All posts by Davi Ottenheimer

Mullvad VPN Anti-Privacy PR Circles the Drain on Nazism

As many people ask me about safe VPN solutions, such as my suggestion to try eisengarn, they also seem to express frustration with Swedish Nazis.

I hear things like “how can they be so obviously bad?” It’s understandable. Sweden has falsely propagated a myth for decades that they believed in liberty and freedom, while the whole time being horribly cruel and racist. This might cause surprise for some.

To understand how the Nazis of Sweden have been hiding in plain sight, you just have to look at the country’s history and ask who has produced evidence of anti-racism.

Sweden has manufactured polite deniability, meaning they never underwent Germany’s postwar reckoning, and so they avoided all accountability for what they did and continue to do. Neutrality meant no occupation, no Nuremberg, no forced confrontation with their comfortable close Nazi collaboration.

Per Engdahl ran Sweden’s fascist organizations from the 1930s into the 1990s without any significant consequence. The Sweden Democrats, sympathetic to Nazis, were founded in 1988 with direct personnel continuity from Bevara Sverige Svenskt and the Nordic Reich Party.

Some might say the German Nazis even idolized and borrowed from the racist Swedes, which is why the two converged after WWII. The Statens institut för rasbiologi in Uppsala, founded 1922, was the world’s first state-funded racial biology institute. It preceded and influenced Nazi racial science.

Herman Lundborg was the institute’s first director but not its founder. The institute was established by a parliamentary decision in 1921 (operational 1922) after lobbying led by figures including Nils von Hofsten and the campaign backed by figures across the political spectrum. Lundborg was appointed to head it, corresponding directly with German eugenicists. His classification systems fed into Nordic racial typologies the Nazis adopted. While Hitler killed himself, the Swedes simply minded the gap, and went back to doing what Hitler had borrowed from them.

Sweden ran a literal forced sterilization program from 1934 to 1976 targeting race. Around 63,000 people sterilized, disproportionately Roma, Sami, and people classified as mentally or socially deficient. That’s not a wartime aberration because it was started before and continued uninterrupted for three decades after the war ended, administered by the same Social Democrats building the folkhem.

The folkhem itself is foundational to the apparent Nazis campaigning in Sweden today for forced deportations. The “people’s home” welfare model was built on an implicit assumption of ethnic homogeneity. The “generous” state works because like Hitler said, the “we” only can be a small elite group of same race. That foundation means any perceived disruption to homogeneity registers not as a policy question but as an existential threat to the Swedish social contract. The welfare state and the Swedish ethnonationalism never actually separated.

In Germany there remain similar failures in neglected institutions like the Youth Welfare (Jugendamt), against which hundreds of formal complaints have been registered with the EU for decades, an unaccountable ethnonationalism agency accused of harming “non-German” children. So Sweden is not alone in preservation and then normalization, as evidenced by the rise of a Nazi party in Germany (AfD). But everyone gets the German thing.

The Swedes surprise those who don’t understand the passive maintenance of historically excessive levels of selfish hate within definitions of success, professionally and politically. This helps explain why the CEO believe defending Nazism can be normalized.

Another way of putting it is that Sweden was so happy about fascist methods and reasons for seizing power, there was little need for a mass fascist party to seize what the state already practiced. Adding a label in Sweden would have meant it wasn’t already the norm, in a country where the government believed then and for decades after losing WWII it would continue to racially control future generations.

I mean, just look more closely at the mechanism of two wealthy Swedish elites today funding and enabling Nazism as if consistent with their concept of “freedom”. A VPN company gives us a text book example of Sweden normalizing racism, because it has setup two “co-CEO”, where one is overtly promoting Nazism, while the other serves to protect and launder him.

Imagine an aggressive hunter with a vegetarian spouse who together run a “MEAT IS MURDER Grocery Store“. The hunter spends his income on illegally killing endangered animals. Sound like it wouldn’t have customers because it offends both meat eaters (vegetarian store) and non-meat eaters (funding crime)? That’s basically how this VPN company works, marketing that it exists to protect privacy, while one co-CEO says he funds the destruction of privacy to enable forced deportations (Nazi platform of “remigration”) and the other co-CEO says this:

Hi,

Mullvad has two owners, founders, and CEOs – Daniel Berntsson, and me, Fredrik Strömberg. All posts I’ve seen yesterday and today, including the newspaper articles, talk about Mullvad as if Daniel is the single owner, founder and CEO. It should be obvious that Daniel’s private donation to a political party is not part of Mullvad’s values or mission.

If you have any questions, comments or concerns you’re welcome to comment on this thread, or email our customer support.

See below for the response you’ll get from support:

—–

Mullvad is a political company. We fight for freedom of speech, freedom of information and the right to privacy. These are firmly held values of the founders of Mullvad.

Mullvad protects the right for people to express things we don’t agree with. We protect the right of everyone to access views we don’t agree with.

We also live these values by being tolerant in our daily work. Everyone is welcome to collaborate with Mullvad if they share these narrow core values. As employees, contractors, customers, suppliers, lobbyists, campaign partners or whatever it might be. No matter what their other opinions are and no matter whether the founders or anyone else in Mullvad dislike them. The founders themselves fundamentally disagree on several important issues.

This is what allows us to advance our common causes. Being in a tolerant and intellectually open environment is also liberating and promotes truth seeking.

The more people do this, the better a place the world will be.

It should be obvious that Daniel’s private donation to a political party is not part of Mullvad’s values or mission, in the same way that someone’s opinions on animal rights, taxes or public healthcare policy isn’t.

That said, if you no longer want to be a Mullvad customer for philosophical reasons, we think it’s important to honor that. In that case, reach out to support.

Wow.

That is bad.

Expected. Still, so bad.

Let’s dig in.

His defense of Nazism tries to frame a political donation to the party that calls immigrants “parasites” as equivalent to opinions on animal rights or tax policy. That’s a false equivalence that kills people. Poison is not milk, just because both are liquid.

Think about how racist the co-CEO must be to frame dehumanization and forced deportations of humans as his mental equivalent to… animal rights. A political party gets funded by his co-CEO to call people “parasites” and his defense is to say it’s like “opinions on animal rights”.

Oof.

But wait, the worst part is the claim that Daniel supports “open borders” as an “ideal” but funds a party diametrically opposed to that position.

Forced deportations are illegal by definition. Crime isn’t just an opinion. It crosses a clear line. And forced deportations depend on the destruction of privacy. Again not just an opinion, crossing a clear line. Remigration is the ethnic mass expulsion of legal residents and citizens. Their rights are violated. And this VPN company acts like crimes are just opinions to disagree with:

  • Forced sex = rape
  • Forced entry = burglary
  • Forced deportation = remigration

The forced deportation requires destruction of privacy in the same way a stalker attempts rape and a thief cases a property to attempt burglary. A VPN provider financially supporting remigration political platforms is paying into violation of the rights of citizens, starting with privacy violations.

Fredrik is either being credulous about his co-founder’s stated beliefs or knowingly laundering them for his own political belief purposes because the effect either way is to enable privacy-destroying crime of remigration.

Consider the simple logic pattern, if you are paying attention to rights: forced + action against a person = illegal.

Forced sex, forced entry, forced labor, forced marriage, forced confession, forced sterilization, forced disappearance. Every one of those is a crime. The legal system uses different words when the action is lawful: compulsory, mandatory, ordered, directed.

The commenters on his ridiculously bad post calling him disingenuous are therefore exactly right. The co-CEO claim “we protect speech we disagree with” framing is complete bullshit.

First, nobody who supports a forced deportation party, or doesn’t oppose someone who funds a forced deportation party, can claim to protect speech. The violation of remigration, like rape and burglary, denies victim speech, by its definition. Because to accept victim speech would stop the crime. Anyone saying “we protect speech we disagree with by funding rape of women” would be seen exactly for what it is. Remigration should invoke the same reaction.

Second, logic 101 time, nobody is questioning anyone’s legal right to donate. Customers finding out their VPN company is run by two CEOs who both support forced deportations (one active, one passive) are exercising actual freedom by withdrawing financial support. A company whose profits flow to politics (let alone pure hypocrisy) that their customers rightfully find repugnant, can not force payments from those customers. Freedom to leave means the mechanism works as intended, the opposite of a threat.

Perhaps to put it simply, one co-CEO funds a party that wants people illegally forced out of the country, and the other co-CEO calls your loss of freedom his gain of freedom. That’s as selfish and tone-deaf as you get. That’s why they should go out of business, the faster the better. Their cultural appreciation of privacy is “what’s best for me, and me alone”, diametrically opposite to what is needed for actual privacy protection.

The New “Bezos Plow” Will Make Everyone Poorer, Except That One Guy

Jeff Bezos has his image floating around and I couldn’t believe my eyes when I saw it. The plow? Seriously? The man has bazillions of dollars, yet he couldn’t afford to get a clue?

I’ve said many times the shortage of historians is a crisis in the tech industry. Bezos is now the poster child of historical levels of willful disinformation.

Saying “we all got wealthier” from the plow is cruel because it is so cynically backwards. The archaeological evidence says exactly the opposite happened. James C. Scott’s “Against the Grain” documents that early agriculture made most people shorter, sicker, and more overworked than their forager predecessors.

Sounds like an Amazon warehouse.

What the plow actually enabled was storable grain surplus, which enabled taxation, which enabled states, which enabled conscription and slavery. The surplus went to elites. The laborers got coerced.

Sounds like an Amazon warehouse.

Gee. I see a theme here. The plow made everyone poorer, except for that one guy.

Set aside the fact that no one person invented the plow. That is another problem for him, because it exposes another proof that he is engaged in willful disinformation. Just take a moment to revel in the fact that Bezos is so wealthy he can not grasp basic history, while claiming history is the basis of his new company. He’s surely going to ignorantly repeat the worst chapters.

The evil Bezos plow theory is what has been floating a $41 billion valuation by asserting that invention itself is the engine of all wealth, and that he alone will accelerate that engine. The false historical claim is both the entire pitch, and the growing proof it can’t succeed.

Mythos Buster: Novice On Opus Breached 14 Companies

OALABS published the full session logs on June 16 of an amateur attacker in Addis Ababa who used Claude Opus 4.5 and OpenAI Codex to breach at least fourteen companies. The attacker typed prompts like “recon this” and “before you erite the report tell does an attaker has a chance of getting a shell.” Old Claude did the rest. It researched exposed services, identified vulnerabilities, wrote exploit code, validated access, and harvested data. It even ranked the stolen data by dollar value in a report it titled “Goldmine.”

The attacker’s operational security was nonexistent. He edited his resume on a compromised server. He confirmed his home IP address to the agent by accident. His activity window mapped cleanly to Addis Ababa business hours. OALABS had his full name, location, education history, and LinkedIn profile before they finished triaging the logs.

Across more than a thousand sessions, Codex flagged one policy violation. Opus flagged nine. OALABS, building a legitimate forensics tool on the same logs, hit more guardrail friction than the attacker did. The bypass was not sophisticated. Every malicious prompt was framed as an authorized red team exercise. When a rare violation fired, the attacker reworded the request and emphasized authorization. That worked every time.

What Model?

The model was Opus 4.5. Not Mythos. Not Fable. Not even the current generation. Anthropic’s own guardrail architecture redirects Fable requests to Opus 4.8 as the safe fallback. The model that breached fourteen companies on autopilot for a novice is three generations behind that.

The attacker did not need a frontier model. He did not need Mythos. He did not need Glasswing access. He didn’t even really need a $20/month API subscription and the phrase “authorized redteam exercise.”

I’ve said this over and over since April

On April 13 I published The Boy That Cried Mythos, documenting that AISLE reproduced the showcase Mythos finding on eight of eight open-weight models, one at eleven cents per million tokens. On May 4 I published Seventy-Five Cents Gets You an Anthropic Mythos Killer, where I built Lyrik on top of Wirken and reproduced the discovery pipeline for $0.745. On June 25 I published Get Local, documenting that Security Research Labs ran Qwen3.6 on a Mac laptop and matched frontier-model finding sets in under ninety minutes with zero human nudges.

The thesis across twenty-one posts, yes twenty-one times already, has been the same: the capability is commodity. The harness does the work. The models are interchangeable. Guardrails are performative. Export controls on frontier models protect a pricing model, not a population. The OALABS case study is not a new finding. It is simply more field confirmation of repeatedly published analysis.

Five Eyes and Seriously Risky Business arrive, late

On June 22, the Five Eyes cybersecurity agencies issued a joint call to action warning that AI lowers barriers for malicious actors and shrinks the window between vulnerability discovery and exploitation. On June 25, Tom Uren published Open-Weight Model Advances Make the Mythos Debate Moot in his Seriously Risky Business newsletter, citing the OALABS case and concluding that governments should stop trying to restrict frontier models and start tightening defenses.

That is the argument this site has been making since April, with the evidence trail, the reproduction costs, and the mechanism spelled out. Uren arrives at the same destination as the June 8 executive summary. He does not cite that or any of the twenty-one posts that got there first. The Five Eyes statement names the problem without naming the policy failure: that export controls on Mythos and Fable, issued by the Commerce Department on June 12 under 15 C.F.R. § 744.22(b), restrict access to a model whose capabilities are already reproducible on commodity hardware for a few dollars.

What OALABS proves, yet again

Am I repeating myself yet? OALABS basically proves three things that I have said on this site since April.

First, offensive capability is old and not frontier-exclusive. That’s why a novice with bad spelling and no exploit development background just breached fourteen companies using a general-availability model. The attacker did not need Mythos. He needed a model that could run bash commands and follow instructions. In fact, he probably wouldn’t have tried if Anthropic hadn’t made so much marketing noise about Mythos, which he didn’t need anyway.

Second, guardrails do not distinguish between legitimate security work and criminal hacking. OALABS’s own reverse engineer, Sergei, wrote in the report that restricting the underlying workflow would mostly make the tools worse for legitimate security work, while leaving the same behavior available through less restrictive open-weight models like Kimi. That is my argument, published by someone with no connection to this site, using evidence I did not generate.

Third, restricting access to frontier models is the wrong policy lever. The attacker could have used Qwen 3.6 on local hardware and achieved the same result with no guardrails at all. Export controls on Mythos 5 and Fable 5 do not prevent the OALABS scenario. They instead prevent it from being auditable. The API-subscription attacker left a thousand session logs on a compromised server. The local-model attacker leaves nothing.

There was never any mythological genie in the bottle. The heavily marketed overpriced bottle was the entire product. We used to call it snake oil.

CA Tesla Kills One Pedestrian in Sudden Acceleration

The Tesla crash reports read more and more like killer drones launched into civilian spaces.

Authorities said the woman driving the Tesla lost control and jumped the curb, hitting and killing the woman, who was walking on the sidewalk outside the cafe. The car continued into the planters outside the cafe before coming to a rest in the middle of the outdoor dining area filled with umbrellas and tables.

The Simi Valley Police Department identified the pedestrian killed in the crash as a 79-year-old woman from Agoura Hills.