Gothenburg-based cybersecurity consulting firm Assured AB confirmed the security of Mullvad VPN servers as ‘no leakage or logging of customer data could be found.’
“The configuration is sound and did not display signs of any direct customer information,” conclude the security group in its report (opens in new tab).
However, some medium and low risks vulnerabilities have been spotted around firewall policies and internal monitoring practices that should be improved to further minimize attackers possibilities.
Mullvad VPN server audit completed by Assured AB, with no information leakage or logging of customer data detected. https://t.co/lREPYFzi0jJune 22, 2022
Mullvad VPN developers seem to be now busy fixing the bugs in its servers’ infrastructure.
Among the improvements, it has already implemented more stringent firewall rules to make the protection against malicious intruders even stronger. A wider range of credentials has been implemented so that every server and API will have their own unique identifiers.
Overall, the provider claims to be satisfied with the outcome. “We are thankful to Assured AB for verifying that we do not have any customer logging enabled on any of our external facing services.
“As with our last audit we will endeavor to do audits on as close to a yearly basis as possible. We are grateful to Assured AB for auditing our servers, they were able to highlight new issues that the previous audit did not.”
For customers, it is important to know if their data security is actively protected. This is the reason why VPN audits conducted by trusted third-party experts are an important practice for safeguarding the safety of users.
By providing an independent verification over companies’ policies and software infrastructure, they ensure nothing is missed in development, and that customers aren’t misled by flase marketing messages.
As in Mullvad VPN’s case, these audits also offer an opportunity to spot and fix potential vulnerabilities before they can develop into more serious risks for users’ privacy.