Privacy-focused VPN users expect their service to obscure their path online. Yet a fresh analysis shows Mullvad’s approach to assigning exit addresses can itself become a telltale sign.
The Swedish provider built a reputation on no-logs policy, anonymous accounts and regular audits. Its WireGuard implementation, however, ties each user’s public key to a predictable slice of available exit addresses. Researchers who tested thousands of keys discovered patterns that shrink the anonymity set far below what many assumed.
Published just yesterday, the report from independent analyst tmctmt lays out the mechanics in detail. Mullvad runs far fewer servers than some competitors. It compensates with multiple exit IPs per location to dodge blocks and throttling. The company assigns those IPs deterministically from the WireGuard public key rather than drawing fresh randomness on every connection. tmctmt.com mapped nine servers and found only 284 unique IP combinations across 3,650 generated keys.
That number stands in sharp contrast to the theoretical pool. Some servers offer 60 or 90 addresses. Multiply the options across locations and the math suggests trillions of possible pairings. In practice the assignments cluster tightly. IPs consistently fall near the 81st percentile of each pool. The pattern holds across servers with wildly different pool sizes.
And here’s the rub. The consistency points to a seeded random-number generator. Rust code in the Mullvad client appears to produce a fixed floating-point value from the key. That float scales to the pool size on each server. Same seed, similar ratio. Different pool sizes still yield correlated selections.
tmctmt built an estimator tool that reverses the math. Feed it a handful of observed IPs and it narrows the likely seed range. With roughly 100,000 active users the math implies hundreds could share near-identical combinations. Forum moderators or site owners logging IPs could cross-reference them with high confidence.
One example in the report hits hard. Two accounts posting on the same forum show overlapping float ranges of 0.4334–0.4428 and 0.4358–0.4423. The overlap suggests better than 99 percent chance they belong to one operator. No browser tricks or advanced tracking required. Just ordinary server logs.
Mullvad rotates keys every one to 30 days in its official app. Third-party clients may behave differently. The company has discussed the rotation interval publicly. A 2022 GitHub comment linked in the analysis notes the design trade-offs. Yet the deterministic mapping persisted.
Industry observers have long warned that shared infrastructure creates linkage risks. Recent data underscores the point. A March 2026 report from Fingerprint found VPN traffic now accounts for one in five identification events. What once flagged fraud now looks routine. Morningstar covered the findings.
Browser fingerprinting receives plenty of attention. Mullvad itself ships a hardened browser that standardizes dozens of signals so users blend together. The company stresses on its site that the IP address remains the single biggest tracking vector. Pairing that browser with the VPN should limit exposure. But the new research shows the VPN leg can undermine the effort when exit behavior itself clusters.
Other providers face similar scrutiny. Proton VPN advertises vastly more servers. Whether its assignment logic introduces comparable correlations remains unexamined in public. Dedicated IPs sold by some services reduce the pool even further but solve blocking complaints.
Correlation attacks aren’t new. Law enforcement and sophisticated adversaries have combined timing data, traffic volume and known node lists for years. This technique adds another lever. A breached forum database or civil subpoena that yields IP timestamps could suffice. No packet inspection needed.
Defenders have options. Forcing a key rotation by logging out of the official app resets the mapping. Avoiding frequent server switches while a key remains active limits the data points an observer can gather. Users who rotate locations often may still reveal the underlying seed if enough IPs are logged.
Mullvad has not issued a public response as of this writing. The provider’s transparency reports and audit history suggest it takes feedback seriously. Past adjustments to its apps followed community discoveries. Whether the exit-IP logic counts as a bug or intentional design choice will shape the conversation ahead.
Privacy tools rarely deliver perfect unlinkability. They reduce the odds. This finding trims the margin for Mullvad users who counted on its server diversity alone. The analysis doesn’t invalidate the service. It does highlight that implementation details matter as much as policy statements.
Security researchers continue to probe VPN behavior under load. Fingerprinting at the network layer grows more relevant as browser-level protections improve. The tmctmt work adds a concrete case study. It supplies both the data and a reproducible tool. Others will likely test additional providers and connection methods in coming weeks.
Users seeking maximum separation might combine Mullvad with other techniques. Some route through a VPS first. Others accept slower speeds for broader mixing. No single choice fits every threat model. Awareness of this vector, however, lets operators adjust their habits today.
The discovery arrives at a moment when VPN adoption has normalized. Banks, retailers and ad networks have adapted their risk models. What once triggered extra scrutiny now blends into baseline traffic. That shift makes subtle correlation signals more valuable to investigators and trackers alike.
Short term, Mullvad subscribers can mitigate by rotating keys more often. Long term, the company may revisit its assignment algorithm. A truly random draw per connection would explode the combination space. It might also complicate abuse prevention or load balancing. Trade-offs abound.
One fact remains clear. The exit IP no longer sits outside the fingerprint. It has become part of it. Savvy operators will treat the full connection chain with fresh skepticism.
WebProNews is an iEntry Publication