The risk of law enforcement raiding a VPN provider to try and obtain customer data nearly became real this week for Mullvad VPN.
The company today reported(Opens in a new window) that Swedish police had issued a search warrant two days earlier to investigate Mullvad VPN's office in Gothenburg, Sweden. “They intended to seize computers with customer data,” Mullvad said.
However, Swedish police left empty-handed. It looks like Mullvad’s own lawyers stepped in and pointed out that the company maintains a strict no-logging policy on customer data. This means the VPN service will abstain from collecting a subscriber’s IP address, web traffic, and connection timestamps, in an effort to protect user privacy. (It’s also why Mullvad VPN is among our most highly ranked VPN services.)
“We argued they had no reason to expect to find what they were looking for and any seizures would therefore be illegal under Swedish law,” Mullvad said. “After demonstrating that this is indeed how our service works and them consulting the prosecutor they left without taking anything and without any customer information.”
Even if police had seized the company’s server, it “would not have given them access to any customer information” due to the no-logging policy, Mullvad VPN said.
It remains unclear what Swedish police were looking for. But hackers and fraudsters can also subscribe to VPN services to mask their internet presence and conduct cybercrime. Hence, local police were probably trying to uncover evidence for a specific investigation. We reached out to Swedish police and will update the story if we hear back.
Although the search attempt may unnerve users of Mullvad, the incident also shows how the company’s no-logging policy can thwart
Read more on pcmag.com