I took a look at this, it seems the way it works is when you do a DNS lookup it does a lookup itself and rewrites the IPs before returning to you. It stores a mapping of client IP and rewritten IP to real IP and when it gets a request on the rewritten IP it looks up the original and proxies the request. Pretty cool, but I wouldn't trust it with anything unencrypted. It offers no privacy benefits.