Simple · Seamless · Secure

A privacy-first VPN that anyone can use.

Sign in. Pick a region. You’re connected. No manual configs, no key management, no noise — and no logs of where you go.

Get startedHow it works

Open architecture · WireGuard tunnel · TLS 1.3 control plane

Built around the boring stuff.

Speed, privacy, and reliability come from disciplined engineering — not marketing. Here’s what we got right.

  • One-click connect

    Authenticate, pick a region, and you're tunnelled. Complexity lives in the service, not on your device.

  • WireGuard under the hood

    Modern, audited cryptography. Ephemeral keys per session. No legacy ciphers, no plaintext fallback.

  • Multi-cloud regions

    Servers come up on demand across Azure, Hetzner and more. If a region's busy, the next one steps in automatically.

  • Zero-trust by default

    Tokens validated end-to-end against your identity provider. Strict CSP, audience-pinned JWTs, and no shared secrets in code.

  • Open architecture

    Source-available code. Documented infrastructure. You can read what we ship before you trust it with your traffic.

  • No traffic logs

    We never log destinations, packets, DNS queries or identifiable metadata. There is nothing to hand over because there is nothing to keep.

Privacy posture

The privacy story isn’t a marketing line.

It’s a set of engineering rules we wrote down and check against on every code change. The full architecture and threat model live alongside the code, in the open.

If a feature would weaken privacy, it doesn’t ship. That’s the deal.

  • We do not log traffic.

    No destinations, no DNS queries, no packet contents, no per-user metadata. Operational telemetry is aggregated and ephemeral.

  • Keys are ephemeral.

    WireGuard keypairs are generated per session and destroyed when the session ends. There is no long-lived material to leak.

  • Tokens stay where they belong.

    Browser sessions hold OIDC tokens in memory only. Admin actions go through a Backend-for-Frontend; the browser never sees the API access token.

  • We treat ourselves as a threat.

    Destructive admin actions require step-up MFA, are CSRF-locked, are idempotency-keyed, and write to an immutable audit log before the action is acknowledged.

Frequently asked questions

  • What does BlackFoxVPN actually do?
    It tunnels your internet traffic through a server in a region you pick. The server is yours for the session and is torn down when you disconnect. No shared box, no shared keys.
  • Where can I run it?
    v1 is a Firefox extension and is in active development. A cross-platform desktop client and an authenticated web portal are on the roadmap.
  • Do you log my traffic?
    No. We do not log destinations, DNS queries, packet contents or identifiable per-user metadata. Operational telemetry is aggregated. There is nothing to hand over because there is nothing to keep.
  • How is this different from a free VPN?
    Most free VPNs make money by logging or injecting. We don't. Servers are your own session-scoped instances, not a shared pool, so the failure modes are obvious and limited.
  • Is it open source?
    The architecture, threat model, and infrastructure are open and documented. The implementation is source-available so you can audit what you trust.
  • What happens if your service goes down?
    You disconnect — that's it. The client fails closed: no traffic leaks out the bottom in clear text. Your machine is exactly where it was before you connected.