Replying to Avatar SimplifiedPrivacy.com

Mullvad uses Gmail

The VPN company Mullvad mouths off “privacy is a right”, but deep down they really don’t give a shit. They don’t even bother to host their own emails for critical technical support, and point their MX email record to Google. (See attached image)

This is a potential privacy risk because many times people will not bother to use PGP and the technical support will ask for their account number. And you’re assuming the people who need VPN technical support even know how to use PGP, and they likely aren’t hiding their IP address because they need support. Often people may use their real email, so they don’t miss the reply on burners, and that leaks their name. Now Google, and therefore the government, know your mullvad account number…

From here, the government can sign in to Mullvad’s site as you, and see the timestamp of first sign-in on each device with the wireguard public key. Although Mullvad masks it will bullshit names, the government can sign-out of the device so when you re-sign in thinking it’s a random technical error, they now know which is which. This enables at a minimum, the identification of your other devices. Maybe you signed in at another location? For example your cellphone.

When you’re out using WiFi anonymously at a public location, the government signs you out of Mullvad. So then when you sign back in, they identify the public location traffic as you. If this is not enough, now the government knows which account to demand a court order for. What are you going to request technical support? Sounds like more info gathering.

Even if none of this is relevant to you. The basic fact remains that Mullvad is using primarily Google to talk to customers, and the customers aren’t even aware of it because it’s a vanity domain. I don’t think people realize just how difficult it is to avoid Google. It’s not voluntary dude, these companies are forcing me out to the fringe of society, to not have everything I’m doing piped into a company I so vehemently hate.

Google is literally paid by the US government to manipulate search results through their Jigsaw division and Moonshot CVE. They aren’t just doing ads dude, it’s a for-profit propaganda machine.

Other privacy influencers always recommend Mullvad, and for the most part I do agree with this for the “average joe”. But let’s keep it real here, if you check the servers, they use many of the same 3rd party providers. Mullvad, IVPN, and TorGuard all use M247 for New York and Los Angeles. So if you connected to LA Mullvad, then switch to LA IVPN, thinking you’re getting a “new identity” you’re not. It’s NSA passive surveillance on the size of data packets going in and out of places like M247 that reveal you, and NOT Mullvad backstabbing you.

Does using Gmail mean Mullvad is compromised? No! You’re twisting my words…

What I’m saying is that very few people genuinely care about privacy, and when you realize just how involuntary Google is, only then can you actually take steps to free yourself.

Is the point of this to smear Mullvad? Sort of. I want to create negative consequences for all companies that force Big Tech on us. All of them think they can cut costs because the public doesn’t care.

Well, I’m here today to say that I care. And even if I stand alone. Even if I’m shadow banned by search engines off the face of the earth. I stand my ground.

But I got a feeling I’m not alone. So if you spread this message, maybe… just maybe, we can get Mullvad to change.
Avatar
sommerfeld 1y ago 💬 11

I'm sorry but this is really a nothing burger, a pure nitpick.

Who gives a fuck where they host their customer support emails?

You can spin up new mullvad accounts with 0 friction. Even if you doxx your account in an email, you can create another one.

I don't know any service who "self hosts" email for customer support. That's probably a terrible idea since self-hosted email often gets flagged as spam and that's the last thing you want for customer support.

Your note makes it seem like this is some dealbrealer and that "they don't give a shit about your privacy".

I don't think you have bad intentions but you're letting the perfect be the enemy of good and the result is that people who read that will just be discouraged and not improve their setup.

I think we should be vocal about things that matter. A customer support MX record pointing at gmail is not it.

Reply to this note

Please Login to reply.

Discussion

Avatar
SimplifiedPrivacy.com 1y ago

I disagree. Communication is a core principle of privacy. And it’s not just Mullvad. My point is that so few companies actually care to not use Google, to the point that it is completely involuntary. They could have used one of the other providers such as even Proton that isn’t spam.

And your point that they can’t have emails in their own domain because it’s spam, is exactly the centralization of the internet that I’m talking about. Because literally everyone… not even you, a privacy “influencer” cares enough.

Go ahead, bow down and obey Google overseeing all activity on earth. But I don’t accept that

Avatar
sommerfeld 1y ago 💬 2

Email is already centralized and captured regardless of what provider you choose. It's a shitty protocol, terrible for privacy.

They provide email support to meet people (normies) where they are.

People who really care about anonimity:

1. Should be using Tor instead of a VPN

2. Should not be contacting customer support in the first place. I didn't even know they had customer support 🤣

You have to think about the impact of the things you are bashing. The internet does not get more centralized because they are using gmail.

You could shittalk so many companies that have terrible privacy practices but instead took that time to write a lenthy rant for something this meaningless...

Avatar
mrecheese 🧀 1y ago 💬 1

I think you're both right. They should probably avoid google AND it probably matters less by comparison than, say, not using a VPN at all.

What would kill two birds with one stone is having a customer support option like SimpleX so we don't have to use email in the first place. That would keep anyone, including Mullvad tech support, from knowing who you are.

Avatar
SimplifiedPrivacy.com 1y ago

Yeah I agree with this. My issue is a philosophical one, not a genuine privacy risk to the anonymous Tor guru w/ a SimpleX

Avatar
SimplifiedPrivacy.com 1y ago

Of course I agree with you that email is not private and awful. Of course I agree Tor is more anonymous than a VPN..

THAT’S NOT WHAT WE ARE DEBATING.

I disagree with you that I have to accept things for the way they are. I disagree that have to get down on my knees and obey. It turns it into a completely involuntary interaction with Google. This is Mullvad’s only form of contact. And change has to start SOMEWHERE. SOMEONE has to crack, and I pick the one who claims to be for privacy. If we can’t get Mullvad to change, then nobody.

I agree with you that many other companies have worse privacy policies, what I’m saying is that Mullvad can be converted. They can be changed. Of course companies using Gmail makes the internet more centralized, how can you even debate this point? Again, you’re saying, submit and accept the empire. I don’t submit. I’m not obeying.

Avatar
sommerfeld 1y ago 💬 1

Your OP was clickbaity and sensationalized.

It's ok to want Mullvad to move away from gmail for ideological reasons but that was not your tone.

You claimed that because of that "they don't give a shit about user privacy". You thus implied it affected user privacy when that's clearly not true.

Yes a user can doxx all his PII in a customer support email and then reuse the same mullvad account, but at that point, that's more of an L to him than to mullvad. Personal responsibility is irreplaceable.

Avatar
SimplifiedPrivacy.com 1y ago

Yes you’re correct that the burden of responsibility falls on the individual for anything in life. But Mullvad is misrepresenting themselves here. If they really cared, they wouldn’t do this. My tone is to purposefully create negative consequences for the use of Big Tech, to force them to change. As if I worded it in a “wouldn’t it be nice” way, then I would be ignored.

Avatar
LsnDr 1y ago

People who use Mullvad are not "normies"..normies use Chrome or Edge.

Avatar
sommerfeld 1y ago

People who use mullvad don't usually need customer support either.

c3
c3bcc12e... 1y ago

Who pays for VPN to use it on daily basis? Idiots who don't trust ISP but trust unconditionally VPN provider who knows everything about their traffic.

There is Tor, not great but much better when it comes to privacy. FOR FREE.

Avatar
sommerfeld 1y ago 💬 3

The VPN provider knows everything about your traffic except... KYC and PII which is kind of the most important thing.

Using a VPN is like using a no-kyc ISP + you get the added anonimity set of sharing an IP with other users.

A VPN is not the ultimate solution but it's just basic protection. Without is, it's kind of like getting fucked on the internet without a condom.

c3
c3bcc12e... 1y ago

VPN privider knows you very well even if you pay with cash by mail.

They know your connection-patterns on daily basis.

You can always use Orbot Full VPN mode.

Avatar
sommerfeld 1y ago

Using a VPN is not supposed to protect you from the VPN provider.

It's just strictly better than just using your ISP.

No one is arguing that tor isn't superior privacy wise. Why not route everything through tor? Because many types of internet usage are unusable and unviable through tor.

c3
c3bcc12e... 1y ago

Which sites? Some banks?

Maybe use clear (ISP) connection to browse them?

c3
c3bcc12e... 1y ago

It shows much more... Attitude