Opinions on Windscribe VPN?

Hi there. I encourage everyone to look a bit more at Windscribe.

I used to use IVPN but it was barely usable since it was blacklisted on too many services (my company website, my school, Spotify, Reddit, Ticketmaster and anibis.ch. Moreover, it did not work well with Netflix, nor does Mullvad. Moreover, it may not be very important but IVPN and Mullvad have small networks. I don’t want to use Proton because the account creation is less anonymous and I don’t like the UI and the features.

Windscribe works well with Netflix, it has a large network, R.O.B.E.R.T. looks great, has port forwarding, WireGuard, OpenVPN, STealth, Ikev2 and another protocol to circumvent censorship. Very important : they not only offer app split-tunneling on Android, macOS, Windows and Linux, but also split tunnelling for domains and IPs ! They also have MAC Address Spoofing on macOS and WIndows !!
And proxy server for devices that don’t support vpns (TVs).
And custom DNS support !!
And their browser extension seems to be able to do so much :scream: I had never considered a VPN browser extension until Windscribe

Moreover, they seem to be quite good at censorship circumvention
and a fun design and marketing.

Finally found a VPN that suits my need :)))

2 Likes

Could you expand on this? What do you like about the browser extension.

I made heavy use of the Mullvad Extension (like you that was my first time even considering using a browser extension with a VPN, but the proxy capability was really useful. I am currently testing windscribe, and I’d like to recreate the setup I had with Mullvad, but I haven’t got around to exploring Windscribe’s Browser extension yet. I’d be interested to learn abut the features you like about it.

This is usually just the result of being a smaller VPN provider. You don’t need a massive server network if you don’t have as many users as larger VPN providers. Anyway, my experience with Mullvad has always been excellent and I have never really had any problems with slow speeds.

Windscribe’s client is excellent, open source and works with other VPN providers besides them, they really did an amazing job there. Definitely underrated.

As far as providers go though, it’s difficult for me to recommend Windscribe, mainly due to their incident a couple years ago with their servers in Ukraine being seized while being unencrypted. (Source)

On one hand, I’m glad they were transparent about it, but that’s a pretty gigantic fuck up, hard for me to look past. I just don’t see any reason to use them as a provider when there’s better options like Mullvad, Proton, and IVPN, which can be used with their client anyways, so you get the best of both worlds.

1 Like

Doesn’t look like Windscribe offers a private payment method.

They accept Monero, doesn’t get more private than that.

https://windscribe.com/knowledge-base/articles/which-cryptocurrencies-do-you-support/

3 Likes

Interesting.

Monero isn’t shown as a payment option at https://windscribe.com/upgrade

Bitcoin, 4 credit cards, and Paymentwall are the accepted options.

This is how normies pay for stuff, it makes sense to put most used payment methods on that page. If they would put all of them there, it would be ugly and take a lot space.

PG suggests gift cards and prepaid cards are the most private, can’t you use those?

Also, out of curiosity, isn’t Proton and others in the same boat?

In my experience (US), you can’t use prepaid cards online unless you register them first.

For Spotify they will block you to login but not listen to music and you just have to login every few weeks. It will accept login only if you reset your passwords.

For Reddit, you can use Redlib (redlib.tux.pizza)

Mullvad does own VPN servers in Europe and those are less subject to captcha blocks.

Not very secured

I do agree that Windscribe is great for some use cases, especially when you use a PC where you can’t install a VPN app but can install an extension. Also they use residential server which will less likely be blocked.

For censorship circumvention, Mullvad is the best. Period. But Windscribe might be enough if your government censorship effort aren’t too developed.

No. I had this clarified with the staff and it would loop to the next tune, only playing the music for a second or two. The staff confirmed it was caused by IVPN (and not AntiTracker).

Anyway, it was highly unusable for me. Too many blacklisted websites. And it also did not bypass streaming platforms blacklisting and it has a quite small network :confused: .
I’d like to like to use IVPN but I can’t.

That’s a problem of the services that you use and not of the VPN provider. Unfortunate, sure, but not ivpn’s fault

IVPN has 165 servers.

Mullvad has 665.

Proton VPN has almost 7000.

I wouldn’t say that this is completely not IVPN’s fault when they have a small amount of servers when compared to competition.

It is probably related to you client size, But it’s a cycle.

Does Windscribe VPN meet our criterias ?

TLDR : They meet almost all of our criterias but there could be a problem with :

  • Double-hop (to be specified).

  • Public facing leadership. IMO it’s acceptable.

  • DNT and analyticson the website. I think it’s ok too.

Technology
  • :white_check_mark: Support for strong protocols such as WireGuard & OpenVPN.
  • :white_check_mark: Killswitch built in to clients.
    • I think that their Firewall feature is what we are looking for. source.
  • :orange_circle: Multihop support.
    • They have multihop at the browser-level. source.
  • :white_check_mark: If VPN clients are provided, they should be open source, like the VPN software they generally have built into them.
    • All their apps are open-source. source.
Privacy
  • :white_check_mark: Anonymous cryptocurrency or cash payment option.
    • They offer payment with Monero through CoinPayments. source.
  • :white_check_mark: No personal information required to register: Only username, password, and email at most.
    • They require a username and a password source.
Security
  • :white_check_mark: Strong Encryption Schemes: OpenVPN with SHA-256 authentication; RSA-2048 or better handshake; AES-256-GCM or AES-256-CBC data encryption.
    • They claim to use even stronger algorithms. source.
Encryption

OpenVPN
Our OpenVPN implementation uses the AES-256-GCM cipher with SHA512 auth and a 4096-bit RSA key. Perfect forward secrecy is also supported.

Browser Extensions
We use TLS 1.3, ECDHE_RSA with X25519 key exchange and the TLS_AES_256_GCM_SHA384 cipher.

IKEv2
Our in-app IKEv2 implementation utilizes AES-256-GCM for encryption, SHA-256 for integrity checks. Desktop and Android apps use ECP384 for Diffie-Hellman key negotiation (DH group 20), and iOS uses ECP521 for Diffie-Hellman key negotiation (DH group 21).

WireGuard®
WireGuard® is an opinionated protocol that uses ChaCha20 for symmetric encryption, authenticated with Poly1305; Curve25519 for ECDH; BLAKE2s for hashing and keyed hashing; SipHash24 for hashtable keys; and HKDF for key derivation.

  • :white_check_mark: Forward Secrecy.
  • :white_check_mark:Published security audits from a reputable third-party firm.
Trust
  • :white_check_mark: Public-facing leadership or ownership.
    • Founders are named Yegor Sak (LinkedIn, Twitter, interview, PrivacyGuides), Alex Elisenko and Mark Ulicki.
    • “Since its inception in 2016, Windscribe has been and continues to be privately owned and operated. We have zero outside investors, and 100% of the equity is owned by the three founders Yegor Sak, Alex Paguis (Linkedin) and Mark Ulicki) and Windscribe employees.” source.
    • “You can reach our CEO, co-founders, and staff directly through any of the channels listed above. We listen to every issue that our users have and engage in discussions on features, improvements, favorite snacks, you name it.” source
    • There is the name of several employees on Windscribbles and we can find their social media.
      • Connie Lukawski (Backend Team Lead/Sr. Software Developer). source (There even is her CV).
      • Catt Garrod (software developer, frontend engineer). (LinkedIn).
      • Ben Thornton (Content Lead). LinkedIn.
      • Rebecca Rosenberg (Marketing Team Member).
      • Daniel Sobey-Harker (Head of Community). Twitter. LinkedIn.
      • Johnny Mainframe,
      • Unni Menon,
      • Simon Phoenix
    • We can see even more of their employees of LinkedIn.
    • They have blog posts where we can see their pets, their Spotify playlist, the daily routine of Catt Garrod (frontend engineer), … :laughing::sweat_smile:
The Cure53 audit also names precisely some 5 employees

“Cure53 would like to thank Yegor Sak, Alex Elisenko, Connie Lukawski, Konnor Klashinsky, Mark Ulicki, and all other participatory personnel from the Windscribe team for their excellent project coordination, support, and assistance, both before and during this assignment.”

Marketing

Must not have any marketing which is irresponsible:

  • :white_check_mark: Making guarantees of protecting anonymity 100%.
  • :white_check_mark: Claim that a single circuit VPN is “more anonymous” than Tor, which is a circuit of three or more hops that regularly changes.
    • not aware of that. They also say “Here, at Windscribe, we’re not a fan of being misleading; many VPNs hype up their product and its capabilities beyond reality. “ source.
  • :white_check_mark: Use responsible language

I have slightly edited the criterias for the sake of brevity.

6 Likes

Where is the list of all employees, or at least those with leadership positions? Mullvad has such a list, Proton VPN doesn’t have a specific list, but Proton AG does, which may or may not include Prton VPN employees.IVPN also has such a list

2 Likes

Did I say there was a list ?
Thank you for the ressources you bring though.

From above Proton AG list:

Laurent Fasnacht
Senior Engineering Manager
Laurent leads the Proton VPN research and development team.

edit: might also contain more people working on ProtonVPN but didn’t check further

You said the requirements for public-facing leadership or ownership is met. (You previously didn’t include the info about people in the blog). It seems pretty clear that for this requirement to be met, they would need to put in plaintext (other than a hard-to-find blog post) who their CEO and main execs are. @yegor could you put a page on your website (for example in about) with the main execs ? This is standard pracitice for other VPNs listed by us.

1 Like