Network Cloak (VPN)

When to use

• Operating on untrusted Wi‑Fi (cafés, hotels, airports).
• Maintaining a consistent exit jurisdiction for a compartment.
• Reducing IP→identity linkage and device fingerprint amplification.

When not to use

• Assuming it erases all logs or replaces disciplined OPSEC.
• Mixing personal and operational identities on the same session.

What to look for

• Clear, audited privacy policy and minimal logging posture.
• Multiple stable exit locations; good performance under load.
• Kill switch, DNS leak protection, and split‑tunnel control.
• Config profiles for system‑level boot‑time tunnel.
• Transparent security disclosures and regular client updates.

OPSEC tips

• Bring the tunnel up before launching any browser/app.
• Pin a single exit region per identity/compartment.
• Disable WebRTC IP leaks in browsers used for operations.
• Rotate routes between ops; don’t reuse personal routes.

Common mistakes

• Logging in before switching routes (“mid‑session IP change”).
• Relying on VPN to hide account linking or browser fingerprints.
• Leaving plaintext DNS enabled at OS or router level.

Basic setup (generic)

1. Install client; import a stable profile for your target region.
2. Enable kill switch and DNS leak protection.
3. Set client to connect at boot; verify before opening apps.
4. Test: IP, DNS, WebRTC, and geolocation consistency.

Related: Encrypted Email, Password Manager, Throwaway Infra