This page is a professional overview of how PoodleVPN is built and how traffic moves through the system. The goal is not “feature checklists.” The goal is reducing identity surface area and preventing obvious metadata failures.
At a high level, your device establishes an encrypted tunnel to a Swiss exit. DNS resolution is jurisdiction-split into Iceland. A proxy layer can optionally add separation for specific workflows.
DNS resolution is routed separately to Iceland-based recursive infrastructure (encrypted), minimizing third-party resolvers and avoiding default ISP DNS behavior.
A proxy can be introduced on top of the VPN for workflows that benefit from additional separation and application-level control.
Architecture choices cannot “defeat a global adversary” on their own. They can, however, prevent common failures: identity collection, DNS leakage, burst-based traffic fingerprints, and dependency on untrusted third parties.
These are the constraints we enforce to keep the system understandable, reviewable, and harder to corrupt over time.
PoodleVPN avoids usernames and logins by design. Keys are generated locally and are not tied to personal identity in the system. This reduces database risk and removes a large class of “account recovery” metadata leaks.
Minimal moving parts makes it easier to reason about what exists and what does not. Fewer services, fewer dependencies, fewer incentives to add tracking, and fewer opportunities for accidental logging.
The Swiss exit and Iceland DNS/proxy layers are deliberately separated. This is a structural choice aimed at reducing “single-jurisdiction single-provider” concentration and increasing failure isolation.
Optional shaping and constant-rate padding are designed to reduce burst fingerprints that can make simple traffic correlation easier in some environments.
This layer exists for users who understand that content encryption is not the same thing as metadata protection. The objective is to reduce obvious rate-based fingerprints and “bursty” patterns.
When enabled, the system can emit a steady encrypted packet stream at a fixed 1 Mbps rate, independent of your real activity, by adding cover traffic to fill gaps. This can make straightforward “activity inference by burst timing” less reliable.
Shaping limits burst spikes and smooths transmission patterns. The intent is to reduce easy-to-spot traffic signatures (sharp ramps, short intense bursts) that sometimes correlate with specific actions.
It helps reduce low-effort correlation based on timing and rate spikes, especially when the attacker’s view is limited to traffic metadata and not endpoint compromise.
It does not claim to defeat a global passive adversary, endpoint compromise, or application-level identity leakage (cookies, logged-in accounts, browser fingerprinting).
Many privacy failures are not cryptographic failures. They are “business process” failures—accounts, analytics, and identity binding. We reduce exposure by minimizing what exists.
PoodleVPN is engineered to avoid building a user identity graph. The simplest way to protect sensitive data is to avoid collecting it. Instead of relying on “trust us,” we prefer architectural constraints that remove the incentive and the mechanism to store it.
No ad pixels, no behavioral analytics, no conversion tracking. These tools routinely become involuntary metadata disclosure systems.
Traditional account systems force recovery mechanisms (email, phone, identifiers) which become persistent identity anchors. Accountless design avoids this entire class of leakage.
Concise answers with explicit boundaries.
“Bare-metal” is about control and predictability. It reduces shared-host risk and limits invisible layers. The point is not that a location is “magical,” but that the infrastructure is physically and operationally controlled and reviewable.
DNS is a frequent metadata leak. Routing it to dedicated infrastructure avoids default ISP resolvers and reduces reliance on large third-party DNS ecosystems. It also supports jurisdiction separation rather than bundling everything into a single place.
No. It is a threat-model tool. It consumes bandwidth to reduce burst fingerprints. For normal use cases, it may be unnecessary overhead. For higher-risk environments, it can be a meaningful upgrade when used alongside sane browser and account hygiene.
No. VPN architecture hardens transport privacy and prevents common leaks, but it does not provide the same anonymity properties as Tor or mixnets. Layering can be appropriate depending on your threat model.