We want to ensure a high degree of privacy for our users. To do so, Mullvad uses a variety of technologies and methods.


Stay secure on public WiFi

Connecting to WiFi at a cafe, hotel, airport, or any other open network means you are at risk for being hacked or tracked. Protect your web browsing with Mullvad in which traffic to and from your computer is encrypted to the highest standards.

Protect against mass surveillance

Worried about your online activity being scrutinized? Mullvad protects your internet traffic from eavesdropping.

Keep your privacy

Your IP address is hidden and replaced by one of ours, ensuring that your activity and location are not linked to you.

Anonymous account

A Mullvad account can be created without supplying any personal information – not even an email address. We keep no activity logs and encourage anonymous payments with cash or one of the cryptocurrencies we accept. Communicate privately with us by using our public PGP key for encrypted email.

Keeping you safe during disconnections

With Mullvad, all Internet traffic is automatically blocked upon VPN connection failure. This safety feature ensures that your traffic is not accidentally leaked outside of our secure tunnel.

No logging and no tracking on our homepage

We don't log traffic on our website and refrain from sending usage statistics to external parties. Our website uses only a few essential cookies.


Fight censorship

Use Mullvad to get past restrictive firewalls and proxies. Connected to one of our servers, you are free to surf the entire web.

Mitigate blocking and throttling

Internet providers will sometimes completely block or purposefully slow down (throttle) traffic types which they don't want to provide full or any support for. We try to mitigate this by wrapping the traffic in a layer of obfuscation (with the help of SSH tunneling, Shadowsocks, Stunnel) that makes it harder for the provider to identify and block it.


Worldwide distribution of servers

The closer a server is physically located to you, the faster your VPN connection will be. Our servers are located worldwide. Browse our server list for all available countries, including each location's server address.

Supported on multiple platforms

Mullvad can be used on Windows, macOS, Linux, iOS, Android, and most other devices supporting OpenVPN.


We control our servers

For maximum security, we use physical, bare metal servers (no virtual servers) that are administrated and either owned or rented by us in carefully selected data centers. Our rented servers are not shared with other clients. We put a lot of effort into hardening servers and following best practices.

We have our own app

We have developed an open-source VPN app that works for macOS, Windows, and Linux.

Our servers use OpenVPN and WireGuard®

We only offer secure, open-source protocols. WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. OpenVPN is the most widely used solution for creating secure, point-to-point connections, and it has been extensively tested for security purposes.

Port forwarding available

We offer the ability to open ports in order to forward incoming traffic to your device.

We live and breathe security

We set really high security standards for ourselves. From the operating system on our computers (Qubes) to the tools we use daily, we strive to ensure that our entire workflow is really hard to exploit. We do this in part by using open source software in our infrastructure.


  • Mullvad supports DNS leak protection
  • Mullvad supports Teredo (IPv6 over IPv4) leak protection
  • Mullvad supports IPv6 tunneling as well as IPv6 blocking and leak protection
  • Mullvad supports OpenVPN on a range of custom ports, including but not limited to 53/udp (DNS), 80/tcp (HTTP), 443/tcp (HTTPS)
  • Mullvad only supports the VPN protocols OpenVPN and Wireguard
  • Mullvad does not block authenticated SMTP
  • Mullvad does not block P2P
  • Mullvad blocks SMTP port 25/tcp because of spam
  • Our data encryption is AES-256
  • We run our own public key infrastructure (PKI)
  • We support SSH tunneling, Shadowsocks, and Stunnel through our bridge servers
  • All our OpenVPN servers use 4096 bit RSA certificates (with SHA512) for server authentication
  • All our OpenVPN servers use 4096 bit Diffie-Hellman parameters for key exchange
  • All our OpenVPN servers use DHE for perfect forward secrecy
  • OpenVPN re-keying is performed every 60 minutes
  • All our OpenVPN servers offer all available data channel ciphers on all ports, including AES-256-GCM, AES-256-CBC, and BF-CBC. AES-256-GCM is the default.
  • Mullvad meets the privacytools.io criteria