The Mullvad Browser was developed in partnership between Mullvad VPN and the Tor Project. It is built on Firefox ESR and ships with the same anti-fingerprinting patches that power Tor Browser — but without routing your traffic through the Tor network. The idea is simple: pair it with a VPN and you get strong fingerprint resistance combined with the speed of a commercial network.
How Mullvad Browser Differs from Its Alternatives
Versus Tor Browser: Mullvad Browser uses the same letterboxing technique (padding the viewport to prevent canvas-based size fingerprinting) and spoofs or blocks the same browser APIs. The key difference is the transport layer. Tor Browser routes everything through three relays; Mullvad Browser expects you to supply your own VPN. Tor Browser also enforces stricter JavaScript restrictions by default (Security Level: Safest), while Mullvad Browser runs JavaScript enabled for usability.
Versus Firefox with uBlock Origin: Firefox, even well-configured, still exposes a unique fingerprint through font enumeration, WebGL renderer strings, audio context, and dozens of other vectors. Mullvad Browser neutralizes most of these at the engine level, not through extension blocking. You cannot replicate the same protection purely through Firefox configuration.
Versus Brave: Brave adds randomized noise to fingerprinting APIs, which helps but creates a unique noise signature over time. Mullvad Browser aims for uniformity — every installation looks the same to a tracking server.
Installation
Download from mullvad.net/en/browser. Mullvad Browser is available for Windows, macOS, and Linux. On Linux, extract the tarball and run ./start-mullvad-browser.desktop or move the folder to /opt and create a launcher.
There is no auto-update. Check the release page periodically or enable the built-in update check under Settings > General.
Default Protections You Get Out of the Box
Mullvad Browser ships with these protections enabled without any configuration:
- uBlock Origin pre-installed in medium-mode (blocks third-party scripts by default)
- Mullvad Privacy Companion extension, which blocks click tracking and enforces HTTPS
- Letterboxing to mask viewport dimensions
- Fingerprinting resistance via
privacy.resistFingerprinting = trueinuser.js - No telemetry — all Firefox data collection endpoints are disabled
- First-party isolation on cookies and storage
- Strict Enhanced Tracking Protection
Recommended Additional Extensions
The Mullvad Browser team recommends keeping extensions to a minimum, because unusual extensions make you stand out. The following are compatible with the browser’s fingerprint model:
| Extension | Purpose |
|---|---|
| uBlock Origin (pre-installed) | Ad and tracker blocking |
| Mullvad Privacy Companion (pre-installed) | Link cleaning, HTTPS enforcement |
| NoScript | Per-site JavaScript control (advanced users) |
Do not install LastPass, Grammarly, or other extensions that inject scripts into pages — they break fingerprint uniformity. Use a local password manager like KeePassXC with browser integration via its native extension, which does not inject tracking code.
Cookie Policy and Session Management
Mullvad Browser deletes all cookies and site data when you close the browser. This is non-negotiable and by design. If you need to stay logged into a site across sessions, you have two options:
- Add a cookie exception under Settings > Privacy & Security > Manage Exceptions. Do this sparingly.
- Use a container for that site. The browser supports Firefox Multi-Account Containers, which isolate site storage.
For most use cases, treat Mullvad Browser as a stateless browser. Do your authenticated work in a separate browser (Firefox with a dedicated profile, for example), and use Mullvad Browser for research and browsing where you do not want to be tracked.
Configuring DNS Leak Protection
If you are using Mullvad VPN, enable DNS over the VPN tunnel in the Mullvad app. Verify there is no DNS leak with:
https://mullvad.net/en/check
If you are using a different VPN, ensure DNS queries go through the tunnel, not your ISP. In the Mullvad Browser, also set:
Settings > Privacy & Security > DNS over HTTPS > Max Protection
Set the custom provider to your VPN provider’s DoH endpoint, or use Mullvad’s: https://doh.mullvad.net/dns-query
Fingerprinting Resistance in Practice
Canvas
The browser returns a deterministic, spoofed canvas value. Any site using canvas fingerprinting will get the same junk value from every Mullvad Browser installation.
WebGL
WebGL renderer and vendor strings are spoofed. The actual GPU model is not exposed.
Fonts
Font enumeration returns a reduced, fixed list regardless of what fonts you have installed.
Screen Resolution and Timezone
The browser reports a rounded screen resolution and a UTC timezone by default, regardless of your actual settings.
AudioContext
Audio fingerprinting returns noise that is consistent across sessions but does not reflect your hardware.
When to Use Mullvad Browser (and When Not To)
Use it when:
- Browsing news, research, or anything where you want no profile built on you
- You are using a VPN and want the fingerprint protection that complements it
- You want Tor Browser’s privacy hardening without Tor’s speed penalties
Do not use it when:
- You need to stay logged into accounts across sessions without adding exceptions
- You need a browser extension ecosystem (development tools, etc.)
- You are under surveillance from a state actor — use Tor Browser or Tails instead
Pairing with Mullvad VPN
Mullvad VPN charges a flat fee with no account email required — you pay with a generated account number, and optionally with cash or Monero. Combined with the Mullvad Browser, this creates a setup where neither the VPN provider (who sees your IP but not your browsing) nor the websites (who see the VPN exit IP but get a uniform fingerprint) can build a useful profile.
Enable DAITA (Defence Against AI-guided Traffic Analysis) in the Mullvad app if available in your region. It adds noise to traffic patterns to resist correlation attacks.
The Mullvad Browser is one of the strongest privacy-focused browsers for everyday use, sitting in the practical middle ground between a hardened Firefox and a full Tor setup.