I’m thinking of configuring a VPN in my router so that all traffic runs via Mullvad, just trying to consider if there are any downsides to this?
If I buy Mullvad via the onion site with Monero, obviously there’s no link to me, and they appear to keep no logs, as has been tested. In any case I trust them to keep no logs more than my ISP and government.
I do already have ProtonVPN but it’s attached to my debit card details, my email address, and name etc. No need to give them all my traffic too.
I know I can still be tracked by browser fingerprint and IP but I’ll be one of many users using the same Mullvad IP and I also employ adguard DNS, anti fingerprinting on my browsers etc.
My threat model is generally removing as much passive data gathering and tracking as possible, corporate or state. My threat model does not include active investigation from the law enforcement or state
There’s no point in hiding the transaction. A state level actor will see that you’re connecting to the Mullvad VPN addresses and won’t need to check your credit card statement to determine that you’re using it.
Just because they could doesn’t mean you have to make it trivial for them.
It’s already trivial to see that you’re connecting. You’re not making anything at all more difficult for state level actors, just yourself.
The purpose of hiding the transaction would be to make it so that Mullvad couldn’t tie the transaction (or your identity) to your account even if they wanted to. I know they say they don’t log that data and I believe them, but they physically could if they wanted to, as opposed to paying in a private way, which Mullvad encourages anyway.
Of course, this then depends on what you’ll do with your VPN. If you’re using it to log into anything, unless that account is completely anonymised, the Mullvad servers could tie you to your account if they wanted to track you. Same goes for if you connect from your home network as opposed to eg public wifi. But there definitely exist threat models and use cases where what you’re doing on that VPN wouldn’t otherwise be tie-able to your real identity and therefore wanting to guarantee your VPN provider can’t know who you are may be something you’re interested in.
And some people just like anonymity for the sake of it 🤷♀️