Mullvad uses Gmail [update: they changed]
This was originally an article criticizing Mullvad’s use of Gmail, and surprisingly thanks to you guys sharing it, they actually changed
Update:
This was originally an article criticizing Mullvad’s use of Gmail, and surprisingly thanks to you guys sharing it, they actually changed as we update here.
Original Text:
Here is the original text of the now outdated article to show that change is possible and as the update explains, how it can be used for good:
The VPN company Mullvad mouths off “privacy is a right”, but deep down they don’t really give a shit. They don’t even bother to host their own emails for critical technical support, and point the MX email record of mullvad.net to Google.
This is a potential privacy risk because many times people will not bother to use PGP and the technical support will ask for their account number. And you’re assuming the people who need VPN technical support even know how to use PGP, and they likely aren’t hiding their IP address because they need support. Often people may use their real email, so they don’t miss the reply on burners, and that leaks their name. Now Google, and therefore the government, know your mullvad account number…
From here, the government can sign in to Mullvad’s site as you, and see the timestamp of first sign-in on each device with the wireguard public key. Although Mullvad masks it will bullshit names, the government can sign-out of the device so when you re-sign in thinking it’s a random technical error, they now know which is which. This enables at a minimum, the identification of your other devices. Maybe you signed in at another location? For example your cellphone.
When you’re out using WiFi anonymously at a public location, the government signs you out of Mullvad. So then when you sign back in, they identify the public location traffic as you. If this is not enough, now the government knows which account to demand a court order for. What are you going to request technical support? Sounds like more info gathering.
Even if none of this is relevant to you. The basic fact remains that Mullvad is using primarily Google to talk to customers, and the customers aren’t even aware of it because it’s a vanity domain. I don’t think people realize just how difficult it is to avoid Google. It’s not voluntary dude, these companies are forcing me out to the fringe of society, to not have everything I’m doing piped into a company I so vehemently hate.
Google is literally paid by the US government to manipulate search results through their Jigsaw division and Moonshot CVE. They aren’t just doing ads dude, it’s a for-profit propaganda machine. (We covered this in our other Google article)
Other privacy influencers always recommend Mullvad, and for the most part I do agree with this for the “average joe”. But let’s keep it real here, if you check the servers, they use many of the same 3rd party providers. Mullvad, IVPN, and TorGuard all use M247 for New York and Los Angeles. So if you connected to LA Mullvad, then switch to LA IVPN, thinking you’re getting a “new identity” you’re not. It’s NSA passive surveillance on the size of data packets going in and out of places like M247 that reveal you, and NOT Mullvad backstabbing you.
Does using Gmail mean Mullvad is compromised? No! You’re twisting my words…
What I’m saying is that very few people genuinely care about privacy, and when you realize just how involuntary Google is, only then can you actually take steps to free yourself.
Is the point of this to smear Mullvad? Sort of. I want to create negative consequences for all companies that force Big Tech on us. All of them think they can cut costs because the public doesn’t care.
Well, I’m here today to say that I care. And even if I stand alone. Even if I’m shadow banned by search engines off the face of the earth. I stand my ground.
But I got a feeling I’m not alone. So if you spread this message, maybe… just maybe, we can get Mullvad to change.
You really want to learn how to be invisible? Consider subscribing to find out about new relevant content via our uncensored Session messenger bot. We are changing the content delivery game with Session. But you can also subscribe via RSS feed, by weekly email, or follow us on Nostr.
If you really want to learn and take your privacy to the next level, subscribe to our new content via: Nostr, Bastyon, Session, RSS, Ethereum Push
Related Posts
Decloaking VPN traffic: New critical vulnerability
This allows the ISP or local router to see the VPN traffic by abusing your router
[SP]
May 7, 2024
OpenVPN vs WireGuard: Which one should you use?
Each of them have different advantages and use cases.
[SP]
Oct 17, 2022
Browser Fingerprinting: What You Need to Know
understand the difference between a cookie and browsing fingerprinting
[SP]
Oct 16, 2022
How to Stop Browser Fingerprinting
Now we’ll discuss some tactics to actively avoid fingerprinting
[SP]
Oct 16, 2022