GoKawiilMullvad is one of the few VPN providers that offers multiple exit IPs for its servers. If two people connect to the same server, they will usually end up with different public IPs.
With only 578 servers (compared to Proton VPN’s 20,000), this kind of vertical scaling makes sense to avoid cramming too many users onto one IP, which would be a problem on sites with overzealous IP blocks and ratelimits.
Surprisingly, the exit IP you are given is not randomized each time you connect to the server, but deterministically picked based on your WireGuard key, which rotates every 1 to 30 days (unless you use a third-party client, in which case it never rotates).
But wait.. if each server assigns you an independently picked static exit IP, wouldn’t just a few of those be enough to uniquely identify you among every other Mullvad user?
Putting it to the test
I wrote a script that repeatedly changes my pubkey and fetches exit IPs for a set of 9 servers. Leaving it running for a night produced data points for 3650 pubkeys, which is enough to map out the exit IP range for each server:
Hostname Start IP End IP # IPs au-syd-wg-101 103.136.147.5 103.136.147.64 60 cl-scl-wg-001 149.88.104.4 149.88.104.14 11 de-ber-wg-007 193.32.248.245 193.32.248.252 8 dk-cph-wg-002 45.129.56.196 45.129.56.226 31 fi-hel-wg-201 185.65.133.10 185.65.133.75 66 us-lax-wg-001 23.234.72.36 23.234.72.126 91 us-nyc-wg-602 146.70.168.132 146.70.168.190 59 us-sjc-wg-302 142.147.89.212 142.147.89.224 13 za-jnb-wg-002 154.47.30.145 154.47.30.155 11
The pool sizes add up to over 8.2 trillion exit IP combinations for these servers, so you’d think each pubkey would be assigned a unique combination of IPs since the odds of a collision are so astronomicaly low. And yet, somehow all the pubkeys I tested were assigned just one of 284 combinations.
What’s going on here?
Different IPs, same proportion
... continue reading