Mullvad’s seeded RNG assigns exit IPs deterministically per WireGuard key, collapsing 8.2 trillion theoretical combinations down to ~284 observed ones.
Key Takeaways
Exit IP is picked by a seed-based RNG using your WireGuard pubkey; the same float is generated first and scaled to pool size, so IPs land in the same percentile across all servers.
With 578 servers and multiple exit IPs per server, Mullvad’s vertical scaling is intentional, but the deterministic assignment was likely an unintended side effect of Rust’s random_range behavior.
Across 9 sampled servers with pools ranging from 8 to 91 IPs, all 3,650 tested pubkeys resolved to just 284 IP combinations instead of trillions.
A researcher-built tool estimates the float range from a given IP combo; overlapping ranges across two accounts gives >99% confidence they share a pubkey seed.
Mitigations: avoid switching servers per pubkey session; force-rotate the pubkey by logging out of the Mullvad app. Third-party WireGuard clients never auto-rotate.
Hacker News Comment Review
Commenters split on threat model: several argued VPNs were never designed for anonymity against destination sites, pointing to Tor as the correct tool, while others countered that Mullvad’s privacy marketing implies stronger guarantees.
The Rust random_range behavior was a focus: most programmers admitted they would not have predicted the same first float regardless of bounds, raising the possibility this is a genuine Mullvad implementation bug rather than a design choice.
Practical skepticism about the 99% claim: effectiveness depends heavily on forum size and base rates; for small communities the correlation is strong evidence, but for large platforms the prior probability of coincidence rises significantly.
Notable Comments
@curtisf: notes consumer VPN marketing routinely implies anonymity, so user expectations of Tor-like behavior are not unreasonable.
@arian_: “We keep adding layers of encryption and the metadata keeps snitching on us anyway.”
