Hi there. I encourage everyone to look a bit more at Windscribe.
I used to use IVPN but it was barely usable since it was blacklisted on too many services (my company website, my school, Spotify, Reddit, Ticketmaster and anibis.ch. Moreover, it did not work well with Netflix, nor does Mullvad. Moreover, it may not be very important but IVPN and Mullvad have small networks. I don’t want to use Proton because the account creation is less anonymous and I don’t like the UI and the features.
Windscribe works well with Netflix, it has a large network, R.O.B.E.R.T. looks great, has port forwarding, WireGuard, OpenVPN, STealth, Ikev2 and another protocol to circumvent censorship. Very important : they not only offer app split-tunneling on Android, macOS, Windows and Linux, but also split tunnelling for domains and IPs ! They also have MAC Address Spoofing on macOS and WIndows !!
And proxy server for devices that don’t support vpns (TVs).
And custom DNS support !!
And their browser extension seems to be able to do so much I had never considered a VPN browser extension until Windscribe
Moreover, they seem to be quite good at censorship circumvention
and a fun design and marketing.
Could you expand on this? What do you like about the browser extension.
I made heavy use of the Mullvad Extension (like you that was my first time even considering using a browser extension with a VPN, but the proxy capability was really useful. I am currently testing windscribe, and I’d like to recreate the setup I had with Mullvad, but I haven’t got around to exploring Windscribe’s Browser extension yet. I’d be interested to learn abut the features you like about it.
This is usually just the result of being a smaller VPN provider. You don’t need a massive server network if you don’t have as many users as larger VPN providers. Anyway, my experience with Mullvad has always been excellent and I have never really had any problems with slow speeds.
Windscribe’s client is excellent, open source and works with other VPN providers besides them, they really did an amazing job there. Definitely underrated.
As far as providers go though, it’s difficult for me to recommend Windscribe, mainly due to their incident a couple years ago with their servers in Ukraine being seized while being unencrypted. (Source)
On one hand, I’m glad they were transparent about it, but that’s a pretty gigantic fuck up, hard for me to look past. I just don’t see any reason to use them as a provider when there’s better options like Mullvad, Proton, and IVPN, which can be used with their client anyways, so you get the best of both worlds.
This is how normies pay for stuff, it makes sense to put most used payment methods on that page. If they would put all of them there, it would be ugly and take a lot space.
For Spotify they will block you to login but not listen to music and you just have to login every few weeks. It will accept login only if you reset your passwords.
For Reddit, you can use Redlib (redlib.tux.pizza)
Mullvad does own VPN servers in Europe and those are less subject to captcha blocks.
Not very secured
I do agree that Windscribe is great for some use cases, especially when you use a PC where you can’t install a VPN app but can install an extension. Also they use residential server which will less likely be blocked.
For censorship circumvention, Mullvad is the best. Period. But Windscribe might be enough if your government censorship effort aren’t too developed.
No. I had this clarified with the staff and it would loop to the next tune, only playing the music for a second or two. The staff confirmed it was caused by IVPN (and not AntiTracker).
Anyway, it was highly unusable for me. Too many blacklisted websites. And it also did not bypass streaming platforms blacklisting and it has a quite small network .
I’d like to like to use IVPN but I can’t.
Strong Encryption Schemes: OpenVPN with SHA-256 authentication; RSA-2048 or better handshake; AES-256-GCM or AES-256-CBC data encryption.
They claim to use even stronger algorithms. source.
Encryption
OpenVPN
Our OpenVPN implementation uses the AES-256-GCM cipher with SHA512 auth and a 4096-bit RSA key. Perfect forward secrecy is also supported.
Browser Extensions
We use TLS 1.3, ECDHE_RSA with X25519 key exchange and the TLS_AES_256_GCM_SHA384 cipher.
IKEv2
Our in-app IKEv2 implementation utilizes AES-256-GCM for encryption, SHA-256 for integrity checks. Desktop and Android apps use ECP384 for Diffie-Hellman key negotiation (DH group 20), and iOS uses ECP521 for Diffie-Hellman key negotiation (DH group 21).
WireGuard®
WireGuard® is an opinionated protocol that uses ChaCha20 for symmetric encryption, authenticated with Poly1305; Curve25519 for ECDH; BLAKE2s for hashing and keyed hashing; SipHash24 for hashtable keys; and HKDF for key derivation.
Forward Secrecy.
Published security audits from a reputable third-party firm.
Here is the 2024 retest from PacketLabs, after the 2022 penetration test report from Cure53 (which is also avalaible as a PDF).
“Since its inception in 2016, Windscribe has been and continues to be privately owned and operated. We have zero outside investors, and 100% of the equity is owned by the three founders Yegor Sak, Alex Paguis (Linkedin) and Mark Ulicki) and Windscribe employees.” source.
“You can reach our CEO, co-founders, and staff directly through any of the channels listed above. We listen to every issue that our users have and engage in discussions on features, improvements, favorite snacks, you name it.” source
There is the name of several employees on Windscribbles and we can find their social media.
Connie Lukawski (Backend Team Lead/Sr. Software Developer). source (There even is her CV).
The Cure53 audit also names precisely some 5 employees
“Cure53 would like to thank Yegor Sak, Alex Elisenko, Connie Lukawski, Konnor Klashinsky, Mark Ulicki, and all other participatory personnel from the Windscribe team for their excellent project coordination, support, and assistance, both before and during this assignment.”
Marketing
Must self-host analytics. The provider’s site must also comply with DNT.
I don’t know how to check for DNT.
They claim “The Windscribe website does not contain any 3rd party analytics, tracking pixels, A/B test platforms, or social widgets.” source.
Must not have any marketing which is irresponsible:
Making guarantees of protecting anonymity 100%.
“No Bull Poop. A VPN is not a magic privacy button powered by “military grade encryption”. A VPN alone will actually do very little for your privacy, and is just one of several tools that you should have in your toolbelt.“ source.
Claim that a single circuit VPN is “more anonymous” than Tor, which is a circuit of three or more hops that regularly changes.
not aware of that. They also say “Here, at Windscribe, we’re not a fan of being misleading; many VPNs hype up their product and its capabilities beyond reality. “ source.
Where is the list of all employees, or at least those with leadership positions? Mullvad has such a list, Proton VPN doesn’t have a specific list, but Proton AG does, which may or may not include Prton VPN employees.IVPN also has such a list
You said the requirements for public-facing leadership or ownership is met. (You previously didn’t include the info about people in the blog). It seems pretty clear that for this requirement to be met, they would need to put in plaintext (other than a hard-to-find blog post) who their CEO and main execs are. @yegor could you put a page on your website (for example in about) with the main execs ? This is standard pracitice for other VPNs listed by us.
I had never considered a VPN browser extension until Windscribe
.
Support for strong protocols such as WireGuard & OpenVPN.
Multihop support.
