Opinions on Windscribe VPN?

Hey dear community!

Any opinions about Windscribe VPN and how they handle things?
We would be thankful for any input!

I personally don’t want to use a VPN in NA.

Makes sense, thank you for the answer, @InconspicuousEntity !

We did away with the “eyes” nonsense some time ago, because it’s only one treaty of many. Many countries also do invasive surveillance nowadays. It’s also not 2012 anymore.

We’re waiting for their write-up Add Windscribe by dngray · Pull Request #1312 · privacyguides/privacyguides.org · GitHub

3 Likes

It was actually based on more lengthy discussions with other people that were in other threads, and in Matrix, additionally there is constructive reasoning provided behind these scribbles as you put it.

1 Like

Awesome, this discussion and vetting was exactly what we were looking for.
I should have checked Github as well for issues.

Thank you again for the great input, Daniel!

2 Likes

I honestly do not think the Ukrainian event should be forgotten or forgiven.

I believe that it can be said that many other VPN providers did not have such huge fuck ups and are considerably more worthy of being recommended by such a popular privacy guide.

I also find it fairly worrisome for privacyguides to recommend a VPN led by a CEO that behaves like an unhinged child on Twitter.

4 Likes

I think if we were going to start judging projects based on how unhinged their developers are, there are a number of existing recommendations I can think of that we would have to reconsider.

That being said, VPN providers do require a bit more trust than usually expected, so it’s something we can factor in. I don’t think we would recommend against Windscribe on the basis of a Tom Spark YouTube video alone.

6 Likes

What I do like about them is they were honest about the scope and took steps to make sure it could never happen again. All of their servers now operate in RAM, which is about the best you can hope for with a public VPN provider. They do seem to have a strong understanding of PKI, and use short lived certificates.

They also have other informative articles rather than just “marketing SEO fluff” like a lot of VPN companies do.

We still would be waiting for that audit likely they were fixing and refactoring code to be publicly available.

It’s Tom Sparks, of course he’s going to be a sensationalist twit. His whole take on the PTIO/PG transition was to support Marco Wollank’s (BurungHantu) lies without any research/comment from the other side (us) and then to make some crappy “hit piece” for his channel. When challenged on Twitter there was silence. Apparently that stemmed from a post on Reddit where I suggested he had a strange obsession with Tor Guard and his “reviews” weren’t very scientific, only speed tests and no real evaluation of apps, their kill switches, (whether the implementation is safe) or other features such as IPv6 routing, port forwarding etc, if they are open source, or if they’ve had audits. I don’t know whether that has improved, as I don’t watch his videos and am not his target audience.

I have found that Windscribe has been professional in the limited correspondence I have personally had with them, regarding questions about their service.

3 Likes

Hi folks, man child here.

Firstly, I’ll say that citing Tom Spark as a source in the VPN space is like citing the opinion of a 12 year old on middle-eastern geopolitics. His recent opinion changed, not sure why but now we’re “A tier”: The WindScribe Review - Done by a True VPN Master Elite Hackerman Anonymous Incarnate - YouTube

Anyhow, back on topic of the Ukraine thing. Server seizures happen all the time, for all VPN providers as it’s a function of network size and how many people use the service. Bigger services will have more seizures. This was not our first nor the last, and it’s normally not a big deal or “news worthy”.

What made that one different, is the events described in the blog post (the primary source of news from the event). It would have been real easy to say nothing, and rotate the certs as a “preventative security measure” (as some VPNs have done previously) and not a single person outside the company would ever know.

That being said, I can almost guarantee you such an event occurred with many other VPN providers and they simply said nothing, to avoid threads like this. Especially when it’s so easy to say nothing and brush it under a rug.

Don’t confuse our complete transparency for weakness. We made a mistake, we let everyone know, we learned from it, and deployed a superior solution which you can verify yourself vs other VPNs using steps mentioned in the blog post. Not a single provider that is currently subject to the same issue we had bothered to fix it, almost 2 years later.

I hope the above sheds some light on this.

7 Likes

I suspect not for long after posting this message :slight_smile:

While I have you here, I think we are still waiting for this, right?

2 Likes

I addressed the questions there. The full “node audit” will be made public when the new node stack actually hits production. It’s still pre-release.

We could publicize the one we have from Cure53, but it would be rather meaningless as what was audited is not in production.

Here is a quick summary of that, all of this was already fixed.

4 Likes

Hey man child,

Firstly, I’ll say that citing Tom Spark as a source in the VPN space is like citing the opinion of a 12 year old on middle-eastern geopolitics.

I’m not citing Tom Sparks as a source for VPN trustworthiness, but your clear outburst on a public forum.This was stupidly unprofessional and you keep showing your lack of professionalism here.

It’s kind of obvious the guy is a fucking moron when his first pick is a closed source VPN.

This was not our first nor the last, and it’s normally not a big deal or “news worthy”.

Yes, the fuck ups of one-self is never newsworthy, only the fuck ups of others ;).

That being said, I can almost guarantee you such an event occurred with many other VPN providers and they simply said nothing, to avoid threads like this.

Baseless speculation and smearing, cool. I’m sure it happens to garbage ass crap like Tunnelbear or PureVPN. But this is to be the most trustworthy. Incompetence makes you lose trustworthiness.

I’ll stick to NOT supporting the VPN that uses outdated encryption technologies like 4096-bit RSA keys.

I’m out and will suppress notifications from this thread.

1 Like

I think if we were going to start judging projects based on how unhinged their developers are, there are a number of existing recommendations I can think of that we would have to reconsider.

I strongly believe you should make mention of this in general on products. Privacy is based on trust. Trust comes from integrity, history and professionalism.

1 Like

# of server seizures = # of active users * percentage of people engaged in "seizure worthy" (illegal) activity.

Therefore, the bigger the VPN, the more seizures they have. That’s just a simple fact. We get about 1 seizure per year, on average. All but the one we disclosed was a non-event with no impact. Nord/Express/PIA were around for longer, and are bigger than Windscribe.

Any VPN company that does not operate RAM disk nodes, or use encryption is therefore subject to this exact issue. RAM disk nodes only became “cool” in the last ~4 years, at least based on public info released by VPN companies. Therefore, any seizure that occurred before because neither mitigation was in place would have resulted in an identical situation.

Here are just some of these events, impact of which was exactly the same.

Difference here, is the PR spin. “preventative security update” (its not, its an IDENTICAL situation), “server held no useful information for the authorities” (no VPN server ever does).

Had we been assholes, we could have said the exact same thing: “Ukraine servers were sized, no data was on them, so it’s all good. Btw we’re rotating the keys for extra security”.

Had we followed the lead of the “industry incumbents” this thread wouldn’t exist and you would know nothing about this event.

3 Likes

Any news on this? Windscribe offers port forwarding, which IVPN/ProtonVPN/Mullvad all dropped recently. Perhaps that makes it worth adding to the Guide?

Why WS is still not added to the recommended VPN list?

@Regime6045 ProtonVPN supports port forwarding.

@Bhaelros I think we’re still waiting for the things we’ve been waiting for this whole time?

I’d love to add more services, but our criteria is well-defined, and unless we’re going to change them in order to list Windscribe, Windscribe isn’t going to be recommended. The simple fact is that there are already three services which do meet our criteria—so our criteria obviously isn’t too strict—and Windscribe isn’t demonstrably better than our recommendations as far as I know, so all we can do is wait :man_shrugging:

5 Likes
1 Like

This researcher is lucky they aren’t being sued. His behavior was unethical and borderline illegal.

This came from pointless drama which started after Windscribe published a relief code for Brazil, because Twitter/X was threatened with a ban in that region. One person didn’t take this well and cancelled their subscription because they were mad because fighting censorship is apparently right-wing. Then lead into this guy (probably friends) who said they’d gladly drop a 0 day in their “shitware”, and so they did:
https://twitter.com/gergely_kalman/status/1778208316008607812

Here’s the whole reply chain if you’re interested. The researcher is acting like a 5 year old that didn’t get his bottle:
https://twitter.com/yegor/status/1778808157675876419

The bounty he would have received was donated to a Brazilian charity for the disabled.

2 Likes