These seized servers were running an outdated configuration, with unencrypted OpenVPN server configuration and key. On 24th June 2021, Ukrainian authorities seized two of Windscribe’s OpenVPN servers as part of an ongoing investigation. Windscribe server seizure and OpenVPN vulnerability This has impacted how secure we grade Windscribe’s software. However, a 2021 server seizure revealed a vulnerability that could have allowed some users’ traffic to be monitored. We’ve particularly always appreciated the VPN’s extra security settings, which we’ll detail later in this section. Importantly, we never detected any serious security faults in our battery of security tests. Until recently, Windscribe was a solid choice for VPN security. But, because of Windscribe’s good VPN logging policy, it’s much less worrying in this instance.Īlso, Windscribe maintains a page documenting the DMCA requests and law enforcement data requests it has received since 2018. It’s very concerning when a VPN company is based in a country with intrusive data relation laws. Under the Copyright Modernization Act, Canadian ISPs must log user data for six months, although it’s unclear if VPN services are compelled to adopt similar practices. The CSIS (Canadian Security Intelligence Service) collects frightening amounts of personal user data to track and identify people of interest. The company has a public PO address, but has kept the exact location of its Toronto office private. Windscribe is located in Canada, which is part of the Five Eyes data-sharing alliance. Windscribe is based in privacy-unfriendly Canada With an independent external audit, we would find this explanation wholly satisfactory.
Yegor Sak, the company’s co-founder, has published a detailed explanation of what data Windscribe collects. The good thing is that none of the above data can be used to personally identify you once you have disconnected from the VPN server.Īccording to Windscribe, your username and connection time are also stored in the server’s RAM, which means they will be deleted by design as soon as you end your session. The service collects the above information to ensure its VPN service runs smoothly. The time you connected (until the end of your session).Your OpenVPN or IKEv2 username (until the end of your session).The number of simultaneous connections on your account.A timestamp of your last activity on the Windscribe VPN network.The amount of data transferred in the past 30 days.Windscribe logs the following information: That said, the data Windscribe keeps can’t be used to identify you, or retroactively match your activity back to you. This isn’t ideal, and other VPN services work just fine with fewer logs, so Windscribe should be able to do the same. Windscribe keeps a minimal amount of logs for maintenance purposes.
0 kommentar(er)
