[CONTENT-CHANGE] [ADD] Privacy Respecting Software > Virtual Private Networks > OVPN

[atomGit]

OVPN was just recommended to me by Michael Horowitz who wrote A Defensive Computing Checklist

OVPN (they do WG too) looks like another interesting one (i haven't used it)...

Total infrastructure ownership

All the hardware used to operate OVPN is owned by us. All VPN servers operate without hard drives as the operating system only resides in the RAM memory.

No rented servers, no virtual machines. Just pure baremetal hardware that we've either shipped or installed ourselves.

"Total infrastructure ownership" of course does not refer to the data-centers

also of interest...

OVPN has been in court fighting a two-month long information injunction as user information was requested from us. OVPN emerged victorious due to our no-logging policy.

We have an insurance that covers legal fees. OVPN has never given any information about our customers to a third party.

...

Monthly transparency reports have been published since 2014, detailing server statistics & information requests.

The company running OVPN is incorporated in Sweden and is named "OVPN Integritet AB". Integritet means Privacy in Swedish. That's how engrained our privacy focus is. The physical owners are David Wibergh & Ruben Rehn.

[Lissy93]

Thanks for the request. Looks really good. I like their security page, clear yet contains everything you'd need to know. Level 7, legal insurance is pretty cool, as they'll be able to fight against a subpoena / data request.

I reached out to them with regards to lack of an audit, no open source apps, warrant canary, and the questions regarding the analytics + data they are collecting on their homepage. And in case anyone is interested, here was their reply:

Our own apps are not open source yet, but that's something on our to-do list. You're free to use the normal WireGuard and OpenVPN Connect apps though if you prefer to use open-source applications, we provide configuration files for that.

No, we don't have a warrant canary. Warrant canary is mostly a sale ploy by some VPN providers; there's nothing that stops the FBI from seeing a warrant canary as a breach.

With that said, there's no equivalence to that in Sweden, we're free to disclose how many times the police have contacted us. We mention in our monthly transparency reports how many times police has contacted us that month.

We haven't had an independent audit, although that is something we hope to have this year. We have had a court case though which we won.

We don't use analytics. The pricing page doe suse PayPal, yes, but that's for PayPal payments. BrainTree is for credit card payments, and Intercom is our support platform. We plan to switch from BrainTree to Stripe, but in that case it'd just switch from BrainTree to Stripe.

As for cryptocurrencies, we're open to suggestions if you have any.

My only concern, and it is a minor one, is that their website is really bad, it's full of analytics, even just visiting the homepage it's sending data to PayPal, Intercom (for chat), Piwik (self-hosted though), Braintree, etc. And for crypto payments they're using coinpayments.net, which has a very questionable privacy policy. And I feel like their answer (above) wasn't very sufficient. My first thought, was if their website is this sloppy, it doesn't instill confidence about how they run the rest of their infrastructure. But that's just my opinion, and it's probably just a side effect of a smaller company.

I do trust Michael Horowitz, and am sure he will have done substantial research before recommending it. I'm going to try it out properly later today. But 11 quid for a single month with multi-hop, is quite steep!

Unless anyone else has anything to add, or any reservations, I am happy for OVPN to be added to the list.

[Lissy93]

Added.