Privacy-minded users have long trusted Mullvad for its no-logs policy, anonymous account numbers and WireGuard focus. Yet a researcher’s disclosure this month exposed a subtle networking trait that lets observant sites and services guess whether the same person moved from one Mullvad server to another.
The finding, published May 14 on tmctmt.com, triggered swift acknowledgment from the Swedish provider. Mullvad posted its own analysis the next day and promised changes. The episode highlights how even deliberate design choices in large-scale VPN infrastructure can create unintended correlation signals.
Here’s what happened. Mullvad assigns each WireGuard connection an exit IP drawn from a pool of public addresses on that server. The assignment is deterministic. It depends on the user’s unique WireGuard public key and an internal tunnel IP that usually stays tied to that key. When the same key and internal address appear on a different server, the chosen exit IP tends to sit at a similar relative position inside each server’s pool.
Researcher tmctmt tested 3,650 public keys across nine servers. Instead of billions of possible combinations, the results collapsed to just 284 distinct patterns. Percentile positions overlapped with striking consistency. In one example, an exit IP roughly 81 percent through its local pool on one server appeared at a comparable spot on others. For pools of identical size the actual index often matched exactly. The researcher calculated more than 99 percent confidence that two such connections came from the same user.
But. The flaw does not expose a customer’s real IP address. Nor does it defeat Mullvad’s core no-logs guarantee. It simply allows a website or observer who sees the exit IPs to link two otherwise separate sessions. That linkage matters for anyone who switches servers to compartmentalize activity.
Mullvad’s official blog post on May 20 confirmed the core observation while offering nuance. “When a user switches from one VPN server to another, this sometimes makes it possible for services such as websites to confidently guess that the same user that connected from the new VPN server is the one that connected from the previous VPN server,” the company wrote. It stressed that the behavior reveals no identity, only the fact of a switch. (Mullvad.net)
Co-founder and co-CEO Fredrik Strömberg responded on Hacker News with a measured tone. “Some aspects of the described behavior are as we intended and some are not,” he said. The intended part protects against rate-limiting and CAPTCHAs by giving each server multiple exit addresses rather than forcing thousands of users onto one IP. The unintended part was the cross-server correlation. Strömberg added that the root cause differed slightly from the researcher’s description and that a patch for the problematic behavior was already under test on part of the infrastructure. He also urged future researchers to notify vendors before publishing. (TechRadar)
So what should users do right now? Mullvad recommends logging out and back into the app before switching servers. That action generates a fresh WireGuard key and internal tunnel address, breaking the correlation. The advice applies mainly to those whose threat model includes active attempts to link sessions across servers. Casual users face lower risk because each exit IP is typically shared by many people.
The company is already building a longer-term solution. Its new assignment method will ensure that the exit IP chosen on one server reveals nothing about choices on another server or even among users on the same server. Testing continues. Rollout to the full server fleet is scheduled over the coming weeks. Progress can be followed on a dedicated status page. (TechRadar)
This episode fits a broader pattern. Fingerprinting defenses have matured in browsers. Mullvad itself ships a hardened browser built with the Tor Project that standardizes many signals so users blend together. The company also offers DAITA, which adds noise to traffic patterns to frustrate analysis. Yet network-layer traits have received less public scrutiny until now.
The researcher’s work exposed more than one detail. Exit IPs do not randomize on every connection. They remain static for the lifetime of a key, which rotates between one and 30 days depending on the client. Third-party apps may behave differently. The deterministic algorithm appears to rely on a seeded random-number generator that treats the public key as input and scales a floating-point value against the current pool size. Small overlaps in that float range across thousands of users still allow strong statistical guesses.
Critics might ask why such predictability existed in the first place. Mullvad’s answer points to operational necessity. Sharing a single exit IP across too many customers invites abuse complaints and blocks. Offering multiple addresses per server reduces those headaches. The trade-off became visible only when examined across dozens of servers and thousands of keys.
Industry reaction has been muted but attentive. Privacy Guides forum threads and X posts noted the speed of Mullvad’s response as a positive signal. One post highlighted that the fix should propagate to downstream services such as Obscura VPN that route traffic through Mullvad’s network. No evidence has surfaced that the trait has been exploited in the wild. Still, the disclosure serves as a reminder that anonymity is rarely absolute. It is built from layers, each with its own leakage potential.
WireGuard itself is not at fault. The protocol is lean and auditable. The issue lives in how Mullvad’s backend maps keys to addresses at scale. Similar challenges confront other large providers, though most use single shared exits and therefore present a different set of correlation risks.
Users who want immediate protection can adopt the logout trick. Those with stricter requirements might avoid frequent server changes altogether or combine Mullvad with additional tools such as Tor. The company’s transparent handling, detailed blog and rapid patch timeline reinforce its reputation. Yet the incident also shows that constant vigilance remains necessary even among providers that reject logging and surveillance.
As rollout begins, observers will watch whether the new assignment logic introduces fresh side effects. Mullvad has pledged to reassess the “intended behaviors” as well. That openness matters. In a field where trust is fragile, admitting that some design decisions need revisiting builds confidence more than silence ever could.
The story is not over. Rollout updates will arrive in the weeks ahead. For now the lesson is clear. Even the best privacy tools contain assumptions. When those assumptions meet creative analysis, adjustments follow. Mullvad made the adjustment quickly. The rest of the industry should take note.
WebProNews is an iEntry Publication