Mullvad Browser

Mullvad Browser is the Tor-Browser-derived anti-fingerprinting browser without the Tor routing layer — a co-developed collaboration between Mullvad VPN and The Tor Project that brings Tor Browser's hardened-Firefox + uniform-fingerprint engineering to clearnet browsing, designed to pair with a no-logs VPN (Mullvad's own or another). Listed at Grade A because it occupies the daily-driver privacy browser slot — the anti-fingerprinting work that makes Tor Browser the privacy reference, minus the 200ms-2s latency cost of Tor's three-hop circuit, so it's actually usable as your everyday browser without breaking modern web apps.

Background. Mullvad Browser launched in April 2023 as a joint project between Mullvad VPN AB (Sweden-based VPN provider with a strong privacy reputation) and The Tor Project (the non-profit behind Tor Browser). The motivation: Tor Browser's anti-fingerprinting engineering is the canonical reference, but Tor's latency makes it impractical as a daily-driver browser; meanwhile most "privacy browsers" (Brave, Vivaldi, Librewolf) make smaller anti-fingerprinting concessions for usability. Mullvad Browser keeps all of Tor Browser's fingerprinting defences and strips out only the Tor network connection — your traffic instead goes through whatever VPN you have configured (Mullvad recommends their own; any no-logs VPN works). Built on Firefox ESR (the same base as Tor Browser), distributed under the MPL 2.0 license (Firefox license inheritance). Cross-platform: macOS, Windows, Linux. Released as a sister product to (not replacement for) Tor Browser — both have their place.

What you trust. Uniform fingerprint — same standardised User-Agent, screen size (1000×1000 default), font set, canvas response, WebGL response, and JS environment as Tor Browser; all Mullvad Browser users look fingerprintably identical to a tracker. No telemetry — Firefox's telemetry pipeline is stripped, Mozilla account integration removed. No Mullvad lock-in — despite the name, Mullvad Browser doesn't require Mullvad VPN; it's a generic anti-fingerprinting browser that works with any (or no) VPN. NoScript by default — same JavaScript-gating extension as Tor Browser; Security Level slider (Standard / Safer / Safest) controls aggressiveness. Tor Project engineering review — the anti-fingerprinting code is the same upstream as Tor Browser; the Tor Project reviews and contributes to the joint codebase. Reproducible builds + signed releases — same release discipline as Tor Browser. What you don't trust: the network-layer privacy is on the VPN, not the browser; pick a VPN that's actually no-logs (the EFF and Privacy Guides both publish VPN evaluation frameworks). Critical detail: without Tor, the exit-side IP is your VPN's IP — meaning your VPN provider can correlate browsing if they log; the browser's anti-fingerprinting still prevents tracker-side correlation across sessions.

Operational specs. Platforms: macOS, Windows, Linux desktop. Default behaviours: opens with about:mullvad as default homepage; clears history/cookies on browser close (same as Tor Browser). Security Level slider: Standard (JavaScript enabled, all features); Safer (JavaScript disabled on non-HTTPS sites); Safest (JavaScript fully disabled — required for the strictest privacy posture, many web apps will break). Tabs are isolated — each first-party origin gets a separate state container. New Identity function — wipes all browser state with a hotkey. Search engine: defaults to DuckDuckGo and other privacy-respecting search engines; Mullvad's own search isn't pushed. Bundled extensions: NoScript only; same restriction as Tor Browser. VPN integration: deliberately none — the browser doesn't ship a VPN client; you run Mullvad's VPN client (or another) separately. Default fingerprint: identical to Tor Browser's fingerprint cohort, so a clever fingerprinter who detects "this is Tor Browser fingerprint without Tor IP" can identify Mullvad Browser users as a separate cohort; in practice this means the anonymity set is Mullvad Browser users, not all Tor Browser users.

Philosophy. Mullvad Browser's editorial differentiator is the fast-anti-fingerprinting model — for users who want Tor Browser's privacy engineering but need a browser that's fast enough to use as a daily driver. Tor Browser is the canonical reference; it's the right pick when network-layer anonymity matters (against IP-correlation, against geo-detection, against ISP visibility). Mullvad Browser is the right pick when the network-layer is handled by a VPN you trust and you want a browser that doesn't make the user-agent-level anti-tracking concessions that Brave or Vivaldi or Librewolf make. The trade-off: you're moving the network-layer trust from "no single entity sees both your IP and your destination" (Tor's three-hop guarantee) to "the VPN sees both your VPN-IP and the destination, and you have to trust the VPN's no-logs claim." For most threat models, a credible no-logs VPN + Mullvad Browser is the right combination; for the strictest threat models (journalists, activists, high-stakes scenarios), Tor Browser remains the right pick.

Grade rationale. Grade A reflects: co-developed by Mullvad and the Tor Project (the canonical anti-fingerprinting expertise); built on Firefox ESR with full Tor Browser anti-fingerprinting patches; uniform-fingerprint design; cross-platform (macOS, Windows, Linux); no telemetry, no Mozilla account; NoScript bundled with Security Level slider; reproducible builds + signed releases; MPL 2.0 license; no Mullvad VPN lock-in (works with any VPN or none); independently audited (Mullvad publishes audit reports on their site); active development since April 2023; cross-listed in web3privacy and Privacy Guides peer directories; maintains its own Tor onion service at o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion. Last verified 2026-05-13.

Useful when. You want Tor Browser's anti-fingerprinting without Tor's latency — daily browsing, web apps that need to be responsive. You're already running a trusted no-logs VPN and want a browser that complements it on the user-agent layer. You're a journalist or researcher doing clearnet work that's privacy-adjacent but not high-stakes-anonymity (use Tor Browser for the high-stakes part). You want a privacy daily driver that's structurally more conservative than Brave / Vivaldi / Librewolf — full anti-fingerprinting, no telemetry, no built-in crypto wallet / shopping integrations / lock-in features. You want a browser maintained by people who don't have ad-tech incentives — Mullvad makes money from VPN subscriptions, not from browser monetisation.

Caveats. Network-layer privacy depends on your VPN — if your VPN logs or gets subpoenaed, the network-layer anonymity is compromised. Pick a no-logs VPN with audit reports; verify the VPN's jurisdiction and operational track record. Mullvad Browser users are a separate fingerprint cohort from Tor Browser users — a sophisticated fingerprinter who sees "Tor Browser fingerprint without Tor exit IP" can categorise Mullvad Browser users as a cohort. The anti-fingerprinting still works *within* that cohort, but the cohort itself is smaller than Tor Browser's. No iOS, no Android — desktop only at this writing. For mobile, use Tor Browser for Android, or a hardened Firefox build (Mull, IronFox, etc.) on iOS with appropriate extensions. Safest mode breaks many sites — same JavaScript trade-off as Tor Browser; modern web apps assume JavaScript. Browser extensions are restricted — only the bundled NoScript is included; adding extensions adds fingerprinting surface. Don't log into clearnet accounts — same caution as Tor Browser; logging into Gmail / Twitter from Mullvad Browser links the browser session to your clearnet identity. The "Mullvad" name implies VPN coupling — common misconception; the browser is generic anti-fingerprinting and works with any VPN. Don't sign up for Mullvad VPN just because of the browser name; pick a VPN on its own merits. VPN-without-anti-fingerprinting is a partial-trust posture — Mullvad Browser doesn't make sense without a VPN (your real IP would be exposed); use it explicitly as the browser-layer in a VPN+browser stack.