Trust Model
You’re putting software between your modem and router. That deserves scrutiny.
Position: Outside Your LAN
Section titled “Position: Outside Your LAN”Wirebump sits between your router and your modem. It does not sit inside your network.
This means:
- Your router’s firewall remains intact
- Your VLANs and network segmentation remain intact
- Wirebump only handles traffic you were already sending to the public internet
- It cannot see individual devices or LAN-internal traffic
Think of it this way: Wirebump sees the same traffic your ISP would see. The difference is that Wirebump encrypts it and sends it through your VPN providers instead of sending it in the clear to your ISP.
Verification: Wireshark It
Section titled “Verification: Wireshark It”You do not have to take anyone’s word for this. Put a port mirror on the WAN side and see for yourself.
You should see:
- Pings (ICMP health checks)
- WireGuard traffic to your VPN endpoints
- Nothing else
If you see anything else, something is wrong. This is verifiable with standard network tools.
Trust Calibration
Section titled “Trust Calibration”If you’re evaluating whether to trust Wirebump, the right question is not “is this perfectly trustworthy?” Nothing is.
The right question is: does the trust ask make sense given the value delivered?
Wirebump asks for about the same trust you already give your VPN providers and your router firmware. It sits outside your LAN where it cannot see internal traffic. It is verifiable with standard tools. And it solves real problems that alternatives do not solve well.
Full Trust Model
Section titled “Full Trust Model”The above covers the essentials. For complete details on worst-case scenarios, recovery options, and honest limitations, read the full trust model page.
Related
Section titled “Related”- Privacy Overview - Overview of privacy and security considerations
- About Wirebump - How Wirebump works and who built it