Comment by ignoramous
Comment by ignoramous 2 days ago
> Mullvad is near the cutting edge on zero trust deployments
What is "zero trust deployments"?
Comment by ignoramous 2 days ago
> Mullvad is near the cutting edge on zero trust deployments
What is "zero trust deployments"?
> no databases of user info
Depends on the payment method. Accounting is mandatory in Sweden.
As a customer of [payment] services, these entities would allow us to request this information if we chose to do so. In short, your payment actions with these two methods are not anonymous and the GDPR and other relevant data protection regulations may apply if you are making a payment by credit card, PayPal, Swish or by bank wire.
The data must be kept for the statutory retention period described in applicable local laws such as the Swedish Accounting Act (some information must be stored for seven years from the end of the fiscal year).
https://mullvad.net/en/help/no-logging-data-policy / https://archive.vn/qkvD3
Sure, but if privacy matters to you, you have the option of buying credit anonymously and applying it to an anonymized account number. And if your threat model includes nation states, you're definitely not buying anything with a credit card. I also think if you're after payment details, there's more lucrative targets, eg Stripe.
OK. I was just wondering about your "zero trust" (aka "no database of user info etc") comment in the face of those and other Swedish laws that apply to Mullvad, is all.
What you're now telling me is only if I, as a user, don't give Mullvad my info, they wouldn't have to store that. I mean, that's one way or one way of looking at it, alright.
Meaning they're achieving their privacy goals without any inherent trust in their systems (eg no databases of user info, etc)