Opinions on Windscribe VPN?

Does Windscribe VPN meet our criterias ?

TLDR : They meet almost all of our criterias but there could be a problem with :

  • Double-hop (to be specified).

  • Public facing leadership. IMO it’s acceptable.

  • DNT and analyticson the website. I think it’s ok too.

Technology
  • :white_check_mark: Support for strong protocols such as WireGuard & OpenVPN.
  • :white_check_mark: Killswitch built in to clients.
    • I think that their Firewall feature is what we are looking for. source.
  • :orange_circle: Multihop support.
    • They have multihop at the browser-level. source.
  • :white_check_mark: If VPN clients are provided, they should be open source, like the VPN software they generally have built into them.
    • All their apps are open-source. source.
Privacy
  • :white_check_mark: Anonymous cryptocurrency or cash payment option.
    • They offer payment with Monero through CoinPayments. source.
  • :white_check_mark: No personal information required to register: Only username, password, and email at most.
    • They require a username and a password source.
Security
  • :white_check_mark: Strong Encryption Schemes: OpenVPN with SHA-256 authentication; RSA-2048 or better handshake; AES-256-GCM or AES-256-CBC data encryption.
    • They claim to use even stronger algorithms. source.
Encryption

OpenVPN
Our OpenVPN implementation uses the AES-256-GCM cipher with SHA512 auth and a 4096-bit RSA key. Perfect forward secrecy is also supported.

Browser Extensions
We use TLS 1.3, ECDHE_RSA with X25519 key exchange and the TLS_AES_256_GCM_SHA384 cipher.

IKEv2
Our in-app IKEv2 implementation utilizes AES-256-GCM for encryption, SHA-256 for integrity checks. Desktop and Android apps use ECP384 for Diffie-Hellman key negotiation (DH group 20), and iOS uses ECP521 for Diffie-Hellman key negotiation (DH group 21).

WireGuard®
WireGuard® is an opinionated protocol that uses ChaCha20 for symmetric encryption, authenticated with Poly1305; Curve25519 for ECDH; BLAKE2s for hashing and keyed hashing; SipHash24 for hashtable keys; and HKDF for key derivation.

  • :white_check_mark: Forward Secrecy.
  • :white_check_mark:Published security audits from a reputable third-party firm.
Trust
  • :white_check_mark: Public-facing leadership or ownership.
    • Founders are named Yegor Sak (LinkedIn, Twitter, interview, PrivacyGuides), Alex Elisenko and Mark Ulicki.
    • “Since its inception in 2016, Windscribe has been and continues to be privately owned and operated. We have zero outside investors, and 100% of the equity is owned by the three founders Yegor Sak, Alex Paguis (Linkedin) and Mark Ulicki) and Windscribe employees.” source.
    • “You can reach our CEO, co-founders, and staff directly through any of the channels listed above. We listen to every issue that our users have and engage in discussions on features, improvements, favorite snacks, you name it.” source
    • There is the name of several employees on Windscribbles and we can find their social media.
      • Connie Lukawski (Backend Team Lead/Sr. Software Developer). source (There even is her CV).
      • Catt Garrod (software developer, frontend engineer). (LinkedIn).
      • Ben Thornton (Content Lead). LinkedIn.
      • Rebecca Rosenberg (Marketing Team Member).
      • Daniel Sobey-Harker (Head of Community). Twitter. LinkedIn.
      • Johnny Mainframe,
      • Unni Menon,
      • Simon Phoenix
    • We can see even more of their employees of LinkedIn.
    • They have blog posts where we can see their pets, their Spotify playlist, the daily routine of Catt Garrod (frontend engineer), … :laughing::sweat_smile:
The Cure53 audit also names precisely some 5 employees

“Cure53 would like to thank Yegor Sak, Alex Elisenko, Connie Lukawski, Konnor Klashinsky, Mark Ulicki, and all other participatory personnel from the Windscribe team for their excellent project coordination, support, and assistance, both before and during this assignment.”

Marketing

Must not have any marketing which is irresponsible:

  • :white_check_mark: Making guarantees of protecting anonymity 100%.
  • :white_check_mark: Claim that a single circuit VPN is “more anonymous” than Tor, which is a circuit of three or more hops that regularly changes.
    • not aware of that. They also say “Here, at Windscribe, we’re not a fan of being misleading; many VPNs hype up their product and its capabilities beyond reality. “ source.
  • :white_check_mark: Use responsible language

I have slightly edited the criterias for the sake of brevity.

6 Likes