Mullvad exit IPs are surprisingly identifying

Original Article ↗ Hacker News Discussion ↗

Deterministic exit IPs & fingerprinting

  • Exit IPs are derived from the WireGuard key and are stable per user across servers, enabling cross-server correlation of activity.
  • Commenters note this doesn’t reveal the real IP directly, but makes it much easier to link different sessions and identities that use the same Mullvad account.
  • Some argue the article slightly overstates “>99% chance” of unique identification; it strongly narrows the candidate set but doesn’t by itself pinpoint one individual.

Why use deterministic mapping at all?

  • Suggested reasons:
    • Reduce abuse spillover: prevent one abusive user rotating through many IPs and getting whole ranges banned.
    • Better UX: stable IP avoids breaking TCP sessions, SSH, banking logins, CAPTCHAs, and IP-based risk systems.
    • Operational simplicity: stateless mapping avoids maintaining big NAT/log tables, which would be worse for privacy and law-enforcement requests.
    • Load balancing and simpler debugging.
  • A partner explains that frequent exit-IP changes would break non-roaming protocols and make users stand out as “the person who changes IP constantly”.

Privacy, anonymity, and realistic threat models

  • Many stress: consumer VPNs mainly protect against ISPs and some commercial tracking, not state-level adversaries; for strong anonymity, use Tor-like systems.
  • Browser fingerprinting and data-broker ecosystems mean that once any PII is entered via Mullvad, stable exit-IP correlation plus other signals can deanonymize users.
  • Using the same VPN identity across multiple personas is criticized as unsafe regardless of this bug.

Trust in VPNs vs ISPs; “snake oil” debate

  • One side: VPNs shift trust from typically low-trust ISPs (metadata retention, DPI, ad-monetization) to a chosen provider with audits and court-tested no-logs claims.
  • Opposing side: many commercial VPNs are viewed as untrustworthy, underpriced, heavily marketed, and potentially selling data; some prefer their ISP under strong local privacy laws.
  • Several emphasize VPNs are oversold in advertising as a universal privacy cure; they help mainly with ISP snooping, torrents, and basic IP hiding.

Mullvad’s response & disclosure process

  • A Mullvad representative confirms some behavior is intended, some not; a patch is already being tested and the design will be re-evaluated.
  • They ask researchers to notify vendors before publishing, even if disclosure is immediate; discussion ensues on ethics of responsible disclosure vs “no bounty, no duty”.
  • IP intelligence commenters note Mullvad (unlike many VPNs) has not tried to game geolocation databases, reinforcing a perception of comparative good faith.