Staff

Thank you @Kenwell . The last press release you translated clarifies important points and define more precisely the scenario which convinced the prosecutors of the necessity to crack DoubleVPN computers and later shut down servers. Kind regards

Hello! Thanks. It's still very vague, essentially a press release mentioning alleged crimes committed by the users, and not by the service administrators. However two sentences caught our attention: If the owners advertised the service for criminal activities, at least some form of "aiding, abetting, facilitating crime" is strongly suspected, and it's a crime itself in any legal framework we know. Here the prosecutor might mean that DoubleVPN operators/owners tried to remain anonymous? If so, that sounds like a bad premise for the owners of any service, as they must be available to be contacted timely by any competent authority, because in the EU and the USA, in order to keep the mere conduit status and/or any liability exception for the actions of the users, one of the requisites is that a service provider acts quickly to stop an ongoing illegal activity when it comes to know about such illegal activity. Of course, presumption of innocence stands, and it will be crucial to know exactly which laws would have been infringed by the service, and if the allegations will hold in court. Kind regards

Hello! We did not know DoubleVPN, in the last years dozens (hundreds?) of VPN have been born around the world and we know only a part of them. It's strictly necessary to know which exact law(s) of which legal framework(s) the service would have allegedly infringed. Perhaps we will know that only during the hearing, when we will also see whether the allegations and charges will hold in court. According to the articles you passed to us, it's not possible to comment properly at this stage. Does anyone have more precise information? Kind regards

@flat4 Hello! The agreements between intelligence offices to exchange information more liberally are irrelevant for our purposes, due to the nature of our service. They do not make the situation worse. You have absolutely no additional protection from traffic monitoring by intelligence agencies according to the location of the server, as Snowden documents show. If the adversary has such vast powers, our service is insufficient by itself alone in any case and in any country, and the only level of defense (which may be very effective!) is enforcing what we call "partition of trust". https://airvpn.org/forums/topic/54-using-airvpn-over-tor/?tab=comments#comment-1745 Provided that the target device is not compromised. of course... any attacker with vast power and precise targets will save time and efforts by simply cracking the device of the target, instead of hunting packets all around the world and correlating them. Kind regards

@monstrocity Hello! The errors and embezzlement caused by bogus copyright notices are notorious since 2008 at least. That's a decisive reason to understand how the graduated response must include the constitutional right to a due process, and that each copyright infringement claim must be validated or rejected by a court, if the alleged infringer wants to exercise her fundamental right to a due process with presumption of innocence. How bogus notices can be sent, and how a malicious user knowing your IP address can trivially cause an arbitrary amount of copyright notices to be sent to you, was well explained many years ago in the scientific paper "Why my printer received a DMCA takedown notice". http://dmca.cs.washington.edu/uwcse_dmca_tr.pdf The fact that, in spite of all the above, various companies still dream of automated graduated response and deletion of the right to a due process and the right to legal defense shows, in our opinion, the mental imbalance of certain persons and the hidden agenda to keep making money with bogus activities: business for companies which offer their services to monitor p2p swarms and automatically generate notices was quite big years ago. And it's also sad to see, when citizens defend the copyright mafia graduated response concept, how easily many citizens are inclined to renounce to fundamental, human rights. @ProphetPX The news you reported seem to be confirmed independently by TorrentFreak, which published a day earlier: https://torrentfreak.com/comcast-suspends-internet-connection-for-downloading-torrents-210630/ Kind regards

@cheapsheep @sooprtruffaut Hello! We aim at maintaining backward compatibility, but what you mention is a different case,. "Old" directives work as usual and have not been changed. New directives, which in previous versions were not available, have been added. Please note that country and aircountry are totally different directives, check the documentation: country: (string) ISO code of the country where your computer is located in. [...] aircountry: (string) Name of AirVPN country to be used for boot connection by means of airconnectatboot directive. In this specific case, airconnectatboot must be assigned to "country" option. When this mode is enabled, AirVPN connection will be established with the best performing server of the specified country. Default: empty. Moreover, please note that cipher and aircipher are also quite different directives with different purposes. Check the documentation again. https://airvpn.org/suite/readme/ As @cheapsheep noticed, in order to specify the data channel cipher for connectatboot mode, you need aircipher. This should resolve the error you experience. That said, this error will be investigated, because it might hide some bug according to your report. Kind regards

@OpenSourcerer Just to clarify that this is not "fake news": https://www.eff.org/deeplinks/2021/06/if-not-overturned-bad-copyright-decision-will-lead-many-americans-lose-internet A moderator can not threaten an ex ante, pre determined censorship based on the source of the information, be it a web site or anything else. Before you enforce your censorship power we gave you, you must cross-check and verify. If you are not able to do so beyond a reasonable doubt, or you have not the time or will to do so, do not censor. Kind regards

@MateoPeri Hello! We're sorry, you can't do that from within Hummingbird. You might catch from Hummingbird output (Hummingbird prints to stdout, so you can pipe its output trivially) the string "CONNECTED". When it is caught, you run what you want and (contrarily to OpenVPN) you are not forced to do it with root privileges, which is an important security bonus. If you run Linux, consider Bluetit. It sends a D-Bus event when a connection is established. The developer's documentation is being written and it may come handy for your use case too. Stay tuned in the "News" forum, when the documentation is ready we will announce it there. Kind regards

@frisof Hello! Geo-routing (aka "micro-routing") information is reported here: https://airvpn.org/forums/forum/10-websites-support/ If some web site is not reported and you notice a geo-routing in place, a possible explanation is that the web site uses a CDN we have already "geo-routed" for some other service. Feel free to report. Kind regards

Hello! Tables include data that's 7 years old (connection slots three, countries 16, servers 138?!? it's something from 2014), screenshots are taken from another web site, the concerns about the terms of service are taken from a fantasy world (*). They are so inept hat they even failed to report correctly our prices. They do not clearly state that they are paid by our competitors, while we always refuse to pay for reviews which is probably what bothers them most, because if this fair practice was widespread, there would be no more room for bogus reviews parasites. (*) Please read the Terms of Service yourself and you'll see. It's like in some part they are talking about some other VPN service, as if the article was a frankenstein-ish copy & paste and something went wrong with a mixture of different service reviews .🤣 Note that this thread will soon be moved to trash forum. Kind regards

@Terry Stanford Hello! That sounds partially wrong, please link us this answer because we can't find it. If it was from a Staff member it needs to be fixed. We do. Please keep us informed, or inform the support team, as you prefer. Kind regards

@Terry Stanford Hello! We just made sure that support team really passed the ticket to Eddie developer for additional investigation and we see that they did so on 2021-05-06. Unfortunately it seems that the issue could not be reproduced and therefore the bug you reported is still there and can't be found. Wait, do not twist words and basic meaning. You were told that when your Mac turns off the physical network interface it is unavoidable that a VPN connection is lost, because it's the physical connection to the Internet that gets lost, obviously. That said, we do understand your anger and frustration because your reports show a substantial range of malfunctions which would irritate anybody. Sadly the main problem (for any software) in such cases is when a malfunction is reported and nobody in the development team manages to reproduce it, no matter how they try. When a malfunction is invisible (not reproducible) on development and testing systems, you have no idea where to search for the bug(s) causing it. We would like to propose you something alternative which we see the support team did not: would you like to test Hummingbird and check what happens under the same conditions, in your Mojave system? Since when your problems started, a new and more efficient Hummingbird version has been released, and it runs (for throughput) a lot faster than the previous version as well as OpenVPN 2. About Hummingbird: https://airvpn.org/hummingbird/readme/ Yes we know, you will not have a GUI, but it would be a test which might provide some clue by comparison, and who knows, maybe Hummingbird will be less problematic than Eddie in your system. Kind regards

@ProphetPX Hello! The "graduated response" in the United States (aka "three strikes") was a voluntary agreement between ISPs and copyright holders to terminate the line of an alleged copyright infringer for several months or one year, without court order and inaudita altera parte (no right to defense ex ante) and put him/her in a black list so that he/she can't re-connect to the Internet with any other provider while he/she serves his/her sentence for the alleged, unproven behavior. The agreement was followed by most if not all ISPs from 2011 to 2017, causing tens of thousand of controversial disconnections. However, it had no impact at all on on the amount of copyright infringements and it was abandoned in 2017. Sony attempt might aim at transforming the abandoned voluntary agreement into an obligation by law as it is in France, New Zealand and South Korea for example, by eroding, through a legal precedent, the safe harbor liability exemptions in the USA for ISPs. The graduated response is totally ineffective against those who protect their traffic behind serious VPN services. https://en.wikipedia.org/wiki/Graduated_response https://en.wikipedia.org/wiki/Online_Copyright_Infringement_Liability_Limitation_Act Kind regards

@yatt007 Hello! The iP address you mention 116.203... is one of our IP addresses and it is used by a CH re-routing server. Puzzle solved. Kind regards

Hello! Nothing, it's a server side "problem", not Hummingbird's. If the server does not answer within 10 seconds Hummingbird will retry. The 10 seconds value can be modified via command line options (not possible via Eddie anyway). It seems an irrelevant issue anyway, so you might safely ignore it. Kind regards

@yatt007 Hello! It looks fine... and what are your Operating System name and exact version? Have you checked whether your system queries only VPN DNS? We forgot to tell you that one of the ways you can do that is browsing https://ipleak.net while your system is connected to the VPN. Kind regards

@Maggie144 Here: . 2021.06.16 14:19:55 - Hummingbird > EVENT: WAIT . 2021.06.16 14:20:05 - Hummingbird > Server poll timeout, trying next remote entry... the 10 seconds delay you notice are caused by the fact that the remote server does not answer within 10 seconds. The next attempt to the very same server is successful. Can you please try with Hummingbird alone (without Eddie) and check whether the same problem occurs? Kind regards

@Maggie144 Hello! We can't see this behavior, can you please send us the complete log? pf rules are 100% effective in M1 too. Kind regards

@yatt007 Hello! Yes, 95.110... is our geo-routing server in Italy. As you previously noted, geo-routing for some destination can be "on" or "off", it can't be "intermittent". Maybe the destination service uses a series of host names and IP addresses and some of them are re-routed and some are not, or maybe your system doesn't query all the times VPN DNS (the only way to be re-routed is querying VPN DNS). To begin with a preliminary verification, can you please check the second option, and make sure that your system only and exclusively queries VPN DNS? Kind regards

So what? Kind regards

@monstrocity Hello! Once again: the warnings you get are not an issue, they are intended and expected, and they must appear for the already mentioned reasons. HB 1.1.1. does not print them only because they were not implemented at that time, but Eddie invokes HB in the same way, so you should not use 1.1.1. You can safely run Eddie + Hummingbird 1.1.2 when you don't run systemd-resolved or when you run systemd-resolved configured to respect /etc/resolv.conf .- otherwise you must run Hummingbird alone, or Bluetit+Goldcrest. If the other issue re-occurs (that's the one unexpected issue) please do not forget to save the log, thanks in advance! @jrredho Both Bluetit and Hummingbird can handle swiftly DNS push & restore in Fedora 33 and 34, and in general under any systemd-resolved configuration (including the Windows-ish one Fedora picked as a default setting since 33 release). Fedora 34 is one of our primary development and testing environments so we are confident that you will have no problems at all with the new AirVPN Suite 1.1.0, but of course feel free to report. Kind regards

@monstrocity Hello! Eddie handles DNS by itself. As @OpenSourcerer noted, Eddie runs Hummingbird with --ignore-dns-push. This happened even in the past, but HB 1.1.2 now logs more accurately and warns you that it has been ordered to ignore DNS push. Therefore you should upgrade to HB 1.1.2 and not use older versions anymore. An important implication of the above choice for Eddie is that Eddie + Hummingbird is not usable in systems where systemd-resolved is configured to not respect /etc/resolv.conf settings (example: Fedora 33 and 34). In such systems Eddie should not be used as it can not handle DNS, while Hummingbird and Bluetit can. No, it's not a compatibility issue, it's only that Hummingbird by default handles DNS push. We can't reproduce the issue, can you please send us HB log showing the problem and any (if any) additional clue to reproduce the problem? Can you also tell us what you mean exactly with "Only logging out or restarting"? Kind regards

@KovaKovi Hello! Assuming that you connect to entry-IP address 3, you can get all the IP addresses you ask for by resolving the following name: europe3.all.vpn.airdns.org Query in TCP because the answer is too long for an UDP DNS query. Example with dig: dig +tcp +short europe3.all.vpn.airdns.org Kind regards

@cdysthe @Drk01 Hello! If those solutions are too complex, you might consider a Virtual Machine. Nowadays software like VirtualBox and VMWare make running a VM a piece of cake, you just need some time (once and for all) to install an OS from scratch. Then you can connect only the VM to the VPN (exactly as you do now in your machine) and use the applications whose traffic must be tunneled only in the VM. Host traffic will remain out of the VPN. Kind regards

Hello! We're very glad to inform you that we have just released Hummingbird 1.1.2 for macOS (High Sierra or higher version required). Hummingbird is available natively both for Intel and M1 based Mac computers. Hummingbird is free and open source released under GPLv3: https://gitlab.com/AirVPN/hummingbird Main features Lightweight and stand alone binary No heavy framework required, no GUI Small RAM footprint Lightning fast Up to 100% higher throughput than OpenVPN 2.5 (on 1 Gbit/s lines) Based on OpenVPN 3 library fork by AirVPN Robust leaks prevention through Network Lock based on pf - working perfectly on Big Sur too Proper handling of DNS push by VPN servers What's new Remarkably higher performance  Hummingbird 1.1.2 is based on the latest OpenVPN AirVPN library version linked against OpenSSL, and not mbedTLS anymore. OpenSSL latest versions in macOS have reached higher performance than mbedTLS both in encryption and decryption based on AES and CHACHA20-POLY1305 ciphers. The current 1.1.2 version has been additionally optimized and can now provide higher performance than 1.1.1. According to our tests now Hummigbird can reach, both on Intel i7 and M1 machines, with AES-GCM-256, 400 Mbit/s of download rate (CHACHA20 is slower as it can't still compete with AES-NI). On equal ground, as a comparison, OpenVPN 2.5.2 (our new binary optimized for M1) can reach 200 Mbit/s (only half of the speed!). Therefore, we strongly recommend that you test Hummingbird 1.1.2 even if you run Eddie. Remember that you can run Hummingbird through Eddie comfortably and quickly by setting the proper option. Hummingbird 1.1.2 is linked against latest OpenVPN3-AirVPN library. Changelog Version 1.1.2 - 4 June 2021 - [ProMIND] updated all dependencies and libraries *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Version 1.1.2 RC 4 - 14 May 2021 - [ProMIND] DNS backup files are now properly evaluated when determining dirty status - [ProMIND] ProfileMerge is now constructed by allowing any file extension - [ProMIND] Reconnection (SIGUSR2) is now allowed only in case tun persistence is enabled *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Version 1.1.2 RC 3 - 16 April 2021 - [ProMIND] Release Candidate 3 *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Version 1.1.2 RC 2 - 14 April 2021 - [ProMIND] Release Candidate 2 *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Version 1.1.2 RC 1 - 7 April 2021 - [ProMIND] Release Candidate 1 *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Version 1.1.2 - 2 April 2021 - [ProMIND] Updated base classes *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Download Hummingbird for macOS is distributed in notarized and plain versions, both for Intel and M1 processors: Check the download page: https://airvpn.org/macos/hummingbird/ The difference is about how the package is seen by macOS security and it is therefore up to the user to pick the distribution file suiting his or her needs best. The notarized version is compliant to macOS software security scheme and runs "out-of-the-box", whereas the plain version needs to be explicitly granted permission to run by the user in macOS security & privacy settings. Please note that both versions ensure the same functionality in connecting a VPN server, it is however up to the user to decide whether using the signed and notarized version or not. Jump to the manual: https://airvpn.org/hummingbird/readme Kind regards & datalove AirVPN Staff