:

MULLVAD EXIT IPS REVEAL USER FINGERPRINTS

INDUSTRY DESK1 MIN READ
FRI, MAY 15, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Security researchers have identified that Mullvad VPN's exit IP addresses can be used as fingerprinting vectors to identify and track users, undermining the privacy protections the service is designed to provide.

A technical analysis reveals that Mullvad's exit IP pool exhibits patterns that enable user identification despite the VPN's focus on privacy. The finding suggests that exit IPs alone can serve as reliable fingerprints for tracking sessions and correlating user behavior across time. The discovery challenges assumptions about VPN anonymity. While Mullvad rotates exit IPs, the limited pool size and predictable patterns create identification opportunities for determined observers. Researchers documented how exit IP selection can be correlated with user behavior and timing metadata. Mullvad has built its reputation on transparency and privacy-first practices, including storing minimal logs and supporting alternative payment methods. However, this research indicates that even privacy-focused VPN operators face fundamental challenges in protecting user identity through IP rotation alone. The findings have sparked discussion in the security community about the limitations of current VPN architectures and the need for additional anonymization layers beyond IP masking. Mullvad has not yet publicly responded to the analysis.

■ SOURCES

Hacker News

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

The European Union has sanctioned members of Russia's Federal Security Service (FSB) for cyber espionage and sabotage campaigns targeting EU and Ukrainian entities since 2010. The move, coordinated with the UK, targets dozens of individuals and organizations involved in systematic hacking operations.

JUST NOWAI Desk

Cybersecurity agencies from the United States and eight allied nations have issued a joint warning about Russian state-sponsored hackers targeting vulnerable routers to breach critical infrastructure networks.

JUST NOWIndustry Desk

A new browser fingerprinting vector has emerged in Chromium 148, where the Math.tanh function produces different results across operating systems. This discrepancy can be exploited to identify a user's underlying OS without explicit permission.

13H AGOIndustry Desk

Kaseya is hosting a webinar on strengthening MSP resilience through SaaS backups and business continuity strategies. The session focuses on how recovery capabilities prove critical when security defenses are breached.

19H AGOSecurity Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.