option to update Mullvad Browser over Tor

Currently, Mullvad Browser reaches out to mullvad.net to retrieve updates. This is bad for the reasons described here:

https://blog.torproject.org/tor-heart-apt-transport-tor-and-debian-onions/

More saliently, users of Mullvad Browser should not be forced to tell their local networks that they are connecting to Mullvad when they check for updates. Also, Mullvad Browser does not require a Mullvad subscription, and it should be possible for users to run Mullvad Browser without sharing information about their identities with Mullvad or its carriers.

The solution is to provide a way to update Mullvad Browser over Tor, perhaps by using a system Tor explicitly, and ideally more generally by allowing the user to specify a SOCKS hostname and port for retrieving updates.

Edited Mar 20, 2025 by Jeremy Bentham

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information