Desktop Privacy Stack

HASENPFOTE

Your VPN hides your IP. Your ISP still sees your DNS queries. Websites still fingerprint your browser. And everything you encrypt today can be stored and cracked when quantum computers land. Hasenpfote closes all four gaps from a single system tray icon.

See the Three Modes → Architecture ↓
12
Rust Crates
3
Privacy Modes
61
Tasks Shipped
13
Days Built

? The Problem

  • > You run a VPN, a DNS app, a fingerprint blocker, and maybe a mixnet client. Four tools, four trust models, four points of failure — and none of them know the others exist
  • > Your VPN hides your IP, but websites still identify you. Canvas rendering, WebGL shaders, AudioContext, font enumeration, TLS ClientHello — your browser leaks a unique signature regardless
  • > Current defenses don't hold up. Randomization? Defeated by majority voting across sessions (WWW '25, "Breaking the Shield"). Uniformity? Breaks half the web. Neither approach scales
  • > Standard WireGuard is a neon sign for DPI. A 148-byte handshake init and four fixed packet type identifiers — censorship systems flag it in milliseconds
  • > Harvest now, decrypt later. State actors are recording encrypted traffic today, waiting for quantum computers to crack it. No consumer privacy tool ships post-quantum key exchange

+ The Solution

  • > One privileged daemon orchestrates DNS, tunnel, fingerprint defense, and mixnet routing. Everything coordinates — firewall rules match the active tunnel, DNS resolves through the right path, fingerprints stay consistent per session
  • > Three modes mapped to real threat models — daily browsing, sensitive work, high-risk communication. You pick the situation, not the protocol
  • > Confusion over blocking — instead of randomizing APIs or making all browsers identical, hasenpfote injects internally consistent fake profiles. Websites see a plausible browser. Just not yours
  • > AmneziaWG 2.0 wraps WireGuard in padding, randomized magic headers, and fake protocol signatures. To DPI, the traffic looks like QUIC or DNS — not a tunnel
  • > X-Wing hybrid KEM (X25519 + ML-KEM-768) on every tunnel. Pre-shared keys rotate every 90–120 seconds via relay. If classical crypto breaks, the lattice layer holds. If the lattice breaks, X25519 holds
Pick Your Threat Model

Three modes. You choose the trade-off.

Basis

~5ms overhead — unnoticeable

For: everyday browsing, coffee shop WiFi, ad-tech tracking. No tunnel, no slowdown. Your DNS stays private and your browser stops leaking who you are.

  • Oblivious DoH + DNS-over-QUIC
  • Fingerprint injection (6 browser profiles)
  • TLS ClientHello spoofing (78+ signatures)
  • System DNS forced through local resolver

Stark

~50ms overhead — barely noticeable

For: banking, sensitive email, corporate networks, restrictive ISPs. Full encrypted tunnel with traffic that looks like normal HTTPS to deep packet inspection.

  • Everything in Basis
  • AmneziaWG 2.0 obfuscated tunnel
  • X-Wing post-quantum key exchange
  • pf/nftables kill-switch (no leak on drop)

Maximum

~500–800ms overhead — noticeable

For: journalists, activists, whistleblowers, anyone whose traffic pattern is itself a risk. Sender anonymity through 5-hop mixnet routing. Your ISP can't see where you're going. The destination can't see where you came from.

  • Everything in Stark
  • Nym 5-hop mixnet routing
  • Continuous cover traffic (even when idle)
  • Mix-level sender anonymity
Under the Hood

Architecture

hasenpfote — system architecture 
  Tauri GUI (Svelte 5, 1.6KB bundle, user process)
       |
       | gRPC over Unix Domain Socket
       |
  hp-daemon (root, privileged orchestrator)
       |
  -----+------+--------+--------+-----------+
  |         |        |        |           |
hp-mixnet  hp-tunnel  hp-dns  hp-fingerprint  hp-pqc
(Nym 5-hop) (AWG 2.0)  (ODoH)  (AI profiles)   (X-Wing)
              |         |
         -----+---------+------
         |              |
    hp-routing     hp-firewall
    (TUN device)   (kill-switch)

Strict privilege separation. The Tauri GUI runs as a normal user — it never touches the network stack. All privileged operations (TUN device creation, firewall rules, DNS interception, route table changes) are isolated in the root daemon. The two communicate over gRPC through a Unix domain socket with peer-credential authentication. Why gRPC over D-Bus or REST? Typed contracts via protobuf, server-streaming for real-time status events, and forward-compatible versioning. If the daemon panics, a registered cleanup hook tears down firewall rules and restores system DNS before the process exits.

How Each Layer Works

Six problems. Six subsystems.

//

Fingerprint Spoofing

Most anti-fingerprinting either randomizes values (defeated by majority voting across sessions) or makes all browsers look identical (breaks websites). Hasenpfote takes a third path: it injects deterministic, internally consistent fake profiles. Canvas hash, WebGL renderer, AudioContext output, Navigator properties, font list — all match a plausible real browser. Currently 6 hardcoded profiles; a CTGAN/VAE generator for unlimited synthetic profiles is in research.

<>

Traffic Obfuscation

AmneziaWG 2.0 wraps WireGuard in four obfuscation layers: random-length padding on the 148-byte handshake, randomized magic header ranges replacing the fixed 0x01–0x04 identifiers, custom protocol signatures that mimic QUIC or DNS before the handshake, and interspersed junk packets. The result: DPI systems that flag standard WireGuard in milliseconds can't distinguish this from normal HTTPS traffic.

{Q}

Post-Quantum Key Exchange

Every tunnel uses X-Wing — a hybrid KEM that derives keys from both X25519 (classical, proven) and ML-KEM-768 (NIST-standardized, lattice-based). The derived secrets are combined via HKDF-SHA256. Pre-shared keys rotate every 90–120 seconds through the relay. If either algorithm is broken, the other still holds. This protects against harvest-now-decrypt-later attacks that are already happening.

@

Split-Knowledge DNS

Oblivious DNS-over-HTTPS (ODoH) separates who's asking from what's being asked — your ISP can't see the query, and Cloudflare can't see the source. DNS-over-QUIC (Quad9) as fallback. A local stub resolver binds to 127.0.0.1:53 and system DNS is redirected via launchd/systemd. No query ever leaves the machine unencrypted.

||

Firewall Kill-Switch

When a tunnel is active, pf (macOS) or nftables (Linux) rules default-deny all outbound traffic except the tunnel interface and essential system services. If the tunnel drops, traffic stops — it doesn't fall back to cleartext. During mode transitions, rules are updated atomically before the new tunnel is established. On daemon crash, a panic hook removes rules and restores DNS.

***

Mixnet Anonymity

Maximum mode routes traffic through Nym's 5-hop mixnet via a local SOCKS5 proxy. Unlike a VPN, where the provider sees both sides, each mix node only knows its predecessor and successor. Continuous cover traffic defeats timing analysis even when the user is idle. Current integration is PoC-level (SOCKS5 to nym-socks5-client binary); production path is direct integration with nym-vpnd.

"Every privacy tool asks you to make a permanent choice: maximum protection with broken websites, or fast browsing with no protection. That's a false trade-off. A lawyer reviewing contracts and a journalist meeting a source have different threat models — but they shouldn't need different software."

— The design principle behind three modes

Honest Assessment

Ups & Downs

+ Engineering Wins

  • Clean privilege separation — the attack surface of the GUI is zero network operations. Root access is confined to the daemon behind authenticated UDS
  • 12-crate workspace with clear boundaries — hp-dns knows nothing about hp-tunnel. Each crate compiles and tests independently
  • Fingerprint spoofing via profile injection is a genuinely novel approach. No open-source tool and no commercial VPN currently does this
  • Hybrid PQC from day one — most privacy tools treat post-quantum as a roadmap item. Hasenpfote ships it as the default on every tunnel
  • Panic-safe networking — registered cleanup hooks guarantee firewall and DNS restoration even on unrecoverable errors
  • 10 research documents back every architectural decision. Not opinions — cited papers, benchmarks, and adversarial analysis

! Honest Limitations

  • macOS-only in practice — Linux crate scaffolding exists but is untested. Windows support not started
  • 6 static fingerprint profiles — enough for PoC, not enough for production. The CTGAN/VAE generator is in research, not in the binary
  • AmneziaWG requires CGO — the Go FFI bridge works but adds cross-compilation complexity. A pure Rust implementation doesn't exist upstream yet
  • Nym integration is PoC-level — routes through a SOCKS5 sidecar binary, not the production nym-vpnd daemon
  • Behavioral biometrics (keystroke timing, mouse dynamics) are a known fingerprinting vector not yet addressed
  • No installer, no auto-update, no account system — this is a working proof of concept, not a shipped product
Built With

Technology Stack

Rust Tauri 2.x Svelte 5 gRPC (tonic/prost) Protocol Buffers Tokio boringtun (Cloudflare) AmneziaWG 2.0 Nym SDK X-Wing (X25519 + ML-KEM-768) ODoH / DoQ wreq (BoringSSL) pf / nftables tun-rs Fly.io (Relay)

Privacy that adapts
to the situation.

12 Rust crates. Privilege-separated daemon. Post-quantum by default. Open-core, Swiss-built, research-backed.

Let's Talk →