Heyy… could you elaborate what that means? And why it’s a bad sign?
as a serious contender in the field, I’d be very interested to hear your honest thoughts on the technical aspects here @obscuracarl . Hope it’s ok to tag you.
One of the bigger issues is now you potentially have a third party with unrestricted to access to the VPNs infrastructure.
The other issue with KPMG is they typically only serve VPNs with checkered pasts such as ExpressVPN or PureVPN which puts the whole audit process in question.
You won’t see higher quality VPNs such as Mullvad, IVPN, or Proton ever use them. Auditors just like VPN providers come in a wide range of quality.
1 Like
The list of companies that are affiliated with Israel and the US might be useful, however the VPN is not interesting at all, I have better VPN services like Windscribe.
No VPN is perfect (not even Obscura!), but a few things that I feel like are “table-stakes” for new, trustworthy VPNs:
- Source code available for anyone to see, not just an auditing firm. (for us)
- Full WireGuard support: The protocol is just miles better than OpenVPN, and it seems like this VPN only supports on a Pro plan? (for us)
- Some kind of improvement over “trust our audit” for no-logging (for us)
- (stretch goal) Some kind of obfuscation for WireGuard protocol, it’s a great protocol but easily fingeprint-able (for us)
I will say that KPMG is not really known (at least to me) to be the best security auditor… But I haven’t worked with them so I won’t make a firm statement here. They’re really known for financial audits more than anything.
6 Likes
To me, this provider seems to be a scam. Their website features a selection of reviews that are supposed to reflect the opinions of their users, but the reviews appear to be fake. When I search for reviews on various review sites, I can’t find anything. I suspect that they wrote these reviews themselves, especially since two out of three reviewers have Arabic names. That could be a coincidence, of course. The text of the reviews seems to me to be heavily AI-generated content. My first impression after just one minute on the website is that it lacks credibility.
When I search for “Boycat” online, I also find many more negative than positive comments, contrary to what is presented on their website. This situation seems very suspicious to me. I would not trust this VPN. However, that is only my first impression.
1 Like
I agree. On this website, if you forget your password, you cannot reset it, as there is no button for this purpose. That can be quite problematic. For me the website appears to be suspicious.
To be fair, even tho I do share your initial skepticism about the reviews and AI-generated tone, I do know that the devs have been running for 3 month testing before this first initial release and so they could’ve and probably did ask for reviews from these testers.
The fact that there are 3 Arabic names means nothing for several reasons: 1- these could be psuedonyms anyway, and 2- the audience is largely anti-Zionist crowd.
However regarding boycat, the app is legit and has a large and growing audience I know that personally. Even tho it’s imo bloated as fuck and should follow better open and free software standards.
If you really want to avoid anything affiliated with the US or Israel, better throw out your phone, laptop, and move into a cave.
2 Likes
“That which cannot be attained in full should not be abandoned in full".”
1 Like
Hi @jonah ,
I was wondering, does this KPMG audit count as: “Published security audits from a reputable third-party firm.”?
(Taken from the VPN criteria. I’m trying to assess where this thing stands in light of PG’s VPN criteria)
the quote says reputable, which New VPN launched by Boycat, BuycatVPN - #27 by obscuracarl says they never heard of them; neither have I.
1 Like
Did they publish the audit?
Is there a list of most reputable auditors in cyber security?
Btw I tried to do a quick search and found kpmg listed highly here for ex: (and several other lists)
They’re also one of them big four.
If your can share any trusted list from actual trusted sources I’d really appreciate it
I highly doubt that this is a reputable and independent source.
1 Like