We contracted Cure53 with performing a security audit towards our VPN infrastructure between 3rd June 2024 and 14th June 2024, this is our fourth audit in total, second with Cure53.
Cure53 concluded their report by stating that they “…attempted to identify any potential methods by which a user’s VPN traffic anonymity or integrity could be compromised. No such issues were found, and no vulnerabilities affecting the core product were detected.”
Just something to keep in mind for those not in the security space. When a security company does an audit, its generally a checklist of commercial and custom security software along with a couple people poking around looking for more manual harder to find stuff. But there’s a reason companies like Mullvad have a bug bounty program… Just because cure53 didn’t find it, it doesn’t mean some bored hacker won’t…
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !privacyguides@lemmy.one
In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.
This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.
You can subscribe to this community from any Kbin or Lemmy instance:
Check out our website at privacyguides.org before asking your questions here. We’ve tried answering the common questions and recommendations there!
Want to get involved? The website is open-source on GitHub, and your help would be appreciated!
This community is the “official” Privacy Guides community on Lemmy, which can be verified here. Other “Privacy Guides” communities on other Lemmy servers are not moderated by this team or associated with the website.
Moderation Rules:
We prefer posting about open-source software whenever possible.
No soliciting engagement: Don’t ask for upvotes, follows, etc.
Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
Be civil, no violence, hate speech. Assume people here are posting in good faith.
Don’t repost topics which have already been covered here.
News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
No help vampires: This is not a tech support subreddit, don’t abuse our community’s willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
No misinformation: Extraordinary claims must be matched with evidence.
Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.
Damn, didn’t know this. I thought they were pretty standup people, didn’t think the actual product quality would be left, so… wanting.
EDIT: Sorry, I was talking about Windscribe, and this comment was supposed to be in response to boredsquirrel’s comment in this thread.
What did I miss?
Cure53 concluded their report by stating that they “…attempted to identify any potential methods by which a user’s VPN traffic anonymity or integrity could be compromised. No such issues were found, and no vulnerabilities affecting the core product were detected.”
Nothing, sorry, I was talking about windscribe in response to another comment in this thread.
👍
Meanwhile Windscribe…
Big oof. But if you have a lifetime subscription you can still use them. Just generate/download the configs and don’t use their client.
Yep and hope their servers dont have equally bad code.
Mullvad is the best VPN
So is he shitting on winscribe specifically or all commercial VPNs? Idk how to read into this. Is he saying Mullvad sucks too?
He claims all private VPN providers are similar bad but there is no proof, only some snippets from Windscribe which say nothing about other clients.
It’s like saying one person is lying, so must all others.
Maybe good points about Windscribe but bad generalization in terms oft arguments.
He says Windscribe sucks. Mullvad obviously not as they are regularly audited
Just something to keep in mind for those not in the security space. When a security company does an audit, its generally a checklist of commercial and custom security software along with a couple people poking around looking for more manual harder to find stuff. But there’s a reason companies like Mullvad have a bug bounty program… Just because cure53 didn’t find it, it doesn’t mean some bored hacker won’t…
Absolutely better than nothing though.
Thanks for the info