I’m thinking of configuring a VPN in my router so that all traffic runs via Mullvad, just trying to consider if there are any downsides to this?
If I buy Mullvad via the onion site with Monero, obviously there’s no link to me, and they appear to keep no logs, as has been tested. In any case I trust them to keep no logs more than my ISP and government.
I do already have ProtonVPN but it’s attached to my debit card details, my email address, and name etc. No need to give them all my traffic too.
I know I can still be tracked by browser fingerprint and IP but I’ll be one of many users using the same Mullvad IP and I also employ adguard DNS, anti fingerprinting on my browsers etc.
My threat model is generally removing as much passive data gathering and tracking as possible, corporate or state. My threat model does not include active investigation from the law enforcement or state
There are a few performance issues that you may experience. For example, if you’re into online gaming then your latency will likely increase. Your internet connection bandwidth could also be limited by either Mullvad’s servers, your router, or any of the additional hops necessary due to the VPN. There’s also the situation where you have no internet connection at all due to an issue with the VPN connection.
There are also some user experience issues that users on the network nay experience. For example, any location based services based on IP address will either not work at all or require manual updates by the user. The same is true for other settings like locale, but they are hopefully better handled via browser/system settings. What’s more likely is content restrictions due to geographic IP addresses. Additionally, some accounts/activity could be flagged as suspicious, suspended, or blocked/deleted if you change servers too frequently.
I’m sure you are either aware of or thought through most of that, but you may want to make sure everyone on the network is fine with that too.
In terms of privacy and security, it really comes down to your threat model. For example, if you’re logged into Facebook, Google, etc. 24/7, use Chrome, Windows, etc., and never change the outbound Mullvad server, you’re not doing too much more than removing your ISP’s ability to log your activity (and maybe that’s all you want/need).