Privacy chain
The Privacy tab lets you compose a sequence of hops between the phone's traffic and the internet. Each hop is independently configured. They can be combined arbitrarily — for example, you can chain Mullvad through Tor through Nym for maximum unlinkability, at the cost of speed.
Hop types
| Hop | What it does | Strengths | Tradeoffs |
|---|---|---|---|
| WireGuard | Generic WG endpoint via BoringTun | Fast, lightweight, standard | Single point of trust in whatever endpoint you point at |
| Mullvad | WireGuard configured against Mullvad's relay network | Optional post-quantum tunnel (ML-KEM-1024), DAITA traffic shaping, multihop, app-level split-tunnel | Needs a Mullvad subscription |
| NymVPN | Sphinx-format three-hop mixnet | Breaks address-association (entry node and exit node don't share state); resists traffic analysis | Higher latency; needs zk-nym mnemonic for paid bandwidth |
| Tor | Embedded Arti client with bridge support and vanguards | Anti-censorship, .onion routing, pluggable transports | TCP only; some sites block exit nodes |
WireGuard hop
Paste a standard [Interface] / [Peer] configuration block. Any config a normal WireGuard client accepts works here.
[Interface]
PrivateKey = <base64>
Address = 10.66.0.2/32
DNS = 1.1.1.1
[Peer]
PublicKey = <base64>
Endpoint = endpoint.example:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25Mullvad hop
Enter your sixteen-digit Mullvad account number, tap Fetch servers, pick an entry server, then choose the extras you want.
Post-quantum tunnel
Uses Mullvad's ML-KEM-1024 quantum-resistant key exchange layered on top of the standard WireGuard handshake. The negotiation establishes a PQ shared secret that gets mixed into the WG session key as a pre-shared key. The end-to-end tunnel survives a "harvest-now, decrypt-later" attack against the WG curve25519 handshake, because the session key requires both the curve25519 secret and the ML-KEM secret.
Multihop
Adds a separate exit server. Traffic enters via the entry server and emerges from the exit server. Implemented via Mullvad's multihop_port spec: the entry server tunnels everything to a fixed UDP port on the exit server, which then de-encapsulates and forwards to the destination. The exit server sees only the entry server's IP, not yours.
DAITA
Defense Against AI-guided Traffic Analysis. Reshapes packet timing and sizes via the maybenot framework to defeat machine-learning-based traffic classifiers (website-fingerprinting attacks, in particular).
Obfuscation transport
Wrap the WireGuard tunnel in one of three transport disguises:
- UDP-over-TCP — length-prefixed framing. Disguises the WG UDP traffic as a TCP stream so it passes through firewalls that block all UDP.
- Shadowsocks — TCP transport with AEAD encryption (ChaCha20-Poly1305 or AES-GCM). Looks like generic encrypted TCP to a network observer.
- QUIC — QUIC over UDP/443, indistinguishable from HTTPS/3 traffic on the wire.
Exclude apps from VPN
Opens a picker for app-level split-tunnel. Selected apps bypass the VPN entirely. Useful for apps that misbehave behind a VPN (banking apps that geo-fence on IP, captive-portal browsers).
NymVPN hop
The mixnet uses zk-nym credentials paid in NYM tokens for the bandwidth. To configure:
- Generate or import a wallet mnemonic at nymtech.net.
- Paste it into the mnemonic field on the Privacy tab.
- Optionally pin a specific entry and exit gateway by ID. If left blank, the SDK picks defaults from the topology.
Without a mnemonic the SDK falls back to testnet credentials, which is fine for testing but not for real use.
Sphinx
Each outgoing packet is wrapped in three layers of encryption, one per hop between entry gateway and exit gateway. Each mixnode peels off one layer and forwards. The mixnodes also add random padding and timing jitter, so an observer watching the wire cannot link a packet entering the network to one leaving it. This is structurally different from VPN-only hops (WG, Mullvad, Tor) which can be defeated by an adversary watching both sides of the tunnel.
Tor hop
Paste BridgeDB-format bridge lines into the bridges field, one per line. Plain vanilla bridges (no obfs4/meek/etc prefix) work without any extra setup. Pluggable transports need the corresponding binary bundled in the APK:
| Transport | How | Status |
|---|---|---|
obfs4 | Inline implementation in libtetherand_pt.so | bundled |
meek | Inline (HTTPS POST tunneling) | bundled |
webtunnel | Inline (HTTPS WS upgrade) | bundled |
conjure | Upstream gotapdance binary | bundled |
snowflake | Upstream Go binary | v0.x — awaiting Go 1.26 fix |
Vanguards
Engages Tor's anti-Sybil entry-guard hardening. The vanguards layer randomises path-selection in ways that make it much harder for an attacker who runs many relays to end up on both ends of any user's circuit.
Prefer PQ-NTor handshake
Wires the prop362 / NTor-ML-KEM-v1 hybrid handshake preference. The setting is in place; the actual on-the-wire engagement lights up automatically once upstream Arti exposes the cipher-suite knob in a release crate. Until then it is a no-op flag held in the config.
Chaining hops
The chain orchestrator processes hops in the order they are enabled. A typical paranoid stack for 5364C13D might be:
Apps → Tetherand TUN → Tor → Mullvad PQ → InternetEach hop adds latency. Measure with the small ping/throughput counter at the top of the Privacy tab and trim hops you don't need. Two practical defaults:
| Profile | Chain | When |
|---|---|---|
| Speed | WireGuard only | You're at a trusted venue and just want to bypass a captive portal |
| Conference | Mullvad PQ + DAITA | Working in a hostile cellular environment; want PQ + traffic-analysis defense without Tor's latency |
| Sensitive | Tor via Mullvad PQ + DAITA | Anything where attribution matters |
| Maximum | Tor via Nym via Mullvad PQ + DAITA | You want every layer the app offers, latency be damned |
Privacy posture (hard rules)
Non-negotiable:
- No telemetry. Tetherand never phones home.
- Model and bridge updates flow only through whatever chain is currently active. There is no out-of-band update path.
- DNS goes through the last enabled hop. No host-resolver leaks.