What do you think about "Windscribe" ?

[a9db3edd 0]

- Do they use baremetal servers or vps? 
 

[LZ1 672]

Hello !

 

Why don't you ask them and see what they say? Then you get to test their support systems and level of honesty. Then if you share the results with us, we might be

able to help you identify if they failed to mention something important. Their site looks nice, but the service appears fairly rudimentary to me.

[zhang888 1066]

This is the 4th topic in the "What do you think of XYZ" series, by different members

I suggest that if you open such threads you will at least try to bring some "homework"

before, for example at least the hostnames/IPs of the service in question. Some shady

providers don't allow non-paying members to see that information, for a reason that is

actually unknown to me.

[Guest]

Since they offer free versions I doubt they have baremetal servers. But there is still a chance they might be given they don't have all that many servers.

[a9db3edd 0]

This is the 4th topic in the "What do you think of XYZ" series, by different members

I suggest that if you open such threads you will at least try to bring some "homework"

before, for example at least the hostnames/IPs of the service in question. Some shady

providers don't allow non-paying members to see that information, for a reason that is

actually unknown to me.

I posted this, just for you because in the other "What do you think of XYZ", the information you provided was something of an eye-opener when it comes to those vpn services. So, you are sort of an expert lol

[zhang888 1066]

I can say that I successfully pinged their servers at:

United Kingdom, Canada, Hong Kong, France, Germany, Luxembourg, Netherlands, Italy, Mexico, Norway, Romania, Spain, Sweden, Switzerland, Russia, Australia, Japan, and Singapore

 

And it looks like all their servers are running on dedicated nodes.

That's a good start, but since the service was only launched in late April 2016, they still have a long way ahead to proof their quality.

I still cannot recommend them as a trusted provider since 2 months are simply not enough to gather enough feedback, this must

be the reason they offer the free tier - which is actually very un-profitable when you run a service of this kind.

 

Nevertheless, I really wish them a good luck, the start looks good, no false advertising and good selection of datacenters, most of

which are the same as Air. There are no community forums and no real P2P policy, so you should act as alpha testers if you go with them.

The client options are still missing, there are no direct OpenVPN config downloads, but I believe it is still the "baby illness" of new services.

[Guest]

I can say that I successfully pinged their servers at:

United Kingdom, Canada, Hong Kong, France, Germany, Luxembourg, Netherlands, Italy, Mexico, Norway, Romania, Spain, Sweden, Switzerland, Russia, Australia, Japan, and Singapore

 

And it looks like all their servers are running on dedicated nodes.

That's a good start, but since the service was only launched in late April 2016, they still have a long way ahead to proof their quality.

I still cannot recommend them as a trusted provider since 2 months are simply not enough to gather enough feedback, this must

be the reason they offer the free tier - which is actually very un-profitable when you run a service of this kind.

 

Nevertheless, I really wish them a good luck, the start looks good, no false advertising and good selection of datacenters, most of

which are the same as Air. There are no community forums and no real P2P policy, so you should act as alpha testers if you go with them.

The client options are still missing, there are no direct OpenVPN config downloads, but I believe it is still the "baby illness" of new services.

 

I found OpenVPN config files "/getconfig" requires pro account

[Ricnvolved1956 51]

Thoughts/opinions?

 

https://medium.com/@yegor/hypocrisy-plaguing-major-vpn-providers-b4613b82f795#.4innt55cw

[Khariz 109]

Thoughts/opinions?

https://medium.com/@yegor/hypocrisy-plaguing-major-vpn-providers-b4613b82f795#.4innt55cw

For those that don't want to read the whole article, here is the best part:

 

So, is all hope gone, and are all VPN providers selling diluted snake oil? I’ve identified 3 that live up to the name of a “security company”.

 

AirVPN.org

Contains no external trackers of any kind

Only offers OpenVPN protocol, with a huge variety of firewall penetrating connection methods

SSL keys are in their sole possession

Hosts its own email

 

IVPN.net

Contains no external trackers of any kind

Operated by a team with exceptional technical expertise

SSL keys are in their sole possession

Hosts its own email

 

Mullvad.net

Contains no external trackers of any kind

Truly anonymous number based accounts

Sets no cookies (except your language preference)

SSL keys are in their sole possession

PROBLEM: Don’t host its own email (uses Google!)

 

 

[windscribe 11]

Hi, Just sound this thread. I'm actually the founder of Windscribe, will be happy to answer any questions. 

 

We used AirVPN as a model for a bunch of aspects of the service while we were developing the product. 

[BPP6Dh9 0]

Hi, Just sound this thread. I'm actually the founder of Windscribe, will be happy to answer any questions. 

 

We used AirVPN as a model for a bunch of aspects of the service while we were developing the product. 

How are you guys handling privacy issues in countries like Russia and Brazil , that are listed in your countries list but are know to have laws requiring logging and government monitoring?

[Tpk 2]

Hi, Just sound this thread. I'm actually the founder of Windscribe, will be happy to answer any questions. 

 

We used AirVPN as a model for a bunch of aspects of the service while we were developing the product. 

 

Your service does look interesting so I'd like to ask a few things:

 

Have you thoroughly checked your client for leaks? (check out this website)

 

Does the browser extension basically work as a proxy?

 

You seem to be offering lifetime subscriptions all the time, how can that be profitable?

 

Are you worried about the fact that Canada seems to be passing more and more pro-surveilance and anti-privacy legislation? (is Canada building some kind of a "Firewall in the North"?)

[windscribe 11]

 

Hi, Just sound this thread. I'm actually the founder of Windscribe, will be happy to answer any questions. 

 

We used AirVPN as a model for a bunch of aspects of the service while we were developing the product. 

How are you guys handling privacy issues in countries like Russia and Brazil , that are listed in your countries list but are know to have laws requiring logging and government monitoring?

 

Most of these laws are loosely enforced and there are no clear guidelines for VPNs. From the server standpoint, we configure all nodes identically, no matter the jurisdiction. If the server get ceased, the data on it is of little use, and can't be used to retroactively identify anyone. 

 

 

 

Hi, Just sound this thread. I'm actually the founder of Windscribe, will be happy to answer any questions. 

 

We used AirVPN as a model for a bunch of aspects of the service while we were developing the product. 

 

Your service does look interesting so I'd like to ask a few things:

 

Have you thoroughly checked your client for leaks? (check out this website)

 

Does the browser extension basically work as a proxy?

 

You seem to be offering lifetime subscriptions all the time, how can that be profitable?

 

Are you worried about the fact that Canada seems to be passing more and more pro-surveilance and anti-privacy legislation? (is Canada building some kind of a "Firewall in the North"?)

 

We deal with leaks mentioned above in a similar fashion to AirVPN: The application has a firewall (WFP in Windows, and pf in OSX) and we simply firewall everything outside of the tunnel. We also block ipv6 connectivity. 

 

The browser extension is essentially a fancy proxy server rotator, with ad block built in. We use the same blocklists as Adblock plus (easylist). These are not standard web/http proxies however, its more of an SSL Tunnel. https://www.chromium.org/developers/design-documents/secure-web-proxy

 

Lifetime deal is on for a limited time, and is actually being discontinued next week. Its great because it gives us a massive cash injection, and a lot of exposure we otherwise wouldn't have.We are quite profitable, even without this offer. 

 

If you're speaking about https://en.wikipedia.org/wiki/Copyright_Modernization_Act then yes, its a bit troubling, however in its current form it only applies to ISPs. We have no issues moving the company to an offshore location if the laws change for the worse. 

[_abc 2]

I have been using Windscribe for a little more than a month now. Following are my observations:-


What I liked:-

1 - Their website is modern and easy to traverse.
2 - Each server has many ports to choose from. Although, the exact ports vary from server to server, which can be a problem for manual configurations.
3 - Browser plugins (Both Chrome and Firefox) are good extensions if you want to tunnel through 2 different VPN providers. I use one on my router and other on browser itself.

4 - Encryption - AES-256 cipher with SHA512 auth and a 4096-bit RSA key. Support perfect forward secrecy.
     AES-256-CBC
     DHE-RSA-AES256-GCM-SHA38
     4096bit Diffie-Hellman key size. Re-keying interval set at server 432000. Interval can be changed by client (I always change it to 300).

What I did not like:-

1 -  Their windows client is glitchy. If you reconnect to a new wifi - it won't reconnect - won't respond. If you force close it the blocking firewall rules won't be reset even if you reopen the app. I have to uninstall and reinstall again to get my connectivity back.
2 - Support. They seemed to have only 1 guy (the founder) who responds to all queries, so the turn-around time is more than 12-hours. Sometimes, I received reply after 30 hours. Also, he seemed to pick and choose questions to answer and leave the rest. Had to have many mail exchanges to get all the questions answered.
3 - Speed. Not all their servers are bare-metal. The ones they have in India is VPS and the speed varies suddenly and drastically. I have used other VPN providers that use VPS but speeds were much better than Windscribe.
4 - Configuration. It is not possible to get all the servers in a particular region, like you can on AirVPN. You would have to manually download by each country and the only options you can change there are protocol and port. Also, configuration download page is not linked directly on their landing page. You would have to go to Download Page > DD-WRT Guide page > Config Download page. I understand they want to make things simple for everyone. But, since they do claim to support router, it does not make sense to make things harder for those users.
5 - Windows software has a "Stealth mode", which essentially uses stunnel to connect through SSL. Or so they claim.

     When you use this feature a console application called "tstunnel.exe" gets executed. My "Zamana Antimalware" registered it as a malware. Upon inquiring, they suggested that the Antimalware is bad and that the executable is taken from https://www.stunnel.org. Fair enough, Zamana has raised false alarm before.

     However, when I used the "stunnel" used by AirVpn available at https://airvpn.org/repository/stunnel_windows.zip, no problems from Zamana.
    
     Also, when I opened Windscribe's "tstunnel.exe" in a notepad, I could see some plaintext with "Windscribe" in the literals. But, they insisted this is not a custom made software and is gotten from https://www.stunnel.org. I could not find anything on https://www.stunnel.org with the same name or size as that of the "tstunnel" they have provided.
    
     Now, this is not much of an problem for me at all, since I use OpenVPN software anyways and do not use any custom made softwares. But, the issue is trust. What else can I NOT trust them on?
    

In the end, after buying the lifetime subscription for $32, I have very little to complain about. I use it as my secondary VPN, when needed. But, have to keep a close eye on news about them for another year or so before I can really trust them.

[windscribe 11]

1. Can you send a debug log if it happens again?

2. Our support team is 3 people, however I do most of the tickets myself. 

3. All servers except South Africa and 1 of the Indian ones are bare metal. 

4. Yes you have to select each location 1 at a time to get the configs... but do you really need to configure all 45 locations? Most people will use 1-2 locations. if you want all of them, our desktop app conveniently has them, and requires no manual config. You can get them right from the download page by clicking on "OpenVPN" at the bottom (we redesigned the site recently). 

5. Yes, stealth mode uses Stunnel. What's the problem? 

 

We put in a lot of work into our custom apps, which compensate for MANY shortcomings of native VPN implementation in the OS or just vanilla OpenVPN, in cases of network problems, coming back from sleep mode, and network changes while your computer is in sleep mode (which is very common if you own a laptop), and countless other things. It also has a handy firewall, which blocks all activity outside of the tunnel, so if it were to disconnect, for any reason other than user pressing OFF, your IP will not leak over your ISP IP. 

There is absolutely no good reason not to trust closed source VPN clients as the truly paranoid can easily audit what they're doing with a network analyzer, like Wireshark. You should be more concerned with the servers you're connecting to, and who owns them, rather than a simple client used to connect to them.

[LZ1 672]

1. Can you send a debug log if it happens again?

2. Our support team is 3 people, however I do most of the tickets myself. 

3. All servers except South Africa and 1 of the Indian ones are bare metal. 

4. Yes you have to select each location 1 at a time to get the configs... but do you really need to configure all 45 locations? Most people will use 1-2 locations. if you want all of them, our desktop app conveniently has them, and requires no manual config. You can get them right from the download page by clicking on "OpenVPN" at the bottom (we redesigned the site recently). 

5. Yes, stealth mode uses Stunnel. What's the problem? 

 

We put in a lot of work into our custom apps, which compensate for MANY shortcomings of native VPN implementation in the OS or just vanilla OpenVPN, in cases of network problems, coming back from sleep mode, and network changes while your computer is in sleep mode (which is very common if you own a laptop), and countless other things. It also has a handy firewall, which blocks all activity outside of the tunnel, so if it were to disconnect, for any reason other than user pressing OFF, your IP will not leak over your ISP IP. 

 

There is absolutely no good reason not to trust closed source VPN clients as the truly paranoid can easily audit what they're doing with a network analyzer, like Wireshark. You should be more concerned with the servers you're connecting to, and who owns them, rather than a simple client used to connect to them.

I have to say that's false and quite a worrying statement coming from you, the supposed Founder.

1. The very notion that trust is required, serves as a weak point, as the trust is merely a substitute for actual verifiable assurance. The less explicit "trust" required, the better.
2. There's been plenty of cases where closed-source software has caused problems. Not just with security, but with other things too.
3. Your misuse of the word "paranoid" serves only to undermine legitimate security and privacy concerns. A network analyzer also won't help if the software contains malware which doesn't need network communications.
4. If the client is so simple as you say, then it should also be a simple matter of making it open-source, no? Then the "truly paranoid" will have even more avenues of auditing and trust in the client will increase.

So while you could argue the case of closed source software being alright, I think you picked the wrong brand of software to do it on, since it's security-related and open-source is one of the building blocks of a secure system. You claim the "truly paranoid" could simply use a network analyzer tool, but I think that's a bad argument, seeing as the "truly paranoid" would avoid your software altogether, upon finding out it's closed. Thus you're left with users who can't or won't check such things - which seems irresponsible, given not all users will know the significance of closed vs open source software and thus might unknowingly put their security or privacy at risk. Security isn't just 1 product after all - as you said, there's other factors one should be concerned about. Well, the client is one of them. Someone around here made a thread which showed that a client from another VPN provider acted in some very malicious ways too.

[zhang888 1066]

First of all, I would like to thank the founder of the service for sharing his thoughts on this forum.

While I don't agree with the closed source app, it's up to his decision how he wants to run his own service, and this is his right to do so.

There are many ways to implement the same functionality while still providing the source of your platform, or, at least, not to close the

source of what could be potentially useful for the general community.

 

The Eddie client will soon be compatible for other 3d parties as a standalone OpenVPN wrapper, I hope you can

reconsider it as the best client of choice. The changes are made as I write this, and there won't be any copyrights or royalties. Pure GPL code.

[windscribe 11]

 

1. Can you send a debug log if it happens again?

2. Our support team is 3 people, however I do most of the tickets myself. 

3. All servers except South Africa and 1 of the Indian ones are bare metal. 

4. Yes you have to select each location 1 at a time to get the configs... but do you really need to configure all 45 locations? Most people will use 1-2 locations. if you want all of them, our desktop app conveniently has them, and requires no manual config. You can get them right from the download page by clicking on "OpenVPN" at the bottom (we redesigned the site recently). 

5. Yes, stealth mode uses Stunnel. What's the problem? 

 

We put in a lot of work into our custom apps, which compensate for MANY shortcomings of native VPN implementation in the OS or just vanilla OpenVPN, in cases of network problems, coming back from sleep mode, and network changes while your computer is in sleep mode (which is very common if you own a laptop), and countless other things. It also has a handy firewall, which blocks all activity outside of the tunnel, so if it were to disconnect, for any reason other than user pressing OFF, your IP will not leak over your ISP IP. 

 

There is absolutely no good reason not to trust closed source VPN clients as the truly paranoid can easily audit what they're doing with a network analyzer, like Wireshark. You should be more concerned with the servers you're connecting to, and who owns them, rather than a simple client used to connect to them.

I have to say that's false and quite a worrying statement coming from you, the supposed Founder.

1. The very notion that trust is required, serves as a weak point, as the trust is merely a substitute for actual verifiable assurance. The less explicit "trust" required, the better.
2. There's been plenty of cases where closed-source software has caused problems. Not just with security, but with other things too.
3. Your misuse of the word "paranoid" serves only to undermine legitimate security and privacy concerns. A network analyzer also won't help if the software contains malware which doesn't need network communications.
4. If the client is so simple as you say, then it should also be a simple matter of making it open-source, no? Then the "truly paranoid" will have even more avenues of auditing and trust in the client will increase.

So while you could argue the case of closed source software being alright, I think you picked the wrong brand of software to do it on, since it's security-related and open-source is one of the building blocks of a secure system. You claim the "truly paranoid" could simply use a network analyzer tool, but I think that's a bad argument, seeing as the "truly paranoid" would avoid your software altogether, upon finding out it's closed. Thus you're left with users who can't or won't check such things - which seems irresponsible, given not all users will know the significance of closed vs open source software and thus might unknowingly put their security or privacy at risk. Security isn't just 1 product after all - as you said, there's other factors one should be concerned about. Well, the client is one of them. Someone around here made a thread which showed that a client from another VPN provider acted in some very malicious ways too.

 

I'll concede that the use of the word "paranoid" is misplaced, however I respectfully disagree on your other points. 

 

Using the "its closed source so it could contain malware" is misguided for multiple reasons:

 

1. The binary you download doesn't have to be built from the same source code that's published. At the very least, you won't have a code signing certificate publicly available, so the binary checksum will always be different. 

2. Malware will have to do something, and exfiltrate sensitive data from your machine. That's something you can detect with a network analyzer.

3. VPN client sends all your activity through a server which is a black box to everyone except the operator. Your open source client will do nothing if it connects to an actively malicious server that then injects malware into HTTP requests. That would also be virtually undetectable and much more clever than stuffing malware into the executable. 

 

With the way how all VPNs function right now, trust is unfortunately required. Having an open source client is certainly a step in the right direction, and we do have plans to eventually open source it once we reach 2.0 (maybe), however this is just a token gesture that is largely irrelevant as the main problem with VPNs is the fact that the server operator holds all the cards. 

 

Security through obscurity is rarely a good thing, and some things should always be open source, like protocols.

 

Running a VPN company involves a lot of "cat and mouse" games, where your website, api, servers themselves are blocked in random places, using various methods, etc. Our upcoming update of the application has a ton of new features, however more importantly it has procedural domain generation which uses a programatically generated domain names, which are not hardcoded (to prevent them from being extracted if you decompile the app) and are generated daily, to access our API and ensure people can use our app in China, Iran, your local school with an overzealous network admin. Having this code be public knowledge would render it useless, and prevent people who need a VPN the most from having access to it. That's just one example. 

[Staff 9972]

 

With the way how all VPNs function right now, trust is unfortunately required.

 

Hello!

 

Not necessarily, consider for example what we call "partition of trust". In this way you can have most of the advantages of a VPN without having to trust the VPN operators and the datacenter (where a server works in) technicians.

 

Security through obscurity is rarely a good thing, and some things should always be open source, like protocols.

 

We strongly disagree about the need of security through obscurity when it involves the source code of a software, and openness should not be limited to protocols only. However this is a long and complex argument that we prefer to not discuss in wider terms right here right now.

 

Under a very practical point of view you can see that we have been always able to guarantee access to AirVPN from China and Iran through an open source software. If any part of your software needs to be closed for such a reason (currently it's all closed source, if we're not mistaken, right?), you should wonder whether it's really necessary or it's only a design problem.

 

Kind regards

[RaineyPass 12]

I've been using Air, Windscribe and Mulvad for about a year and have had few problems with Air and Windscribe.  Mulvad, for my location, is hit and miss.  The only odd thing about Windscribe is the client is auto loaded at Windows start or you have to enter user/pwd info each time to get it to start.  The other two remember your info.  Air seems to be the most reliable for streaming video; Windscribe sometimes is slower; Mulvad, I don't bother with.

 

Air definitely is the more complete client, great interface, lots of customization and good support, good forums.  WIndscribe's interface is very simple, some basic customization, OK overall, no forum last I checked, but not as developed as Air for sure.  Mulvad's interface is, well, yeah.

 

I'll continue to use Air and Windscribe; my needs are primarily to keep browsing smooth and avoid tracking, not so much high levels of privacy.  I tend to pick candidate VPN's from real review sites, perusing forums, etc.  So many malware VPN's out there!

 

For what it's worth, I experienced many of the glitchy connect/disconnect issues, lock ups from the VPN "kill switches" (yeah, I know), mentioned in this thread, tried lots of fixes, finally had my router slow to a crawl and stay that way after a firmware update.   Went to Netgear's forums and realized their firmware is awful and getting worse, lots of unhappy customers, agrees with my dismal experiences.  Installed XWRT Vortex and the router is fantastic, fast, been running perfectly with a household of devices for months on a 175 Mbps cable connection.  Roll the dice performance for three years prior. Saved smashing the router (R7000) with a hammer. 

 

The message here is VPN software may not be the problem if if acts badly, may be something else in the data stream.  All three of my VPN's which were temperamental, now work perfectly with the router firmware changed, the VPN's weren't the issue.

 

Sorry to be a bit OT, but the router thing was huge.