Can bet 99.99% that Mullvad throws the envelope in the trash and just forgets about it.
So, yes, there is a theory that someone may go in the trash in Sweden, finds the envelope, the stamp (and it has to be a british one), investigate who bought the stamp, get the assistance of the shopkeeper in UK (without raising suspicions), successfully reviews tons of security cameras footage to find who bought, etc.
And still don't know which activity to link it to.
A perfect waste of public resources if the NSA really does that, when all they needed to do is to purchase a VPN provider or fund Tor and claim to be no-logs VPN ;)
> So, yes, there is a theory that someone may go in the trash in Sweden, finds the envelope[...]
Presumably the theory is more like [1] - that the postal service, when they scan the envelope to read the address, save the scanned image and give it to the cops.
I agree that the NSA would be better off just running their own VPN services - or indeed intercepting everything on major backbones and just seeing what source IPs connect to Mullvad's servers.
> Can bet 99.99% that Mullvad throws the envelope in the trash and just forgets about it.
Storage is cheap - really cheap. I bet automatically capturing images of all mail during sorting and archiving that for years is not only viable, but a vital investigation/intelligence tool. One would ask Mullvad for the cash payment dates[1], and cross-reference with all mail sent to a Mullvad postal address. One city-level datapoint on where user was, cross-checked with the latest IP address, where stamps were bought[2], and you've massively trimmed the list of suspects, especially if they are behind a NAT and sharing the IP.
1. They have to keep track of payment dates, which is a side channel.
2. Where and when stamps were bought. I'm certain GCHQ can keep track of individual stamp IDs, the batches they belonged to, when they were procured by the retailer and have a reasonable guess when that specific stamp was bought by mail-sender.
Wow, looks like you lost that bet! They indeed shred that envelope.
"Put the money in an envelope together with the payment token and send it to us. We will open the envelope, add time to the account (corresponding to the amount of cash sent), and then use a shredder to destroy the envelope and its non-money contents."
So, yes, there is a theory that someone may go in the trash in Sweden, finds the envelope, the stamp (and it has to be a british one), investigate who bought the stamp, get the assistance of the shopkeeper in UK (without raising suspicions), successfully reviews tons of security cameras footage to find who bought, etc.
And still don't know which activity to link it to.
A perfect waste of public resources if the NSA really does that, when all they needed to do is to purchase a VPN provider or fund Tor and claim to be no-logs VPN ;)