Mullvad Browser

When you visit a website, you can be identified and tracked through your IP address, third-party cookies, all kinds of tracking scripts, and through so called browser fingerprints. That's why masking your IP address is not enough to stop the data collection. However, by using a trustworthy VPN in combination with a privacy-focused browser, you can put up a better resistance against the mass surveillance of today. That's why we partnered with the Tor Project to develop Mullvad Browser – a browser designed to minimize tracking and fingerprints.

A VPN is not enough. This is why you need a privacy-focused browser.

Big tech, authorities, and data brokers can use your IP address, cookies, scripts, and browser fingerprints to identify and track you online. Learn more about your unwanted followers and why you need a privacy-focused browser to stop them.

A Tor-developed browser. To run with a VPN instead of the Tor Network.

Using a VPN alone is not enough to achieve perfect privacy. There's simply too much data being extracted through most browsers. So, Mullvad reached out to the experts on privacy-focused browsers: the Tor Project. Learn about the idea behind the collaboration.

Your browser in itself can be a privacy problem. Things to look for when choosing a browser.

Some browsers are made to map your internet behavior. That's their business model. Others just don't have enough privacy protection. These are the questions you should ask yourself (or even better, the browser provider) before you choose a browser.

Your browser can be used to uniquely identify you. Get to know browser fingerprinting.

When you visit a webpage, most browsers give away information about your software and device. Combining this information with your other browser data makes it possible to create a user profile that can identify you.

No telemetry.

Telemetry is unique data being collected by the browser to improve its performance. We don't believe in collecting data about our users. So, with the Mullvad Browser we have removed all telemetry.

Private browsing by default.

The Mullvad Browser has private mode enabled by default. This means no cookies, cache and history are saved between your sessions. The browser also includes a reset button that creates a clean session in one click.

Blocking third-party trackers with uBlock Origin.

Even with strong protection against fingerprinting and cookies, it's a good idea to block third-party trackers. You don't want to use 'too many' extensions as it could be the one thing that identifies you. That's why we only use uBlock Origin.

Transparent business model.

We have no intention in earning money from the Mullvad Browser. Our business model is to earn money from our VPN service. Our only ambition with the Mullvad Browser is to provide the best privacy-focused browser possible to Mullvad's VPN users – and to everyone else, for that matter.

Privacy first.

Mullvad VPN has a proven record of putting privacy first. With no strange business models or short-term venture capitalist owners. The Tor Project is a non-profit organization fighting for human rights. We will always put privacy first, in everything we do.

What's New

All Platforms

• Updated Firefox to 128.10.0esr
• Bug 421: Rebase Mullvad Browser release onto 128.10.0esr [mullvad-browser]
• Bug 43659: Set new tabs to default to Tor Browser Home (about:tor) on desktop [tor-browser]
• Bug 43672: Incorrect initial letterbox size when the interface font size is 13px. [tor-browser]
• Bug 43691: Backport security fixes from Firefox 138 [tor-browser]

Windows

• Bug 43402: set browser.startup.blankWindow false [tor-browser]

Linux

• Bug 415: Load apparmor profile when configuring deb package [mullvad-browser]
• Bug 30970: Different window borders in XFCE can lead to different, not rounded window sizes [tor-browser]
• Bug 41799: Make lack of fonts.conf less of a footgun [tor-browser]
• Bug 43140: Ship our FontConfig configuration with the browser [tor-browser]
• Bug 43330: System fonts leak when emptying the allow list on Linux [tor-browser]
• Bug 41297: Add video codecs dependencies (recommends) on the Debian package [tor-browser-build]
• Bug 41298: Remove --detach parameter from .desktop files [tor-browser-build]
• Bug 41312: Remove comment in start-browser about --class and --name parameters [tor-browser-build]

Build System

All Platforms

• Bug 43295: Update MR templates [tor-browser]
• Bug 43373: Do not run all CI jobs for scheduled jobs. [tor-browser]
• Bug 40799: Remove legacy locale iteration in build and signing scripts [tor-browser-build]
• Bug 41040: Add configuration to rbm.conf to select channel and platforms [tor-browser-build]
• Bug 41281: Better dev defaults for fetch variable [tor-browser-build]
• Bug 41288: Avoid unneeded git checkouts when possible [tor-browser-build]
• Bug 41304: Add a browser commit tag+signing script [tor-browser-build]
• Bug 41306: Container dependencies are sorted before resolving templates [tor-browser-build]
• Bug 41307: Container dependencies are not filtered for duplicates [tor-browser-build]
• Bug 41315: Fix the Mullvad Extension update in relprep.py [tor-browser-build]
• Bug 41358: Update sign-tag script to handle rapid-release nightly branches [tor-browser-build]
• Bug 41363: Change update-response generation script to create one commit per OS+arch tuple [tor-browser-build]
• Bug 41365: Indent download*.json files [tor-browser-build]
• Bug 41374: Remove support for migrate_archs and migrate_langs in update_responses [tor-browser-build]
• Bug 41381: Usability improvements for the browser commit tagging script [tor-browser-build]
• Bug 41382: Replace gitlab templates ReleasePrep label references with Apps::Type::ReleasePreparation [tor-browser-build]
• Bug 41389: Remove need to update set-config.tbb-version [tor-browser-build]
• Bug 41394: Fix upload-update_responses-to-staticiforme for mullvadbrowser [tor-browser-build]
• Bug 41401: Replace Noto Sans Myanmar with Pyidaungsu [tor-browser-build]
• Bug 41409: Create a script for quickly setting up protected branches [tor-browser-build]
• Bug 41419: Add comment in downloads.json to mention that the file is deprecated, and that download-$platform.json should be used instead [tor-browser-build]
• Bug 40006: Add option to avoid doing a git checkout when using the exec template function [rbm]
• Bug 40079: Make fetch: if_needed fetch existing branches [rbm]
• Bug 40081: Support apt option for not installing recommended dependencies [rbm]
• Bug 40082: With fetch: if_needed, rbm is doing a git fetch when it shouldn't, when using a fixed commit [rbm]
• Bug 40083: rbm creates out/$project directories with mode 0700 [rbm]

Windows + macOS

• Bug 41349: Wrong copyright year makes build non-reproducible [tor-browser-build]

macOS

• Bug 41403: The rcodesign step has a wrong dmg name in alpha [tor-browser-build]

Linux

• Bug 41266: Build the Tor and Mullvad Browsers for aarch64 Linux [tor-browser-build]
• Bug 41329: Do not install python2.7-minimal in the linux-aarch64 firefox container [tor-browser-build]
• Bug 41331: Make update_responses find linux-aarch64 mar files [tor-browser-build]
• Bug 41335: linux-package project is not getting the channel target in testbuilds [tor-browser-build]
• Bug 41397: Building mullvad-browser no longer generates .deb or .rpm packages [tor-browser-build]