🆕 Redo VPN Providers Section #1139

New Issue

jonah · 2019-08-11T23:27:26Z

jonah commented

2019-08-11 23:27:26 +00:00

Following up on https://github.com/privacytoolsIO/privacytools.io/issues/1131#issuecomment-520168216, we are going to delist every VPN provider and re-investigate all the options on the market for inclusion.

A quick poll among the team revealed that the only providers we utilize are Mullvad and ProtonVPN. Therefore at the moment those are the only two providers being considered for inclusion in the revamped section. If anyone feels we should research another option please list it below!

New Requirement: Independent Security Audits

✅ Mullvad, Security assessment of client software

⚠️ ProtonVPN, in progress:

Dear Jonah,

Thank you for reaching out.

We are currently undergoing a complete security audit of our VPN applications by a reputable Swiss security company. The results of the audit will be summarized in a public report for cases like this.

We would be happy to present this to you when it is finalized.

❓ AzireVPN, none? Emailed with inquiry 8/16/19

❓ PenguinVPN, none? Emailed with inquiry 8/16/19

⚠️ IVPN, planned:

Pestell told us the company is currently arranging a full security audit and penetration test for later in 2019.

Following up on https://github.com/privacytoolsIO/privacytools.io/issues/1131#issuecomment-520168216, we are going to delist every VPN provider and re-investigate all the options on the market for inclusion. A quick poll among the team revealed that the only providers we utilize are Mullvad and ProtonVPN. Therefore at the moment those are the only two providers being considered for inclusion in the revamped section. If anyone feels we should research another option please list it below! --- ## New Requirement: Independent Security Audits ✅ Mullvad, [Security assessment of client software](https://cure53.de/pentest-report_mullvad_v2.pdf) ⚠️ ProtonVPN, in progress: > Dear Jonah, > >Thank you for reaching out. > >We are currently undergoing a complete security audit of our VPN applications by a reputable Swiss security company. The results of the audit will be summarized in a public report for cases like this. > >We would be happy to present this to you when it is finalized. ❓ AzireVPN, none? Emailed with inquiry 8/16/19 ❓ PenguinVPN, none? Emailed with inquiry 8/16/19 ⚠️ IVPN, planned: > [Pestell told us the company is currently arranging a full security audit and penetration test for later in 2019.](https://thewirecutter.com/reviews/best-vpn-service/#the-competition)

👍 5

ghbjklhv1 commented

2019-08-13 03:32:57 +00:00

(Migrated from github.com)

I mainly use AzireVPN, as it is fast and easy to set up.

However, I've heard good reviews of an ~couple~ unlisted providers:

PenguinVPN (US Based)

What I would find interesting, is a blog post on how to self-host.
Maybe using a Vikings VPS or Orange Host?

Some available tools:
https://github.com/Kickball/awesome-selfhosted#vpn

I mainly use AzireVPN, as it is fast and easy to set up. ______________ However, I've heard good reviews of an ~couple~ unlisted providers: - [PenguinVPN](https://www.thinkpenguin.com/gnu-linux/penguinvpn-subscription-1-6-and-12-month-options) (US Based) __________________ What I would find interesting, is a blog post on how to self-host. Maybe using a [Vikings VPS](https://vikings.net) or Orange Host? Some available tools: https://github.com/Kickball/awesome-selfhosted#vpn

👍 4

nitrohorse commented

2019-08-13 06:25:31 +00:00

(Migrated from github.com)

What I would find interesting, is a blog post on how to self-host. Maybe using a Vikings VPS or Orange Host?

Hmm, something like https://github.com/trailofbits/algo comes to mind. But regardless I like that idea.

> What I would find interesting, is a blog post on how to self-host. Maybe using a Vikings VPS or Orange Host? Hmm, something like https://github.com/trailofbits/algo comes to mind. But regardless I like that idea.

blacklight447 commented

2019-08-13 09:37:00 +00:00

(Migrated from github.com)

right now i also think it would be smart to discuss a limit on the amount of VPN providers listed. this way we can only recommend the vpn providers we really stand behind, and have a word back to everyone who wants their vpn provider recommend because it has a okay-ish privacy policy. the only way to be listed if all entries are filled would be to either have another vpn removed because they do something unacceptable, or the other provider does some extraordinary things the really makes it better then the one already listed.

👍 1

nitrohorse commented

2019-08-13 14:25:11 +00:00

(Migrated from github.com)

What about a limit of 3? Like how other sections?

blacklight447 commented

2019-08-13 14:28:10 +00:00

(Migrated from github.com)

That would seem reasonable and in line of what we do with other things. it also means that those recommendations will often come back on the chopping block to see if they are still the best, which means the recommendations will stay up to date better, and bad apples like #1141 wont slip through.

👍 1

five-c-d commented

2019-08-14 13:20:57 +00:00

(Migrated from github.com)

I think there are two main subcategories which matter here:

people who are serious about privacy, will pay for mullvad / protonVpnPaid / ivpn / airvpn / similar.
people who are friends/family/coworkers of somebody that is serious about privacy (and directed them to privacyToolsIO listings) will want free-as-in-beer, and thus will always either pick protonVpnFreemium or maybe canadian-based tunnelbear/mcafee.

The top3 listings in the revamped version of the listings should therefore be:

protonVpnFreemium -- best if you don't want to pay money
mullvad -- most recommended for serious privacy
protonVpnPaid -- also very good
WorthMentioningFree: Tunnelbear (maybe?), hideDotMe (maybe??)
WorthMentioning: iVPN, AirVPN

I think that mentioning self-hosting is possibly worthwhile, but there are big caveats: most people aren't going to be able to competently harden a server on their own physical hardware & premises... the cloud-provider and/or network-bandwidth provider can see the traffic at the IP address level and infer a lot from that if they so wish... etc.

I think there are two main subcategories which matter here: * people who are serious about privacy, will pay for mullvad / protonVpnPaid / ivpn / airvpn / similar. * people who are friends/family/coworkers of somebody that is serious about privacy (and directed them to privacyToolsIO listings) will want free-as-in-beer, and thus will always either pick protonVpnFreemium or maybe canadian-based tunnelbear/mcafee. The top3 listings in the revamped version of the listings should therefore be: 1. protonVpnFreemium -- best if you don't want to pay money 2. mullvad -- most recommended for serious privacy 3. protonVpnPaid -- also very good WorthMentioningFree: Tunnelbear (maybe?), hideDotMe (maybe??) WorthMentioning: iVPN, AirVPN I think that mentioning self-hosting is possibly worthwhile, but there are big caveats: most people aren't going to be able to competently harden a server on their own physical hardware & premises... the cloud-provider and/or network-bandwidth provider can see the traffic at the IP address level and infer a lot from that if they so wish... etc.

merlinnusr commented

2019-08-15 16:50:44 +00:00

(Migrated from github.com)

I mainly use AzireVPN, as it is fast and easy to set up.

Also azirevpn cool security features like this:

The Blind Operator mode is rootkit-like Linux kernel module that removes the ability of an ordinary system administrator to query the content of the endpoint and allowed ips fields from WireGuard, and also disables the ability to run live network monitoring tools such as tcpdump and similar software. This module is loaded at boot time on all our VPN servers.

Disables loading and unloading of Linux kernel modules.
Disables access to /dev/{mem,kmem,port} and /proc/kcore.
Disables creation of AF_RAW and AF_INET(6)/SOCK_RAW sockets to break tcpdump and similar software.
Disables ptrace, /proc/PID/mem and core dumps to prevent data extraction from software like OpenVPN.
Disables the display of endpoint and allowed ips fields from WireGuard.

No hard drives
Our VPN servers are running without any hard drives or any other type of persistent media.

https://www.azirevpn.com/docs/security

> I mainly use AzireVPN, as it is fast and easy to set up. Also azirevpn cool security features like this: `The Blind Operator mode is rootkit-like Linux kernel module that removes the ability of an ordinary system administrator to query the content of the endpoint and allowed ips fields from WireGuard, and also disables the ability to run live network monitoring tools such as tcpdump and similar software. This module is loaded at boot time on all our VPN servers.` - > Disables loading and unloading of Linux kernel modules. - > Disables access to /dev/{mem,kmem,port} and /proc/kcore. - > Disables creation of AF_RAW and AF_INET(6)/SOCK_RAW sockets to break tcpdump and similar software. - > Disables ptrace, /proc/PID/mem and core dumps to prevent data extraction from software like OpenVPN. - > Disables the display of endpoint and allowed ips fields from WireGuard. > > No hard drives > Our VPN servers are running without any hard drives or any other type of persistent media. https://www.azirevpn.com/docs/security

jonah commented

2019-08-16 20:56:43 +00:00

Just a note: We are most likely going to only recommend VPN providers with independent security audits.

👍 1

nitrohorse commented

2019-08-16 22:10:59 +00:00

(Migrated from github.com)

Side note: I think we should definitely link this recent research article about the VPN landscape to our “worth mentioning” section: https://thewirecutter.com/reviews/best-vpn-service/

👍 2

This repo is archived. You cannot comment on issues.