I'm a Mullvad customer and will check this out. I can already see that this is not so convenient for when you're on a device or network where your Mullvad connection is not active. For example, I'm typing this from my work laptop on the corporate network as we speak. :P
On a related note, I am also a happy Kagi customer. It's a paid, privacy-focused search engine that gives you a "magic" session link to allow easily searching from multiple devices. Very happy with the search there. Haven't used Google more than a handful of times for several months!
Same, love Kagi. I think the biggest surprise for me was that it is getting frequent improvements.
I'm so used to Subscriptions being just a drain. You "buy" the product, and then you pay just to keep using it. Which can feel, emotionally, a bit unappetizing because i'd rather just purchase it fully. The subscription just feels like a money sink with no added value.
Conversely i've not had that opinion with Kagi. Not only am i happy with the product, but the frequent[1] improvements[2] make me feel like i'm buying something newer and better each month.
Developments on FastGPT, increasing what i get for my dollar, integration of more features in general. I frankly assume i just joined at a good time, because this pace can't keep up.. right lol? Regardless my Kagi subscription has felt like i'm getting more value each month. From other companies i'd feel lucky to get these advancements, and if i did i'd expect it to cost me more. "5 new features? Welp, i guess i get to buy a Pro subscription tier to access it" or w/e, is what i'd expect.
Really can't praise Kagi enough.
[1]: within the last couple months, at least, as i'm new to the product and have only been subscribed for 2 months.
I really hope they improve their pricing/usage plan. I wasn't that impressed with the results when I first tried Kagi out, but was planning on giving it some more chances down the line. Sometimes it takes a few tries before a new tool really sticks for me.
Unfortunately they ended that sort of trial usage with the new payment plans. I'm already wary of starting any new saas payments, and one where I need to worry about how many searches I'm doing per month is a non-starter.
It's definitely worth a month, just to see what your search baseline is at. I was worried i'd be on an expensive tier but i am far lower on average than i thought. And they increased the quota by 50% recently.
Honest question, but is there something specific you're concerned about? Do you expect Google spies on Containers running on their servers, such as decoding RAM or decoding Network Traffic (that isn't ssl encrypted, at least)?
I get the paranoia, but honestly i'm more paranoid of Kagi themselves than i am of processes running on AWS or GCP.
The percentage of the internet you'd be unable to use if you couldn't use any cloud provider for fears of 5 Eyes-like monitoring is kinda intense for me. So i'm not sure where realistic and excessive paranoia meet with respect to AWS or GCP infra.
It's not very hard to spy inside a container, or even a bare-metal server if you have hardware access and the network is yours, but why would they even do that when there are a lot of very easy methods of profiling users available to them?
I didn't mention but they also use search results from google.
1) A direct contract with Kagi: Pay less for our services in exchange for user's data ("anonymized"). And google has a lot of services that Kagi may benefit greatly: servers, low latency to google search results, "personalized" google search results without ads and the various sheganigans google uses to promote websites, up to the point where all searches actually comes directly from google.
2) No contract, just get my IP and the search string the Kagi server asks of google at the same time. I don't think there are enough simultaneous searches on Kagi to actually prevent IP-to-search-string pairing. Then do the google-ad-to-IP match on the target sites that I visit.
> but why would they even do that when there are a lot of very easy methods of profiling users available to them?
That's fair, but the GCP was mostly what i was relying to.
Fundamentally do you dislike Kagi's offering more than Mulvad (https://news.ycombinator.com/item?id=36402162) on the privacy front? Clearly the two companies have different goals, so i'm not trying to equate them. Just curious.
Also what search engine _do_ you use then? I feel like all of them would be disqualified?
Kagi is awesome - also a paying customer on their now grandfathered in tier - and it only gets better with time! The image search function is hugely improved and the main core search is blowing away Google for most uses.
Also love that they added reverse image search now
Not currently a Mullvad customer ( I was in the past ) but this looks definitely like a good thing!
Both a customer (and now investor!) if Kagi’s and can’t say enough nice things about the product. It’s refreshing to have a search engine that will give you relevant results rather than shoveling ads down your throat.
May I ask why specifically Kagi? What's special about it compared to other search engines, aside from being privacy friendly? Like, you could say Searx is also nice because of that. Or Duckduckgo. Or Brave Search.
What sets Kagi apart, and especially, what makes it different?
After years of trying Duckduckgo and then always going back to Google, it was this 2022 interview with the Kagi founder https://dkb.blog/p/kagi-interview that I read a few months ago that got me to try Kagi. I was shocked that they thought people would pay $10/month for a search engine. Then I thought, "if Google lets us search for free, how much must it be worth for them?" Over the last few years I've started trying to pay for things that I use, and financially supporting developers working on products I like. That's when I decided to try Kagi.
And yes, I have used Google only a dozen or so times in the last few months since I went all-in on Kagi on all my devices. The search results are very good.
The thing that has held me back from Kagi (I've had the pricing tab open for the past month, just staring at it), is the usage limits. I have no idea how many searches I make in a month. I don't know if I'm looking at a $5/month situation or a $20/month situation, and my inability to predict that makes it hard for me to commit. From a single device, my firefox history says that in May I had 750 different variants of duckduckgo.com/?q=X. And thats not counting my phone, or work device. Will the $10/1000 queries be enough for me? (This isn't necessarily for you to answer, but just restating my anxiety around the product.)
I too love to pay for things, and thus use a product, rather than be the product.
I just got the cheapest plan, and configured my devices to use Kagi when I prepend a search by "k ".
This way I use whatever free search engine for most searches (like when you type "steam" because you don't remember the url), and Kagi when I actually want more than the simplest first result.
Interesting. I do that a lot, which is partially why I'm concerned about count.
However, if I'm paying for Kagi, it would be because I want to cut off using other search engines. Either I trust DDG and it's privacy and don't think theyre selling my data, and I continue using it, or I don't trust them quite enough (not accusing them of anything, I just don't know where they get their money from, and I know its not me paying them, so naturally just a bit worried), and I pay for Kagi instead, then I trust Kagi with all my data because I'm paying them to not share it. And in that scenario I've deemed DDG "not private enough", which would mean I dont want to keep giving them more info about me.
So in the end, I either keep not using it, or I want to make sure I have enough to cover everything. Which is probably just my own issue.
Looking at my account usage summary, I've been averaging about 550 searches a month on Kagi. I'm grandfathered into the "Early Adopter Professional" plan so I get 1500 searches for $10, though clearly I need to try harder. ;)
I recommend starting with a $10/mo plan and treating as if it was unlimited. This is where Kagi is heading anyways. To control cost, Kagi allows you to set soft limit and hard limit so the cost can never spiral out of control.
Hey Vlad, I share the same sentiment as the person you replied to - I keep checking my Billings page wondering if the 1000 searches are going to be enough, but decided to just give it a month with the hard limit set to $25 which would be the point at which I should have just paid for unlimited and see how I do. I love what Kagi is standing for and, while I really understand that the business has to be kept afloat, $25 feels like a lot to get better search results.
What did you mean with that that is where Kagi is headed anyways? Will you offer the unlimited package for a price which is a bit lighter on the wallet?
Not the person you are replying to but DDG is just as bad as Google at returning and prioritizing blogspam results. “Recipe for oatmilk” returns a slew of 2500 word articles that start with “What is Oatmilk” and “How is Oatmilk Different from Milk”. I just want to know the ratios. A search engine they can do that for me would be great.
Another example “XYZ-brand motorcycle boots after crash”. I want to know how well they survive an actual crash and the brand is popular enough that I bet there are plenty of images out there. Yet all I get is a bunch of promo images of brand new boots.
Give me a search engine that’ll actually return results I want!
I've been using DDG as my exclusive search engine for longer than I can remember now, possibly since they were first mentioned on HN, I can't remember though. Unfortunately, it was much better than it is today. Not only can I no longer refine results in a meaningful way by negative searches, but the results themselves are also worse even in cases where that does not come into play...
Not op but also a very happy kagi customer. This is usually hard to answer because search results is very dependent on what is searched. For me the quality of results instead of a bunch “top 10 libraries to use with react in 2023” kind of results is what sets it apart for me. I can prioritize what kind of results or sites I want stuff from, I’ve been surprised multiple times by finding a random blog post from somebody working with some tool/library that I’ve search for.
I’d suggest to give it a try, it took less than then 50 search a month limit for me to jump onboard
Are the results really that much better? I use DDG and paying $10/mo for a search engine seems like a tall order, especially when I don't know if Kagi can be that much less broken than Google.
I did not do an extensive comparison to DDG but I would say it is definitely worth it. Been paying for awhile now and it blows away Google. And they are constantly adding new features and improving old ones (and finding new ways to improve their back end costs as well which makes it more sustainable).
I use search engines a TON though (especially for work) so 10$ a month is absolutely worth it for me. I am currently trying to convince my boss to buy it for our whole IT team
For technical info like programming language references, I get much better results in Kagi after I spent a few minutes setting my blocks and pins. I just searched "run a test suite in go" in Google, DDG and Kagi, and blogspam results were higher in Google and DDG while GoDoc and Stack Overflow was higher for me in Kagi. Many of the DDG results were about running a single test out of a suite, rather than running a suite.
As a paying customer, I think this is a really good way to use the resources. While it does rely on Google not pulling the plug on using the API that way, I think for the time being it's a great way to reduce your online footprint. Very few of my searches need freshest data by the hour and I can always either make the search string more specific to cache bust or go back to Google for search.
What happens if someone searches their home address or a place nearby? If it's automatically cached, it could be a data leak. Some sufficiently motivated person can correlate it with someone who connects to Mullvad servers.
Well that would only show (if indeed it can leak somehow) that somebody used Mullvad to search for that - if using it for yourself it wouldn't be hard to say "cafe near 49 my street" rather than "44 my street", or whatever, so a) that's probably the kind of caution you should always use if wanting to protect privacy or your house number since there's essentially no downside, unless you're literally ordering something to be physically delivered and b) it gives plausible deniability that anyone whose house address were known to have been searched doesn't really mean the person living there is the one who searched it.
(But of course, ideally they would have something in place to prevent such a leak at all, and perhaps they do somehow?)
This has also been noted by Assured AB when they did their security audit of the service [0].
> 3.4.1 Note Plaintext search queries in cache database
> Assured recommended hashing search terms before insertion / lookup in the cache database. Since search term cache lookups are only performed with exact matching, this should not affect functionality.
> Mullvad: We are now hashing (and salting) the search terms before they are added to Redis
As I understand it, it's the result to a given search string that is cached.
Sure, If I search for "44 little poney street", then the result itself is cached at Mullvad, and someone needs to search himself/herself for "44 little poney street" by entering precisely this search string to access the cached page.
So I don't see a leak with caching... There are leaks anyway: the search term sent to Google, if someone compromises Mullvad, etc... But not one specific with caching and related to other users.
When you access it while using Mullvad, it still asks you for your account number. Service should automatically detect you are on VPN and let you search, why the need for the extra step?
It is good that this does not work. As one IP might be shared by multiple accounts. A cache of the mapping IP --> AccountNo is also not favorable in terms of privacy.
Well if that is 1 million active users I would bet that there are still many more 'used' keys, myself being a Mullvad user have used about four different accounts, since you can just generate a new one. I don't know if this really makes a difference though
> Regrettably individuals have frequently used this feature to host undesirable content and malicious services from ports that are forwarded from our VPN servers. This has led to law enforcement contacting us, our IPs getting blacklisted, and hosting providers cancelling us.
I've seen that but I still have questions. Which hosts? Who are the IP blacklisters (at least the big names)? What kind of undesirable content was the last straw? Copyrighted material, CSAM, terrorists, or worse?
Only needs to be one or two. Spam filters pull from a buncha sources, so pissing off Spamhaus or SORBS or whatever once is enough to get burned everywhere. Ditto for a lot of other sites.
The specific content doesn't really matter, tripping the sensors for enough sites could potentially get entire IP blocks flagged.
They may not also be able to reveal specifics if it is an ongoing investigation.
Prompt: Give me a single sentence technical reasoning a VPN company could use to discontinue port forwarding feature.
GPT4: "Due to the increased security risks and potential for exploitation associated with port forwarding, we have decided to discontinue this feature to enhance the privacy and security of our VPN services."
They explained it pretty well...People were abusing it which I totally believe lol. If I need something quick and easy for my illegally hacked server to callback to, I will just use a VPN server that allows me to port forward
Cool, I have 8 months prepaid for a service I can no longer use because they have a months notice they're removing a feature I need. And they refuse to refund crypto, the payment method they supposedly prefer.
Seems like a way to curb costs..It is quite common that plex server enthusiasts will run their entire piracy automation over good always-on VPN services and that requires port forwarding to do so. AirVPN still does it and I have had an account with them for far longer than any other VPN service.
Now that you mention it, I’m amazed that charging $5 a month is enough to cover unlimited bandwidth across a user pool with these kinds of high bandwidth usage patterns
- Leta is much faster than Startpagw
- Startpage offers a lot more of Google's features, eg date range filter, image search, and so on
I would guess that both differences are due to Startpage not doing any caching.
Startpage also has a neat "Anonymous View" feature where they proxy the request for you, acting as your HTTP client. If you trust Startpage, it's probably a pretty good ad-hoc anonymity tool.
User profiling is a huge reason why Google works the way that it does.
I remember a time when my wife was trying to look up a fix for Mass Effect on a 21:9 monitor. Terms like "ultrawide mass effect" and such. Google would not stop returning Blizzard help pages on how to configure the resolution for Heroes of the Storm, another game that she played. Not a single page related to the actual search terms. The more we poked at it the more I couldn't believe it. Bing, of course, just did the dumb, obvious, correct thing and returned a bunch of web pages containing the search terms, which were helpful.
Google seems to do this infuriating thing where it reduces search terms to basic "synonyms" (which are often more general than the original word, e.g. "Mass Effect" becomes "Video Game") and then injects personal search history related to the synonym (which is how Heroes of the Storm ends up as part of the query). Most of the time it's just subtly enraging; you know the page you're looking for exists, and you know your search is extremely precise, but Google keeps giving you overly-generalized results with a skew towards your "profile".
Anyway, all that is to say that I feel exactly the opposite of what you feel about the relationship between this Google "feature" and the quality of its results.
Humorous question: Could moving there be a privacy advantage? I can imagine insanely long locations break a good bunch of databases and CRMs, specially legacy ones... I would give my location to every spammer and scammer and refuse to spell it.
"Oh yeah... I'm super interested in your product. But you gotta ship it to Taumatawhakatangihangakoauauotamateaturipukakapikimaungahoronukupokaiwhenuakitanatahu. Is that ok?"
It's never even occurred to me not to do this. I wonder if that's just because I grew up on the internet before geolocation methods were widespread/good.
I consider these either proxy-search engines or meta-search engines. Either way, it still accomplishes the goal of a search engine for the end user, even if it’s not the one doing the heavy lifting.
The difference is that there is less noise from other users as it is limited to Mullvad subscribers, and there is presumably a smaller user base.
Otherwise, there is probably little to no difference, considering that Searxes are not used by many in the same vein.
However, self-hosting is the equivalent of directly using the search engine under your own IP, just without javascript. There is no noise from other users looking up unrelated queries.
Mullvad VPN, Mullvad browser, Mullvad search engine.. never ever put all your eggs in one basket, so much data and meta data can be collected and cross referenced to your ID.
It's a bit more nuanced. Let's keep it simple and say you produce 3 data sets when browsing and clicking on results: search queries, DNS queries, HTTPS queries.
If it takes a correlation of the 3 datasets to identify you, then it is better to use 3 different providers.
However, if any one of those datasets is sufficient to ID you, then it is better to choose a single provider.
Unfortunately it isn’t that simple, from the moment your device connect to the wifi for example, every sigle information/packet/etc. shared or stored can be used to identify you, the more you share, the more can be collected to identify you. Now VPN alone by concept isn’t meant for privacy as you always have to trust the unregulated provider (contrary to your ISP for example), when all your data is tunneled through their servers, that’s a lone is big risk based on a trust only, however, and due to the nature of these shared IP vpns, sometimes maybe (keyword maybe) it’s challenging to pinpoint a specific client, and here comes the others, a browser that can have unique fingerprint, and now search queries that can add an extra source of information to further pinpoint you, especially as others mentioned below that you still need to enter your VPN code to use that search engine.. I haven’t tried it yet to give my personal experience as I stopped using mullvad, but if I did I will update this post further.
Exactly, it’s never a good idea to do that, the only difference is google doesn’t advertise itself as a privacy advocate so when someone use all these google services they don’t really care about the collected data, on the other hand, the userbase of mullvad will have that false sense of security and privacy while putting more and more trust in Mullvad, it’s just a matter of time until some bad news drops.
I am curious about the technical reasons motivating the requirement to login with a Mullvad account number while already using Mullvad VPN to reach Mullvad Leta.
The Mullvad website and the https://mullvad.net/en/check page show that Mullvad already has tools to detect users of its VPN.
Mullvad was the darling of the Vpn world, up until they removed support for Port forwarding. Would be really curious to see if their subscriber numbers have tanked since then.
As a 10+ year paying Mullvad customer, it hasn't changed my experience using the product at all, and I recently deposited another years worth of credit. While I did occasionally use port forwarding, it certainly wasn't a "must have feature" for me. I mostly found it useful for temporarily exposing services publicly, but there are plenty of alternatives that accomplish the same thing these days. The only Mullvad unique-ish feature (I believe some other VPNs offer something similar) I use regularly is their SOCKS5 endpoints, it's very convenient to be able to connect to any of their exit nodes from any server. Otherwise I mostly just want a bog standard Wireguard VPN.
It seems the people this most affected were the ones using VPNs primarily for torrenting, which I've always just used a VPS or dedicated server for. Though, even in that case, it's not like it's impossible to torrent without port forwarding, millions of people do it every day behind their NAT.
It is unfortunate they had to remove the feature, but I have to assume the abuse of the feature was at the level where it was threatening the service as a whole, if I had to choose between Mullvad without port forwarding or no Mullvad at all, I'd obviously choose the former. They also do seem to be refunding people who request it, so it doesn't really seem like any kind of "rug pull" or anything.
> it hasn't changed my experience using the product at all
It did change though, I’ve been using them since they started but in the past 2ish years their network is very bad, slow, continuous interruptions and disconnects (can’t say it correlates but noticed happened around the time Mozilla VPN started as they use the mullvad backbone), blocked in a lot of regions even in some government websites, anong other issues, the straw was when they stopped port forwarding.
I personally haven't experienced many of those issues. I also don't use their first party client though, just standalone Wireguard, so I can't speak to the quality of that. The only time I've had connection issues really is when they completely decommission a server, since I'm using static configs, I have to manually go in and update the server IP, but that's not really a big issue for me and is fairly rare. My experience has actually been that the servers I tend to use are quite a bit faster than they were in the past, I imagine since they've been making an effort to upgrade everything to 10gbit+.
As for IP blocking, I've also rarely encountered that, when I do it's mostly on e-commerce sites, and in those cases I typically find it's just a single exit IP that's blocked and setting up a rule for that domain to tunnel the traffic to a different server (via their SOCKS5 endpoints) fixes it. I can understand how having to do that might be an annoyance to some people, but again for me it's not really a big deal, just a few occasional minor inconveniences in an otherwise good product.
Edit: I should also say I don't really use any services like Netflix or things like that, it's my understanding that streaming sites like that almost universally block Mullvad since they make no effort to mask that their IPs are from datacenters. Again, not an issue for me, but I definitely could understand if that was a deal breaker for some.
It seems to be a widespread misconception amongst commercial VPN users that port forwarding is required for torrents to work. While port forwarding can be beneficial in certain situations, as you said, it's certainly not a requirement, especially for well seeded torrents like I'm sure the large majority of people are downloading.
You don't necessarily need port forwarding to torrent, but if everyone was behind a VPN without port forwarding the network wouldn't work.
For two peers to connect, at least one needs to be reachable by the other. Behind a VPN that requires port forwarding, so if you don't have it you rely entirely on peers that are reachable.
Your client connects to them after discovering them, they indicate interest, then you start sending data. A bittorrent connection, once opened, is a two-way street.
The port forwarding feature was abused heavily. I understand and support their decision to remove it, as it improves the reputation of their IP addresses
I very much doubt many good actors left the service over it. I assume their popularity comes from a battle-tested no-logs claim, a good UI/UX, and a general consensus that they're trustworthy.
As a longtime Mullvad customer, I'll use this. Using any VPN company and its services in this age of surveillance capitalism is always a sketchy affair. Mullvad is the least sketchy of the non-DIY options that I can find.
Buying a Mullvad scratch card is probably the most practical anonymous method. Usually the fact that you are using Mullvad at all isn't a secret (your ISPs can see you connecting), so outside of a very overcomplicated scenario where Amazon/$yourlocaltechstore are colluding with Mullvad to track individual scratch cards, it's fine.
Mailing cash in an anonymous envelope has a certain charm, but OTOH I have consistently had terrible experiences with the Swedish postal service and that seems to be a widespread opinion.
It all comes down to trust in the end, but over time I've come to trust Mullvad more and more. One particular example that sticks out to me is that they ended subscription based billing, specifically because it required them to hold customer information that they didn't want to have.
I don't see anything in their terms of service / privacy policy re Leta. It'd be nice to know if they retain any sort of data at all (there's prominent mention to caching stuff, but just what are they caching?), regardless of whether it is tied to PII.
I remember ~10 years ago that Google said 40% of searches were unique. Just searching for that again now I can see this[1] tweet that suggests it's 15% as of 2022, that's with billions of users.
I wonder how well the caching actually works for a user base of the size that Mullvad has.
This could be tackled with a different UX, perhaps rather than showing predictive search, instead showing similar queries that are in the cache? I'm not a customer so can't see the product, can any customers give any input as to what the UX is and whether it might be improving their cache hit rate?
Mullvad does have the happenstantial advantage that its userbase likely nowhere near as diverse as Google's, naturally following that the queries themselves are not as diverse. While Google fields requests across the full diversity of the globe, Mullvad's userbase likely skews toward middle-high income westerners with a STEM background searching in English. The types of queries these users are making are probably from a much narrower corpus of topics; I wonder what percentage of the queries revolve around privacy, Linux, software, typical hacker hobbies like woodworking, et cetera. This isn't to say that these are the only types of queries being made, but if you were to group Mullvad users into equivalently broad advertising cohorts, you'd probably end up with far fewer than Google's users.
The interests being more heterogeneous results in more similar queries, which would increase the proportion of cache hits. Whether this is enough to help make the strategy viable is another matter, but I do think it's worth noting.
I also wonder about the complexity of the queries themselves. The more technical users would probably use more complex combinations of operators, but they're also more likely to search by keyword rather than natural language.
But people who actively use VPNs are not necessary those with a search history that follows a short tail distribution. Mullvad gets a good chunk of its revenue from Firefox and other white labels too.
As far as I can tell there's no predictive search. UI is a simple search box, optional country selector dropdown and an "Only search in cache" checkbox. Smoke test shows the cache checkbox works - apparently nobody else has searched for "dog" in the US.
The country dropdown is interesting as far as the cache goes - not selecting a country is meaningful as far as the cache is concerned. My prior "dog" query in the US does not return hits if I don't select a country. Not selecting a country and searching the cache appears to return english results (with a few sample searches).
It's interesting that you can explore the cache with this checkbox. Not sure if there are any privacy concerns with this feature - considering cache searches are "free" you can kind of scrape what other users are searching for, maybe with enough users it doesn't really matter. I suppose there could be rate limiting and such to prevent this kind of attack, but that's just a guess.
It may be useful to have an option to opt-out your search from cache.
Good question: I see one way it may work and another it may not.
I think the profile of their users is less diversified: mostly tech savvy people. "Normies" are using those vpns advertised in YouTube, or not using any at all. This may result in similar interests and lower the number of unique queries.
On the other hand, we may produce more unique queries than other people: who will receive-use the cached "how to fix ValueError on main.py:67"?
a statistic I'd be interested in: what percentage of searches can be answered computationally cheap. As in: Wikipedia title index, simple word lookup dictionaries. Indices that could complement a caching search-engine proxy to not hit its origin crawl repository.
A study[1] by wikipedia done with DDG notes it showed up in the top5 results and information module for ~13% of searches with a click-through rate for each at ~8% - so a total of ~16% click-through rate. Granted, that is not a number gained from title searches but the whole articles.
There's a checkbox to only search in cached results, although in my experience so far it had no results except for very generic searches like "google". Even "python" didn't show anything.
I looked over there list of "achievements" in their About page.
They state that in 2022 they stopped accepting subscription payments because it forces them to store data about their users for long periods of time. Now they only accept one-time payments for monthly memberships.
They've truly demonstrated something I believed untrue prior, and that's the notion that a company can keep growing while maintaining very strong opinions and principals. I switched to Mullvad after PIA's acquisition, thinking it would be a temporary stop until they inevitability alienated their original userbase. But nope, they've only gotten better.
I'm not a business guy so I might be full of shit, but I think they're playing the long game and know who their audience is. They're trying to distinguish themselves from a bazillion fly-by-night VPN providers: not doing the current standard 'vacuum up every conceivable bit, nibble, and byte in case it's useful for marketing or resale later' is a great way to a) get a great word-of-mouth rep from credible people, and b) get a customer base more compelled by marketing real improvements to your core ecosystem than totally BS super flashy marketing and ad budgets. Flashy marketing might be super effective in the short term, but if genuine improvements to your core offering are your biggest selling point, that seems like it would directly contribute to long-term sustainability.
Given, this is assuming everything they say is legit. It's kind of hard to not be jaded these days.
Have been using Mullvad for a few years now. Has been working well, this search actually looks useful. But one suggestion: can I pay for a dedicated, non advertised, residential IP please Mullvad? Lots of places are blocking VPNs now, like cloudflare.
I would think it would be extremely difficult to provide residential IPs in a privacy-preserving way, from what I've heard most services that offer them are quite sketchy in how they go about "acquiring" those IPs. The very nature of "residential" IPs means your traffic is flowing through some random person's home internet, which certainly isn't something I would want, even these days where almost everything is encrypted. There would be no way Mullvad could provide any kind of privacy guarantee if they don't control the endpoints.
Providing residential IP as a service would be breaking some agreements, or lying somewhere. I don’t Mullvad can do this, because they are committed to openess and transparency. For resident IP thru malware services you need to look up other dishonest competitors.
I suppose this isn’t a highly requested feature because as soon as you have a dedicated IP you become easily trackable. I wonder if there’s any middle ground to prevent that
This service is not ubiquitous which is something I expect of a search engine. From my perspective the limitations lie with the fact you need to be logged-in to their VPN service in order to use it. Yes, it's a way to ensure that only paid customers can use it. But those paid customers will only be able to use it on their personal devices. Nowhere else. Most if not all work environments block third party VPNs.
On a related note, I am also a happy Kagi customer. It's a paid, privacy-focused search engine that gives you a "magic" session link to allow easily searching from multiple devices. Very happy with the search there. Haven't used Google more than a handful of times for several months!