The world’s most resilient VPN
Geph is a VPN built from the ground up to resist ISP-level censorship. Unlike VPNs that at best play unsustainable cat-and-mouse games with censors, Geph’s architecture and protocols are specifically engineered to be nearly invisible against ISPs and network adversaries.
Over the past 5 years, we have connected millions of users behind strict national firewalls, consistently achieving our service SLA despite targeted attacks by national censorship systems in China and Iran.
We also have a blind signature authentication system that cryptographically guarantees servers can never associate browsing activity with user identities, even if fully compromised.
Is your code open source?
Everything, including this website, is open source on GitHub.
How does the blind signature authentication work?
When connecting, users present a cryptographic proof of valid Plus or Free subscription rather than identifying credentials. This ensures servers can verify authorization while remaining completely blind to user identity. Learn more about the protocol here!
Can’t the censor just download Geph and block all the servers?
Yes and no — Geph uses a two-hop architecture where users connect to exit nodes through bridge relays. Censors can and do block all the exit servers, but blocking bridges is much harder.
This is because a hard-to-block bootstrap protocol assigns different bridges to different users and continuously rotates them, making enumeration infeasible. Since 2019, we've observed automated enumeration attempts by China’s GFW, but they have consistently failed to disrupt service. Read our architectural overview on GitHub to learn more!
Isn’t this centralized?
Yes, but not for long! We are actively developing integration with Earendil by achieving full protocol decentralization. This will completely eliminate our infrastructure as a central point of failure.
How is Geph funded?
Geph is entirely community-funded through Plus subscriptions, ensuring our long-term independence and sustainability.