Most VPNs encrypt traffic and stop there. While encryption protects content, it does not hide traffic metadata — timing, burst patterns, throughput spikes, and session behavior.
Why This Matters
These metadata signals are routinely used for website fingerprinting, behavioral analysis, and timing correlation attacks — even when payloads are unreadable.
What We Implemented
- Traffic shaping to enforce a fixed bandwidth envelope
- Packet pacing to smooth inter-packet timing
- MTU normalization to reduce packet-size entropy
These controls operate directly in the Linux network scheduler on our WireGuard interfaces, below the application layer.
Transparency
- No fake cover traffic
- No constant-rate claims
- No anonymity-network marketing
- No client-side requirements
This upgrade reduces the resolution of observable metadata during active VPN use.
Status
- ✅ Live on PoodleVPN infrastructure
- ✅ Enforced at the kernel level
- ✅ Persistent across reboots
- ✅ No client updates required