The Philosophy

Don't trust us. Verify us.

GlassBox is the opposite of a black box. Every server config, every audit report, every piece of code is published. The whole system is built so there's nothing valuable to hide.

01
Radical Transparency
02
Nothing Hidden
03
Nothing Collected
What GlassBox Is

The opposite of a black box.

Most VPN providers are black boxes. You buy a subscription, you get a config file, and you take it on faith that whatever is happening on the server is what they said is happening. You can't see the configs. You can't audit the security. You can't verify the claims. You're trusting them.

GlassBox is a different posture. Every claim GlassBox VPN makes about its servers is publicly inspectable. Every config file is on a public git forge. Every weekly security audit is published raw. Every daily filesystem hash is posted. The blocklists themselves are plain text files you can download. If we say we don't log DNS queries and we forward to Quad9 and Cloudflare over DoT, you can read the Unbound config on Forgejo and confirm both for yourself.

Most providers ask you to trust them. We give you the tools to skip the trust step entirely.

The Industry Default

Black Box

Configs are private. Audits aren't published. Logs may or may not exist (you can't check). The provider asks for your trust and gives you no way to verify the claim. If they're lying, you'd never know.

GlassBox Posture

GlassBox

Configs are public on Forgejo. Weekly audits run automatically and post raw output. Daily filesystem hashes prove nothing changed off-repo. The architecture itself is structured so that even a full server compromise reveals nothing valuable.

The Three Pillars

Radical transparency. Nothing hidden. Nothing collected.

Three distinct postures, one philosophy. Each pillar reinforces the others. Together they describe a service designed to be impossible to abuse, even by the people who run it.

Radical Transparency

Every server is rebuildable from the public Forgejo repo. Every weekly Lynis audit posts raw output. Every config file is hashed daily and published. Anyone can inspect the live system end-to-end.

Nothing Hidden

The blocklists are plain text. The firewall rules are public. The Unbound config is on the repo with DNS logging disabled and the Quad9 + Cloudflare forwarders right there in plain sight. The bandwidth throttle policy and saturation thresholds are documented end-to-end. No secret tier features. No undisclosed enforcement.

Nothing Collected

No name, no email, no address, no DNS query logs, no browsing history, no historical traffic. Your WireGuard public key is the only identifier. Stripe handles billing on their side. GlassBox VPN never sees who you are.

The Architecture

Publishing everything is safe because there's nothing valuable to steal.

The first question someone reasonable asks about GlassBox: "If you publish your configs and let people inspect your servers, isn't that risky?"

The answer is no, because the entire system is built so that even a full server compromise reveals nothing useful. The transparency is safe because the architecture is correct.

What's Published

Already public

  • Server configs (Forgejo)
  • Firewall rules
  • Unbound config (logging off, Quad9 + Cloudflare forwarders over DoT)
  • WireGuard interface config
  • Blocklist files (~2M domains)
  • Bandwidth throttle policy and thresholds
  • Weekly Lynis audit reports
  • Daily filesystem hashes
  • Weekly warrant canary
What's Worthless to Steal

Useless if exfiltrated

  • SSH keys: tunnel-only access, useless from outside the WireGuard network
  • WireGuard server keys: useless without your specific peer's matching device
  • Customer pubkeys: cryptographic identifiers, identify nobody
  • Live tunnel state: TLS-encrypted traffic the server cannot decrypt
  • Active connection list: just pubkeys and tunnel IPs, no identities
What Doesn't Exist

Cannot be stolen at all

  • Customer names, emails, addresses
  • DNS query logs (Unbound logging is off)
  • Browsing history
  • Historical traffic data
  • Connection logs
  • Per-user bandwidth records
  • Account passwords (no accounts)
  • Payment card data (Stripe holds it)
The Logic Of It

Even if a GlassBox VPN server got hacked, what could anyone steal?

The configs are already public. The keys don't unlock anything outside the tunnel. The traffic is TLS-encrypted between your device and the websites you visit, so the server can't read it. The customer data was never collected in the first place.

And that includes the US Government. If a subpoena drops, the warrant canary breaks. The most they can compel is encrypted packets going to who-knows-where. Nothing to correlate, nothing to identify, nothing to subpoena that doesn't already exist on Forgejo.

That's GlassBox. The transparency works because the architecture made it safe.

What's Public Right Now

The transparency portal. No login required.

Everything below is live, automatically generated, and accessible from any browser or terminal. No account, no email, no captcha. Curl the files, diff them against the repo, do whatever you want.

Live and Auto-Generated

oss-blocklist.net/verify/

  • Weekly Lynis audit. Full system security scan, raw output, scored against a 200-check ruleset.
  • Weekly rkhunter scan. Tests against 498+ known rootkits, backdoors, and trojans.
  • Weekly AIDE integrity check. Cryptographic baseline diff. Any unauthorized file change is logged.
  • Daily filesystem hashes. SHA-256 of every config file. Verify nothing changed off-repo.
  • Weekly warrant canary. A plain-text statement confirming that Open Source Security, Inc. has never received a government request for customer information, a court order to log user activity, a National Security Letter, or any directive to modify GlassBox VPN infrastructure. Republished weekly with the GlassBox audit cycle. 14-day grace period: if it stops updating past that window, treat the canary as broken.
  • Live server snapshots. Daily filesystem trees with SHA-256 hashes for every config file.
  • Full Forgejo repository. Every script, config, and tool used to run a GlassBox VPN server.
  • Live server metrics. CPU, RAM, disk, network, peer count. Updated every 5 seconds.
Open the verify portal → Browse Forgejo source → Read the warrant canary →
The Live Dashboard

Proton gives you a checkmark. We show you the server.

Most "transparency" in the VPN industry stops at a green badge on the homepage. Some company claims to have done an audit. The audit firm maybe published a redacted summary. You take it on faith that the infrastructure today still matches what was audited eighteen months ago.

Every GlassBox VPN subscriber gets a different answer. The moment your tunnel comes up, this dashboard is reachable in your browser at the server's tunnel IP. Live CPU, live RAM, live peer count, live throughput. Your own bandwidth rate. Your throttle status. The warrant canary's last-updated date. The current blocklist size. The latest GlassBox snapshot hash. Auto-refreshed every 5 seconds.

GlassBox VPN customer dashboard showing live server metrics, tunnel status, bandwidth rate, and verification data. Live, on every server, auto-refreshed every 5 seconds.

Live, on every server, through every tunnel. The exact view your peer reaches through its assigned server. No login, no account, no portal. Just connect to the tunnel and load the page.

Reachability
Tunnel-only. Not exposed to the public internet. Disconnect and the dashboard is gone.
Refresh Rate
Every 5 seconds, powered by Netdata. Same metrics OSS engineers see, surfaced to subscribers.
What It Stores
Nothing. Live state only. If it couldn't survive a server reboot, it's not on the dashboard.

This is the GlassBox philosophy operationalized. The static reports prove the configs are honest. The Verify Shell (in development) will prove the running system matches the configs. The dashboard proves it right now, every five seconds, for as long as your tunnel is up.

And if you want to see the dashboards in aggregate, performing under real-world load, the live VPN test runs against three of the production servers 24/7 and publishes every result.

See live test data

Zero PII

Nothing Collected.

The third pillar of GlassBox. Even if every server were perfectly inspectable and every audit were perfect, none of it would matter if GlassBox VPN was sitting on a database of customer identities. So we don't have one.

The Architecture

GlassBox VPN has no idea who you are. Stripe handles billing on their side. The two systems never talk.

Your WireGuard public key is the only identifier on the GlassBox VPN side. There is no account to log into, no password to remember, no profile to update. If you cancel, the peer entry is removed and that's the entire offboarding process.

What GlassBox VPN Stores

  • Your WireGuard public key
  • Your assigned tunnel IP
  • Your server location preference
  • Your 21+ / US affirmation

What GlassBox VPN Does Not Store

  • Your name, email, address
  • Your home IP address
  • DNS queries or browsing history
  • Historical traffic or bandwidth records
  • Connection logs or session history
  • Account passwords (no accounts)
  • Payment card data (Stripe-side only)
What's Coming Next

The Verify Shell. SSH into a live GlassBox VPN server. Read-only.

The static reports prove what we said is on the server. The Verify Shell proves those reports match what's actually running. It's a hardened read-only SSH shell, accessible only over the WireGuard tunnel, that lets any subscriber log in and inspect the live system directly.

Verify Shell: hardened read-only SSH for live server inspection

In Development

Built on a dedicated server with nine layers of defense including a chroot jail, AppArmor enforcement, a sshd ForceCommand, a 16-command whitelist, and protected-path filters. When it ships, any GlassBox VPN subscriber will be able to log in (through the tunnel) and run wg show, cat /etc/unbound/unbound.conf, systemctl status, iptables -L, and twelve other read-only inspection commands on a live production server.

9
Defense Layers
16
Whitelisted Commands
3
Red Team Rounds
0
Bypasses To Date

Red team progress, fully disclosed

Round 1
Layer-3 filter bypass. Skip found a /proc/thread-self filter bypass. Reached layer 3 of 9. Chroot held. No bounty files reached. Patched.
Round 2
AIDE meta.json reporting bug. Tux found a meta.json AIDE reporting bug. Patched. All SSH bypass vectors (sftp, ForceCommand, TCP tunneling) tested and confirmed blocked in the same round.
Round 3
Hex-encoded grep filter bypass. Skip found a hex-encoded grep filter bypass. Reached layer 3 of 9. Chroot held. No bounty files reached. Patched.
The bug bounty exists. It goes public when we're confident.

Three protected files live in the Verify Shell environment. Read any one of them through the shell and you win. We will fund the bounty publicly when our red team is confident the shell is hardened enough to stand up to public attack. Until then it stays invitation-only and we keep finding things to patch. The bar for shipping is three consecutive red team rounds with zero findings. We are almost there. Source code: git.opensourcesecurity.net/opensourcesecurity/glassbox.

Don't trust us.
Verify us.
The GlassBox Philosophy
Open The Verify Portal Apply: $60/year