Cloak VPN uses post-quantum cryptography on every connection, runs its AI safety features entirely on your device, and keeps nothing on our servers. Open source. Independently audited.
No email required. Cancel anytime. Pay with card or crypto.
Most VPNs are a tunnel. Cloak is a tunnel plus three things that matter when privacy is the job, not the checkbox.
Every handshake mixes a post-quantum-secure pre-shared key derived via Rosenpass (Classic-McEliece + Kyber). Recorded today, still safe tomorrow.
Tracker and phishing detection runs locally. We don't inspect your traffic in the cloud — we can't, because the model is on-device.
RAM-only servers. No connection logs, no activity logs, no email required to sign up. Architecture first, promise second.
A future quantum computer could break the classical Curve25519 key exchange that most VPNs rely on. An attacker could record your encrypted traffic today and decrypt it years from now. That's called harvest-now-decrypt-later, and it's already a real concern.
Cloak mixes a post-quantum-derived pre-shared key into every WireGuard handshake using Rosenpass. The PSK rotates every two minutes. Even if Curve25519 is broken in 2035, the traffic we protect today stays private.
Our control plane (signup, account, config delivery) runs on TLS 1.3 with the
X25519MLKEM768 hybrid group — the same post-quantum key exchange
Cloudflare, Apple, and Google shipped across their networks in 2024–2025.
┌─── Client ────────────┐ ┌─── Cloak server ──────┐
│ rosenpass (on-device) │ PQ KE │ rosenpass (daemon) │
│ │ │────────►│ │ │
│ ▼ 32B PSK │ every │ ▼ 32B PSK │
│ WireGuard tunnel │ ~120s │ WireGuard tunnel │
│ (Noise IKpsk2) │◄───────►│ (Noise IKpsk2) │
└───────────────────────┘ └───────────────────────┘
▲ ▲
│ │
ChaCha20-Poly1305 + PSK-mixed transcript
│ │
└─── even a quantum attacker ─────┘
with recorded traffic can't
decrypt it retroactively.
Pick a plan. Install the app. We don't ask for your email.
See plans