AirVPN (VPN Services)

New to this forum so forgive me if I am posting something that has already been suggested. I searched the forum and there were not results for AirVPN.

It seems like AirVPN meets the requirements to be a recommended VPN service. If it does not I would be interested to hear what its lacking.

Thanks!

It doesn’t have any audits. At least, I can’t find any.

1 Like

Yeah after looking it does appear that way.

From looking at their forums it seems like the reasoning (at least based on user responses) is some mix of

  • all of their clients code is open source, builds are reproducible and verifiable so you don’t need to trust their binaries
  • they published in-depth guide to how their infrastructure works allowing anyone to essentially re-implement their clients
  • it offers tor over airvpn / airvpn over tor as options for those who do not trust airvpn

Do not use that feature. The point of using Tor is that you do not trust your VPN provider. Currently Tor only supports the TCP protocol. UDP (used in WebRTC for voice and video sharing, the new HTTP3/QUIC protocol, etc.), ICMP and other packets will be dropped. To compensate for this, VPN providers typically will route all non-TCP packets through their VPN server (your first hop). This is the case with ProtonVPN. Additionally, when using this Tor over VPN setup, you do not have control over other important Tor features such as Isolated Destination Address (using a different Tor circuit for every domain you visit).

The feature should be viewed as a convenient way to access the Tor Network, not to stay anonymous. For proper anonymity, use the Tor Browser, TorSocks, or a Tor gateway.

Source: How Do VPNs Protect Your Privacy? Our VPN Overview - Privacy Guides

1 Like

This really just seems like a bunch of excuses to save money or hide something, but that’s just my opinion.

1 Like

Yeah I don’t. I was just mentioning the feature as it seemed to be a common reason for there not to be a need for audits. At least from the users on their forum, I could not find any official reasoning.

I definitely think that’s a fair conclusion although I don’t think a lack of audits should be seen as evidence of something nefarious.

Maybe so, but it definitely does mean that it doesn’t meet our criteria for inclusion:

3 Likes

yeah for sure, I appreciate the team sticks to their guidelines.

I never understood how they claim no logs, but then they literally have a gamified scoreboard of usage.
Even worse, they have a ranked list of longest connected users… those users haven’t rebooted their computers for security updates :frowning:

3 Likes

Here is how they explain it:

  • Only online users.
  • Data collected from current sessions in real-time, that we inevitably known. No history is kept, no data-retention is performed.

As to:

Even worse, they have a ranked list of longest connected users… those users haven’t rebooted their computers for security updates

My assumption is that anyone on this list are using a VPN at the network level, on a router, a network appliance, or maybe a seedbox or server of some kind. I know some people are weirdly opposed to updating or restarting their desktop, but I don’t imagine even those people are going 6+ months without ever restarting, shutting down, or logging out.

Sorry to necro, I just found out about the forums.

I agree with Jonah here. I do use Air for now, since its pricing is hard to beat. Proton keeps on raising prices too quickly. Mullvad doesn’t support port forwarding anymore, sadly.

I am thinking the main reason behind not getting a full audit is because they are a smaller team and likely generate nowhere the amount of revenue that Proton or other VPNs do.

If there is any desire for it, I can contact their support and see if there any plans in their getting a proper audit.

2 Likes

Hey, this was my first post at PG :blush: Brings back memories seeing it rise from the dead.

Not needed. They have given their answer on audits multiple times on their forum.

Our software is free and open source, while we repute at the moment not acceptable to provide external companies with root access to our servers to perform audits which can not anyway guarantee future avoidance of traffic logging or transmission to third parties. On the contrary, we deem very useful anything related to penetration tests. Such tests are frequently performed by independent researchers and bounty hunters and we also have a bounty program.

As I said back when this post was first made, I think PG is correct in sticking with its criteria but, I also think that forum members tend to default to equating a lack of audits as being nefarious which, without evidence, I think is misguided.

5 Likes

I like their response.

Our software is free and open source, while we repute at the moment not acceptable to provide external companies with root access to our servers to perform audits which can not anyway guarantee future avoidance of traffic logging or transmission to third parties. On the contrary, we deem very useful anything related to penetration tests. Such tests are frequently performed by independent researchers and bounty hunters and we also have a bounty program.

Or at least, it seems sound to me. Having an audit doesn’t mean that you keep on upholding best practices after the audit. It could even be used as a marketing tool. Having an ongoing bounty hunter program seems ideal. But I don’t know how intensive this would be versus a normal audit either.

I found this page on it: AirVPN

It seems as though only one person was able to redeem a bounty, at the bottom of this page.

2 Likes