🆕 Software Suggestion | OVPN #2031

New Issue

2020-08-26T12:36:03Z

udf2457 commented

2020-08-26 12:36:03 +00:00

(Migrated from github.com)

Basic Information

Name: OVPN
Category: VPN
URL: ovpn.com

Description

No log service
Extensive client support: Wireguard, OpenVPN and own client
Track record of not releasing data to authorities (because they have none, no logging)

Why I am making the suggestion

...

My connection with the software

I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.

## Basic Information **Name:** OVPN **Category:** VPN **URL:** [ovpn.com](https://www.ovpn.com/en) ## Description - No log service - Extensive client support: Wireguard, OpenVPN and own client - Track record of not releasing data to authorities (because they have none, no logging) ## Why I am making the suggestion ... ## My connection with the software  - [ ] I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.

👎 2

dngray commented

2020-08-26 13:20:35 +00:00

(Migrated from github.com)

I don't believe they've undergone any external auditing.. which is now necessary. I noticed they advertise that Vilfo, incidentally does have a bad track record.

They did have a reply, https://www.vilfo.com/ctrlblog seems that OVPN and Vilfo have some kind of arrangement. I don't believe a product should have ever been released with those problems.

I don't believe they've undergone any external auditing.. which is now necessary. I noticed they advertise that [Vilfo](https://www.vilfo.com/), incidentally does have a bad track record. - https://www.ctrl.blog/entry/vilfo-review-p1-overview.html - https://www.ctrl.blog/entry/vilfo-review-p2-wifi.html - https://www.ctrl.blog/entry/vilfo-review-p3-security.html - https://www.ctrl.blog/entry/vilfo-review-p4-conclusions.html They did have a reply, https://www.vilfo.com/ctrlblog seems that OVPN and Vilfo have some kind of arrangement. I don't believe a product should have ever been released with those problems.

udf2457 commented

2020-08-26 13:26:05 +00:00

(Migrated from github.com)

I don't think you should tie Vilfo to OVPN. There is zero requirement to use Vilfo with OVN. You can use Wireguard, or OpenVPN or OVPN's own client.

Furthermore, the Vilfo issue you highlight is 2018 ! That's centuries away in digital speak !

Also as a positive, they are currently subject to quite an aggressive lawsuit where the claimant has hired a pentester to prove they have something to hide (https://torrentfreak.com/anti-piracy-outfit-hires-vpn-expert-to-help-track-down-the-pirate-bay-200821/).

I would suggest that if the pentest company comes up with nothing that would effectively be an external audit ! The fact OVPN are quite happy to defend this case rather than cave in shows a lot for how confident they are in the security.

I don't think you should tie Vilfo to OVPN. There is **zero** requirement to use Vilfo with OVN. You can use Wireguard, or OpenVPN or OVPN's own client. Furthermore, the Vilfo issue you highlight is 2018 ! That's centuries away in digital speak ! Also as a positive, they are currently subject to quite an aggressive lawsuit where the claimant has hired a pentester to prove they have something to hide (https://torrentfreak.com/anti-piracy-outfit-hires-vpn-expert-to-help-track-down-the-pirate-bay-200821/). I would suggest that if the pentest company comes up with nothing that would effectively be an external audit ! The fact OVPN are quite happy to defend this case rather than cave in shows a lot for how confident they are in the security.

dngray commented

2020-08-26 13:29:02 +00:00

(Migrated from github.com)

I would suggest that if the pentest company comes up with nothing that would effectively be an external audit!

It most certainly isn't.

External audits methodically test each part of the network. Granted access at certain levels to simulate what would happen if an adversary attained that access.

Furthermore, the Vilfo issue you highlight is 2018 ! That's centuries away in digital speak !

In the this kind of business you only get one chance to do things properly. You don't release half-baked products.

The fact OVPN are quite happy to defend this case rather than cave in shows a lot for how confident they are in the security.

People argue about things all the time in court, when they are wrong. This isn't an indicator of anything.

> I would suggest that if the pentest company comes up with nothing that would effectively be an external audit! It most certainly isn't. External audits methodically test each part of the network. Granted access at certain levels to simulate what would happen if an adversary attained that access. > Furthermore, the Vilfo issue you highlight is 2018 ! That's centuries away in digital speak ! In the this kind of business you only get one chance to do things properly. You don't release half-baked products. > The fact OVPN are quite happy to defend this case rather than cave in shows a lot for how confident they are in the security. People argue about things all the time in court, when they are wrong. This isn't an indicator of anything.

udf2457 commented

2020-08-26 13:29:56 +00:00

(Migrated from github.com)

Where's the ProtonVPN audit then @dngray !

You can't have one rule for them and another for everyone else. The Proton apps have been audited, not the live service.

Where's the ProtonVPN audit then @dngray ! You can't have one rule for them and another for everyone else. The Proton apps have been audited, not the live service.

dngray commented

2020-08-26 13:33:16 +00:00

(Migrated from github.com)

Where's the ProtoVPN audit then @dngray !

You can't have one rule for them and another for everyone else. The Proton apps have been audited, not the live service.

https://protonvpn.com/blog/open-source/

Additionally Mozilla employees checked out the service:

https://blog.mozilla.org/futurereleases/2018/10/22/testing-new-ways-to-keep-you-safe-online/

Generally I would also put far greater trust in ProtonVPN/ProtonMail as they actually have cryptographers, maintaining a lot of codebases, ie OpenPGP.js etc and are not just deploying some VPN software on servers (which any sysadmin can do).

> Where's the ProtoVPN audit then @dngray ! > You can't have one rule for them and another for everyone else. The Proton apps have been audited, not the live service. - https://protonvpn.com/blog/open-source/ Additionally Mozilla employees checked out the service: - https://blog.mozilla.org/futurereleases/2018/10/22/testing-new-ways-to-keep-you-safe-online/ Generally I would also put far greater trust in ProtonVPN/ProtonMail as they actually *have* cryptographers, maintaining a lot of codebases, ie OpenPGP.js etc and are not just deploying some VPN software on servers (which any sysadmin can do).

dngray commented

2020-08-26 13:39:54 +00:00

(Migrated from github.com)

Additionally they seem to advertise and advise customers to use closed source software.

Additionally they seem to advertise and advise customers to use [closed source software](https://www.sparklabs.com/viscosity/).

freddy-m commented

2020-08-26 13:42:11 +00:00

(Migrated from github.com)

Also, @udf2457 I've reformatted your issue. In future please use the templates provided, we have them for a reason.

This repo is archived. You cannot comment on issues.