Hey dear community!
Any opinions about Windscribe VPN and how they handle things?
We would be thankful for any input!
I personally donât want to use a VPN in NA.
We did away with the âeyesâ nonsense some time ago, because itâs only one treaty of many. Many countries also do invasive surveillance nowadays. Itâs also not 2012 anymore.
Weâre waiting for their write-up https://github.com/privacyguides/privacyguides.org/pull/1312#issuecomment-1220699208
1 Like
It was actually based on more lengthy discussions with other people that were in other threads, and in Matrix, additionally there is constructive reasoning provided behind these scribbles as you put it.
Awesome, this discussion and vetting was exactly what we were looking for.
I should have checked Github as well for issues.
Thank you again for the great input, Daniel!
2 Likes
I honestly do not think the Ukrainian event should be forgotten or forgiven.
I believe that it can be said that many other VPN providers did not have such huge fuck ups and are considerably more worthy of being recommended by such a popular privacy guide.
I also find it fairly worrisome for privacyguides to recommend a VPN led by a CEO that behaves like an unhinged child on Twitter.
2 Likes
I think if we were going to start judging projects based on how unhinged their developers are, there are a number of existing recommendations I can think of that we would have to reconsider.
That being said, VPN providers do require a bit more trust than usually expected, so itâs something we can factor in. I donât think we would recommend against Windscribe on the basis of a Tom Spark YouTube video alone.
1 Like
What I do like about them is they were honest about the scope and took steps to make sure it could never happen again. All of their servers now operate in RAM, which is about the best you can hope for with a public VPN provider. They do seem to have a strong understanding of PKI, and use short lived certificates.
They also have other informative articles rather than just âmarketing SEO fluffâ like a lot of VPN companies do.
We still would be waiting for that audit likely they were fixing and refactoring code to be publicly available.
Itâs Tom Sparks, of course heâs going to be a sensationalist twit. His whole take on the PTIO/PG transition was to support Marco Wollankâs (BurungHantu) lies without any research/comment from the other side (us) and then to make some crappy âhit pieceâ for his channel. When challenged on Twitter there was silence. Apparently that stemmed from a post on Reddit where I suggested he had a strange obsession with Tor Guard and his âreviewsâ werenât very scientific, only speed tests and no real evaluation of apps, their kill switches, (whether the implementation is safe) or other features such as IPv6 routing, port forwarding etc, if they are open source, or if theyâve had audits. I donât know whether that has improved, as I donât watch his videos and am not his target audience.
I have found that Windscribe has been professional in the limited correspondence I have personally had with them, regarding questions about their service.
1 Like
Hi folks, man child here.
Firstly, Iâll say that citing Tom Spark as a source in the VPN space is like citing the opinion of a 12 year old on middle-eastern geopolitics. His recent opinion changed, not sure why but now weâre âA tierâ: The WindScribe Review - Done by a True VPN Master Elite Hackerman Anonymous Incarnate - YouTube
Anyhow, back on topic of the Ukraine thing. Server seizures happen all the time, for all VPN providers as itâs a function of network size and how many people use the service. Bigger services will have more seizures. This was not our first nor the last, and itâs normally not a big deal or ânews worthyâ.
What made that one different, is the events described in the blog post (the primary source of news from the event). It would have been real easy to say nothing, and rotate the certs as a âpreventative security measureâ (as some VPNs have done previously) and not a single person outside the company would ever know.
That being said, I can almost guarantee you such an event occurred with many other VPN providers and they simply said nothing, to avoid threads like this. Especially when itâs so easy to say nothing and brush it under a rug.
Donât confuse our complete transparency for weakness. We made a mistake, we let everyone know, we learned from it, and deployed a superior solution which you can verify yourself vs other VPNs using steps mentioned in the blog post. Not a single provider that is currently subject to the same issue we had bothered to fix it, almost 2 years later.
I hope the above sheds some light on this.
3 Likes
I suspect not for long after posting this message 
While I have you here, I think we are still waiting for this, right?
1 Like
I addressed the questions there. The full ânode auditâ will be made public when the new node stack actually hits production. Itâs still pre-release.
We could publicize the one we have from Cure53, but it would be rather meaningless as what was audited is not in production.
Here is a quick summary of that, all of this was already fixed.
3 Likes
Hey man child,
Firstly, Iâll say that citing Tom Spark as a source in the VPN space is like citing the opinion of a 12 year old on middle-eastern geopolitics.
Iâm not citing Tom Sparks as a source for VPN trustworthiness, but your clear outburst on a public forum.This was stupidly unprofessional and you keep showing your lack of professionalism here.
Itâs kind of obvious the guy is a fucking moron when his first pick is a closed source VPN.
This was not our first nor the last, and itâs normally not a big deal or ânews worthyâ.
Yes, the fuck ups of one-self is never newsworthy, only the fuck ups of others ;).
That being said, I can almost guarantee you such an event occurred with many other VPN providers and they simply said nothing, to avoid threads like this.
Baseless speculation and smearing, cool. Iâm sure it happens to garbage ass crap like Tunnelbear or PureVPN. But this is to be the most trustworthy. Incompetence makes you lose trustworthiness.
Iâll stick to NOT supporting the VPN that uses outdated encryption technologies like 4096-bit RSA keys.
Iâm out and will suppress notifications from this thread.
I think if we were going to start judging projects based on how unhinged their developers are, there are a number of existing recommendations I can think of that we would have to reconsider.
I strongly believe you should make mention of this in general on products. Privacy is based on trust. Trust comes from integrity, history and professionalism.
# of server seizures = # of active users * percentage of people engaged in "seizure worthy" (illegal) activity.
Therefore, the bigger the VPN, the more seizures they have. Thatâs just a simple fact. We get about 1 seizure per year, on average. All but the one we disclosed was a non-event with no impact. Nord/Express/PIA were around for longer, and are bigger than Windscribe.
Any VPN company that does not operate RAM disk nodes, or use encryption is therefore subject to this exact issue. RAM disk nodes only became âcoolâ in the last ~4 years, at least based on public info released by VPN companies. Therefore, any seizure that occurred before because neither mitigation was in place would have resulted in an identical situation.
Here are just some of these events, impact of which was exactly the same.
Difference here, is the PR spin. âpreventative security updateâ (its not, its an IDENTICAL situation), âserver held no useful information for the authoritiesâ (no VPN server ever does).
Had we been assholes, we could have said the exact same thing: âUkraine servers were sized, no data was on them, so itâs all good. Btw weâre rotating the keys for extra securityâ.
Had we followed the lead of the âindustry incumbentsâ this thread wouldnât exist and you would know nothing about this event.