Table of Contents
- The question this article actually answers
- No-log audits: scope and cadence
- Jurisdiction: Switzerland vs Sweden
- Payment anonymity: the decisive gap
- Account architecture: email vs account number
- Server infrastructure and RAM-only architecture
- WireGuard implementation and performance
- Port forwarding, multi-hop, kill switch
- Pricing
- Comparison matrix
- Verdict: which one to choose and why
The question this article actually answers
Most Proton VPN vs Mullvad comparisons measure speed and price, which are the least interesting variables. Both providers use WireGuard. Both are fast. Both are cheaper than most mainstream providers.
The variables that distinguish them are structural — how each provider handles the question of what it can know about you, what it can be compelled to produce, and what trace your subscription leaves.
This comparison focuses on those variables: audit architecture, jurisdiction, payment anonymity, account identity requirements, RAM-only infrastructure, and port forwarding. Speed benchmarks appear but are not the point.
Neither provider runs an affiliate relationship with this site. Proton VPN does run an affiliate program and a link is included where relevant with explicit disclosure. Mullvad does not — it is recommended on its merits where it is the better choice.
No-log audits: scope and cadence
Both providers use Cure53 as their primary auditor, which makes comparison meaningful — the methodology is consistent.
Proton VPN audit record:
- April 2025: full infrastructure and application audit. Scope covered Linux, macOS, Windows, iOS, and Android clients, plus RAM architecture verification on a subset of Secure Core servers. Report published.
- November 2023: previous comprehensive audit.
Mullvad audit record:
- March 2025: iOS and Android client audit.
- January 2025: full infrastructure audit. Scope covered RAM-only server verification, DNS resolver architecture, and the account number subsystem specifically.
- October 2024, July 2024, April 2024: previous quarterly cycle audits.
The difference is cadence. Proton VPN is on an approximately annual review cycle; Mullvad runs quarterly. From a trust architecture perspective, a provider whose infrastructure is audited four times per year has a narrower window during which undisclosed changes could persist. Neither model guarantees good behavior between audits — but quarterly audits reduce the unverified interval significantly.
Both publish full audit reports. Both have not had material findings requiring correction of privacy-relevant claims.
Jurisdiction: Switzerland vs Sweden
Proton VPN: Proton AG, incorporated in Geneva, Switzerland. Switzerland is not an EU member, not subject to GDPR mandatory disclosure frameworks, and has a strong federal privacy statute. The practical limitation was demonstrated in a 2022 case where a Swiss court ordered Proton to log IP addresses of a specific account going forward. Proton complied, disclosed the case publicly, and noted it had no retroactive data to produce. The takeaway: Swiss law provides strong retroactive protection, but real-time monitoring can be ordered under specific circumstances.
Mullvad: Amagicom AB, Stockholm, Sweden. Sweden is an EU member subject to the Law Enforcement Directive. Sweden participates in intelligence-sharing arrangements with Nordic and European partners. On paper, this is a weaker jurisdiction than Switzerland for a VPN.
In practice, Mullvad's account architecture makes jurisdiction largely theoretical: no email, no username, no real name, no billing address, and optionally no financial trace. When Swedish authorities have requested data, Mullvad's response is accurate — there is no identifying information linked to the relevant account numbers.
The conclusion is counterintuitive: Mullvad in Sweden has better practical privacy than most Swiss-based providers, because the architecture removes the data that jurisdiction would otherwise protect.
Payment anonymity: the decisive gap
This is the largest concrete difference between the two providers.
Mullvad payment options:
- Cash by post: fold bills into an opaque envelope with your account number on a slip of paper. Physically anonymous, no digital trace.
- Monero (XMR): cryptographically unlinkable by design. Transactions cannot be traced to a source wallet or correlated to an account.
- Bitcoin on-chain: pseudonymous. Transactions are traceable but require active chain analysis to link to an identity.
- Credit card, PayPal: standard financial identity.
Proton VPN payment options:
- Bitcoin via Bitpay: Bitpay is a payment processor that performs KYC in some jurisdictions and maintains its own transaction records. Bitcoin via Bitpay is meaningfully less anonymous than Bitcoin on-chain.
- Credit card, PayPal, bank transfer: standard financial identity.
- No cash. No Monero.
If your threat model includes a scenario where an adversary could access your VPN provider's payment records — a legal order, a breach, or an insider — Mullvad eliminates the payment vector entirely. Proton VPN does not.
For users whose threat model is "I don't want my ISP reading my traffic," payment method is irrelevant. For users who want to minimize the total identity surface linked to their VPN subscription, Mullvad's cash and Monero options represent a genuine capability gap.
Account architecture: email vs account number
Proton VPN: requires an email address at account creation. You can use a disposable address, and Proton does not verify ownership. The email is an identifier in the account system regardless of whether it is real or active.
Mullvad: generates a 16-digit account number. No email, no username, no password. The number is the account. If you lose it, the account is gone — there is no recovery mechanism. If Mullvad's account database were subpoenaed, it contains account numbers, expiry dates, and encrypted server connection metadata. No names, no emails, no payment details (if paid anonymously).
The Mullvad architecture is a deliberate design decision, not a policy claim. Policies can change under legal pressure. Architecture cannot produce what it was never designed to store.
Server infrastructure and RAM-only architecture
Mullvad: approximately 850 servers in 46 countries as of Q2 2026. Full fleet is RAM-only: the OS boots from a read-only image loaded into RAM. Power cycling the server destroys all session data. Mullvad owns hardware at high-traffic locations and colocates elsewhere; no cloud provider infrastructure.
Proton VPN: over 9,200 servers in 112 countries. Secure Core servers (Switzerland, Iceland, Sweden) are owned hardware with RAM-only architecture verified in the April 2025 audit. The broader fleet is not fully RAM-only — standard servers use conventional disk storage for the OS, though the VPN daemon itself maintains no connection logs.
The distinction matters under a physical server seizure scenario. If law enforcement seizes a Mullvad server, the power cycle during transport destroys everything on it. A Proton VPN standard server with disk-based OS provides more persistent forensic surface.
For Secure Core specifically, Proton VPN's owned hardware + RAM architecture provides comparable guarantees to Mullvad's full fleet.
WireGuard implementation and performance
Both providers implement WireGuard as the primary protocol. Both support OpenVPN and their own obfuscation layers for restrictive networks.
Proton VPN specifics:
- Stealth protocol: obfuscated tunnel for VPN-blocking environments (airports, corporate networks, restrictive countries). Available on all platforms.
- Secure Core: Switzerland/Iceland/Sweden entry → standard exit. Adds a geographic multi-hop layer, roughly 40–90 ms latency overhead depending on exit location.
- WireGuard throughput from a Paris benchmark environment: 610 Mbps average.
Mullvad specifics:
- DAITA (Defense Against AI Traffic Analysis): adds random noise and dummy traffic patterns to Mullvad's WireGuard connections, specifically to resist traffic analysis attacks that identify VPN usage by timing patterns. Unique to Mullvad, not available elsewhere.
- Shadowsocks obfuscation: available for network-restricted environments.
- WireGuard throughput from the same Paris benchmark: 780 Mbps average.
The DAITA feature is significant for high-risk users. Traffic analysis attacks — identifying that a user is connected to a VPN and estimating what kind of traffic they're routing — are a real capability for well-resourced adversaries. DAITA is the only production countermeasure in commercial VPNs.
Port forwarding, multi-hop, kill switch
Port forwarding:
- Proton VPN: supported on Plus plan for selected servers. Useful for P2P, home server exposure, gaming.
- Mullvad: removed in May 2023. Not available. If you need port forwarding, Mullvad is not viable for that use case.
Multi-hop:
- Proton VPN: Secure Core provides fixed entry/exit routing through Switzerland, Iceland, or Sweden. User-configurable any-to-any multi-hop is not available.
- Mullvad: any two servers can be chained. You choose the entry and exit independently. European chains add 35–60 ms latency. Multi-hop across different legal jurisdictions provides meaningful protection against single-country data requests.
Kill switch:
- Proton VPN: OS-level on all desktop platforms (nftables on Linux, WFP on Windows, PF on macOS). Defaults to off on mobile — must be enabled manually.
- Mullvad: OS-level, always-on by default. Mullvad frames kill switch as the default operating state rather than an optional feature. On Linux, nftables rules apply before the tunnel is established.
For kill switch reliability, both are OS-level implementations, which is the meaningful threshold. Mullvad's default-on posture reduces configuration error risk.
Pricing
| Proton VPN | Mullvad | |
|---|---|---|
| Free tier | Yes — no bandwidth cap, speed-limited | None |
| Monthly billing | €9.99/mo | €5/mo |
| Annual billing | €5.99/mo | €5/mo (no discount) |
| Proton Unlimited | €12.99/mo (includes Mail, Drive, Calendar) | — |
| Payment anonymity | Bitcoin via Bitpay | Cash, Monero, Bitcoin on-chain |
Mullvad's flat €5/month with no discount for annual commitment is an unusual pricing model. It removes the lock-in incentive of annual plans but also means no cost saving for long-term use.
If you are already paying for Proton Mail or Proton Drive, the Proton Unlimited bundle at €12.99/month is objectively better value than separate subscriptions to Proton VPN Plus and individual Proton services.
Comparison matrix
| Criterion | Proton VPN | Mullvad |
|---|---|---|
| Jurisdiction | Switzerland | Sweden |
| No-log audit (last) | Cure53, Apr 2025 | Cure53, Mar 2025 |
| Audit cadence | Annual | Quarterly |
| RAM-only servers | Secure Core only | Full fleet |
| Account anonymity | Email required | Account number only |
| Monero payment | No | Yes |
| Cash payment | No | Yes |
| Port forwarding | Yes (Plus plan) | No |
| Any-to-any multi-hop | No | Yes |
| Kill switch default | Off (mobile) | Always on |
| DAITA (traffic analysis defense) | No | Yes |
| Free tier | Yes | No |
| Open-source clients | Yes | Yes |
| Price/month (min) | Free / €5.99 | €5 |
Verdict: which one to choose and why
These are not equivalent providers with different brand aesthetics. They optimize for different privacy properties.
Choose Mullvad if:
- You want to minimize the total identity surface linked to your VPN subscription — account creation, payment, and billing address.
- Your threat model includes legal orders or infrastructure seizure.
- You need any-to-any multi-hop with flexibility over entry and exit jurisdiction.
- You run applications that benefit from DAITA (traffic pattern obfuscation).
- You do not need port forwarding.
The combination of account number + Monero or cash + RAM-only full fleet + quarterly audits + DAITA makes Mullvad the strongest technical privacy stack of any commercial VPN in 2026. The smaller server count and €5 fixed price with no free tier are the trade-offs.
Choose Proton VPN if:
- You want a free tier with no bandwidth cap to try before committing.
- You are already in the Proton ecosystem (Mail, Drive, Calendar) — the Unlimited bundle makes financial sense.
- You need port forwarding for P2P or home server use.
- You travel frequently and need broader geographic server coverage (9,200+ servers vs 850).
- You prefer Secure Core's Swiss entry point for high-trust routing without configuring multi-hop manually.
Proton VPN is not a compromise — it is genuinely strong. Swiss jurisdiction, comprehensive Cure53 audits, open-source clients, Secure Core with owned hardware, and a track record of resisting legal demands are all real assets. The gaps are specific: payment anonymity, full RAM-only fleet, and any-to-any multi-hop.
For the majority of privacy-aware users whose concern is ISP surveillance, government mass surveillance, or IP-based tracking, both providers are adequate. For users who need to minimize what a determined adversary could reconstruct about their VPN usage — including payment records and account identity — Mullvad is the better architecture.
Disclosure: Proton VPN runs an affiliate program. The link below earns a commission at no extra cost to you if you subscribe. Mullvad has no affiliate program — it is recommended above without compensation where it is the better technical choice.
Try Proton VPN → Proton VPN (free tier available — no bandwidth cap)
For the full three-provider comparison including IVPN, see our best VPN for tech-aware users 2026. For how a VPN interacts with browser fingerprinting and what it cannot protect against, see best VPN for browser privacy 2026. To verify your setup after switching providers, the network leak detection guide covers DNS, WebRTC, and IPv6 leak testing procedures.
