"A VPN makes me anonymous online."
False — and there's a bigger threat you've probably never heard of.
A VPN replaces your IP address with the VPN provider's IP address. That's it. That's the privacy product. Your IP address is one of the least reliable ways you're tracked online — and masking it while leaving everything else untouched is like putting on a hat to avoid being recognized while your passport is visible, your gait is distinctive, and your voice is carrying.
The more durable tracking mechanisms — browser fingerprinting, first-party cookies, advertiser pixels, login sessions — operate completely independently of your IP. Log into Gmail from a VPN and Google knows exactly who you are. Browse Amazon without logging in and Amazon can still identify your device with high confidence from your browser's fingerprint alone. A VPN doesn't touch any of this.
More importantly: a VPN doesn't hide you from the VPN provider. You've simply moved your visibility from your internet provider to a third-party company whose entire business model depends on you believing you're invisible.
🍪 You clicked "Reject All." They're still tracking you. Those cookie consent popups required by EU law give many people a false sense of control. When you reject tracking cookies, some website operators simply switch to fingerprinting instead — and fingerprinting is legal in most jurisdictions, requires no consent banner, leaves no trace in your browser, and is often more accurate than cookies. Clicking "reject" stopped one method. It didn't stop tracking.
💡 True anonymity — hiding your identity from everyone, including the tools you use — requires routing through multiple independent parties with no single point of knowledge. That's what Tor does. Bloqr is a privacy tool. Tor is an anonymity tool. They solve different problems.
↓ What is browser fingerprinting — and why is it harder to stop than cookies?
""No-log" means my VPN provider can't see my activity."
Documented lie, in multiple court cases.
Several major VPN providers have been proven in court to have logged user activity and handed it to law enforcement — directly contradicting their advertised "no-log" policies.
PureVPN's own marketing claimed "we keep absolutely no logs." Court documents showed they provided the FBI with timestamp-correlated IP address data used to prosecute a stalking case. IPVanish supplied session logs to US Homeland Security. In 2020, seven VPN providers operating shared infrastructure were found to have 1.2TB of user logs sitting on a publicly accessible server — all of them advertised "no-log" policies.
The pattern is consistent: "no-log" is a marketing claim. Without audited, published technical architecture showing what data is physically impossible to collect, it's unverifiable. You are trusting their word against a backdrop of documented cases where their word was wrong.
🔍 What Bloqr actually stores — and what we don't. We've designed around data minimization from the start, not as an afterthought. What we collect: account identifiers (hashed where technically feasible), subscription status, and your filter rule configuration. What we don't collect: DNS queries, domain visit history, timestamps tied to individual lookups, or behavioral patterns of any kind. The full list is published. Every data element has a documented retention period. You can delete your data instantly, down to the row level, from your account dashboard. "No-log" as a technical architecture is different from "no-log" as a slogan — we intend to be the former, and our legal counsel is reviewing every claim on this page to make sure we mean it.
"VPNs protect me from hackers on public WiFi."
The threat they solved is mostly gone. The threat they didn't solve is very much not.
This was a reasonable concern in 2012. Back then, most websites used unencrypted HTTP, and a rogue hotspot could trivially intercept your passwords in plain text. VPNs were a real defense against a real attack.
Today, over 95% of web traffic uses HTTPS — the same encryption that protects your bank, your email, and your social media. A coffee shop attacker can no longer read your traffic regardless of whether you're on a VPN. The scary "public WiFi hacker" scenario the VPN ads show you has been largely neutralized by something that happened quietly while they kept running those ads.
But here's what the ads don't mention: the router itself — whether in a coffee shop, a hotel, or your neighbor's home — can still see and log every website name you look up. Not the content (HTTPS handles that). The lookups. Every domain. Every device. Every session.
That lookup — "where is this website?" — travels in plain text, like a postcard, not a sealed envelope. The router owner doesn't need to be a hacker to read it. The router firmware just does it, because that's how the internet was designed in 1987 and nobody updated the defaults.
A VPN solves this by routing your lookups through the VPN's server instead. But so does encrypted DNS — without routing all your traffic through a stranger's proxy.
Where your "what's the address for this website?" request is visible:
💻 Your Device
📡 Router
(café / hotel / home) Can read it
🏢 Your internet provider Can read & sell it
📖 Website lookup service Logs your queries
HTTPS encrypts your actual browsing (the page content). It does not encrypt the lookup that gets you there. Bloqr keeps those website lookups private by enabling encrypted DNS in the background.
📡 Even password-protected WiFi doesn't protect your lookups from the router owner. A WiFi password keeps outsiders off the network. It doesn't hide your traffic from the person running the router. The coffee shop owner, the hotel IT team, whoever set up that airport hotspot — they all have the keys to the WiFi encryption layer. They can see every domain name your device looks up, even if they can't read the actual page content. This is the threat most VPN ads visualize but almost none of them explain accurately.
"Using a VPN means my internet provider can't see what I do."
True — but you've relocated the problem, not solved it. And DNS is still the gap.
This one is technically accurate, and it's also the entire VPN sales pitch. What it leaves out: you haven't eliminated surveillance — you've moved it from your internet provider to your VPN provider. You've traded one large company with a regulatory body for a smaller company often incorporated in a jurisdiction chosen specifically to avoid oversight. The EFF says it plainly: "you should be sure you trust your VPN provider."
But there's a larger problem this framing sidesteps entirely: the thing that makes you most trackable isn't your IP address. It's your DNS lookups.
DNS is the internet's address book. Every time you visit a website, your device asks a server: "what's the address for this domain?" That question travels in plain text — unencrypted, readable by your internet provider, your router, every network hop between you and the answer. HTTPS encrypts the actual conversation once you get there. It doesn't encrypt the lookup that got you there.
This is the last major plaintext protocol in everyday internet use. The web moved to HTTPS. Email moved to TLS. Messaging moved to end-to-end encryption. DNS was designed in 1987 and the encryption couldn't be retrofitted into the original protocol — which is why encrypted DNS (DoH, DoT) exists as a separate layer rather than an update to the standard.
VPN providers also maintain physical infrastructure in dozens of countries. Those servers are subject to the laws of wherever they're physically located — not just where the company is incorporated. That legal complexity is expensive. Lawyers in 47 jurisdictions cost money. Compliance teams cost money. Server colocation in strategic locations costs money. This is a meaningful part of why consumer VPNs cost $10-20 per month.
Bloqr runs on Cloudflare's network — the same infrastructure that handles roughly 20% of all internet traffic globally. Cloudflare's data governance, privacy commitments, and legal framework are unified, published, and backed by the same company that provides infrastructure for millions of businesses. We inherit that framework. We don't have 47 sets of laws to navigate. Neither do you.
🌍 One jurisdiction. No legal treasure hunt. Consumer VPN providers often advertise their incorporation in "privacy-friendly" countries as a selling point. In practice, their servers are physically located in dozens of countries, each with its own laws about what can be demanded from infrastructure operators. Your traffic may exit through a server in a country you've never thought about, subject to laws you've never read. Bloqr operates on Cloudflare's network under a single, published privacy framework. You're not buying a legal mystery. You're buying something we can actually explain.
"VPNs don't slow down your internet."
False. And the right tool for the job actually makes you faster.
A VPN adds overhead. This is not a defect — it's the mechanism. Every packet is encrypted, wrapped, sent to the VPN server, unwrapped, forwarded, and the response makes the same trip back. Quality paid VPNs typically show 10–30% speed reductions under normal conditions; free VPNs frequently deliver 50–80% losses on congested shared infrastructure.
Latency gets worse. If you're in Chicago connecting through a VPN server in Amsterdam to reach a US website, your data physically travels Chicago → Amsterdam → US → Amsterdam → Chicago for every single request. This is called the trombone effect. It's unavoidable geometry.
Here's what the ads don't mention: if blocking trackers and ads is your actual goal, blocking at the website lookup layer doesn't add latency — it removes it. Your browser normally has to wait for every tracker, ad script, analytics beacon, and A/B testing framework to load before the page is considered finished. These aren't decoration. They're blocking calls. A page that loads 40 external trackers waits for all 40 before it's complete — and some are slow servers in foreign countries.
When Bloqr blocks those domains at the network level, your browser doesn't wait for them. The request never leaves your device. Pages load faster as a direct byproduct of better privacy hygiene. Speed is the dividend of filtering, not a tradeoff against it.
⚡ Filtering doesn't slow your internet. It unclogs it. Independent testing consistently shows that ad and tracker blocking at the website lookup layer reduces page load times by 20–40% on media-heavy websites. The resources that aren't blocked don't have to wait for the ones that are. Every tracker that never loads is milliseconds back in your life — multiplied by every page, every day. A VPN adds a toll booth. Good hygiene removes the traffic jam.
"Consumer VPNs are the same as corporate VPNs."
Completely different products. Same three letters.
Corporate VPNs connect your device to a private internal network — your company's file servers, internal tools, and systems that aren't accessible from the public internet. They extend the private network to you. In enterprise deployments using RADIUS authentication, your company owns and controls the encryption keys, and those keys are subject to the same legal obligations that govern your employment agreement. There is accountability in both directions.
Consumer VPNs do something entirely different: they route your traffic through a proxy server operated by a third party. There is no private network you're joining. You're not being extended trust. You're paying a stranger to be in the middle of your internet connection and hoping they're trustworthy.
The VPN industry borrowed the acronym from enterprise networking deliberately. It adds an air of security legitimacy to what is, technically, an encrypted proxy service. Calling them both "VPN" is like calling a garden hose and a fire main the same thing because they both carry water.
If what you actually want is enterprise-grade network security — zero-trust access control, identity-verified tunnels, device posture checking — that technology exists. Cloudflare One provides exactly this, built on Cloudflare Tunnel, with no single point of failure and no performance penalty for routing your traffic through a distant proxy. It's not a consumer VPN. It's the architecture consumer VPNs are pretending to be. We're evaluating whether to offer this as a Bloqr add-on for users who want genuine network-level security beyond DNS hygiene.
"A VPN gives me full control over my privacy settings."
The opposite. You get their rules, their servers, their decisions — and often their contract.
Take NordVPN as an example — the most-marketed consumer VPN on the market. Their "Threat Protection" feature blocks ads, trackers, and malware at the website lookup layer. Sounds useful. Here's what you don't get: you cannot see which domains are blocked. You cannot add your own block rules. You cannot whitelist a domain that was incorrectly blocked. You cannot use a different privacy or filtering service. You cannot bring your own filter lists. There is no transparency into what "threat" means in their system. It's their definition, updated on their schedule, with no audit trail visible to you.
This isn't an oversight. It's the model. Opacity prevents churn. If you can't see what's blocked, you can't compare it to anything else. If you can't import your own rules, you can't leave without losing your configuration. If you're on an annual contract — which their marketing aggressively pushes with discounts — you're legally obligated to keep paying.
Monthly plans run $12-20 depending on provider and current promotion. Annual contracts offer discounts in exchange for removing your ability to cancel without losing money.
Bloqr's model is the inverse of this: your rules, your lists, your vendor. Every blocked domain is visible to you. False positives are whitelistable instantly, and the change propagates to every device you own in seconds. If you already use AdGuard, NextDNS, Pi-hole, or another filtering provider, we integrate with their API — you don't lose your configuration, your lists, or your institutional knowledge. If you don't have a provider, we handle it, and you can switch to your own later without starting over. No long-term contracts. Monthly and annual pricing, with no penalty for leaving.
🔒 Vendor lock-in is a privacy risk too. When your privacy tool controls your rules and you can't export them, you're dependent on that company's continued existence, continued trustworthiness, and continued pricing. Privacy tools shouldn't create new dependencies. Bloqr is built around portability: your lists, your vendor, your configuration — and we're here to make all of it work better together, not to replace it all with ours.
"You can trust a VPN's jurisdiction to protect your privacy from legal requests."
Complicated. And Cloudflare makes our answer much simpler than most.
Many VPN providers advertise incorporation in "privacy-friendly" jurisdictions — the British Virgin Islands, Panama, Romania. The theory: local laws prevent them from complying with foreign government data requests. In practice, this is far more complicated.
Mutual legal assistance treaties (MLATs) create pathways for cross-border data requests. Server seizures happen in whatever country the physical hardware is located — which may be different from where the company is incorporated. Voluntary compliance happens when providers decide cooperation is easier than litigation. And the five-eyes, nine-eyes, and fourteen-eyes intelligence-sharing agreements create additional pathways that "we're incorporated in Panama" does not address.
Legal complexity is also expensive complexity. Maintaining servers in 60 countries, each with unique data retention laws, disclosure requirements, and regulatory bodies, requires legal teams in each jurisdiction. That's a meaningful driver of why VPN pricing is what it is.
Our situation is different. Bloqr runs on Cloudflare's infrastructure — a publicly traded US company with published transparency reports, a GDPR-compliant data processing framework, and one set of clearly documented policies. We don't operate VPN servers in 60 countries. We don't have 60 sets of laws to navigate or hide behind. Our legal framework is singular, documented, and inherits from one of the most scrutinized privacy policies on the internet.
More relevantly: the most effective legal protection isn't a favorable jurisdiction. It's not having the data in the first place. We do not log DNS queries. We do not record your browsing behavior. What is architecturally impossible to collect cannot be produced in response to any legal request, regardless of jurisdiction. We're having our attorneys verify the precise framing of that claim — because we want to say it accurately, not just reassuringly.
⚖️ What's never logged in the first place can't be produced. This is the only airtight answer to the jurisdiction question, and it's one most VPN providers can't honestly give because they do log — they just claim not to. Our architecture is designed so that the data most likely to be requested (browsing history, DNS query logs) is never recorded. Note: we're working with legal counsel to validate the specific technical and legal claims on this page. We'll update them if the answer is more nuanced than the principle. That's what we mean by transparency.