Views on ZorroVPN

_abc

Hello,

I'm trying to compare AirVPN with ZorroVPN. Below are some of the features they provide:-

Zorro, seems to have strong encryption (4096-bit RSA authentication keys, AES-256 strong encryption), although I am no security expert and want your view on this.
They provide Quadro-hop with possibility to add Tor to any of those hops.
It has a config generator - not very easy to understand at first but once you know what it does - it is a big time saver.
Provide port forwarding
3 devices at a time
No restriction on P2P
They claim - "no logs". what do you guys think?
Own DNS to prevent DNS leak
They claim to have sever in 48 countries - not sure. How do you verify if it is physical server or virtual?

Let me know what you think about this provider.

zhang888

Almost every server I checked is virtual, many of them are with a provider called edis.at.

This means inevitable logging, slow and not guaranteed speeds, and frequent outages.

In case an attacker gains root on the dedicated server which is used to run all those

virtual servers, something that happens, he will see all your traffic. Don't waste your time.

ɹoɹɹǝ

It looks like a smaller provider that uses virtual private servers instead of dedicated servers. This is an issue because, for one, a VPS is weaker than a dedicated server and does not have dedicated resources (I.E CPU, dedicated 100mbit/1gbit port). Also, reading their Terms of Use, it says "In case of violation of these rules, the account will be blocked and money, which rendered for services, will not be returned." which is a little shady as they claim to not log...? AirVPN goes into great detail about how they don't log which is what makes them so trustworthy. One thing we've learned from previous VPN's is that anyone can claim to not log, but not many can back their claims.

_abc

Almost every server I checked is virtual, many of them are with a provider called edis.at.
This means inevitable logging, slow and not guaranteed speeds, and frequent outages.
In case an attacker gains root on the dedicated server which is used to run all those
virtual servers, something that happens, he will see all your traffic. Don't waste your time.

Is edis.at known to log all activity?

Since, they use Perfect Forward Secrecy (Diffie Hellman), does that make an attack on their server less important? Albeit, the attacker will know the origin of the request, but not the content.

How is AirVPN immune to these 2 vulnerability ("logging by server provider/ISP" and "hacker gaining access to server"?

LZ1

Hello!

I doubt Air or any serious tech company would ever claim to be "immune" to hacking .

We can't prove if a VPN doesn't log - only make more or less educated guesses. With Air, there's a very low probability of logging, due to: how they run their setup, who runs it, their history, technical features and so forth.

ɹoɹɹǝ

Almost every server I checked is virtual, many of them are with a provider called edis.at.
This means inevitable logging, slow and not guaranteed speeds, and frequent outages.
In case an attacker gains root on the dedicated server which is used to run all those
virtual servers, something that happens, he will see all your traffic. Don't waste your time.

Is edis.at known to log all activity?
Since, they use Perfect Forward Secrecy (Diffie Hellman), does that make an attack on their server less important? Albeit, the attacker will know the origin of the request, but not the content.

How is AirVPN immune to these 2 vulnerability ("logging by server provider/ISP" and "hacker gaining access to server"?

I don't think AirVPN claims to be immune by these "vulnerabilities", they are rather considered breaches of security/privacy. Nonetheless, AirVPN only uses servers in trustworthy datacenters (https://airvpn.org/faq/locations/) and despite common misconception, many datacenters don't log their customers dedicated server(s). The probability of a hacker gaining access to a server is very unlikely. There are many things you can do to protect a server against attacks, for example, you can use a 32 character randomly generated password, you can change the default SSH port to something random (this prevents against a significant amount of bruteforce attacks) or even an SSH key. Also, Air's servers run Linux, which (as we all know of course ) is the most secure operating system so it's highly unlikely that there will be any vulnerabilities in installed packages/dependencies.

BetterCallSaulVPN

Almost every server I checked is virtual, many of them are with a provider called edis.at.
This means inevitable logging, slow and not guaranteed speeds, and frequent outages.
In case an attacker gains root on the dedicated server which is used to run all those
virtual servers, something that happens, he will see all your traffic. Don't waste your time.

how can you check servers, if I may ask?

zhang888

ping the server, check the IP address, see if it belongs to a range of a provider that sells only VPS services.

Sign In

Views on ZorroVPN

Recommended Posts

_abc 2

Share this post

Link to post

zhang888 1066

Share this post

Link to post

ɹoɹɹǝ 26

Share this post

Link to post

_abc 2

Share this post

Link to post

LZ1 672

Share this post

Link to post

ɹoɹɹǝ 26

Share this post

Link to post

BetterCallSaulVPN 0

Share this post

Link to post

zhang888 1066

Share this post

Link to post

Join the conversation

Home

Community