Closed atomGit closed 2 years ago
Thanks for the request. Looks really good. I like their security page, clear yet contains everything you'd need to know. Level 7, legal insurance is pretty cool, as they'll be able to fight against a subpoena / data request.
I reached out to them with regards to lack of an audit, no open source apps, warrant canary, and the questions regarding the analytics + data they are collecting on their homepage. And in case anyone is interested, here was their reply:
Our own apps are not open source yet, but that's something on our to-do list. You're free to use the normal WireGuard and OpenVPN Connect apps though if you prefer to use open-source applications, we provide configuration files for that.
No, we don't have a warrant canary. Warrant canary is mostly a sale ploy by some VPN providers; there's nothing that stops the FBI from seeing a warrant canary as a breach.
With that said, there's no equivalence to that in Sweden, we're free to disclose how many times the police have contacted us. We mention in our monthly transparency reports how many times police has contacted us that month.
We haven't had an independent audit, although that is something we hope to have this year. We have had a court case though which we won.
We don't use analytics. The pricing page doe suse PayPal, yes, but that's for PayPal payments. BrainTree is for credit card payments, and Intercom is our support platform. We plan to switch from BrainTree to Stripe, but in that case it'd just switch from BrainTree to Stripe.
As for cryptocurrencies, we're open to suggestions if you have any.
My only concern, and it is a minor one, is that their website is really bad, it's full of analytics, even just visiting the homepage it's sending data to PayPal, Intercom (for chat), Piwik (self-hosted though), Braintree, etc. And for crypto payments they're using coinpayments.net, which has a very questionable privacy policy. And I feel like their answer (above) wasn't very sufficient. My first thought, was if their website is this sloppy, it doesn't instill confidence about how they run the rest of their infrastructure. But that's just my opinion, and it's probably just a side effect of a smaller company.
I do trust Michael Horowitz, and am sure he will have done substantial research before recommending it. I'm going to try it out properly later today. But 11 quid for a single month with multi-hop, is quite steep!
Unless anyone else has anything to add, or any reservations, I am happy for OVPN to be added to the list.
Added.
OVPN was just recommended to me by Michael Horowitz who wrote A Defensive Computing Checklist
OVPN (they do WG too) looks like another interesting one (i haven't used it)...
"Total infrastructure ownership" of course does not refer to the data-centers
also of interest...
...