Mullvad Leta appears to have been updated to only require that the search come from a Mullvad VPN IP address instead of requiring that a valid account number be entered. As it was made on the basis that searches could be tied to individual Mullvad accounts, does this change affect the current Mullvad Leta anti-recommendation? Or is correlation still a concern simply due to the fact that Mullvad controls both services?
6 Likes
Probably yes.
Probably. I mean, I guess so.
1 Like
Hm, that is a neat update (i.e. definitely what they shouldâve done in the first place). Itâs technically still the same problem as before though, with the same entity controlling your entry into the network and having access to your search queries simultaneously.
I donât think Mullvad is correlating this information (like they werenât before either), but thereâs also no technical barriers in place to stop them either 
2 Likes
Neat change. I was not comfortable putting my account number every time I want to do a quick search.
I donât know if this was previously mentioned but you can use Mullvad through Tailscale AND use Leta now. This eliminates one of the downsides of using Mullvad through Tailscale.
3 Likes
I donât think Mullvad is correlating this information (like they werenât before either), but thereâs also no technical barriers in place to stop them either
I donât understand the issue. How is there a technical barrier to Mullvad knowing what I search when I use its VPN, browser, but not its search engine?
If I search âhelloâ through Mullvad browser via Duckduckgo, then Mullvad knows I accessed the URL: hello at DuckDuckGo
If I use Mullvad Leta instead, then Mullvad has an additional, more direct, way of associating my search queries with my account.
But this doesnât matter, because it still knows what I search, regardless. Right?
Because of how HTTPS works, all Mullvad can see is that you accessed DuckDuckGo (so everything after the .com is hidden, same with any internet service provider in fact). Using their browser shouldnât add any trust to this extent, as it is open-source and you can verify the fact that itâs not sending your history to Mullvad. With a search through Leta, all Mullvad on the VPN side would be able to see is that you accessed Leta at a certain time, but the concern is that Mullvad could (if they chose to log this, which they almost certainly donât) see that someone made a specific search on Leta at that exact same time, connecting the two events. For this to be an issue with DuckDuckGo, the two companies would need to collude, which is even less likely.
Thank you, I did not know about HTTPS. Now Iâm almost wondering if VPN is overkillâŚ
1 Like
ISPs, governments, and network administrators can still use information from your traffic based on just the site URL
True. Mullvad subscription = Renewed.
1 Like
Given the account requirement has now been entirely scrapped perhaps an explicit recommendation of Mullvad Leta could be considered or at the very least removing the anti-recommendation.
Mullvad Leta
Mullvad Browser comes with DuckDuckGo set as the default search engine, but it also comes preinstalled with Mullvad Leta, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Googleâs paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
In the mean time, we should remedy the inaccuracies in this paragraph such as the fact that DuckDuckGo is the no longer the default search engine in Mullvad Browser and that Mullvad Leta does not require a Mullvad VPN subscription to use.
3 Likes
I will mark as approved because we definitely should remove this paragraph. Whether we should add it as a search engine on the search engines page should be a separate topic.
However, I suspect Mullvad would not really appreciate us recommending it generally since it still feels like a perk for Mullvad Browser & VPN users, even if you could technically use it in other browsers.
1 Like
4 Likes