All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Windscribe security incident (july 2021)
Appears like I missed one of Windscribe's security incidents that happened in july 2021. Thought I'd post this since we have some Windscribe users among us (e.g. @bikegremlin iirc?) In case you weren't aware either, here's some more info:
The article I found on https://www.privacytools.io/ reads:
"Privacy tools-seller Windscribe said it failed to encrypt company VPN servers that were recently confiscated by authorities in Ukraine, a lapse that made it possible for the authorities to impersonate Windscribe servers and capture and decrypt traffic passing through them[...]".
After having skimmed the article it's good to see that Yegor took action to enhance security in the light of the incident and also addressed the issue in a statement:
https://blog.windscribe.com/openvpn-security-improvements-and-changes-7b04ea49222/
Comments
One should never consider commercial VPN providers a "privacy" tool. In fact they are worse than using most European eyeball ISPs directly and they provide less guarantees.
A commercial VPN can be useful to bypass geo restrictions, avoid censorship or to use torrents in Germany, but the privacy part is just an illusion sold to users who mostly do not fully understand how the internet works.
The above article is a good example of a service giving you less "privacy", "security" and guarantees than the average eyeball ISP.
Sorry but that is the hard truth of an industry sustained on lies and affiliate programs, it reminds me of the antivirus industry. Self hosting your own VPN server will also not magically make your activities on the internet more "private" or untraceable, but that's a different matter.
Fair point. Not using commercial VPN to stay anonymous either. Only to encrypt traffic on public wifi and to unblock Geo restricted content like Flix/Crunchyroll and other services as well as streaming occasionally. Also using VPN for some online shopping savings.
That is something that people in the financial industry think about that others might not; what happens if someone physically takes your server out of your office? It's a PITA to have to decrypt the drive when you reboot a physical server, but (in some people's eyes) it's a small price to pay.
Would it have helped in this instance? At least if they had they could have said they encrypted it, regardless of whether the government or anyone else has a way of intruding on that encryption. This just seems negligent for someone that PT recommended.