Casper's Cloak

Built by ghosts.

We don't put our names on the website. That's not modesty — it's the same instinct that built the product.

Casper's Cloak is built and run by a small team of privacy and security operators who prefer to work quietly. We don't post our LinkedIn profiles. We don't do press tours. We're not going to put a founder's headshot in the hero. What we look like is not the point — what we do is.

Why we don't publish our names

A lot of privacy companies have a glossy "Meet the team" page with everyone smiling on a sunlit Brooklyn rooftop. We respect that. It's not what we do.

Two honest reasons:

  • The work attracts attention. A product that blocks phishing operations and surveillance infrastructure is, by design, in opposition to the people who run those things. Discretion is not a marketing posture for us. It's how we stay effective.
  • We hold ourselves to our own product's standard. Casper exists because we believe most people give up too much personal information by default. It would be strange if the team that built it didn't take the same advice.

Read into "ghosts" whatever you want. The word has done a lot of work in different contexts. We don't need to define it for you.

What we actually do

We build and operate a single product: Casper's Cloak, a privacy and security app for iPhone, Mac, and Android. The app combines four things that are usually sold separately:

  • Network-level ad blocking — in every app, not just browsers, using the same DNS-filtering technique Pi-hole pioneered.
  • Network-level tracker blocking — Facebook SDK, Google Analytics, AppsFlyer, and roughly 50,000 other tracking domains and SDK ingestion endpoints.
  • An AI threat classifier running on every DNS query — scoring domains in real time against ~40 features. Designed to catch zero-day phishing infrastructure before it lands on a public blocklist.
  • An encrypted WireGuard VPN tunnel — so on hostile networks (coffee shops, hotels, airports, conferences), the local network can't see your traffic and can't inject anything into it.

One subscription, every device. No telemetry collected from the user. We sell software, not data.

What you can verify (even though you can't verify us)

It's a reasonable position to be skeptical of an anonymous team. Here's what is verifiable about Casper's Cloak independent of anything we tell you:

App Store presenceActive iOS and Android apps, both passing Apple's and Google's review processes — including the privacy-policy and data-handling review that ships with VPN apps.
Standards-based protocolWireGuard, an open, audited VPN protocol developed by Jason Donenfeld. We did not write our own crypto. We use the same protocol everyone else who's serious uses.
Open infrastructure stackPi-hole as the ad-blocking engine (open source), Unbound for DNS resolution (open source), DNS-over-TLS to Cloudflare and Quad9 upstreams. Every component is independently auditable.
Public technical writingOur blog is technical, specific, and frequently critical of our own category (including ourselves). If we didn't know the field we'd embarrass ourselves quickly.
No-log infrastructure designDNS queries handled in-memory. No connection logs persisted to disk. The architecture is structured so we can't hand over data we don't have. Independent audit attestation available on request.
A real contact pathEmail reaches us. Reach out with a technical question, a press inquiry, or a security disclosure. We answer.

Anonymous doesn't mean unreachable. It means we choose the channels we communicate through. Email, the App Store review system, the apps themselves, and this blog. That's the surface.

What we believe

Most of the privacy and security tooling people are sold has the same shape: an app that promises to block ads, except only in one browser. A VPN that hides your IP from the websites you visit but logs everything for itself. A threat scanner that runs only when you remember to open it. A blocklist of known-bad domains updated once a week by people three time zones away from the phishing operators.

The threats moved faster than that. Phishing domains rotate hourly. Tracker SDKs reach every app, not just the browser. The hostile WiFi attacks people warn you about in 2015 articles are mostly mitigated now — but evil-twin access points and metadata correlation aren't, and almost no consumer product addresses those.

Casper is the product we wanted to use. The defense we'd build if we ran security for a small organization where nobody could afford to be sloppy. We built it for ourselves first. The fact that you can subscribe to it now is somewhat incidental to the original problem.

What we don't do

  • We don't sell user data. There's no advertising business inside Casper. There's no aggregated-insights product we license to brands. We sell software and only software.
  • We don't operate a free tier funded by ads. Our free trial exists so people can try the product. It's funded by paying customers, not by extracting value from non-paying ones.
  • We don't make claims we can't substantiate. "AI" in our description means a real machine-learning classifier with a real false-positive rate we'll discuss with you. "No-log" means architectural design choices, not a marketing line.
  • We don't disclose people who don't want to be disclosed. That includes our team. It also includes you, which is the whole reason the product exists.

How to reach us

For most things, the contact page is the front door. For security disclosures specifically, the same email reaches the same humans — we don't have a separate security org because we're small enough that everyone who builds the product also reads the disclosures.

The blog at /blog is where we write the longer-form technical posts. The writing is the work too — if you want to know how we think, that's the right place to look.

Try the product

The clearest signal of who we are is what we ship. Install Casper's Cloak on your phone and see how it behaves.

See pricingRead the blogGet in touch