@jonah yes but then they can sign messages as you when they are not from you. I trust Mullvad when they say they don't log traffic, but that is *trust*. If they're lying, and they can fake traffic from you, that is potentially very bad. The protocol was designed for each peer to *never* exchange private keys, only public keys. Yet here we have a private key being potentially shared. You don't think it is a security vulnerability that the VPN provider can potentially impersonate you?