[peterwwillis]

I can use existing products to identify your particular device even in a completely encrypted connection; if I can see the requests' content, I can tell even more, regardless of user agent string. And if I can see the requests, I can probably inject a response, which allows for a large range of probes and attacks to further identify your device. Worst case I can even use your latency to identify where you are.

Privacy means that nobody but you and the site you are visiting have your private information. Anonymity means the site you are using has no idea who you are. They really need to clarify these things.

[tenta]

On the UA string, thats a good suggestion. We can look how much device info we need to send and add some settings for that. On the privacy question, it sounds like the zone you used was connected to a local connection instead over the VPN connection. In the next build we're going to make this more obvious. Tap on the flag or blue pin icon in the top right corner to open Zone settings and you can see a drop down of locations to choose from.

Btw, it's not added yet, but we will make the default selection "Fastest Connection".

As far as trusting us to run the VPN edge for you, we will work on variety of ways to earn that trust as I've mentioned throughout my comments. But this is also why we're working on a way to let people run their own edges.

Thanks for the feedback, we'll make sure to clarify this all on the site!

[sockopen]

Yes, and statements on their website like the following don't help:

"With Tenta Browser, your IP address and location is kept private and discreet."

A clear, published threat model would be great.