The law and law enforcement are two different things. Law enforcement works roughly like this: they get an IP of a website, they go to an ISP, the ISP says its this reseller, they go to the reseller, the reseller says it is this customer, they go to the customer, the customer says this IP posted the bad thing, they take the new IP and go to the ISP, ISP hands over the original users details, they go knock on the users door.
It is basically a turd rolling down hill that nobody wants to touch and everyone wants to pass on to the next person. At each step YOU are responsible for the bad thing that happened until you give them a new person to look at.
If you think it works any differently, take a look at what happened to the "TheDonald" forum after January 6th. You can shout and scream about freedoms and rights all you want, but when your girlfriend has to explain to her boss why the FBI came around asking questions about you - you hand over the next guy down the line super quick.
> It is basically a turd rolling down hill that nobody wants to touch and everyone wants to pass on to the next person.
You’re just making assumptions without referring to the facts.
Mullvad is a Swedish company and falls under Swedish and EU jurisdiction.
ISPs in the EU are indeed required to keep track on what subscriber had what IP at what point in time. Some do this gladly and some try their absolute best to sabotage the process (like Bahnhof).
However, Mullvad is a VPN provider. They are not an ISP. If you claim that Mullvad is legally required to log IPs, then source that claim, because they clearly are not and if that claim is true that would mean they are breaking the law, which I doubt they would be willfully doing.
In your example, the buck stops with the VPN provider (which again, is not an ISP) because the info they provide is of no use.
In some cases, the buck even stops with the ISP without a VPN, because in many jurisdictions there are demands placed upon the seriousness of the alleged crime to allow personal data to be supplied to law enforcement.
40% of Mullvad's servers are located in the United States, which gives them a US nexus and makes them subject to US law. Sweden and the US have a bilateral extradition treaty, so the operators could be arrested and brought to the US to face charges.
US law has a concept of accessory-before-the-fact. Assisting in the concealment of a crime is in itself a crime. Unlike an accomplice, an accessory need not be aware of the specifics of the crime. This was a big stick wielded by US law enforcement against pre-paid phone operators in the early 2000s to compel cooperation.
The law and law enforcement are two different things. Law enforcement works roughly like this: they get an IP of a website, they go to an ISP, the ISP says its this reseller, they go to the reseller, the reseller says it is this customer, they go to the customer, the customer says this IP posted the bad thing, they take the new IP and go to the ISP, ISP hands over the original users details, they go knock on the users door.
It is basically a turd rolling down hill that nobody wants to touch and everyone wants to pass on to the next person. At each step YOU are responsible for the bad thing that happened until you give them a new person to look at.
If you think it works any differently, take a look at what happened to the "TheDonald" forum after January 6th. You can shout and scream about freedoms and rights all you want, but when your girlfriend has to explain to her boss why the FBI came around asking questions about you - you hand over the next guy down the line super quick.