By default, WireGuard saves connected IP addresses on the server. These user IP addresses are saved indefinitely on the server, or until the server is rebooted. This makes the out-of-the-box version of WireGuard incompatible with no-logs VPN services.
To some degree, all VPNs have to retain WAN (not to be confused with DHCP leased LAN) IPs of connected devices in order to return traffic; this has to retained for the life of the active connection. As far as storing it indefinitely, that’s just a matter of server setup/configuration. Using a VPN isn’t exactly a secret, unless you’re tunneling through another protocol, ISPs can freely see and log your connection to the VPN. They can also see and log connections the VPN server makes to upstream sites. The important bit about no logging is that the VPN doesn’t record how traffic is internally routed.
As an example the ISP can see that clients A, B, C connect to the VPN and the VPN connects to X, Y, Z, but cant adequately correlate who is connecting to what sites through the VPN, unless the VPN logs that to disk. That information will be retained the VPNs memory as long as the connection is active, as that’s part of the required state for any VPN to function.
This makes the out-of-the-box version of WireGuard incompatible
This is a rather disingenuous argument given they rolled their own solution - which is as far from an out-of-the-box experience one can get. Further, wireguard is a protocol, not an out-of-the-box solution, logging or not logging, key exchanging, account management, etc are implementation/configuration details left to the provider. It seems silly to be saying configuring a server to use a protocol and not log is harder than making up a whole new protocol.
Mullvad has shown its feasible to configure wireguard for privacy and anonymity - their onboarding//payment process allows for complete anonymity as clients dont need any kind of identifying information to sign up and use the service.
My main point is I have a hard time understanding why they didnt use something that is proven - the anonymity argument doesnt hold water as that is an implementation detail orthogonal to wireguard. And I have a harder time trusting it when the client applications and underlying protocol arent audited and open source.
Dont get me wrong, I like Adguard and their products, but formally verifying something is cryptographically secure mathematically, and accurately translating that into code is a massive undertaking - and its not likely to be perfect on the first try.