A security researcher revealed that Mullvad VPN's method of assigning exit IP addresses to users is deterministic and based on WireGuard keys, enabling potential fingerprinting. With only 578 servers, Mullvad uses vertical scaling to avoid IP overcrowding, but the static IP assignment across servers reduces the theoretical 8.2 trillion exit IP combinations to just 284 unique sets, making users identifiable.
Mullvad VPN, known for its privacy-focused services, assigns exit IPs to users based on their WireGuard public keys, which rotate every 1 to 30 days unless a third-party client is used. This method was intended to distribute users across multiple IPs to avoid overcrowding, but it inadvertently creates a static fingerprint. The researcher tested 3,650 public keys across nine servers and found that all were assigned one of just 284 unique exit IP combinations, despite the theoretical possibility of 8.2 trillion combinations 1.
The researcher mapped the exit IP ranges for nine Mullvad servers, revealing that each server has a limited pool of IPs. For example, the server 'au-syd-wg-101' has 60 IPs (103.136.147.5 to 103.136.147.64), while 'de-ber-wg-007' has only 8 IPs (193.32.248.245 to 193.32.248.252). The deterministic assignment means that a user’s exit IP on one server correlates with their IPs on other servers, creating a unique fingerprint. This undermines the privacy benefits of using a VPN, as users can be tracked across sessions 1.
To analyze the IP assignment pattern, the researcher calculated the numerical position of each exit IP within its server’s pool. For instance, the IP 103.136.147.53 on 'au-syd-wg-101' has a 1-based index of 49 (53 - 5 + 1). When these positions were divided by the pool size, a consistent ratio emerged across servers. For example, the IP 103.136.147.53 yielded a ratio of 0.816 (49/60), while 149.88.104.12 on 'cl-scl-wg-001' yielded 0.818 (9/11). This suggests that Mullvad assigns IPs proportionally across servers 1.
The proportional assignment indicates that Mullvad uses a seed-based random number generator (RNG) to determine exit IPs. In programming, an RNG initialized with a static seed will produce the same sequence of numbers for identical bounds. The researcher demonstrated this with a Rust code snippet, showing that a seeded RNG with bounds of 0 to 1000 consistently outputs 56. This explains why servers with identical pool sizes, such as 'cl-scl-wg-001' and 'za-jnb-wg-002' (both with 11 IPs), assign the same IP indexes to users 1.
The use of a seed-based RNG introduces a critical flaw: it reduces the entropy of exit IP assignments. While Mullvad’s method was designed to prevent IP overcrowding, it inadvertently creates a static mapping between a user’s WireGuard key and their exit IPs. This means that even if a user rotates their key, the same proportional IP assignment persists, enabling long-term tracking. The researcher’s findings highlight a tension between scalability and privacy in VPN design 1.
Mullvad’s approach contrasts with larger VPN providers like Proton VPN, which operates 20,000 servers. Proton’s scale allows it to distribute users more broadly, reducing the risk of fingerprinting. Mullvad’s smaller server count (578) necessitates vertical scaling, but the deterministic IP assignment undermines its privacy guarantees. The researcher’s script, which tested 3,650 public keys, confirmed that the limited IP combinations are not a statistical anomaly but a systemic issue 1.
The implications of this flaw extend beyond individual tracking. Websites with aggressive IP-based rate limits or blocks could exploit this pattern to identify and restrict VPN users. For example, if a user’s exit IP on one server consistently correlates with their IP on another, a website could infer that the same user is accessing it from multiple locations. This defeats the purpose of using a VPN for anonymity and could lead to widespread blocking of Mullvad’s IP ranges 1.