Swedish Police Seize Mullvad VPN Servers but Find No Customer Data

Abeerah Hashim  - Security Expert
Last updated: July 6, 2026
Share
Swedish Police Seize Mullvad VPN Servers but Find No Customer Data
  • Swedish police raided Mullvad VPN and seized servers looking for customer data, but they found nothing because the company never collects personal information.
  • Mullvad uses RAM-based servers and random 16-digit account numbers; this ensures no user data exists on disks or in logs.
  • The raid proved Mullvad's privacy claims and demonstrated that a VPN cannot leak or hand over data it never possessed.

Law enforcement in Sweden conducted a physical raid on the facilities of a VPN service provider and took its equipment into custody. Authorities sought user information during the operation. They discovered zero data.

Mullvad VPN did not simply get fortunate. The firm designed its entire system so that nothing existed to discover. The company has never stored any user data – such as email, name, or password since its founding in March 2009.

To register for the service, customers have to generate a random 16-digit code. That code never links to any real-world identity. Mullvad runs its servers solely on RAM rather than hard drives. Turning off a server erases all data immediately.

Law enforcement can take the physical equipment and leave with nothing useful. The incident transformed into the firm’s most effective marketing campaign. A business cannot expose information it never possessed. It cannot comply with legal demands for records that never existed. It cannot covertly provide user activity because no activity records exist at all.

How the privacy architecture of Mullvad works

The company charges only 5 euros per month for its service. The company releases its applications as open source software. Anyone can examine the code thoroughly. Independent auditors have reviewed the company 18 times and counting.

The approach that Mullvad operates with differs from most VPN providers. The importance of using legitimate VPN software is underscored by the emergence of a fake Mullvad site that delivers fileless malware to unsuspecting users.

Many companies promise privacy but still collect some user data. Mullvad designed its entire system to eliminate data collection entirely. The random 16-digit account number serves as the only identifier.

The RAM-based server infrastructure provides another layer of protection. Traditional servers store data on hard drives. These drives retain information even after power loss. RAM servers lose all data immediately when powered off. This design prevents any long-term storage of user activity.

The company cannot comply with data requests from law enforcement. It literally has nothing to hand over. This makes Mullvad uniquely resistant to government surveillance and legal pressure. The police raid proved this design works in practice.

The significance of the police paid

The Swedish government performed a police raid as part of an investigation – the police wanted the user records for their criminal case against an individual. The details of the investigation were not stated, so there is no exact idea of what’s going on. Also, Mullvad didn’t release any statement, though the investigation has nothing to do with the company.

The Raid on Mullvad also served as a real-life test of the privacy claims of Mullvad. Many VPNs provide big promises when it comes to privacy, but few have experienced anything near the level of scrutiny that Mullvad has. Since Mullvad was able to withstand the pressure of law enforcement, the raid became a testament to the validity of their architecture.

This incident also provided Mullvad with a lot of media exposure. Users now have a service that has passed the test as an option for obtaining privacy. The raid was an endorsement of the approach of Mullvad to providing privacy. The stock of the company will most likely go up with privacy-oriented consumers.

Other VPN providers may now face increased scrutiny. Users will question whether other services can withstand similar tests. The raid sets a new standard for what ‘no-logs’ truly means.

Implications for VPN users

Privacy-conscious users should consider an example from Mullvad, a no-logs policy means nothing if the company still stores some data. Mullvad proved its commitment through an actual police raid.

Users should evaluate VPN providers carefully. Companies that store user emails, payment details, or connection logs cannot guarantee privacy. Mullvad eliminated all these data points from the start.

The raid also highlights the importance of jurisdiction. Although Sweden has a strong privacy law, the protection of Mullvad comes from its design and not just from where it is located. Even if a service provider is in a country that has weak privacy laws, an appropriately designed system will protect your information.

Mullvad’s apps are open-source, which also increases the level of confidence users can have in them. Also, independent security researchers can verify their code. This transparency builds trust that other providers cannot match.

Share this article

About the Author

Abeerah Hashim

Abeerah Hashim

Security Expert

Abeerah is a passionate technology blogger and cybersecurity enthusiast. She yearns to know everything about the latest technology developments. Specifically, she’s crazy about the three C’s; computing, cybersecurity, and communication. When she is not writing, she’s reading about the tech world.

More from Abeerah Hashim

Comments

No comments.