VPN Providers — Privacy / FOSS / Anonymity Scoring (Final)

A maximally adversarial scoring pass across five providers: Mullvad, IVPN, cryptostorm, Proton VPN, AirVPN.

As-of date2026-02-28

Scale0–100 per criterion

Compositeweighted sum (100 total weight)

Formatall claims linked inline

Scoring model

Criteria, weights, and grading scale (locked)

Criteria + weights

A. Anonymity by default (signup + payment)

Identity surfaces created during account creation and billing; structural support for anonymous purchase paths.

B. Data minimization & logging reality

What is retained by necessity vs. by choice; retention windows; web perimeter logging disclosures.

C. Verifiability (FOSS, reproducible builds, independent audits)

Open-source breadth, reproducible artifacts, and public third-party audits.

D. Jurisdiction & legal attack surface

Jurisdictional exposure, clarity/ambiguity of corporate posture, and demonstrated minimization under pressure where documented.

E. Dependency minimization

Third-party processors, JS gating, analytics/cookies, affiliate/partner attribution economics.

F. Protocol & client security engineering

Client hardening and verified security posture; penalties for severe client-side issues with current impact.

G. Anti-censorship & advanced routing

Multihop, obfuscation, and operational support for restrictive networks.

Composite score = Σ(scoreᵢ × weightᵢ) / 100. All criterion scores are 0–100.

Grading scale

95–100Best-in-class; privacy properties are default and hard to accidentally defeat.

80–94Strong; meaningful tradeoffs exist but remain privacy-first under scrutiny.

60–79Mixed; requires operational discipline or contains structural compromises.

<60Fails this model in that dimension.

High-impact evidence pillars (examples)

Mullvad: no-logging data policy, no affiliates/influencers policy, Cure53 infra report (PDF).
IVPN: Matomo disclosure, Cure53 web audit (PDF), Cure53 apps audit (PDF).
Proton: Securitum no-logs audit (PDF), Partners program, Bitcoin not available at sign-up.
AirVPN: CVE-2025-14979 (NVD), JS requirement thread, referral system FAQ.
cryptostorm: website logging disclosure, canary, obfs4 support.

Final ranking

Composite + full breakdown (A–G). Provider names link to official sites.

Rank	Provider	Composite	A	B	C	D	E	F	G
1	Mullvad	93.12	98	96	97	78	92	90	92
2	IVPN	88.28	92	90	93	75	88	86	86
3	cryptostorm	78.50	95	82	68	55	70	87	90
4	Proton VPN	77.48	58	92	90	72	58	88	78
5	AirVPN	68.68	78	72	70	62	50	60	78

Final order

1 → 5

Mullvad > IVPN > cryptostorm > Proton VPN > AirVPN

Primary differentiator

Identity

Account lifecycle + payment anonymity surfaces dominate

Secondary differentiator

Verify

Public audits + reproducibility vs. trust-based claims

Provider deep dives

Each section includes score bars, load-bearing wins, hard penalties, and primary sources.

1 Mullvad 93.12composite Anonymous-by-construction + unusually strong verifiability; OpenVPN removed Jan 15, 2026.

Expand

A. Anonymity (20)

B. Minimization/logging (20)

C. Verifiability (20)

D. Jurisdiction (12)

E. Dependencies (10)

F. Client/protocol security (10)

G. Anti-censorship (8)

Load-bearing wins

Web perimeter minimization: Nginx access logs kept up to 5 minutes (without IPs); no external analytics disclosed in policy — policy.
Verifiability: Cure53 relay/infrastructure audit report — PDF, plus audit program write-up — blog.
Reproducible builds (Android): starting with version 2025.2 — details.
Incentive hygiene: no affiliates/influencers/paid reviews — policy.
Anti-censorship tooling: QUIC obfuscation for WireGuard — blog, plus LWO — blog.

Hard penalties (counted)

Protocol fallback loss: OpenVPN fully removed Jan 15, 2026 — final reminder.
Jurisdiction remains a non-zero legal attack surface in the abstract; mitigation is largely achieved through minimization, not “jurisdictional magic” — minimization disclosures.

Primary sources: no-logging data policy · advertising/affiliates policy · Cure53 (PDF) · QUIC obfuscation · OpenVPN removal.

2 IVPN 88.28composite Extremely strong audits + open source; measurable web telemetry (Matomo JS) keeps it below #1.

Expand

A. Anonymity (20)

B. Minimization/logging (20)

C. Verifiability (20)

D. Jurisdiction (12)

E. Dependencies (10)

F. Client/protocol security (10)

G. Anti-censorship (8)

Load-bearing wins

Public audit trail: Cure53 web audit report — PDF and IVPN write-up — blog.
Apps audit: Cure53 apps + daemon report — PDF and IVPN post — blog.
Open source posture: IVPN apps are open source — announcement.
Payment posture: accepted methods (including cash and cryptocurrencies) described — payment methods.

Hard penalties (counted)

Web telemetry disclosure: Matomo JS collects IP address (then discards last two octets) and may set a cookie — privacy policy.

Primary sources: privacy policy · infra audit write-up · Cure53 2024 (PDF) · Cure53 2022 (PDF).

3 cryptostorm 78.50composite Extreme anonymity primitives + strong obfuscation options; default clearnet web logs cap it.

Expand

A. Anonymity (20)

B. Minimization/logging (20)

C. Verifiability (20)

D. Jurisdiction (12)

E. Dependencies (10)

F. Client/protocol security (10)

G. Anti-censorship (8)

Load-bearing wins

“Monero order” path explicitly advertises no third parties, no email, no JS required — homepage.
Anti-censorship: obfs4 support — blog, plus SSH tunneling — blog.
Canary: dated and published — canary.txt.

Hard penalties (counted)

Default web perimeter logs: Apache “mostly default logging” includes visitor IP/user-agent/referrer; retained about 2 weeks — privacy page.
Jurisdiction clarity is intentionally unconventional; ambiguity counts as attack surface in this model — privacy page discussion.

Primary sources: privacy policy · canary · obfs4 · SSH tunnels.

4 Proton VPN 77.48composite Strong audits + open source; anonymity-by-default is structurally weaker and partner program adds attribution incentives.

Expand

A. Anonymity (20)

B. Minimization/logging (20)

C. Verifiability (20)

D. Jurisdiction (12)

E. Dependencies (10)

F. Client/protocol security (10)

G. Anti-censorship (8)

Load-bearing wins

No-logs verification: Securitum 2025 report — PDF, and Proton’s audit hub article — blog.
Open source + audits: Proton’s “open source and audited” disclosure — blog.

Hard penalties (counted)

Bitcoin cannot be used during account sign-up; it can be used after creating the account via credits — Proton doc and Proton VPN doc.
Partner/affiliate economics are explicit (“earn up to 100% commission”) — partners program.
Legacy OpenVPN manual config retirement has a cutoff date (Feb 28, 2026) for older config files; official apps unaffected — report.

Primary sources: Securitum audit (PDF) · open source + audits · Bitcoin payment constraints · partners program.

5 AirVPN 68.68composite Direct Monero acceptance + FOSS client; JS gating + referral system + severe macOS client CVE drive the drop.

Expand

A. Anonymity (20)

B. Minimization/logging (20)

C. Verifiability (20)

D. Jurisdiction (12)

E. Dependencies (10)

F. Client/protocol security (10)

G. Anti-censorship (8)

Load-bearing wins

Direct Monero acceptance (“no intermediaries”) is stated on the plans page — buy page.
FOSS client repo — Eddie (GitHub).
WireGuard privacy caveat is explicitly stated (“by design it is not ideal for privacy”) — FAQ.

Hard penalties (counted)

Web dependency: site access in hardened contexts triggers “website require JavaScript” — forum thread.
Referral/attribution system exists (“gain money” when another person buys) — referrals FAQ.
Client security event: macOS Eddie contains an insecure XPC service enabling local privilege escalation to root (affecting 2.24.6) — NVD CVE; related release context — releases.

Primary sources: plans/payment methods · referrals · WireGuard FAQ · CVE-2025-14979.

Interpretation

What the ordering means inside this model

Why the top two separate

Mullvad leads because privacy is structurally enforced at the account + web perimeter layers (minimization, no affiliates) and because verifiability is unusually complete (Cure53 PDF, reproducible builds).
IVPN remains close due to a strong audit cadence and open source posture (Cure53 2024 PDF, open source), but the website telemetry disclosure is a measurable downgrade in a funnel-correlation threat model (Matomo disclosure).

The knife-edge middle

cryptostorm scores high on anonymity primitives and censorship tooling (Monero order path, obfs4, SSH tunnels) but default clearnet web logs cap it (Apache logging disclosure).
Proton VPN scores strongly on no-logs verification and open source (Securitum PDF, open source + audits) but cannot be anonymous-by-construction because Bitcoin is unavailable at sign-up (payment constraint) and because partner/affiliate economics are explicit (partners).

Why #5 drops hard

AirVPN keeps some maximalist-friendly properties (direct Monero acceptance: buy page), but dependency and attribution surfaces expand (JS gating: thread; referral system: FAQ).
A severe macOS client issue (local privilege escalation to root) is scored as a first-class penalty in “F” (CVE-2025-14979).

Final meaning of the scores

#1–#2 are the only providers that score “structurally privacy-first” across account lifecycle + web perimeter + verifiability at once.
#3–#4 represent an explicit trade: anonymity primitives vs. third-party verifiability + business incentive surfaces.
#5 is suppressed primarily by dependency/attribution expansion and a severe client-side security event.

Return to top.