What's with Wireguard anyway?
Wireguard is a new contender in the VPN ring. It has many advantages, while some privacy-concerning risks are, well, there.
- ChaCha20 for symmetric encryption, authenticated with Poly1305, using RFC7539’s AEAD construction
- Curve25519 for ECDH
- BLAKE2s for hashing and keyed hashing, described in RFC7693
- SipHash24 for hashtable keys
- HKDF for key derivation, as described in RFC5869
- WireGuard's codebase is much smaller; currently about 3,800 lines, much easier to audit.(OpenVPN/SSL have around 600,000 lines!)
- Also cross-platform
- Better battery life & speed.
- Still under HEAVY development - "You should not rely on this code." as told by creator.
- Current iteration requires user's public IP and endpoint IP be visible/logged.
- No dynamic IP management by default
- Login timestamp required to be stored to free IPs
Essentially, your connecting IP and routed IP would be visible to any admin, STORED and LOGGED on disk. This does not align with our privacy policies.
Our planAzireVPN and NordVPN both had ideas to solve this issue: Rootkit-like software to block certain functions from being performed and a 'double NAT' solution.
- We have taken an approach like AzireVPN's; preventing collection of certain logs and execution of gathering commands.
- & A custom module for our billing and auth platforms to handle creation, encryption and retrieval of WG keys from a database.
- & Custom scripts to free up IP space after a user disconnects for 5 minutes. A different IP is assigned automatically.
THIS IS STILL IN BETA
As always, your security and our transparency are 2 of our top priorities.
Thanks for reading, everyone!