Mullvad exit IPs as a fingerprinting vector

obscuracarl: > WireGuard is by design a “Connection-less Protocol”, there’s no concept of a connection Not true at all. This is a misunderstanding of how Peer association works. obscuracarl: > the exit IP were randomized each time you “connect” to the server Our WireGuard client changes keys & peer every 45m. Yet to hear complaints from testers about broken streams etc. We’ll see. obscuracarl: > connections that are on non-roaming protocols (basically everything except QUIC) would be disrupted Some L4 load balancers are clever. They pin clients (destination) only on source tuple (of the LB) to backends. That is, as long as the client connects to the same LB (same IP & port), it’ll have an unbroken stream to backend that served it. obscuracarl: > this person keeps reconnecting from a different IP, they must be using Mullvad Disingenuous when public VPN provider exit IP ranges are not secret and/or published openly. jonah: > Really nothing to do with what I said Probably. I assumed you wrote precisely whatever you want said.