TL;DR
A recent analysis shows Mullvad VPN assigns exit IPs based on user keys, making users potentially identifiable. This challenges assumptions about Mullvad’s privacy guarantees. The full extent and implications are still being investigated.
A recent analysis has revealed that Mullvad VPN assigns exit IP addresses deterministically based on user public keys, potentially enabling user identification despite the VPN’s privacy claims.
The researcher conducted a night-long experiment, repeatedly changing pubkeys and fetching exit IPs from nine Mullvad servers. Despite the vast number of possible IP combinations—over 8.2 trillion—the data showed that users were assigned only 284 IP combinations, indicating a pattern rather than random distribution.
Further analysis revealed that Mullvad appears to use a seed-based random number generator (RNG) in its IP assignment process. This RNG, likely implemented in Rust, produces a consistent sequence of IP indexes based on a static seed, causing neighboring IPs to be assigned systematically. Consequently, users sharing certain IPs can be correlated with specific pubkeys, reducing the anonymity that Mullvad’s system was presumed to provide.
Why It Matters
This finding raises concerns about the privacy guarantees of Mullvad VPN, which markets itself as a privacy-focused service. If users can be identified through their exit IPs, it undermines the core promise of anonymity and could have legal or security implications for users relying on Mullvad for privacy.
Deeper Connect Mini DPN Router, 1Gbps ARM64 Quad Core Hardware Gateway with Layer 7 Firewall, Smart Routing, Multi Device Coverage and Lifetime Decentralized Privacy VPN Router
Entry-Level Privacy Gateway: Designed for users who want simple online privacy protection at an affordable level—ideal for basic…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
Mullvad is known for offering multiple exit IPs per server and assigning them deterministically based on user keys, with IP rotation occurring every 1 to 30 days unless third-party clients are used. Prior to this, the system was believed to provide a high degree of user anonymity by randomizing exit IPs. The experiment challenges this assumption, showing that the IP assignment pattern is more predictable than previously thought.
“Despite the enormous number of possible IP combinations, users are assigned only a small subset, indicating a deterministic pattern.”
— Researcher
“Using seed-based RNGs in IP assignment can significantly reduce user anonymity, especially if the seed is static or predictable.”
— VPN expert
Anonymous Internet Guide: A Practical Guide to Online Privacy, Tor, VPNs, Secure Messaging, and Digital Anonymity
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It is not yet confirmed whether Mullvad intentionally uses a seed-based RNG or if this pattern results from an implementation bug. The full scope of the privacy implications across all users and servers remains under investigation, and Mullvad has not publicly addressed these findings.
Introduction to Computer Networks and Cybersecurity
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Further research is needed to determine whether Mullvad will modify its IP assignment algorithms. Users and privacy advocates are likely to scrutinize Mullvad’s practices more closely, and the company may issue a statement or update its protocols to mitigate potential risks.
TP-Link ER605 V2 Wired Gigabit VPN Router, Up to 3 WAN Ethernet Ports + 1 USB WAN, SPI Firewall SMB Router, Omada SDN Integrated, Load Balance, Lightning Protection
【Five Gigabit Ports】1 Gigabit WAN Port plus 2 Gigabit WAN/LAN Ports plus 2 Gigabit LAN Port. Up to…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
Does this mean Mullvad users are no longer anonymous?
The study suggests that, under current implementation, users could potentially be identified through their exit IPs, especially if their pubkeys are known or can be correlated. However, the full privacy impact depends on additional factors and whether Mullvad addresses these issues.
Can I still trust Mullvad for privacy?
While Mullvad has a strong reputation, these findings highlight potential vulnerabilities. Users should stay informed about updates and consider additional privacy measures if needed.
Is this a bug or a feature?
It is unclear whether Mullvad intentionally uses a seed-based RNG or if this pattern is an unintended consequence of their implementation. The company has not publicly commented on this research.
What should Mullvad do next?
They may need to revise their IP assignment process to ensure more randomness and prevent correlation, thereby restoring confidence in their privacy guarantees.
