Mullvad, a virtual private network (VPN) named after the Swedish word for “mole,” is often recognized as one of the best VPNs for privacy. I put it on my best VPN list for exactly that reason. I’ve got huge respect for the extra lengths Mullvad goes to in order to ensure its user’s privacy.

To give you a preview, Mullvad is one of the few VPNs — other than my normal privacy recommendation, Proton VPN — that lets users pay entirely in cash. But even Proton VPN asks for an email address to make an account and uses a few marketing cookies on its own website. Mullvad represents every account as a randomly generated 16-digit code and uses no marketing cookies whatsoever.

That’s just one example of how Mullvad goes beyond the call of duty to keep users private. But while privacy is the most important aspect of a VPN alongside security, it’s not the only thing that matters. For this review, I set out to investigate whether Mullvad pairs its rights-protecting bonafides with versatile, convenient and enjoyable VPN apps. Using our rigorous VPN testing procedure, I’ll rate Mullvad in 11 areas. You can find a summary of my results in the table below, skip to the sections that matter most to you or just read my final advice in the conclusion.

Editor’s note (2/11/26): We’ve overhauled our VPN coverage to provide more detailed, actionable buying advice. Going forward, we’ll continue to update both our best VPN list and individual reviews (like this one) as circumstances change. Most recently, we added official scores to all of our VPN reviews. Check out how we test VPNs to learn more about the new standards we’re using.

Mullvad

A VPN with average speeds and features but a great pricing scheme and no compromises on anonymity.

Pros

• Can sign up without any personal information and pay in cash
• Saves no data whatsoever on users, even on its own website
• Excellent apps on all OSes

Cons

• WireGuard is the only protocol
• Disappointing browser extension
• No live chat support

Findings at a glance

Installing, configuring and using Mullvad

Let’s start by examining how Mullvad feels as a piece of software. In this section, I’ll be testing its desktop apps for Windows and Mac, its mobile apps for Android and iOS and its browser extension for Firefox. To start with the installation process, Mullvad downloads and installs in a snap on mobile. On desktop, installation requires a few more steps than is typical, but the app guides you quickly through everything.

Across the board, my only serious complaint is that there’s no option for automatically choosing the fastest server. You can usually assume that the nearest one to you will be the fastest, but there’s always the chance of an unusual server overload. It’s a bizarre oversight for an app that otherwise goes out of its way to be usable.

Windows

Mullvad’s Windows app has a slim UI that uses space efficiently without being too cramped. It doesn’t give you a lot of information, such as live speed tests or data in transit, but I’ve mostly found that to be needless filler on VPN apps.

Speaking of needless filler, the map may be a little bigger than it needs to be, but maps on VPN clients aren’t just about teaching you geography — they do a lot to make the apps more welcoming to casual users who might not otherwise fire up security software. In fact, Mullvad’s UI is admirably beginner-friendly, befitting its focus on privacy for everybody rather than just the tech-savvy.

All the settings are accessed by clicking the gear in the top-right. Here, you can turn on DAITA (Mullvad’s defense against AI traffic scanning), activate multihop and control Mullvad’s other features. There are also some quality-of-life features for the UI itself, such as whether it remains pinned to the taskbar or operates as a standalone window. Some options, especially under the VPN settings tab, are a bit technical, but don’t need to be touched for a good experience.

Mac

Mullvad’s macOS app is quite similar to its Windows app, both in terms of the interface and the features offered. The big difference used to be that macOS lacked split tunneling, but that’s been added in a recent update. The only serious distinction now is that the Mac client can’t be unpinned from the taskbar, which is just a little bothersome.

Other than that, you’ll find every setting you need under the gear, just like on Windows. Similarly, connections to VPN servers happen quickly, and selecting locations from the menu is very straightforward. While connected on either app, you can click the circular arrow by your location to swap to another server in the same location — highly convenient if you’re trying to unblock Netflix.

Android

Mullvad’s Android app has the same nearly-perfect design approach as all its other apps. The main page has nothing on it but the connect/disconnect button, the choice of server locations, a map and the buttons for your account information and preferences. Those preferences are a manageable set of options that are almost all managed with simple on-off switches. It’s all highly responsive and annoyance-free.

iOS

Mullvad’s iOS app looks very similar to its apps on every other platform. The front page is kept simple, with large controls in the foreground and a map taking up most of the space. Everything else is located in the menu accessed through the gear icon at top right. Neither mobile app has the options for toggling the UI itself that the desktop apps have, but it’s mostly free of quality-of-life problems to start with.

Browser extensions

Mullvad’s browser extension is only compatible with Firefox. You can’t actually connect to the VPN through this extension. Its main functions are to tell you whether you’re connected to a Mullvad server and to connect to a SOCKS5 proxy in a Mullvad location. If you do this while connected to Mullvad through the desktop app, you’ll get a second layer of protection, similar to the multi-hop feature.

The Firefox extension is a rare misfire for Mullvad — perhaps fair, since it’s still in beta. Its only real feature is something that the desktop app already does perfectly well, and it looks like a software malfunction to boot. However, given Mullvad’s track record, I’m confident they’ll figure out what to do with it in time.

Mullvad speed test

A VPN almost always slows browsing speeds and increases latencies. It’s unavoidable, given the extra steps a VPN protocol adds to the process of getting online. The trick is to find VPNs that keep the slowdown to a minimum, using a combination of regular maintenance, good planning and smart load balancing.

For this test, I used speedtest.net to check how six of Mullvad’s server locations influenced three key speed metrics. Ping measures latency, the time in milliseconds (ms) that one data packet needs to travel between a client device and an ISP. Download speed measures the amount of data in Megabits that a web browser can download in one second. Upload speed tracks how much data can be uploaded in a second. We’re looking for low latencies and high download and upload speeds.

I’ll start with the bad news: the tests didn’t exactly make Mullvad look like a speed demon. Its speeds have gone up and down in the years I’ve been using it, and right now they appear to be on the downswing. If you use locations all around Mullvad’s server network, you can expect your download speeds to decrease by about 26 percent and your upload speeds to decline by 17 percent.

However, it’s important to put those numbers in perspective. First, Mullvad’s numbers aren’t markedly worse than the ones I got when testing CyberGhost. Its speeds are average, but by definition, most things are average. Its average worldwide latency is actually better than Surfshark, the current champion of download and upload speeds.

It’s also nice that Mullvad’s speed drops follow a predictable curve. Lots of VPNs have unexpectedly sharp declines in certain locations, frequently in Africa. By contrast, Mullvad’s speed decreases pretty much as a direct function of how far from the server you are. This not only makes speed drops easier to plan around, but also means you can expect very good speeds on nearby servers.

This property of being fastest on servers near the user is another sign of Mullvad’s focus on its core privacy mission. If anonymity is your main reason for using a VPN, it doesn’t matter what your IP address is, so long as it’s not your real one. Using a nearby Mullvad server should guarantee you an internet connection that’s both fast and private.

Mullvad security test

To be secure, a VPN has to check two critical boxes. It must provide you with a secondary IP address without leaking your real one, and it must encrypt your communications with its servers so your activity can’t be traced. In the sections below, I’ll see whether Mullvad meets those requirements.

VPN protocols

VPNs use protocols to mediate between end devices, ISPs and their own servers. The first step is to ensure that the service you’re considering uses protocols that have expert confidence. Mullvad has kindly made this step easy for me by using only WireGuard on all its apps, with no OpenVPN, IKEv2 or in-house unique protocols.

There’s no question that WireGuard is a solid protocol. It uses the ChaCha20 stream cipher for symmetric encryption and Poly1305 for authentication, both uncrackable with current technology. Mullvad has even added its own fix for WireGuard’s one flaw, its need to save static IP addresses — the Mullvad implementation is set up to delete the IP address if it goes 10 minutes without being used.

Even so, it’s unfortunate to lose the ability to change protocols, which is one of the most common steps for troubleshooting a VPN connection. I understand Mullvad’s reasoning for cutting out OpenVPN (it claims the cryptography isn’t strong enough) but don’t agree. It’s one of this provider’s few unforced errors.

Leak test

There’s a straightforward test to determine if your VPN is leaking. Load up any website that shows your IP address — I personally use ipleak.net — and see what IP and location it reveals without your VPN active. Then activate the VPN and refresh the page. If you see your real IP address anywhere, your VPN is leaking.

I ran that test on five Mullvad servers. Each time, the website showed me the IP address of the VPN server, concealing my real one. To keep things simple, I ran the initial tests with IPv6 blocked via the Mullvad client. When I turned it on and tried again, the IPv6 traffic didn’t leak any more than the IPv4 did. I also saw no signs of WebRTC leaks. Unless you set up a custom DNS server, Mullvad also uses its own DNS, which remains entirely within the VPN tunnel.

I had one more leak test to try. Frequently, VPNs are leak-proof when maintaining a connection to one server but drop encryption when switching between servers. That problem is why I ultimately couldn’t recommend Norton VPN. Luckily for me, Mullvad has a button that lets you shuffle to another server in the same location, so I used that to see if it stayed leak-proof.

As you can see in the screenshot, Mullvad jumped seamlessly from one server to another without showing my real location in-between. On a practical level, that’s enough for me to declare Mullvad leak-proof.

Encryption test

For one final experiment, I used the WireShark packet sniffer to see whether the data Mullvad sent from my computer to my ISP was encrypted. After capturing a few packets, I was gratified to see that they were totally unreadable to interlopers. Most established VPNs pass this test, but it’s still important for due diligence.

How much does Mullvad cost?

Mullvad’s pricing structure is one of the most unusual things about it. This is normally the section where I untangle 47 different Pro+ and Business- accounts that are all sold at three different durations. Mullvad couldn’t be further from that. It costs 5 Euro a month — that’s it. Each 5-Euro subscription can be used on five devices at once.

It manages payments through a system inspired by parking meters. When you sign up for Mullvad, you’ll buy as much time as you want. That time will count down until it expires, unless you top it up with more 5-Euro payments. If you run out of money, Mullvad won’t charge you a new subscription fee because you didn’t tell it not to. It’ll just stop working until you pay again. Every payment also comes with a 14-day money-back guarantee, except for payments made in cash.

The only real complexity in the process is that Mullvad always figures out its prices in Euro, so outside the EU, the cost per month is affected by exchange rates. If you happen to live in a country where the government’s economic policy shuttles between capricious and arbitrary, you might want to grab a few months in advance.

The other most interesting thing about Mullvad’s pricing is the options you can use to pay. For maximum privacy, you can pay with cash using the payment token you’ll find on your account page. Note that this is not the same as your account number. To find it, log into your dashboard on Mullvad.net, click Add time to your account in the left-hand bar, then click the button labeled Cash and scroll down. Make your cash payment by writing the token on an envelope and mailing it to Sweden (full instructions here).

You can also get untraceable Mullvad vouchers by paying cash at participating retail locations. Most of them are in Europe, but you can order them from Amazon. While your payment to Amazon won’t be private, the voucher can’t be linked directly to your VPN account, since the actual number is hidden behind a scratch-off panel. It’s actually pretty ingenious.

Of course, you can also pay using any of the normal methods, including credit cards, cryptocurrency and bank wires (though not PayPal). But the more private methods are always there for people who need them.

Mullvad side apps and bundles

Mullvad is that rare VPN that’s still content to be a VPN and not an all-inclusive security suite. No shade to NordVPN or Surfshark, whose extra features are generally quite good, but it’s nice to see at least one of the top providers staying focused.

Although Mullvad doesn’t have any partners that sell their products alongside its VPN, it does have several partnerships with other VPNs who use its network as the basis for their own products. MalwareBytes Privacy VPN, Mozilla VPN, Tailscale and Obscura can all be considered Mullvad side apps if you squint.

Mullvad Browser

Mullvad’s only product other than the VPN is Mullvad Browser, which is free to download and works on Windows, macOS and Linux. Mullvad Browser works in the background, blocking common methods of browser fingerprinting that can be used to deduce your identity even when you have a VPN running.

For example, it automatically reports your time zone as UTC, disguises personal preferences like font and window size, scrambles information sent by APIs and conceals your browser version and computer operating system. It’s also in private mode by default, which doesn’t hide what your ISP sees but is useful for concealing your activity from other people that might use your computer.

Close-reading Mullvad’s privacy policy

Since privacy is Mullvad’s main selling point, this section is even more important than usual. Loopholes in the privacy policy of the privacy VPN would be deeply ironic. Fortunately, Mullvad’s privacy policy backs up its high-flying rhetoric. It’s a short, pointed and readable document with no problems I could discern. Mullvad has no parent company or subsidiary it might use as a loophole, and no clauses in its policy are left open to interpretation. It’s a masterpiece of the privacy-policy genre.

The document is actually three policies: a privacy policy, a no-logging policy and a cookie policy. The privacy policy lists all the times Mullvad might collect data about a user. That’s exactly two situations — using financial information to process payments (which will be entirely anonymous if you use cash or a voucher) and using your email address to track support tickets you open. That’s it.

The no-logging policy is a bit longer, but mostly because it’s explaining exactly how Mullvad manages to run a VPN service with so little information on individual users. For each account, it stores a number and an expiration date, plus public keys and tunnel addresses if you’re using WireGuard (deleted at most 10 minutes after your session ends). Everything else is completely anonymized. Mullvad even claims that its 500,000 or so user accounts could have been created by the same user 500,000 times, which I suppose is one way to spend 2.5 million Euro.

The cookie policy is the shortest because Mullvad uses exactly five cookies. One saves your login status in your browser, one saves your language preferences, one protects its site from being used in a specific kind of forgery hack and the other two are for handling Stripe payments.

Independent privacy audits

Mullvad corroborates its privacy policy with regular audits of various aspects of its service. Currently, there are 17 audits listed on its website, including four infrastructure audits by Cure53. All of its apps have been separately audited and found to be solid. It has been a couple of years since the last full infrastructure audit in 2024, but given how many other targeted reviews Mullvad has gone through since then, it’s hard to be too upset about the pause.

In 2023, Mullvad achieved the holy grail of VPN privacy: being ordered by subpoena to turn over customer information and not being able to comply because that information didn’t exist. Nothing compares to a VPN’s privacy being tested in the wild like this.

Can Mullvad change your virtual location?

Sometimes, a VPN appears to be working, but still reveals your real location to websites. Netflix is a useful proxy for this. To unblock a streaming site like Netflix, a VPN needs to change your virtual location while not appearing to do so — if Netflix sees any hint of VPN traffic, you’ll get blocked with the hated proxy error. I used five different locations to check whether Mullvad is up to the streaming task.

Mullvad did well for streaming, but it didn’t manage a perfect score like its fellow anti-establishment VPN Windscribe did. Two of the 15 servers I tested failed to unblock Netflix, one in Singapore and one in Mullvad’s hometown of Gothenburg. I also had trouble logging into Netflix while connected to a Vancouver server, though that server did unblock the site consistently once I got inside.

In Mullvad’s defense, no location failed more than once. It’s completely possible to get good streaming performance out of this VPN; you just have to be willing to click the server refresh button a few times. Privacy is still the main use case for Mullvad, but it’s fine for streaming too.

Investigating Mullvad’s server network

Mullvad has 90 server locations in 50 countries and territories. Unusually for a VPN, users can choose between all 590 of its total servers, including several in each location. There’s even a list on its website that shows you the status of every server.

Mullvad does not use virtual server locations, so every server is physically located in the place where it claims to be. Here’s how they’re distributed.

Over half the countries with servers are in Europe and over two-thirds of the cities with servers are in either Europe or North America. That lopsided network is a limitation of Mullvad’s refusal to use virtual server locations, since its real servers have to be concentrated in nations developed enough to host data centers. With an all-real network, it’s easier to tell which servers will give you the fastest performance, but you can’t simulate as much of the world as you can with larger services like ExpressVPN.

The good news is that there’s at least two real server locations on every continent. Mullvad has a surprisingly robust presence in South America and two bare-metal servers in Africa, which is more than some other VPNs have. In the end, though, the best application of Mullvad is to protect the online privacy of users in North America, Europe and eastern Asia.

Extra features of Mullvad

Most of Mullvad’s features are augmentations to the VPN itself, rather than side options that do other things. Some of them are bread-and-butter, like the kill switch and split tunneling, but a few you won’t find anywhere else. Note beforehand that Mullvad does not support port forwarding, so if you depend on that for your torrenting, try another VPN.

DAITA AI defenses

Mullvad’s most novel feature is a recent one. DAITA, which stands for Defense against AI-guided Traffic Analysis, can be toggled on and off in the Mullvad app. According to Mullvad, certain patterns in how browsers communicate with websites can be analyzed by AI to reveal the truth behind encrypted internet history. DAITA hides those packets by filling communications with background noise so the AI won’t know what’s real.

DAITA is a laudably forward-looking feature, but as Mullvad itself admits, it will make your browsing speeds slower and drain your battery. I recommend only using it for activities you really want to hide.

Quantum resistance

Mullvad’s desktop apps establish quantum-proof WireGuard tunnels by default. Quantum computing isn’t yet a threat to WireGuard, but it may become dangerous in the future, so Mullvad is getting ahead of the problem (along with a few other services like NordVPN). When quantum resistance is active, Mullvad encapsulates its keys using the current standard mechanism, ML-KEM.

Anti-censorship

If you find yourself in a country where government censorship makes it hard to access the internet, Mullvad has options that might help. These anti-censorship features can be used to get around firewalls that block visible VPN traffic. You have several options, including changing your WireGuard port, randomizing your port number, disguising your VPN traffic as an ordinary HTTPS connection or using an obfuscated Shadowsocks proxy.

Mullvad’s anti-censorship involves more features than most VPNs have in this area. This makes it a bit less user-friendly, but a lot more likely to work. If you’re new to getting around censorship, Mullvad’s help center has a helpful page about using its anti-censor settings.

Multihop

Many VPNs offer a double-hop connection that routes your traffic through two servers instead of one, adding a redundant layer of encryption in case one server malfunctions. Mullvad pulls ahead of the competition (except Surfshark, which also does this) by allowing you to choose your entry and exit servers. When you activate the multihop option and open the server list, you’ll be prompted to pick two locations instead of one.

This means you can select an entry server that’s close to you and an exit server in any country whose location you want to spoof, letting you fine-tune your own performance. It’s way nicer than being railroaded into certain paths.

DNS content blockers

Mullvad includes six blocklists that can keep you or your family members from looking at unwanted content: ads, trackers, malware, gambling, adult content and social media. These lists can’t be customized like Windscribe’s R.O.B.E.R.T. blocks can, so you’re limited to just turning them on and off.

IPv6 support

The internet is gradually transitioning from the old IPv4 standard over to IPv6, which will allow many more addresses to be shared out. Mullvad is one of a few VPNs looking ahead to the IPv6 era. You can leave it to block all IPv6 traffic, but if you do need IPv6 for any reason, you can enable it while still being connected to a Mullvad server.

Kill switch and lockdown mode

Mullvad comes with two features that protect against unexpectedly losing your VPN defenses. The first is a kill switch, a common VPN option that cuts off internet access if the VPN tunnel ever fails. This simple measure helps guard against accidental leaks.

Lockdown mode is the stronger option. While it’s active, you will be unable to get on the internet unless you connect to a Mullvad server first. This will remain true if you turn the connection off yourself and even if you quit the app.

Split tunneling

Split tunneling is available on Mullvad’s apps for every system except iOS. It lets you send some apps outside the VPN tunnel so they get online with your normal IP address. It’s helpful if you have some apps that don’t work with the VPN active — this is common with online banking, as an example. Another common application is to protect a torrenting client in the background while using your browser unprotected for better speeds.

Mullvad customer support options

Mullvad makes two forms of support available in the app. You can report a problem by going to Settings -> Support -> Report a problem, typing your question (requested to be in either English or Swedish, though they’d probably be able to read a question run through Google Translate) and optionally providing your email. You can also view the app’s logs at any time, which can be useful to help a technician diagnose your problem.

If you’d rather search for a solution at your own pace, you can go to that same page and click FAQs and Guides instead. This opens the help center in a browser.

I love Mullvad’s approach to laying out its FAQs. Instead of crowding topics into five or six categories and making you guess whether your problem falls under setup, usage or troubleshooting, Mullvad gives you a set of dropdown filters to narrow down the articles which might relate to your problem.

By the time you’ve named which device, OS and protocol you’re dealing with, you won’t have many articles left to sift through. There is an annoying tendency for certain sets of filters to reduce the number of surfaced links to zero, but for those cases, there’s a search bar that also works well.

The articles themselves are good enough that I referred to them several times while writing this review. Some of them are a bit overlong, but they’re diligent about including both internal and external links to get you where you’re going fast.

Live support experience

This is normally where I cover how it feels to get live chat support from the VPN I’m reviewing. However, Mullvad doesn’t have live chat support. That’s unfortunate, although it’s still better than Windscribe’s approach of forcing you to banter with a sarcastic robot. Instead, I sent a question via email to Mullvad’s support team, and got a response within 24 hours.

Mullvad background check

Mullvad was founded in 2009 in Sweden. It’s still owned and operated by its original founders. According to a detailed timeline on its website, its 16-year history has been as uneventful as any user could ask for, with not much changing except updates to stay on the technological leading edge. The only controversy mentioned in Mullvad’s own materials is the 2023 police raid of its headquarters, which (as I covered in the privacy section) only makes them look better.

So as not to take Mullvad at its word, I scoured the last 16 years of news items and user reports to search for any other blemishes on its record. Based on that research, I found no reason to doubt Mullvad’s honesty about its location, owners or team.

I found just one leak that wasn’t noted on Mullvad’s own site. In 2023, a security research group called ZATAZ alleged that it found anonymized information on Mullvad users saved on an Internet Archive page, including account numbers (linked article is in French). According to ZATAZ, Mullvad contacted the Archive and got the page deleted.

To my mind, the only mistake Mullvad made in response to the ZATAZ allegations was not making a public statement about the incident. I can see why they didn’t think it was a big deal, since even logging into someone else’s Mullvad account wouldn’t show you their browsing history, but it’s always better to communicate about these things.

Final verdict

Mullvad is a VPN that knows what it wants to be and achieves that goal with flying colors. It’s not trying to be an everything app — it does privacy and does it well. That’s not to say it has nothing going on outside the VPN itself, as its DNS blockers, AI defenses and split tunneling all work smoothly. But if you want a VPN that’s not ashamed to be a VPN, Mullvad is the right choice.

Of course, it has its own compromises. It’s solidly in the middle of the speed pack and occasionally trips up when unblocking streaming sites. The lack of any protocols other than WireGuard grates on me a bit, since it reduces the user’s options for troubleshooting. With all that said, those are minor hiccups on a VPN that does such a thorough job keeping you anonymous online.