quantum security.</p>Update your app – new stable version (2018.4)2018-10-16T09:32:52+00:00https://www.mullvad.net/fr/blog/2018/10/16/update-your-app-new-stable-version-20184/<p>Update your Mullvad VPN app to the newest stable release (2018.4) for Windows, macOS, and Linux.</p>
<p><a class="external-link" href="https://mullvad.net/download/" rel="nofollow">Download the app</a> now. If you need help with installation and usage, we've got <a class="external-link" href="https://mullvad.net/guides/category/mullvad-app/" rel="nofollow">guides</a> for that!</p>
<p>For those unable to access our website, <a class="external-link" href="https://github.com/mullvad/mullvadvpn-app/releases/tag/2018.4" rel="nofollow">GitHub</a> also hosts the app's download file.</p>
<p><strong>Linux users:</strong> If you have the old, deprecated Mullvad client installed, please uninstall it before installing the new app.<br />
</p>
<h2>Release highlights</h2>
<p>If you tested our most recent beta releases, the majority of these updates will be familiar to you.</p>
<p>These are the key updates since our last stable release:</p>
<ul>
<li>compatibility with Airdrop, Handoff, and similar services</li>
<li>visibility of the Quit button without needing to scroll in the Settings menu</li>
<li>if the app temporarily can't verify your account number when logging in, you will still be able to use the app as normal; if you've entered an invalid number, the app will signal this once you try connecting</li>
<li>the name of the VPN server (e.g. us-nyc-015) is now shown rather than its public IP address</li>
<li>periodic updates of the server locations list without having to restart the app</li>
<li>a fix that addresses issue MUL-01-001 in our recent <a class="external-link" href="https://mullvad.net/blog/2018/9/24/read-results-security-audit-mullvad-app/" rel="nofollow">security audit</a></li>
<li>the option to configure OpenVPN mssfix under Advanced settings</li>
<li>(Windows) fewer disruptions in VPN connection for those with an unstable Internet network</li>
<li>(Windows) improved connection speed for TCP protocol users</li>
<li>(Windows and Linux) fewer DNS-related issues</li>
<li>(Linux) a bug fix that, in certain distributions, prevented Internet access while connected to the VPN</li>
<li>(Linux) if you're a terminal user, you no longer need to create a symlink. the CLI binary is installed into /usr/bin/</li>
<li>(Linux) better support for scaling, and high-resolution monitors.</li>
</ul>Released: 2018.4-beta32018-10-12T16:00:28+00:00https://www.mullvad.net/fr/blog/2018/10/12/released-20184-beta3/<p>We've got a new beta version of our VPN app ready to go for macoOS, Linux, and Windows users.</p>
<p>Download version 2018.4-beta3 now:</p>
<ul>
<li><a href="https://mullvad.net/guides/beta-versions-windows/">beta app for Windows</a></li>
<li><a href="https://mullvad.net/guides/beta-app/">beta app for macOS</a></li>
<li><a href="https://mullvad.net/guides/beta-versions-linux/">beta app for Linux</a>.</li>
</ul>
<p>For those unable to access our website, <a class="external-link" href="https://github.com/mullvad/mullvadvpn-app/releases" rel="nofollow">our GitHub page</a> also hosts the app's download files.<br />
</p>
<h2>Beta highlights</h2>
<p>Some of the key updates include</p>
<ul>
<li>being able to reset the OpenVPN mssfix option under Advanced settings</li>
<li>(Linux) a bug fix that, in certain distributions, prevented Internet access while connected to the VPN</li>
<li>(Linux) better display on high-resolution monitors.<br />
</li>
</ul>
<h2>What is a beta release?</h2>
<p>A beta release is usually the final test version of a piece of software before the next official version is released. This means that bugs may still exist even though the software has been tested internally.</p>
<p>But that's exactly why beta releases occur, so that external users like yourself can test the software and give us valuable feedback.</p>
<p>If you'd rather wait for the next official release, though, that's ok too. The <a class="external-link" href="https://mullvad.net/download/" rel="nofollow">latest official, non-beta version</a> is always available on our download page.</p>Released: 2018.4-beta22018-10-11T07:30:17+00:00https://www.mullvad.net/fr/blog/2018/10/11/released-20184-beta2/<p>Windows, macOS, and Linux users – try the latest beta version of our VPN app.</p>
<p>Download version 2018.4-beta2 now:</p>
<ul>
<li><a href="https://mullvad.net/guides/beta-versions-windows/">beta app for Windows</a></li>
<li><a href="https://mullvad.net/guides/beta-app/">beta app for macOS</a></li>
<li><a href="https://mullvad.net/guides/beta-versions-linux/">beta app for Linux</a>.</li>
</ul>
<p>For those unable to access our website, <a class="external-link" href="https://github.com/mullvad/mullvadvpn-app/releases" rel="nofollow">our GitHub page</a> also hosts the app's download files.<br />
</p>
<h2>Highlights of this release</h2>
<p>Some of the key updates include</p>
<ul>
<li>visibility of the Quit button without needing to scroll in the Settings menu</li>
<li>showing the name of the VPN server rather than its public IP address</li>
<li>(Windows) fewer disruptions in VPN connection for those with an unstable Internet network</li>
<li>(Windows) improved connection speed for TCP protocol users</li>
<li>(Windows and Linux) fewer DNS-related issues.<br />
</li>
</ul>
<h2>What is a beta release?</h2>
<p>A beta release is usually the final test version of a piece of software before the next official version is released. This means that bugs may still exist even though the software has been tested internally.</p>
<p>But that's exactly why beta releases occur, so that external users like yourself can test the software and give us valuable feedback.</p>
<p>If you'd rather wait for the next official release, though, that's ok too. The <a class="external-link" href="https://mullvad.net/download/" rel="nofollow">latest official, non-beta version</a> is always available on our download page.</p>New beta release (2018.4-beta1)2018-10-01T14:19:59+00:00https://www.mullvad.net/fr/blog/2018/10/1/new-beta-release-20184-beta1/<p>The latest beta version of our VPN app is now out for Windows, macOS, and Linux users to try.</p>
<p>Download version 2018.4-beta1 now:</p>
<ul>
<li><a href="https://mullvad.net/guides/beta-versions-windows/">beta app for Windows</a></li>
<li><a href="https://mullvad.net/guides/beta-app/">beta app for macOS</a></li>
<li><a href="https://mullvad.net/guides/beta-versions-linux/">beta app for Linux</a>.</li>
</ul>
<p>For those unable to access our website, <a class="external-link" href="https://github.com/mullvad/mullvadvpn-app/releases" rel="nofollow">our GitHub page</a> also hosts the app's download files.<br />
</p>
<h2>Beta highlights</h2>
<p>Some of the key updates include</p>
<ul>
<li>compatibility with Airdrop, Handoff, and similar services</li>
<li>periodic updates of the server locations list without having to restart the app</li>
<li>addressing one of the issues in our recent security audit.<br />
</li>
</ul>
<h2>What is a beta release?</h2>
<p>A beta release is usually the final test version of a piece of software before the next official version is released. This means that bugs may still exist even though the software has been tested internally.</p>
<p>But that's exactly why beta releases occur, so that external users like yourself can test the software and give us valuable feedback.</p>
<p>If you'd rather wait for the next official release, though, that's ok too. The <a class="external-link" href="https://mullvad.net/download/" rel="nofollow">latest official, non-beta version</a> is always available on our download page.</p>Read results of security audit on Mullvad app2018-09-24T11:26:30+00:00https://www.mullvad.net/fr/blog/2018/9/24/read-results-security-audit-mullvad-app/<p>The final report of the external security audit on our VPN app, version 2018.2, is now publicly available.</p>
<p>As summarized in the report, "the assessment yielded a total of seven issues, which [is] an exceptionally small number given the complex field of the VPN software and the connected, vast attack surface."</p>
<p>Of those seven, six issues related to the app, none of which were remotely exploitable. In addition, the testers found no traffic leaks and no ways for a network-based attacker to force leaks. The remaining issue had to do with our website.</p>
<p>Eight testers from <a class="external-link" href="https://cure53.de/" rel="nofollow" target="_blank">Cure53</a> and <a class="external-link" href="https://assured.se/" rel="nofollow" target="_blank">Assured</a> spent a total of 18 days to complete the audit.<br />
</p>
<h2>Read the report</h2>
<p><a class="external-link" href="https://cure53.de/pentest-report_mullvad_v2.pdf" rel="nofollow" target="_blank">Read the final audit report</a>, made available on Cure53's website.</p>
<p>Also public is the <a class="external-link" href="https://cure53.de/pentest-report_mullvad_v1.pdf" rel="nofollow" target="_blank">initial report</a> which is the version that was initially presented to us. After a discussion with the auditors about the use of certain terminology, they adjusted the report to provide better clarity and produced the final version.</p>
<p>An independent audit helps to discover potential security vulnerabilities and fix them, all resulting in an even better service. It also gives you the opportunity to judge whether or not we are technically competent enough to provide a service in which security is paramount.</p>
<p>Thanks to the audit's findings, we prioritized our app development accordingly and released version 2018.3. Be sure you're using the latest version of the <a class="external-link" href="https://mullvad.net/download" rel="nofollow">Mullvad VPN app – download now</a>.<br />
</p>
<h2>Overview of findings</h2>
<p>Of the seven issues found, the two identified vulnerabilities required local access to the computer. Of the five miscellaneous issues, three required local access, one pertained to our website, and the last one reflected on software dependencies.</p>
<p>Regarding the five findings that depended on local access, it should be noted that in general we do not consider attackers with local access to be part of our threat model. Nonetheless, we will of course consider all recommendations made by the auditors to further improve the security of our app.</p>
<p>Please feel free to contact us if you have any questions after reading this post or the audit report.</p>
<p><strong>Identified vulnerabilities</strong></p>
<ul>
<li><strong>MUL-01-004 Windows:</strong> Privilege escalation by replacing executables (Critical)<br />
Our comment: Solved in app version 2018.3. Under certain conditions, a user with local access could abuse the app to gain administrative privileges.<br />
</li>
<li><strong>MUL-01-006 Daemon:</strong> Any user can issue WebSocket commands (High)<br />
Our comment: Any user with local access can control the app. This is currently intentional, but we will consider the auditors' recommendations. It should also be noted that we replaced WebSocket with IPC.<br />
</li>
</ul>
<p><strong>Miscellaneous issues</strong></p>
<p>As described by the auditors, "This section covers those noteworthy findings that did not lead to an exploit but might aid an attacker in achieving their malicious goals in the future.</p>
<p>"Most of these results are vulnerable code snippets that did not provide an easy way to be called. Conclusively, while a vulnerability is present, an exploit might not always be possible."</p>
<ul>
<li><strong>MUL-01-001 App:</strong> Missing Browser Window preferences allow RCE (Info)<br />
Our comment: Requires a local user to drag a malicious file onto the app window. We are looking into this.<br />
</li>
<li><strong>MUL-01-002 App:</strong> WebSocket leaks real IP addresses and geolocation (Medium)<br />
Our comment: By its current design, all local users should be able to query the app for current status and information. See also MUL-01-006. We are looking into this.<br />
</li>
<li><strong>MUL-01-003 Daemon:</strong> Weak permissions on config and log files (Low)<br />
Our comment: A local user can read the configuration and log files of the app. We are looking into this.<br />
</li>
<li><strong>MUL-01-005 OOS:</strong> CSRF on adding and removing forwarded ports (Low)<br />
Our comment: Fixed on 20 September 2018.<br />
</li>
<li><strong>MUL-01-007 App:</strong> Lax version requirements for Node dependencies (Info)<br />
Our comment: We are looking into this.</li>
</ul>Security audit of Mullvad app completed – please upgrade2018-09-20T15:08:07+00:00https://www.mullvad.net/fr/blog/2018/9/20/security-audit-mullvad-app-completed-please-upgrade/<p>We recently requested an external security audit to be performed on our VPN app, version 2018.2.</p>
<p>An independent audit helps to discover potential security vulnerabilities and fix them, all resulting in an even better service. It also gives you the opportunity to judge whether or not we are technically competent enough to provide a service in which security is paramount.</p>
<p>Thanks to the audit's findings, we prioritized our improvements accordingly and released app version 2018.3.<br />
</p>
<h2>Upgrade your app</h2>
<p>So what does this mean for you, our customer? We recommend that you upgrade to the latest stable version of the app, which at the time of this post is 2018.3.</p>
<p><a class="external-link" href="https://mullvad.net/download" rel="nofollow">Download Mullvad now</a> – this link and our website's Download button always point to the latest version.<br />
</p>
<h2>Read the audit's results</h2>
<p>We are quite pleased with the outcome of the audit. To quote the auditors themselves, "In sum, the assessment yielded a total of seven issues, which [is] an exceptionally small number given the complex field of the VPN software and the connected, vast attack surface."</p>
<p>The final report of the audit, carried out by <a class="external-link" href="https://cure53.de/" rel="nofollow" target="_blank">Cure53</a> and <a class="external-link" href="https://assured.se/" rel="nofollow" target="_blank">Assured</a>, will be publicized by Cure53 and on our blog on Monday 24 September.</p>Server maintenance on Thursday2018-09-18T12:50:16+00:00https://www.mullvad.net/fr/blog/2018/9/18/server-maintenance-thursday/<p>This Thursday, 20 September, you may experience a short disruption in your Mullvad connection during a scheduled maintenance of our servers.</p>
<p>During this time, you may be disconnected, after which the app will attempt to reconnect to another server. We expect only a few minutes of downtime for each server. WireGuard users will not be affected.</p>
<p>Please check our <a href="https://mullvad.net/servers" rel="nofollow">server page</a> to stay updated on the status of our work.</p>
<p>During this scheduled maintenance, we will be deploying a small security improvement to mitigate the <a class="external-link" href="https://www.bleepingcomputer.com/news/security/voracle-attack-can-recover-http-data-from-vpn-connections/" rel="nofollow" target="_blank">VORACLE vulnerability</a>.</p>Update your app – new version available2018-09-17T13:46:48+00:00https://www.mullvad.net/fr/blog/2018/9/17/update-your-app-new-version-available/<p>It's here, the next stable version (2018.3) of the Mullvad VPN app, available for Windows, macOS, and Linux.</p>
<p><a class="external-link" href="https://mullvad.net/download/" rel="nofollow">Download the app</a> now. If you need help with installation and usage, we've got <a class="external-link" href="https://mullvad.net/guides/category/mullvad-app/" rel="nofollow">guides</a> for that!</p>
<p>For those unable to access our website, <a class="external-link" href="https://github.com/mullvad/mullvadvpn-app/releases/tag/2018.3" rel="nofollow">GitHub</a> also hosts the app's download file.<br />
</p>
<h2>Release highlights</h2>
<p>If you tested our most recent beta release, the majority of these updates will be familiar to you.</p>
<p>These are the key updates since our last stable release:</p>
<ul>
<li>the ability to choose a specific server</li>
<li>compatibility with Chromecast, Sonos, and other wireless devices (Apple devices will not work; we're still working on this); just be sure to turn on "Local network sharing" in the Preferences menu</li>
<li>draggable scrollbars in all menus</li>
<li>the option of turning on/off IPv6 in the Advanced settings (by default it is disabled)</li>
<li>(Linux users) support for Ubuntu 14.04, Debian 8, and other, older distributions.</li>
</ul>
<p>We've also fixed the issue of users being stuck in the "Connecting to daemon" view.</p>
<p><img alt="The Mullvad VPN app allows you to easily select a specific server." src="/media/uploads/2018/09/17/vpn-app-choose-specific-server_dcGSKJs.jpg" style="height:450px; width:254px" /> <img alt="The Mullvad VPN app, showing the option to enable IPv6 in the Advanced settings menu." src="/media/uploads/2018/09/17/vpn-app-ipv6.png" style="height:450px; width:254px" /><br />
</p>
<h2>Greater security for Windows users</h2>
<p>With the release of version 2018.3, we have removed the option for Windows users to choose where on their computer the app is installed. It will now always be placed in <kbd>C:\Program Files\Mullvad VPN\</kbd> which is a system-protected directory.</p>
<p>This prevents the possibility of choosing a directory that is unprotected, which thereby protects against a potential security exploit.</p>New beta release2018-09-13T19:05:46+00:00https://www.mullvad.net/fr/blog/2018/9/13/new-beta-release/<p>Windows, macOS, and Linux users – try the latest beta version of our VPN app.</p>
<p>Download version 2018.3-beta1 now:</p>
<ul>
<li><a class="external-link" href="https://mullvad.net/guides/beta-versions-windows/" rel="nofollow">beta app for Windows</a></li>
<li><a class="external-link" href="https://mullvad.net/guides/beta-app/" rel="nofollow">beta app for macOS</a></li>
<li><a class="external-link" href="https://mullvad.net/guides/beta-versions-linux/" rel="nofollow">beta app for Linux</a>.</li>
</ul>
<p>For those unable to access our website, <a class="external-link" href="https://github.com/mullvad/mullvadvpn-app/releases" rel="nofollow" target="_blank">our GitHub page</a> also hosts the app's download files.<br />
</p>
<h2>Beta highlights</h2>
<p>Some of the key updates include</p>
<ul>
<li>the ability to choose a specific server</li>
<li>compatibility with Chromecast, Sonos, and other (non-Apple) wireless devices</li>
<li>draggable scrollbars in all menus</li>
<li>the option of disabling IPv6</li>
<li>(Linux users) support for Ubuntu 14.04, Debian 8, and other, older distributions.</li>
</ul>
<p>We've also fixed the issue of users being stuck in the "Connecting to daemon" view.<br />
</p>
<h2>What is a beta release?</h2>
<p>A beta release is usually the final test version of a piece of software before the next official version is released. This means that bugs may still exist even though the software has been tested internally.</p>
<p>But that's exactly why beta releases occur, so that external users like yourself can test the software and give us valuable feedback.</p>
<p>If you'd rather wait for the next official release, though, that's ok too. The <a class="external-link" href="https://mullvad.net/download/" rel="nofollow">latest official, non-beta version</a> is always available on our download page.</p>Payment options for Swedish customers2018-09-08T20:09:47+00:00https://www.mullvad.net/fr/blog/2018/9/8/payment-options-swedish-customers/<p>For our customers in Sweden, we have stopped accepting bankgiro and updated our Swish payment method.</p>
<p>If you were previously using bankgiro, consider using Swish or credit card instead, both of which are also connected to your bank account but credit your Mullvad account instantly.</p>
<p>If you're already using Swish, our old number no longer works. Instead, log in on our website, then choose Swish and follow the instructions.</p>macOS users – update your app2018-08-14T14:05:20+00:00https://www.mullvad.net/fr/blog/2018/8/14/macos-users-update-your-app/<p>There's a new stable version (2018.2) of the Mullvad VPN app available for you macOS users. <a class="external-link" href="https://mullvad.net/download/" rel="nofollow">Get it now!</a></p>
<p>Need help? Learn how to install and use the app by reading our <a class="external-link" href="https://mullvad.net/guides/install-and-use-mullvad-app-macos/" rel="nofollow">macOS app guide</a>.<br />
</p>
<h2>What's new</h2>
<p>We've made a number of changes since the previous stable release (2018.1):</p>
<ul>
<li>Auto-connect and Auto-start options have been added to the Preferences menu.</li>
<li>When you click on Switch location, the list will automatically scroll to the last location you selected rather than always open at the top.</li>
<li>Easily copy your account number by clicking on it in the app's settings.</li>
<li>The account expiration time is now always up to date.</li>
<li>You no longer need to enter your computer's login credentials each time you start the app.</li>
<li>Your computer will display notification pop-ups each time the app connects or disconnects.</li>
<li>In-app error messages have been improved to more specifically reflect the problem.</li>
<li>We've improved the usability of the app for those who've experienced DNS-related issues.</li>
<li>Users who previously remained stuck at the Login screen even after having connected should no longer experience this problem.</li>
<li>When sending a problem report, the app's two most recent log files are now sent as opposed to only the latest one. This assists our support team in more easily helping the customer as many problems are logged in the next-to-last file.</li>
<li>The app will no longer appear to freeze if experiencing connection problems.</li>
<li>The installation process has changed.</li>
</ul>
<p>Find <a class="external-link" href="https://github.com/mullvad/mullvadvpn-app/blob/master/CHANGELOG.md" rel="nofollow" target="_blank">the entire changelog</a> on our GitHub page. For those unable to access our website, GitHub also <a href="https://github.com/mullvad/mullvadvpn-app/releases" target="_blank">hosts the app's download file</a>.</p>Linux users – official release of Mullvad VPN app!2018-08-14T14:01:49+00:00https://www.mullvad.net/fr/blog/2018/8/14/linux-users-official-release-mullvad-vpn-app/<p>Linux users, don't wait any longer – the first stable release of our new VPN app is finally here!</p>
<p>Get started by <a class="external-link" href="https://mullvad.net/download/" rel="nofollow">downloading the app</a>. Then head over to our <a class="external-link" href="https://mullvad.net/guides/install-and-use-mullvad-app-linux/" rel="nofollow">Linux app guide</a> to learn how to install and use it.</p>
<p>For those unable to access our website, <a class="external-link" href="https://github.com/mullvad/mullvadvpn-app/releases/tag/2018.2" rel="nofollow">GitHub</a> also hosts the app's download file.</p>
<p>We greatly appreciate those of you who have tested the beta versions and given us invaluable feedback.<br />
</p>
<h2>About the new app</h2>
<p>Protecting one's online privacy should be easy for anyone. To that end, we have intentionally designed our new app with an intuitive user experience at its core.</p>
<p>The Mullvad VPN app focuses on showing whether your connection is secure or not. A padlock in the menu bar is a helpful, constant reminder of your status – green means you're connected, red signals that you're not.</p>
<p>If you want to change your location, simply choose from the menu and the app will reconnect automatically. A map clearly indicates where in the world you are connected to one of Mullvad's servers.</p>
<p>With continued focus on protecting our users' online privacy, <a class="external-link" href="https://mullvad.net/guides/dns-leaks/" rel="nofollow">DNS leak protection</a> is always on in the new Mullvad VPN app. It also features a built-in "kill switch" which ensures that your traffic is not accidentally leaked outside of our secure tunnel.</p>
<p>The new app is an improvement over its predecessor, but we are still working toward implementing all of the same features, such as the ability to select a specific server.</p>Official release – new Mullvad VPN app for Windows!2018-08-14T13:51:49+00:00https://www.mullvad.net/fr/blog/2018/8/14/official-release-new-mullvad-vpn-app-windows/<p>Windows users, the first stable release of our newly-rebuilt VPN app is ready for you!</p>
<p>Get started by <a class="external-link" href="https://mullvad.net/download/" rel="nofollow">downloading the app</a>. Then head over to our <a class="external-link" href="https://mullvad.net/guides/install-and-use-mullvad-app-windows/" rel="nofollow">Windows app guide</a> to learn how to install and use it.</p>
<p>For those unable to access our website, <a class="external-link" href="https://github.com/mullvad/mullvadvpn-app/releases/tag/2018.2" rel="nofollow">GitHub</a> also hosts the app's download file.</p>
<p>We greatly appreciate those of you who have tested the beta versions and given us invaluable feedback.<br />
</p>
<h2>About the new app</h2>
<p>Protecting one's online privacy should be easy for anyone. To that end, we have intentionally designed our new app with an intuitive user experience at its core.</p>
<p>The Mullvad VPN app focuses on showing whether your connection is secure or not. A padlock in the menu bar is a helpful, constant reminder of your status – green means you're connected, red signals that you're not.</p>
<p>If you want to change your location, simply choose from the menu and the app will reconnect automatically. A map clearly indicates where in the world you are connected to one of Mullvad's servers.</p>
<p>With continued focus on protecting our users' online privacy, <a class="external-link" href="https://mullvad.net/guides/dns-leaks/" rel="nofollow">DNS leak protection</a> is always on in the new Mullvad VPN app. It also features a built-in "kill switch" which ensures that your traffic is not accidentally leaked outside of our secure tunnel.</p>
<p>The new app is an improvement over its predecessor, but we are still working toward implementing all of the same features, such as the ability to select a specific server.</p>New beta for Windows and macOS2018-08-10T15:14:46+00:00https://www.mullvad.net/fr/blog/2018/8/10/new-beta-windows-and-macos/<p>The next beta version of our VPN app is now available for download.</p>
<p>Read more about the latest updates in version 2018.2-beta3 on the download pages:</p>
<ul>
<li><a class="external-link" href="https://mullvad.net/guides/beta-app/" rel="nofollow">beta app for macOS</a></li>
<li><a class="external-link" href="https://mullvad.net/guides/beta-versions-windows/" rel="nofollow">beta app for Windows.</a></li>
</ul>
<p>For those unable to access our website, <a class="external-link" href="https://github.com/mullvad/mullvadvpn-app/releases" rel="nofollow" target="_blank">our GitHub page</a> also hosts the app's download files.<br />
</p>
<h2>What is a beta release?</h2>
<p>A beta release is usually the final test version of a piece of software before the official version is released. This means that bugs may still exist even though the software has been tested internally.</p>
<p>But that's exactly why beta releases occur, so that external users like yourself can test the software and give us valuable feedback.</p>
<p>If you'd rather wait for the next official release, though, that's ok too. The <a class="external-link" href="https://mullvad.net/download/" rel="nofollow">latest official, non-beta version</a> is always available on our download page.<br />
</p>
<h2>Linux users</h2>
<p>In case you missed our big announcement, a <a class="external-link" href="https://mullvad.net/guides/beta-versions-linux/" rel="nofollow">Linux beta version</a> of our newly rebuilt VPN app is finally out!</p>Try our new app in Linux!2018-08-10T14:54:55+00:00https://www.mullvad.net/fr/blog/2018/8/10/try-our-new-app-linux/<p>Linux users, our next-generation VPN app, in beta, is finally ready for you to try!</p>
<p>Head over to the <a class="external-link" href="https://mullvad.net/guides/beta-versions-linux/" rel="nofollow">Linux beta page</a> where you'll find a download link and important information, including CLI instructions. For those unable to access our website, <a class="external-link" href="https://github.com/mullvad/mullvadvpn-app/releases" rel="nofollow" target="_blank">our GitHub page</a> also hosts the app's download file.</p>
<p>Although the new app is an improvement over its predecessor, it is still in beta and does not yet offer all of the same features, such as the ability to select a specific server. Read more below about beta releases.<br />
<img alt="Mullvad VPN app showing a secure connection" src="/media/uploads/2018/08/09/vpn-app-connected.jpg" style="height:568px; width:320px" /><br />
</p>
<h2>About the new app</h2>
<p>Protecting one's online privacy should be easy for anyone. To that end, we have intentionally designed our new VPN app with an intuitive user experience at its core.</p>
<p>The new Mullvad VPN app focuses on showing whether your connection is secure or not. A padlock in the menu bar is a helpful, constant reminder of your status – green means you're connected, red signals that you're not.</p>
<p>If you want to change your location, simply choose from the menu and the app will reconnect automatically. A map clearly indicates where in the world you are connected to one of Mullvad's servers.<br />
</p>
<h2>What is a beta release?</h2>
<p>A beta release is usually the final test version of a piece of software before the next official version is released. This means that bugs may still exist even though the software has been tested internally.</p>
<p>But that's exactly why beta releases occur, so that external users like yourself can test the software and give us valuable feedback. If you'd rather wait for the official release, though, that's ok too.<br />
</p>
<h2>Windows and macOS updates</h2>
<p>This release also means a new beta version (2018.2-beta3) for Windows and macOS users:</p>
<ul>
<li><a class="external-link" href="https://mullvad.net/guides/beta-app/" rel="nofollow">new beta version for macOS</a></li>
<li><a class="external-link" href="https://mullvad.net/guides/beta-versions-windows/" rel="nofollow">new beta version for Windows.</a></li>
</ul>Press resources for journalists2018-07-25T18:38:17+00:00https://www.mullvad.net/fr/blog/2018/7/25/press-resources-journalists/<p>Journalists, looking for a one-stop shop on resources about us? Check out our <a href="https://mullvad.net/press/">press page</a>.</p>
<p>Contact information for press questions, downloadable logos, and a summary of who we are and what we stand for – it's all there!</p>42 WireGuard servers and several new locations2018-07-20T18:37:16+00:00https://www.mullvad.net/fr/blog/2018/7/20/42-wireguard-servers-and-several-new-locations/<p>Mullvad expands our WireGuard VPN-service to a total of 42 servers. Check out our new locations here <a href="https://mullvad.net/servers/#wireguard">https://mullvad.net/servers/#wireguard</a></p>
<p>Give the new VPN protocol a try with Mullvad and let us know what you think.</p>
<h2>Get started with WireGuard!</h2>
<p>Linux: <a href="https://www.mullvad.net/guides/easy-wireguard-mullvad-setup-linux/">https://www.mullvad.net/guides/easy-wireguard-mullvad-setup-linux/</a><br />
macOS: <a href="https://www.mullvad.net/guides/wireguard-mullvad-macos/">https://www.mullvad.net/guides/wireguard-mullvad-macos/</a><br />
Android: <a href="https://www.mullvad.net/guides/wireguard-android/">https://www.mullvad.net/guides/wireguard-android/</a><br />
Router: <a href="https://www.mullvad.net/guides/running-wireguard-router/">https://www.mullvad.net/guides/running-wireguard-router/</a></p>
<h2>About WireGuard</h2>
<p><a href="https://www.wireguard.com/">WireGuard</a> is a new VPN protocol designed with simplicity in mind and is meant to be easily implemented in very few lines of code. In addition, the protocol can easily be reviewed by individuals for security vulnerabilities. WireGuard performs very well on consumer routers.</p>Scheduled maintenance 2018-07-232018-07-17T13:04:31+00:00https://www.mullvad.net/fr/blog/2018/7/17/scheduled-maintenance-2018-07-23/<p>On Monday, maintenance is planned for parts of our infrastructure. This may cause temporary disruption of the service. We will do our best to minimize the time this will affect you.</p>
<p>The maintenance will start at 2018-07-23 07:00:00 UTC and will likely last less than one hour.</p>
<p>During the maintenance the following things might not work:</p>
<ul>
<li> The account page on our website, including account creation, making new payments and managing ports.</li>
<li> If you restart the Mullvad VPN App, you might not be able to reach api.mullvad.net, and thus will not be able to log in to a VPN server. </li>
<li> Port forwarding. It will however work if you've logged on before the maintenance.</li>
<li> Information about time left and forwarded ports in the client / App and on the website.</li>
<li> Downloading OpenVPN and WireGuard configuration files.</li>
<li> Payment processing. Any payments made during this time will be processed once the maintenance is done.</li>
</ul>
<p>The account page, and the OpenVPN and WireGuard configuration pages on the website will be disabled during this period to avoid confusion.</p>Available now – next beta version for macOS2018-07-04T06:00:00+00:00https://www.mullvad.net/fr/blog/2018/7/4/available-now-next-beta-version-macos/<p>We've got a new macOS beta version of our VPN app ready for testing. Visit the <a href="https://mullvad.net/guides/beta-app/">macOS beta page</a> for the download link and important information.</p>
<p>For those unable to access our website, <a class="external-link" href="https://github.com/mullvad/mullvadvpn-app/releases/tag/2018.2-beta1" rel="nofollow" target="_blank">our GitHub page</a> also hosts the app's .pkg download file.<br />
</p>
<h2>What is a beta release?</h2>
<p>A beta release is usually the final test version of a piece of software before it gets released as the next official version. This means that bugs may still exist even though the software has been tested internally.</p>
<p>But that's exactly why beta releases occur, so that external users like yourself can test the software and give us valuable feedback.</p>
<p>If you'd rather wait for the next official release, though, that's ok too. The <a href="http://mullvad.net/download/">latest official version</a> is always available on our download page.<br />
</p>
<h2>Windows users</h2>
<p>In case you missed <a href="https://mullvad.net/blog/2018/7/3/windows-beta-release-here/">our big announcement</a>, a Windows beta version of our newly rebuilt VPN app is finally out!</p>Windows beta release is here!2018-07-03T11:12:20+00:00https://www.mullvad.net/fr/blog/2018/7/3/windows-beta-release-here/<p>That's right, Windows users, the wait is over. Our newly rebuilt VPN app, in beta, is finally available to you for testing!</p>
<p>Head over to the <a href="https://mullvad.net/guides/beta-versions-windows/">Windows beta page</a> where you'll find a download link and important information.</p>
<p>Although the new app is an improvement over its predecessor, it is still in beta and does not yet offer all of the same features, such as the ability to select a specific server. Read more below about beta releases.<br />
<img alt="Mullvad VPN app for Windows showing secure connection" src="/media/uploads/2018/07/03/win-app-connected.jpg" style="height:607px; width:319px" /></p>
<h2>About the new app</h2>
<p>Protecting one's online privacy should be easy for anyone. To that end, we have intentionally designed our new VPN app with an intuitive user experience at its core.</p>
<p>The new Mullvad VPN app focuses on showing whether your connection is secure or not, and where the Internet thinks you are located.</p>
<p>A padlock in the menu bar is a helpful, constant reminder of your status – green means you're connected, red signals that you're not.</p>
<p>If you want to change your location, simply choose from the menu and the app will reconnect automatically. A map clearly indicates where in the world you are connected to one of Mullvad's servers.</p>
<p>Your internet traffic is encrypted from your computer to our servers. Using Mullvad also hides your IP address and replaces it with one of ours, giving you increased privacy.<br />
</p>
<h2>What is a beta release?</h2>
<p>A beta release is usually the final test version of a piece of software before the next official version is released. This means that bugs may still exist even though the software has been tested internally.</p>
<p>But that's exactly why beta releases occur, so that external users like yourself can test the software and give us valuable feedback. If you'd rather wait for the official release, though, that's ok too.<br />
</p>
<h2>macOS update</h2>
<p>This release also means a new beta version for macOS users. Head on over to the <a href="https://mullvad.net/guides/beta-app/">macOS beta page</a> to get in on the fun!</p>New tool – test your forwarded ports2018-06-29T11:43:22+00:00https://www.mullvad.net/fr/blog/2018/6/29/new-tool-test-your-forwarded-ports/<p>Curious to know if your forwarded ports with Mullvad are working? We've developed a tool for that! Give our new <a class="external-link" href="https://am.i.mullvad.net/portcheck" rel="nofollow">port check</a> a try.</p>
<p>Don't have an assigned port? You can easily get one by logging in to your Mullvad account on our website. <a class="external-link" href="https://mullvad.net/guides/port-forwarding-and-mullvad/" rel="nofollow">Our port forwarding guide</a> walks you through the process.</p>
<p><img alt="" src="/media/uploads/2018/06/29/port-check-page.jpg" style="height:459px; width:700px" /><br />
</p>
<h2>What is port forwarding?</h2>
<p>Port forwarding makes it possible for remote computers to access a specific computer or service within a private local area network (LAN).</p>
<p>For example, Gunilla has a web server on her private LAN that she wants Glenn to visit. She first requests a port to be forwarded to her. Then she configures her web server to listen to that port for any other traffic. Glenn can then connect to the exit IP address of the VPN server that Gunilla is using, as well as the port number, and voila – he has access!</p>
<p>It's like dialing a company's phone number (the IP address) and then punching in the extension number (port) to reach a particular person.</p>Our WireGuard expansion continues2018-06-27T06:24:20+00:00https://www.mullvad.net/fr/blog/2018/6/27/our-wireguard-expansion-continues/<p>Mullvad expands our WireGuard VPN-service to a total of 30 servers, and our first 40Gbps WireGuard server is online! Please go ahead and test se4-wireguard.mullvad.net!</p>
<p>Give the new VPN protocol a try with Mullvad and let us know what you think.</p>
<p> </p>
<h2>Get started with WireGuard!</h2>
<p>Linux: <a href="https://www.mullvad.net/guides/easy-wireguard-mullvad-setup-linux/">https://www.mullvad.net/guides/easy-wireguard-mullvad-setup-linux/</a><br />
macOS: <a href="https://www.mullvad.net/guides/wireguard-mullvad-macos/">https://www.mullvad.net/guides/wireguard-mullvad-macos/</a><br />
Android: <a href="https://www.mullvad.net/guides/wireguard-android/">https://www.mullvad.net/guides/wireguard-android/</a><br />
Router: <a href="https://www.mullvad.net/guides/running-wireguard-router/">https://www.mullvad.net/guides/running-wireguard-router/</a></p>
<h2><br />
About WireGuard</h2>
<p><a href="https://www.wireguard.io/">WireGuard</a> is a new VPN protocol designed with simplicity in mind and is meant to be easily implemented in very few lines of code. In addition, the protocol can easily be reviewed by individuals for security vulnerabilities. WireGuard performs very well on consumer routers.</p>Delivering faster speeds in Malmö2018-06-08T08:58:12+00:00https://www.mullvad.net/fr/blog/2018/6/8/delivering-faster-speeds-malmo/<p>Connect to our VPN servers in Malmö, Sweden, and you'll likely experience faster speeds.</p>
<p>Those servers are now running on an Intel 8 Core (Xeon W-2145) CPU and connected via 10GbE network cards.</p>
<p><img alt="" src="/media/uploads/2018/06/08/turning_torso_by_night1.jpg" style="height:326px; width:491px" /><br />
<small>Photo by Bjaglin, provided under CC BY-SA 2.0.</small></p>Potential disruption to service on 11 June2018-06-01T09:06:38+00:00https://www.mullvad.net/fr/blog/2018/6/1/potential-disruption-service-11-june/<p>On Monday 11 June, you may experience a disruption in your Mullvad connection. We will be performing maintenance to all of our servers over the course of that day.</p>
<p>While we hope to keep the down time to a minimum, this upgrade will ultimately improve the stability and quality of our service.</p>
<p>We will post a notification on <a href="https://mullvad.net/servers">our server page</a> once the service is complete.</p>Level-up for Helsinki2018-05-28T15:32:05+00:00https://www.mullvad.net/fr/blog/2018/5/28/level-helsinki/<p>We've gone from renting to fully owning our servers in Helsinki, Finland, just as we do in the Netherlands, Sweden, and Norway.</p>
<p><img alt="the Finnish flag flying with trees in the background" src="/media/uploads/2018/05/28/finland-flag.jpg" style="height:543px; width:815px" /></p>
<p>Helsinki has also been added to our list of <a class="external-link" href="https://mullvad.net/servers/#wireguard" rel="nofollow">available WireGuard servers.</a></p>
<p>Everywhere else worldwide we rent physical, dedicated servers that are not shared with other companies.</p>Gothenburg goes live2018-05-25T06:43:57+00:00https://www.mullvad.net/fr/blog/2018/5/25/gothenburg-goes-live/<p>We've finally given some love to our home town of Gothenburg, now the fourth location in Sweden where we've established VPN servers, joining Malmö, Helsingborg, and Stockholm.</p>
<p><img alt="" src="/media/uploads/2018/05/25/gothenburg.jpg" style="height:543px; width:815px" /><br />
<small>Photo by <a href="https://www.flickr.com/photos/mammela/22798308791/in/photolist-Xwagvy-pSkqaR-ps6b83-dignV6-pd1TN6-qsYiR3-VXxWkt-nhVhCg-fAR4Vd-e6wB28-yqcc1-dCxJe1-onG6kW-eW4h5x-cmnEWE-eW4zFR-dignQh-bpvaiv-9bd29p-dboTCX-yqcbW-728tgZ-AJBhVv-db2YFm-f55Ld7-cPTwAU-VcQ1x-f55U5U-db2QNK-db38W3-cnr1sL-f5ztsg-eW58vt-digHKj-72cqLf-ctRAUd-digyhe-VbkAX-pSejJJ-7NnkiD-f1EaK1-q9ASL2-cPTtXw-db3pPg-eTJvfR-dXKRHo-dCsuKH-db2Uia-fcY46r-2buFUs">Pasi Mämmelä</a>, provided under <a href="https://creativecommons.org/licenses/by-sa/2.0/">CC BY-SA 2.0.</a></small></p>
<p>Gothenburg has also been added to our list of <a href="https://mullvad.net/sv/servers/#wireguard">available WireGuard servers.</a></p>
<p>All OpenVPN and WireGuard servers in Gothenburg are connected via 10Gbps network cards.</p>
<p>If you're located in the Gothenburg area, you may experience significantly lower latency if you connect through our Gothenburg servers. Although the results can vary a lot depending on your internet provider, we have tested Com Hem, IP-Only, Bredbandsbolaget and Bahnhof, all with good outcome.</p>
<p>We completely own all of our Swedish servers, just as we do in the Netherlands and Norway. Everywhere else worldwide, we rent physical, dedicated servers that are not shared with other customers.</p>GDPR and your right to data privacy2018-05-24T09:23:18+00:00https://www.mullvad.net/fr/blog/2018/5/24/gdpr-and-your-right-data-privacy/<p>By now, you've probably experienced a steady stream of emails landing in your inbox, all pertaining to the privacy policies of online services that you use. You read them all before giving your consent, right?<br />
<br />
<img alt="" src="/media/uploads/2018/05/25/gdpr.png" style="height:290px; width:337px" /></p>
<p>Well, maybe you tried, until you realized that many of them are extremely long.</p>
<p>The catalyst for these policy updates is a thing called the EU General Data Protection Regulation, or GDPR for short, and it goes into effect tomorrow, 25 May 2018.</p>
<p>The new regulation states that if a company wants to collect user information and store it, then the individual must give active consent for doing so.</p>
<p>The stated intent of GDPR is that everyone has a right to privacy – including online. These days, however, so much information is collected about us that it's nearly impossible for us to actively control what we do and don't want to allow. But with time, companies may actually decide against storing unnecessary data instead of making their privacy policies longer.<br />
</p>
<h2>Why is storing personal data such a sensitive matter?</h2>
<p>Here are a few examples that answer the question:</p>
<ul>
<li><a href="https://www.independent.co.uk/news/uk/home-news/uk-businesses-cyber-attacks-security-breach-figures-fraud-hackers-government-report-a8321931.html" target="_blank">Almost half UK businesses suffered cyberattack or security breach last year, figures show</a> (<em>The Independent</em>)</li>
<li><a href="https://www.reuters.com/article/us-twitter-passwords/twitter-urges-users-to-change-passwords-after-computer-glitch-idUSKBN1I42JG" target="_blank">Twitter urges all users to change passwords after glitch</a> (Reuters)</li>
<li><a href="https://en.wikipedia.org/wiki/List_of_data_breaches" target="_blank">List of data breaches</a> (Wikipedia)</li>
<li><a href="http://money.cnn.com/2017/06/19/technology/voter-data-leaked-online-gop/index.html" target="_blank">Data of almost 200 million voters leaked online by GOP analytics firm</a> (CNN)</li>
<li><a href="https://www.reuters.com/article/us-usa-surveillance-watchdog/nsa-staff-used-spy-tools-on-spouses-ex-lovers-watchdog-idUSBRE98Q14G20130927" target="_blank">NSA staff used spy tools on spouses, ex-lovers: watchdog</a> (Reuters)</li>
</ul>
<p>Do you trust every existing and future holder of information about you? Forever?</p>
<p>To keep data 100% safe, forever, is simply not realistic, so not saving the data in the first place is the only option.</p>
<p>Want to better protect your privacy? Begin with our <a href="https://mullvad.net/en/guides/first-steps-towards-online-privacy/">simple steps to change your online habits</a>.<br />
</p>
<h2>Mullvad's privacy policy</h2>
<p>We do not store activity logs of any kind. In fact, we strongly believe in having a minimal data retention policy because we want you to remain anonymous.</p>
<p>We also believe in exhibiting transparency about the data we do handle, so we have updated our website to bring even more clarity to this topic.</p>
<p>First, our no-logging data policy is now our <a href="https://mullvad.net/en/guides/no-logging-data-policy/">privacy policy</a>. To this we have added sections on <a href="https://mullvad.net/en/guides/no-logging-data-policy/#cookies">cookies</a>, how we <a href="https://mullvad.net/en/guides/no-logging-data-policy/#email">handle emails and problem reports</a>, your <a href="https://mullvad.net/en/guides/no-logging-data-policy/#registry">right to a registry extract</a>, and your <a href="https://mullvad.net/en/guides/no-logging-data-policy/#forgotten">right to be forgotten</a>.</p>
<p>In addition, in the few places on our website where you might choose to send personal information either to us (such as to recover a lost account) or to a third party (for example, if you pay for our service using PayPal or Stripe), we have included an explanation and a link to our privacy policy.</p>Use Mullvad on your Chromebook2018-05-23T13:42:34+00:00https://www.mullvad.net/fr/blog/2018/5/23/use-mullvad-your-chromebook/<p>The wait is over for Chromebook users – thanks to the introduction of the Google Play app store on Chrome OS, you can now run Mullvad on your Google laptop!</p>
<p>The change means that Android apps can now be run on Chromebook. To use Mullvad VPN, simply follow our <a class="external-link" href="https://mullvad.net/en/guides/installing-mullvad-android-devices/" rel="nofollow">installation guide for Chromebook devices</a>.</p>
<p>Chromebook users, we also recommend that you install Firefox's privacy-focused browser, <a class="external-link" href="https://www.mozilla.org/en-US/firefox/mobile/" rel="nofollow" target="_blank">Firefox Focus</a>.</p>WireGuard deployment expanded to 18 cities2018-05-15T11:45:48+00:00https://www.mullvad.net/fr/blog/2018/5/15/wireguard-expanded-18-cities/<p>Singapore is the latest country in which we have deployed WireGuard servers, joining Australia, Canada, France, Germany, Hong Kong, the Netherlands, Norway, Poland, Sweden, Switzerland, the U.K, and the U.S.</p>
<p>Give the new VPN protocol a try with Mullvad and let us know what you think. Reference <a class="external-link" href="https://mullvad.net/servers/#wireguard" rel="nofollow">our WireGuard server list</a> for relevant information on all locations.</p>
<h2>Get started with WireGuard</h2>
<p>New to WireGuard? Read our guide on <a href="https://www.mullvad.net/sv/guides/easy-wireguard-mullvad-setup-linux/">how to install and run WireGuard with Mullvad</a>.</p>
<h2>About WireGuard</h2>
<p><a class="external-link" href="https://www.wireguard.io/" rel="nofollow" target="_blank">WireGuard</a> is a new VPN protocol designed with simplicity in mind and is meant to be easily implemented in very few lines of code. In addition, the protocol can easily be reviewed by individuals for security vulnerabilities. WireGuard performs very well on consumer routers.</p>WireGuard configuration tool has a new function - Download all2018-05-14T10:34:52+00:00https://www.mullvad.net/fr/blog/2018/5/14/wireguard-configuration-tool-has-new-function-download-all/<p>Our WireGuard configuration generator has a new "All" option. If you select "All" under "First server," you will download a ZIP archive containing configuration files for all destinations.</p>
<p>This will save you a lot of time and also ensures that you use the same key pair for all configurations. The "All" option is only available as a first hop and does not include multihop combinations.</p>
<p>Give <a href="https://mullvad.net/en/download/wireguard-config/">our WireGuard config generator</a> a try.</p>
<p><img alt="" src="/media/uploads/2018/05/14/wireguardconfigall.png" style="height:419px; width:403px" /></p>OpenVPN configuration tool has a new function - Use IP addresses2018-05-11T15:50:22+00:00https://www.mullvad.net/fr/blog/2018/5/11/openvpn-configuration-tool-has-new-function-use-ip-addresses/<p>Our OpenVPN configuration generator has a new option, “Use IP addresses”.</p>
<p>If you select "Use IP addresses", the downloaded configuration file will contain a list of IP-addresses to the servers that you selected instead of using their DNS entries. This makes your router/pc run more reliably if you are having DNS issues or your DNS is blocked.</p>
<p>Try it out: <a class="external-link" href="https://mullvad.net/en/download/config/" rel="nofollow">https://mullvad.net/download/config/</a></p>
<p><img alt="" src="/media/uploads/2018/05/11/openvpnconfigip.png" style="height:599px; width:501px" /></p>Open source for a better world2018-04-25T11:29:42+00:00https://www.mullvad.net/fr/blog/2018/4/25/open-source-better-world/<p>Did you know that the majority of our own software is open and freely accessible to anyone? That's because we believe in the open-source model.</p>
<p>This sharing of knowledge helps to advance the world more quickly and help it to become a better place.</p>
<p>You can now <a href="https://mullvad.net/en/guides/open-source/">access our open-source projects and keys</a> in one place on our website.</p>Create better passwords, improve your privacy2018-04-20T13:45:33+00:00https://www.mullvad.net/fr/blog/2018/4/20/create-better-passwords-improve-your-privacy/<p>Passwords, we protect our most important information with them. But are they good enough? In part four of our series on improving online privacy, learn how to <a href="https://mullvad.net/en/guides/create-better-passwords/">create better passwords</a> and more effectively manage them.<br />
</p>
<h2>One step at a time</h2>
<p>If this is your first encounter with our online privacy series, we suggest starting from the beginning. Each guide provides progressively more advanced recommendations.</p>
<ol>
<li><a class="external-link" href="https://mullvad.net/blog/2016/12/5/privacy-universal-right/" rel="nofollow">Intro: privacy is a universal right</a> – an introduction to what privacy is and why it's important.</li>
<li><a class="external-link" href="https://mullvad.net/en/guides/first-steps-towards-online-privacy/" rel="nofollow">Step one: change your online habits</a> – begin with these simple changes.</li>
<li><a class="external-link" href="https://mullvad.net/en/guides/second-steps-toward-online-privacy/" rel="nofollow">Step two: plugins that block and protect</a> – continue by blocking trackers, and more.</li>
<li><a href="https://mullvad.net/en/guides/create-better-passwords/">Step three: create better passwords</a> – improve your password habits.</li>
</ol>Privacy with multihopping made easier2018-04-13T09:54:47+00:00https://www.mullvad.net/fr/blog/2018/4/13/privacy-multihopping-made-easier/<p>Increasing online privacy for our Linux and WireGuard users just got easier. With our <a class="external-link" href="https://mullvad.net/en/download/wireguard-config/" rel="nofollow" target="_self">new online tool</a>, the configuration file needed for multihopping is automatically generated.<br />
</p>
<h2>Get started!</h2>
<p>Follow our <a class="external-link" href="https://mullvad.net/guides/easy-wireguard-mullvad-setup-linux/" rel="nofollow" target="_self">Easy WireGuard + Mullvad setup guide</a>, which makes use of the new configuration generator.</p>
<p>Power users may prefer our <a class="external-link" href="https://mullvad.net/guides/wireguard-and-mullvad-vpn/" rel="nofollow" target="_self">advanced, terminal-only guide</a>.<br />
</p>
<h2>What is multihopping?</h2>
<p>When using Mullvad, your traffic is sent from your computer, through an encrypted tunnel, to one of our servers. From there, it assumes one of our IP addresses and exits at your intended destination.</p>
<p>With multihopping, your traffic passes through <strong>more than one</strong> of our servers, each time being re-encrypted and reassigned a different IP.<br />
</p>
<h2>Multihopping improves privacy</h2>
<p>With each added "hop" to another server, your online anonymity and privacy are further increased. Connecting through multiple locations also makes it that much harder to trace your activity.</p>
<p>Due to the additional hops that your traffic takes, you may notice slower performance.</p>Mullvad sponsors Security Fest2018-04-06T08:41:26+00:00https://www.mullvad.net/fr/blog/2018/4/6/mullvad-sponsors-security-fest/<p>We are proud to sponsor this summer's <a class="external-link" href="https://securityfest.com/" rel="nofollow" target="_blank">Security Fest</a> to be held in Gothenburg, Sweden, on June 1.</p>
<p><a href="https://securityfest.com/buy/" target="_blank">Tickets</a> are already being sold online for this all-day IT security conference. Internationally renowned speakers will be talking about cutting-edge topics in the field. Training sessions will also be held the day before, for a limited number of attendees.</p>Ending support for older versions – update now!2018-03-23T15:38:53+00:00https://www.mullvad.net/fr/blog/2018/3/23/ending-support-older-versions-update-now/<p>Now is the time to <a class="external-link" href="https://mullvad.net/download" rel="nofollow">download</a> the latest version of the Mullvad client. We are ending support for old versions.</p>
<p>If you are still using an old version when this happens, your client will not work properly. <a href="https://mullvad.net/download" rel="nofollow">Download now</a> to prevent putting your online privacy at risk.</p>
<h2>Do you have an old version?</h2>
<p>This change will affect versions older than 66.</p>
<p>If you want to check your version number, navigate to the client's Status tab and look for the Version information located at the bottom.</p>
<ul>
<li>If the curent version is less than 66, <a href="https://mullvad.net/download" rel="nofollow">you need to update</a>.</li>
<li>If your client doesn't show this information, then you are running an old version and <a href="https://mullvad.net/download" rel="nofollow">you need to update</a>.</li>
</ul>
<p><img alt="screenshot of the Status tab in the Mullvad client" src="/media/uploads/2018/03/23/windows-client-latest-version.png" style="height:300px; width:157px" /></p>
<h2>macOS users</h2>
<p>If you don't already have it, you will automatically receive our new macOS app when you start the download process on our <a href="https://mullvad.net/download" rel="nofollow">download page</a>.</p>Protect your privacy2018-03-22T08:49:16+00:00https://www.mullvad.net/fr/blog/2018/3/22/protect-your-privacy/<h2>When it comes to online browsing, there's more you can be doing to stay safe.</h2>
<p><img alt="" src="/media/uploads/2018/03/22/mullvad_youareconnected_comp.jpg" style="height:315px; width:815px" /></p>
<p><strong>ONCE UPON A TIME</strong>, privacy was a fundamental right. But things have changed. Thanks to the advent of the internet, we (often unwittingly) share details of our lives online. All it takes is a simple search, or a website visit, and your actions are automatically collected, tracked and analyzed.</p>
<p>What's more, it's commonplace today for governments and companies to gather our personal information from various online sources. This data, while innocuous as individual snippets, is often collected en masse, sold to the highest bidder, and then used without our consent.</p>
<p>Any and all information you generate while browsing the web is fair game. Corporations frequently use this data to maximize their reach, and when they’re done, they pass it on. Before you know it, your information is everywhere, and with so much of it floating about in cyberspace, efforts to keep your digital activity anonymous become nearly impossible. As a result, online privacy is now of paramount importance.</p>
<h2>Is there an easy way to protect myself online?</h2>
<p>Absolutely. Using a virtual private network (VPN) service, such as Mullvad, is a good first step to safeguarding your browsing information from being gathered by others and used without your consent. Together with the private browsing function on your browser, VPNs help keep your online activity from being tracked and analysed.</p>
<p>Good VPNs enforce a policy of never logging data; they also encrypt personal information and mask the user’s actual IP address by replacing it with another. Not only does this protect a user’s data, but it also keeps his or her online activity, identity, and location private, thwarting virtual eavesdroppers, from Wi-fi hackers to government mass surveillance.</p>
<p>However, a VPN is not a single-step solution. Fully protecting your online privacy is also about changing your habits to increase the effectiveness of such tools. To learn more about protecting your online presence, and how VPNs work, visit our <a href="https://mullvad.net/guides/first-steps-towards-online-privacy/">First steps toward online privacy.</a></p>More locations, more languages2018-03-21T16:09:26+00:00https://www.mullvad.net/fr/blog/2018/3/21/more-locations-more-languages/<p>As we continue to expand our VPN network, you can now choose from 50 server locations in 31 countries worldwide. In addition, our website is now available in 13 languages, including Japanese and Italian.</p>
<p>Take a look at <a class="external-link" href="https://mullvad.net/guides/our-vpn-servers/" rel="nofollow">our VPN server locations</a> to see if Mullvad now exists in your part of the world, giving you faster connection speeds. Latest additions include Luxembourg, Serbia, and Ukraine.</p>Hiring full-time front-end web developer/designer2018-03-13T11:43:50+00:00https://www.mullvad.net/fr/blog/2018/3/13/hiring-full-time-front-end-web-developer/<p>We are looking for an experienced front-end developer equipped with both design and programming expertise to further develop Mullvad's website.</p>
<p>Together with a small team, you will take primary responsibility in bridging the gap between graphical design and technical implementation. You will work closely with our communications specialist to translate UI/UX needs into actual code that will produce the visual elements of the website. This role requires taking an active role in design and front-end development, defining how the website both looks and works.</p>
<p>This is an ongoing, full-time position. Mullvad is located in Gothenburg, Sweden. While we prefer an on-site addition to our team, at least in the initial months, we welcome remote-based applicants too.</p>
<h2>Requirements</h2>
<ul>
<li>You have a few years’ experience developing and designing websites.</li>
<li>You are comfortable with creating a design from scratch, as well as implementing it.</li>
<li>You are capable of collaborating closely with a team of diverse skill sets.</li>
<li>You understand the importance of approaching web design from a UI/UX perspective.</li>
<li>You have proficient understanding of cross-browser compatibility issues and ways to work around them.</li>
<li>You are fluent in English.</li>
</ul>
<h2>Nice but not necessary</h2>
<p>Experience in the following areas is also a plus:</p>
<ul>
<li>Javascript frameworks such as Vue or React</li>
<li>front-end build tools, for example Webpack</li>
<li>UI/UX design and testing.</li>
</ul>
<h2>Benefits</h2>
<p>We believe in having a life outside of work. That’s why we offer</p>
<ul>
<li>flexible working hours</li>
<li>25 days of annual paid vacation</li>
<li>500 EUR annually in allowance toward wellness-related activities (friskvårdsbidrag)</li>
<li>the possibility of working remotely for extended periods of time.</li>
</ul>
<p>We also offer opportunities for growth. Aside from company-initiated opportunities for attending various national and international conferences, you will also have the option to attend one of your choosing per year. In addition, we’ll pay for any reading material that you feel contributes to your professional development.</p>
<h2>Apply by June 15</h2>
<p>If you’re interested in joining our team, send us an email at <a class="external-link" href="mailto:jobs@mullvad.net" rel="nofollow">jobs@mullvad.net</a> by June 15. Applications will be reviewed as they come in, so the position may be filled before the deadline.</p>
<h2>About us</h2>
<p>Mullvad is a VPN service that helps keep internet users’ online activity, identity, and location private. We are a team fully dedicated to our goal – making internet censorship and surveillance ineffective.</p>Filled: Hiring full-time back-end developer2018-03-13T11:40:33+00:00https://www.mullvad.net/fr/blog/2018/3/13/hiring-full-time-back-end-developer/<p><strong>-- The position has been filled --</strong></p>
<p>We are looking for an experienced back-end developer to advance Mullvad’s back-end services.</p>
<p>You will be part of a small team working together to improve existing services, as well as develop new ones. Our stack is mainly written in Python, Rust, and Go.</p>
<p>This is an ongoing, full-time position. Mullvad is located in Gothenburg, Sweden. While we prefer an on-site addition to our team, at least in the initial months, we welcome remote-based applicants too.</p>
<h2>Requirements</h2>
<ul>
<li>You have a few years’ experience in developing, designing the architecture for, and deploying back-end services.</li>
<li>You are comfortable using the right tools for the job and open to learning new skills when necessary.</li>
<li>You have run and deployed services on Linux-based systems and know your way around a terminal.</li>
<li>You are fluent in English.</li>
</ul>
<h2>Nice but not necessary</h2>
<p>Experience with running services on bare-metal infrastructure is a bonus.</p>
<p>Other pluses include</p>
<ul>
<li>extensive experience in developing services in Python, Rust, or Go</li>
<li>familiarity with using Qubes OS</li>
<li>experience with Docker and Kubernetes</li>
<li>experience in using configuration management such as Ansible or Saltstack</li>
<li>interest in building systems with a heavy focus on security and privacy</li>
<li>experience with low-level performance testing.</li>
</ul>
<h2>Benefits</h2>
<p>We believe in having a life outside of work. That’s why we offer</p>
<ul>
<li>flexible working hours</li>
<li>25 days of annual paid vacation</li>
<li>500 EUR annually in allowance toward wellness-related activities (friskvårdsbidrag)</li>
<li>the possibility of working remotely for extended periods of time.</li>
</ul>
<p>We also offer opportunities for growth. Aside from company-initiated opportunities for attending various national and international conferences, you will also have the option to attend one of your choosing per year. In addition, we’ll pay for any reading material that you feel contributes to your professional development.</p>
<h2>Apply by June 15</h2>
<p>If you’re interested in joining our team, send us an email at <a class="external-link" href="mailto:jobs@mullvad.net" rel="nofollow">jobs@mullvad.net</a> by June 15. Applications will be reviewed as they come in, so the position may be filled before the deadline.</p>
<h2>About us</h2>
<p>Mullvad is a VPN service that helps keep internet users’ online activity, identity, and location private. We are a team fully dedicated to our goal – making internet censorship and surveillance ineffective.</p>Get it now – official release of Mullvad VPN app for macOS2018-03-01T14:42:08+00:00https://www.mullvad.net/fr/blog/2018/3/1/get-it-now-official-release-mullvad-vpn-app-macos/<p>Today, our newly developed VPN app for macOS transitions from beta to stable release!</p>
<p>Get started by <a href="https://mullvad.net/download/">downloading the app</a>. Learn how to install and use the app by reading our <a href="https://mullvad.net/guides/install-and-use-mullvad-app-macos/">macOS app guide</a>.</p>
<p><img alt="Mullvad VPN app for macOS" src="/media/uploads/2017/10/12/mullvad-vpn-app-screenshot-macos.jpg" style="height:50% !important" /></p>
<p>With continued focus on protecting our users' online privacy, <a href="https://mullvad.net/guides/dns-leaks/">DNS leak protection</a> is always on in the new Mullvad VPN app. It also features a built-in "kill switch" which ensures that your traffic is not accidentally leaked outside of our secure tunnel.</p>
<p>We greatly appreciate those of you who have tested the beta versions and given us invaluable feedback.</p>
<p>The macOS platform is only the beginning. Over time, we plan to offer the same polished and intuitive experience across all platforms.</p>
<h2>About the new app</h2>
<p>Protecting one's online privacy should be easy for anyone. To that end, we have intentionally designed our new VPN app with an intuitive user experience at its core.</p>
<p>The new Mullvad VPN app focuses on showing whether your connection is secure or not, and where the Internet thinks you are located. A padlock in the menu bar is a helpful, constant reminder of your status – green means you're connected, red signals that you're not.</p>
<p>If you want to change your location, simply choose from the menu and the app will reconnect automatically. A map clearly indicates where in the world you are connected to one of Mullvad's servers.</p>
<p>Your internet traffic is encrypted from your computer to our servers, protecting you from local surveillance. Using Mullvad also hides your IP address and replaces it with one of ours, giving you increased privacy.</p>
<h2>Release notes</h2>
<p>We made a few minor changes from beta version 10 before releasing stable version 2018.1. Find <a href="https://github.com/mullvad/mullvadvpn-app/releases/tag/2018.1" target="_blank">the changelog for 2018.1</a> on our GitHub page. For those unable to access our website, GitHub also hosts the app's download file.</p>Download beta version 10 of VPN app2018-02-15T14:44:14+00:00https://www.mullvad.net/fr/blog/2018/2/15/download-beta-version-10-vpn-app/<p>macOS users can now <a href="https://mullvad.net/en/guides/beta-app/">download the newest version</a> of our desktop app. Remember to always have the latest beta; we do not support older versions.</p>
<p>Read more about the updates in beta 10 on the download page. For those unable to access our website, <a class="external-link" href="https://github.com/mullvad/mullvadvpn-app/releases" rel="nofollow" target="_blank">GitHub also hosts the app's download file</a>.</p>
<p>Don't have a Mac? The macOS platform is only the beginning. Over time, we plan to offer the same polished and intuitive experience across all platforms.</p>Bitcoin Cash now accepted2018-02-13T09:09:24+00:00https://www.mullvad.net/fr/blog/2018/2/13/bitcoin-cash-now-accepted/<p>You can now pay with Bitcoin Cash (BCH) to top up your VPN time with Mullvad.<br />
<img alt="Bitcoin Cash logo" src="/media/uploads/2018/02/12/bitcoin-cash-logo.png" style="height:145px; width:173px" /> </p>
<p>Once you're <a href="https://mullvad.net/account/login/">logged in</a> to your account page on our website, look for the Bitcoin Cash tab.<br />
<img alt="screenshot of Bitcoin Cash payment page on Mullvad's website" src="/media/uploads/2018/02/13/bch-payment.jpg" style="height:145px; width:396px" /></p>
<p>Bitcoin Cash is the second cryptocurrency that we now accept, joining Bitcoin (BTC). With both options, we do not use third parties for any step in the payment process. We run our own full node in each of the blockchains, one for each currency, and verify incoming payments ourselves.</p>Client version 67 released2018-02-09T13:40:36+00:00https://www.mullvad.net/fr/blog/2018/2/9/client-version-67-released/<p>Windows and Linux users can now update to the newest version of our desktop client. <a href="https://mullvad.net/download/">Download version 67</a> now.</p>
<h2>Changes</h2>
<p>Ask the API for the public IPv4 address (this should fix the Unable to fetch IPv4 address issue).</p>
<h2>Ending support for older versions</h2>
<p>The newest version of our desktop client is an important one for Windows and Linux. In about three weeks, versions older than 66 will no longer be supported. This change will be noticeable if you haven't updated by then, and your client will not work properly. Download version 66 now to ensure a smooth transition.</p>
<h2>macOS users</h2>
<p>If you're running macOS and haven't yet switched over to our new app, please <a href="https://mullvad.net/guides/beta-app/">do so now</a>.</p>
<h2>Change log</h2>
<p>Changes for previous versions can be found in the <a href="https://mullvad.net/media/CHANGES.rst">change log</a>.</p>Download now – beta version 9 with maps2018-01-31T10:39:30+00:00https://www.mullvad.net/fr/blog/2018/1/31/download-now-beta-version-9-maps/<p>Get a whole new visual experience with our VPN app by <a class="external-link" href="https://mullvad.net/en/guides/beta-app/" rel="nofollow">downloading beta version 9</a> for macOS. Remember to always have the latest beta; we do not support older versions.</p>
<p>In the latest version, you'll see exactly where in the world you're connected to one of our servers. If you're disconnected, the Mullvad app will display your actual location.</p>
<p><img alt="screenshot of Mullvad VPN app running on macOS" src="/media/uploads/2018/01/31/mullvad-app-maps.png" style="height:398px; width:300px" /></p>
<p>Compare these results to the information on our <a class="external-link" href="http://am.i.mullvad.net" rel="nofollow">Am I Mullvad tool</a> and you can easily double-check your connection status.</p>
<p>If you're a macOS user, visit <a class="external-link" href="https://mullvad.net/en/guides/beta-app/" rel="nofollow">the app's beta page</a> for the download link and important information. For those unable to access our website, <a class="external-link" href="https://github.com/mullvad/mullvadvpn-app/releases" rel="nofollow" target="_blank">GitHub also hosts the app's download file</a>.</p>
<p>Don't have a Mac? The macOS platform is only the beginning. Over time, we plan to offer the same polished and intuitive experience across all platforms.</p>Client version 66 released2018-01-30T10:09:36+00:00https://www.mullvad.net/fr/blog/2018/1/30/client-version-66-released/<div>
<p>Windows and Linux users can now update to the newest version of our desktop client.</p>
<p><a href="https://mullvad.net/download/" rel="nofollow">Download version 66</a> now.</p>
<h2>Improvements</h2>
<ul>
<li>Reworked the parts communicating with the Mullvad infrastructure.</li>
<li>Removed the encryption methods 128 bit AES, Camellia, SEED and 3DES (Mullvad servers do not support these any more).</li>
</ul>
<h2>Ending support for older versions</h2>
<p>The newest version of our desktop client is an important one for Windows and Linux. In about a month's time, versions older than 66 will no longer be supported. This change will be noticeable if you haven't updated by then, and your client will not work properly. <a href="https://mullvad.net/download" rel="nofollow">Download version 66</a> now to ensure a smooth transition.</p>
<h2>macOS users</h2>
<p>If you're running macOS and haven't yet switched over to our new app, please <a class="external-link" href="https://mullvad.net/en/guides/beta-app/" rel="nofollow">do so now.</a></p>
<h2>Change log</h2>
<p>Changes for previous versions can be found in the <a href="https://mullvad.net/media/CHANGES.rst" rel="nofollow">change log.</a></p>
<p> </p>
</div>Download now – beta version 8 of VPN app2018-01-10T15:30:09+00:00https://www.mullvad.net/fr/blog/2018/1/10/download-now-beta-version-8-vpn-app/<p>Upgrade your macOS Mullvad experience by downloading <a href="https://mullvad.net/en/guides/beta-app/">beta version 8</a> of our new VPN app. Remember to always have the latest beta; we do not support older versions.</p>
<p>The latest version now allows you to activate local network sharing for printing, casting to TV, etc.</p>
<p><img alt="screenshot of Mullvad app's local network sharing option" src="/media/uploads/2018/01/11/app-local-network-sharing.jpeg" style="height:266px; width:300px" /></p>
<p>This release also marks the first open-source version of our app. Take a look at the <a href="https://github.com/mullvad/mullvadvpn-app" target="_blank">source code</a> (on GitHub).</p>
<p>If you're a macOS user, visit <a class="external-link" href="https://mullvad.net/en/guides/beta-app/" rel="nofollow">the app's beta page</a> for the download link and important information. For those unable to access our website, <a href="https://github.com/mullvad/mullvadvpn-app/releases" target="_blank">the download file is also available on GitHub</a>.</p>
<p>Don't have a Mac? The macOS platform is only the beginning. Over time, we plan to offer the same polished and intuitive experience across all platforms.</p>Reflecting on an exciting year2017-12-29T10:35:50+00:00https://www.mullvad.net/fr/blog/2017/12/29/reflecting-exciting-year/<p>For us, 2017 has been an amazing year. We focused primarily on expanding our service across the globe while also reaching some exciting goals.</p>
<p>First, some fun numbers:</p>
<ul>
<li>We increased the number of countries we offer from 17 to 27.</li>
<li>We expanded our number of servers by 175%, from 59 to a total of 162.</li>
<li>The Mullvad team expanded with four employees and three consultants.</li>
<li>Our website is now available in 11 languages.</li>
</ul>
<p>We also gave support to a number of projects that are helping us to make censorship and mass surveillance ineffective:</p>
<ul>
<li>We made a <a class="external-link" href="https://mullvad.net/blog/2017/9/17/mullvad-donates-qubes-os/" rel="nofollow" target="_blank">donation to the Qubes operating system.</a></li>
<li>We <a class="external-link" href="https://ostif.org/top-ostif-donors/" rel="nofollow" target="_blank">donated to the Open Source Technology Improvement Fund</a>'s project audit of OpenSSL 1.1.1.</li>
<li>We <a class="external-link" href="https://mullvad.net/blog/2017/7/13/mullvad-donates-wireguard/" rel="nofollow" target="_blank">supported the WireGuard project</a> with a donation.</li>
<li>We <a class="external-link" href="https://mullvad.net/en/blog/2017/5/16/audits-openvpn-24-have-been-completed/" rel="nofollow" target="_blank">supported the audit of OpenVPN 2.4 </a>with a donation.</li>
</ul>
<p>And of course, we made many improvements to our own service:</p>
<ul>
<li>We released the <a class="external-link" href="https://mullvad.net/en/guides/beta-app/" rel="nofollow">beta version of our next-generation app</a> on macOS.</li>
<li>We <a class="external-link" href="https://www.mullvad.net/en/guides/wireguard-and-mullvad-vpn/" rel="nofollow">integrated the WireGuard protocol</a> with our platform.</li>
<li>We <a class="external-link" href="https://mullvad.net/blog/2017/10/16/mullvad-joins-worlds-most-widely-used-internet-exchange/" rel="nofollow">joined the world's most widely used internet exchange.</a></li>
<li>We continued to add a variety of <a class="external-link" href="https://www.mullvad.net/en/guides/category/privacy/" rel="nofollow">guides on how to increase your privacy</a>.</li>
<li>We launched our online privacy tool <a class="external-link" href="https://am.i.mullvad.net/" rel="nofollow">Am I Mullvad</a>.</li>
<li>We introduced a <a class="external-link" href="https://mullvad.net/en/blog/2017/12/8/introducing-post-quantum-vpn-mullvads-strategy-future-problem/" rel="nofollow">post-quantum secure VPN tunnel</a>.</li>
<li>We <a class="external-link" href="https://mullvad.net/en/blog/2017/12/8/introducing-post-quantum-vpn-mullvads-strategy-future-problem/" rel="nofollow">improved our credit card payment process</a> and added the <a class="external-link" href="https://www.mullvad.net/en/blog/2017/1/23/swish-our-newest-payment-method/" rel="nofollow">Swish payment method</a>.</li>
<li>We <a class="external-link" href="https://www.mullvad.net/en/blog/2017/6/20/mullvads-account-numbers-get-longer-and-safer/" rel="nofollow">strengthened the Mullvad account number</a> by lengthening it to 16 digits.</li>
<li>We introduced <a class="external-link" href="https://www.mullvad.net/en/blog/2017/3/29/mullvad-vpn-now-available-stores/" rel="nofollow">Mullvad in retail stores</a>.</li>
<li>We established our own servers in Norway, providing <a class="external-link" href="https://mullvad.net/en/blog/2017/12/1/new-servers-norway-means-faster-speeds-north-sea-region/" rel="nofollow">faster speeds for the North Sea region</a>.</li>
</ul>
<p>As we wrap up the year, we extend a big thanks to you, our customers, for the continued word-of-mouth recommendations. Enjoy these final days of 2017 and have a Happy New Year!</p>Download now – beta version 7 of VPN app2017-12-13T10:50:18+00:00https://www.mullvad.net/fr/blog/2017/12/13/download-now-beta-version-7-vpn-app/<p>Take advantage of new features and bug fixes in <a href="https://mullvad.net/en/guides/beta-app/">version 7</a> of our new VPN app. Current beta users, please upgrade as we don't support older versions.</p>
<p>In this version, we have addressed DNS leak issues that were previously experienced on some versions of macOS. <a href="https://am.i.mullvad.net/">Test your connection status</a> with our Am I Mullvad online tool.</p>
<p>If you're a macOS user, visit <a class="external-link" href="https://mullvad.net/en/guides/beta-app/" rel="nofollow">the app's beta page</a> for the download link and important information. Remember to always have the latest beta; we do not support older versions.</p>
<p>Don't have a Mac? The macOS platform is only the beginning. Over time, we plan to offer the same polished and intuitive experience across all platforms.</p>Introducing a post-quantum VPN, Mullvad's strategy for a future problem2017-12-08T14:33:52+00:00https://www.mullvad.net/fr/blog/2017/12/8/introducing-post-quantum-vpn-mullvads-strategy-future-problem/<p>As the field of quantum computing progresses, it's possible that today's stored, encrypted information could be decrypted in the future. To mitigate this threat against privacy, we unveil our own post-quantum secure VPN tunnel.</p>
<p>If you're itching to try our beta solution, scroll to the bottom for the how-to guide. Otherwise, read on to learn more about this topic.</p>
<h2>The big picture</h2>
<p>As a result of the digital revolution, it has become cheaper and easier to store and process data. It is so easy, in fact, that these days almost everything we do online is saved forever.</p>
<p>Sometimes data is stored without personal information. However, if at any moment an anonymous set of data becomes linked to an identifiable one (such as when you pay for a drink with your Visa card), it is no longer anonymous. This applies to information not only in the present but also from the past as well as in the future.</p>
<p>We already know that nation- state actors are building huge data centers capable of storing extreme amounts of data. One example is found in the desert of Utah: "The data center is alleged to be able to process 'all forms of communication, including the complete contents of private emails, cell phone calls, and Internet searches, as well as all types of personal data trails'" (<a class="external-link" href="https://en.wikipedia.org/wiki/Utah_Data_Center" rel="nofollow" target="_blank">Wikipedia</a>).</p>
<p>This begs the question: will VPN traffic encrypted with current state-of-the-art methods stay protected if it's saved by such a data center – and for how long?</p>
<h2>The threat of quantum computing</h2>
<p>Encryption algorithms and keys are currently strong enough to make it unrealistic to collect the computing power needed for cracking encryption within a meaningful time frame. There is, however, a looming problem on the horizon.</p>
<p>Quantum computing is still in its infancy, but many scientists now believe the field will see great progress over the coming years. These machines will exploit quantum mechanical phenomena to solve mathematical problems that are difficult for today's conventional computers.</p>
<p>Quantum computers hold enormous potential, but unfortunately they will also break essentially all conventional public key schemes and key exchange algorithms currently in use.</p>
<p>This means that if an organization were to save encrypted network traffic from today, it might very well be crackable in 20 years. This includes encrypted web traffic (HTTPS), VPN and Tor traffic, encrypted messaging apps such as Signal and WhatsApp, and mobile network traffic.</p>
<h2>The promise of post-quantum cryptography</h2>
<p>Fortunately, cryptographers realized this threat years ago and have since been working to develop cryptographic algorithms that are secure against both quantum and classical computers. You might even have used one of these new algorithms unwittingly.</p>
<p>In 2016, <a class="external-link" href="https://security.googleblog.com/2016/07/experimenting-with-post-quantum.html" rel="nofollow" target="_blank">Google experimented with post-quantum cryptography</a> in Chrome, specifically a very promising algorithm called New Hope. That experiment has since come to an end, and with great results.</p>
<p>In September of this year, Cloudflare announced that it had implemented another <a class="external-link" href="https://blog.cloudflare.com/sidh-go/" rel="nofollow" target="_blank">post-quantum secure algorithm called SIDH</a>, but not for use in production.</p>
<p>In order for post-quantum crypto to be integrated into mainstream applications, such as web browsers, they will need to be extensively researched, evaluated, and finally standardized for working across products, such as Firefox, Safari, Chrome, and Edge. To that end, one major milestone was recently reached.</p>
<h2>Working toward accepted standards</h2>
<p>The National Institute of Standards and Technology (NIST) initiated a project with the final goal of standardizing quantum-resistant public-key cryptographic algorithms in 2018. The final deadline for submission of proposals was November 30, 2017.</p>
<p>Sometime next year, cryptographers from all over the world will meet to discuss which algorithms should be standardized. Eventually, these will make their way into browsers, mobile phones, VPN protocols, messaging applications, and any other products built to ensure the security of your data and communication.</p>
<p>This will take time. Quite some time, in fact.</p>
<p>To quote <a class="external-link" href="https://csrc.nist.gov/projects/post-quantum-cryptography" rel="nofollow" target="_blank">NIST</a>, "Historically, it has taken almost two decades to deploy our modern public key cryptography infrastructure. Therefore, regardless of whether we can estimate the exact time of the arrival of the quantum computing era, we must begin now to prepare our information security systems to be able to resist quantum computing."</p>
<h2>Mullvad's post-quantum strategy</h2>
<p>Mullvad's goal is to make mass surveillance and internet censorship ineffective. While quantum computers are a great opportunity for science, they are also a big threat to privacy, one that needs to be mitigated as soon as possible.</p>
<p>With that in mind, we have been following the post-quantum cryptography field for a few years.</p>
<p>Today, we are happy to announce our public beta of a new feature – a post-quantum secure VPN tunnel.</p>
<p>The post-quantum cryptography field is rapidly evolving, and while a few of the underlying math problems of post-quantum crypto have been well researched, it is still somewhat of an open question as to which ones will turn out post-quantum secure.</p>
<p>The key exchange we are introducing support for today uses New Hope, just as Google did in its experiment last year. However, due to the nature of the threat of quantum computing, our strategy is much more conservative.</p>
<p>Our ambition is to develop a key exchange that uses at least three different algorithms, each based on a different math problem. Assuming that at least one of the algorithms turns out to be post-quantum secure, your traffic will be safe too.</p>
<p>Today's beta release (<a class="external-link" href="https://github.com/mullvad/oqs-rs" rel="nofollow" target="_blank">open source on GitHub</a>) is more of a proof of concept than a finished product. It also currently exists only for the WireGuard protocol on Linux. But as WireGuard becomes available for other operating systems, we will extend this solution to them as well.</p>
<p>We look forward to receiving feedback from the community and to refining our solution, one that we intend to fully integrate with Mullvad on all platforms.</p>
<h2>How to use Mullvad's post-quantum key exchange on Linux</h2>
<p>Setting up and using our post-quantum secure VPN tunnel is easy. You'll need to have an active <a class="external-link" href="https://mullvad.net/account/create/" rel="nofollow" target="_self">Mullvad account</a> in order to do so.</p>
<p>Once you've successfully followed the instructions, you will be connected to SE-MMA-WG-PSK-001, our first server on which you can use post-quantum safe keys with WireGuard.</p>
<p><strong>1. Install and run WireGuard</strong><br />
You will first need to <a class="external-link" href="https://mullvad.net/guides/wireguard-and-mullvad-vpn/" rel="nofollow" target="_self">install WireGuard</a> and familiarize yourself with running it.</p>
<p><strong>2. Disconnect from Wireguard</strong><br />
Disconnect from WireGuard before continuing.</p>
<p><strong>3. Download post-quantum setup script</strong><br />
<code>curl -LO https://mullvad.net/media/files/mullvad-pq-client.sh</code></p>
<p><strong>4. Run the setup script</strong><br />
The script will start WireGuard, then establish and register a post-quantum safe key.<br />
<code>chmod +x ./mullvad-pq-client.sh && sudo ./mullvad-pq-client.sh</code></p>
<p>Assuming the script successfully completes, you are now connected! Test your connection with our <a class="external-link" href="https://am.i.mullvad.net" rel="nofollow" target="_self">Am I Mullvad</a> tool.</p>
<p><strong>5. Using the post-quantum tunnel</strong><br />
Now that you have everything set up, the following two commands are all you need for activating/deactivating the post-quantum tunnel as needed.</p>
<p>Activate post-quantum tunnel:<br />
<code>wg-quick up mullvad-pq</code></p>
<p>Deactivate post-quantum tunnel:<br />
<code>wg-quick down mullvad-pq</code></p>Filled: Hiring full-time Rust developer for iOS/Android app2017-12-05T09:17:32+00:00https://www.mullvad.net/fr/blog/2017/12/5/hiring-full-time-rust-developer-iosandroid-app/<p><strong>-- The position has been filled --</strong></p>
<p>We are looking for a Rust engineer, preferably with experience in mobile development, to lead the work on our open source VPN app for mobile platforms.</p>
<p>The app is to be based on <a class="external-link" href="https://mullvad.net/guides/beta-app/" rel="nofollow" target="_self">our macOS app</a> and will be written in Rust and React Native. Aside from exhibiting qualities of a proficient system developer, an ideal candidate will also have experience in the overall process of packaging mobile apps.</p>
<p>This is an ongoing, full-time position. Mullvad is located in Gothenburg, Sweden, but we welcome remote-based applicants too.</p>
<h2>Requirements</h2>
<ul>
<li>You are skilled in Rust, with proven experience in effective problem solving and engineering.</li>
<li>You are also fluent in English.</li>
</ul>
<h2>Nice but not necessary</h2>
<ul>
<li>Experience with both iOS and Android is a big plus but not a requirement.</li>
<li>Preferably you have experience with React Native.</li>
<li>Knowledge of VPN APIs on iOS or Android is also a plus.</li>
</ul>
<h2>Benefits</h2>
<p>We believe in having a life outside of work. That’s why we offer</p>
<ul>
<li style="list-style-type:disc">flexible working hours</li>
<li style="list-style-type:disc">25 days of annual paid vacation</li>
<li style="list-style-type:disc">300 EUR annually in allowance toward wellness-related activities (<em>friskvårdsbidrag)</em></li>
<li style="list-style-type:disc">the possibility of working remotely for extended periods of time.</li>
</ul>
<p>We also offer opportunities for growth. Aside from company-initiated opportunities for attending various national and international conferences, you will also have the option to attend one of your choosing per year. In addition, we’ll pay for any reading material that you feel contributes to your professional development.</p>
<h2>How to apply</h2>
<p>If you’re interested in joining our team, send us an email at <a class="external-link" href="mailto:jobs@mullvad.net" rel="nofollow" style="text-decoration: none;"><u>jobs@mullvad.net</u></a> by 31 January 2018.</p>
<h2>About us</h2>
<p>Mullvad is a VPN service that helps keep internet users’ online activity, identity, and location private. We are a team fully dedicated to our goal – making internet censorship and surveillance ineffective.</p>New servers in Norway mean faster speeds for North Sea region2017-12-01T16:10:41+00:00https://www.mullvad.net/fr/blog/2017/12/1/new-servers-norway-means-faster-speeds-north-sea-region/<p>If you're connecting through our servers in Norway, you will now likely experience faster speeds, thanks to nine new servers in Oslo that we now fully own and have physical control over.</p>
<p>These new servers are part of a network that is highly connected with other so-called peering providers both within Norway and in Denmark, Sweden, and the U.K.</p>
<p>Peering allows for the parties within the network to send their traffic directly to one another rather than taking a longer route over the public Internet. Peering also improves performance, increases redundancy, and decreases latency.</p>
<p>Norway is the latest location in which we completely own our servers, just as we do in the Netherlands and Sweden. Everywhere else worldwide, we rent physical, dedicated servers that are not shared with other customers. Whether we rent or own, we always carefully choose providers, opting for those who share our values concerning privacy.</p>Easily check your online privacy with Am I Mullvad2017-11-29T16:15:26+00:00https://www.mullvad.net/fr/blog/2017/11/29/easily-check-your-online-privacy-am-i-mullvad/<p>While you're connected to Mullvad, your browser could still be leaking information and therefore jeopardizing your privacy. With our new <a class="external-link" href="https://am.i.mullvad.net" rel="nofollow">Am I Mullvad</a> tool, you can now get a quick overview of your connection status.</p>
<p><img alt="screenshot of Am I Mullvad website showing a successful VPN connection" src="/media/uploads/2017/11/29/am-i-mullvad-connected.png" style="height:50% !important" /></p>
<p>Simply visit <a class="external-link" href="https://am.i.mullvad.net" rel="nofollow">am.i.mullvad.net</a> – and consider making it your default homepage. You'll know right away from the website's color whether you’re secure or not. Green means you're connected to Mullvad and safe from tested browser leaks. Red means you're either disconnected from Mullvad or at risk for DNS leaks or WebRTC exposure.</p>
<p>To better understand how certain online services leak information when used incorrectly, we encourage you to read our guides on <a class="external-link" href="https://mullvad.net/guides/first-steps-towards-online-privacy/" rel="nofollow">privacy</a> and <a class="external-link" href="https://mullvad.net/guides/bittorrent/" rel="nofollow">using BitTorrent.</a></p>
<h2>API available</h2>
<p>We also provide an <a class="external-link" href="https://am.i.mullvad.net/api" rel="nofollow">API for Am I Mullvad</a> which can be used with your own software or script to automatically check your privacy.</p>Download now – new beta version of VPN app2017-11-13T12:42:36+00:00https://www.mullvad.net/fr/blog/2017/11/13/download-now-new-beta-version-vpn-app/<p>Take advantage of new features and bug fixes in the updated version of our new VPN app. Current beta users, take the time to upgrade as we don't support older versions.</p>
<p>Newly integrated features include the ability to report a problem directly from the app and being able to choose between TCP and UDP.</p>
<p><img alt="macOS screenshot of the advance settings in Mullvad's new VPN app" src="/media/uploads/2017/11/13/beta-guide-adv-settings.png" style="height:300px; width:300px" /></p>
<p>If you're a macOS user, visit <a class="external-link" href="https://mullvad.net/guides/beta-app/" rel="nofollow">the app's beta page</a> for the download link and important information. Remember to always have the latest beta; we do not support older versions.</p>
<p>Don't have a Mac? The macOS platform is only the beginning. Over time, we plan to offer the same polished and intuitive experience across all platforms.</p>Why the topic of product reviews is complicated2017-10-25T09:13:11+00:00https://www.mullvad.net/fr/blog/2017/10/25/why-topic-product-reviews-complicated/<p>Did you know that many product reviews found on the Internet are actually paid ads in disguise? It's a complicated topic, but one that we have a clear position on.</p>
<p>We invite you to read our <a href="https://mullvad.net/guides/policy-reviews-advertising-and-affiliates/">policy on reviews, advertising, and affiliates</a> which answers, among other things, our stance on third-party reviews of our VPN service.</p>Client version 65 released2017-10-24T07:54:52+00:00https://www.mullvad.net/fr/blog/2017/10/24/client-version-65-released/<p>Version 65 of the Mullvad client is now available for download!</p>
<p> </p>
<h2>Improvements</h2>
<ul>
<li>It bundles the latest version of OpenVPN 2.4.4 for Windows and MacOS.</li>
<li>The client now defaults to using servers in Sweden or the Netherlands.</li>
<li>The settings.ini backup files include the date so that recovery of account numbers should be easier if the file gets corrupted.</li>
<li>We have removed obfsproxy.</li>
<li>Fixes an issue causing the serverlist to not be updated</li>
<li>Included information on how to improve your privacy when connected the first time and when entering the account number</li>
</ul>
<p>More changes can be found in the <a href="http://mullvad.net/media/CHANGES.rst">change log</a>.</p>Put Mullvad on your car!2017-10-22T14:40:24+00:00https://www.mullvad.net/fr/blog/2017/10/22/put-mullvad-your-car/<p>That's right, our latest sticker is perfect for your car's bumper, or very large laptop. Plus, they're free! Are t-shirts more your thing? We've got those too.</p>
<p>Just <a class="external-link" href="https://mullvad.net/guides/mullvad-stickers-and-merchandise/" rel="nofollow">follow our instructions</a> and we'll send you a package.</p>Be one of the first – try our new VPN app2017-10-17T16:01:50+00:00https://www.mullvad.net/fr/blog/2017/10/17/be-one-first-try-our-new-vpn-app/<p>It has arrived! Our newly rebuilt VPN app is available to the public, in beta, for the first time ever.</p>
<p>If you're a macOS user, head on over to <a class="external-link" href="https://mullvad.net/guides/beta-app/" rel="nofollow">the app's beta page</a> where you'll find a download link and important information.</p>
<p>Don't have a Mac? The macOS platform is only the beginning. Over time, we plan to offer the same polished and intuitive experience across all platforms.</p>Mullvad joins world's most widely used internet exchange2017-10-16T06:22:50+00:00https://www.mullvad.net/fr/blog/2017/10/16/mullvad-joins-worlds-most-widely-used-internet-exchange/<p>In a continued effort to improve our infrastructure, we have established a 10-Gbit connection at one of the world's largest internet exchange points, located in Amsterdam. We've also doubled our server capacity in both Amsterdam and Stockholm.</p>
<p>Joining this internet exchange means that if you're used to connecting through our Netherlands servers, you will now likely experience faster speeds.</p>
<p>For more details, <a href="http://news.cision.com/mullvad--amagicom-ab-/r/mullvad-joins-one-of-world-s-largest-internet-exchanges,c2363593" target="_blank">read our press release</a>.</p>Announcing the new Mullvad VPN app2017-10-12T14:56:22+00:00https://www.mullvad.net/fr/blog/2017/10/12/announcing-new-mullvadvpn-app/<p>Protecting one's online privacy should be easy for anyone. To that end, we have intentionally designed our new VPN app with an intuitive user experience at its core.</p>
<p><img alt="the new Mullvad VPN app as seen on a macOS desktop" src="/media/uploads/2017/10/12/mullvad-vpn-app-screenshot-macos.jpg" style="height:50% !important" /></p>
<p>The new Mullvad VPN app focuses on showing whether your connection is secure or not, and where the Internet thinks you are located. A padlock in the menu bar is a helpful, constant reminder of your status – green means you're connected, red signals that you're not.</p>
<p>If you want to change your location, simply choose from the menu and the app will reconnect automatically. A map clearly indicates where in the world you are connected to one of Mullvad's servers.</p>
<p>Our next-generation app ensures the same level of privacy that we've always offered. Your internet traffic is encrypted from your computer to our servers, protecting you from local surveillance.</p>
<p>Using Mullvad also hides your IP address and replaces it with one of ours, giving you increased privacy and the ability to access content that might otherwise be unavailable to your location.</p>
<h2>Public beta out soon</h2>
<p>We're still in a closed beta phase, but stay tuned! Our public beta version for macOS will soon be released and we look forward to your giving it a try.</p>
<p><a id="beta-program" name="beta-program"></a>While we'd love to offer the new Mullvad VPN app to all of our users simultaneously, we need to start somewhere. The macOS platform is only the beginning. Over time, we plan to offer the same polished and intuitive experience across all platforms.</p>
<h2>Chance to earn a year of free VPN time</h2>
<p>We've tested the app extensively ourselves, but getting it into your hands and receiving your feedback makes all the difference! That's why we're looking for a few testers to join our beta research program and provide us with qualitative feedback.</p>
<p>Testing will involve trialing the new app for one week, followed by a 15-minute interview over Skype, at a date and time of your convenience. As a thank you for helping us, participants will receive a one-year Mullvad subscription.</p>
<p>Reach out to our user experience consultants – <a class="external-link" href="https://docs.google.com/forms/d/e/1FAIpQLSeSI0Liz8vye5vwFAlafXCdKPjog3q54rbboyn1gB8cCJd0pQ/viewform" rel="nofollow" target="_blank">apply to join our beta research program</a> (opens in external site).</p>
<p>You are not required to join the research program to try the app.</p>
<p> </p>Completed: Planned maintenance in Amsterdam2017-10-02T17:48:27+00:00https://www.mullvad.net/fr/blog/2017/10/2/planned-maintenance-amsterdam/<p>Completed 2017-10-05<br />
<br />
Starting 3 October, our servers in Amsterdam will be going through a major update. The work is scheduled to last 2–3 days and should not affect our customers, fingers crossed. We will post information on our website when the work is complete.</p>WireGuard is the future2017-09-27T11:58:25+00:00https://www.mullvad.net/fr/blog/2017/9/27/wireguard-future/<p>Here at Mullvad, we've been spearheading the adoption of WireGuard in the VPN world.<br />
Our co-founder Fredrik Strömberg talks about how he first came across this promising VPN protocol and why he believes it's the future.</p>
<p style="margin-left:40px">Since Mullvad's inception in 2008, we have striven to stand at the forefront of VPN technology. This urge is constantly driven by our ideology that freedom of expression and privacy are fundamental to a well-functioning society.</p>
<p style="margin-left:40px">Like any organization, we sometimes find weaknesses in our own software. But over the years, as we've faced challenges, we've also seized opportunities. As a result, we've been either first or early adopters in</p>
<ul style="margin-left:80px">
<li>not requiring any personal information from customers</li>
<li>supporting OpenVPN (among consumer-targeted VPN services)</li>
<li>providing a custom, open-source VPN app for Windows, macOS, and Linux</li>
<li>supporting IPv6</li>
<li>preventing DNS, Teredo, and IPv6 leaks</li>
<li>accepting anonymous payments with Bitcoin and cash</li>
<li>supporting traffic obfuscation (through obfsproxy).</li>
</ul>
<p style="margin-left:40px">Looking back on the development of VPN technology, it is clear that WireGuard has joined the ranks as a game changer.</p>
<h2 style="margin-left:40px">WireGuard is our wish list</h2>
<p style="margin-left:40px">Back in early 2015, <a class="external-link" href="https://torrentfreak.com/anonymous-vpn-service-provider-review-2015-150228" rel="nofollow" target="_blank">we were asked by TorrentFreak</a> which cryptographic primitives we recommend. Our answer: "...ideally we would recommend Ed25519 for certificates, Curve25519 for key exchange (ECDHE), and ChaCha20-Poly1305 for data streams but that suite isn’t supported by OpenVPN."</p>
<p style="margin-left:40px">These are the exact primitives that WireGuard contains, but at that time, they were nothing more than a wish list.</p>
<p style="margin-left:40px">Fast forward to the summer of 2016 when I first stumbled upon WireGuard. After studying its technical whitepaper, I was convinced of its potential. Not long after, in early 2017, we had our first public WireGuard test server up and available for anyone to use. To this day, our integration of WireGuard into Mullvad continues to expand.</p>
<h2 style="margin-left:40px">Simple, sound, solid</h2>
<p style="margin-left:40px">We find WireGuard beneficial for a number of reasons. Its simplistic design in few lines of code makes it easier for sysadmins and developers to integrate it correctly – and harder for them to get it wrong.</p>
<p style="margin-left:40px">WireGuard is also cryptographically opinionated. In other words, it supports only one cryptographic suite and that's it. Supporting multiple suites, so-called "cipher agility," may sound more optimal, but history has shown that this introduces unnecessary complexity and leads to security vulnerabilities. The WireGuard protocol design, however, allows for changing to a new suite should there ever be a problem.</p>
<p style="margin-left:40px">The algorithms that the WireGuard developers chose to use are based on a combination of solid theoretical work, great performance, and sound design. They have no state- and data-dependent variations in timing, thereby reducing the risk of certain cryptographic attacks.</p>
<p style="margin-left:40px">In layman's terms, these algorithms are relatively simple to implement correctly which minimizes the likelihood of security bugs. For these and other reasons, it's no wonder they are becoming increasingly popular and considered by many as state-of-the-art.</p>
<h2 style="margin-left:40px">Mass adoption is only a matter of time</h2>
<p style="margin-left:40px">As part of our continued efforts to spearhead the adoption of this technology, our intention is to make WireGuard our default VPN protocol. We encourage others to do likewise.</p>
<p style="margin-left:40px">Currently, only a small number of services are experimenting with WireGuard. But as awareness of its potential spreads, adoption of WireGuard will grow considerably.</p>
<p style="margin-left:40px">If you're a technical user on Linux, we recommend using WireGuard. As it becomes available on other platforms, we will recommend it for those as well.</p>
<p style="margin-left:40px">We believe that WireGuard is improving not only our own products but also the world as a whole, which is why <a class="external-link" href="https://mullvad.net/blog/2017/7/13/mullvad-donates-wireguard/" rel="nofollow" target="_self">Mullvad's donation to WireGuard</a> was a no-brainer (you can also <a class="external-link" href="https://www.wireguard.com/donations/" rel="nofollow" target="_blank">donate to WireGuard</a>). But more specifically, WireGuard will move the world one step closer to our own vision – of making mass surveillance ineffective.</p>
<p style="margin-left:40px">"WireGuard" is a registered trademark of Jason A. Donenfeld.</p>Mullvad donates to Qubes OS2017-09-17T12:03:48+00:00https://www.mullvad.net/fr/blog/2017/9/17/mullvad-donates-qubes-os/<p>We are excited to announce our support for the <a class="external-link" href="https://www.qubes-os.org/" rel="nofollow" target="_blank">Qubes operating system</a> with a sizeable <a href="https://www.qubes-os.org/partners/" target="_blank">donation toward the project's continued development</a>.<br />
We recognize Qubes as one of the most important security-related projects out there at the moment.</p>
<p>The Mullvad team has been using Qubes in its day-to-day operations since early 2015. It allows us to compartmentalize and isolate activities with different security requirements, such as server administration, software development, and password management.</p>
<p>For us, Qubes is an important tool in our efforts to make censorship and mass surveillance ineffective. If you're concerned with the security of your computer, then you potentially have a lot to gain from using Qubes.</p>
<p>Qubes is free and open source, so whether you're a user or recognize the value in this project, then consider <a class="external-link" href="https://www.qubes-os.org/donate/" rel="nofollow" target="_blank">donating to the Qubes project</a> too.</p>
<p><a href="https://www.qubes-os.org/" target="_blank"><img alt="Qubes logo" src="/media/uploads/2017/09/14/qubes-logo-icon.png" style="height:128px; width:128px" /></a></p>Simplified steps for WireGuard setup2017-09-13T12:30:55+00:00https://www.mullvad.net/fr/blog/2017/9/13/simplified-steps-wireguard-setup/<p>WireGuard has been fully integrated with Mullvad for a while now, and with that, we've made it even easier to get started using the protocol with our service.</p>
<p>Check out our updated <a href="https://www.mullvad.net/guides/wireguard-and-mullvad-vpn/">guide on pairing WireGuard and Mullvad on Linux</a>. In this updated version, the need for you to generate public/private keys and create the mullvad.conf file has been replaced by a simple script written for us by WireGuard lead developer Jason A. Donenfeld.</p>Filled: Hiring full-time lead developer for iOS/Android app2017-09-08T13:00:01+00:00https://www.mullvad.net/fr/blog/2017/9/8/hiring-full-time-lead-developer-iosandroid-app/<p><strong>-- The position has been filled --</strong></p>
<p>We are looking for an experienced iOS/Android developer to lead the work on our VPN client for mobile platforms. This person is self motivated, has proven success in overseeing all aspects of an entire project, and can estimate deadlines and meet them.</p>
<p>Over the course of the project, you will oversee the integration of the VPN client with the system's APIs as well as the conversion of a ReactDOM project to React Native.</p>
<p>You will collaborate with other members of the team who are working in their areas of expertise.</p>
<h2>Requirements</h2>
<p>As the lead role in the development and deployment of our VPN mobile application for both Android and iOS, you are responsible for the success of the project as a whole. This project is complex, so good communication skills are a must.</p>
<p>You must of course be comfortable with iOS or Android. In addition, you are skilled in system programming with C, C++ or Rust.</p>
<p>You are also fluent in at least English or Swedish.</p>
<h2>Nice but not necessary</h2>
<p>Preferably, you have experience with React Native.</p>
<p>Knowledge of VPN APIs on iOS or Android is also a plus.</p>
<h2>Benefits</h2>
<p>We believe in having a life outside of work. That’s why we offer</p>
<ul>
<li style="list-style-type:disc">flexible working hours</li>
<li style="list-style-type:disc">25 days of annual paid vacation</li>
<li style="list-style-type:disc">300 EUR annually in allowance toward wellness-related activities (<em>friskvårdsbidrag</em>)</li>
<li style="list-style-type:disc">the possibility of working remotely for extended periods of time.</li>
</ul>
<p>We also offer opportunities for growth. Aside from company-initiated opportunities for attending various national and international conferences, you will also have the option to attend one of your choosing per year.</p>
<p>In addition, we’ll pay for any reading material that you feel contributes to your professional development.</p>
<h2>Apply by 1 October</h2>
<p>If you’re interested in joining our team, send us an email at <a class="external-link" href="mailto:jobs@mullvad.net" rel="nofollow" style="text-decoration: none;">jobs@mullvad.net</a> by 1 October 2017.</p>
<p>This is an ongoing, full-time position. Mullvad is located in Gothenburg, Sweden, but we welcome remote-based applicants too.</p>
<h2>About us</h2>
<p>Mullvad is a VPN service that helps keep internet users’ online activity, identity, and location private. We are a team fully dedicated to our goal – making internet censorship and surveillance ineffective.</p>One website, eight languages2017-09-07T08:50:43+00:00https://www.mullvad.net/fr/blog/2017/9/7/one-website-eight-languages/<p>Deutsch, español, français, português, pусский, svenska, Türkçe – our website is currently translated into a total of seven other languages. That's German, Spanish, French, Portuguese, Russian, Swedish, and Turkish.</p>
<p>Just click on globe icon found in the upper right-hand corner of our website and choose your language preference. For the time being, our blog posts and guides will remain available in English only.</p>
<p><img alt="screenshot of language options on Mullvad's website" src="/media/uploads/2017/09/07/mullvad-website-languages.jpg" style="height:207px; width:301px" /><br />
<small>A screenshot of our website in Russian.</small></p>Improved credit card payment process2017-09-05T09:36:08+00:00https://www.mullvad.net/fr/blog/2017/9/5/improved-credit-card-payment-process/<p>We've streamlined the process for using credit card to add more VPN time to your Mullvad account. Credit card payments are now integrated into our website and quick to complete.</p>
<p>Once you're logged in to your account page on our website, look for the new payment method tab for credit card.</p>
<p><img alt="screenshot of credit card payment tab" src="/media/uploads/2017/09/05/credit-card-payment-tab.jpg" style="height:142px; width:500px" /></p>
<p>When you click on the Pay button, a new payment page on our website will load. Here, you'll only need to enter your credit card number, expiration date, and CCV.</p>
<p>This is the only page on which we have allowed the <a class="external-link" href="https://stripe.com/" rel="nofollow" target="_blank">Stripe payment platform</a> to communicate with your browser. Stripe is the third-party platform we are using to provide this service.</p>
<h2>Remaining anonymous when paying</h2>
<p>Please keep in mind that the third-party companies we use for certain payment methods log your information.</p>
<p>As we clarify in <a class="external-link" href="https://www.mullvad.net/blog/2017/1/13/clarifying-our-no-logging-policy/" rel="nofollow" target="_self">our no-logging policy</a>, it is out of our control that these companies have records showing which people have paid us money.</p>
<p>If you want to remain anonymous, we suggest that you pay instead with cash or Bitcoin.</p>Client version 64 released2017-09-04T15:02:03+00:00https://www.mullvad.net/fr/blog/2017/9/4/client-version-64-released/<p>The much awaited version 64 of the Mullvad client is now available for <a href="https://mullvad.net/download">download</a>!</p>
<h2>Improvements</h2>
<ul>
<li>It bundles the latest version of OpenVPN 2.4.3.</li>
<li>It authenticates using username and password instead of certificates.</li>
<li>It increases privacy in the problem reports.</li>
<li>It is nicer to your MacBook's battery life.</li>
<li>It handles more esoteric network configurations on Windows.</li>
</ul>
<p>More changes can be found in the <a href="http://mullvad.net/media/CHANGES.rst">change log</a>.</p>Resolved: Problems with bitcoin payments2017-09-01T10:51:06+00:00https://www.mullvad.net/fr/blog/2017/9/1/problems-bitcoin-payments/<p>Update: Bitcoin payments works normal again. All payments credited!</p>
<p>(We're currently having issues with bitcoin payments not getting credited and working to get it fixed.)</p>WireGuard servers in 10 locations2017-08-23T09:26:47+00:00https://www.mullvad.net/fr/blog/2017/8/23/wireguard-servers-10-locations/<p>Germany and Switzerland are the two latest countries in which we have deployed WireGuard servers. Canada, France, the Netherlands, Norway, Sweden, the U.K, and two U.S. locations are also available.</p>
<p>Give the new VPN protocol a try with Mullvad and let us know what you think. Reference <a class="external-link" href="https://mullvad.net/servers/#wireguard" rel="nofollow">our list of WireGuard servers</a> for all locations and relevant information.</p>
<h2>Get started with WireGuard</h2>
<p>Read our guide on <a class="external-link" href="https://www.mullvad.net/guides/wireguard-and-mullvad-vpn/" rel="nofollow">how to install and run WireGuard with Mullvad</a>. As outlined in the guide, you need to be running the Linux operating system.</p>
<h2>About WireGuard</h2>
<p><a class="external-link" href="https://www.wireguard.io/" rel="nofollow">WireGuard</a> is a new VPN protocol designed with simplicity in mind and is meant to be easily implemented in very few lines of code. In addition, the protocol can easily be reviewed by individuals for security vulnerabilities. WireGuard performs very well on consumer routers.</p>New features for WireGuard users2017-08-07T14:53:44+00:00https://www.mullvad.net/fr/blog/2017/8/7/new-features-wireguard-users/<div>
<p>WireGuard is now one step closer to full integration with Mullvad. Along with some new features, we have now automated the process for signing up to use WireGuard with our VPN service.</p>
<h2>Updated guide</h2>
<p>You can now test WireGuard with Mullvad without contacting our support team. You'll need to first <a class="external-link" href="https://www.mullvad.net/account/create/" rel="nofollow" target="_self">sign up for a Mullvad account</a> (if you don't already have one). Then just follow our updated <a class="external-link" href="https://www.mullvad.net/guides/wireguard-and-mullvad-vpn/" rel="nofollow" target="_self">guide on testing WireGuard with Mullvad on Linux</a> to automatically register your public key and receive an IP address.</p>
<p>With a Mullvad account, you can register up to five WireGuard public keys and run up to five simultaneous OpenVPN connections. WireGuard and OpenVPN will work in parallel.</p>
<p>If you are currently evaluating WireGuard without a Mullvad account, your public keys will expire 1 September 2017. To continue testing WireGuard with our servers after that date, you will need to sign up for a Mullvad account.</p>
<h2>Multihop with WireGuard</h2>
<p>All WireGuard servers are connected to one another, so forwarding from one server to another is possible by using different ports.</p>
<p>In addition, each WireGuard server has two SOCKS5 proxies that it responds to. You can configure your browser or other programs to utilize them for exiting from a different server than the one you connected to.</p>
<p>See <a href="https://www.mullvad.net/guides/wireguard-and-mullvad-vpn/" target="_self">our guide on using WireGuard with Mullvad</a> for instructions.</p>
<h2>Mullvad's WireGuard servers</h2>
<p>Consult our list of <a href="https://mullvad.net/servers/#wireguard">WireGuard servers</a>.</p>
<h2>Extra WireGuard resources</h2>
<p><a class="external-link" href="https://mullvad.net/guides/category/wireguard/" rel="nofollow" target="_self">Our WireGuard guides</a> can help you get started.</p>
<p>Looking for even more? Check out <a class="external-link" href="https://mullvad.net/blog/tag/wireguard/" rel="nofollow" target="_self">our blog posts on WireGuard</a>.</p>
</div>WireGuard servers in UK and France available2017-08-02T10:17:09+00:00https://www.mullvad.net/fr/blog/2017/8/2/wireguard-servers-uk-and-france-available/<p>If you'd like to test WireGuard with Mullvad, we now have two more countries on the list, namely UK and France!</p>
<p>Please look at <a href="http://mullvad.net/servers/">our VPN serverlist</a> to get their public keys and domain names</p>
<p>WireGuard is a new VPN protocol designed with simplicity in mind and is available for testing under Linux with our VPN. We are offering this service in compliance with <a class="external-link" href="https://www.mullvad.net/blog/2017/1/13/clarifying-our-no-logging-policy/" rel="nofollow">Mullvad's strict no-logging policy.</a></p>
<h2>Get started with WireGuard</h2>
<p>Read our guide on <a href="https://www.mullvad.net/guides/wireguard-and-mullvad-vpn/">how to install and run WireGuard with Mullvad</a>. As outlined in the guide, you need to be running the Linux operating system and will have to contact Mullvad's support team in order to provide your public key and be assigned a test IP address.</p>
<h2>About WireGuard</h2>
<p>Not only is <a href="https://www.wireguard.io/">WireGuard</a> simple but it's also meant to be easily implemented in very few lines of code. In addition, the VPN protocol can easily be reviewed by individuals for security vulnerabilities. WireGuard performs very well on consumer routers.</p>Mullvad donates to WireGuard2017-07-13T13:04:12+00:00https://www.mullvad.net/fr/blog/2017/7/13/mullvad-donates-wireguard/<p>If you've been following our blog recently, then you're well aware that we see potential in the <a class="external-link" href="http://www.wireguard.io" rel="nofollow" target="_blank">WireGuard VPN protocol</a>. We've therefore decided to support the project's development through December <a href="https://www.wireguard.io/donations/" target="_blank">with a sizeable donation</a>.</p>
<h2><img alt="WireGuard logo" src="/media/uploads/2017/07/13/wireguard-banner.jpg" style="height:69px; width:350px" /></h2>
<h2>Why we like WireGuard</h2>
<p>We find WireGuard beneficial for a number of reasons:</p>
<ul>
<li>the focus on simplicity and usability in its design</li>
<li>the ease at which it can be audited and verified</li>
<li>the high speed at which it performs</li>
<li>its use of state-of-the-art cryptography.</li>
</ul>
<h2>Using WireGuard with Mullvad</h2>
<p>If you like testing new things, then check out <a class="external-link" href="https://mullvad.net/guides/category/wireguard/" rel="nofollow" target="_self">our WireGuard guides</a> to help you get started.</p>How to run WireGuard on a router2017-07-07T13:42:16+00:00https://www.mullvad.net/fr/blog/2017/7/7/how-run-wireguard-router/<p>If you're interested in WireGuard, then you'll want to read our newest guide on <a class="external-link" href="https://mullvad.net/guides/running-wireguard-router/" rel="nofollow" target="_self">how to install and run WireGuard on a router</a>. In this post, we outline the benefits of using WireGuard.</p>
<p><img alt="routers" src="/media/uploads/2017/07/07/routers.jpg" style="height:107px; width:500px" /><br />
<small>We've tested WireGuard on five routers: two Linksys models, ASUS, GL-INET6416, and NUC.</small></p>
<h2>What are the benefits?</h2>
<p>Installing WireGuard on your router comes with a number of benefits:</p>
<ul>
<li>You can secure your whole network and all devices connected to the router.</li>
<li>You can run the same Mullvad account on more than five devices (a router and anything connected to it is counted as one device).</li>
<li>Via the router, you can run Mullvad on devices that have no support for OpenVPN or WireGuard.</li>
<li>Multihopping is possible via the SOCKS5 proxy when using Mullvad with WireGuard.</li>
<li>Compared to OpenVPN, WireGuard is a considerably faster protocol – connecting and disconnecting more quickly – and operates more seamlessly.</li>
</ul>
<h2>WireGuard is a faster protocol</h2>
<p>Below you can compare our results of running WireGuard and OpenVPN on various LEDE routers connected to Mullvad. In every case, WireGuard outperforms OpenVPN.</p>
<pre>
<strong>Router </strong>|<strong> CPU </strong>|<strong> OpenVPN </strong>|<strong> WireGuard </strong>
-----------------------------------------------------------------------------
GL-iNet6416 | 400mhz | 2–5 Mbit/s | 30–40 Mbit/s
ASUS RT-N66U | 600mhz | 5–10 Mbit/s | 40–60 Mbit/s
Linksys WRT1200AC | 1.3Ghz | 20–25 Mbit/s | 250–300 Mbit/s
Linksys WRT1900AC | 1.6Ghz | 30–35 Mbit/s | 300–350+ Mbit/s
NUC QuadCore Celeron | 2.0GHZ | 60–100 Mbit/s | 650+ Mbit/s (maximum unknown)
</pre>
<p> </p>
<h2>Are there disadvantages?</h2>
<p>In certain scenarios, you could end up "bricking" your router, meaning the device will stop working entirely (we've addressed this in the guide).</p>
<p>We are running WireGuard servers in a limited number of locations. However, we are slowly expanding this list (see <a class="external-link" href="https://mullvad.net/guides/our-vpn-servers/#wireguard-servers" rel="nofollow" target="_self">our list of WireGuard servers</a>).</p>
<h2>About WireGuard</h2>
<p><a class="external-link" href="https://www.wireguard.io/" rel="nofollow" target="_blank">WireGuard</a> is a new VPN protocol designed with simplicity in mind. Back in March, we made <a class="external-link" href="https://mullvad.net/blog/2017/3/10/test-wireguard-mullvad/" rel="nofollow" target="_self">WireGuard available for Linux testing with Mullvad</a>. We are offering this service in compliance with <a class="external-link" href="https://www.mullvad.net/blog/2017/1/13/clarifying-our-no-logging-policy/" rel="nofollow" target="_self">Mullvad's strict no-logging policy.</a></p>
<p>Not only is WireGuard simple but it's also meant to be easily implemented in very few lines of code. In addition, the VPN protocol can easily be reviewed by individuals for security vulnerabilities. It is suitable for smart phones, small embedded devices, and fully loaded backbone routers.</p>Blocked four times in our quest2017-07-05T13:59:59+00:00https://www.mullvad.net/fr/blog/2017/7/5/blocked-four-times-our-quest/<p>Last week, our entire team ventured deep into the very core of Mullvad Central. However, roadbloacks stood in our way. One obstacle was expected. Two wasn't a surprise. But they kept coming!</p>
<p><img alt="a door" src="/media/uploads/2017/07/05/door-x.jpg" style="height:300px; width:200px" /> <img alt="another door" src="/media/uploads/2017/07/05/door-z.jpg" style="height:300px; width:200px" /> <img alt="yet another door" src="/media/uploads/2017/07/05/door-y.jpg" style="height:300px; width:200px" /></p>
<p>Four nondescript doors later, we finally stood before what we'd come to see – our primary server hall! While we have a trusting relationship with our providers and meet them on a regular basis, seeing our very own servers in person was a first for some on our team.</p>
<p>We can relay to you, our valued customers, that the Mullvad servers were all blinking with glee.</p>
<p><img alt="" src="/media/uploads/2017/07/05/blinking-lights_DPQ1t6E.jpg" style="height:300px; width:200px" /> <img alt="" src="/media/uploads/2017/07/05/datahall.jpg" style="height:300px; width:400px" /></p>Mullvad's account numbers get longer – and safer2017-06-20T17:42:28+00:00https://www.mullvad.net/fr/blog/2017/6/20/mullvads-account-numbers-get-longer-and-safer/<p>As of today, we are increasing the length of our account numbers to 16 digits. Customers with 12- or 13-digit numbers can continue using the service without taking any action.</p>
<h2>Our account numbers help keep your identity private</h2>
<p>A Mullvad account can be created without supplying any personal information. Not even an email address is needed. Along with the fact that <a href="https://mullvad.net/blog/2017/1/13/clarifying-our-no-logging-policy/">we keep no activity logs</a> and that we encourage anonymous payments with Bitcoin or cash, this is a fundamental reason why Mullvad is good at keeping your online activity, identity, and location private.</p>
<h2>Why can't I choose my own account number?</h2>
<p>Having the account number generated for you instead of allowing you to choose it yourself may feel limiting and strange, but this method provides some benefits:</p>
<p><strong>A consistent format limits confusion and errors.</strong><br />
For instance, customers who mail in cash payments often hand write the corresponding account number on paper.</p>
<p><strong>It keeps the accounts more anonymous.</strong><br />
A username that is picked by the user could potentially help in identifying that user. For example, a user might choose the same username that is used on other services, or the language and style of the username may give away their country of origin or cultural background.</p>
<p><strong>It prevents a user from selecting a weak password.</strong><br />
It is a known fact that many people use weak passwords and/or use the same password across multiple services. With a lengthy and random account number, we can ensure that it is long enough to be secure and greatly reduce the risk that it will be used for another service, since that would require the user to copy the hard-to-remember number they got from us and use it elsewhere.</p>
<p>Your account number is, in a sense, both the username and the password at Mullvad. It is both the account's unique token (username) and the secret that authenticates the account toward our service (password). You should keep it just as safe and secret as a password.</p>
<h2>Can't someone guess my account number?</h2>
<p>A newly created Mullvad account number is a 16-digit decimal in the "1000 0000 0000 0000" to "9999 9999 9999 9999" range. This allows for a total of 8.99 quadrilion possible account numbers. Assuming our customers are actively using 100,000 different accounts with us, one would need to guess on average 45 billion times in order to find a working account. This is practically impossible.</p>
<p>Even the 12- and 13-digit numbers are actually 40 randomized bits and thus amount to 2^40 possible combinations, or 1,099,511,627,776. It would take, on average, 5.5 million tries in order to find a working account. This is still unlikely to happen because of the amount of guesses needed.</p>
<p>We also take countermeasures against trying out many account numbers in a fast sequence, but due to the growing number of customers, it's time to increase the length.</p>
<h2>What if someone were to successfully guess my account number?</h2>
<p>In short, that person would then be able to use Mullvad VPN for free since an account is allowed to make up to five connections simultaneously.</p>
<p>If you suspect this is happening, <a href="mailto:support@mullvad.net">contact our support team</a> to change your account number. Doing so will make your old account number invalid and anyone else who has it will not be able to connect with it.</p>
<p>If you're worried that somebody with your account number will be able to eavesdrop on your traffic through the VPN tunnel, don't be! The encryption key is only available on your device.</p>
<p>Apart from this, a stolen account number should have minimal, if any, impact on privacy or otherwise. This is because no personal information is made available by the account number or when you connect to the service. The only details available are the expiry time and which ports are forwarded (if any).</p>
<p>This by itself should not pose an issue, but if someone has also obtained other information about you, it could be sensitive. In the average case it should not be a problem, but for the very paranoid (or for those whose threat model says otherwise), not forwarding any ports is an option.</p>
<p>The most important think you can do to avoid any of the issues above is to keep your account number secret.</p>
<h2>Should I update to a longer account number?</h2>
<p>You can consider doing so the next time your account expires. Instead of renewing the old one, just create a new account. No rush though. As mentioned above, this is not an issue for most users.</p>
<p>As always, keep your account number in a safe place! But if you lose it, consult <a href="https://mullvad.net/guides/lost-account/">our guide on retrieving your account</a>.</p>Resolved: Technical issues affecting the webserver and also payments2017-06-17T04:37:56+00:00https://www.mullvad.net/fr/blog/2017/6/17/resolved-technical-issues-affecting-webserver-and-also-payments/<h2>The issues have been resolved.</h2>
<p> </p>
<p>We are currently having technical issues affecting the webserver and also payments, The VPN servers should continue to function as normal, we are working on resolving the issue.</p>
<p>Update:</p>
<p>- 13:48 the issues have been resolved.<br />
- 04:52 also affecting "Time left" in Mullvad client<br />
<br />
We apologize for the inconvenience.</p>WireGuard test server in Netherlands available2017-06-11T14:57:31+00:00https://www.mullvad.net/fr/blog/2017/6/11/wireguard-test-server-netherlands-available/<p>If you'd like to test WireGuard with Mullvad, we now have three dedicated test servers available, one in Sweden, U.S.A and our newest one in the Netherlands!</p>
<p>WireGuard is a new VPN protocol designed with simplicity in mind and is available for Linux testing with our VPN. We are offering this service in compliance with <a class="external-link" href="https://www.mullvad.net/blog/2017/1/13/clarifying-our-no-logging-policy/" rel="nofollow">Mullvad's strict no-logging policy.</a></p>
<h2>Get started with WireGuard</h2>
<p>Read our guide on <a href="https://www.mullvad.net/guides/wireguard-and-mullvad-vpn/">how to install and run WireGuard with Mullvad</a>. As outlined in the guide, you need to be running the Linux operating system and will have to contact Mullvad's support team in order to provide your public key and be assigned a test IP address.</p>
<h2>About WireGuard</h2>
<p>Not only is <a href="https://www.wireguard.io/">WireGuard</a> simple but it's also meant to be easily implemented in very few lines of code. In addition, the VPN protocol can easily be reviewed by individuals for security vulnerabilities. WireGuard performs very well on consumer routers.</p>Tips for keeping a blog anonymous2017-06-07T07:52:17+00:00https://www.mullvad.net/fr/blog/2017/6/7/tips-keeping-blog-anonymous/<p>Ever thought about establishing a blog but wanted to remain anonymous? Our latest privacy-related guide covers this topic and gives you tips for keeping your pen name and real identity separate.</p>
<p>Starting an anonymous blog is much more complicated than you may think. You'll want to consider using a separate computer altogether for your blog. Hiding your IP address is also key.</p>
<p>Use <a class="external-link" href="https://mullvad.net/guides/how-blog-anonymously/" rel="nofollow">our guide on how to blog anonymously</a> to make sure you're aware of the necessary steps.</p>Filled: Hiring full-time developer with infrastructure focus2017-06-02T14:28:58+00:00https://www.mullvad.net/fr/blog/2017/6/2/hiring-full-time-developer-infrastructure-focus/<p><strong>-- The position has been filled --</strong></p>
<p>We are looking for an Infrastructure Developer with the ambition and experience to further design and develop Mullvad’s infrastructure. This person understands the challenges of running hundreds of bare-metal servers and appreciates the importance of infrastructure automation and continuous delivery.</p>
<p>You will collaborate with the rest of the development team as well as with operations. Ideally, you will become a primary driving force in the entire DevOps process.</p>
<h2>Requirements</h2>
<p>You have a few years’ experience in working with a wide variety of tools for provisioning, deployment, monitoring, alerting, and metrics. In addition, you know which tools to choose that best suit the task at hand, such as Ansible, Puppet, Chef, Docker, Kubernetes, CoreOS, Git, Terraform, a .deb repository or, simply, Bash.</p>
<p>Here’s what you’ll also bring to the team:</p>
<ul>
<li style="list-style-type:disc">experience in scripting and programming languages</li>
<li style="list-style-type:disc">proficiency in building Linux systems</li>
<li style="list-style-type:disc">experience with continuous integration and deployment tools</li>
<li style="list-style-type:disc">experience with system administration in Linux.</li>
</ul>
<p>You are also fluent in at least Swedish or English.</p>
<h2>Nice but not necessary</h2>
<p>Preferably you have worked in an environment where building, testing, and releasing software happens rapidly, frequently, and reliably.</p>
<p>Other pluses include</p>
<ul>
<li style="list-style-type:disc">extensive experience with developing in Python</li>
<li style="list-style-type:disc">experience with network security</li>
<li style="list-style-type:disc">experience with monitoring tools like Graphite or ELK Stack</li>
<li style="list-style-type:disc">familiarity in using Qubes OS</li>
<li style="list-style-type:disc">knowledge in secure deployment workflows.</li>
</ul>
<h2>Benefits</h2>
<p>We believe in having a life outside of work. That’s why we offer</p>
<ul>
<li style="list-style-type:disc">flexible working hours</li>
<li style="list-style-type:disc">25 days of annual paid vacation</li>
<li style="list-style-type:disc">3,000 SEK annually in <em>friskvårdsbidrag</em> (allowance toward wellness-related activities)</li>
<li style="list-style-type:disc">the possibility of working remotely for extended periods of time.</li>
</ul>
<p>We also offer opportunities for growth. Aside from company-initiated opportunities for attending various national and international conferences, you will also have the option to attend one of your choosing per year. In addition, we’ll pay for any reading material that you feel contributes to your professional development.</p>
<h2>How to apply</h2>
<p>If you’re interested in joining our team, send us an email at <a class="external-link" href="mailto:jobs@mullvad.net" rel="nofollow" style="text-decoration: none;"><u>jobs@mullvad.net</u></a>.</p>
<h2>About us</h2>
<p>Mullvad is a VPN service that helps keep internet users’ online activity, identity, and location private. We are a team fully dedicated to our goal – making internet censorship and surveillance ineffective.</p>Client version 63 released2017-05-29T13:40:00+00:00https://www.mullvad.net/fr/blog/2017/5/29/client-version-63-released/<p>Version 63 of the Mullvad client which includes a bunch of fixes for our Windows users and an upgrade to OpenVPN 2.4.2 is now available for <a href="https://mullvad.net/download">download</a>.</p>
<h2>Improvements</h2>
<p>OpenVPN 2.4.2 which was released after the <a href="https://mullvad.net/blog/2017/5/16/audits-openvpn-24-have-been-completed/">security audit of its source code</a> is now bundled with our client on Windows and macOS.</p>
<p>We now install the NDIS5 version of the TAP driver on Windows 7 which should improve the throughput on some machines running Windows 7.</p>
<p>The Windows 10 Creators Update changed the way Windows handles DNS resolution which could cause some of our customers to experience performance problems. This release makes sure you will not experience these issues.</p>
<p>We have added a fallback mechanism for the client to talk to our account server which should make it easier for customers on networks which hijack DNS traffic to connect to our servers.</p>
<p><br />
More changes can be found in the <a href="https://mullvad.net/media/CHANGES.rst">change log</a>.</p>The audits of OpenVPN 2.4 have been completed2017-05-16T08:51:38+00:00https://www.mullvad.net/fr/blog/2017/5/16/audits-openvpn-24-have-been-completed/<p>As one of the <a href="https://ostif.org/top-ostif-donors/">sponsors</a> of one of the audits, Mullvad is pleased to see that no major security issues were found.<br />
The issues that have been reported back to the OpenVPN developers have been fixed in OpenVPN 2.4.2.<br />
You can read more about the results <a href="https://ostif.org/the-openvpn-2-4-0-audit-by-ostif-and-quarkslab-results/">here</a>.</p>Resolved: Issues with paypal payments2017-05-05T17:51:43+00:00https://www.mullvad.net/fr/blog/2017/5/5/issues-paypal-payments/<p>Resolved: We are currently having issues with paypal payments taking a lot longer to get processed, we apologize for the inconvenience</p>
<p> </p>Learn to use encrypted email2017-04-27T06:00:00+00:00https://www.mullvad.net/fr/blog/2017/4/27/learn-use-encrypted-email/<p>Our new <a class="external-link" href="https://mullvad.net/guides/using-encrypted-email/" rel="nofollow">privacy guide on using encrypted email</a> walks you through setting up the Mozilla Thunderbird email application in order to easily send PGP-encrypted emails and even decrypt received messages.</p>
<p>This guide is a follow-up to <a class="external-link" href="https://mullvad.net/guides/basics-encryption/" rel="nofollow">our guide on the basics of encryption</a> which we recommend that you read first.</p>WireGuard test server in U.S. available2017-04-19T07:54:28+00:00https://www.mullvad.net/fr/blog/2017/4/19/wireguard-test-server-us-available/<p>If you would like to test WireGuard with Mullvad, we now have two dedicated test servers available, a new one in New York, U.S.A, and the first one in Sweden.</p>
<p><a href="http://www.wireguard.io/" target="_blank">WireGuard</a> is a new VPN protocol designed with simplicity in mind and is available for Linux testing with our VPN. We are offering this service in compliance with <a class="external-link" href="https://www.mullvad.net/blog/2017/1/13/clarifying-our-no-logging-policy/" rel="nofollow" target="_self">Mullvad's strict no-logging policy.</a></p>
<h2>Get started with WireGuard</h2>
<p>Read our guide on <a href="https://www.mullvad.net/guides/wireguard-and-mullvad-vpn/" target="_self">how to install and run WireGuard with Mullvad</a>. As outlined in the guide, you need to be running the Linux operating system and will have to contact Mullvad's support team in order to provide your public key and be assigned a test IP address.</p>
<h2>About WireGuard</h2>
<p>Not only is WireGuard simple but it's also meant to be easily implemented in very few lines of code. In addition, the VPN protocol can easily be reviewed by individuals for security vulnerabilities. It is suitable for both smart phones, small embedded devices and fully loaded backbone routers.</p>Learn how to encrypt messages2017-04-07T06:36:34+00:00https://www.mullvad.net/fr/blog/2017/4/7/learn-how-encrypt-message/<p>Learn about <a href="https://mullvad.net/guides/basics-encryption/" target="_self">the basics of encryption</a> in our latest guide on privacy. We'll walk you through the steps on how to create your own encryption key, how to encrypt a message and send it to someone, and how to decrypt a message that you have received.</p>Planned maintenance 2017-04-052017-04-03T12:08:56+00:00https://www.mullvad.net/fr/blog/2017/4/3/planned-maintenance/<p>On Wednesday, maintenance is planned for parts of our infrastructure. This may cause temporary disruption of the service. We will do our best to minimize the time this will affect you.</p>
<p>The maintenance will start at <strong>2017-04-05 07:00:00 UTC</strong> and will likely last less than one hour.</p>
<p>During the maintenance the following things might not work:</p>
<ul>
<li>The account page on our website, including account creation, making new payments and managing ports.</li>
<li>Using the mullvad client on any new devices. Using already configured clients should continue to work.</li>
<li>Port forwarding. It will however work if you've logged on before the maintenance.</li>
<li>Information about time left and forwarded ports in the client and on the website.</li>
<li>Downloading OpenVPN configuration files.</li>
<li>Payment processing. Any payments made during this time will be processed once the maintenance is done.</li>
</ul>
<p>The account page and OpenVPN configuration page on the website will be disabled during this period to avoid confusion.</p>
<p>If you notice anything odd after the maintenance, such as a payment not being credited to your account, please contact our support at <a href="mailto:support@mullvad.net">support@mullvad.net</a>.</p>Mullvad VPN now available in stores2017-03-29T08:14:59+00:00https://www.mullvad.net/fr/blog/2017/3/29/mullvad-vpn-now-available-stores/<p>Mullvad VPN can now be purchased in shops and online stores throughout the Nordic region, thanks to a partnership with <a href="http://www.esetscandinavia.com/" target="_blank">Eurosecure</a>, the distributor of ESET antivirus software products in Scandinavia.</p>
<p><img alt="Mullvad VPN in ESET packaging" src="/media/uploads/2017/03/29/mullvad-eset-box.jpg" style="height:300px; width:400px" /></p>
<p>Retailers that already sell ESET's products will also carry Mullvad VPN packages that contain an anonymous activation code to be used with a Mullvad account.</p>
<p><a href="http://news.cision.com/mullvad--amagicom-ab-/r/eset-eurosecure-partners-with-mullvad-throughout-entire-nordic-region,c2225288" target="_blank">Read our entire press release</a> for more information, or check out <a href="https://www.lianapress.se/pressmeddelanden/sakerhet/eseteurosecure-inleder-nordiskt-samarbete-med-mullvad-vpn.html" target="_blank">Eurosecure's press release in Swedish</a>.</p>New guide on changing your MAC address2017-03-24T06:00:00+00:00https://www.mullvad.net/fr/blog/2017/3/24/new-guide-changing-your-mac-address/<p>Our latest guide on <a href="https://mullvad.net/guides/changing-your-mac-address/" target="_self">how to change your computer's MAC address</a> helps to increase your online anonymity. This is particularly useful if you tend to move around to different locations with your computer, such as to cafes, libraries, and airports.</p>Server upgrades to offer better speeds and security2017-03-16T11:33:59+00:00https://www.mullvad.net/fr/blog/2017/3/16/server-upgrades-offer-better-speeds-and-security/<p><strong>Status: 2017-03-29 10:10</strong> (CET) - OpenVPN 2.4.0 upgrade completed on all VPN servers.</p>
<p>On March 16, we will begin upgrading our servers to OpenVPN version 2.4.0. In conjunction, we will introduce changes to our ports, protocols, and ciphers, all of which will provide improved service to our customers. We will also upgrade our server certificates from 2048-bit RSA with SHA1 to 4096-bit RSA with SHA512.</p>
<h2>How does this affect you?</h2>
<p>If you are using the Mullvad client, you do not need to do anything as the changes will be implemented automatically.</p>
<p>If you have a router running OpenVPN and want to benefit from all of the changes, you need to <a class="external-link" href="https://www.mullvad.net/download/config/" rel="nofollow" target="_self">download a new configuration file</a> and <a class="external-link" href="https://openvpn.net/index.php/open-source/downloads.html" rel="nofollow" target="_blank">upgrade to OpenVPN 2.4.0</a>. You may experience a drop in connection as we restart servers. The updating process can be monitored in <a class="external-link" href="https://mullvad.net/guides/our-vpn-servers/" rel="nofollow" target="_self">our VPN servers guide</a>.</p>
<h2>OpenVPN 2.4.0</h2>
<p>With the upgrade to OpenVPN 2.4.0 comes support for the AES cipher mode GCM which offers better performance on most modern hardware. It will also be possible to use any cipher on any port. BF-CBC, AES-CBC, and AES-GCM will become available on all ports and protocols. Please note that AES-256-GCM will always be the preferred default with OpenVPN 2.4.0.</p>
<h2>New ports added</h2>
<p>We are adding more ports:</p>
<ul>
<li>TCP port 80</li>
<li>UDP port 1301</li>
<li>UDP port 1302</li>
</ul>
<h2>Why make these changes?</h2>
<ul>
<li>We want to offer AES on TCP. Currently, we only offer it on UDP.</li>
<li>We want to speed up our migration from Blowfish to AES. AES is more secure, has hardware support, is more efficient, and scales better.</li>
<li>We are adding more ports in order to efficiently use our server capacity. This will allow us to offer faster speeds.</li>
<li>Moving to 4096-bit RSA certificates with SHA512 will guarantee stronger security.</li>
</ul>
<p>For a complete list of available ports and to read more, check out <a class="external-link" href="https://www.mullvad.net/guides/mullvad-client-advanced-options/" rel="nofollow" target="_self">our guide on advanced options in the Mullvad client</a>.</p>
<p>If you have any questions, please contact <a class="external-link" href="mailto:support@mullvad.net" rel="nofollow">support@mullvad.net</a>.</p>Version 62 released2017-03-14T13:52:35+00:00https://www.mullvad.net/fr/blog/2017/3/14/version-62-released/<div>
<p>Version 62 of the Mullvad client is now available for <a class="external-link" href="https://mullvad.net/download" rel="nofollow">download</a>. The primary changes include upgrading OpenVPN to version 2.4 on Windows and Mac, and resolving a problem causing the client to connect very slowly after sleep on Mac.</p>
<h2>Improvements</h2>
<p>We now bundle OpenVPN 2.4 on Windows and Mac. This should improve performance and security as soon as our servers also get this upgrade. There will be another post on the server side of this upgrade soon!</p>
<p>This release changes the algorithm for how we reach out to servers. This should mainly improve how fast a new tunnel can be set up on Mac after it wakes up from sleep.</p>
<p>We have added Turkish to the set of languages in the client. So if your operating system is set to Turkish, the client should also be in Turkish.</p>
<p> </p>
<h2>Bug fixes</h2>
<p>We have addressed a problem where customers could be left unprotected, if their subscription expired while they were using Mullvad.</p>
<p>Version 62 also includes a couple of bug fixes, the details of which can be found in the <a class="external-link" href="https://mullvad.net/media/CHANGES.rst" rel="nofollow">change log</a>, as usual.</p>
</div>Test WireGuard with Mullvad2017-03-10T06:48:04+00:00https://www.mullvad.net/fr/blog/2017/3/10/test-wireguard-mullvad/<p>WireGuard, a new VPN protocol designed with simplicity in mind, is now available for Linux testing with Mullvad. We are offering this service in compliance with <a class="external-link" href="https://www.mullvad.net/blog/2017/1/13/clarifying-our-no-logging-policy/" rel="nofollow">Mullvad's strict no-logging policy</a></p>
<h2>Get started with WireGuard</h2>
<p>Read our <a class="external-link" href="https://www.mullvad.net/guides/wireguard-and-mullvad-vpn/" rel="nofollow">guide on how to install and run WireGuard with Mullvad</a>. As outlined in the guide, you need to be running the Linux operating system and will have to contact Mullvad's support team in order to provide your public key and be assigned a test IP address.</p>
<h2>About WireGuard</h2>
<p>Not only is <a class="external-link" href="https://www.wireguard.io/" rel="nofollow">WireGuard</a> simple but it's also meant to be easily implemented in very few lines of code. In addition, the VPN protocol can easily be reviewed by individuals for security vulnerabilities. It is suitable for both smart phones, small embedded devices and fully loaded backbone routers. </p>New servers in Sweden, Canada, and U.S.2017-02-22T07:10:38+00:00https://www.mullvad.net/fr/blog/2017/2/22/new-servers-sweden-canada-and-us/<p style="text-align:start">Mullvad users in Stockholm, Toronto, Vancouver, and Buffalo, New York, can now experience markedly faster connections speeds through our newest, local VPN servers. This also means even better service for customers in the surrounding regions. Find the server closest to you on the list of <a class="external-link" href="https://www.mullvad.net/guides/our-vpn-servers/" rel="nofollow" style="color: rgb(53, 114, 176); text-decoration: none;">our 29 server locations worldwide</a>. </p>
<p style="text-align:start"><a class="external-link" href="http://news.cision.com/mullvad--amagicom-ab-/r/mullvad-delivers-faster-vpn-connectivity-with-regional-expansion,c2194502" rel="nofollow" style="color: rgb(53, 114, 176); text-decoration: none;" target="_blank">Read the related press release.</a></p>Discontinuing support for PPTP2017-01-31T10:01:50+00:00https://www.mullvad.net/fr/blog/2017/1/31/discontinuing-support-pptp/<p style="text-align:left">At the end of February, we will discontinue our support for PPTP. This will only affect a minuscule number of Mullvad customers.</p>
<h2 style="text-align:left">Am I affected?</h2>
<p style="text-align:left">You are not affected</p>
<ul style="list-style-type:disc">
<li>if you are using the Mullvad client</li>
<li>if you know that you are using OpenVPN.</li>
</ul>
<p style="text-align:left">If, however, you have been using our guide on <a href="https://mullvad.net/guides/pptp/" style="color: rgb(53, 114, 176) !important; text-decoration: none;" target="_self">how to set up a PPTP tunnel</a>, you are affected. PPTP users should update to OpenVPN.</p>
<p style="text-align:left">We will shut down our PPTP support on February 28, 2017.</p>
<h2 style="text-align:left">Why the discontinued support?</h2>
<p style="text-align:left">PPTP is outdated and no longer supported. The protocol contains numerous weaknesses that we have always been aware of. Yet, we have supported it – with a clear, strong warning – for use cases in which having a securely encrypted tunnel is not critical. OpenVPN is a much better alternative and is supported virtually everywhere.</p>
<p style="text-align:left">Unaffected users are not at risk as our hardware running PPTP is physically separate from our OpenVPN servers.</p>
<p style="text-align:left">If you need help migrating to OpenVPN or would like a refund, please contact <a href="mailto:support@mullvad.net" style="color: rgb(53, 114, 176) !important; text-decoration: none;">support@mullvad.net</a>.</p>Plugins that help and hurt your privacy2017-01-27T09:43:12+00:00https://www.mullvad.net/fr/blog/2017/1/27/plugins-help-and-hurt-your-privacy/<p style="text-align:left">We continue our series on how you can improve your online privacy. This time we focus on plugins – some you can install and others that you should disable to keep you safe.</p>
<ol>
<li style="text-align:left"><a href="https://mullvad.net/blog/2016/12/5/privacy-universal-right/" target="_self">Privacy is a universal right</a> – an introduction to what privacy is, the importance of it, and why Mullvad ultimately exists.</li>
<li style="text-align:left"><a href="https://mullvad.net/guides/first-steps-towards-online-privacy/" target="_self">First steps toward online privacy</a> – simple tools to improve your online privacy habits.</li>
<li style="text-align:left"><a href="https://mullvad.net/guides/second-steps-toward-online-privacy/" target="_self">Second steps toward online privacy</a> – how to enforce encryption, block trackers and ads, automatically delete unused cookies, and more.</li>
</ol>Swish, our newest payment method!2017-01-23T14:13:30+00:00https://www.mullvad.net/fr/blog/2017/1/23/swish-our-newest-payment-method/<p style="text-align:start"><strong>-- 2018-09-03 We now use "swish för handel" - please do not send swish payment to the old swish number, use the swish payment-tab on our web! --</strong><br />
<br />
Swedish residents can now use Swish as a payment method for using Mullvad. Easily swish money to us from your mobile device!</p>
<p style="text-align:start">Our Swish number is <strong>XXXXXX</strong>. The recipient is <strong>Amagicom AB</strong>.</p>
<p style="text-align:start"><img alt="Swish logo" src="/media/uploads/2017/01/09/swish-logo.jpg" style="float:right; height:169px; margin-left:10px; margin-right:10px; width:128px" />Please enter your Mullvad account number under "Message to the recipient".</p>
<p style="text-align:start">Swish 50 SEK for every month of service required. For example, 100 SEK is equivalent to two months.</p>
<p style="text-align:start"><a class="external-link" href="https://www.getswish.se/aktivera/" rel="nofollow" style="color: rgb(53, 114, 176); text-decoration: none;" target="_blank">Activate Swish easily</a> and for free through your bank and download the app on your smartphone. Many Swedish banks, including SEB, Nordea, and Handelsbanken, support Swish.</p>
<p style="text-align:start">Please note that it usually takes up to one day before the payment is processed. For quicker processing, email <a class="external-link" href="mailto:support@mullvad.net" rel="nofollow" style="color: rgb(53, 114, 176); text-decoration: none;">support@mullvad.net</a> after you have made the payment.</p>Clarifying our no-logging data policy2017-01-13T08:58:19+00:00https://www.mullvad.net/fr/blog/2017/1/13/clarifying-our-no-logging-policy/<p>The content of this blog post is <strong>outdated</strong>.</p>
<p>Read our <a href="https://www.mullvad.net/guides/no-logging-data-policy/">no-logging data policy</a> for the most up-to-date information.</p>
<p> </p>
<p>Our homepage states, "we do not store activity logs of any kind." Despite this, we receive a lot of questions about what this means and information storage in general. We are here with a clarification.</p>
<h2 style="text-align:start"><img alt="no logs" src="/media/uploads/2017/01/13/no-logs.png" style="border-style:solid; border-width:0px; float:right; height:200px; width:200px" />We want you to remain anonymous</h2>
<p style="text-align:start">When you sign up for Mullvad, we do not ask for any personal information – no username, no password, no email address. Instead, a random account number is generated, a so-called numbered account. This number is the only identifier a person needs in order to use a Mullvad account. This is a fundamental difference that sets us apart from most other services. </p>
<p style="text-align:start">Anyone at anytime can create as many numbered accounts as they wish on our website. An account can be used by multiple people or by someone other than the person who initially generated it.</p>
<p style="text-align:start">A Mullvad account has two properties: the account number and the time remaining on that account. When an account is created, it comes loaded with three hours to try Mullvad for free. At once the countdown starts. After those three hours have passed, the account has no time left. Using it to connect to Mullvad is no longer possible unless it is loaded with more time.</p>
<p style="text-align:start"><strong>Question:</strong> How many numbered accounts does Mullvad have?<br />
<strong>Answer:</strong> At the time of writing this post, Mullvad has 555,541 numbered accounts. These accounts could have been created by 555,541 unique people, or by one person 555,541 times.</p>
<p style="text-align:start">This is the data we store for an account¹:</p>
<pre style="text-align:start">
account number | expiry date
xxxxxxxxxxx | 20170730
</pre>
<h2 style="font-style:normal; text-align:start"><br />
How Mullvad handles payment information</h2>
<p style="text-align:start">Let's take a transparent look at the information we do store in order to handle payments.</p>
<p style="text-align:start">You can pay money to the numbered account and therefore acquire more VPN time. Mullvad accepts Bitcoin, cash, bank wire, credit card, PayPal, and Swish. Here's how we handle each type of payment.</p>
<h3 style="color:#333333; font-style:normal; text-align:start">Cash</h3>
<p style="text-align:start">Put the money in an envelope together with the account number in question and send it to us. We will open the envelope, add time to the account (corresponding to the amount of cash sent), and then use a shredder to destroy the envelope and its non-money contents. We have no way of knowing who made the payment and who the account belongs to. Even if a person were to address the envelope, there is still no way to prove that he or she generated the account or is even using it.</p>
<p style="text-align:start">This is what we store when a cash payment comes in¹:</p>
<pre style="text-align:start">
payment | account number | amount | currency | timestamp
xxxxxx | xxxxxxxxxxxx | 5.0 | USD | 2016-12-09 10:38:23
</pre>
<h3 style="color:#333333; font-style:normal; text-align:start"><br />
Bitcoin</h3>
<p style="text-align:start">This is digital cash, so the process is the same as with physical cash but without humans or any third parties involved. We run our own full node in the blockchain and we verify incoming payments ourselves. Again, we don't use third parties for any step in the bitcoin payment process, from the generation of QR codes to adding time to accounts.</p>
<p style="text-align:start">We store these payment details for bitcoin¹:</p>
<pre style="text-align:start">
payment | account number | amount | currency | timestamp | bitcoin address
xxxxxx | xxxxxxxxxxxx | 0.00564 | BTC | 2016-12-10 06:36:12 | xxxxxxxxxx
</pre>
<h3 style="color:#333333; font-style:normal; text-align:start"><br />
Credit card, PayPal, Swish, and bank wire</h3>
<p style="text-align:start">For credit card, PayPal, Swish, and bank wire, we do use third parties: Stripe, PayPal, and our bank SEB (which handles both Swish and bank wire). These kinds of companies log everything. For that reason alone, it is out of our control that they have records showing which people have paid us money. They store this data for many years.</p>
<p style="text-align:start">As a customer of their services, these entities would allow us to request this information if we chose to do so. In short, your payment actions with these two methods are not anonymous, and there is nothing we can do about it.</p>
<p style="text-align:start">Here's the information we store for Swish and bank wires¹:</p>
<pre style="text-align:start">
payment | account number | amount | currency | timestamp
xxxxxx | xxxxxxxxxxxx | 30 | EUR | 2016-12-09 00:01:06
</pre>
<p>Here's the information we store for credit card payments via Stripe¹:</p>
<pre>
payment | account number | amount | currency | timestamp | stripe_charge_id
xxxxxx | xxxxxxxxxxxx | 10 | EUR | 2016-12-15 20:42:26 | xxxxxxxxx</pre>
<p><small>The value under stripe_charge_id is a unique token that, in the Stripe payment system, can be linked to your credit card and this unique payment.</small></p>
<p style="text-align:start">Here's the information we store for PayPal transactions¹:</p>
<pre style="text-align:start">
payment | account number | amount | currency | timestamp | transaction_id | e-mail
xxxxxx | xxxxxxx | 15 | EUR | 2016-12-10 06:40:00 | xxxxxxxxxxxxx | name@emailacct.com
</pre>
<p style="text-align:start"><br />
<strong>Question:</strong> Why do you store transaction_id and e-mail?<br />
<strong>Answer:</strong> Since we support 30-day refunds and because we encounter certain transaction issues from PayPal (for example, double payments and subscription problems), we need to be able to track payments in order to give customers the service we offer. We only duplicate the information since PayPal already has it.</p>
<p style="text-align:start">It's important to note that neither Swish nor PayPal have your Mullvad account number since we encrypt it. If, however, you send a bank wire or Swish payment, the bank will have the account number in its "message" field of the transaction.</p>
<h3 style="color:#333333; font-style:normal; text-align:start"><br />
Activation codes</h3>
<div>
<p>Here's the information we store for activation codes¹:</p>
<pre>
payment | account number | amount | timestamp | voucher_id | activation_code
xxxxxx | xxxxxxxxxxxx | 30 | 2016-12-09 00:01:06 | xxxxxx | xxxxxxxxxxx</pre>
<p> </p>
</div>
<h2 style="font-style:normal; text-align:start">What we don't log</h2>
<p style="text-align:start">We log nothing whatsoever that can be connected to a numbered account's activity:</p>
<ul style="list-style-type:disc">
<li style="text-align:start">no logging of traffic</li>
<li style="text-align:start">no logging of DNS requests</li>
<li style="text-align:start">no logging of connections, including when one is made, when it disconnects, for how long, or any kind of timestamp</li>
<li style="text-align:start">no logging of IP addresses</li>
<li style="text-align:start">no logging of user bandwidth</li>
<li style="text-align:start">no logging of account activity except total simultaneous connections (explained below) and the payment information detailed in this post.</li>
</ul>
<p style="text-align:start">Our OpenVPN server log configuration:</p>
<pre style="text-align:start">
verb 0
log-append /dev/null
</pre>
<h2 style="font-style:normal; text-align:start"><br />
Data that we do handle</h2>
<p style="text-align:start">Our VPN servers send three types of data to our monitoring system:</p>
<ul style="list-style-type:disc">
<li>total number of current connections</li>
<li>CPU load per core</li>
<li>total bandwidth used per server.</li>
</ul>
<p style="text-align:start">We log the total sum of each of these statistics in order to monitor the health of each individual VPN server. We ensure that the system isn't overloaded, and we monitor the servers for potential attacks, bugs, and network issues.</p>
<p style="text-align:start">We also monitor the real-time state of total connections per account as we only allow for five connections simultaneously. As we do not save this information, we cannot, for example, tell you how many connections your account had five minutes ago.</p>
<p style="text-align:start">With regard to our web servers, we handle certain types of information in the following ways:</p>
<ul style="list-style-type:disc">
<li>We store normal Apache logs for up to 24 hours.</li>
<li>Information older than 24 hours is deleted and only aggregated information about number of hits and number of visitors to our website is saved.</li>
<li>We refrain from sending usage statistics to external parties such as Google Analytics.</li>
<li>Our website uses three cookies (updated 2017 March 28):
<ul>
<li>sessionid (one hour), which keeps users logged in to their accounts</li>
<li>django_language (until browser is closed), which keeps track of a user's selected language</li>
<li>csrftoken (one year), which prevents a malicious website from tricking a user into submitting a POST request to us, otherwise known as cross-site request forgery.</li>
</ul>
</li>
</ul>
<h2 style="font-style:normal; text-align:start">In summary</h2>
<p style="text-align:start">We strongly believe in having a minimal data retention policy. We hope this post has answered all of your questions.</p>
<h2 style="font-style:normal; text-align:start">Notes</h2>
<p style="text-align:start">¹The table's format and header names have been simplified for the purpose of making the principles mentioned in this post easy to understand.</p>Use Mullvad on your Android device2017-01-05T07:46:20+00:00https://www.mullvad.net/fr/blog/2017/1/5/use-mullvad-your-android-device/<div>
<p>Mullvad is compatible with your preferred Android device. Our latest step-by-step guide shows you <a class="external-link" href="https://mullvad.net/guides/installing-mullvad-android-devices" rel="nofollow">how to install and connect to Mullvad VPN on Android devices.</a></p>
</div>Malmö datacenter currently down - resolved2017-01-01T15:09:25+00:00https://www.mullvad.net/fr/blog/2017/1/1/malmo-datacenter-currently-down/<p>Dear customers, Malmö had a power outage around 01:00am CET today, We are currently working with the aftermath of this</p>
<p>Update 15:43 CET - Malmö back in production again, however work still in progress. If any problem, contact support@mullvad.net</p>
<p>Update 15:55 CET - network dipp, back again</p>
<p> </p>Our year of expansion – looking back on 20162016-12-19T16:13:54+00:00https://www.mullvad.net/fr/blog/2016/12/19/our-year-expansion-looking-back-2016/<p>We have had an amazing year at Mullvad. In 2016, we focused primarily on expanding our service across the globe. Here's a rundown of the improvements we've made:</p>
<ul>
<li>We increased the number of countries we offer by more than 250%, adding servers in Austria, Belgium, Bulgaria, the Czech Republic, Denmark, Italy, Lithuania, Norway, Romania, Singapore, Spain, Switzerland, and the UK.</li>
<li>We expanded our server capacity by 150% from 23 to a total of 59.</li>
<li>We launched a new website, complete with <a class="external-link" href="https://mullvad.net/guides/" rel="nofollow">helpful user guides.</a></li>
<li>Our team increased with two full-time hires.</li>
<li>We released new client software.</li>
<li><a class="external-link" href="https://mullvad.net/blog/2016/11/29/increased-security-socks5-proxy/" rel="nofollow">SOCKS5 proxy</a> is now available on all of our servers.</li>
<li>
<p>We proudly <a class="external-link" href="https://mullvad.net/blog/2016/10/24/mullvad-sponsors-owasp-security-conference/" rel="nofollow">sponsored the OWASP security conference</a> in Gothenburg.</p>
</li>
<li>
<p>We <a class="external-link" href="https://mullvad.net/blog/2016/8/15/increased-security-from-server-upgrade/" rel="nofollow">upgraded our server infrastructure</a> to deliver increased security.</p>
</li>
<li>We mitigated a rather nasty <a class="external-link" href="https://mullvad.net/blog/2016/8/3/mullvad-protected-against-microsoft-security-issue/" rel="nofollow">information leak for Windows users.</a></li>
<li>
<p>For the security conscious, we started signing our client releases.</p>
</li>
</ul>
<p>Thanks for having been a part of this exciting year with us. We hope you enjoy these final days of 2016 and wish you a Happy New Year!</p>How to Tamper Protect a Laptop – With Nail Polish2016-12-14T08:08:30+00:00https://www.mullvad.net/fr/blog/2016/12/14/how-tamper-protect-laptop-nail-polish/<p>We just acquired a new laptop! And given our work with security, we do everything we can to protect our hardware. Even if it means using glittery nail polish. In this post, we'll show you one of our methods for tamper protecting our workstations.</p>
<h2>What exactly is tamper protection?</h2>
<p>Let's first talk about what tamper protection is. Basically, it's when you keep an object from being physically accessed by someone you don't trust. Think about clothing stores and those annoying plastic devices found on apparel which are meant to keep you from stealing.</p>
<p>Of course, we'd have to go through great lengths to make our hardware fully tamper proof. But what we're doing is making it possible for us to detect if someone has made changes to our computers, thereby making the device no longer trustworthy.</p>
<h2>Identifying vulnerable areas</h2>
<p>If you look on the back of a laptop, you'll find screws that can be removed to give access to the hardware inside. Exposed ports, such as the one for docking the laptop, are also a vulnerability.</p>
<p>These are the key areas which we want to be able to identify for tampering. In order to do so, we bring out the professional materials – stickers and nail polish.</p>
<h2>Step by step</h2>
<p>First, we cover each of the screws with a black sticker which blends in nicely with the laptop's black finish.</p>
<p> </p>
<p><img alt="" src="/media/uploads/2016/12/14/tamper_start.png" style="height:323px; width:270px" /></p>
<p>Then we paint the border of the sticker with glittery polish. It's important with the glitter because the outcome will always be unique.</p>
<p><img alt="" src="/media/uploads/2016/12/14/tamper_3.png" style="height:291px; width:270px" /></p>
<p>Then we cover any necessary ports with one of our very own Mullvad stickers. This also gets a coat of polish along the edge.</p>
<p><img alt="" src="/media/uploads/2016/12/14/tamper_4.png" style="height:182px; width:271px" /></p>
<p>After the polish has dried, we take a high-resolution photo of each area.</p>
<p><img alt="" src="/media/uploads/2016/12/14/tamper_5.png" style="height:187px; width:270px" /></p>
<p>Lastly, the owner of the laptop uses her private PGP key to sign the photos which are then stored in vaults on several computers running Qubes (Mullvad's preferred operating system). Voilà! If at any time we suspect that the device has been tampered with, we can compare the seals with the images.</p>
<p> </p>Four New Countries with Mullvad Servers2016-12-09T08:26:56+00:00https://www.mullvad.net/fr/blog/2016/12/9/new-servers-austria-bulgaria-czechia-and-italy/<p>Austria, Bulgaria, Czech Republic and Italy are the latest countries home to Mullvad VPN servers. Our <a href="http://mullvad.net/guides/our-vpn-servers/">VPN server guide</a> lists all available countries, including each location's server address.</p>Use Mullvad on your iOS device2016-12-08T08:39:49+00:00https://www.mullvad.net/fr/blog/2016/12/8/use-mullvad-your-ios-device/<p>Mullvad is compatible with your preferred iOS device including iPhone and iPad. Our latest step-by-step guide shows you <a href="https://mullvad.net/guides/installing-mullvad-iphone-and-ipad/">how to install and connect to Mullvad VPN on iOS. </a></p>Privacy is a universal right2016-12-05T06:40:32+00:00https://www.mullvad.net/fr/blog/2016/12/5/privacy-universal-right/<p>Mullvad was founded in 2009 purely with the ambition of protecting privacy. This blog post explains the fundamentals of privacy and why this important subject is often overlooked.</p>
<p>Toward the end, we explain the steps you can take toward obtaining online privacy and the role that Mullvad VPN plays.<br />
</p>
<h2>Privacy goes online</h2>
<p>Not too long ago, privacy was still regarded as the right of the individual to be physically alone without being observed. However, with the advent of the Internet and the proliferation of a burgeoning digital society, our lives have increasingly become less private and more accessible.</p>
<p>Today, privacy is inextricably linked to the ownership of the information we write, create, discuss, or share electronically.</p>
<p>As our habits change and our lives are shared online, the necessity to understand all aspects of online privacy become ever more important. Most of our online searches, posts, shares, tweets, and pics are not only seen by others but also can potentially be used against us.</p>
<p>You may think you are in control of your privacy, but are you really?<br />
</p>
<h2>The fundamentals of privacy</h2>
<p>Being able to make decisions privately without being scrutinized – and controlling how and to what extent that private information is communicated to others – is at the very core of personhood and individuality. A lack of privacy can lead to self-censorship and therefore a loss in a piece of who you are.</p>
<p>Privacy allows for norms, ethics, and laws to be freely discussed, tested, challenged, and evaluated. Democracy, therefore, cannot flourish and develop, nor indeed exist, without privacy.</p>
<p>The ability to control and manage our individual privacy has become crucially dependent upon security. Without security, you have no guarantee that your information will remain private.</p>
<p>Moreover, without anonymity from third parties, a private conversation occurring between identified persons can lead outsiders to make unsubstantiated conclusions. Anonymity is therefore a key aspect of privacy.<br />
</p>
<h2>The problem</h2>
<p>As a result of the digital revolution, it has become cheaper and easier to store and process data. So easy, in fact, that these days almost everything is stored forever and continuously reprocessed and updated.</p>
<p>Sometimes data is stored without personal information, but if, at any moment in time, an anonymous set of data becomes linked to an identified set of data (such as when you pay for a drink with your VISA card) all that data is no longer anonymous. This applies to information not only from the present but also the past as well as in the future.</p>
<p>When we use free services such as search engines and social media, we are unwittingly feeding more of our personal information into the hands of private corporations.</p>
<p>It may seem innocent until you realize that your usage statistics are a commodity that can be sold to the highest bidder. These corporations prey on the fact that most of us are too lazy to read service agreements and will thus press "Agree" quite routinely without giving it a second thought.</p>
<p>The user agreement for the app of a certain hamburger chain in Sweden contains 3,094 words, with a link to a privacy policy that is 3,092 words long – in total, around 22 printed pages. Hope your hamburger is not getting cold while you are reading.</p>
<p>As more and more information is stored digitally, efforts to keep that information anonymous become nearly impossible since forming connections and drawing conclusions between different sets of data become far too easy.<br />
</p>
<h2>Who has the power</h2>
<p>For a homework assignment, students were asked to perform an online search for the same phrase and then describe the search result. They all had different answers! Each search result was tailored to that particular student's specific online habits.</p>
<p>The exercise made the students realize that we all live in an information bubble controlled by others. This is power. This is control. Who has this power, and what can we do about it?</p>
<p>Companies and governments are methodically gathering more and more knowledge about us. This can be dangerous since certain opinions and actions which are socially accepted today may become frowned upon or even illegal in the future.</p>
<p>Do you trust every existing and future holder of information about you? Forever?</p>
<p>It is staggering to comprehend just how many aspects of today’s connected digital and cloud societies can be taken advantage of by the wrong people and unscrupulous organizations.<br />
</p>
<h2>Mullvad VPN</h2>
<p>Mullvad protects your privacy and acts as a security shield between you and the internet. Mullvad accesses the internet on the user's behalf and enforces a strict no data-logging policy.</p>
<p>It protects personal information with the use of encryption and masks user metadata by hiding the user's actual IP address and replacing it with another. This replacement address is shared with many other users which not only protects each individual's user data but also hides his or her pattern of activity.</p>
<p>Mullvad's protection stretches from the user’s computer all the way through an exit point elsewhere in the world. Users are therefore protected from their local environments, whether it be cafe, local community, or country.</p>
<p>Mullvad is your answer to minimizing personal risk, preventing identity theft, and safeguarding data from being gathered by others and used without your consent.</p>
<p>Used together with the privacy window in your browser, Mullvad helps to keep your online activity from being tracked and analyzed. In this way, you can avoid targeted content based upon your previous search habits, geographical location, and other personal behavior. Mullvad gives you access to objective information and an objective internet.<br />
</p>
<h2>How to improve your online privacy</h2>
<p>We've put together some <a href="http://mullvad.net/guides/first-steps-towards-online-privacy/">guides</a> which outline steps you can take to improve your privacy online.</p>
<h2>Legal disclaimer</h2>
<p>Mullvad (Amagicom AB) offers a VPN service with a focus on the right to privacy and freedom of expression without censorship, both upheld in the UN's <a class="external-link" href="http://www.un.org/en/universal-declaration-human-rights/" rel="nofollow">Universal Declaration of Human Rights</a> (articles 12 and 19) and the <a class="external-link" href="http://www.echr.coe.int/Documents/Convention_ENG.pdf" rel="nofollow">European Convention on Human Rights</a> (articles 8 and 10).</p>Problems connecting with your phone?2016-12-03T10:50:51+00:00https://www.mullvad.net/fr/blog/2016/12/3/problems-connecting-your-phone/<p>Enable the setting “Force AES-CBC ciphersuite”. See <a href="https://mullvad.net/guides/troubleshooting/">our guide on troubleshooting</a> under the topic "I can't connect using my iOS device or my Android phone to some or all servers."</p>Increased security with SOCKS5 proxy2016-11-29T07:27:43+00:00https://www.mullvad.net/fr/blog/2016/11/29/increased-security-socks5-proxy/<p>With the SOCKS5 proxy now installed on all of Mullvad's VPN servers, you can further minimize your computer's identity from being revealed. This simple yet powerful feature also reduces CAPTCHAs.</p>
<p>Read <a class="external-link" href="https://mullvad.net/guides/socks5-proxy/" rel="nofollow">our SOCKS5 proxy guide</a> for instructions on how to configure your web browser or torrent client for increased security.</p>
<p>For advanced users, the proxy is located on IP 10.8.0.1, port 1080, only accessible via Mullvad.</p>
<h2>Why the proxy is beneficial</h2>
<p>You may already be familiar with the Mullvad client's built-in kill switch feature. In other words, if you have selected the "Block the internet on connection failure" option, your internet access will be blocked in the event that the Mullvad connection is terminated. This keeps your computer's identity from accidentally being revealed.</p>
<p>However, this feature relies on the Mullvad client running. If you decide to browse the web but have forgotten to start Mullvad, you will accidentally leak your computer's identity.</p>
<h2>How the proxy works</h2>
<p>When, for example, your browser is configured to use SOCKS5 proxy, the browser will direct all of its internet access via the proxy which is only accessible through Mullvad. If the VPN client is not running and functioning correctly, your browser will be denied internet access and therefore won't leak any information.</p>
<p>The proxy also works with routers and any other VPN client used together with Mullvad servers.</p>
<h2>Reduced CAPTCHAs</h2>
<p>Another benefit is a reduction in the amount of CAPTCHAs you will experience. Many websites and services require this identification when they detect that the traffic originates from a VPN server. The proxy makes this detection more difficult.</p>Version 61 released2016-11-23T08:29:22+00:00https://www.mullvad.net/fr/blog/2016/11/23/version-61-released/<div>
<p>Version 61 of the Mullvad client is now available for <a class="external-link" href="https://mullvad.net/download" rel="nofollow">download</a>. The primary changes include a better display of the locations available for connection and how trial accounts are created.</p>
<h2>Improvements</h2>
<p>With this release, all countries and regions, including <a class="external-link" href="https://mullvad.net/blog/2016/11/21/new-servers-belgium-lithuania-romania-spain-and-switzerland/" rel="nofollow">our five newest locations</a>, are now presented as full names instead of abbreviations (see our complete list of <a class="external-link" href="https://mullvad.net/guides/our-vpn-servers/" rel="nofollow">Mullvad servers and locations</a>).</p>
<p>In addition, the ability to create a trial account directly in the client has now been moved to our website. Once the client is first installed, new users will be redirected to our <a class="external-link" href="https://mullvad.net/account/create/" rel="nofollow">Account page</a> to create a trial account.</p>
<p>For Windows users, the "Stop DNS leaks" option is now selected by default, a change which reflects what works best for most users. You will see the change once you've installed this version. Simply deselect the option if you prefer otherwise. The inverse is true for the other platforms as well, where the setting was automatically turned off. Simply select the option if you prefer otherwise.</p>
<h2>Bug fixes</h2>
<p>We've addressed two Windows-specific bugs. For some users with certain network configurations, client version 60 never started on Windows. Also, some users experienced unexpected crashes in the client. Both problems should no longer be an issue.</p>
<p>Mac users who experienced having to wait for an extended period of time before the client connected should no longer have this issue.</p>
<p>Version 61 also includes a couple of bug fixes, the details of which can be found in the <a class="external-link" href="https://mullvad.net/media/CHANGES.rst" rel="nofollow">change log</a>, as usual.</p>
</div>New servers in Belgium, Lithuania, Romania, Spain and Switzerland2016-11-21T13:42:57+00:00https://www.mullvad.net/fr/blog/2016/11/21/new-servers-belgium-lithuania-romania-spain-and-switzerland/<h2>Five New Countries with Mullvad Servers</h2>
<p>Belgium, Lithuania, Romania, Spain and Switzerland are the latest countries home to Mullvad VPN servers. Our <a href="https://mullvad.net/guides/our-vpn-servers/">VPN server guide</a> lists all available countries, including each location's server address.</p>New server in Denmark2016-11-03T06:39:46+00:00https://www.mullvad.net/fr/blog/2016/11/3/new-server-denmark/<p>Denmark has been added to our list of countries home to Mullvad servers. If you don't see the country listed as an option, quit and restart Mullvad.</p>New Website Launched2016-10-27T14:19:05+00:00https://www.mullvad.net/fr/blog/2016/10/27/new-website-launched/<p>Today, we proudly unveil our newly designed website! It's got a fresh, updated look, but for those of you who are frequent visitors, the structure of information remains relatively unchanged.</p>
<p>Along with the design change, we have added a new <a href="https://mullvad.net/guides/">Guides section</a>. We hope these how-tos will be of use to our users, particularly our <a href="https://mullvad.net/guides/connection-speed-why-it-so-slow/">Connection Speed guide</a> and our <a href="https://mullvad.net/guides/our-vpn-servers/">list of VPN servers</a>.</p>
<p>Take a look around. Are you finding what you're looking for? We welcome feedback that could help improve your experience here. Please send your comments to <a href="mailto:support@mullvad.net">support@mullvad.net</a>.</p>Mullvad sponsors OWASP security conference2016-10-24T12:00:00+00:00https://www.mullvad.net/fr/blog/2016/10/24/mullvad-sponsors-owasp-security-conference/<p>We are proud to be sponsoring the upcoming security conference hosted by OWASP Gothenburg, a local chapter of the Open Web Application Security Project.</p>
<p>On November 24th, IT security experts in the Nordic region and beyond will gather in Gothenburg, Sweden, for a full day of workshops and presentations. <a href="https://owaspgbgday.se/tickets/">Register online for the conference.</a></p>
<p><a href="http://news.cision.com/mullvad--amagicom-ab-/r/mullvad-sponsors-owasp-security-conference,c2097079">Read our entire press release.</a></p>New servers in England and Norway2016-09-09T11:00:00+00:00https://www.mullvad.net/fr/blog/2016/9/9/new-servers-in-england-and-norway/<p>We've expanded our territory with VPN connections via England and Norway. If you're already connected and don't see either countries listed as options, quit and restart Mullvad.</p>Increased Security from Server Upgrade2016-08-15T11:00:00+00:00https://www.mullvad.net/fr/blog/2016/8/15/increased-security-from-server-upgrade/<p>We now own and have physical control over servers at three of our locations, two in Sweden and one in Amsterdam. This means an even higher level of security for our customers and an overall doubling of our entire capacity. <a href="http://news.cision.com/mullvad--amagicom-ab-/r/mullvad-emphasizes-vpn-security-with-server-upgrades,c2042754">Read the entire press release</a>.<p>Version 60 released2016-08-09T11:00:00+00:00https://www.mullvad.net/fr/blog/2016/8/9/version-60-released/<p>Version 60 of the Mullvad client is now available for <a href="/download/">download</a>.</p>
<p>In this version, the settings file is checked for errors in a better way to stop the rare, but very bad, 'Is not a boolean' bug some users experienced.</p>
<p>When it comes to new features and behavior, this new client defaults to using Swedish servers instead of randomly selecting any server. This release also adds the advanced option 'autoconnect_on_start' that makes it possible to configure if the client should connect the tunnel automatically on start or not. The default is still to automatically connect, just as previous releases.</p>
<p>On Windows we have fixed a bug that would previously not restore persistent routing entries as persistent. Thus destroying the routing table for users with static IP set up. Now that should work as expected.</p>
<p>Alongside these changes, this version also includes a couple of bug fixes, the details of which can be found in the <a href="/media/CHANGES.rst">change log</a>, as usual.</p>Mullvad protected against Microsoft security issue2016-08-03T07:00:00+00:00https://www.mullvad.net/fr/blog/2016/8/3/mullvad-protected-against-microsoft-security-issue/<p>A <a href="https://medium.com/@ValdikSS/deanonymizing-windows-users-and-capturing-microsoft-and-vpn-accounts-f7e53fe73834">serious security issue that can negatively affect VPN users</a> has been made public by online profile <a href="https://medium.com/@ValdikSS">ValdikSS</a>. If you are using Microsoft Edge / IE or Outlook while connecting through a VPN, a malicious website or email can make Windows leak a hashed version of your Microsoft account password, among other things.</p>
<p>Mullvad VPN mitigated the issue last week, after an early warning from ValdikSS, by blocking a number of ports on its servers, preventing the leak.</p>Filled: Mullvad is Hiring: Developer2016-07-15T18:30:00+00:00https://www.mullvad.net/fr/blog/2016/7/15/mullvad-is-hiring-developer/<p><strong>-- The position has been filled --</strong></p>
<p>We are looking for another talented developer to join our growing team. The person will work with front- and backend development, use Python, C, C++ or Rust, and have knowledge about OpenVPN, Linux, Git, Windows, OS X, Qubes, Ansible, and Python.</p>
<p>Our working languages are both Swedish and English, and our offices are in Gothenburg, Sweden. A full job description is available on <a href="http://oddwork.se/jobb/utvecklare-vart-nar-och-hur-vill-du-jobba/">Oddwork's recruiting website</a>.</p>New Server in Singapore2016-07-05T10:00:00+00:00https://www.mullvad.net/fr/blog/2016/7/5/new-server-in-singapore/<p>Mullvad users can now choose Singapore in the list of countries available for connection. This should improve performance for customers in Asia and the surrounding geographical region.</p>
<p>If you don't see Singapore listed as an option, simply quit and restart Mullvad. As always, make sure you have the latest version of the client installed; very old versions may not work.</p>
<p>This new server location is the first of many as we expand our territory and improve performance for our customers worldwide.</p>Version 59 released2016-05-26T08:30:00+00:00https://www.mullvad.net/fr/blog/2016/5/26/version-59-released/<p>Version 59 of the Mullvad client is now available for <a href="/download">download</a>.</p>
<p>In this version we have upgraded to OpenVPN version 2.3.11 and OpenSSL version 1.0.1t on Windows and OpenVPN version 2.3.10 on Mac OS X.</p>
<p>This version adds support for Ubuntu 16.04 and fixes a few install bugs in other Linux distributions.</p>
<p>On the Windows side we have two big improvements. First of all we speed up DNS management, improving the Stop DNS leak feature. Secondly we fixed a problem in Windows 7 which resulted in low tunnel throughput.</p>
<p>For Mac OS X we have removed an annoying error message that showed up after sleep and/or network problems and stopped the client from automatically reconnecting.</p>
<p>Alongside these changes, this version also includes a couple of bug fixes, the details of which can be found in the <a href="/media/CHANGES.rst">change log</a>, as usual.</p>Mullvad not affected by recent OpenSSL vulnerabilities2016-03-01T15:15:00+00:00https://www.mullvad.net/fr/blog/2016/3/1/mullvad-not-affected-by-recent-openssl-vulnerabilities/<p>This afternoon OpenSSL published <a href="https://mta.openssl.org/pipermail/openssl-announce/2016-March/000066.html">security advisories</a> on eight vulnerabilities. OpenSSL gave advance notice of the upcoming patch last week, so our engineers had ample time to prepare for the worst. After a short investigation we could conclude that Mullvad is not vulnerable.</a>Yesterday's service disruption due to emergency patching2016-02-17T16:00:00+00:00https://www.mullvad.net/fr/blog/2016/2/17/yesterdays-service-disruption-due-to-emergency-patching/<p>Less than 24 hours ago <a href="http://googleonlinesecurity.blogspot.se/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html">Google disclosed a vulnerability in glibc</a>, a software library used by many Linux programs. The vulnerability likely affects a large portion of the world's servers, can be exploited remotely, and can be used to gain full control of a server.</p>
<p>Mullvad was alerted to the vulnerability shortly after Google's announcement and immediately started investigating the impact. Plans for mitigations were made, and all affected servers were patched and rebooted. Thanks to our dedicated team of server engineers the issue was swiftly investigated and dealt with.</p>
<p>We always try to patch our servers in such a way to not affect our users, but incidents such as this one require immediate action. We apologize for any service disruption this may have caused. Your security and privacy is our highest priority.</p>Working iOS 9 configurations2016-01-27T13:39:00+00:00https://www.mullvad.net/fr/blog/2016/1/27/working-ios-9-configurations/<p>As we've reported <a href="../news/#55">before</a>, using our old configuration files on iOS 9 will not work as intended. We have now started to provide new configuration files specifically for iOS 9 which supposedly fixes this issue on all those devices.</p>
<p>The change consists of adding the option "redirect-gateway ipv6" to the configuration file. This means that the bug is not really fixed, but rather that we've applied a workaround. It has worked fine when we've done internal testing and quite a few customers have reported that it works as well. However, since it's not a real fix, we urge you to double-check that your IP really does change once you've connected.</p>
<p>You can download the working configuration files <a href="../setup/ios/">here</a>.</p>Version 58 released2016-01-20T13:38:00+00:00https://www.mullvad.net/fr/blog/2016/1/20/version-58-released/<p>A bug was discovered in version 57 which caused some trouble for users running with the Windows Firewall disabled. This has now been fixed in <a href="/download/">version 58</a>.</p>Version 57 released2016-01-18T13:38:00+00:00https://www.mullvad.net/fr/blog/2016/1/18/version-57-released/<p>Version 57 of the Mullvad client is now available for <a href="/download/">download</a>.</p>
<p>This version introduces some pretty big changes although none that will be very apparent to users. The OpenVPN version which is bundled with the Windows client is upgraded to 2.3.9. This version introduces a new setting called '--block-outside-dns' which invokes the Windows Filtering Platform to block all DNS traffic on interfaces other than the tunnel interface. In practice, this means that DNS Leaks, both the original problem and the one introduced in Windows 8 and 10, is prevented by OpenVPN itself. This option will be enabled by default in version 57 but can be disabled in the advanced settings. The original 'Stop DNS Leaks' setting will remain for the time being and will work just as before. Note that this new feature is only available for Windows. The advanced setting for toggling this feature is present in all versions but has no effect on other platforms.</p>
<p>The second big update is related to the <a href="https://medium.com/@ValdikSS/another-critical-vpn-vulnerability-and-why-port-fail-is-bullshit-352b2ebd22e2#.g6200eapp">IP exposure via UDP ports</a> vulnerability which we posted about around Christmas. Version 57 will include an OpenVPN plugin which blocks all incoming UDP traffic to interfaces other than the tunnel interface. The plugin is written by the same person who discovered the vulnerability, and who also wrote the patch for OpenVPN to include the '--block-outside-dns' setting mentioned above. We're incredibly grateful for their work.</p>
<p>While this plugin is only included in the Windows version, we have implemented corresponding solutions for OS X and Linux. This too, will be enabled by default but can be turned off in the advanced settings.</p>
<p>Alongside these changes, version 57 also includes a couple of bug fixes, the details of which can be found in the <a href="/media/CHANGES.rst">change log</a>, as usual.</p>IP exposure via UDP ports2015-12-23T08:38:00+00:00https://www.mullvad.net/fr/blog/2015/12/23/ip-exposure-via-udp-ports/<p>We have recently become aware of a <a href="https://medium.com/@ValdikSS/another-critical-vpn-vulnerability-and-why-port-fail-is-bullshit-352b2ebd22e2#.g6200eapp">newly published</a> method for deanonymizing VPN users. For this to work, the user must be running some software that listens to and communicates via a UDP port and either be connecting directly to the internet without a NAT router or be behind a NAT router with port forwarding enabled.</p>
<p>You can read more <a href="../udpport/">about the issue and how to mitigate it</a>.</p>Version 56 released2015-12-14T13:30:00+00:00https://www.mullvad.net/fr/blog/2015/12/14/version-56-released/<p>Version 56 of the Mullvad client is now available for <a href="/download/">download</a>.</p>
<p>This is another small release that fixes a couple of bugs relating to error message encoding. Some extra debugging output has also been added to the problem report and installer logs.</p>
<p>As usual, a more detailed list of the changes in the new version is available <a href="/media/CHANGES.rst">here</a>.</p>Version 55 released2015-11-30T12:30:00+00:00https://www.mullvad.net/fr/blog/2015/11/30/version-55-released/<p>Version 55 of the Mullvad client is now available for <a href="/download/">download</a>.</p>
<p>The changes in this version are mostly under-the-hood work, fixing some bugs and improving the stability of some features. Most notably, the 'Block internet on connection failure' feature now properly handles multiple network interfaces and a side effect of this is enabling 'Block internet on connection failure' in combination with 'Stop DNS Leaks' will actually provide protection against the new type of DNS leaks that was introduced in Windows 8 and 10. On those platforms, we have therefore added a message in the client GUI recommending users to enable both settings. Note however that this vulnerability only applies to users with multiple active network interfaces.</p>
<p>As usual, a more detailed list of the changes in the new version is available <a href="/media/CHANGES.rst">here</a>.</p>Mullvad is safe against the 'Port Fail' attack2015-11-30T11:30:00+00:00https://www.mullvad.net/fr/blog/2015/11/30/mullvad-is-safe-against-the-port-fail-attack/<p>A few days ago Perfect Privacy <a href="https://www.perfect-privacy.com/blog/2015/11/26/ip-leak-vulnerability-affecting-vpn-providers-with-port-forwarding/">presented a vulnerability</a> that affects many VPN providers offering port forwarding for their customers. According to their post five of the nine tested VPN providers were vulnerable to this attack.</p>
<p>Mullvad is not affected by this vulnerability. We have used a dual IP setup protecting against this attack since 2010.</p>Version 54 released2015-11-04T13:30:00+00:00https://www.mullvad.net/fr/blog/2015/11/4/version-54-released/<p>Today we release version 54 of the Mullvad client</p>
<p>This version only fixes bugs. The new version handles some special conditions and user setups in a better way than before. For a more detailed list of what has been changed, please check out our changelog <a href="/media/CHANGES.rst">here</a></p>DNS leaks on Windows 8, 8.1 and 102015-10-21T13:00:00+00:00https://www.mullvad.net/fr/blog/2015/10/21/dns-leaks-on-windows-8-81-and-10/<p>It has recently come to our attention that the DNS resolution mechanism in Windows 8 and newer can potentially leak DNS queries outside of the VPN tunnel. In these versions of Windows, DNS queries are sent to all interfaces simultaneously. Even if the tunnel is the default gateway, all other interfaces will also send out the same DNS query outside of the tunnel.</p>
<p>We are working on fixing this in our Mullvad client, but until then beware that the 'Stop DNS leaks' feature does not stop DNS queries from being sent outside of the tunnel on these versions of Windows!</p>
<p>A more detailed explanation of the problem is available in <a href="https://medium.com/@ValdikSS/beware-of-windows-10-dns-resolver-and-dns-leaks-5bc5bfb4e3f1#.52e29w2q7">this article</a>.</p>iOS 9 problems2015-10-09T10:09:00+00:00https://www.mullvad.net/fr/blog/2015/10/9/ios-9-problems/<p>OpenVPN on iOS 9 will <a href="https://forums.openvpn.net/topic19827.html">appear to connect properly</a> but your IP will not change, meaning you will not be protected even though OpenVPN connect reports that you are connected.</p>
<p>We will post another news item once this has been resolved. Until then, depending on your use case, you might want to consider using PPTP. Instructions for that can be found <a href="https://mullvad.net/download/vpn/ios">here</a> under "Older than iOS 5.0".</p>Windows encoding issues2015-10-09T10:09:00+00:00https://www.mullvad.net/fr/blog/2015/10/9/windows-encoding-issues/<p>There is an encoding bug in our windows client that mostly affects users with non-english system language. Those who are affected will get an error similar to this:</p>
<p>ascii codec can't decode byte 0xYY in position XXX: ordinal not in range (128)</p>
<p>Users getting this error should download and install a <a href="https://mullvad.net/static/download/mullvad-53.1.exe">patched version</a> which fixes the problem.</p>Version 53 released2015-09-22T13:08:00+00:00https://www.mullvad.net/fr/blog/2015/9/22/version-53-released/<p>Version 53 is now <a href="/download/">available for download</a></p>
<p>With the release of version 52 we introduced a few bugs that affected a lot of users. In this release these bugs have been fixed. You can read about the bugs in the previous news entry.</p>
<p>You can view the full changelog <a href="/media/CHANGES.rst">here</a>.</p>Version 52 issues on Windows2015-09-18T15:58:00+00:00https://www.mullvad.net/fr/blog/2015/9/18/version-52-issues-on-windows/<p>With the release of version 52 we introduced a bug which causes our client to crash if the Windows firewall is disabled. To resolve this, please enable the Windows firewall.</p>
<p>We also introduced a bug which might result in Windows users that have another system language than English not being able to connect. To resolve this we urge users experiencing this problem to downgrade to <a href="https://mullvad.net/static/download/mullvad-51.exe">version 51</a> of our client software.</p>
<p>We're of course sorry about these regressions and will be hard at work releasing a new version that fixes these problems shortly. To limit the problems we've also reverted the download link for Windows on our website to version 51.</p>Version 52 released and end of Windows XP support2015-09-17T08:33:00+00:00https://www.mullvad.net/fr/blog/2015/9/17/version-52-released-and-end-of-windows-xp-support/<p>Version 52 is now <a href="../download/">available for download</a>.</p>
<p>The biggest change in this release is that we no longer support Windows XP. The reasons are threefold. First of all Microsoft no longer releases security patches for XP. Secondly, less than one percent of the visitors on our website use XP. Most likely the number of clients running on Windows XP is about the same. The third reason is that the code used to maintain separate XP support has been continuously growing. The way of doing things programatically in Windows XP is just so different from Windows Vista and onwards. As we introduce new features the extra work to support an unpatched operating system with so few users is simply not justifiable. We hope that users of Windows XP will understand our reasoning.</p>
<p>Apart from that, this release primarily contains bugfixes and changes under the hood which you can read about <a href="https://mullvad.net/static/download/CHANGES.rst">here</a>.</p>Version 51 released2015-08-03T15:27:00+00:00https://www.mullvad.net/fr/blog/2015/8/3/version-51-released/<p>Version 51 is now <a href="../download/">available for download</a>.</p>
<p>This version contains a fix for our client so that it works without any manual intervention on Windows 10. It also moves configuration files and logs to standard directories in each operating system. Apart from this it contains several small bug-fixes and features which you can read about <a href="https://mullvad.net/static/download/CHANGES.rst">here</a>.</p>Windows 10 problems2015-07-30T14:16:00+00:00https://www.mullvad.net/fr/blog/2015/7/30/windows-10-problems/<p>By default the Mullvad client and older OpenVPN clients will not work on Windows 10 and return the error "There are no TAP-Windows adapters on this system". This is because the installation of the OpenVPN TUN/TAP driver results in registry entries that are incorrect. This has been an issue in preview builds of Windows 10 as well and we were awaiting the stable release to see if the issue persisted. It did.</p>
<p>This means that users of the OpenVPN client will need to download a newer client version <a href="https://openvpn.net/index.php/download/community-downloads.html">here</a>. Users of the Mullvad client software will be able to download an update which fixes this problem early next week.</p>
<p>If you can't wait, you are also able to manually fix the problem by reading the Windows 10 entry in our <a href="../faq">FAQ</a>.</p>Third-party clients affected by OpenSSL security advisory2015-07-09T16:00:00+00:00https://www.mullvad.net/fr/blog/2015/7/9/third-party-clients-affected-by-openssl-security-advisory/<p>A security vulnerability in the cryptographic library OpenSSL was just <a href="https://www.openssl.org/news/secadv_20150709.txt">disclosed</a>. OpenVPN clients that use vulnerable versions can be tricked into accepting a man-in-the-middle attacker as a valid VPN server.</p>
<p>The Mullvad client in Windows and OSX is not affected. Stable releases of most Linux distributions like Ubuntu, Fedora and Debian are not affected. Users of unstable or rolling-release distributions should upgrade.</p>
<p>The latest version (2.3.7) of the official OpenVPN client is vulnerable, as is Tunnelblick for OSX. No fix has been published yet. The OpenVPN clients for Android and iOS are not affected.</p>Version 50 released2015-06-29T11:40:00+00:00https://www.mullvad.net/fr/blog/2015/6/29/version-50-released/<p>Version 50 is now <a href="../get-started/">available for download</a>.</p>
<p>It adds the possibility to mitigate <a href="http://www.eecs.qmul.ac.uk/~hamed/papers/PETS2015VPN.pdf">DNS hijacking</a> attacks by hostile local networks. Users at risk of this can set "block_local_network = True" in Settings -> Advanced.</p>
<p>This version also fixes a bug in certain Linux distributions where the GUI would not start correctly, a bug where connecting via obfsproxy with newer versions of Python does not work and a bug on Linux where the settings file might not be updated correctly.</p>USA available again2015-04-15T05:36:00+00:00https://www.mullvad.net/fr/blog/2015/4/15/usa-available-again/<p>The first new server in the USA is up and running. More are on their way.</p>New Canadian servers, no US servers2015-04-03T17:34:00+00:00https://www.mullvad.net/fr/blog/2015/4/3/new-canadian-servers-no-us-servers/<p>We now have servers in Canada. For now, we don't have servers in the USA. We just lost two suppliers that do not want to relay anonymous traffic in the USA. We hope to remedy this soon.</p>Version 49 released2015-03-05T00:15:00+00:00https://www.mullvad.net/fr/blog/2015/3/5/version-49-released/<p>Version 49 is now <a href="../get-started/">available for download</a>. It contains a patch against the FREAK vulnerability. Users of our client for Windows and OSX need to upgrade to the new version. Users of our Linux client should get automatically patched through their distribution.</p><p>Users of plain OpenVPN should download new configuration files and update their OpenVPN client.</p>FREAK OpenSSL bug2015-03-05T00:15:00+00:00https://www.mullvad.net/fr/blog/2015/3/5/freak-openssl-bug/<p>The recently disclosed vulnerability in OpenSSL named FREAK can be used to attack OpenVPN clients. We have released a new version of the client with a patch, as well as published <a href="https://mullvad.net/blog/2015/3/5/freaking-openvpn/">a blog post</a> explaining the technical details.</p>[OLD] FREAKing OpenVPN2015-03-05T00:00:00+00:00https://www.mullvad.net/fr/blog/2015/3/5/freaking-openvpn/<p><strong>[THIS IS AN OLD BLOG FROM 2015-03-05]</strong></p>
<p>The recently disclosed vulnerability in OpenSSL named FREAK can (with high certainty) be used to attack OpenVPN clients. This means that an adversary with the capability to intercept your traffic may be able to impersonate your VPN provider.</p>
<p>The technical details of FREAK are well explained by Matthew Green and the researchers who discovered the vulnerability, and their summaries are telling of its severity:</p>
<p><strong><em> " </em> A group of cryptographers at INRIA, Microsoft Research and IMDEA have discovered some serious vulnerabilities in OpenSSL (e.g., Android) clients and Apple TLS/SSL clients (e.g., Safari) that allow a ‘man in the middle attacker’ to downgrade connections from ‘strong’ RSA to ‘export-grade’ RSA. These attacks are real and exploitable against a shocking number of websites including government websites. Patch soon and be careful.</strong></p>
<p><strong> You are vulnerable if you use a web browser that uses a buggy TLS library to connect, over an insecure network, to an HTTPS server that offers export ciphersuites. If you use Chrome or Firefox to connect to a site that only offers strong ciphers, you are probably not affected. For a list of insecure sites, see FREAKAttack.com</strong></p>
<p><strong>We have not been able to execute an attack on an OpenVPN client yet as the pentesting tools we have are geared towards servers, but given how OpenVPN works and uses OpenSSL it is very reasonable to assume that OpenVPN is just as vulnerable as vanilla TLS."</strong></p>
<h2><br />
Am I vulnerable as an OpenVPN user?</h2>
<p>You are vulnerable if you use an OpenVPN client which has not been patched against FREAK, and connect to an OpenVPN server that offers export ciphersuites or did offer export ciphersuites at any point in the past. For OSX users the most recent version of Tunnelblick is patched, whereas the OpenVPN client for Windows from openvpn.net is still vulnerable.</p>
<h2>I am a provider. What do I need to do?</h2>
<p>First of all, check whether your servers offer export ciphersuites. If you are not explicitly specifying what ciphersuites are acceptable using the tls-cipher directive assume that you are offering export ciphersuites. Note that there is no easy reliable way of determining what suites are supported on your platform. openvpn --show-tls does NOT show all OpenVPN-supported suites, nor is it guaranteed that a listed suite will work with OpenVPN.</p>
<p>If you are vulnerable you should do the following:</p>
<p> Explicitly specify secure TLS ciphersuites on your servers<br />
Make patched OpenVPN clients available to your users<br />
Explicitly specify secure TLS ciphersuites in your client configurations</p>
<p> <br />
It is suggested that you specify the following suites on all clients and servers:<br />
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-SEED-CBC-SHA:TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA</p>
<p>If you are offering a custom client for your users, make sure that you are using the latest libssl version. For your Windows users using the official OpenVPN client, encourage them to upgrade when a patched version is available.</p>
<p>Regarding your servers; While you will no longer be signing weak 512-bit keys, the keys you might once have given out remain valid for as long as the certificate is valid. It is therefore important that you not only patch clients, but also explicitly specify ciphersuites on the client-side from now on.</p>
<h2>Is Mullvad vulnerable?</h2>
<p>Not anymore. A new patched version of the client can be downloaded from our website, or new configuration files if you use plain OpenVPN. The configuration on our servers have been changed.</p>
<p> <br />
Update 2015-03-05 19:15<br />
OpenVPN.net has released an updated Windows client that fixes the FREAK vulnerability. They have also released a statement with technical details.</p>
<p>They suggest using the tls-cipher string DEFAULT:!EXP:!LOW:!PSK:!SRP:!kRSA.</p>Version 48 released2015-02-25T15:07:00+00:00https://www.mullvad.net/fr/blog/2015/2/25/version-48-released/<p>Version 48 is now <a href="../get-started/">available for download</a>. It primarily solves an issue with Stop DNS leaks on systems with a non-english Windows install.</p>Version 47 released2015-02-20T17:20:00+00:00https://www.mullvad.net/fr/blog/2015/2/20/version-47-released/<p>Version 47 is now <a href="../get-started/">available for download</a>. It solves a few DNS leak issues and <a href="../news/#n40">uses AES-256 as the default encryption cipher</a>.</p>AES-256 encryption2015-02-20T17:20:00+00:00https://www.mullvad.net/fr/blog/2015/2/20/aes-256-encryption/<p>The default OpenVPN stream cipher in new clients and new configuration files is now AES-256. When encountering certain connection problems the client program will fall back to Blowfish 128. To use nothing but AES, set "cipher = aes256" in Settings -> Advanced.</p>WebRTC and anonymity2015-02-03T18:15:00+00:00https://www.mullvad.net/fr/blog/2015/2/3/webrtc-and-anonymity/<p> It has come to our attention that the new <a href="https://en.wikipedia.org/wiki/WebRTC">WebRTC</a> standard can be used to expose the real public IP of people connected through a VPN-service. In short WebRTC allows users to have video and audio communications directly in the browser without any plugins installed, IPs being exposed is an unfortunate side-effect of how this works. </p>
<p> Because of this, if you're using Firefox, Chrome or any other WebRTC-enabled browser, you might not be anonymous when using our service. For now Internet Explorer and Safari do not support WebRTC but they probably will in the future. We'll make sure to post updates on how to disable WebRTC in those browsers when the time comes. </p>
<p> The issue is most prevalent on Windows, but can occur on other operating systems as well, which is why we recommend that you disable WebRTC even if you're not using Windows. </p>
<p> Read more about how to check if you're affected and what you can do to protect yourself <a href="../webrtc/">here</a>. </p>Old clients soon no longer supported2014-12-18T12:02:00+00:00https://www.mullvad.net/fr/blog/2014/12/18/old-clients-soon-no-longer-supported/<p>On 2015-02-01 client programs older than version 46 will no longer be able to connect. <a href="../get-started/">Please upgrade</a>. All too many users are still running clients with problems such as Heartbleed and the status indication malfunction. It does not make sense for us to expend effort keeping compatibility with these versions, hurting rather than helping those still using them. From version 46 the latest available version is dispayed in the program, making it easier to upgrade when appropriate. Please do.</p>Version 46 released2014-12-05T11:29:00+00:00https://www.mullvad.net/fr/blog/2014/12/5/version-46-released/<p>Version 46 is now <a href="https://mullvad.net/download">available for download</a>. It displays both the currently installed version and the latest available version. It also fixes a bug that produced too many error dialogs.</p>Version 45 released2014-10-24T10:23:00+00:00https://www.mullvad.net/fr/blog/2014/10/24/version-45-released/<p>Version 45 is now <a href="../get-started/">available for download</a>. It fixes a bug that would cause the GUI to hang and thus show the wrong connection status. It also works on Mac OS X 10.10 Yosemite.</p>IPv6 support2014-09-15T07:15:00+00:00https://www.mullvad.net/fr/blog/2014/9/15/ipv6-support/<p>We now tunnel <a href="http://www.worldipv6launch.org/infographic/">IPv6</a> as well as IPv4. This means you can get connected to the IPv6 internet through Mullvad, even without IPv6 support from your internet service provider.</p>
<p>It is not yet enabled by default as it does not work on some Windows computers. To use it, get the <a href="../get-started/">latest client program</a>. Go to Settings and enable <em>Tunnel IPv6</em>. Try to reconnect. If it works: great, you have IPv6; now you can forget about it. If it fails to connect: disable <em>Tunnel IPv6</em> again; everything will continue to work exactly as before.</p>
<p>Previously the Mullvad client program just blocked IPv6 on the computer to avoid leaks. Now it can route all IPv6 traffic through the VPN server. Any problems caused by the block will thus go away.</p>
<p>Those not using the Mullvad client program can just add the directive "tun-ipv6" to their OpenVPN configuration file.</p>Heartbleed OpenSSL bug2014-04-09T00:32:00+00:00https://www.mullvad.net/fr/blog/2014/4/9/heartbleed-openssl-bug/<p>A serious vulnerability in the popular OpenSSL cryptographic software library was disclosed 30 hours ago. In short it allows (among other things) anyone on the Internet to extract the private keys used for encrypting traffic and identifying service providers to their users. A more complete description can be read on <a href="http://heartbleed.com/">heartbleed.com</a>. This affects a lot of different services including web, email, instant messaging and OpenVPN (which Mullvad uses).</p>
<p>As of a few hours ago all our servers have been patched and are no longer vulnerable. We are also releasing a <a href="../get-started/">new Mullvad client</a> for all supported operating systems (OSX, Windows, Linux) and an updated <a href="../setup/openvpn/">configuration package</a> if you use OpenVPN without the Mullvad client.</p>
<p>On the server side OpenSSL has been upgraded, and since we could not rule out a leak of one or all of our servers' private keys we have revoked all of them and generated new ones. The new client includes a Certificate Revocation List with all revoked certificates and a patched version of OpenSSL (for Windows and OSX users). Our Linux client doesn't bundle OpenSSL and relies on the user's Linux distribution.</p>
<p>To protect yourself against a so called man-in-the-middle attack when connecting to Mullvad you should upgrade to <a href="../get-started/">the new client</a> immediately. If you use OpenVPN without using our client you should download a new <a href="../setup/openvpn/">configuration package</a> from our website.</p>Version 42 released2014-03-26T05:47:00+00:00https://www.mullvad.net/fr/blog/2014/3/26/version-42-released/<p>Version 42 is now <a href="../get-started/">available for download</a> with several improvements. From now on we will provide a changelog for each release. You can see what's new <a href="../../static/download/changelog.txt">here</a>.</p>New website2013-10-29T13:00:00+00:00https://www.mullvad.net/fr/blog/2013/10/29/new-website/<p>We hope that you like the new face of Mullvad. Please send us an email if you have any questions or feedback.</p>Wire transfer2013-07-05T11:47:00+00:00https://www.mullvad.net/fr/blog/2013/7/5/wire-transfer/<p>New payment option: international <a href="../alternative_payment.php">wire transfer</a>.</p>Version 38 released2013-06-27T05:47:00+00:00https://www.mullvad.net/fr/blog/2013/6/27/version-38-released/<p>Version 38 is now <a href="../download.php">available for download</a> featuring improved connection monitoring.</p>Version 37 released2013-05-30T09:24:00+00:00https://www.mullvad.net/fr/blog/2013/5/30/version-37-released/<p>Version 37 is now <a href="../download.php">available for download</a>. It fixes a number of problems, the most important being starting on freshly installed Windows XP and Ubuntu 13.04.</p>obfsproxy servers in all countries2013-04-19T13:11:00+00:00https://www.mullvad.net/fr/blog/2013/4/19/obfsproxy-servers-in-all-countries/<p> Any one of our exit countries can now be used when the program has to circumvent censorship by avoiding OpenVPN filtering.</p>Back to normal2013-04-11T13:50:00+00:00https://www.mullvad.net/fr/blog/2013/4/11/back-to-normal/<p>All account information should be restored now. Thank you for your patience.</p>Database problems2013-04-05T12:29:00+00:00https://www.mullvad.net/fr/blog/2013/4/5/database-problems/<p>We are having database problems. All customers should be able to connect now but the account page may show strange information for a few days.</p>Improved censorship resistance2013-03-21T13:15:00+00:00https://www.mullvad.net/fr/blog/2013/3/21/improved-censorship-resistance/<p>The <a href="https://mullvad.net/download">Mullvad client program</a> now detects and circumvents (using obfsproxy) OpenVPN filtering as used in China, Iran, Syria and other places.</p>Getting started under censorship2013-03-07T10:56:00+00:00https://www.mullvad.net/fr/blog/2013/3/7/getting-started-under-censorship/<p>In locations where our website is blocked our client program can be <a href="../download.php">downloaded via BitTorrent</a> instead.</p>Version 33 released2012-09-28T11:02:00+00:00https://www.mullvad.net/fr/blog/2012/9/28/version-33-released/<p>Version 33 of the Mullvad client program is now <a href="../download.php">available for download</a>. It has many improvements and solves several problems.</p>Troubleshooting OSX Mountain Lion2012-07-27T14:52:00+00:00https://www.mullvad.net/fr/blog/2012/7/27/troubleshooting-osx-mountain-lion/<p>Problems in OSX Mountain Lion? See <a href="../faq.php#mountain_lion">here</a>.</p>Version 32 for Linux released2012-05-03T12:44:00+00:00https://www.mullvad.net/fr/blog/2012/5/3/version-32-for-linux-released/<p><a href="../download.php">Version 32</a> works on Ubuntu 12.04.</p>Choice of exit country2012-04-12T07:34:00+00:00https://www.mullvad.net/fr/blog/2012/4/12/choice-of-exit-country/<p>You can now choose exit country. This is where the computer will seem to be located. The currently available countries are Sweden and the Netherlands. Simply pick your choice in the Settings in <a href="../download.php">the latest client software</a>. Users of plain OpenVPN can <a href="../openvpn_conf.php">edit the OpenVPN configuration file</a> instead.</p>
<p>Users inside Sweden who want FRA circumvention should pick a non-Swedish country and enable the "Exclude Swedish traffic" option.</p>Version 29 for Linux released2012-01-25T11:12:00+00:00https://www.mullvad.net/fr/blog/2012/1/25/version-29-for-linux-released/<p><a href="../download.php">Version 29</a> fixes a tray icon display problem under Unity.</p>PPTP support2011-10-12T10:01:00+00:00https://www.mullvad.net/fr/blog/2011/10/12/pptp-support/<p>We now support the <a href="../pptp_conf.php">PPTP VPN protocol</a>. Using this it is now easy to use our service on <a href="https://mullvad.net/download/vpn/android">Android</a> and <a href="https://mullvad.net/download/vpn/ios">iPhone / iPad</a>.</p>Version 28 for Mac released2011-08-30T16:15:00+00:00https://www.mullvad.net/fr/blog/2011/8/30/version-28-for-mac-released/<p>Version 28 for Mac is now <a href="../download.php">available for download</a>. It has several improvements, the most important of which is that is works in OS X Lion (10.7).</p>MacOS X Lion2011-07-28T09:00:00+00:00https://www.mullvad.net/fr/blog/2011/7/28/macos-x-lion/<p>MacOS X Lion (10.7) users can use the <a href="mullvad.net/account/openvpn-config">plain OpenVPN option</a> while we are working on making the Mullvad client program available on Lion.</p>Version 27 for Linux released2011-06-14T16:50:00+00:00https://www.mullvad.net/fr/blog/2011/6/14/version-27-for-linux-released/<p><a href="../download.php">Version 27</a> fixes problems under Unity.</p>Easier to use plain OpenVPN2011-05-17T13:22:00+00:00https://www.mullvad.net/fr/blog/2011/5/17/easier-to-use-plain-openvpn/<p>Downloadable <a href="../openvpn_conf.php">configuration files</a> and instructions make it easier to configure OpenVPN without the Mullvad software.</p>Version 26 released2011-03-17T17:47:00+00:00https://www.mullvad.net/fr/blog/2011/3/17/version-26-released/<p>Version 26 of the program is now <a href="../download.php">available for download</a>. French translation (thanks Jems). Latest OpenVPN. Even better behind firewalls (can fall back to TCP port 80).</p>Version 25 released2011-01-14T11:15:00+00:00https://www.mullvad.net/fr/blog/2011/1/14/version-25-released/<p>Version 25 of the program is now <a href="../download.php">available for download</a>. It has robustness improvements in order to be usable in difficult conditions, such as behind very restrictive firewalls.</p>Wikileaks accessible through Mullvad2010-12-03T12:02:00+00:00https://www.mullvad.net/fr/blog/2010/12/3/wikileaks-accessible-through-mullvad/<p>The <a href="http://wikileaks.org/">wikileaks.org</a> domain has been <a href="http://twitter.com/wikileaks/status/10567274838622208">taken down</a> by their provider. Mullvad users and people using our <a href="../domain_seizures.php">public DNS</a> can now reach it again.</p>Domain censorship countermeasures2010-11-29T22:12:00+00:00https://www.mullvad.net/fr/blog/2010/11/29/domain-censorship-countermeasures/<p>This weekend the U.S. government <a href="http://mashable.com/2010/11/27/homeland-security-website-seized/">hijacked over 70 domain names</a> and redirected them to <a href="http://seizedservers.com/">their own servers</a>. As part of our ongoing struggle against censorship Mullvad users are no longer affected by this seizure. The domains work just like before the attack.</p>
<p><a href="../domain_seizures.php">As a public service</a>, we provide anyone on the internet access to our unpoisoned DNS server until other DNS server operators catch up. We also provide DNS server operators the configuration information required to easily follow our example.</p>Account hijacking protection2010-10-26T11:11:00+00:00https://www.mullvad.net/fr/blog/2010/10/26/account-hijacking-protection/<p>The new <a href="http://codebutler.com/firesheep">Firesheep</a> software listens in on wireless networks and automatically hijacks accounts on Facebook, Twitter and other web services. Mullvad <a href="../hijacking.php">provides protection</a>.</p>Version 24 released2010-09-21T10:54:00+00:00https://www.mullvad.net/fr/blog/2010/9/21/version-24-released/<p>Version 24 of the program is now <a href="../download.php">available for download</a>. The main new feature is the ability to use several ports.</p>Bitcoin payments2010-07-08T23:52:00+00:00https://www.mullvad.net/fr/blog/2010/7/8/bitcoin-payments/<p>We <a href="../subscription_management.php">now accept</a> anonymous <a href="http://www.bitcoin.org/">Bitcoin</a> payments.</p>Anonymization vulnerability in Windows fixed2010-06-18T12:30:00+00:00https://www.mullvad.net/fr/blog/2010/6/18/anonymization-vulnerability-in-windows-fixed/<p>It has <a href="http://torrentfreak.com/huge-security-flaw-makes-vpns-useless-for-bittorrent-100617/">been discovered</a> that the IPv6 tunneling behaviour in Windows Vista and 7 can cause problems for anonymization. Users of Windows Vista or 7 should upgrade to <a href="../../download/mullvad-23.exe">version 23</a> which disables the IPv6 tunneling. It can also be <a href="../teredo_disable_win.php">disabled by hand</a>.</p>Unlimited traffic volume2010-05-26T14:30:00+00:00https://www.mullvad.net/fr/blog/2010/5/26/unlimited-traffic-volume/<p>By popular request we now take the next step beyond the limit raise and get rid of the data transfer limits altogether.</p>Version 22 released2010-03-22T22:38:00+00:00https://www.mullvad.net/fr/blog/2010/3/22/version-22-released/<p>Version 22 of the program is now <a href="../download.php">available for download</a>. It improves error handling and investigation.</p>Version 21 for Windows released2010-02-08T17:46:00+00:00https://www.mullvad.net/fr/blog/2010/2/8/version-21-for-windows-released/<p>Version 19 and 20 wouldn't start on some Windows systems (Runtime Error R6034). <a href="../../download/mullvad-21.exe">Version 21</a> solves that problem.</p>50 GB becomes 100 GB2010-02-06T15:20:00+00:00https://www.mullvad.net/fr/blog/2010/2/6/50-gb-becomes-100-gb/<p>The data traffic amount for each paid monthly period is increased to 100 GB. Existing remaining amounts are also doubled.</p>Version 20 released2010-01-28T18:00:00+00:00https://www.mullvad.net/fr/blog/2010/1/28/version-20-released/<p>Version 20 of the program is now <a href="../download.php">available for download</a>. The most significant new feature is the option <em>Block the internet on connection failure</em>. It is an easy way to protect anonymity by blocking access to the internet in case the connection to Mullvad is broken. The traffic destined for the tunnel will be blocked until <em>Disconnect</em> or <em>Quit</em> is selected from the menu or until the connection is reestablished.</p>