Leta is a privacy focused search engine provided by Mullvad for customers of our VPN.
# What does the word “Leta” mean?
Leta is the Swedish word for “look”, “hunt”, “be in search of” or “scout”.
It is pronounced like “Lea - tah”.
# What can I do with Leta?
Leta is a search engine. You can use it to return search results from many locations. We provide text search results, currently we do not offer image, news or any other types of search result.
# Can I use Leta as my default search engine?
Yes, so long as your browser supports changing default search engines.
From there you should see 'Add “Mullvad Leta“' with the Mullvad VPN logo to the left.
If you not see this, you can attempt to add a custom search engine to your browser with:
The name set to: Leta
The URL set to: https://leta.mullvad.net/?q=%s&oc=1
# Did you make your own search engine from scratch?
We did not, we made a front end to the Google Search API.
Our search engine performs the searches on behalf of our users. This means that rather than using Google Search directly, our Leta server makes the requests.
Searching by proxy in other words.
# What is the point of Leta?
Leta aims to present a reliable and trustworthy way of searching privately on the internet.
However, Leta is useless as a service if you use the perfect non-logging VPN, a privacy focussed DNS service, a web browser that resists fingerprinting, and correlation attacks from global actors. Leta is also useless if your browser blocks all cookies, tracking pixels and other tracking technologies.
For most people Leta can be useful, as the above conditions cannot ever truly be met by systems that are available today.
# How many searches can I perform?
We have a limit on 50 searches (or credits) per valid Mullvad VPN account per 24 hours.
Each time you search for a phrase you use up 1 of the 50 credits.
Each time you select next page you use up 1 of the 50 credits.
If you select ”Only search in cache”, which is the default option, 0 credits are used.
# Why is there a limit on searches?
Each search requires that we make an API call to Google, which costs money.
We want to provide a valuable service to customers, without the potential for abuse.
# What is a cached search?
We store every search in a RAM based cache storage (Redis), which is removed after it reaches over 30 days in age.
Cached searches are fetched from this storage, which means we return a result that can be from 0 to 30 days old. It may be the case that no other user has searched for something during the time that you search, which means you would be shown a stale result.
# What happens to everything I search for?
Your searches are performed by proxy, it is the Leta server that makes calls to the Google Search API.
Each search that has not already been cached is saved in RAM for 30 days. The idea is that the more searches performed, the larger and more substantial the cached results become, thus aiding with privacy.
All searches will be stored in cache, when you perform a search the cache will be checked first, before determining whether a direct call to Google should be made.
What could potentially be a unique search would become something that many other users would also search for.
# Why do I need a valid Mullvad VPN account?
We do not want to have our service abused by opening it up to anyone.
We want to offer this as a free service for Mullvad VPN customers.
We will not generate any money on this service, there are no ulterior motives in play.
# What is running on the server side?
We run the Leta servers on STBooted RAM only servers, the same as our VPN servers. These servers run the latest Ubuntu LTS, with our own stripped down custom Mullvad VPN kernel which we tune in-house to remove unnecessary cruft.
The cached search results are stored in an in-memory Redis key / value store.
The Leta service is a NodeJS based application that proxies requests to Google, or returns them from cache.
We gather metrics relating to the number of cached searches, vs direct searches, solely to understand the value of our service.
Additionally we gather information about CPU usage, RAM usage and other such information to keep the service running smoothly.
I like the idea, but using the Mullvad Browser with Leta was mildly annoying, as I would have to sign in (acct#) for each search. I get it, but I wish there was a better way to authenticate. The search results were surprisingly good also (as expected).
I wanted to try it more, but unfortunately I couldn't figure out a way to get Tailscale and Mullvad to play nice together on Windows (my work laptop) and on Linux (Desktop). There are some guides for Linux but none of them worked for me. Split-VPN feature didn't work for Tailscale either.
Not the OP, but it's something I've found myself needing a lot. I'd like to be connected to Mullvad VPN most of the time, but I also want to use my tailnet - when connected to Tailscale I can't connect to Mullvad and vice versa.
>Mullvad Leta uses the Google Search API as a proxy search engine. Searches are cached each time, and the cached results are shared by every user of the
I was under the impression that the search API terms didn't allow people to cache the results/data, although I might be thinking of another one of their services.
This does NOT exist. They are misusing/reverse-engineering Google Search.
Edit: As child comments say, there is a version of a Search API available by paying. This is not the same as what Mullvad is providing and is not meant to provide a competitive service to Google.
It absolutely does exist, as can be seen from companies like Startpage and Kagi using that paid API.
But yes, it seems hard to believe that the terms of service for a paid API would allow for caching of results. What this sounds like is Mullvad betting that they can just use their VPN IPs for scraping search results and not be blocked.
Edit: the Leta FAQ claims they're paying for API access, seems unlikely they'd lie about that.
It has a REST API (and can be used to query the internet also, though our use case required us to restrict the results of one particular domain). I believe this is the closest thing to a Google Search API.
1.3 Your Obligations. You shall receive a Query from the End User and shall forward that Query to Google. You may not in any way frame, cache or modify the Results produced by Google, except as otherwise agreed to between You and Google.
I suppose a they may have written a service to query Google and there may be a CDN
caching responses from that, which can be argued as not being a permanent datastore which I believe Google may be more likely have a problem with. It could also depend on the fact whether Google is willing to send a cease and desist over this.
However, I am no lawyer, so take it with a grain of salt.
The whole site, including homepage, FAQ, and TOS, are returning a 502 for me.
According to their audit (1), it’s a Google Search proxy? I’m honestly surprised Google still allows these kind of services, and that Mullvad is trying to launch one.
I got this on my first attempt. On the second, it connected, but just says "You are not connected to Mullvad VPN. Connect to Mullvad VPN and try again." Clicking on "try again" then returns an HTTP 502: Bad Gateway
TLDR; it is a Google search proxy for Mullvad customers with 50 searches per 24 limit. There is an option to do unlimited number of searches in their cache.
