Mullvad exit IPs are surprisingly identifying

Mullvad VPN’s exit IP assignment method has been found to create a surprising fingerprinting vector that could potentially undermine user anonymity. Unlike many VPN providers that assign random exit IPs, Mullvad deterministically assigns exit IPs based on a user’s WireGuard public key, which rotates every 1 to 30 days. This means that each user consistently receives the same exit IP from a given server during the key’s lifespan. Testing across nine Mullvad servers revealed that, despite an enormous theoretical pool of over 8.2 trillion possible exit IP combinations, only 284 unique combinations were actually assigned to thousands of tested public keys. Further analysis showed that the exit IPs assigned to a user across different servers fall within the same percentile range of each server’s IP pool, typically around the 81st percentile. This pattern indicates that Mullvad does not randomly distribute exit IPs but rather selects neighboring IP addresses across servers in a consistent manner. This behavior significantly reduces the diversity of exit IP combinations and makes it easier to correlate and potentially identify users based on their exit IP “fingerprint.” The findings raise questions about whether this deterministic IP assignment is an intentional feature or an unintended side effect of Mullvad’s infrastructure design. The consistent sharing of IP indexes between certain servers with similar pool sizes suggests a systematic approach rather than random allocation. While Mullvad’s approach aims to avoid overloading single IPs and mitigate issues with IP-based blocks or rate limits, it inadvertently creates a stable identifier that could be exploited for tracking users. This discovery has important implications for privacy-conscious users relying on Mullvad for anonymity. VPN users generally expect exit IPs to be randomized to prevent correlation and tracking, but the deterministic assignment could weaken this protection. The research highlights the need for VPN providers to carefully consider how exit IPs are allocated and to balance load management with preserving user privacy.