As for our support team they are responsive and experienced. Several of them have worked with us for many years and do offensive security research in their free time.

Unlike many organisations we don't see customer support as a cost center, just like we don't see security as a cost center. Our support team represent our customers, and as a consequence contribute a lot to how we prioritise our roadmap.

Edit: In hindsight I regret making this comment. It was unnecessary, but removing it now would look weird.

Some aspects of the described behavior are as we intended and some are not. The cause is not exactly as described in the blog post. As for mitigation, we are already testing a patch of the unintended behavior on a subset of our infrastructure. If any of you try to reproduce the blog post's findings you may get confusing results throughout the day.

We will also re-evaluate whether the intended behaviors are acceptable or not. Some of this is a trade-off between multiple aspects of privacy, and multiple aspects of user experience.

Please note that this is my current understanding, which may change. I was only made aware of this an hour ago, and most of that time was spent talking with Ops, considering what to do immediately, and writing this post.

Finally, for those of you who do security research: when you find a security or privacy issue, please consider notifying the maintainer/vendor before publishing your findings, even if you intend to publish right away.

Three years ago I had no idea how the Go runtime worked, but I very much wanted to learn more. I’m not a software engineer in the conventional sense, so reading the Go source was not a realistic option.

Jesus talks and articles inspired me to learn more. Today I feel comfortable with all stages of the general compiler pipeline. In the past few months I have studied the calculi of the lambda cube, Martin-Lof type theory, Horn-clause-based instruction selection, algorithms for register allocation, Milner’s CCS vs pi-calculus, which structures in compilers and kernels map to digraphs, and so on.

Jesus talks are an excellent onboarding ramp.

Then we discovered snapshot.debian.org wasn't feeling well, so that was another (important) detour.

Part of me wish we had focused more on getting System Transparency in its entirety in production at Mullvad. On the other hand I certainly don't regret us creating Tillitis TKey, Sigsum, taking care of Debian Snapshot service, and several other things.

Now, six years later, systemd and other projects have gotten a long way to building several of the things we need for ST. It doesn't make sense to do double work, so I want to seize the moment and make sure we coordinate.

As I mentioned above, we've followed systemd's development in recent years with great interest, as well as that of some other projects. When I started(*) the System Transparency project it was very much a research project.

Today, almost seven years later, I think there's a great opportunity for us to reduce our maintenance burden by re-architecting on top of systemd, and some other things. That way we can focus on other things. There's still a lot of work to do on standardizing transparency building blocks, the witness ecosystem(**), and building an authentication mechanism for system transparency that weaves it all together.

I'm more than happy to share my notes with you. Best case you build exactly what we want. Then we don't have to do it. :)

*: https://mullvad.net/en/blog/system-transparency-future

**: https://witness-network.org

2. Are you looking for pilot customers?

It sounds like you want to achieve system transparency, but I don't see any clear mention of reproducible builds or transparency logs anywhere.

I have followed systemd's efforts into Secure Boot and TPM use with great interest. It has become increasingly clear that you are heading in a very similar direction to these projects:

- Hal Finney's transparent server

- Keylime

- System Transparency

- Project Oak

- Apple Private Cloud Compute

- Moxie's Confer.to

I still remember Jason introducing me to Lennart at FOSDEM in 2020, and we had a short conversation about System Transparency.

I'd love to meet up at FOSDEM. Email me at fredrik@mullvad.net.

Edit: Here we are six years later, and I'm pretty sure we'll eventually replace a lot of things we built with things that the systemd community has now built. On a related note, I think you should consider using Sigsum as your transparency log. :)

Edit2: For anyone interested, here's a recent lightning talk I did that explains the concept that all project above are striving towards, and likely Amutable as well: https://www.youtube.com/watch?v=Lo0gxBWwwQE

Maintainers have the freedom to choose whether to accept an idea or not. Users have the freedom to fork or not.

Copyright issues (related to training data and inference), openness (OSS, model parameters, training data), sovereignty (geopolitically, individually), privacy, deskilling, manipulation (with or without human intent), AGI doom. I have a list but not in front of me right now.

Thank you! :)

> .. assuming vendor’s TEE actually works

For sure TEEs have a rich history of vulnerabilities and nuanced limitations in their threat models. As a concept however, it is really powerful, and implementers will likely get things more and more right.

As for GPUs, some of Nvidia’s hardware does support remote attestation.

https://docs.nvidia.com/attestation/index.html

> so-called creator of some encryption protocol

All evidence points to him being one of the protocol’s designers, along with Trevor Perrin.

I’ve met both of them. The first time I met Moxie and talked about axolotl (as it was called back then) was in 2014. Moxie and Trevor strike me as having more integrity and conviction than most. There is no doubt in my mind that they are real and genuine.

Interestingly enough, some of the work Trevor did related to Signal’s cryptography was later used by Jason Donenfeld in the design of WireGuard.

> It screams honeypot like nothing else.

As you can see there is plenty of evidence suggesting otherwise.

(Ping dang.)

Few in this world have done as much for privacy as the people who built Signal. Yes, it’s not perfect, but building security systems with good UX is hard. There are all sorts of tradeoffs and sacrifices one needs to make.

For those interested in the underlying technology, they’re basically combining reproducible builds, remote attestation, and transparency logs. They’re doing the same thing that Apple Private Cloud Compute is doing, and a few others. I call it system transparency, or runtime transparency. Here’s a lighting talk I did last year: https://youtu.be/Lo0gxBWwwQE

Likewise.

> You created a company which .. ultimately undermines the government power and makes it weaker.

Undermining the power of governments and other powerful entities has benefits and drawbacks. Our thesis is that making mass surveillance and online censorship ineffective is a net good for humanity in the long term.

You are arguing that censorship is a net good in the much more specific context of disinformation campaigns on social media during war time. Yes, government censorship might be effective and proportional in that context. It could also backfire.

You are also arguing that the dynamics and algorithms of social media is the vector through which disinformation spreads. Wouldn't it then be more effective and proportional to target social media for regulation?

>> It sounds like you're arguing for censored populations to .. not circumvent censorship through technological means.. > Yes, in democratic countries..

What should people in undemocratic countries do?

> I believe that the exact same ads you have on the streets in the cities should be published by politicians or NGOs and not a business. > .. I do think that political activism is still possible even when there is additional risk.

I agree. At the same time, freedom of expression and of the press is under attack on a global scale. Consider this article from Reporters Without Borders: https://rsf.org/en/world-press-freedom-index-2025-over-half-...

> On the other hand, I do know that vulnerable people (teens, minorities, sick, elderly) in my country get recruited by Russia en masses through messengers. I do know that Russia engages in psychological warfare through Telegram, Facebook and TikTok without governments able to do anything.

I agree that is a serious problem and I don't know how to solve it. I'm sorry.

> I do want for politicians to fight for my rights, but I don't want that from businesses to be honest.

Why not?

> I mean, activism is clearly a part of your business strategy.

From a cause-and-effect point of view it would be more correct to say that starting a business is a part of our activism strategy. My opinions on the proportionality of mass surveillance and government censorship were formed a decade before I started Mullvad. Running a business is hard work, and if I didn't believe in its mission I would move on to something easier.

> The more discussion you create around issues related to privacy and censorship the more users you'll have - that's why I call it performative. Mullvad's business depends on the performance of fighting for the rights at the same time as benefitting from the fight itself.

I see. I interpreted it as "for show" in the sense of not being genuine.

> I think the right course of action should be a political activism, not a technological one. Especially when the company doing it makes a fortune.

We tried that. My cofounder and I, as well as several of our colleagues, tried classic political activism in the early 2000s. It became increasingly clear to us that there are many powerful politicians, bureaucrats and special interest groups that don't act in good faith. They lie, abuse their positions, misuse state funds and generally don't care what the population or civil society thinks. They have an agenda, and don't know the meaning of intellectual honesty.

> The course, when one can just disengage from participating in society by sidestepping the problems by either using VPNs in terms of censorship .. is very dangerous and will reinforce the worst trends.

It sounds like you're arguing for censored populations to respect local law, not circumvent censorship through technological means, and only work to remove censorship through political means.

Generally, the more a state engages in online censorship the less it cares about what its population thinks. There are plenty of jurisdictions where political activism will get you jailed, or worse.

Are you seriously suggesting that circumventing state censorship is immoral and wrong?

> So instead of speaking from the high ground, please, tell us what your solution about mass disinformation happening from US social media megacorps, Russia mass disinformation, mass recruitment of people for sabotage on critical infrastructure.

Social media companies make money by keeping people engaged, and it seems the most effective way of doing that is to feed people fear and rage bait. Yes, that's a problem. As is disinformation campaigns by authoritarian states.

Powerful companies have powerful lobbyists, and systematically strive for regulatory capture. Authoritarian states who conduct disinformation campaigns against their population are unlikely to listen to reform proposals from their population.

I don't claim to have a solution for these complex issues, but I'm pretty sure mass surveillance and censorship will make things worse.

> Tell us, how can we keep living in free society when this freedom is being used as a leverage by forces trying to destroy your union.

Political reform through civil discourse cannot be taken for granted. Mass surveillance and censorship violate the principle of proportionality, and do not belong in a free society.

> Please, give us your political solutions to the modern problems instead of earning a fortune by a performance free speech activism.

I'm not sure what you mean by performance. Please clarify.

I'm pretty sure I did. I'll happily answer yours as well.

> Do you think they appeal more to consumers who are seeking "it keeps me vaguely secure", or it helps me watch Venezuelan Netflix and avoid some kinds of targeted advertising personalisation?

Between those two options, definitely "it keeps me vaguely secure". None of the ads you link to are intended for customers that want to circumvent geographical restrictions. We don't market to that customer segment.