NordVPN vs ProtonVPN vs Mullvad: 2026 Privacy Comparison

June 15, 2026

## TL;DR Pick **Mullvad** if you want the strongest anonymity story: anonymous numbered accounts, EUR 5 flat monthly, cash by mail, open-source apps, Sweden. Pick **ProtonVPN** if you want open-source apps on every platform, a Switzerland jurisdiction, four consecutive independent no-logs audits, and a deep ecosystem (Mail, Drive, Pass). Pick **NordVPN** if you want streaming-grade speed, the biggest server fleet, double VPN, Onion-over-VPN and the lowest annual-plan price of the three. None of them are bad. The decision is mostly about threat model and ecosystem. ## A short, honest disclosure This post contains affiliate links to NordVPN, ProtonVPN and Mullvad. If you sign up after clicking, we may earn a commission. That does not change the analysis below. Mullvad in particular does not run a traditional affiliate program at all; we link to them anyway because they belong in any honest 2026 privacy comparison. Where a claim could be checked, we link the source. Where we describe a tradeoff, we describe it the way we would describe it to a friend. ## What we are comparing on A VPN is a trust contract. You stop trusting your ISP and start trusting the VPN. That contract has a lot of moving parts: - **Jurisdiction** - which country's courts can compel the company - **No-logs claim** - and whether it has been audited, by whom, and how recently - **RAM-only servers** - so a physical seizure recovers nothing usable - **Leak protection** - kill switch, IPv6 handling, DNS leak protection, WebRTC mitigation - **Kill switch behavior on suspend** - laptops sleeping is where most "real-world" leaks happen - **MultiHop / double VPN** - two hops so the entry server never sees your destination and the exit server never sees your IP - **Open-source apps** - so the code that runs on your machine is auditable - **Anonymous signup** - can you create an account without an email - **Cash or crypto payments** - can you pay without linking a card to your account - **Speeds** - especially on the WireGuard protocol family - **Server count and country coverage** - matters for streaming and latency We will go through each provider and then put it all in one table. ## NordVPN **Jurisdiction**: Panama. Panama has no mandatory data-retention law for VPN providers and is outside the 5/9/14-Eyes intelligence sharing alliances. **No-logs audits**: NordVPN has been audited multiple times by PricewaterhouseCoopers AG (Switzerland) and later by Deloitte. The Deloitte engagements (2020, 2022, 2024) examined NordVPN's adherence to its no-logs claim and the company has published summary attestations. NordVPN moved its entire fleet to RAM-only diskless servers in 2020, which means a power cycle wipes the server state and there is no persistent disk for a court to seize. **The 2018 incident**: This is the elephant in the room and any honest comparison has to address it. In March 2018 a single Finnish datacenter where NordVPN rented one server was compromised through an insecure remote management tool the datacenter provider left exposed. NordVPN disclosed it in October 2019. No user activity logs were found because there were none to find, but NordVPN's reputation took a real hit and the company responded by accelerating the RAM-only migration, expanding audits, and bringing the server colocation model in-house (their "colocated servers" program). The handling was imperfect; the structural response since then has been substantive. **Protocol**: NordLynx, a wrapper around WireGuard that adds a double-NAT layer so the WireGuard server does not hold a static client IP map. Plus standard OpenVPN UDP/TCP and IKEv2 on Apple platforms. **Features**: Threat Protection (DNS-level ad and tracker blocking, plus URL malware scanning), Meshnet (peer-to-peer overlay between your own devices), Double VPN (two-hop), Onion over VPN, Dedicated IP as an add-on, P2P-optimized servers, obfuscated servers for restrictive networks. **Apps**: Native Windows, macOS, Linux, Android, iOS, plus router firmware support, browser extensions, Apple TV, Android TV, Fire TV. The Linux client and several support tools are open source on GitHub; the consumer apps are not fully open source. **Pricing (annual, 2026)**: Roughly EUR 3-4 per month on the 2-year plan during normal promotions, around EUR 12 per month on a single month. Six simultaneous device connections, plus Meshnet beyond that. **Best for**: Streaming, speed, the largest server fleet (5,000+ servers in 60+ countries), and the lowest cost-per-month if you commit annually. [Try NordVPN](https://nordvpn.com/affiliate-placeholder) ## ProtonVPN **Jurisdiction**: Switzerland, specifically Plan-les-Ouates, Geneva. Switzerland is outside the EU and the US and has strong constitutional privacy protections. Swiss surveillance law (BUPF) was challenged successfully by Proton in court and Proton VPN, unlike Proton Mail, has no obligation to log under current Swiss law. **No-logs audits**: ProtonVPN has now passed four consecutive annual no-logs audits by Securitum, the most recent published September 2025 covering the 2025 audit cycle. Each audit involved Securitum personnel on-site reviewing server configurations, VPN config files, change-management processes, and interviewing staff. Reports are publicly downloadable. **Open source**: This is ProtonVPN's signature. Every consumer app - Windows, macOS, Linux, Android, iOS, Android TV, Apple TV - is published as open source on GitHub. Combined with the audits, this is the strongest verifiability story among the three. **Secure Core**: ProtonVPN's flagship architecture. Your traffic enters through a server in Switzerland, Iceland or Sweden (countries Proton operates physically secure hardware in, including a former military bunker), then exits through your chosen country. This protects against an adversary who compromises the exit server because the exit server only sees a Proton-owned IP, never yours. It is functionally a multi-hop with a Proton-controlled first hop. **Stealth protocol**: A custom obfuscation layer built on WireGuard tunneled over TLS, designed for restrictive networks where standard VPN traffic is detected and blocked. **NetShield**: DNS-level blocking of trackers, ads, and known malware domains. Optional, runs at the VPN level so it works across all apps on the device. **Tor over VPN**: A button in the app routes traffic through Tor after the VPN. Useful for accessing .onion sites without the Tor Browser, with the usual caveat that you are now trusting Proton as the entry to Tor instead of a Tor entry guard. **Ecosystem**: This is the underrated advantage. ProtonVPN comes bundled in plans with Proton Mail, Proton Drive, Proton Pass, Proton Calendar, Lumo (their privacy AI assistant). If you are committing to a privacy ecosystem, paying once for all of it is a real consolidation. **Free tier**: ProtonVPN runs a genuinely usable free tier - unlimited bandwidth, three server countries (Netherlands, US, Japan), one device. This is rare among reputable VPNs and Proton funds it directly from paying subscribers. **Pricing (2026)**: Free tier exists. Paid VPN Plus around EUR 4-5 per month on a 2-year plan, or bundled in Proton Unlimited (around EUR 10 per month) which includes 500 GB mail, drive, calendar and pass. **Best for**: Activists, journalists, users who want full open-source apps, users already inside the Proton ecosystem. [Try ProtonVPN](https://protonvpn.com/affiliate-placeholder) ## Mullvad **Jurisdiction**: Sweden. Sweden is in the 14-Eyes alliance, which is a knock against it on paper. Mullvad has responded structurally rather than rhetorically: they keep so little data that compelled disclosure produces nothing useful, and their post-raid posture is documented in their public Swedish-law page. **No-logs audits**: Mullvad has been audited multiple times, most recently by Assured AB and Cure53. The Assured infrastructure audits in 2022, 2023 and 2024 examined production servers, the account system, and the build pipeline. In 2023, Swedish police executed a search warrant at Mullvad's Gothenburg office and left empty-handed because there were no customer records to seize. Mullvad documented this publicly the same week. **The anonymous account model**: Mullvad is the only major VPN that does not ask for an email. You click "generate account number" and you get a 16-digit number. That number is your entire identity. No password. No recovery flow. If you lose the number, the account is gone. This is intentional - it means Mullvad has nothing to give a court even if compelled. **Payment**: Mullvad accepts cash by post. You print or write your account number, put cash in an envelope, send it to a Swedish PO box. Accepted currencies include EUR, USD, GBP, SEK, NOK, CHF, CAD, AUD, NZD. They also accept Bitcoin, Bitcoin Cash, Monero, Lightning, bank wire, PayPal, Swish, and several European bank transfer rails. Crypto payments get a 10% discount. **RAM-only servers**: All Mullvad servers run from RAM with disk-less boot since 2022. Server inventory is public including hardware ownership status. **Protocol**: WireGuard only. As of late 2025 / early 2026 Mullvad has fully removed OpenVPN, citing maintenance burden and WireGuard's superior security and performance. This is a controversial choice. WireGuard is excellent but OpenVPN was the fallback for restrictive networks. Mullvad recommends Shadowsocks-bridged WireGuard in those cases. **Mullvad Browser**: Built in collaboration with the Tor Project. It is essentially the Tor Browser without the Tor network - same fingerprinting resistance, same per-tab isolation, but runs over your normal connection or your Mullvad VPN. Free, no Mullvad account required. **Pricing**: EUR 5 per month. Flat. Forever. Whether you pay monthly or by the decade, it is EUR 5 per month. No discount tiers, no upsell, no annual lock-in. Up to 5 devices per account. **No free tier**, on principle. Their stated reason: "free" services are usually paid for by someone else, which is the wrong incentive structure for a privacy company. **Best for**: Anyone with a serious threat model. Journalists, activists, security researchers, anyone who does not want any account linkage at all. [Mullvad VPN](https://mullvad.net) ## Side-by-side comparison | Feature | NordVPN | ProtonVPN | Mullvad | |---|---|---|---| | Jurisdiction | Panama | Switzerland | Sweden | | No-logs audit (most recent) | Deloitte, 2024 | Securitum, 2025 (4th consecutive) | Assured AB / Cure53, 2024 | | RAM-only servers | Yes (since 2020) | Yes | Yes (since 2022) | | Kill switch | Yes (all platforms) | Yes (all platforms) | Yes (all platforms) | | MultiHop / Double VPN | Yes (Double VPN, fixed pairs) | Yes (Secure Core, Proton-owned first hop) | Yes (any-to-any) | | Open-source apps | Partial (Linux client, tools) | Yes (all platforms) | Yes (all platforms) | | Anonymous signup (no email) | No | No | Yes | | Cash / crypto payment | Crypto yes, cash no | Crypto yes, cash no | Cash by mail, crypto yes | | Tor over VPN | Onion-over-VPN servers | Built-in Tor routing | DIY (use Tor Browser over Mullvad) | | Protocol | NordLynx (WireGuard), OpenVPN, IKEv2 | WireGuard, OpenVPN, Stealth | WireGuard only (OpenVPN removed) | | Server count | 5,000+ in 60+ countries | 6,000+ in 110+ countries | ~700 in ~50 countries | | Devices per account | 6 (+ Meshnet) | 10 | 5 | | Free tier | No | Yes (limited but real) | No (by principle) | | Price/month (annual plan) | ~EUR 3-4 | ~EUR 4-5 | EUR 5 (flat, any term) | ## Speed comparison (with caveats) Speed depends on your ISP route, the time of day, the server load, the protocol, and the distance to the exit node. Any single benchmark is a snapshot. That said: - Independent benchmarks from PCMag, Top10VPN and Restoreprivacy through 2024 and 2025 consistently put **NordVPN's NordLynx** at the top of the WireGuard-based providers on most routes, often retaining 85-95% of unprotected throughput on a 1 Gbps link to a nearby server. - **ProtonVPN** with WireGuard scores in the same band for nearby servers, with a noticeable drop on Secure Core (expected - you are routing through an extra hop in Switzerland or Iceland). - **Mullvad** on WireGuard is competitive on European routes and where they have nearby capacity, but their smaller fleet (around 700 servers) means you sometimes get less ideal exit countries, and removing OpenVPN means there is no fallback if a network blocks WireGuard. The honest summary: all three are fast enough for 4K streaming and video calls on the WireGuard family of protocols. None of them will become your bottleneck on a residential connection. ## Real-world recommendations - **Best for streaming and casual users**: NordVPN. Huge server fleet, NordLynx is fast, and the annual price is the lowest of the three. The Threat Protection feature is a nice extra. - **Best for journalists, activists, security researchers**: Mullvad. The anonymous account model is unique and matters when the threat is account-linkage. ProtonVPN is the second pick here if you also need a secure email and document ecosystem. - **Best ecosystem integration**: ProtonVPN. If you already use Proton Mail or you want to consolidate Mail, Calendar, Drive, Pass and VPN under one Switzerland-based provider, Proton Unlimited at around EUR 10 per month is hard to beat. - **Best for restrictive networks (China, Iran, corporate firewalls)**: ProtonVPN's Stealth protocol. NordVPN's obfuscated servers are competitive. Mullvad recommends Shadowsocks-bridged WireGuard, which works but requires more setup. - **Best as a second VPN for compartmentalization**: Mullvad. Pay for a year of Mullvad with cash, use it for sensitive browsing on Mullvad Browser, keep your everyday Proton or Nord account for streaming. Total cost: EUR 60 per year. ## What about the alternatives **Surfshark** is owned by the same parent company as NordVPN (Nord Security) since the 2022 merger. Cheap, unlimited devices per account, audited by Deloitte. Reasonable second-tier choice if NordVPN's pricing does not work for you. **ExpressVPN** has a long history and TrustedServer (RAM-only since 2019), but it was acquired by Kape Technologies in 2021. Kape's ownership of multiple VPN brands and ad-tech history is a real concern for privacy-purist audiences. The technology is fine; the corporate structure is the question. **IVPN** is the closest spiritual cousin to Mullvad - small Gibraltar-based provider, anonymous accounts, audited, open-source apps. Smaller fleet, slightly higher price (~EUR 5-6/month on annual), but excellent if you want a Mullvad-style ethos with a different jurisdiction. **AirVPN** is run by an Italian privacy-activist collective. OpenVPN-focused, port forwarding still supported, technically powerful but the UX is intentionally minimal. Great for power users; not your grandmother's VPN. **OVPN.cc** is a Swedish boutique provider with diskless servers, owns its own hardware, Cure53 audited. Very small fleet, similar audience to Mullvad. ## FAQ **Q: Is a VPN actually private?** A VPN moves the trust point from your ISP to the VPN provider. If the provider keeps no logs, is audited, runs RAM-only servers, and accepts anonymous payments, then yes - meaningfully more private than your ISP. If the provider keeps logs, it is just a different surveillance partner. The audit history is the deciding factor. **Q: Do any of these protect me from browser fingerprinting?** No. A VPN changes your IP. It does not change your User-Agent string, your canvas hash, your installed fonts, your audio fingerprint, or your WebGL identifier. For that, see our guides on [canvas fingerprinting](/blog/canvas-fingerprinting-explained) and Mullvad Browser. A VPN plus a hardened browser is the actual privacy stack. **Q: Can NordVPN, ProtonVPN, or Mullvad see what I do online?** Technically the VPN provider sees your unencrypted DNS queries (unless you use their DNS or your own encrypted DNS) and the destination IP of every connection. If a connection is HTTPS, they cannot see the page content. All three claim not to log this metadata; ProtonVPN and Mullvad have the strongest external verification of that claim. **Q: Is Tor better than these VPNs?** Tor and a VPN solve different problems. Tor is for anonymity against a global adversary at the cost of speed. A VPN is for IP-changing and ISP-evasion at near-full speed. We covered this in detail in [Tor vs VPN](/blog/tor-vs-vpn-which-is-more-private). **Q: What about WebRTC leaks behind a VPN?** WebRTC can expose your real IP via STUN even when you are connected to a VPN, depending on your browser and OS. Disable WebRTC or use a browser that handles it correctly. See our [WebRTC IP leak fix guide](/blog/webrtc-ip-leak-fix). **Q: Does Mullvad really still accept cash in 2026?** Yes. You can mail an envelope with your account number written on a slip of paper and physical cash in EUR, USD, GBP, SEK, NOK, CHF, CAD, AUD or NZD to their Gothenburg address. There is no money-back guarantee on cash payments due to anti-money-laundering rules, but the payment itself works. **Q: Is the 2018 NordVPN breach still relevant?** It is fair to mention and unfair to weaponize. A single rented server at a Finnish datacenter was accessed through the datacenter's exposed remote management tool. There were no user activity logs to steal because there were none kept. The response - full audits, RAM-only fleet migration, owned colocation - was structural. Eight years later it is part of the history rather than a present-day red flag. **Q: Which one is best for torrenting / P2P?** NordVPN has P2P-optimized servers. ProtonVPN allows P2P on most servers in P2P-allowed countries. Mullvad allows P2P on all servers but removed port forwarding in 2023 (citing abuse), which hurts seeding. For active seeding, NordVPN or AirVPN are better picks. ## Wrapping up The shortest version of this whole post: if you want the most private VPN that exists right now and you are willing to mail an envelope, use Mullvad. If you want everything Mullvad gives you plus a polished ecosystem and a Swiss jurisdiction, use ProtonVPN. If you want the cheapest, fastest, biggest-fleet VPN with a credible no-logs story and you do not mind giving an email address, use NordVPN. If you have not done it yet, run a leak check after you install whichever VPN you choose - your VPN is only as good as the [WebRTC IP leak](/blog/webrtc-ip-leak-fix) it does not stop, and most browser-side leaks survive the VPN tunnel. Then read [Tor vs VPN](/blog/tor-vs-vpn-which-is-more-private) if your threat model is more serious than "I want to watch a different Netflix region." *Affiliate disclosure: NordVPN and ProtonVPN links above are affiliate links. Mullvad does not run an affiliate program. We earn nothing on a Mullvad signup; we link them because they are the most privacy-respecting VPN on the market and any honest comparison has to include them.*