Mullvad aces security audit with this new privacy tool

Mullvad VPN working on a laptop

After recently proving its no-log policy in spite of a police raid in Sweden, Mullvad gave demonstrated strong security infrastructure offered by its VPN service once again.

This time it was its new search engine tool Leta which underwent an independent review by audit firm Assured AB.

Auditors were called to assess both the security and privacy posture of the new tool. Leta aced the review with no significant issues found.  

Mullvad's Leta security report

"Overall, Mullvad Leta is well contained with a small attack surface, and good measures have been implemented to strengthen privacy as well as security," the audit's report concluded.

Auditors performed both a web application penetration test and a web security review of Leta, the new privacy-focused Google search proxy developed by Mullvad and available for all its VPN users at no extra cost.

They found a total of two low-risks privacy issues related to logging and search query caching, as well as one potential security flaw linked with Google search results' HTML content being rendered in the Leta search results.

The provider reassured it had already begun work on carry out the auditors' recommendations.

Leta is also an option to use with Mullvad Browser as a default search engine. First released on April 3, the latter seeks to offer users all the privacy and security of the Tor Browser, together with all the perks of secure VPN software. 

"Leta aims to present a reliable and trustworthy way of searching privately on the internet," explains the provider

Using such a tool is pointless, though, when combined with a private web browser that blocks fingerprinting, cookies and other web trackers.

"For most people Leta can be useful, as the above conditions cannot ever truly be met by systems that are available today."

This proves more promising still when you consider that Leta's privacy and security have finally been verified.

Chiara Castro
Senior Staff Writer

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com