Demonstrates through technical analysis that Mullvad's ~600-800 exit IPs serving a relatively small user base means each exit IP has only dozens of concurrent users. This is orders of magnitude less anonymity than a residential ISP like Comcast where tens of thousands share infrastructure behind CGNAT.
Argues this reveals a structural tension in VPN privacy: choosing a privacy-focused provider with a smaller user base actually shrinks your anonymity set. It's the digital equivalent of wearing a distinctive disguise — you're concealed but immediately identifiable as the person in disguise.
Points out that Mullvad publishes its full server list openly (required for clients to connect), meaning any website operator can maintain a current list of every exit IP and flag incoming connections instantly. This operational transparency, normally a trust signal, becomes a fingerprinting enabler.
A detailed technical analysis published by researcher tmctmt demonstrates that Mullvad VPN's exit IP addresses — the very infrastructure meant to anonymize users — serve as a surprisingly effective fingerprinting vector. The core finding: because Mullvad operates a relatively small number of exit servers (roughly 600-800 IPs across ~40 countries), and because Mullvad's total user base is small relative to the broader internet population, traffic originating from a known Mullvad exit IP immediately identifies the user as part of a tiny subset of internet users.
The anonymity set of a Mullvad user is dramatically smaller than that of someone browsing from a residential ISP where millions of users share infrastructure. Mullvad publishes its full server list openly (it's required for clients to connect), which means any website operator can maintain a current list of every Mullvad exit IP and flag incoming connections instantly.
The post gained significant traction on Hacker News (532 points), resonating with developers and security practitioners who had assumed their VPN usage was privacy-enhancing in all contexts.
This finding exposes a fundamental tension in VPN privacy: the more niche and privacy-focused your VPN provider, the smaller your crowd to hide in. It's the digital equivalent of wearing a distinctive disguise to a party — you're technically concealed, but everyone knows you're the person in the disguise.
Consider the math. A major residential ISP like Comcast serves ~30 million households. A given Comcast IP tells a tracker almost nothing — you're one of tens of thousands of potential users behind that CGNAT or dynamic IP. Mullvad, by contrast, likely has tens of thousands of active users at any given time, spread across ~700 exit IPs — meaning each exit IP might serve only dozens of concurrent users. That's orders of magnitude less anonymity at the network layer.
The fingerprinting doesn't stop at "this person uses Mullvad." Combined with even basic browser fingerprinting signals (timezone, language, screen resolution), a tracker can achieve startlingly precise identification. If you're one of, say, 50 concurrent users on a specific Mullvad exit in Stockholm, and you have a US English locale with a 1440p display, you might be the *only* matching profile. The VPN hasn't hidden you — it's added a distinctive marker that narrows the search space before other fingerprinting even begins.
This contrasts sharply with Tor's approach. Tor's design acknowledges the anonymity-set problem explicitly: it routes traffic through three hops, the exit node changes per circuit, and the Tor Browser deliberately normalizes fingerprinting surfaces (window size, fonts, user agent). Tor's threat model accounts for the fact that "uses Tor" is itself identifying — and tries to make all Tor users look identical. Mullvad (and all commercial VPNs) make no such guarantee.
Large commercial VPNs like NordVPN or ExpressVPN partially mitigate this through sheer scale — they claim tens of millions of users and operate thousands of servers. Being identified as "a NordVPN user" is less damaging when millions of others share that label. But they introduce different trust problems (logging policies, jurisdiction, corporate ownership changes).
For application developers: If you're building rate limiting, fraud detection, or abuse prevention, recognize that VPN exit IPs are not monolithic. A request from a Mullvad IP carries different signal than one from a datacenter proxy or a residential VPN. Blocking all VPN IPs is lazy; understanding the anonymity properties of different sources is useful.
For security-conscious developers using Mullvad: Your VPN protects you from your ISP seeing your traffic, from network-level surveillance, and from destination sites seeing your real IP — but it does NOT make you anonymous to sophisticated trackers who can combine the "uses Mullvad" signal with other fingerprinting vectors. Treat VPN usage as one layer:
- Use Mullvad Browser (their Firefox fork with Tor Browser-style fingerprinting resistance) to address the browser-level signals - Understand that for high-stakes anonymity, Tor remains the better tool despite its performance costs - For routine privacy (hiding browsing from ISP, avoiding geo-restrictions), Mullvad remains excellent — just don't overestimate what it provides
For privacy infrastructure designers: This is a clean demonstration of why anonymity requires a minimum crowd size. Any privacy system with fewer than ~100,000 concurrent users in a given region faces fundamental anonymity-set limitations that no amount of encryption can solve. This informs design decisions for mixnets, anonymous credentials, and decentralized identity systems.
Mullvad is aware of this class of problem — their development of the Mullvad Browser (in collaboration with the Tor Project) directly addresses the browser-fingerprinting half of the equation. But the network-layer identification issue is structural: it resolves only if Mullvad's user base grows significantly, or if they find ways to share exit infrastructure with other privacy services. The deeper lesson is that privacy is a collective property, not an individual purchase. Your anonymity depends on how many other people look like you — and that's a design constraint no single tool can engineer away.
> As an example, imagine that you are a moderator on a forum and you suspect that a new face is actually a sockpuppet of a user you banned the day prior. You check the IP logs, and despite using different Mullvad servers, both accounts resolve to the overlapping float ranges 0.4334 - 0.4428 and 0
> As an example, imagine that you are a moderator on a forum and you suspect that a new face is actually a sockpuppet of a user you banned the day prior. You check the IP logs, and despite using different Mullvad servers, both accounts resolve to the overlapping float ranges 0.4334 - 0.4428 and 0
The purpose of a VPN does not include anonymizing users with respect to the sites they visit,so it shouldn't be too surprising that Mullvad doesn't enforce unique exit IPs. Users who want anonymity should use networks like Tor.
I'm a long-time Mullvad user. I will continue to buy and use Mullvad VPN services (with my credit card that has my name on it) so long as it is legal to do so in my country.VPNs are not 100% anonymous. They are not meant to be. Instead, they are meant to provide some level of privacy to law-abi
Top 10 dev stories every morning at 8am UTC. AI-curated. Retro terminal HTML email.
I work at Mullvad. (co-CEO, co-founder)Some aspects of the described behavior are as we intended and some are not. The cause is not exactly as described in the blog post. As for mitigation, we are already testing a patch of the unintended behavior on a subset of our infrastructure. If any of you try