WireGuard is a VPN protocol designed by Jason A. Donenfeld, in stable release since 2020. Around 4,000 lines of code (compared to OpenVPN’s 100,000+). Adopted by every major no-log VPN (Mullvad, Proton VPN, IVPN, NordVPN) as the default protocol or a primary option. Uses modern cryptographic primitives (Curve25519, ChaCha20, Poly1305, BLAKE2s) chosen for performance, security, and code simplicity.
What it means in practice
The advantages over OpenVPN and IPSec are operational. Faster handshake (sub-second connection establishment vs multi-second OpenVPN), lower latency (typically 5-10ms less per hop), better mobile-network resilience (handles network changes gracefully without dropping the tunnel), much smaller attack surface (the codebase fits in a single source file readable by one cryptographer in an afternoon, vs OpenVPN where security audits routinely surface novel issues). The trade-off historically has been UDP-only (some restrictive networks block UDP, requiring TCP-mode VPN protocols as fallback) and a privacy concern around static IP assignment (early WireGuard configurations assigned a stable internal IP per public key, which a logging server could correlate); both Mullvad and Proton VPN solved the privacy concern with rotating internal IPs and ephemeral key handling.
Where it shows up
Default in Mullvad apps, default in Proton VPN since 2021, available in NordVPN as NordLynx (NordVPN’s WireGuard wrapper), available in Surfshark, ExpressVPN (proprietary Lightway is a parallel evolution), and increasingly in self-hosted VPN setups (Tailscale and Headscale build mesh VPNs on WireGuard). Linux kernel native since 5.6 (March 2020). The competing protocols: OpenVPN (legacy, slower, larger attack surface, still widely supported), IKEv2/IPSec (good mobile performance, complex implementation, mostly enterprise), Lightway (ExpressVPN proprietary, modern but closed-source until recent partial release), Trojan/V2Ray (designed to evade DPI in restrictive countries, not a privacy protocol per se).
What you can change today
In your VPN client settings, switch the protocol to WireGuard if it is not already the default. Mullvad: Settings, VPN Settings, Tunnel Protocol, WireGuard. Proton VPN: Settings, Connection, Protocol, WireGuard. NordVPN: Settings, Auto-connect, Protocol, NordLynx. The performance improvement is usually visible (faster connection, lower latency, better roaming behavior). For self-hosted privacy: install WireGuard server on a VPS in a privacy-friendly jurisdiction, generate keypairs, distribute the client configs to your devices; the result is a personal VPN that no third party operates and that you control end to end.