Censored networks
If your ISP or country blocks VPN protocols by signature, REALITY transport bypasses that block by not having a signature in the first place.
//01Privacy
AES-256 traffic that doesn't look like a VPN.
REALITY transport disguises every packet as ordinary HTTPS to a third-party server. To deep packet inspection, you're just visiting a normal website.
//01Why this matters
Encryption is necessary but not sufficient.
Every VPN encrypts. What separates SecureFox is that the encryption itself looks innocent. Generic VPN protocols — OpenVPN, IKEv2, even WireGuard on its default port — emit handshake patterns that state-level deep packet inspection learns to drop. Once your provider is blocked, no amount of strong cryptography saves you. SecureFox sidesteps the fingerprint problem by speaking REALITY: every connection mirrors a real TLS handshake to a real third-party server, so to anything watching the wire, your session is indistinguishable from someone visiting an ordinary HTTPS site.
//02How it works
Encryption + protocol mimicry, every session.
On connect, the SecureFox client negotiates AES-256-GCM authenticated encryption with the exit node. The carrier layer is REALITY — a transport that performs a genuine TLS 1.3 handshake to a SNI of your choice (e.g. microsoft.com), then transparently switches to the VPN payload once the censor's middlebox has logged the handshake and moved on. uTLS fingerprint mirroring makes the ClientHello byte-for-byte identical to popular browsers.
CipherAES-256-GCM
TransportREALITY · uTLS
Key exchangeX25519 (hybrid with ML-KEM-768 for PQC)
ProtocolVLESS · XTLS-Vision
//03Use cases
Built for places where ordinary VPNs fail.
Hotel / café Wi-Fi
Captive portals and hostile public networks can't downgrade a connection they can't identify as VPN traffic.
Corporate / school networks
Many enterprise firewalls block OpenVPN and WireGuard ports outright. SecureFox runs on 443 and looks like HTTPS.
Travel through restrictive jurisdictions
Cross borders without losing access to your home services or having your traffic flagged for inspection.
//04What you get
Stronger than "strong encryption".
- AES-256-GCM authenticated encryption — what NSA TOP SECRET uses
- REALITY transport defeats heuristic deep packet inspection
- uTLS fingerprint mirroring — your handshake looks like Chrome / Firefox / Safari
- Hybrid key exchange with ML-KEM-768 — quantum-resistant from day one
- Open-source engine — no security through obscurity
//05Privacy FAQ
Common questions about SecureFox encryption.
Is AES-256-GCM really unbreakable?+
With current and foreseeable classical computing, yes — brute-forcing AES-256 requires more energy than the sun produces in its lifetime. Quantum attacks can theoretically halve the security level, which is why we pair it with ML-KEM-768 for forward secrecy against quantum adversaries.
What does REALITY actually disguise?+
The TCP handshake, the TLS ClientHello byte pattern, and the cert chain you appear to be visiting. To a passive observer or DPI middlebox, you're indistinguishable from someone loading a normal website.
Can my ISP tell I'm using SecureFox?+
They can see you're talking to an IP that happens to host both a real website (which they can verify) and a SecureFox node. They can't see WHAT you're doing or distinguish VPN traffic from a website visit.
Do you support OpenVPN or IKEv2?+
No. Both have widely-known handshake fingerprints that fail in censored networks. We ship REALITY-cloaked VLESS and modern WireGuard — both more private than OpenVPN even in the best case.
//06Features
Related features
[ Ready ]
Try it free.
Anonymous mode gives you 1 GB every week, no account required. Sign up later for 2 GB.