Leaderboard

When Wireguard AirVPN wave of servers will be available? Any updates?

Dear Internet Freedom Friends, Hello from the Other Side! First, let me please be the first to congratulate you for using SSL tunnel, and not obfs4! Friendly reminder: Glorious Kazakhstan has pwned obfs4! https://trac.torproject.org/projects/tor/ticket/20348 Turns out, it wasn't even hard to do! We respectfully ask our DARPA Onion Friends - why do they create a unique protocol, to obfuscate the unique nature of traffic? Who thought that this even made sense as an idea, so much that they wanted to develop four iterations of it, and counting? Why not just use SSL tunnel, which looks 100% not unique and exactly like SSL, because it is? So easy to develop - it already exists! When DARPA sends us people, they aren't sending their best! Still, they ask for donations - like they have no money! Maybe, they should ask Echelon to stop running all those node farm NGOs in Germany and France, to save the money for them? Must cost a lot to keep all those Tor logs! Many such cases - enough to correlate! Sad! https://en.wikipedia.org/wiki/Parallel_construction Unfriendly reminder: Glorious Kazakhstan has pwned all public Tor entry nodes with IP blacklist! Glorious Kazakhstan only needed to pwn obfs4 because of private bridges! For public listed nodes, they just ask for the list, then block it! Very easy! Not smart! No obfs4 pwn required! It's as easy as this: Glorious Kazakhstan: "Excuse me sir, I would very much like to pwn you bigly. May I have the target list?" DARPA Onion Friends (not the brightest): "Yes, perfect, here is the target list." Should have been only bridges from the beginning! It doesn't solve all privacy problems if your packets are SSL or obfs4 inside! They route directly to publicly listed private network server! Nature of traffic is written in the header! It's automatically checked against public VPN server list! Hostile reminder:Glorious Kazakhstan has list of everyone who pings public listed VPN servers! It does not matter if they blacklist public listed servers today, tomorrow, or not until the next political emergency. They still have public server list, and ISPs have user logs, and they can compare them to create dox list of VPN users. (Basically, same as what NSA does for Tor users.) https://www.cnet.com/news/nsa-likely-targets-anybody-whos-tor-curious/ They won't go after all those people, but persons of interest can be cross-referenced to that list, now or in the future. Totally unacceptable! Please fix this! Don't be reactive, like noobs! Noobs get pwned! Security is paranoia - everyone else is pwned! Don't wait for users to get pwned to patch! You lose a pair of clients - I lose my pair of яйца! Bad deal! The worst! Can't do it! Please offer private bridges! Preferably, unique bridges! Minimum, offer unique private bridge through AWS. Best, also offer bridges through some Party corp in Hong Kong, for jurisdiction variety. Neutral countries aren't a real thing, so just offer tunnels on both sides of the line. This would be like if you took the meek pluggable transport concept, but each user got his own private meek server. Please friends, I have no time to be setting up my own OpenVPN server as SSL bridge. I have important elections to meddle in! I am not the only one with this problem. I am just one of the only ones who understands the problem. I am very tired of "world famous hackers" who quit and flipped to FBI before age 25 and pretend like they know or care about this. They are cowards. You only get famous when you get pwned. If you are good, you are just another nobody, and if you figure something out about something, you don't tell anyone. Since you are at least doing SSL and running an onion, you seem like you are the only ones seriously trying to not be stupid. I respect this effort and salute you. So please let me tell you for free. Public listing is not the right way to run private networks! I know everyone else does it this way. Let me tell you something more. Everyone else is going to get pwned. Having your name on any of these lists is like for little opsec baby who does not know history book chapter about Great Purge. https://en.wikipedia.org/wiki/Great_Purge There is no advantage to "public listed private network" setup and it is an oxymoron. Saves you cost of bulk rental of minimum servers from AWS or similar mega server farms. Costs you being on lists. Bad deal. This is just lazy "fix it when it breaks" security from corporate celebrity babies who think Great Cyber War will never come. Don't copy that. You have no idea how bad things really are. You have no idea how much worse things are going to get. Always prepare first for the worst possible outcome. - Just Another Nobody

@arteryshelby We do not log and/or inspect our customers' traffic. Since 2010 you can't produce any single case, and not even the slightest clue, in which the identity of an AirVPN customer has been disclosed through traffic log and/or inspection and/or any other invasive method. It means a lot, given that various younger VPN services have been caught lying (ascertained court cases) and that AirVPN is now the oldest still active VPN service, with the exception of a minor service which anyway changed ownership twice in the last 12 years. By the way we have never asked our customers to blindly believe in our words. We do not block Tor and we even integrate its usage in our software, so you can be even safer if you can't afford to trust us OR some datacenter. For example you can use Tor over OpenVPN, to hide Tor usage to your country and ISP, and at the same time hide your traffic real origin, destination, protocol etc. to us and the datacenter the server is connected into. Last but not least, we invest a lo of money in Tor infrastructure and in 2017, 2018 and 2019 more than 2.5% of global world Tor network traffic transited on Tor exit-nodes paid by AirVPN. It is an important achievement we're proud of, and it hints to good faith. Kind regards

It is not mandatory to wait for next Debian version: we are already testing up to date WireGuard version. When we'll make WireGuard available to customers, it will be on all servers. Exactly, it's unavoidable. With OpenVPN that's currently correct. However, with WireGuard we need to keep it, because it's written in .conf file generated via Config Generator and stored by users. See below for users' option to change or invalidate it. Some of our competitors do this. Some accept only their official client software because of the issue. That's neither good nor acceptable for us, as we don't want to lock user into our software. Therefore the change you mention might be an Eddie's additional feature but we will try to make Wireguard main branch as secure as Eddie's, whenever possible. Yes, we still use ifconfig-pool-persist in OpenVPN. It's very different than Wireguard's addresses binary mapping, especially under a legal point of view. When a client is connected, OpenVPN daemon necessarily needs to link clients' public and VPN IP addresses. As soon as the client disconnects the link is lost. One of WireGuard controversies is that client's real IP address remains visible with 'wg show' even after client's disconnection. The issue is resolved by removing and re-adding the peer after a disconnection (disconnection in WireGuard is basically a handshake timeout). Some current testing implementation features are: Unique WireGuard IPv4 and IPv6 subnets across servers which don't conflict with OpenVPN subnets Assigning a non-conflicting, pseudo-random, local IP address for each customer's device (for AllowedIPs), similar to remotely forwarded port assignments Users can renew a local IP address for a device anytime. WireGuard .conf manually used in official client would become invalid. Eddie will automatically update. The same happens when a user regenerates OpenVPN client certificate and key pair: the action invalidates any previously stored OpenVPN profile. We will offer an API to automate the above, letting users write a script that performs HTTPS calls to change local IP address, download updated .conf, and then wg-quick. An API to obtain a .conf file (Config Generator without UI) is already in production for OpenVPN and it will be of course available for WireGuard too. When a device's WireGuard local IP address changes, up to a 10 seconds wait is required. It's the time required to propagate device key onto all VPN servers, in order to update the AllowedIPs peer node. No other solution allowing us to let our customers use the official WireGuard client with a simple .conf file and, at the same time, preserve their privacy currently exists. Please keep the above information as a proposal: we are currently studying pros and cons and something may change before WireGuard public beta support in our VPN servers is available.

Quick summary: "Three Republican senators introduced a bill this week to codify "lawful access," a legal framework that would allow law enforcement to access encrypted digital devices with signed court orders." https://www.nbcnews.com/tech/security/lawful-access-bill-would-allow-feds-legally-bust-encrypted-devices-n1232071 Let's keep an eye on this guys. Talking about trying to force companies to build back doors into encryption. Your thoughts?