Every layer. Every choice. Every tradeoff. This is the page for people who want to know exactly what they're paying for before they pay for it.
GlassBox VPN runs on WireGuard. Not OpenVPN. Not IPsec. Not a custom protocol with a marketing name. WireGuard, directly, as it ships.
Why: WireGuard is about 4,000 lines of code. OpenVPN is over 100,000. Less code means less attack surface, fewer bugs, and an implementation that security researchers can actually audit end-to-end. It also runs in the Linux kernel, which makes it faster than user-space VPN protocols.
| Key exchange | Curve25519 (ECDH over elliptic curves) |
| Symmetric encryption | ChaCha20 (stream cipher, AEAD) |
| Authentication | Poly1305 (MAC) |
| Hashing | BLAKE2s |
| Session rekey | Every 2 minutes or 2^60 bytes, whichever comes first |
Your ISP sees encrypted UDP packets going to a GlassBox VPN server. They cannot tell what websites you visit, what you search for, what apps you use, or what data you send. The tunnel is cryptographically sealed.
Because we don't need one. The official WireGuard app (iOS, Android, macOS, Windows, Linux) is free, open source, and maintained by the WireGuard project itself. Building a custom GlassBox VPN-branded wrapper around it would add bugs, take maintenance time, and give us no advantage. You install the official app, import your GlassBox VPN config, and you're done.
Every peer you provision with GlassBox VPN gets a WireGuard config file that works in the official app on every platform. That is the client.
Websites see: the GlassBox VPN server's IP address | Your ISP sees: encrypted WireGuard packets and nothing else
| Scenario | Available On Server | Does Not Exist |
|---|---|---|
| Subpoena for user records | Public key, tunnel IP, live connection state | Real name, home address, DNS queries, browsing history, historical traffic |
| Full server compromise | Peer configs, current connections, blocklist files | Customer identity, DNS logs, traffic content |
| ISP request | Encrypted UDP packets to/from server | Any content, any queries, any metadata beyond the encrypted flow |
The "does not exist" column isn't a promise. It's an implementation detail you can verify: check the Unbound config on Forgejo and confirm DNS logging is disabled. Check the server snapshot to see what files exist on disk. If we said we weren't logging and we actually were, the files would be there.
Every GlassBox VPN server runs Unbound as a forwarding DNS resolver with three blocklist files layered on top. When your device asks "where is example-malware.com," Unbound answers NXDOMAIN if that domain is on a blocklist. The query is dropped right there. Anything that isn't blocklisted gets forwarded over DNS-over-TLS (DoT) to Quad9 (primary) and Cloudflare (fallback), with the customer's identity decoupled from the query at the GlassBox VPN server.
| List | What It Blocks | Sources |
|---|---|---|
| Shared OSS blocklist | Malware, trackers, ads, phishing, known-bad domains | Hagezi Pro++, OISD Big, OSS custom additions |
| GlassBox VPN streaming overlay | Netflix, Hulu, Disney+, Max, Paramount+, etc. | OSS-maintained list of streaming service domains |
| IP blocklist | Known-bad IPs (C2 servers, abuse infrastructure) | Aggregated threat intel sources, updated nightly |
No "contact us for the list." No enterprise-only access tier. The complete files are at:
Anything that gets past the blocklist is forwarded over DNS-over-TLS to two upstream resolvers. Quad9 first, Cloudflare as fallback. We could have made Unbound recursive (talking to root servers directly) but forwarding to these two specifically is the better tradeoff for a privacy VPN, for two reasons.
| Why we forward instead of recurse | What it gets you |
|---|---|
| Quad9 layers its own malware filtering | Quad9 (9.9.9.9) maintains a real-time threat feed of malware and phishing domains and blocks them at the resolver level. Stacking that on top of the OSS blocklist gives you two independent filters catching different things, without any extra work on your end. |
| DoT encrypts queries leaving the GlassBox VPN server | Forwarding to Quad9 and Cloudflare goes over DNS-over-TLS, so the GlassBox VPN server's hosting provider can't see what's being queried on the way out. Recursive resolvers can't do this because the root DNS servers don't speak DoT. Forwarding is what makes encrypted upstream possible at all. |
The full Unbound config is on Forgejo at /etc/unbound/unbound.conf.d/glassbox.conf. Anyone can pull it and verify the forwarder list, the DoT settings, and that verbosity: 0 is set so queries are not logged.
Both upstream resolvers see DNS queries arriving from the GlassBox VPN server's IP address. They never see the customer's home IP, customer identity, or any way to attribute a specific query to a specific peer. The GlassBox VPN server is making queries on behalf of the entire pool of peers on that server, and there is no per-customer identifier in the query itself.
If that level of trust in any upstream resolver is too much, the answer is to run your own recursive resolver at home, not a VPN.
GlassBox VPN has been running for a year and zero false positives have been reported against the shared blocklist. That's the number we hold ourselves to.
Some sites block datacenter IPs on their end (Reddit and michaels.com are the two we know about). That's not our blocklist, that's theirs. And streaming services are blocked by design. Neither of those is a false positive.
If a site you trust is being blocked, file a ticket at support.opensourcesecurity.net with the URL or IP. We review whitelist requests against the blocklists, and if the site is legitimate, the addition rolls out to every GlassBox VPN server in the next overnight update.
The home page says GlassBox VPN is capped on throughput, not on hardware. This page is where that promise turns into specifics.
Each GlassBox VPN server runs on a 10 Gbps unmetered fiber connection. The CPU, RAM, and storage could comfortably handle ten times the peers we put on the box. The bandwidth is the bottleneck we care about, because throughput is what makes the tunnel feel invisible. So the cap is set by bandwidth and nothing else.
A speedtest will show you 100 Mbps. Browsing, app traffic, work tools, video calls, downloads, uploads, all of it bursts up to that line and back down as the traffic demands. That's normal. Nothing changes for you.
The footnote: if a peer holds the cap pinned for 10 minutes straight, the server throttles that peer to 25 Mbps for the rest of the day. The only way to hit that ceiling is to do something the Terms of Service already prohibit. The mechanism, the trigger, the timing, the auto-release window, the dashboard surfacing. All published below. No fine print.
10 Gbps shared across up to 300 peers on a server. The math works because real traffic is bursty: most peers sit near zero most of the time, with short bursts up toward the cap. A pool of 300 well-mixed peers will sit comfortably in single-digit Gbps with plenty of headroom for everyone's bursts.
What breaks the math is sustained saturation. Most of it isn't malice. Someone forgets they're on the VPN and starts a 50 GB game patch. A laptop kicks off a backup over the tunnel. An OS updater pulls a half-gig delta in the background. One peer alone can't take down the server, but five of them on the same node will eat the burst headroom for the other 295 customers. That's the failure mode the throttle prevents.
The peer running normal traffic never sees this. The peer holding the cap for hours sees it once, gets auto-released the next morning, and learns. The peer who keeps doing it earns a manual review. That's the whole story.
| Layer | What It Does |
|---|---|
| Layer 1: Per-peer cap | Every peer is capped at 100 Mbps using Linux tc HTB (hierarchical token bucket). Standard kernel traffic control, no custom code. The cap is enforced at the WireGuard interface. |
| Layer 2: Saturation detection | A 10-minute rolling window watches each peer's usage. If the peer holds 90% or more of the 100 Mbps cap for the entire 10-minute window, the peer is throttled to 25 Mbps. The throttle stays in place until 04:00 UTC the next day, at which point it auto-releases. |
| Layer 3: Strike enforcement | Three throttle trips within 30 days flags the peer for manual review. We email the peer, ask what's running, and decide whether it's normal use that needs adjustment, a misconfiguration we can help fix, or sustained policy violation. Most reviews end with the peer continuing service after a quick conversation. |
Some traffic types are dropped at the firewall, not throttled. BitTorrent, DHT, FTP, NNTP (Usenet), and bulk download hosts are blocked at the protocol or DNS level. They never reach the bandwidth layer. Streaming services (Netflix, Hulu, Disney+, Max, etc.) are blocked at DNS and won't resolve through GlassBox VPN. Section 03 covers the blocklist details.
Cross-tunnel peer-to-peer is also blocked: GlassBox VPN peers can't reach each other through the server. Your tunnel is point-to-point with the internet, not a private network.
The customer dashboard shows your current session bandwidth rate live. If you're approaching the 10-minute saturation threshold, you'll see it. If you've been throttled, the dashboard says so, names the trip time, and shows when auto-release lands. If you've accumulated trips toward a strike review, you see the count.
No surprises. No secret enforcement. The same data the server has about your peer is the data your dashboard shows you.
Don't take our word for any of this. The live VPN test runs against three GlassBox VPN servers every twenty minutes, against ten real websites, and publishes every result. The throttle policy doesn't show up in those numbers because the test traffic is bursty (the exact pattern the cap is designed for), which is the whole point. If the cap or the throttle ever degraded normal use, you'd see it on the live test before we did.
GlassBox VPN is built for everyday connected use, designed to keep datacenter IPs clean. If your real use case is sustained high-bandwidth transfer (large game patches, backup uploads, file mirroring), turn the VPN off for that specific task and use your home ISP directly. That's what your home ISP is for.
If sustained transfer through a VPN is your primary use case, you need a different product. We'd rather tell you now than after you pay.
GlassBox VPN runs on dedicated hardware at Psychz Networks data centers in Chicago, Los Angeles, Dallas, and Ashburn, VA. Each location gets its own server with its own WireGuard instance, its own Unbound resolver, and its own copy of the blocklists.
| WireGuard | The VPN tunnel itself. Kernel module, standard config. |
| Unbound | Forwarding DNS resolver with blocklist filtering. Forwards over DoT to Quad9 (primary) and Cloudflare (fallback). Query logging disabled. |
| iptables + ipset | Firewall rules and IP blocklist enforcement. |
| fail2ban | SSH brute force protection (operational hygiene, not customer-facing). |
| Netdata | Live server metrics exposed to customers via the dashboard. |
| Monit | Process watchdog. Restarts services if they crash. |
| nginx | Serves the blocklist files, status page, and GlassBox verification reports. |
| AIDE | Daily filesystem integrity checks. Output published. |
| Lynis | Weekly security audit. Output published. |
| rkhunter | Weekly rootkit scan. Output published. |
The full config for every one of these services is on Forgejo. You can rebuild a GlassBox VPN server from the repo. That is not an exaggeration.
Each GlassBox VPN server is capped at 300 active peers. When a location approaches capacity, we add another server in the same data center. When the data center is maxed out, we stop selling in that location until we can add hardware.
We don't hop you between servers. Your peer is assigned to one specific server at signup and stays there. That's how the IP stays clean: the same pool of 300 people use the same IP, all of them following the same rules, for as long as they're subscribed.
Three of the four production servers are currently running the live VPN performance test 24/7. The fourth is Dallas, which is excluded from the test because the test client itself runs from Dallas, and we'd rather not run a benchmark loopback on the same metro fiber and call it independent. The other three (LA, Chicago, Ashburn) are tested every twenty minutes against ten real websites, with results published live.
Abbreviated. Full snapshot: oss-blocklist.net/verify/server-snapshot.txt
The signup flow is a manual review followed by self-serve checkout. No instant provisioning. No black-box approval. A human reviews every application, typically within one business day, before a payment link arrives in your inbox.
Your private key never leaves your device. We never see it, store it, or touch it.
Open the official WireGuard app on your phone, tablet, or computer, and create a new tunnel. The app generates a public and private keypair locally. Name the tunnel anything you want and save it so the keypair sticks around: the tunnel won't connect yet, but it preserves your keys until your peer is provisioned. The private key stays on your device, the public key is what you share with us. If you prefer the command line: wg genkey | tee privatekey | wg pubkey works on macOS and Linux.
If you lose your private key, the tunnel cannot be recovered. We do not have a copy. You will have to generate a new keypair and re-apply for re-provisioning. We strongly recommend storing the private key in a password manager like Bitwarden or Proton Pass.
Visit members.glassboxvpn.com/apply and submit your WireGuard public key, an email alias for correspondence, your preferred region, and the affirmations (21+, US resident, terms of service, blocked-content acknowledgment, non-refundable). We strongly recommend a private relay address for the email field: Apple Hide My Email, Proton Pass aliases, Firefox Relay, or SimpleLogin all work. We don't need your real email and we'd rather not have it.
A human at OSS reviews every application. We confirm the region, assign you a tunnel IP from that region's pool, and reply to your email alias with a Stripe payment link. The assigned IP is yours from this point on. It's how we identify your subscription internally. You'll never need to type it, remember it, or pick it. It rides along with the payment link and gets baked into the config we send after you pay. Typical turnaround is one business day. Sometimes faster.
The reason we do it this way is in the philosophy. GlassBox VPN is a curated service, and curation includes the door. A short personal review at signup is worth more than a zero-touch signup form when you care about who is on your network.
The approval email contains a Stripe payment link with your assigned tunnel IP attached as metadata behind the scenes. You don't see the IP. You don't enter the IP. You just pay. $60 per year, annual subscription. Cards, Cash App Pay, Apple Pay, Google Pay, Amazon Pay, and Link are accepted. We've disabled Stripe Link account-wide so saved-profile data from past Stripe purchases will not leak into our records.
For better privacy, pay with Cash App Pay (transmits your $cashtag instead of a legal name) or a prepaid Visa gift card registered with throwaway info. The privacy page documents what reaches us under each payment method.
Stripe notifies us the moment your payment confirms. We add your public key to the WireGuard server, attach your assigned tunnel IP, and an autogenerated email lands in your inbox with a complete .conf file and a QR code. The config has every field already filled in except your private key. That one you paste in locally from Step 1, in your WireGuard app. Connect, and you're in.
The minimum needed to run a tunnel:
We do not collect your real name, home address, phone number, or browsing data. Stripe handles billing on their side and is required by card networks to capture the cardholder name and billing ZIP when you pay with a card. The privacy page documents this in detail with no marketing fluff.
Stripe sends us periodic CSV exports listing active subscriptions, each row tagged with the tunnel IP we attached as metadata. We diff that list against the active peers on the WireGuard server and remove any peer whose subscription has lapsed. The tunnel IP is our customer number. It exists in the config you use anyway. It's not PII.
Every GlassBox VPN subscriber gets access to a customer dashboard. It's only reachable through the WireGuard tunnel itself, not from the public internet. You connect, your browser can see the dashboard. You disconnect, it's gone.
The dashboard shows live state. Nothing stored. Nothing historical. If the server crashed and rebooted, any information that would be lost in the reboot is not information we're holding for you.
Most VPN servers are black boxes. You buy a subscription, you get a config file, and you take it on faith that whatever is happening on the server is what the provider said is happening. You can't see inside. You can't audit the code. You can't verify the claims.
GlassBox is the opposite posture: every claim GlassBox VPN makes is publicly inspectable. Every config file is on a public git forge. Every weekly security audit is published raw. Every daily filesystem hash is posted. The blocklists themselves are plain text files you can download. If we say we don't log DNS queries, you can check the Unbound config and see for yourself.
| Transparency Mechanism | GlassBox VPN (GlassBox) | Mullvad | Proton VPN | NordVPN |
|---|---|---|---|---|
| Full operational stack on public git (every service config, every script, every dashboard) | ✓ Forgejo, rebuildable end-to-end | Partial (client apps, System Transparency tooling, DNS blocklist repo) | Clients only | Linux CLI/GUI only |
| Cryptographic boot attestation (signed OS, verified boot chain) | ✗ Not yet | ✓ System Transparency + stboot + RAM-only | ✗ | Partial (encrypted boot, RAM-only) |
| Live server-state observable by the customer (CPU, RAM, peers, throughput) | ✓ Per-tunnel dashboard, every 5 seconds | ✗ | ✗ | ✗ |
| Read-only shell for live server inspection | Verify Shell (in dev) | ✗ | ✗ | ✗ |
| Continuous server hardening reports (Lynis, rkhunter, AIDE), raw output published | ✓ Weekly | ✗ | ✗ | ✗ |
| Daily SHA-256 hashes of every config file | ✓ | ✗ | ✗ | ✗ |
| DNS blocklist publicly downloadable as plain text | ✓ ~2M domains | ✓ GitHub repo | ✗ NetShield not published | ✗ Threat Protection not published |
| Independent third-party security audit | ✗ Not yet (planned) | ✓ Cure53, Radically Open Security, X41 D-Sec, NCC Group | ✓ Securitum (4x no-logs), Schellman (SOC 2 Type II) | ✓ Cure53 (2022, 2024, 2025), Deloitte (6x no-logs) |
| Warrant canary / legal-process disclosure | ✓ Weekly canary | No canary by stated policy; 2023 search warrant disclosed publicly | Quarterly transparency report (Swiss law limits canary value) | Quarterly transparency report (transitioning away from canary) |
| Court-tested no-data claim | ✗ Not yet tested | ✓ 2023 Swedish police warrant: no customer data to compromise | ✓ 2019 Swiss court order: could not provide IP data | One disclosure order resulted in user-data disclosure (per their transparency report) |
Transparency is not one thing. Mullvad proves the server booted correctly via cryptographic attestation. GlassBox VPN shows you the server running, every second, every layer, every file. We respect their approach. Ours is broader, and ours is the one you can verify with your own eyes through the tunnel.
Last verified 2026-05-16. Sources and methodology on Forgejo.
The portal for all of the above is at oss-blocklist.net/verify/. No account required. Everything is plain text or HTML. Curl the files, inspect them, diff them against the repo, whatever you want.
The static files prove what we said is on the server. The Verify Shell proves those files match what's actually running. It's a hardened SSH shell with a whitelist of 16 read-only commands, protected by nine layers of defense including AppArmor enforcement, chroot, and command filtering. When it ships, any GlassBox VPN subscriber can SSH in through the tunnel and run real Linux commands on a live production server. ps auxf to see every running process. cat /etc/unbound/unbound.conf to read the DNS config. cat /proc/net/tcp to see every network connection. Not a curated dashboard. Not a sanitized report. The actual server.
Red team progress: three attack rounds completed, all vulnerabilities found and patched. Detailed writeup and source on Forgejo.
A bug bounty exists for anyone who can break out of the shell to read protected files. We will fund it publicly when our red team is confident the shell is hardened enough to stand up to public attack. Until then it stays invitation-only and we keep finding things to patch. The bar for shipping is three consecutive red team rounds with zero findings. We are almost there.
When the Verify Shell ships, this section gets a lot shorter and the claim gets a lot stronger: you don't trust that GlassBox VPN is honest, you log in and see for yourself.
GlassBox VPN is built for everyday connected use. Phones, tablets, laptops. Apps, calls, messages, work, music, web. If you want a VPN for any of the following, you want a different VPN:
| Use Case | Why Not GlassBox VPN |
|---|---|
| Streaming Netflix from another country | We block streaming at DNS. Datacenter IPs get flagged by streaming services anyway. Your Netflix would break at random. |
| Torrenting or P2P | Blocked at DNS (tracker domains) and firewall (BitTorrent protocol, DHT). Also the fastest way to get a VPN IP range blacklisted. |
| Usenet downloads | NNTP port 119 blocked. Major Usenet providers blocked at DNS. |
| Sustained high-bandwidth transfers | 100 Mbps per-peer cap with throttle on 10 minutes of saturation. Not the tool for 50 GB game patches. |
| Traveling outside the US | The tunnel works anywhere, but we only sell to US residents. Stripe enforces a US billing address at checkout. |
| Anonymity from law enforcement | We're a US service subject to US law. Our warrant canary tells you when we've received legal process. No VPN in US jurisdiction can promise otherwise. |
Every one of these is a legitimate use case for a VPN. None of them is a legitimate use case for this VPN. We'd rather tell you now than let you find out after you pay.
You read all of that and you're still interested. That's exactly the person GlassBox VPN is built for.