I forget where Mullvad is based

They are based in Sweden.

dlb I have used Mullvad for several years and I am quite satisfied with their services (speed, broad choice of servers, Wireguard, FOSS and audited client, privacy-respecting means of payment, minimalist account creation). They seem to be transparent about their operations.
I cannot say for Proton VPN; never used it.

Whatever provider you choose, do not rely on them to hide your identity online. For that, you should use other tools private by design.

I recommend reading the PrivacyGuides VPN overview page and their VPN comparison.

dlb Other folks already gave some good answers, I'll add my 2 cents:

Mullvad:

  • Their privacy policy is second to none. Read how they handle payment information for example, it really tells a lot
  • Can pay with Monero or cash

Proton:

  • Offer free accounts
  • Offer IKEv2 protocol which is important if you want to use native Android VPN implementation or setting up VPN profile on iOS via Apple Configurator so VPN doesn't leak
  • Has many features like secure core or stealth

Also look at IVPN to compare

I've tried to find proof of Proton turning on logging for a user but can't seem to find anything. Is there legit proof of this claim?

    Kottonballs i believe this case in france is the only known instance of proton giving over user data, but not a great look imo. i use them for my personal email but not vpn or anything else where i'm seeking full privacy.

    • dlb replied to this.

      itsjpb isn't Graphene os now supported by proton with funding? As I have read somewhere on this forum. If proton has this reputation, why would Graphene take money from them

        So if proton mail gives away IP address from clients , what other email service you recommend

        Thank you for providing the link but I'm still suspicious of the report. I question everything because the internet is full of lies all the time and this report seems to draw conclusions from questionable sources and a tweet or two. TY though.

          Kottonballs What part is suspicious? It's court documents and the company's response confirmation/clarification. But it is a niche case and proton's probably safe enough for most users.

          And agreed the internet is full of lies, i try to read as little of it as possible :)

          dlb yes proton is among the supporters of graphene. they're still a privacy focused company, they're just not perfect. It's only recorded they share logs for active criminal cases, not normies. I don't love that fact but use them for my main email client as they are still highly private and i'm not emailing about criminal activities. If I were I would consider mailfence or jumping to element or a similar matrix client instead of email.

          and there are far smarter people than me on this forum, its just my 2 cents.

            Kottonballs I've tried to find proof of Proton turning on logging for a user but can't seem to find anything.

            French police arrested a climate activist in September 2021. Proton were legally compelled to turn over data related to the IP address certain emails were sent from, and the IP address was useful in engineering the arrest. My understanding is it was just simple internet traffic logs that were turned over (they didn't break encryption on the emails or anything like that). Legally, Proton had no way out of it and no option to appeal the request. If they tried to illegally conceal the data, they would have been shut down, and Proton employees would have been arrested.

            Proton CEO Andy Yen responded to the event in a blog post here: https://proton.me/blog/climate-activist-arrest

            I think an important thing to note is the whole thing would have been made impossible if the user had simply connected with Tor or a VPN to send their emails. Proton even offers an onion site (https://proton.me/tor) for anonymous access--very uncommon for an email provider--which is a resource this person obviously did not take advantage of.

            This is basically a case of user error. Considering they were under criminal investigation, they were frankly a bit careless. It seems unfair to blame the email provider when a user cannot take even the most rudimentary precautions to protect their anonymity.

              BluishHumility

              Another point to make is to distinguish between a "privacy focused" service, and a "bulletproof" service.
              Proton has always said that they will comply with the laws.

              There are services that say they will not... and they don't last very long. They inevitable attract the worst criminals, and get infiltrated/raided/seized/shutdown.

              itsjpb It's only recorded they share logs for active criminal cases, not normies.

              It doesn't matter. They gave up customer data. What is the point of having VPN then if they sell your data. Maybe we are safer with our isp

                BluishHumility French police arrested a climate activist in September 2021

                I still can't wrap my head around of what does France have with Switzerland... How does France have authority in Switzerland

                  dlb they went through the Swiss courts and won. As another said, if the user used vpn, they would have not been found.

                    chuck if the user used vpn

                    I think you meant Tor

                    dlb what does France have with Switzerland

                    I think Swiss courts only allowed it because a Swiss law was broken. Not sure which.

                    dlb What is the point of having VPN then if they sell your data.

                    Not sold. Big distinction.
                    Selling data for profit is why so many privacy advocates hate Google.
                    Complying with local laws is still expected of privacy focused services.

                    If Proton were to start breaking the law to keep customers shielded, I'd leave. Because it won't last long and I'd expect LE to start infiltrating, spying and raiding.

                      dlb It doesn't matter. They gave up customer data. What is the point of having VPN then if they sell your data.

                      Proton didn't sell anyone's data, nor was this case related to their VPN service to begin with. You are letting the facts get away from you.

                      Graphite chuck if the user used vpn

                      I think you meant Tor

                      According to Andy Yen's blog post (which is worth a read if you haven't yet), either would have sufficed perfectly fine. If Proton turned over an IP address for the emails that lead to a no-logs VPN, that would have been the end of the trail. Even if the user connected with Proton's own free VPN service, that would have sufficiently obfuscated their traffic because the IP address doesn't lead anywhere (under current Swiss law, email and VPN are treated differently, and Proton VPN cannot be compelled to log user data.)

                      Graphite If Proton were to start breaking the law to keep customers shielded, I'd leave. Because it won't last long and I'd expect LE to start infiltrating, spying and raiding.

                      I think this is right. For people who can be bothered to use the resources correctly, what Proton offers is an amazing contribution to the privacy rights movement. To sacrifice all of that infrastructure and tooling just to take a bullet for someone who was careless or ignorant with how they were using the services does not seem right. It's unfair to everyone who is being cautious and using the tools correctly.

                        After carefully reading all about proton and mulvad. And with help of your comments. I have decided that proton is better suitable for me.
                        It is a little bit more user friendly than Mulvad, and accepts also cash payments.
                        And has more features that comes with subscription.

                        Security and privacy wise I think there is not much difference between the two.

                        Yes proton has gave this IP address, but who can tell for sure that Mulvad didn't secretly..

                        As mentioned many times in this forum user is the weakest link in this story.

                        Thanks to all for the help

                        I use Mullvad, not as much to hide my identy, but to avoid trackers and ads. Mullvad has a good adblocker-trackerblocker dns included in their service, so i don't need to use any adblockapp, what is convenient.

                        For those who want to buy anonymous, but don't want to handle with crypto currency's, you can buy 6-month scratch cards on Amazon. I used one month to see if it's good, paid with credit card. When i decided to use it regularly, i simply deleted the app, bought a scratch card from Amazon and generated a new user account. For the account they don't need any personal information, it's just a random number you write down and you can add payments to these, like explained on their website.

                        Mullvad works good so far, they deliver what they offer. Using a vpn doesn't make you invisible for all instances, but it does what is possible for the idea behind a vpn.

                        The speeds are mostly fast, i didn't find a website not working with them. Though they are mostly blocklisted by streaming providers, but i don't use them for that.

                        BluishHumility exactly this. Following the actual Swiss law, they can't ask providers to log VPN data, only email ips. So using both Proton VPN and Mail, they can't reveal IPs. As simple and profound as that.