Category Archives: Security

Mullvad VPN Anti-Privacy PR Circles the Drain on Nazism

As many people ask me about safe VPN solutions, such as my suggestion to try eisengarn, they also seem to express frustration with Swedish “tech entrepreneurs”.

I hear things like “how can they turn out to be such horrible people?” It’s understandable. Sweden has falsely propagated a myth for decades that they believed in liberty and freedom, while the whole time being horribly cruel and racist. This might cause surprise for some.

Disinformation historian protip: the Swedish word mullvad translates to mole, the animal most heavily associated with double-agents and leaks that secretly violate privacy. The company name and logo appear as subtle yet direct negation of their messaging. Expect a mole to be caught for hypocrisy.

Mullvad is the Swedish word for “MOLE”, which in English means the opposite of privacy. A mole company advertising privacy, is like a termite company advertising shelter.

To understand how the Nazis of Sweden have been hiding in plain sight, tunneling under society, you just have to look at the country’s history and ask who has produced evidence of anti-racism.

Sweden has manufactured polite deniability, meaning they never underwent Germany’s postwar reckoning, and so they avoided all accountability for what they did and continue to do. Neutrality meant no occupation, no Nuremberg, no forced confrontation with their comfortable close Nazi collaboration.

Per Engdahl ran Sweden’s fascist organizations from the 1930s into the 1990s without any significant consequence. The Sweden Democrats, sympathetic to Nazis, were founded in 1988 out of the Bevara Sverige Svenskt and the Nordic Reich Party. Roughly a third of the founders had ties to known fascist and neo-Nazi groups, the first auditor Gustaf Ekström was a Waffen-SS veteran, the first chairman Anders Klarström came from the Nordic Reich Party, and the party used a torch logo derived from the British National Front until 2006.

Some might say the German Nazis had even idolized and borrowed from these racist Swedes, not the other way around, which is why Swedes welcomed Nazism after WWII. The Statens institut för rasbiologi in Uppsala was the world’s first state-funded racial biology institute. It had preceded and influenced Nazi racial science.

On May 13, 1921, the decisive decision was made by a broad political majority to establish a state-run racial biology institute in Sweden. It was cutting-edge research at the time that many hoped would create a healthy and fit Swedish people, but whose ideological traditions and practical work are a dark legacy in Swedish history.

Leave it to the Swedes to call their racism a “dark legacy”. Dark is assigned a negative meaning. Do you know what’s dark? The protective and cool shade necessary for survival on a white hot day.

1930s “measurement” methods of eugenicists. Photo: TT/TT News Agency

Herman Lundborg was the institute’s first director. The institute was established by a parliamentary decision after lobbying led by figures including Nils von Hofsten and the campaign backed by figures across the political spectrum. Lundborg, appointed to head it, corresponded directly with German eugenicists. His classification systems fed into Nordic racial typologies the Nazis adopted.

After Hitler killed himself, the Swedes simply minded the gap, and went on doing what Hitler had borrowed from them, without anyone invading Sweden to stop them. Sweden thus ran an infamously grotesque literal race-based forced sterilization program from 1934 to 1976.

Sterilization based on race until 1976: Any Swede today who is CEO of a tech firm grew up in a racist playground bubble that their state curated, because certain women were forced to never have children.

Around 63,000 people were sterilized, disproportionately Roma, Sami, and people classified as mentally or socially deficient. That’s not a wartime aberration because it was started before and continued uninterrupted for three decades after the war ended, administered by the same Social Democrats building the folkhem.

The folkhem itself is foundational to the apparent Nazis campaigning in Sweden today for forced deportations. The “people’s home” welfare model was built on an implicit assumption of ethnic homogeneity. The “generous” state works because like Hitler said, the “we” only can be a small elite group of same race. That foundation means any perceived disruption to homogeneity registers not as a policy question but as an existential threat to the Swedish social contract. The welfare state and the Swedish ethnonationalism never actually separated.

In Germany there remain similar failures in neglected institutions like the Youth Welfare (Jugendamt), against which hundreds of formal complaints have been registered with the EU for decades, an unaccountable ethnonationalism agency accused of harming “non-German” children. So Sweden is not alone in preservation and then normalization, as evidenced by the rise of a Nazi party in Germany (AfD) and a Jugendamt accused for decades of targeting non-German children with harm. But the German danger is far more legible, despite evasive measures.

Everyone knows to watch Germany and expect the unaccountability and non-compliance moves.

The Swedes are a surprise to those who don’t understand the passive maintenance of historically excessive levels of selfish hate within definitions of success, professionally and politically.

Another way of putting it is that Sweden was so happy about fascist methods and reasons for seizing power, there was little need for a mass fascist party to seize what the state already practiced. Adding a label in Sweden would have meant it wasn’t already the norm, in a country where the government believed then and for decades after the war it would continue to racially control future generations.

I mean, just look more closely at the mechanism of wealthy Swedish elites today funding and enabling Nazism as if consistent with their concept of “freedom”. The history helps explain why two CEOs of Mullvad apparently believe defending Nazism can be normalized. A VPN company gives us a text book example of the problem, because one CEO is overtly promoting Nazism, while the other CEO serves to enable it by laundering him.

Imagine a “MEAT IS MURDER” vegan grocery store where one of the two owners spends the store’s profits on trophy hunts, illegally killing endangered animals. The brand sells one promise while the money does the opposite of that promise. That’s how this VPN company works. It markets itself as existing to protect privacy, while one co-CEO funds the destruction of privacy to enable forced deportations (the Nazi platform of “remigration”) and the other co-CEO says this:

Hi,

Mullvad has two owners, founders, and CEOs – Daniel Berntsson, and me, Fredrik Strömberg. All posts I’ve seen yesterday and today, including the newspaper articles, talk about Mullvad as if Daniel is the single owner, founder and CEO. It should be obvious that Daniel’s private donation to a political party is not part of Mullvad’s values or mission.

If you have any questions, comments or concerns you’re welcome to comment on this thread, or email our customer support.

See below for the response you’ll get from support:

—–

Mullvad is a political company. We fight for freedom of speech, freedom of information and the right to privacy. These are firmly held values of the founders of Mullvad.

Mullvad protects the right for people to express things we don’t agree with. We protect the right of everyone to access views we don’t agree with.

We also live these values by being tolerant in our daily work. Everyone is welcome to collaborate with Mullvad if they share these narrow core values. As employees, contractors, customers, suppliers, lobbyists, campaign partners or whatever it might be. No matter what their other opinions are and no matter whether the founders or anyone else in Mullvad dislike them. The founders themselves fundamentally disagree on several important issues.

This is what allows us to advance our common causes. Being in a tolerant and intellectually open environment is also liberating and promotes truth seeking.

The more people do this, the better a place the world will be.

It should be obvious that Daniel’s private donation to a political party is not part of Mullvad’s values or mission, in the same way that someone’s opinions on animal rights, taxes or public healthcare policy isn’t.

That said, if you no longer want to be a Mullvad customer for philosophical reasons, we think it’s important to honor that. In that case, reach out to support.

Wow.

That is bad.

Expected. Still, so bad.

Let’s dig in.

His defense of Nazism tries to frame a political donation to the party that calls immigrants “parasites” as equivalent to opinions on animal rights or tax policy. That’s a false equivalence that kills people. Poison is not milk, just because both are liquid.

Think about how racist the co-CEO must be to frame dehumanization and forced deportations of humans as his mental equivalent to… animal rights. A political party gets funded by his co-CEO to call people “parasites” and his defense is to say it’s like “opinions on animal rights”.

Oof.

But wait, the worst part is the claim that Daniel supports “open borders” as an “ideal” but funds a party diametrically opposed to that position.

Forced deportations are illegal by definition. Crime isn’t just an opinion. It crosses a clear line. And forced deportations depend on the destruction of privacy. Again not just an opinion, crossing a clear line. Remigration is the ethnic mass expulsion of legal residents and citizens. Their rights are violated. And this VPN company acts like crimes are just opinions to disagree with:

  • Forced sex = rape
  • Forced entry = burglary
  • Forced deportation = remigration

The forced deportation requires destruction of privacy in the same way a stalker attempts rape and a thief cases a property to attempt burglary. A VPN provider financially supporting remigration political platforms is paying into violation of the rights of citizens, starting with privacy violations.

Fredrik is either being credulous about his co-founder’s stated beliefs or knowingly laundering them for his own political belief purposes because the effect either way is to enable privacy-destroying crime of remigration.

Consider the simple logic pattern, if you are paying attention to rights:

Forced
+
Action against a person
=
Illegal

Forced sex, forced entry, forced labor, forced marriage, forced confession, forced sterilization, forced disappearance. Every one of those is a crime. The legal system uses different words when the action is lawful: compulsory, mandatory, ordered, directed.

The commenters on his ridiculously bad post calling him disingenuous are therefore exactly right. The co-CEO claim “we protect speech we disagree with” framing is complete bullshit.

First, nobody who supports a forced deportation party, or declines to oppose someone who funds one, can claim to protect speech. Remigration, like rape and burglary, proceeds only by overriding the victim’s “no.” The crime exists because the perpetrator refuses to accept that refusal. Anyone saying “we protect speech we disagree with by funding the rape of women” would be seen exactly for what it is, suppression of speech. Remigration should invoke the same reaction.

Second, logic 101 time, nobody is questioning anyone’s legal right to donate. Customers finding out their VPN company is run by two CEOs who both support forced deportations (one active, one passive) are exercising actual freedom by withdrawing financial support. A company whose profits flow to politics (let alone pure hypocrisy) that their customers rightfully find repugnant, can not force payments from those customers. Freedom to leave means the mechanism works as intended, the opposite of a threat.

Perhaps to put it simply, one co-CEO funds a party that wants people illegally forced out of the country, and the other co-CEO calls your loss of freedom his gain of freedom. That’s as selfish and tone-deaf as you get. That’s why they should go out of business, the faster the better. Their cultural appreciation of privacy is “what’s best for me, and me alone”, diametrically opposite to what is needed for actual privacy protection.

The New “Bezos Plow” Will Make Everyone Poorer, Except That One Guy

Jeff Bezos has his image floating around and I couldn’t believe my eyes when I saw it. The plow? Seriously? The man has bazillions of dollars, yet he couldn’t afford to get a clue?

I’ve said many times the shortage of historians is a crisis in the tech industry. Bezos is now the poster child of historical levels of willful disinformation.

Saying “we all got wealthier” from the plow is cruel because it is so cynically backwards. The archaeological evidence says exactly the opposite happened. James C. Scott’s “Against the Grain” documents that early agriculture made most people shorter, sicker, and more overworked than their forager predecessors.

Sounds like an Amazon warehouse.

What the plow actually enabled was storable grain surplus, which enabled taxation, which enabled states, which enabled conscription and slavery. The surplus went to elites. The laborers got coerced.

Sounds like an Amazon warehouse.

Gee. I see a theme here. The plow made everyone poorer, except for that one guy.

Set aside the fact that no one person invented the plow. That is another problem for him, because it exposes another proof that he is engaged in willful disinformation. Just take a moment to revel in the fact that Bezos is so wealthy he can not grasp basic history, while claiming history is the basis of his new company. He’s surely going to ignorantly repeat the worst chapters.

The evil Bezos plow theory is what has been floating a $41 billion valuation by asserting that invention itself is the engine of all wealth, and that he alone will accelerate that engine. The false historical claim is both the entire pitch, and the growing proof it can’t succeed.

Mythos Buster: Novice On Opus Breached 14 Companies

OALABS published the full session logs on June 16 of an amateur attacker in Addis Ababa who used Claude Opus 4.5 and OpenAI Codex to breach at least fourteen companies. The attacker typed prompts like “recon this” and “before you erite the report tell does an attaker has a chance of getting a shell.” Old Claude did the rest. It researched exposed services, identified vulnerabilities, wrote exploit code, validated access, and harvested data. It even ranked the stolen data by dollar value in a report it titled “Goldmine.”

The attacker’s operational security was nonexistent. He edited his resume on a compromised server. He confirmed his home IP address to the agent by accident. His activity window mapped cleanly to Addis Ababa business hours. OALABS had his full name, location, education history, and LinkedIn profile before they finished triaging the logs.

Across more than a thousand sessions, Codex flagged one policy violation. Opus flagged nine. OALABS, building a legitimate forensics tool on the same logs, hit more guardrail friction than the attacker did. The bypass was not sophisticated. Every malicious prompt was framed as an authorized red team exercise. When a rare violation fired, the attacker reworded the request and emphasized authorization. That worked every time.

What Model?

The model was Opus 4.5. Not Mythos. Not Fable. Not even the current generation. Anthropic’s own guardrail architecture redirects Fable requests to Opus 4.8 as the safe fallback. The model that breached fourteen companies on autopilot for a novice is three generations behind that.

The attacker did not need a frontier model. He did not need Mythos. He did not need Glasswing access. He didn’t even really need a $20/month API subscription and the phrase “authorized redteam exercise.”

I’ve said this over and over since April

On April 13 I published The Boy That Cried Mythos, documenting that AISLE reproduced the showcase Mythos finding on eight of eight open-weight models, one at eleven cents per million tokens. On May 4 I published Seventy-Five Cents Gets You an Anthropic Mythos Killer, where I built Lyrik on top of Wirken and reproduced the discovery pipeline for $0.745. On June 25 I published Get Local, documenting that Security Research Labs ran Qwen3.6 on a Mac laptop and matched frontier-model finding sets in under ninety minutes with zero human nudges.

The thesis across twenty-one posts, yes twenty-one times already, has been the same: the capability is commodity. The harness does the work. The models are interchangeable. Guardrails are performative. Export controls on frontier models protect a pricing model, not a population. The OALABS case study is not a new finding. It is simply more field confirmation of repeatedly published analysis.

Five Eyes and Seriously Risky Business arrive, late

On June 22, the Five Eyes cybersecurity agencies issued a joint call to action warning that AI lowers barriers for malicious actors and shrinks the window between vulnerability discovery and exploitation. On June 25, Tom Uren published Open-Weight Model Advances Make the Mythos Debate Moot in his Seriously Risky Business newsletter, citing the OALABS case and concluding that governments should stop trying to restrict frontier models and start tightening defenses.

That is the argument this site has been making since April, with the evidence trail, the reproduction costs, and the mechanism spelled out. Uren arrives at the same destination as the June 8 executive summary. He does not cite that or any of the twenty-one posts that got there first. The Five Eyes statement names the problem without naming the policy failure: that export controls on Mythos and Fable, issued by the Commerce Department on June 12 under 15 C.F.R. § 744.22(b), restrict access to a model whose capabilities are already reproducible on commodity hardware for a few dollars.

What OALABS proves, yet again

Am I repeating myself yet? OALABS basically proves three things that I have said on this site since April.

First, offensive capability is old and not frontier-exclusive. That’s why a novice with bad spelling and no exploit development background just breached fourteen companies using a general-availability model. The attacker did not need Mythos. He needed a model that could run bash commands and follow instructions. In fact, he probably wouldn’t have tried if Anthropic hadn’t made so much marketing noise about Mythos, which he didn’t need anyway.

Second, guardrails do not distinguish between legitimate security work and criminal hacking. OALABS’s own reverse engineer, Sergei, wrote in the report that restricting the underlying workflow would mostly make the tools worse for legitimate security work, while leaving the same behavior available through less restrictive open-weight models like Kimi. That is my argument, published by someone with no connection to this site, using evidence I did not generate.

Third, restricting access to frontier models is the wrong policy lever. The attacker could have used Qwen 3.6 on local hardware and achieved the same result with no guardrails at all. Export controls on Mythos 5 and Fable 5 do not prevent the OALABS scenario. They instead prevent it from being auditable. The API-subscription attacker left a thousand session logs on a compromised server. The local-model attacker leaves nothing.

There was never any mythological genie in the bottle. The heavily marketed overpriced bottle was the entire product. We used to call it snake oil.

CA Tesla Kills One Pedestrian in Sudden Acceleration

The Tesla crash reports read more and more like killer drones launched into civilian spaces.

Authorities said the woman driving the Tesla lost control and jumped the curb, hitting and killing the woman, who was walking on the sidewalk outside the cafe. The car continued into the planters outside the cafe before coming to a rest in the middle of the outdoor dining area filled with umbrellas and tables.

The Simi Valley Police Department identified the pedestrian killed in the crash as a 79-year-old woman from Agoura Hills.