Have you looked at Mullvad’s “front-end” code? Is Mullvad’s “account ID” fixed to a payment method?
From my reading of Proton’s “front-end” code, credential-less certs (“encryption keys”) can be changed often (the default expiry is set to 12 hours!)
Proton’s credential-less also has “user IDs”; 2 of them in fact;[1] and for credential-less, since no email registration is involved, both those IDs are random gobbledygook. These “user IDs” (not certs) are equivalent (or superior?) to Mullvad’s UUIDs (account IDs). You seem to be comparing apples and oranges, I am afraid.
Temporary, intermediate pseudonym (different from the user’s email/ account registration data related credentials) is created to establish a final VPN connection. The only verification performed by Proton is to check whether the user is a paid user or not. The purpose of this action is to terminate excess sessions for free users if the limit is exceeded. During the VPN connection, the e-mail address used to register an account is not being sent to the VPN server at any time. The randomly generated “VPN username” is being sent to the VPN server, but it is not being logged at any time, meaning that Proton VPN does not log information about which VPN server the user is connected to. Similarly, Proton VPN does not log information about which user is connected to a specific VPN server. securitums-security-report-for-proton-vpns-no-logs-policy-2024 : SECURITUM : Free Download, Borrow, and Streaming : Internet Archive ↩︎