🆕 Software Suggestion | Consider adding AzireVPN after consult about issues #1436

New Issue

2019-10-28T01:33:34Z

dngray commented

2019-10-28 01:33:34 +00:00

(Migrated from github.com)

Description

From discussion in Matrix with Linda, We could consider adding AzireVPN but the following issues would need to be solved:

Have them (AzireVPN) fix their data protection practices and when they do, put it up.
The "Blind Operator mode" kernel module AzireVPN says to use on their servers is not auditable for the public?

Based on https://git.zx2c4.com/blind-operator-mode/about/ it seems rather irresponsible to use that module. It also seems like it would be rather easy to work around it. If you have root access you could unload it, if you operate a server further up the network you'd be able to use tcpdump anyway.

AzireVPN concern. From FAQ:

Download or upload anything anonymously, without limit.

well it does, its just not strong anonymity but yes I think they should take out the word "anything" otherwise it is false marketing

Protect your identity as a researcher, journalist, whistle blower or any kind of sensitive position.

And remove that, because a person like that will have state actors that will employ fingerprinting etc, a VPN should not be recommended where life longevity/imprisonment is an issue

System logs are disabled.

Concern, impaired system security.

Agreed, system logs usually don't have anything too sensitive in them anyway

running in RAM without any physical hard drive disk which protect our users in case of seizure.

It really doesn't. There's a PXE server somewhere with disk images. The customer data is somewhere in possession of the company, anyway.

It could very well be the image they run is fairly "generic" and the configuration is pushed by something like ansible/saltstack, in that case they support "templating" from a vault of secrets.

Ie configs have things like {{ sensitive_value }} and during run time the operator must open an encrypted volume, where the contents of {{ sensitive_value }} is to have it substituted in

That means if a server goes "offline" it needs operator access to bring it back up, but the assumption is customers will move to another working server if all operators are busy.

## Description From discussion in Matrix with Linda, We could consider adding AzireVPN but the following issues would need to be solved: > Have them (AzireVPN) fix their data protection practices and when they do, put it up. > The "Blind Operator mode" kernel module AzireVPN says to use on their servers is not auditable for the public? Based on https://git.zx2c4.com/blind-operator-mode/about/ it seems rather irresponsible to use that module. It also seems like it would be rather easy to *work around* it. If you have root access you could unload it, if you operate a server further up the network you'd be able to use tcpdump anyway. > AzireVPN concern. From FAQ: >> Download or upload anything anonymously, without limit. well it does, its just not strong anonymity but yes I think they should take out the word "anything" otherwise it is false marketing >> Protect your identity as a researcher, journalist, whistle blower or any kind of sensitive position. And remove that, because a person like that will have state actors that will employ fingerprinting etc, a VPN should not be recommended where life longevity/imprisonment is an issue >> System logs are disabled. > > Concern, impaired system security. Agreed, system logs usually don't have anything too sensitive in them anyway >> running in RAM without any physical hard drive disk which protect our users in case of seizure. > > It really doesn't. There's a PXE server somewhere with disk images. The customer data is somewhere in possession of the company, anyway. It could very well be the image they run is fairly "generic" and the configuration is pushed by something like ansible/saltstack, in that case they support "templating" from a vault of secrets. Ie configs have things like `{{ sensitive_value }}` and during run time the operator must open an encrypted volume, where the contents of `{{ sensitive_value }}` is to have it substituted in That means if a server goes "offline" it needs operator access to bring it back up, but the assumption is customers will move to another working server if all operators are busy.

dngray commented

2019-10-28 15:02:00 +00:00

(Migrated from github.com)

Have them (AzireVPN) fix their data protection practices and when they do, put it up.
The "Blind Operator mode" kernel module AzireVPN says to use on their servers is not auditable for the public?

Based on https://git.zx2c4.com/blind-operator-mode/about/ it seems rather irresponsible to use that module. It also seems like it would be rather easy to work around it. If you have root access you could unload it, if you operate a server further up the network you'd be able to use tcpdump anyway.

Okay so after doing a bit more research it's not easy to unload. Also reading their security page that seems evident. I wouldn't depend on it to protect me. It's not part of our criteria so if they want to run that on their servers it's really not going to mean much to us. Many providers probably do not as they are concerned about breaking things.

The source seems available to me. We do trust that the source that is there is the source they are running. That trust is implicit when you use any VPN service.

We would give them the not-audited badge as they haven't been externally audited. They would get the IPv6 badge along with Mullvad https://github.com/privacytoolsIO/privacytools.io/issues/1435

AzireVPN. Some bits of misleading info in the FAQ. Not fully GDPR compliant.

I would like to know specifically what part is not GDPR compliant as This is not my area

AzireVPN concern. From FAQ:

Download or upload anything anonymously, without limit.

well it does, its just not strong anonymity but yes I think they should take out the word "anything" otherwise it is false marketing

I would be sure this is in the context of torrents and general P2P related materials. Realistically it's not the most sinful thing they could say. As you said:

Mullvad. A warning label for false advertising about trackers.

Looking at their website they do say "and trackers" without being really clear what trackers.

To be honest I'm only opposed to marketing which makes a VPN sound like a "silver bullet" that can "perform miracles" and should be "used to avoid the NSA and state level agencies". I do not get that vibe from AzireVPN.

We all know the ones that do that...

Protect your identity as a researcher, journalist, whistle blower or any kind of sensitive position.
And remove that, because a person like that will have state actors that will employ fingerprinting etc, a VPN should not be recommended where life longevity/imprisonment is an issue

This one bothers me more than the previous ones. I guess it's because a whistle blower should be very careful about "who knew what they are blowing the whistle on", and whether it would lead back to them. I would bet that is how they would get apprehended, not through technical means unless they were consistently releasing some kind of data. That doesn't generally seem to be the case, usually it's a dump of documents to the media. Then in that case something like SecureDrop (which requires Tor) makes more sense.

Possibly if it said "Help protect your identity as as a...." would sound better. Incidentally that's what is said on their "About Us" page:

AzireVPN was founded in 2012 with the mission to become a market-leading VPN service to help people avoiding censorship and interception on the Internet.

It may very well have been a slip of the tongue. Their about us page sounds a lot less grand and down to earth.

System logs are disabled.

Concern, impaired system security.

Agreed, system logs usually don't have anything too sensitive in them anyway

This once again is not part of our criteria. In fact we do warn to not rely on a "no logging policy".

running in RAM without any physical hard drive disk which protect our users in case of seizure.

It really doesn't. There's a PXE server somewhere with disk images. The customer data is somewhere in possession of the company, anyway.

It could very well be the image they run is fairly "generic" and the configuration is pushed by something like ansible/saltstack, in that case they support "templating" from a vault of secrets.

Ie configs have things like {{ sensitive_value }} and during run time the operator must open an encrypted volume, where the contents of {{ sensitive_value }} is to have it substituted in

That means if a server goes "offline" it needs operator access to bring it back up, but the assumption is customers will move to another working server if all operators are busy.

I asked about this in irc://irc.freenode.net/#AzireVPN and got the answer I suspected:

14:52:13    <dngray>    Curious question, if a AzireVPN server went down for some reason, or was rebooted, would it come back online automatically?
14:53:39    <dngray>    for example I note there you talk about PXE https://www.azirevpn.com/docs/environment#pxe
14:54:03    <dngray>    do you use any sort of orchestration like ansible, saltstack etc when the servers are brought back online?
14:54:04    <@tobiasa>    dngray: No
14:54:14    <dngray>    tobiasa: ah that's the correct answer
14:54:39    <dngray>    tobiasa: i am guessing the operator would need to open a vault and push secrets to server upon reboot like private keys etc.
14:55:11    <@tobiasa>    dngray: correct

> > Have them (AzireVPN) fix their data protection practices and when they do, put it up. > > The "Blind Operator mode" kernel module AzireVPN says to use on their servers is not auditable for the public? > > Based on https://git.zx2c4.com/blind-operator-mode/about/ it seems rather irresponsible to use that module. It also seems like it would be rather easy to _work around_ it. If you have root access you could unload it, if you operate a server further up the network you'd be able to use tcpdump anyway. Okay so after doing a bit more research it's not easy to unload. Also reading their [security](https://www.azirevpn.com/docs/security) page that seems evident. I wouldn't *depend* on it to protect me. It's not part of our criteria so if they want to run that on their servers it's really not going to mean much to us. Many providers probably do not as they are concerned about breaking things. The [source](https://git.zx2c4.com/blind-operator-mode/tree/blind-operator-mode.c) seems available to me. We do trust that the source that is there is the source they are running. That trust is implicit when you use any VPN service. We would give them the not-audited badge as they haven't been externally audited. They would get the IPv6 badge along with Mullvad https://github.com/privacytoolsIO/privacytools.io/issues/1435 > > AzireVPN. Some bits of misleading info in the FAQ. Not fully GDPR compliant. I would like to know specifically what part is not GDPR compliant as This is not my area > > AzireVPN concern. From FAQ: > > > Download or upload anything anonymously, without limit. > > > > well it does, its just not strong anonymity but yes I think they should take out the word "anything" otherwise it is false marketing I would be sure this is in the context of torrents and general P2P related materials. Realistically it's not the most sinful thing they could say. As you said: > Mullvad. A warning label for false advertising about trackers. Looking at their website they do say "and trackers" without being really clear what trackers. To be honest I'm only opposed to marketing which makes a VPN sound like a "silver bullet" that can "perform miracles" and should be "used to avoid the NSA and state level agencies". I do not get that vibe from AzireVPN. We all know the ones that do that... > > Protect your identity as a researcher, journalist, whistle blower or any kind of sensitive position. > And remove that, because a person like that will have state actors that will employ fingerprinting etc, a VPN should not be recommended where life longevity/imprisonment is an issue This one bothers me more than the previous ones. I guess it's because a whistle blower should be very careful about "who knew what they are blowing the whistle on", and whether it would lead back to them. I would bet that is how they would get apprehended, not through technical means unless they were consistently releasing some kind of data. That doesn't generally seem to be the case, usually it's a dump of documents to the media. Then in that case something like [SecureDrop](https://en.wikipedia.org/wiki/SecureDrop) (which requires Tor) makes more sense. Possibly if it said "Help protect your identity as as a...." would sound better. Incidentally that's what is said on their "[About Us](https://www.azirevpn.com/about)" page: > AzireVPN was founded in 2012 with the mission to become a market-leading VPN service to help people avoiding censorship and interception on the Internet. It may very well have been a slip of the tongue. Their about us page sounds a lot less grand and down to earth. > > > System logs are disabled. > > > > > > Concern, impaired system security. > > Agreed, system logs usually don't have anything too sensitive in them anyway > This once again is not part of our criteria. In fact we do warn to not *rely* on a "no logging policy". > > > running in RAM without any physical hard drive disk which protect our users in case of seizure. > > > > > > It really doesn't. There's a PXE server somewhere with disk images. The customer data is somewhere in possession of the company, anyway. > > It could very well be the image they run is fairly "generic" and the configuration is pushed by something like ansible/saltstack, in that case they support "templating" from a vault of secrets. > > Ie configs have things like `{{ sensitive_value }}` and during run time the operator must open an encrypted volume, where the contents of `{{ sensitive_value }}` is to have it substituted in > > That means if a server goes "offline" it needs operator access to bring it back up, but the assumption is customers will move to another working server if all operators are busy. I asked about this in irc://irc.freenode.net/#AzireVPN and got the answer I suspected: ``` 14:52:13 <dngray> Curious question, if a AzireVPN server went down for some reason, or was rebooted, would it come back online automatically? 14:53:39 <dngray> for example I note there you talk about PXE https://www.azirevpn.com/docs/environment#pxe 14:54:03 <dngray> do you use any sort of orchestration like ansible, saltstack etc when the servers are brought back online? 14:54:04 <@tobiasa> dngray: No 14:54:14 <dngray> tobiasa: ah that's the correct answer 14:54:39 <dngray> tobiasa: i am guessing the operator would need to open a vault and push secrets to server upon reboot like private keys etc. 14:55:11 <@tobiasa> dngray: correct ```

dngray commented

2019-10-28 15:34:01 +00:00

(Migrated from github.com)

AzireVPN doesn't have bank transfers. GDPR-ish, but not quite (they miss details like right to complain to supervisory authority and explaining other info like international transfers). Sweden. Website uses tracking cookies with no way to opt-out (probably illegal because user consent was not sought) but block cookies for the domain. curl | sh. IRC channel on freenode. Netbouncer AB.

01:40:02    <dngray>    does the site adhere to DNT?
01:48:43    <@tobiasa>    dngray: we support DNT yes

In regard to:

GDPR-ish, but not quite (they miss details like right to complain to supervisory authority and explaining other info like international transfers). Sweden.

15:30:00    <@tobiasa>    okay, we will look into it

> AzireVPN doesn't have bank transfers. GDPR-ish, but not quite (they miss details like right to complain to supervisory authority and explaining other info like international transfers). Sweden. Website uses tracking cookies with no way to opt-out (probably illegal because user consent was not sought) but block cookies for the domain. curl | sh. IRC channel on freenode. Netbouncer AB. ``` 01:40:02 <dngray> does the site adhere to DNT? 01:48:43 <@tobiasa> dngray: we support DNT yes ``` In regard to: > GDPR-ish, but not quite (they miss details like right to complain to supervisory authority and explaining other info like international transfers). Sweden. ``` 15:30:00 <@tobiasa> okay, we will look into it ```

dngray commented

2019-11-16 07:19:51 +00:00

(Migrated from github.com)

GDPR-ish, but not quite (they miss details like right to complain to supervisory authority and explaining other info like international transfers). Sweden.
15:30:00    <@tobiasa>    okay, we will look into it

02:50:27    <@tobiasa>    dngray: yes, we are working on an updated privacy policy that will be published soon
14:12:44    <@tobiasa>    dngray: it has been published now.

Looks like it has been published here: https://www.azirevpn.com/privacy

> > GDPR-ish, but not quite (they miss details like right to complain to supervisory authority and explaining other info like international transfers). Sweden. > > ``` > 15:30:00 <@tobiasa> okay, we will look into it > ``` ``` 02:50:27 <@tobiasa> dngray: yes, we are working on an updated privacy policy that will be published soon 14:12:44 <@tobiasa> dngray: it has been published now. ``` Looks like it has been published here: https://www.azirevpn.com/privacy

dngray commented

2019-11-17 03:43:29 +00:00

(Migrated from github.com)

2019-11-16 22:16   <dngray>    tobiasa: only feed back is that the legal basis isn't listed https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/#why
2019-11-16 22:22   <dngray>    and do you use automated decision making/profiling? https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A32016R0679
2019-11-16 22:23   <dngray>    > Section 2 (f) the existence of automated decision-making,
2019-11-16 22:23               > including profiling, referred to in Article 22(1) and (4)
2019-11-16 22:23               > and, at least in those cases, meaningful information about
2019-11-16 22:23               > the logic involved, as well as the significance and the
2019-11-16 22:23               > envisaged consequences of such processing for the data
2019-11-16 22:23               > subject.
2019-11-16 22:27   <dngray>    could if you wanted to mention why someone might want to lodge a complaint as it's a bit short (though not strictly a requirement)
2019-11-16 22:27   <dngray>    there is also a typo there:
2019-11-16 22:27   <dngray>    > In addition, you have the right to ledge a complaint with
2019-11-16 22:27               > the Swedish Data Protection Authority.
2019-11-16 22:27   <dngray>    s/ledge/lodge/
2019-11-16 23:46    @tobiasa    dngray: thanks, will check it out.
2019-11-16 23:47   <dngray>    because i am genuinely up for adding providers who /do the right thing/
2019-11-16 23:47   <dngray>    there are a lot of sites which don't really have as strict a criteria as us
2019-11-16 23:47   <dngray>    have you thought about external auditing?
2019-11-16 23:48   <dngray>    (as in from a pentesting firm)
2019-11-17 00:17    <@williamo>    yeah, that's something we want to do, an full audit would be good for everyone. Sadly we do not have the budget for that right now but it's being saved up for
2019-11-17 01:54   <dngray>    nice.
2019-11-17 01:58   <dngray>    williamo:  do you mind if i make a note of that in our issue
2019-11-17 01:59   <dngray>    no single person at privacytools.io can make changes to the website, requires signoff
2019-11-17 01:59   <dngray>    so this will help in getting the PR pushed through
2019-11-17 01:59   <dngray>    (we do this to avoid any particular person being tainted or bribed)
2019-11-17 02:25    <@williamo>    ofc

``` 2019-11-16 22:16 <dngray> tobiasa: only feed back is that the legal basis isn't listed https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/#why 2019-11-16 22:22 <dngray> and do you use automated decision making/profiling? https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A32016R0679 2019-11-16 22:23 <dngray> > Section 2 (f) the existence of automated decision-making, 2019-11-16 22:23 > including profiling, referred to in Article 22(1) and (4) 2019-11-16 22:23 > and, at least in those cases, meaningful information about 2019-11-16 22:23 > the logic involved, as well as the significance and the 2019-11-16 22:23 > envisaged consequences of such processing for the data 2019-11-16 22:23 > subject. 2019-11-16 22:27 <dngray> could if you wanted to mention why someone might want to lodge a complaint as it's a bit short (though not strictly a requirement) 2019-11-16 22:27 <dngray> there is also a typo there: 2019-11-16 22:27 <dngray> > In addition, you have the right to ledge a complaint with 2019-11-16 22:27 > the Swedish Data Protection Authority. 2019-11-16 22:27 <dngray> s/ledge/lodge/ 2019-11-16 23:46 @tobiasa dngray: thanks, will check it out. 2019-11-16 23:47 <dngray> because i am genuinely up for adding providers who /do the right thing/ 2019-11-16 23:47 <dngray> there are a lot of sites which don't really have as strict a criteria as us 2019-11-16 23:47 <dngray> have you thought about external auditing? 2019-11-16 23:48 <dngray> (as in from a pentesting firm) 2019-11-17 00:17 <@williamo> yeah, that's something we want to do, an full audit would be good for everyone. Sadly we do not have the budget for that right now but it's being saved up for 2019-11-17 01:54 <dngray> nice. 2019-11-17 01:58 <dngray> williamo: do you mind if i make a note of that in our issue 2019-11-17 01:59 <dngray> no single person at privacytools.io can make changes to the website, requires signoff 2019-11-17 01:59 <dngray> so this will help in getting the PR pushed through 2019-11-17 01:59 <dngray> (we do this to avoid any particular person being tainted or bribed) 2019-11-17 02:25 <@williamo> ofc ```

scafroglia93 commented

2019-11-17 20:46:22 +00:00

(Migrated from github.com)

1-From what I see they have stopped informing users through their social media

2-There are a lot of change compared to the latest privacy policy (where's matomo ??)
https://webcache.googleusercontent.com/search?q=cache:Mdah6pk3GiEJ:https://www.azirevpn.com/sv/privacy+&cd=1&hl=sv&ct=clnk&gl=se&client=ubuntu

1-From what I see they have stopped informing users through their social media 2-There are a lot of change compared to the latest privacy policy (where's matomo ??) https://webcache.googleusercontent.com/search?q=cache:Mdah6pk3GiEJ:https://www.azirevpn.com/sv/privacy+&cd=1&hl=sv&ct=clnk&gl=se&client=ubuntu

djoate commented

2019-11-17 21:52:34 +00:00

(Migrated from github.com)

I do want to point out the ease of use aspects of AzireVPN.

Mullvad (main currently) always seems to give users on Debian issues and lacks proper documentation.

For instance, the usage of openresolv over resolvconf is unclear and lacks documentation.[1]

AzireVPN has a pre-build script that basically anyone can easily download and utilize.

If we're talking ease of use, Mullvad already implements WireGuard in their open-source Rust app. Someone looking for an easy-to-use WireGuard VPN for Linux can just use Mullvad's Rust app.

I don't think that guide is unclear on openresolv vs resolvconf. It says on the site that Debian users "may want to install openresolv rather than Debian's broken resolvconf" and they also link to a more detailed explanation (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860564)

> I do want to point out the ease of use aspects of AzireVPN. > > Mullvad (_main currently_) always seems to give users on Debian issues and lacks proper documentation. > > For instance, the usage of `openresolv` over `resolvconf` is unclear and lacks documentation.[[1](https://mullvad.net/ru/help/easy-wireguard-mullvad-setup-linux/)] > > AzireVPN has a pre-build script that basically anyone can easily download and utilize. If we're talking ease of use, Mullvad already implements WireGuard in their open-source Rust app. Someone looking for an easy-to-use WireGuard VPN for Linux can just use Mullvad's Rust app. I don't think that guide is unclear on openresolv vs resolvconf. It says on the site that Debian users "may want to install openresolv rather than Debian's broken resolvconf" and they also link to a more detailed explanation (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860564)

dngray commented

2019-11-23 09:17:46 +00:00

(Migrated from github.com)

2-There are a lot of change compared to the latest privacy policy (where's matomo ??)
https://webcache.googleusercontent.com/search?q=cache:Mdah6pk3GiEJ:https://www.azirevpn.com/sv/privacy+&cd=1&hl=sv&ct=clnk&gl=se&client=ubuntu

2019-11-21 01:53:53    <@williamo>    dngray: Matomo -> https://www.azirevpn.com/cookies

It is mentioned there. Also if you're going to use cache use https://web.archive.org or https://archive.today

> 2-There are a lot of change compared to the latest privacy policy (where's matomo ??) > https://webcache.googleusercontent.com/search?q=cache:Mdah6pk3GiEJ:https://www.azirevpn.com/sv/privacy+&cd=1&hl=sv&ct=clnk&gl=se&client=ubuntu ``` 2019-11-21 01:53:53 <@williamo> dngray: Matomo -> https://www.azirevpn.com/cookies ``` It is mentioned there. Also if you're going to use cache use https://web.archive.org or https://archive.today

dngray commented

2019-11-29 13:45:57 +00:00

(Migrated from github.com)

Closing as addressed in https://github.com/privacytoolsIO/privacytools.io/pull/1539

This repo is archived. You cannot comment on issues.