Skip to main content
Technology

Six layers working as one organism.

Classic VPNs pick one protocol and pray that it does not get blocked. CHIMERA is built differently: it is not a protocol, it is an echelon of six, plus models that decide which one is active right now.

I

Multi-protocol engine

Six built-in transports: WireGuard-TLS, V2Ray VLESS+XTLS, Shadowsocks 2022, OpenVPN+obfs4, HTTP/2 CDN tunnel, WebRTC DataChannel. Switching between them within a single TCP session — without breaking applications.

II

ML protocol selector

A compact model runs on the client (ONNX export, CPU inference). It observes current network signals — RTT, jitter, dropped-packet ratio, SNI patterns — and picks the protocol with the lowest detection probability for the current ISP. Retrained nightly on aggregated telemetry.

III

Steganography in WebRTC and CDN

Fallback layer: if every "classic" obfuscated transport is blocked, traffic moves over a WebRTC DataChannel (masquerading as a video call) or through an HTTP/2 CDN session (indistinguishable from a regular page load). This layer is our unique contribution; we are not aware of another VPN doing it in production.

IV

Decentralised node network

Exit nodes do not know each other directly. DHT discovery, Raft consensus for coordination, a reputation system filters out compromised nodes. A single-node compromise never reveals the entire network — keys are per-node, geo-balancing is per-client.

V

DPI predictor

A separate cloud model watches public reports about our network and known DPI signatures. As soon as a new detection pattern appears, an update is pushed to clients within an hour. It works as a reactive immune system.

VI

No-logs architecture

Access logs go to /dev/null. Metrics — only aggregated counters with no IP and no user-id. /var/log on exit nodes is mounted as tmpfs — a node reboot wipes everything. Annual independent audit. Warrant canary refreshed monthly.

FAQ

The questions people usually ask.

How do I know you really keep no logs?

An external audit is planned and will be published in full when complete. The warrant canary refreshes monthly. The infrastructure runs on anonymous hosting providers, not AWS/GCP — there's nobody there to coerce.

What happens if one of the nodes is seized?

The client stops using it within 60 seconds (DHT heartbeat). Keys are per-node — that node does not know any other node's key. The network keeps running.

Why crypto-only payment?

Cards and PayPal require KYC. Any fiat integration breaks the anonymity of the business model. Monero is the most private option, Lightning the fastest.

Can I read the client source code?

The core (chimera-core) will be opened as reproducible-build artifacts after the external audit. The full server-side source code stays closed — that's our competitive uniqueness.