privacyguides/privacytools.io
Archived
1
0
Fork 0
Code Issues 304 Pull Requests 47 Activity

Clarify and expand VPN criteria #1175

Merged
jonah merged 3 commits from vpn-criteria into master 2019-08-18 03:58:00 +00:00
Conversation 6 Commits 3 Files Changed 2 +2 -2
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit e6320bef2b - Show all commits

4
pages/providers/vpn.html
View File

@@ -91,7 +91,7 @@ description: "Find a no-logging VPN operator who isn't out to sell or read your
<div class="col-md-6"> <div class="col-md-6">
<p><strong>Minimum to Qualify:</strong></p> <p><strong>Minimum to Qualify:</strong></p>
<ul> <ul>
<li>Strong Encryption Schemes: OpenVPN with SHA-256 authentication; RSA-1024 or better handshake; AES-256-GCM or AES-256-CBC data encryption.</li> <li>Strong Encryption Schemes: OpenVPN with SHA-256 authentication; RSA-2048 or better handshake; AES-256-GCM or AES-256-CBC data encryption.</li>
<li>Perfect Forward Secrecy (PFS).</li> <li>Perfect Forward Secrecy (PFS).</li>
<li>Published security audits from a reputable third-party firm.</li> <li>Published security audits from a reputable third-party firm.</li>
</ul> </ul>
@@ -99,7 +99,7 @@ description: "Find a no-logging VPN operator who isn't out to sell or read your
<div class="col-md-6"> <div class="col-md-6">
<p><strong>Best Case:</strong></p> <p><strong>Best Case:</strong></p>
<ul> <ul>
<li>Strongest Encryption: RSA-2048 or RSA-4096.</li> <li>Strongest Encryption: RSA-4096.</li>
<li>Perfect Forward Secrecy (PFS).</li> <li>Perfect Forward Secrecy (PFS).</li>
<li>Comprehensive published security audits from a reputable third-party firm.</li> <li>Comprehensive published security audits from a reputable third-party firm.</li>
nitrohorse commented 2019-08-18 02:07:51 +00:00 (Migrated from github.com)
Review
Copy Link

Should we specify a desired time since the audit was conducted? Like for these audit(s) to be “recent/relevant”?

Should we specify a desired time since the audit was conducted? Like for these audit(s) to be “recent/relevant”?
jonah commented 2019-08-18 02:27:32 +00:00
Review
Copy Link

On L89 I did say ...on a repeated (yearly) basis. which I think covers that. That would be for the best-case scenario though. As far as making it a minimum criteria, I'm not sure how many providers would be running audits frequently. We're getting to the point where if we're any more strict we can't recommend anybody.

On L89 I did say `...on a repeated (yearly) basis.` which I think covers that. That would be for the best-case scenario though. As far as making it a minimum criteria, I'm not sure how many providers would be running audits frequently. We're getting to the point where if we're any more strict we can't recommend anybody.
<li>Bug-bounty programs and/or a coordinated vulnerability-disclosure process</li> <li>Bug-bounty programs and/or a coordinated vulnerability-disclosure process</li>