this post was submitted on 15 May 2026
11 points (100.0% liked)

Privacy

5660 readers
528 users here now

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

  1. Be civil and no prejudice
  2. Don't promote big-tech software
  3. No apathy and defeatism for privacy (i.e. "They already have my data, why bother?")
  4. No reposting of news that was already posted
  5. No crypto, blockchain, NFTs
  6. No Xitter links (if absolutely necessary, use xcancel)

Related communities:

Some of these are only vaguely related, but great communities.

founded 2 years ago
MODERATORS
otter@lemmy.ca
shaytan@lemmy.dbzer0.com
11
Mullvad exit IPs as a fingerprinting vector (tmctmt.com)
submitted 2 days ago by BrikoX@lemmy.zip to c/privacy@lemmy.dbzer0.com
4 comments fedilink hide all child comments
 

Mullvad is one of the few VPN providers that offers multiple exit IPs for its servers. If two people connect to the same server, they will usually end up with different public IPs. With only 578 servers (compared to Proton VPN’s 20,000), this kind of vertical scaling makes sense to avoid cramming too many users onto one IP, which would be a problem on sites with overzealous IP blocks and ratelimits.

top 4 comments
sorted by: hot top controversial new old
[–] mouse@midwest.social 13 points 1 day ago (1 children)

Here's a response.

I work at Mullvad. (co-CEO, co-founder)

Some aspects of the described behavior are as we intended and some are not. The cause is not exactly as described in the blog post. As for mitigation, we are already testing a patch of the unintended behavior on a subset of our infrastructure. If any of you try to reproduce the blog post's findings you may get confusing results throughout the day.

We will also re-evaluate whether the intended behaviors are acceptable or not. Some of this is a trade-off between multiple aspects of privacy, and multiple aspects of user experience.

Please note that this is my current understanding, which may change. I was only made aware of this an hour ago, and most of that time was spent talking with Ops, considering what to do immediately, and writing this post.

Finally, for those of you who do security research: when you find a security or privacy issue, please consider notifying the maintainer/vendor before publishing your findings, even if you intend to publish right away.

https://news.ycombinator.com/item?id=48145679

[–] read_desert@lemmy.ml 9 points 1 day ago

Very level headed response by the Co-Founder/Co-CEO. Also yeah, probably reach out to them first too before publishing. Bare minimum professional courtesy. Love Mullvad even though I bought into the Proton “ecosystem”.

[–] AllNewTypeFace@leminal.space 3 points 2 days ago (1 children)

The Swedish relays are often blocked (presumably because they’re the default). Switch to a slightly more obscure country (say, Slovakia or somewhere) and you’re good as gold.

[–] Sv443@sh.itjust.works 1 points 1 day ago

Estonia my beloved