MullvadVPN’s servers have had an independent audit – and the results are in
One of the best VPN services around right now, Mullvad VPN has scored some positive results in its second independent security audit.
Assured AB, a Gothenburg-based cyber security consulting firm, confirmed the security of the Mullvad VPN servers as ‘no leakage or logging of customer data could be found.’
“The configuration is sound and does not display any discernible customer information indication,” the security group concluded in its report. (opens in new tab),
However, some medium and low risk vulnerabilities have been observed around firewall policies and internal monitoring practices that should be improved to further reduce the chances of attackers.
Mullvad VPN server audit completed by Assured AB revealed no information leakage or logging of customer data. https://t.co/lREPYFzi0j22 June 2022
What will happen next?
Mullvad VPN developers are now busy fixing bugs in their server infrastructure.
Among the improvements, it has already implemented more stringent firewall rules to make protection even stronger against malicious intruders. A wide range of credentials are implemented so that each server and API has its own unique identifier.
Overall, the provider claims to be satisfied with the result. “We are grateful to Assured AB for verifying that no customer logging is enabled on any of our external facing services.
“In line with our previous audits we will try to audit on an annual basis as much as possible. We are grateful to Assured AB that they audited our servers, they were able to uncover new issues that were not in the previous audits.”
For customers, it is important to know whether their data security is actively protected. This is why VPN audits conducted by trusted third-party experts are an important exercise to safeguard the security of users.
By providing an independent verification on companies’ policies and software infrastructure, they ensure that nothing is missed in development, and customers are not misled by flimsy marketing messages.
In the case of Mullvad VPN, these audits also provide an opportunity to identify and fix potential vulnerabilities before they can develop into more serious risks to users’ privacy.
Mullvad VPN is one of the big names that has had an independent audit. Other providers that do this include ExpressVPN, NordVPN, Surfshark, and IPVanish.