Cops Raid Swedish VPN Provider Only To Find Out There’s No ‘There’ There
from the oh-no-the-things-aren't-even-there dept
There are few things I enjoy writing about more than cops who feel waving around a piece of paper will ensure they can get what they want. I’ve handled a few of these stories before, most of them centered on Signal, the little messaging service that could — one that does not collect user data and would rather exit the marketplace than subject itself to encryption-breaking government mandates.
So, it always gives me pleasure to learn that cops armed with court orders approached a privacy oriented tech company only to find out the stuff they wanted didn’t actually exist at the place they searched. Due diligence is a thing, investigators. Your boilerplate is obviously false if you’ve claimed (based on “training and expertise“) that the place you want to search contains the information you wish to obtain.
That’s the case here. A Swedish VPN provider was raided by local law enforcement, but was unable to produce any of the information officers were searching for… something officers might have realized prior to the search if they’d bothered to read the terms of service. Here’s Michael Kan with the details for PC World:
The company today reported that Swedish police had issued a search warrant two days earlier to investigate Mullvad VPN’s office in Gothenburg, Sweden. “They intended to seize computers with customer data,” Mullvad said.
However, Swedish police left empty-handed. It looks like Mullvad’s own lawyers stepped in and pointed out that the company maintains a strict no-logging policy on customer data. This means the VPN service will abstain from collecting a subscriber’s IP address, web traffic, and connection timestamps, in an effort to protect user privacy. (It’s also why Mullvad VPN is among our most highly ranked VPN services.)
If the cops had run a search of Mullvad’s website before running a physical search of its offices, it might have discovered the stuff they swore would be found there actually wouldn’t be found on Mullvad’s premises. It’s not like it’s that difficult to find:
There is a law to collect user data in India and other countries. Does this affect Mullvad?
Mullvad does not collect user data. Mullvad is based in Sweden and none of the Swedish regulations (https://mullvad.net/help/swedish-legislation/) can force VPN providers to secretly collect traffic-related data. We also have no servers, infrastructure or staff in India.
In other words, bring all the law you want, but in the end:
Raid if you want. But you can’t have what providers like Mullvad are unwilling to collect. In the end, you’ve done nothing more than make some noise and embarrass yourself. It’s all there in the Mullvad FAQ, including the fact that Mullvad performs no logging of user activity. If your investigation leads you to providers like Mullvad, it’s a dead end. Look elsewhere.
This policy isn’t in place because Mullvad wants to protect criminals. It’s in place because people all over the world deserve protection from government overreach. That criminals may benefit from policies like these doesn’t make these policies bad, it just makes it more difficult for abusive governments to engage in third-party-enabled surveillance.
And the long history here shows Mullvad isn’t a home for criminals. It’s just an extremely well-run VPN provider:
“Mullvad has been operating our VPN service for over 14 years. This is the first time our offices have been visited with a search warrant,” the company added.
You know who is in the best position to stop local law enforcement officers from embarrassing themselves? LOCAL LAW ENFORCEMENT. Maybe read the ToS and FAQ at the site you’re planning to raid before you approach a court with a bunch of assumptions and half-truths to secure a fruitless warrant demanding companies turn over information they don’t retain. Doing otherwise means looking bad at your job (at best) and authoritarian (at worst). If cops want to regain the respect and trust they swear they’ve always enjoyed in the past, the first thing they can do is actually do the investigative parts of investigations. That way they won’t look ridiculous when they go marching out of a tech company’s offices with fuck all in their hands.
Filed Under: logs, privace, sweden, vpn, warrant
Companies: mullvad
Comments on “Cops Raid Swedish VPN Provider Only To Find Out There’s No ‘There’ There”
How does one say “fuck around and find out” in Swedish?
Re:
There is no good way to translate it as the Swedish language lacks an equivalent.
Phrases such as “Är du med i leken, får du leken tåla” or “Väck inte den björn som sover” could work but doesn’t capture the spirit of the phrase. One of the more original ones would be “Skit i maten och smaka sen” but it takes a lot of liberties and is not a commonly used phrase.
Re:
But did they really “find out” anything?
Re: Re: They could have
Just sat there, and recorded incoming connections.
But they didnt.
Considering other vpns
If you take a look at other vpns, they typically say they are privacy focused with similar boilerplate but in fact most hover up large amounts of data. So it’s not out of the realm that a VPN would have the data the cops were looking for.
To play devil’s advocate here:
The writing on the wall says “no legal-service-able data parts within”, but not all VPNs are so ethical. Or competent. (And you take your chances both ways…)
The real question
Re:
Mullvad had broken no laws, its just the police thought they had records that would help them find out what someone was up to.
Re: The real question
We don’t know what they hoped to find. At least when the news was first reported, Mulvad had not seen a copy of the warrant (apparently under Swedish law, the cops don’t have to show it).
To be fair....
There are a lot of “no log” VPN companies that do log traffic and/or sign-ins.
If I were looking for evidence, I would serve the search warrant regardless of the VPN’s marketing claims.
Re:
Subpoenas are a thing, especially for law-abiding persons or companies not actually even accused of any wrongdoing.
And there is no need to disrupt operations by physically seizing hardware. It’s another “if all you have is a hammer, you can make everything look like a dog-and-pony show” exercise.
This comment has been flagged by the community. Click here to show it.
why is it so hard to see/understand/wake up and smell the coffee that until the Internet is either totally and uterly fucked, or totally and uterly under the full and complete control of the (mainly) USA Entertainment Comanies, in all their various forms and configurations, this sort of shit is gonna continue! and why? not just because these companies want that control but they are being encouraged and funded byt governments, courts and security services world wide because the ‘money people’ want to keep the dastardly deeds they’re up to hidden away from the likes of us, while, at the same time, wanting to know every single, solitary thing possible about every aspect of our lives! and things are not gonna change until what they want is achieved! i have to ask, though, why is there absolutely no one, not a single person of power, somewhere, bringing all this into the light? will that person actually be exterminated by these oh, so powerful assholes? i wonder how they’d get away with it??
Re:
…what
Re: Re:
I remember the first time I got high too… vaguely.
Re: Why?
Well, you’re anonymous, so why don’t you start the ball rolling, eh? After all, being unknown and untraceable is better than being a ‘person in power’, isn’t it? At least when it comes to speaking truth to power, that is.
You don’t have to share your plans with us, just go out and save us from those dastardly Entertainment Companies…. please. If doing so topples governments and courts, we can take it, we’re all adults here, and we know the risks of such actions.
Re:
My advice to you is, take your medication first, then comment.
Re:
Because the amount of hard drugs required to do so is usually fatal.
I’ve been using Mullvad for a couple years now. Between this and a very reasonable pricing structure, I’ve been completely satisfied and recommend them all the time.
To be fair to the law enforcement here, just because they SAY they don’t collect that info on their website doesn’t mean they actually don’t collect it. TOS often uant worth the paler it’s printed on.
What was it that just happened a bit ago? Euphy? No-cloud home security or whatever? You might say it’s obvious, but I don’t think the cops are unjustified in thinking the company could be lying about what it does and doesn’t do.
Just a few thoughts.
If you are going to take Privacy away, START at the corporate level. Get them to Be truthful would really help things.
Getting every contract they had and evaluating them for STUFF, including rights like wages for females. Scary.
Then there is that strange idea. Creating your Own backbone. Short range over borders. 1 Wireless connection to a base inside others territories, with a Undocumented Connection to THEIR internet. Just need a receiver on the other side, and you are 90% setup.
Invisible VPN
In the US, law enforcement can serve a court order on a service provider that allows them to install hardware to monitor/intercept traffic entering and exiting the provider’s system, with a search warrant for them to retain the information related to the parties they’re seeking to monitor. Doesn’t help with previous traffic though.
It would not surprise me if other countries could do similar, though it was apparently not done in this case.
tech
In the United States, law enforcement can issue a court order on a service provider authorising the installation of hardware to monitor/intercept traffic entering and departing the provider’s system, together with a search warrant authorizing the retention of information relating to the parties being monitored. However, this does not help with previous traffic.
It would not surprise me if other countries could do something similar, albeit it appears that this was not done in this case.
I am having this site bestkoditips and do check all the traffic aspects
Don't trust, verify
OK, the tone of this post is a bit silly.
It’s not as if a company in the world has never said it’s doing one thing and then done another.
A cypherpunk motto is: “Don’t trust, verify.”
So, this is a lovely story of the police verifying for the rest of us that Mullavad does what it says it does. Nice ad for the company.
But it’s a bit silly to suggest that law enforcement should just always take companies at their word about what they do and don’t do.
This seems like the best marketing Mullvad could have ever hoped for.
What better way to prove you don’t keep logs, than to have the police raid your office and not find any?
Weepy
This short but sweet article made me want to weep. Actually, I am in fact a bit weepy. In a world where hero’s like Snowden must hide in a place like Russia, it is easy to feel the dystopian boot print on one’s forehead. Knowing that there are those out there who stand for liberty and freedom… well… makes one weep. To all of those out there who selfishly (complement) make a living by doing good in the world, and in this case protecting privacy, I thank you! A glimmer of light in an increasingly darkening world. And to those who sell their souls for their daily bread and participate in such despicable actions such as attempting to raid, plunder, and steal while hiding behind a badge and a piece of paper, I say; I do not judge you. You do not yet know better. You are not yet enlightened. It is my hope that failures such as the referenced story may perhaps give you pause. May you one day see the evil in your actions, and join us to make a better world where ALL are free – for I too weep for thee.