I don’t understand. The proposed legislation would force ID verification for Mullvad users. You’re still a Mullvad user, regardless of whether you connect through your VPS.
Mullvad also accepts anonymous cash payments, good luck with identifying me as a mullvad user with only an envelope, a target address,an account id which isn’t tied to a name and 10 bucks in it.
The first hop would go from “my UK client machine” -> “my VPN server elsewhere” which would impede Mullvad from automatically recognize you as a UK customer because that “server elsewhere” wouldn’t have a UK IP address.
The second, Mullvad, hop would go from “my VPN server elsewhere” -> “some other IP maybe in yet another country”
As long as you didn’t pay with a UK payment system (so, use a crypto currency or send them money in an envelope), due to that first hop Mullvad would have no way to know you are British and thus no legal obligation to treat you as such.
However a “my server elsewhere” also needs to be paid for. Further, all connections from that server would always be yours since you would be the single user of that server. Adding a Mullvad hop after that adds the anonymization of, for the rest of the Internet, your stuff being just one amongst many connections from many Mullvad clients coming from that server, plus Mullvad is probably much better at anonymizing stuff that “random techie setting up their own a VPN server on a VPS”, plus if you pay Mullvad using an anonymous payment system, they themselves have no idea who you are if they were ever legally forced to disclose it.
That first hop gives Mullvad plausible deniability about serving a UK customer without ID, whilst the second hop gives you a stronger anonymity than you would get if your entrance point into the internet was a single-user server you owner or rented.
VPS control is a much bigger pandora’s box to open than VPN control because there are way more VPS providers than VPN providers and there are constantly new ones popping up, plus there are millions of uses for a VPS which are wholly unrelated to VPNs.
How exactly would the UK Government enforce a law to “identify all VPN users just in case they’re British ones trying to run a VPN server abroad” on tens of thousands of VPS providers worldwide whose business is just proving open-ended server infrastructure to anybody anywhere for any technological use?
Govts don’t just not make legislation because they don’t know how to enforce it. They make the law, and they figure out the enforcement later. VPS providers will comply because they don’t give a single shit about your privacy and aren’t going to take the risk.
The difference is that connecting to an VPS outside of UK legislation is a process which encompasses pretty much everything, from email to webbrowsing to whatever. The traffic is HTTPS encrypted and looks like any other legitimate traffic. What the VPS does afterwards is invisible to the UK Government. If the UK doesn’t want to put up a great Firewall that makes China blush, there is no way to prevent this, and legislation that cannot be enforced is dead law.
Also, this would be very disruptive for any business that isn’t totally local, which is an pretty good incentive to not do this if they dont want to cripple their economy.
Judging by the way law enforcement against foreign sites sharing copyrighted materials has happened, it’s either cooperating with the local authorities for taking down the servers or taking away the domain names - which for this law, which unlike copyright isn’t an internationally agreed thing and for which there are zero international protocols in place, seems unlikely to get the required local authorities cooperation in most other countries - or by forcing local (in this case UK) ISPs to block access to the domains and/or IP addresses of the foreign servers breaking the law - which given how the larger VPN providers operate (basically, they have lots of VPN access points and often add more - for example Mullvad in 2025 had 667) will already be a game of wack-a-mole even without going after people setting up their own VPN in a VPS, and way more so if they do go after those since there are hundreds of thousands, maybe even millions of VPSs for rent out there because there are lots of VPS providers and each can spin up a very large number of virtual private servers, plus there are a lot of uses of VPSs in the UK which are perfectly legal so blocking the IP addresses of those can have a massive business impact and impact in the perceived reliability of the Internet in the UK for all manner of things.
Just use your server to connect to Mullvad
Why not just connect directly?
No need for age verification to connect to your own server + mullvad obfuscating your identity afterwards
I don’t understand. The proposed legislation would force ID verification for Mullvad users. You’re still a Mullvad user, regardless of whether you connect through your VPS.
Mullvad also accepts anonymous cash payments, good luck with identifying me as a mullvad user with only an envelope, a target address,an account id which isn’t tied to a name and 10 bucks in it.
The first hop would go from “my UK client machine” -> “my VPN server elsewhere” which would impede Mullvad from automatically recognize you as a UK customer because that “server elsewhere” wouldn’t have a UK IP address.
The second, Mullvad, hop would go from “my VPN server elsewhere” -> “some other IP maybe in yet another country”
As long as you didn’t pay with a UK payment system (so, use a crypto currency or send them money in an envelope), due to that first hop Mullvad would have no way to know you are British and thus no legal obligation to treat you as such.
However a “my server elsewhere” also needs to be paid for. Further, all connections from that server would always be yours since you would be the single user of that server. Adding a Mullvad hop after that adds the anonymization of, for the rest of the Internet, your stuff being just one amongst many connections from many Mullvad clients coming from that server, plus Mullvad is probably much better at anonymizing stuff that “random techie setting up their own a VPN server on a VPS”, plus if you pay Mullvad using an anonymous payment system, they themselves have no idea who you are if they were ever legally forced to disclose it.
That first hop gives Mullvad plausible deniability about serving a UK customer without ID, whilst the second hop gives you a stronger anonymity than you would get if your entrance point into the internet was a single-user server you owner or rented.
And you think VPSs would be omitted from this legislation?
VPS control is a much bigger pandora’s box to open than VPN control because there are way more VPS providers than VPN providers and there are constantly new ones popping up, plus there are millions of uses for a VPS which are wholly unrelated to VPNs.
How exactly would the UK Government enforce a law to “identify all VPN users just in case they’re British ones trying to run a VPN server abroad” on tens of thousands of VPS providers worldwide whose business is just proving open-ended server infrastructure to anybody anywhere for any technological use?
Govts don’t just not make legislation because they don’t know how to enforce it. They make the law, and they figure out the enforcement later. VPS providers will comply because they don’t give a single shit about your privacy and aren’t going to take the risk.
The difference is that connecting to an VPS outside of UK legislation is a process which encompasses pretty much everything, from email to webbrowsing to whatever. The traffic is HTTPS encrypted and looks like any other legitimate traffic. What the VPS does afterwards is invisible to the UK Government. If the UK doesn’t want to put up a great Firewall that makes China blush, there is no way to prevent this, and legislation that cannot be enforced is dead law.
Also, this would be very disruptive for any business that isn’t totally local, which is an pretty good incentive to not do this if they dont want to cripple their economy.
Judging by the way law enforcement against foreign sites sharing copyrighted materials has happened, it’s either cooperating with the local authorities for taking down the servers or taking away the domain names - which for this law, which unlike copyright isn’t an internationally agreed thing and for which there are zero international protocols in place, seems unlikely to get the required local authorities cooperation in most other countries - or by forcing local (in this case UK) ISPs to block access to the domains and/or IP addresses of the foreign servers breaking the law - which given how the larger VPN providers operate (basically, they have lots of VPN access points and often add more - for example Mullvad in 2025 had 667) will already be a game of wack-a-mole even without going after people setting up their own VPN in a VPS, and way more so if they do go after those since there are hundreds of thousands, maybe even millions of VPSs for rent out there because there are lots of VPS providers and each can spin up a very large number of virtual private servers, plus there are a lot of uses of VPSs in the UK which are perfectly legal so blocking the IP addresses of those can have a massive business impact and impact in the perceived reliability of the Internet in the UK for all manner of things.