I trust Mullvad, or more like I haven't found a reason to not trust them yet. I buy the activation cards on Amazon for convenience and as far as I can tell the individual scratch off activation code you activate on their site with your account number cannot be traced back to you.
Mullvad accepts XMR which is more difficult to trace than amazon related anything. Mullvad does however state that payment information is disassociated from account numbers 90 days after payment. Theoretically you could use any payment you like, pay the 90 day compliance tax, set a cal event, then begin using it about a week after that 90 days is up. Cheaper to use XMR.
The trick of selling via Amazon is that although Amazon (and thus the government, if they subpoena'd that info) could easily see you're using Mullvad, they could not figure out which Mullvad account was yours.
Wireguard sets up an IPV4 based internal network and the machine responsible for the routing MUST know the client IP that was assigned to the connecting machine. There are some kernel modules to OBFUSCATE but not eliminate this data. Wireguard therefore has a fundamental design flaw that makes it faster but potentially less anonymous than OpenVPN protocol.
DYOR and YMMV. I always disable WG for at least my first hop.
> Wireguard sets up an IPV4 based internal network and the machine responsible for the routing MUST know the client IP that was assigned to the connecting machine.
How else would it work? You could strip the source IP, but then you couldn't get replies and you'd have a very anonymous VPN that could only be used to send UDP packets; no receiving and no TCP since even establishing TCP requires replies.
I think you need to post more context here because this doesn't make sense. We run large-scale WireGuard for hundreds of thousands of clients, and we know none of their client source IP addresses.