Comment by ijustlovemath 2 days ago
Mullvad is near the cutting edge on zero trust deployments; allowing user traffic to pass thru, with guaranteed no logging, assumption of compromise guiding system architecture, etc. Nobody can withstand a nation state, not even other nation states, so I feel like they're doing the best that can be reasonably expected of them
Meaning they're achieving their privacy goals without any inherent trust in their systems (eg no databases of user info, etc)
> no databases of user info
Depends on the payment method. Accounting is mandatory in Sweden.
As a customer of [payment] services, these entities would allow us to request this information if we chose to do so. In short, your payment actions with these two methods are not anonymous and the GDPR and other relevant data protection regulations may apply if you are making a payment by credit card, PayPal, Swish or by bank wire.
The data must be kept for the statutory retention period described in applicable local laws such as the Swedish Accounting Act (some information must be stored for seven years from the end of the fiscal year).
https://mullvad.net/en/help/no-logging-data-policy / https://archive.vn/qkvD3
Sure, but if privacy matters to you, you have the option of buying credit anonymously and applying it to an anonymized account number. And if your threat model includes nation states, you're definitely not buying anything with a credit card. I also think if you're after payment details, there's more lucrative targets, eg Stripe.
> Mullvad is near the cutting edge on zero trust deployments
What is "zero trust deployments"?