That's not the point - they promise to keep no logs, and the best way to demonstrate that they don't is to not even have any fixed storage in the servers at all (they presumably netboot from a read-only image). So they have done this with their VPN servers, now they are rolling out the strategy to DNS servers as well.

That's fine but as long as it is connected to a network you cannot prove a system to be log-free.

The majority of systems I've worked on used a message queue of some kind for logging rather than a file on disk.

I suppose it could be useful to expedite downtime in the case that they are subpoenaed, but I doubt claiming to be diskless would prevent any subpoena.

With this kind of security, you're more guarding against your servers being seized or intelligence agency installing an implant.

> I doubt claiming to be diskless would prevent any subpoena

It does in Sweden. They've repeatedly squashed subpoenas

> long as it is connected to a network you cannot prove a system to be log-free.

Nothing is perfect. If you read their audits, it's clear admins could get at your traffic if they wanted

This is why they have their architecture audited (and release the audit reports).

https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found...

>but I doubt claiming to be diskless would prevent any subpoena.

It has already.

See https://news.ycombinator.com/item?id=38220769

Logging doesn't require disks, the logs can be sent over the network.

How do they troubleshoot issues without logs exactly?

Live monitoring and test instances. They have ssh access to prod

By shipping the logs to another box.

You've seen ECC fail often enough? Ours has been incredibly reliable, but we don't have enormous bandwidth. do you have a data sheet or anything showing failure rates?