Realistically, these things are mainly used to pirate and break the ToS of various websites ("Netflix from other countries", "buy games at cheaper rates"). With ISPs in some countries selling their customers' browsing data to advertisers, I don't think these shady VPN companies are much worse than not using them for a shockingly large amount of people.
Mullvad seems to come out pretty clean whenever these shady VPN providers show up on the news again. Being able to use them by just transferring some crypto to the right address without even needing to enter a username or email address seems pretty good. If you ever forget your account number, you're out of a month's worth of service at most and can just generate a new account when needed. It's the only commercial VPN I put a moderate amount of trust in, even though I've never used their service.
I see these posts, and my gut feeling is that Mullvad is probably fairly trustworthy at this moment in time, but the more word of their service spreads the more likely I would assume it is that they get approached by the type of government representatives you don’t say no to.
(I.e. I assume success to be a death knell for a service like this.)
I’m not a customer, but I’ve considered it from a privacy perspective (in that I could just route general browsing through it to block a layer of data harvesting). The problem is that I don’t know what authority they have to push back if pushed by the right actor (who inevitably will knock on the door at some point).
This is why privacy is a one-way circuit breaker kind of system. Once you give your privacy away, you can never assume anything about how your data is used. No matter the entity, you simply cannot trust that they will hold your data secure and use it in your best interests. Even Apple, hell even Signal, has leaky bits and "side channels" that can, and you must assume will, be subverted.
VPN services are well off the mark in terms of privacy protection. That the ~~marketing~~ propaganda is so focused on the opposite is an abomination.
> TLDR: The old maintainer appears to have sold the extension to parties unknown, who have malicious intent to exploit the users of this extension in advertising fraud, tracking, and more. In v7.1.8 of the extension (published to the web store but NOT to GitHub), arbitrary code was executed from a remote server, which appeared to be used to commit a variety of tracking and fraud actions. After Microsoft removed it from Edge for malware, v7.1.9 was created without this code: that has been the code distributed by the web store since November, and it does not appear to load the compromised script. However, the malicious maintainer remains in control, however, and can introduce an update at any time. It further appears that, while v7.1.9 was what was listed on the store, those who had the hostile v7.1.8 installed did NOT automatically receive the malware-removing update, and continued running the hostile code until Google force-disabled the extension.
>I see these posts, and my gut feeling is that Mullvad is probably fairly trustworthy at this moment in time, but the more word of their service spreads the more likely I would assume it is that they get approached by the type of government representatives you don’t say no to.
AFAIK (IANAL etc.) for that to happen several changes to Swedish laws would be required. And the follow up question would be what those demands possibly would be? And of course Mullvad's technical ability to comply?
For some comparison, you could look at the Swedish ISP Bahnhof, which quite publicly fights against the Swedish implementation of the data retention and requests by Swedish authorities. Repeatedly getting Sweden slapped by the EG court. (Which could also be compared with how Signal responds to requests for information about their users which they don't collect.)
There are (again AFAIK, IANAL) no NSL like laws in Sweden.
I use VPN services because my ISPs routing has a strange habit of going the wrong way around the globe and making mystery detours through the US. Picking a good point in-between helps to get on less congested paths.
I had this problem trying to do online gaming on Frontier. Their routing was both atrocious and mysterious. Using a VPN to get off their network ASAP made games playable.
What makes you think a more expensive ISP will go against their interests and refuse to maximize their profits by selling access to information that they are legally allowed to share? Are there expensive "privacy"-branded ISPs I'm not aware of?
Mullvad seems to come out pretty clean whenever these shady VPN providers show up on the news again. Being able to use them by just transferring some crypto to the right address without even needing to enter a username or email address seems pretty good. If you ever forget your account number, you're out of a month's worth of service at most and can just generate a new account when needed. It's the only commercial VPN I put a moderate amount of trust in, even though I've never used their service.