Cloak VPN Get Cloak Pro
Post-quantum cryptography on every connection

The VPN built for the next decade of threats.

Cloak VPN uses post-quantum cryptography on every connection, runs its AI safety features entirely on your device, and keeps nothing on our servers. Open source. Independently audited.

Start for $4.99/month See how the crypto works

No email required. Cancel anytime. Pay with card or crypto.

Why Cloak

Most VPNs are a tunnel. Cloak is a tunnel plus three things that matter when privacy is the job, not the checkbox.

PQ

Post-quantum from day one

Every handshake mixes a post-quantum-secure pre-shared key derived via Rosenpass (Classic-McEliece + Kyber). Recorded today, still safe tomorrow.

AI

AI that stays on your phone

Tracker and phishing detection runs locally. We don't inspect your traffic in the cloud — we can't, because the model is on-device.

0

Nothing to hand over

RAM-only servers. No connection logs, no activity logs, no email required to sign up. Architecture first, promise second.

What "post-quantum" actually means here

A future quantum computer could break the classical Curve25519 key exchange that most VPNs rely on. An attacker could record your encrypted traffic today and decrypt it years from now. That's called harvest-now-decrypt-later, and it's already a real concern.

Cloak mixes a post-quantum-derived pre-shared key into every WireGuard handshake using Rosenpass. The PSK rotates every two minutes. Even if Curve25519 is broken in 2035, the traffic we protect today stays private.

Our control plane (signup, account, config delivery) runs on TLS 1.3 with the X25519MLKEM768 hybrid group — the same post-quantum key exchange Cloudflare, Apple, and Google shipped across their networks in 2024–2025.

┌─── Client ────────────┐         ┌─── Cloak server ──────┐
│ rosenpass (on-device) │  PQ KE  │ rosenpass (daemon)    │
│         │             │────────►│         │             │
│         ▼ 32B PSK     │  every  │         ▼ 32B PSK     │
│  WireGuard tunnel     │  ~120s  │  WireGuard tunnel     │
│  (Noise IKpsk2)       │◄───────►│  (Noise IKpsk2)       │
└───────────────────────┘         └───────────────────────┘
         ▲                                 ▲
         │                                 │
     ChaCha20-Poly1305     +         PSK-mixed transcript
         │                                 │
         └─── even a quantum attacker ─────┘
              with recorded traffic can't
              decrypt it retroactively.
0
connection logs
0
traffic logs
RAM
diskless server fleet
OSS
every client on GitHub

Ready for the next decade?

Pick a plan. Install the app. We don't ask for your email.

See plans