FAQ
Straight answers. If yours isn't here, the operator is reachable from About.
What is this, exactly?
A self-hosted WireGuard tunnel. You connect your device to one encrypted endpoint that we run, and your traffic exits from there instead of your own connection. It's a real VPN — just run by a person you can reach, not a company that treats your data as inventory.
Is it free? How do I get access?
Access is by invitation. You generate a config and send your public key; we activate it. Keeping it invite-only is deliberate — an open, anonymous VPN gets abused fast and makes the operator responsible for strangers' traffic. If someone sent you here, you're already in.
What does "no logs" actually mean here?
The tunnel keeps no browsing history, no DNS query logs, and no per-connection records on disk. The status page reads live counters from the running interface — peer count and byte totals — and even those are never written down or tied to an identity. Your private key is generated in your browser and never sent to us.
Why WireGuard and not OpenVPN or IPsec?
WireGuard is a fraction of the code (~4,000 lines vs. hundreds of thousands), uses only modern, fixed cryptography, connects faster, and uses less battery. Less surface area means fewer places for bugs or misconfiguration to hide. It's now in the Linux kernel and every major OS has a first-party app.
Is my private key safe?
Yes. The config generator creates your keypair in your browser using the platform's cryptography. The private key stays on your device — it goes into your .conf file and nowhere else. We only ever receive the public key, and only when you press "request activation."
Will it hide me from everyone?
It moves the point where your traffic exits, encrypts the hop from your device to the tunnel, and stops your local network and ISP from seeing your destinations. It is not anonymity software — for that, use Tor. A VPN shifts trust from your ISP to the tunnel operator; the honest pitch here is that you can actually see and reach that operator.
Can I route only some traffic through it?
Yes — that's a "split tunnel." Change the AllowedIPs line in your config before importing. The setup guide has the exact values.
What can I not do on it?
The acceptable-use terms apply: no illegal activity, no attacks, no abuse that would burn the endpoint for everyone else. It's a small, accountable tunnel — treat it like one.
Is there an app I have to install?
Just the official WireGuard app for your platform (free, open-source, first-party). There's no Domainless app to install and no account to create beyond the invitation.