audits?

[Crewman6639 4]

Please excuse my ignorance if the answer to this is elsewhere and I missed it.

Is there any sort of official reasoning as to why AirVPN has not been audited / gets audited on a regular basis?

Tried searching around for an answer and all I could find were pretty weak excuses (ie its to expensive, audits can be manipulated) made by members but did not see anything official about AirVPNs stance towards audits.

I don't subscribe to the line of thinking that a lack of audits is evidence of something nefarious but it does seem like going through the audit process and providing that information would be in line with AirVPNs goals / mission. It also makes AirVPN stand out as other well regarded privacy focused VPNs (Proton, Mullvad, IVPN) all seem to think its worthwhile to do.

Edited ... by Crewman6639
clarity

[Staff 9772]

Hello!

Our software is free and open source, while we repute at the moment not acceptable to provide external companies with root access to our servers to perform audits which can not anyway guarantee future avoidance of traffic logging or transmission to third parties. On the contrary, we deem very useful anything related to penetration tests. Such tests are frequently performed by independent researchers and bounty hunters and we also have a bounty program.

Kind regards
 

[mulimani 1]

Seems reasonable. Audits seem to be similar "privacy theater" like warrant canaries. I used to like both, it makes you feel good, but arguments against them are strong, trust wise.

The root access argument is pretty weak, though @Staff. You would checksum the whole disk or something afterwards, just to make sure. If all logs/disk caches are off, that seems easy. And why would an auditor risk his existence? Presumably they'd have to be extremely clever to fool the operator on his own service. Some hardcore EFI based rootkit maybe?
Or did you mean they may leak data live? That'd be kind of useless to them, only having brief access on random days.

An argument pro-audits that I believe is super strong is technical verification. Even "celebrity" coders who invented popular languages still mess up. We all make mistakes and these systems are fickle. Can't hurt to have someone look over your scripts and configs regularly. Giving a copy of a server to a penetration tester would seem very useful - having access to the setup, his chances of finding something are better than blind probing.
Open sourcing your scripts/configs/automation altogether would be most interesting. Maybe you already do?

The argument of simply reverting to logging afterwards is good. Similar to many open source peoples' false obsession with it. You can't know what the server does, it's all trust. We can only hope the guy we chose does not betray us. For all we know, airvpn could be the real 4D chess honeypot, because it seems most trustworthy. There have been many cases where CIA and other agencies deliberately built a scam from scratch, starting out "legit". If they "selective scam", nobody will ever know.

Or you can simply be sleepy one day and make a mistake that isn't found until way later. It doesn't even have to be malice.

Also consider how simple it is to undermine even once trustworthy organizations. Capitalism is evil by design and simple to infiltrate - just bribe some people. Happens with toxins in food, politics, everything. You can destroy entire countries just by throwing cash. You can have a random poor guy in the so called "1st world" kill a stranger for a few hundred Euros now. Even less. Many people in "rich 1st world countries" are hungry, even with fulltime jobs. They don't mind prison if it gets them food. Read local small newspapers to see what silly amounts people are stabbed for. Big ones don't show that anymore since it's too common.
How many people would reject a few million by some agency? If the CIA/GCHQ/etc. come up to airvpn staff and offer them a cushy government fake job or a few mil cash, will they refuse? A few mil are nothing to a government/multinational. A whole life is nothing to them. They can make you feel like a king in 5mins.
Everything revolves around money today. Be careful how you answer and honest with yourself.
To compare: Most jobs today are in the service sector - sales - and people are extremely willing to scam their brothers just for a literal few Euros. From consumer goods to insurance and banks, they sell poison and debt for a few cents in commissions. Now imagine a government/corporation waving a bucket full of cash in their face.

Best case is a paranoid, idealist dictator who checks for himself regularly. But nobody can do everything alone at scale, so you're back to square 1 - bribe someone.
You could go down a log rabbithole where you try to log all non-vpn system activity, but then who tracks the trackers? At some point someone has to have master access.

I don't think anyone can logically come up with an unbeatable system that can withstand ordinary human betrayal. Not even TOR is safe from that. Most exit nodes are already operated by just a handful of people/orgs and highly concentrated to a few hosters/states. (https://metrics.torproject.org/rs.html#aggregate/cc/flag:exit, click into the countries) A regular guy cannot host one anymore except on a handful of pretty crappy hosters, so the concentration increases further.

Maybe only using TOR services would be beneficial, I don't know if that can be attacked if someone controls enough nodes. And it's a useless proposition as long as we are forced by capitalism to use regular shops and sites. Can't do anything from a TOR exit.

If someone rejects capitalism and the easy way out, there's still plain ol' torture. If they lock up our airvpn friends or set their loved ones on fire, how long will they resist? No good answer to that. Locking people up until they fork over keys is routine worldwide, incl. the EU and UK. Even regular UK prisons have recently been classified as torture by some other country. They can take your money and your life in a minute. All your "security" gone. All the money you worked for in your life, meaningless. Funny, eh?

We logically arrive at the only solution: total resistance to governments worldwide. Until then, it's all a gamble. And really somewhat more of "entertainment" for us to feel better, rather than "true opsec". The options seem to be getting fewer, too. Besides air, mullvad, azire, most things look like outright scams.

If you're only interested in pirating hollywood trash, that should be fine on everything, though.

[ss11 15]

I am not sure why you think @Staff 's argument about root access to auditor is invalid. They did not state that during the audit the auditor cannot tell, they just said it's no guarantee that after the audit is over nothing changes.

From a SysOP perspective I can tell you 100% that your proposed to checksum the entire disk is invalid, for the following reasons:

- you cannot checksum a disk, even if you don't log to disk or anything there are still critical security updates that a normal sysadmin has to install, which will change the checksum;
- sniffing tools or other kind of software that would spy on users or perform the actions against the audit can run just fine from RAM memory, not be written on disk, and you cannot checksum the RAM memory for obvious reasons (number if live tunnel changes, TCP connection number goes up and down, on the fly forwarded IP packets, etc.);
- simply the clock going ticking touches the list of open files and other things in the /temp directory (I am talking about TEMP directory on disk, not RAM);
- there is no solution for the swap space - you could cancel it but this involves forcing the operator to not make use of swap space;
- there is no solution for totally RAM memory servers;

You'd have to update the checksum every time and what is the guarantee that after they checksum the server owner doesn't modify, and when the audit comes again restore from image/snapshot? There is absolutely NOTHING you can do against someone who has root and physical access to the server in order to limit them to do something on the system, absolutely no software trick will help you, these software tricks only help against remote adversaries that have limited privileges and are doing different attacks. Even UEFI/BIOS/FIRMWARE level protections are not designed to help and cannot help against physical access to the machine...

This is the thing about VPN's (from all providers, all over the world): you just have to trust your provider and choose wisely. It's as blind and as simple as that. No commercial trick will give you this security guarantee - they are just tricks to make you subscribe.

Because all the tools and crypto used in AirVPN is open source, I disagree with the fact that the scripts that make this tool interact at servers level should be published, because they offer some features that are unique among providers and it might not be wise when you think of competition between providers. I would love to see them as well, but you can't state that if AirVPN refuses this they are wrong in any way.