Strong Encryption
All internet traffic is redirected over a secure encrypted VPN tunnel. WifiMask uses VPN technology with "Top Secret"-level encryption: AES-256-GCM, 4096-bit RSA & Perfect Forward Secrecy using 4096-bit Diffie Hellmann keys. This will get the nod from every Security Engineer.

Teleporting
‍Because you get a new IP-address from us, or more precise from the server on the location you are connecting to, you can pretend that you are on the other side of the planet by choosing a different location under the Teleport option. This allows you for example to watch your favourite national online television wherever you go or visit websites which are only accessible from the chosen geographical location.

Ad blocking
‍WifiMask speeds up your internet connection by blocking annoying ads with a daily updated blocklist. You can turn this option off under Preferences, in case a website only allows you when your adblocker is turned off.

Malware blocking
‍In the 90's we needed virusscanners, today we need a VPN with extra security measures to stay safe. Together with blocking ads, WifiMask blocks threats like malware, spyware, phishing, ad fraud, botnets and cryptocurrency mining. A daily updated blocklist prevents you from these threats and traffic before a connection is ever made.

Hide your real IP-address
‍When an encrypted connection is established you will receive a new IP-address from us. To the outside world it will appear as if you are coming from one of our servers. This will give you an extra layer of online privacy and protection.

Kill Switch
The WifiMask apps have an automatic "Kill Switch" feature, which activates firewall rules and prevents leaking your data when the app is reconnecting. This means that as long as the apps are turned on, you're protected and don't have to worry about your data leaking on the network.

DNS & IPv6 leak protection
Simply a VPN is not enough, extra security measures in the apps are necessary to guarantee your privacy and safety on data networks. DNS & IPv6 leak protection is among these and taken care of by the WifiMask apps. More information about these protections can be find below.

How WifiMask works

Deeper dive into the world of WifiMask
A more technical explanation, we will try to keep it fun and easy to understand though.

What happens when the app is "Reconnecting...", am I still safe?

As soon as the internet connection is lost and the app is reconnecting, firewall rules kick in to prevent leaking your un-encrypted data on the Wi-Fi network.
While the app is trying to get its connection back up with a WifiMask router, only traffic over ports needed to get the network and encrypted connection back up are allowed. All other ports are blocked.
This means you have a secure connection from the moment you turn the app on until you turn the app off.
As soon as the app has its connection back up, all internet traffic is redirected over the secure connection and the firewall rules are disabled, allowing you to fully enjoy the internet again through a secure and encrypted tunnel.

What about the security of the website, my account information and password?

First of all, your creditcard details never touch our servers. These are only verified directly from your browser with our payment provider over a secure connection at https://stripe.com. The only thing we get back from them is a verification ID connected with your email address and the last 4 numbers of your creditcard.
Your password never ends up in clear-text on our servers. Your password is "hashed" before it's saved in our database, which means your password is send on a one-way trip to hashplanet which changes its language and appearance and doesn't make sense to anyone anymore.
For example, the hashed version of the password "nevergonnagiveyouup" (very bad password) can be something like this:
$2y$10$gZiSFGX.BC/ WOoctszVci.cGaOMVthB/ X7.4734Xco7mofg38M8Q6
So how is your password verified? The hash of your provided password when logging in is compared with the existing hash in the database. Only if they are equal, you can login. We use the hashing algorithm "bcrypt" with a cost factor of 10, which makes every Hashcracker's head explode.
This website is protected with a Web Application Firewall (WAF) for an extra layer of protection against all sorts of web attacks, like SQL injection and XSS, fancy synonyms for "cracking", which is often mistranslated into "hacking". When the WAF's security rules prompt you the message "Not Accessible" in your browser then you know the FBI will knock down your door and lift you from your bed the next morning. Or let us know what happened and we will call them off.

What about DNS leaking, DNS hi-jacking and IPv6 leaking?

Maybe you've heard about it, WifiMask is not vulnerable to it.
DNS servers translate the domainname of a website, like wifimask.com, into an IP-address, because webservers are only reachable at an IP-address in the end. DNS leaking happens when you enter a domainname in your browser and when this request for translation into an IP-address is not redirected over the encrypted connection.
Which means your government spy hiding at the toilet but still within reach of the public Wi-Fi signal can see what websites you are visiting and make educated guesses about your interests and weaknesses to make you say things later when waterboarding.
WifiMask protects you from this by redirecting this type of traffic through the WifiMask encrypted tunnel so you can maintain your flawless image and deny everything.
DNS hi-jacking happens when the grandma in the corner is able to act as your DNS server on the Wi-Fi network, redirecting your website visits to servers under her control, probably containing (grand)malware, impersonating your banking website to complete her retirement income or to use it to inject funny ads in your browser about false teeth, just for a laugh.
WifiMask protects you from this grandma by configuring the WifiMask router as your DNS server, bypassing the grandma's DNS server. Give her the thumbs up to let her know everything is fine.
IPv6 leaking is not a sexual disease either and happens when only IPv4 traffic is redirected over a secure connection, and not IPv6 traffic. Today more and more websites are accessible over IPv6, the new internet addressing mechanism because IPv4 is running out of numbers. At the same time most browsers, if not all, prefer IPv6 over IPv4. So when you are applying for a job as a CIA agent on the IPv6 website cia.gov on a public Wi-Fi without a WifiMask connection, this secret news will spread fast and reach terrorist organisations before you are even invited at the job interview.
WifiMask protects you from this by enabling and redirecting IPv6 traffic over its secure encrypted connection by default. This way you can show your face connected to your body at the job interview. This also means you are always able to access IPv6-only websites, even at locations where your internet provider is only IPv4 capable, because you get an IPv6 address from us over the secure connection.

Unblock content with Teleporting

How WifiMask works

Company

Get WifiMask

Follow us