Free IncogVPN BETA - WireGuard / IKEv2 - Ad Blocking, No Logging, DNS over Tor, No Bullshit
Help us test a beta of a work in progress: IncogVPN
What: A free beta of our work-in-progress WireGuard or IKEv2 VPN. It features DNS over Tor (DNS leak tests should show different Tor exits each time), we don't log your requests, no PII is required to order, and it blocks ads. Cool.
Speeds are capped at 100Mbps for each client for this beta.
Why is it free: So we can measure usage / resource consumption of a service under actual real world use. We'll measure things like bandwidth consumption and things like CPU/Mem/Disk performance under proper real-world load. This will help us determine what is needed for production. Additionally, since we're doing ad-blocking, we can either increase or decrease the blocklist if needed to better the service before the official launch, based on user input.
How do I join: No PII is required, but you will need to register in our billing portal (just need an email address). Links below:
Just go to your products/services and select the Beta VPN Service. Your config info will be there. (Looks like this). No email will be sent to you for this beta, and the configuration is automatically generated upon checkout.
Sign ups are limited, and may be closed at any time. And of course, any account may be closed at any time if we suspect abuse during this beta. If abuse begins to become a problem, we may require a small deposit that will be refunded at the end of the beta period for new accounts. But for now, have at it. Just be good and mindful of others.
This beta is only available in our Idaho, USA location.
How long is it free for?: I don't know. Probably a month, at least.
Can I test a different location instead of Idaho?: No. This is where we have the most spare resources and plentiful bandwidth. Production services are listed below.
Production service will be available in:
USA: Idaho, Nevada, Florida, New York
Europe: Luxembourg, Netherlands
We may add additional locations in the future, but the above six locations will be our starting six. In these six locations, we are already setup to use our own IP space and ASN, which is an important feature for us when offering this.
Will you have an app?: No, and we don't have any plans for one. This is a barebones service and the configuration works with the official Wireguard client app.
Want to know when we enter production?
Follow Us on Twitter: https://twitter.com/IncogNetLLC
Follow Us on Mastodon: https://mastodon.social/web/@incognet
Comments
Congrats on the launch @MannDude
Instead of using the test version, would you be able to provide an estimate of the cost for the full version?
Thanks.
Thanks.
Not 100% certain just yet on pricing. I'm going to try to get a better estimate of resource requirements first.
Nice.
Can we get more "in depth" privacy policy?
What is logged, what isn't. Server setup, key retention etc.
A few questions it would be nice to get an answer to(as per https://torrentfreak.com/best-vpn-anonymous-no-logging/);
Look forward to the full version
my current Nord subscription will be due in a few months
Congrats on the launch.
I haven't heard about DNS over Tor before, but I just read that Cloudflare launched it several years ago, albeit it is still an experimental services. How much will it impact query speed?
ew
in the meantime you can grab Mullvad/IVPN - at least they are honest and I trust them more to not do sketchy shit than Nord umbrella corp.
Awesome offering @MannDude
I know what I'm asking is a little like pic rel:
but is it open to other providers to use (personal use)?
Also: when t-shirts?
I'll be back in a bit, will answer questions then.
Yeah, of course. Have at it.
Shirts: Soon-ish. I've done limited runs of stuff in the past. Design isn't finalized but....
Queries will be obviously slower than "clearnet".
It heavily depends on your local dns cache, as Incognet servers shouldn't cache requests for privacy reasons.
I personally see no point in doing dns over tor (server side), it gives little to no benefit over a classic approach.
I agree, DNS over Tor can be demanding on the response time from websites.
DoTor vs.
DoH
yeah, dns over tor can ONLY make sense on a client though.
there is virtually no reason to do it server side, anything tor-based should be ran on a client - it gives you an additional encryption and anon layer, but in this case its worthless, the server can still see all the queries as they are passed to it first and then to Tor.
either way, I'm very interested in how IncogVPN is set up server side.
that's a photo of a "Proof-of-Stake" blockchain, right?
Added more stock, so more should be available.
An official policy will be drafted up, but at a glance:
When you're connected, we can see what connections are active at that time, though a timeline of logins are not logged. I don't believe this is any different than any other VPN provider. I can't be convinced that the big dogs can't tell how many active connections or users are actively using their service at any given time.
Information that is available for CURRENT and ACTIVE connections:
The internal wireguard IP (Ex: 10.x.x.x), end point (connecting IP), last handshake date/time, tx/rx of the current connection.
Internal IP is already known from your wg0.conf we send you, that's no big secret. We don't have any fancy routing mechanism but will deploy you or anyone else a couple dev servers if they want to help us create something better.
Handshakes / connections aren't logged in a timeline fashion, though we can see when the last time a profile connected (never connected status or last connection), and we can see historical transfer totals which is required to enforce BW quotas and identify abuse.
There is no way to determine that "user_abc was active on xx/xx/xxxx @ xx:xx", for example, unless the last time that user connected was at that time.
IncogNET LLC, in Wyoming, USA. People freak out about the US but unless someone wants to give me thousands of dollars to setup a company in some obscure tax haven and help cover the added costs of operations, it's going to have to remain that way. I'm an American citizen and I'm not relocating to some random country for the purpose of marketing. It's expensive and I'm not entirely convinced that it means much in the grand scheme of things.
See question #1. Additionally, we have our own internal monitoring of servers for high loads, threshold alerts on ports, hardware health, etc. Standard practice. No company is running a ton of servers without any sort of monitoring. Required to maintain service quality and provide proactive correction of problems before they become service disruptions.
This has nothing to do with VPNs. We use WHMCS. Currently still using MXRoute for mail, though have been looking into our own setup. Mail is a pain in the ass. (But no, I'm not sending your wireguard config to Jarland, no there is no analytics or anything like that)
No different than our VPS service, really. Use a private tracker if torrenting in DMCA land. To date, the only official 'takedown notice' we received was from some Canadian agency who mailed physical paperwork to our business address. We don't operate or have any presence in Canada, so it was ignored.
Have never had this request in the past, and the VPN service is new to us. Not sure how we could realistically implement such a thing. Additionally, because we require no PII upon registration of service, it'd be incredibly difficult to connect the dots.
The court order would have to be from the United States, I'd reckon, and request information about a specific email address of a user. Because you're free to use any random email address or mail relay, with no email verification, and can access all aspects of our site and portal through Tor Exits or a VPN, there isn't really many scenarios that would permit us to give anything up anything about you.
With that said, make your own threat assessment and practice your own good op sec. Use a Tor Exit, pay with crypto, use an email relay or I2P Mail's clearnet relay or something.
No public traffic is blocked by default.
PayPal, Stripe, and Crypto (too many coins to list). Obviously PayPal/Stripe logs your IP if you pay with those methods. WHMCS already logs IP activity with no clear way to remove that from their system, but see note in the other question about your threat assessment.
We make no recommendations. If it's security / anonymity you're after, use Tor or an I2P outproxy. If it's speed you're after, Wireguard performs great. If it's something else, do what is recommended for your scenario. We're not experts nor pretend to be.
A kill switch and DNS leak protection is best implemented client side. Dual stack v4/v6, for sure, when in production.
Yes, though all traffic originates from our own IPs / ASN. We trust who we choose to do business with.
United States (4 states), Netherlands and Luxembourg. No idea what is meant by "virtual locations". I guess subnets announced in one location, but with GeoIP data for another? No, we don't do that and won't do that.
DNS over Tor hasn't been 'noticeable' to me, even if it is 'measurable'.
So, I'm not completely certain how we'll proceed with the DNS side of things just yet. Part of the beta is to measure what we may expect in terms of DNS queries.
If we do everything in-house, that requires more trust. We could pass everything upstream to Quad9 or something, but then you have to trust them.
@treesmokah - happy to talk in private / off-site (Session?) if you'd like to help make this better.
Thank you very much for answering my questions.
And sure, I'm happy to help - you can reach me on Session "v"
or on irc.lokinet.io under the name v
works. so far very slow.
What speeds are you getting?
I just pulled 60Mbps down through it, and I'm also streaming a show in Plex.
Configs are capped at 100Mbps so that seems reasonable to me.
--------------- Test Result ---------------
Download: 6.86 Mbps
Upload: 3.12 Mbps
Latency: 1513 ms
Jitter: 0 ms
Test Server: London 5
IP: 23.184.48.16
Hostname: idaho-usa.beta.incogvpn.com
Mind posting your traceroute/MTR?
London to Idaho isn't going to be the fastest option for you, but I'd expect it'd still be faster than that.
Single homed Cognet in London has about ~150MS latency which is to be expected, @hyperblast has likely shitty routing to the server.
I active product page, where you get VPN credentials.
It shows this, but it can't be clicked.
Not a big deal, I just used the information and copy/pasted to make a .conf file.
The speed test from my PC, looking good.
I'll check into why it's not working.
Download Mbps 22.16
Upload Mbps 9.44
Ping ms 345 345 454
Clouvider Ltd
Frankfurt Am Main
IncogNET LLC
23.184.48.16
Hey @MannDude, this looks great, and I will probably try it. My only suggestion: universal ports for Wireguard. Allow any (or close to any) port to connect to the server.
Not difficult to do, of course only UDP ports(or TCP utilizing udp2tcp proto by Mullvad which is open sauce)
Why not OpenVPN? Would you consider adding support for it in production?
What is wrong with Wireguard?
Support openvpn for kids, kids got the ban, ranting, help them with new openvpn configs, rinse and repeat.
wg is the deal!