Mullvad assigns exit IPs deterministically from a seeded RNG per WireGuard key, letting observers correlate a user across servers with >99% confidence.
Key Takeaways
Mullvad uses only 578 servers but assigns multiple exit IPs per server; your exit IP is static per WireGuard key, not re-randomized on reconnect.
The exit IP index is proportional across all servers because Rust’s random_range generates the same underlying float regardless of pool size bounds.
This means exit IPs across different servers fall in the same percentile, collapsing 8.2 trillion theoretical combinations down to just 284 observed ones.
An attacker with IP logs from two sites can narrow a user to roughly 0.34% of Mullvad’s user base, roughly 340 people at 100k active users.
Mitigation: avoid switching servers more than once per key, and force-rotate your WireGuard pubkey by logging out of the Mullvad app.
Hacker News Comment Review
Mullvad co-CEO confirmed the behavior is partly unintended, said a patch was already being tested on a subset of infrastructure, and noted key rotation is the preferred client-side fix.
Commenters split on threat model: several argued VPNs were never designed for anonymity against sites visited, and Tor remains the correct tool for that; others pushed back that Mullvad’s marketing implies stronger privacy.
The ‘>99% confidence’ framing drew skepticism as overconfident, but defenders noted that on small forums with few daily signups, overlapping float ranges are still strong circumstantial evidence.
Notable Comments
@kfreds: Mullvad co-CEO confirmed partial intent, active patch rollout, and promised a re-evaluation of the feature design.
