RouteHardenHire us
← All tracks

// track 09

Field Tactics & Buying Guides

Tactical field guides and head-to-head buying decisions. VPS routing, protocol selection, browser hardening, residential egress, and the trade-offs behind each.

14 of 14 modules published

  1. 9.1

    Xray Reality vs WireGuard: when to use which

    Two protocols, two threat models. WireGuard hides what's in the pipe. Reality hides that there's a pipe at all.

    10 min read
  2. 9.2

    DMIT Tokyo Premium vs AWS Lightsail Tokyo: when CN2 GIA actually matters

    Two Tokyo VPS providers, two completely different products. The spec sheet won't tell you why one of them costs 3x more — the routing will.

    8 min read
  3. 9.3

    How to buy a CN2 GIA VPS when DMIT Tokyo is sold out

    DMIT Tokyo Premium is the consensus pick for CN2 GIA, and it's sold out most of the time. Here's the priority list for getting on the route anyway.

    8 min read
  4. 9.4

    Routing self-hosted egress through a residential proxy

    How to chain a self-hosted egress stack through a residential proxy using SOCKS5 or HTTP CONNECT, and what that does and does not actually buy you.

    8 min read
  5. 9.5

    Domain fronting in 2026: mostly dead, not actually gone

    What classic domain fronting is, why big clouds shut it down, where it still appears, and why ECH or MASQUE are not the same thing.

    7 min read
  6. 9.6

    Browser fingerprint hardening with Firefox, arkenfox, and uBlock Origin

    How to reduce browser fingerprinting with sane Firefox settings, arkenfox, uBlock Origin, and Tor Browser when you actually need stronger cover.

    7 min read
  7. 9.7

    JA3 and JA4 TLS fingerprints, explained

    How JA3 and JA4 fingerprint the TLS ClientHello, what they're good for, and why they are correlation signals rather than identities.

    8 min read
  8. 9.8

    Pi-hole plus DoH for a home network in 2026

    How to run Pi-hole with dnscrypt-proxy for encrypted upstream DNS, and why most old cloudflared proxy-dns guides are stale after February 2, 2026.

    7 min read
  9. 9.9

    OpenWrt privacy router without breakage theater

    How to build an OpenWrt privacy router with WireGuard, policy-based routing, explicit DNS handling, and fewer leak-prone shortcuts.

    8 min read
  10. 9.10

    Tor for technical users who keep asking for Tor over WireGuard

    What Tor actually does, why Tor Browser discipline matters, when bridges help, and why stacking WireGuard on top usually solves the wrong problem.

    8 min read
  11. 9.11

    Active probing defense for proxy and tunnel operators

    How active probing works, why handshake secrets are not enough, and what obfs4, ScrambleSuit, and REALITY teach about blending into normal traffic.

    7 min read
  12. 9.12

    sing-box config reference for sane self-hosted routing

    A practical sing-box configuration guide covering route.final, rule-sets, DNS rule deprecations, selector, URLTest, and tun loop prevention.

    9 min read
  13. 9.13

    Cloud GPU rental privacy considerations

    What renting a GPU actually reveals about you, what providers can see at each layer, and the mitigations that change one threat without changing the others.

    14 min read
  14. 9.14

    Kernel-level packet filtering: XDP and eBPF basics

    An operator-first introduction to XDP and eBPF packet filtering: where XDP sits in the path, what the actions mean, and when it beats nftables or tc.

    7 min read

// for teams and consultants

Need this curriculum for your team?

Custom training, downloadable companion assets, network-architecture review, and on-call deployment help land inside our consulting engagements →