Mullvad aces security audit with this new privacy tool
After recently proving its no-log policy in spite of a police raid in Sweden, Mullvad gave demonstrated strong security infrastructure offered by its VPN service once again.
This time it was its new search engine tool Leta which underwent an independent review by audit firm Assured AB.
Auditors were called to assess both the security and privacy posture of the new tool. Leta aced the review with no significant issues found.
Mullvad’s Leta security report
“Overall, Mullvad Leta is well contained with a small attack surface, and good measures have been implemented to strengthen privacy as well as security,” the audit’s report (opens in new tab) concluded.
Auditors performed both a web application penetration test and a web security review of Leta, the new privacy-focused Google search proxy developed by Mullvad and available for all its VPN users at no extra cost.
They found a total of two low-risks privacy issues related to logging and search query caching, as well as one potential security flaw linked with Google search results’ HTML content being rendered in the Leta search results.
The provider reassured it had already begun work on carry out the auditors’ recommendations.
Security audit of our https://t.co/iHfLAoSVrz search service https://t.co/L6GLNM0j2xMay 16, 2023
Leta is also an option to use with Mullvad Browser as a default search engine. First released on April 3, the latter seeks to offer users all the privacy and security of the Tor Browser, together with all the perks of secure VPN software.
“Leta aims to present a reliable and trustworthy way of searching privately on the internet,” explains the provider (opens in new tab).
Using such a tool is pointless, though, when combined with a private web browser that blocks fingerprinting, cookies and other web trackers.
“For most people Leta can be useful, as the above conditions cannot ever truly be met by systems that are available today.”
This proves more promising still when you consider that Leta’s privacy and security have finally been verified.