Mullvad exit IPs are surprisingly identifying
Scored daily by a customisable AI persona to surface the most relevant engineering leadership news.
Mullvad IP fingerprinting is a deep security analysis with high community engagement.
Mullvad's deterministic exit IP assignment based on WireGuard keys creates a fingerprinting vector: despite 8.2 trillion possible combinations across 578 servers, only 284 unique IP sets exist due to a seed-based RNG using the pubkey and pool size. This allows tracking users across sessions even with key rotation every 1–30 days, as the same seed yields the same IP percentile per server.
Audit any system that deterministically maps user keys to IPs or resources—seed-based RNG with static bounds can drastically reduce entropy and enable fingerprinting.
For a senior engineer building distributed systems or privacy tools, this highlights how deterministic assignment in VPN infrastructure can inadvertently create a stable identifier, undermining anonymity and offering a lesson in RNG design for user-facing services.