Hey dear community!
Any opinions about Windscribe VPN and how they handle things?
We would be thankful for any input!
I personally donât want to use a VPN in NA.
Makes sense, thank you for the answer, @InconspicuousEntity !
We did away with the âeyesâ nonsense some time ago, because itâs only one treaty of many. Many countries also do invasive surveillance nowadays. Itâs also not 2012 anymore.
Weâre waiting for their write-up Add Windscribe by dngray ¡ Pull Request #1312 ¡ privacyguides/privacyguides.org ¡ GitHub
4 Likes
It was actually based on more lengthy discussions with other people that were in other threads, and in Matrix, additionally there is constructive reasoning provided behind these scribbles as you put it.
1 Like
Awesome, this discussion and vetting was exactly what we were looking for.
I should have checked Github as well for issues.
Thank you again for the great input, Daniel!
2 Likes
I honestly do not think the Ukrainian event should be forgotten or forgiven.
I believe that it can be said that many other VPN providers did not have such huge fuck ups and are considerably more worthy of being recommended by such a popular privacy guide.
I also find it fairly worrisome for privacyguides to recommend a VPN led by a CEO that behaves like an unhinged child on Twitter.
4 Likes
I think if we were going to start judging projects based on how unhinged their developers are, there are a number of existing recommendations I can think of that we would have to reconsider.
That being said, VPN providers do require a bit more trust than usually expected, so itâs something we can factor in. I donât think we would recommend against Windscribe on the basis of a Tom Spark YouTube video alone.
8 Likes
What I do like about them is they were honest about the scope and took steps to make sure it could never happen again. All of their servers now operate in RAM, which is about the best you can hope for with a public VPN provider. They do seem to have a strong understanding of PKI, and use short lived certificates.
They also have other informative articles rather than just âmarketing SEO fluffâ like a lot of VPN companies do.
We still would be waiting for that audit likely they were fixing and refactoring code to be publicly available.
Itâs Tom Sparks, of course heâs going to be a sensationalist twit. His whole take on the PTIO/PG transition was to support Marco Wollankâs (BurungHantu) lies without any research/comment from the other side (us) and then to make some crappy âhit pieceâ for his channel. When challenged on Twitter there was silence. Apparently that stemmed from a post on Reddit where I suggested he had a strange obsession with Tor Guard and his âreviewsâ werenât very scientific, only speed tests and no real evaluation of apps, their kill switches, (whether the implementation is safe) or other features such as IPv6 routing, port forwarding etc, if they are open source, or if theyâve had audits. I donât know whether that has improved, as I donât watch his videos and am not his target audience.
I have found that Windscribe has been professional in the limited correspondence I have personally had with them, regarding questions about their service.
3 Likes
Hi folks, man child here.
Firstly, Iâll say that citing Tom Spark as a source in the VPN space is like citing the opinion of a 12 year old on middle-eastern geopolitics. His recent opinion changed, not sure why but now weâre âA tierâ: The WindScribe Review - Done by a True VPN Master Elite Hackerman Anonymous Incarnate - YouTube
Anyhow, back on topic of the Ukraine thing. Server seizures happen all the time, for all VPN providers as itâs a function of network size and how many people use the service. Bigger services will have more seizures. This was not our first nor the last, and itâs normally not a big deal or ânews worthyâ.
What made that one different, is the events described in the blog post (the primary source of news from the event). It would have been real easy to say nothing, and rotate the certs as a âpreventative security measureâ (as some VPNs have done previously) and not a single person outside the company would ever know.
That being said, I can almost guarantee you such an event occurred with many other VPN providers and they simply said nothing, to avoid threads like this. Especially when itâs so easy to say nothing and brush it under a rug.
Donât confuse our complete transparency for weakness. We made a mistake, we let everyone know, we learned from it, and deployed a superior solution which you can verify yourself vs other VPNs using steps mentioned in the blog post. Not a single provider that is currently subject to the same issue we had bothered to fix it, almost 2 years later.
I hope the above sheds some light on this.
10 Likes
I suspect not for long after posting this message 
While I have you here, I think we are still waiting for this, right?
2 Likes
I addressed the questions there. The full ânode auditâ will be made public when the new node stack actually hits production. Itâs still pre-release.
We could publicize the one we have from Cure53, but it would be rather meaningless as what was audited is not in production.
Here is a quick summary of that, all of this was already fixed.
4 Likes
I think if we were going to start judging projects based on how unhinged their developers are, there are a number of existing recommendations I can think of that we would have to reconsider.
I strongly believe you should make mention of this in general on products. Privacy is based on trust. Trust comes from integrity, history and professionalism.
1 Like
Any news on this? Windscribe offers port forwarding, which IVPN/ProtonVPN/Mullvad all dropped recently. Perhaps that makes it worth adding to the Guide?
Why WS is still not added to the recommended VPN list?
@Regime6045 ProtonVPN supports port forwarding.
@Bhaelros I think weâre still waiting for the things weâve been waiting for this whole time?
-
The iOS client hasnât been open sourced https://github.com/privacyguides/privacyguides.org/pull/1312#issuecomment-1563379064
-
Their full node audit hasnât been released:
We are currently undergoing a full audit of our server stack which should be published in early 2023.
https://windscribe.com/knowledge-base/articles/has-windscribe-been-audited
Iâd love to add more services, but our criteria is well-defined, and unless weâre going to change them in order to list Windscribe, Windscribe isnât going to be recommended. The simple fact is that there are already three services which do meet our criteriaâso our criteria obviously isnât too strictâand Windscribe isnât demonstrably better than our recommendations as far as I know, so all we can do is wait 
5 Likes
1 Like
This researcher is lucky they arenât being sued. His behavior was unethical and borderline illegal.
This came from pointless drama which started after Windscribe published a relief code for Brazil, because Twitter/X was threatened with a ban in that region. One person didnât take this well and cancelled their subscription because they were mad because fighting censorship is apparently right-wing. Then lead into this guy (probably friends) who said theyâd gladly drop a 0 day in their âshitwareâ, and so they did:
https://twitter.com/gergely_kalman/status/1778208316008607812
Hereâs the whole reply chain if youâre interested. The researcher is acting like a 5 year old that didnât get his bottle:
https://twitter.com/yegor/status/1778808157675876419
The bounty he would have received was donated to a Brazilian charity for the disabled.
2 Likes
i canât see twitter comment chains since i donât have a account. and nitter is now dead. if you could take a screenshot of the thread that would be very helpful
1 Like
Seems to have started with this weirdo who is hell-bent on defending censorship and government overreach: https://twitter.com/PhilippeDelteil