Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Privacy Open Source

ProtonVPN Open Sources All Its Code (protonvpn.com) 29

ProtonVPN open sourced its code this week, ZDNet reports: On Tuesday, the virtual private network (VPN) provider, also known for the ProtonMail secure email service, said that the code backing ProtonVPN applications on every system -- Microsoft Windows, Apple macOS, Android, and iOS -- is now publicly available for review in what Switzerland-based ProtonVPN calls "natural" progression.

"There is a lack of transparency and accountability regarding who operates VPN services, their security qualifications, and whether they fully conform to privacy laws like GDPR," the company says. "Making all of our applications open source is, therefore, a natural next step." Each application has also undergone a security audit by SEC Consult, which ProtonVPN says builds upon a previous partnership with Mozilla...

The source code for each app is now available on GitHub (Windows, macOS, Android, iOS). "As a community-supported organization, we have a responsibility to be as transparent, accountable, and accessible as possible," ProtonVPN says.

"Going open source helps us to do that and serve you better at the same time."

They're also publishing the results of an independent security audit for each app. "As former CERN scientists, publication and peer review are a core part of our ethos..." the company wrote in a blog post. They also point out that Switzerland has some of the world's strongest privacy laws -- and that ProtonVPN observes a strict no-logs policy.

But how do they feel about their competition? "Studies have found that over one-third of Android VPNs actually contain malware, many VPNs suffered from major security lapses, and many free VPN services that claimed to protect privacy are secretly selling user data to third parties."
This discussion has been archived. No new comments can be posted.

ProtonVPN Open Sources All Its Code

Comments Filter:
  • How does that compare with UltraVNC [uvnc.com]?
  • why are they coding our own VPN implementation ?

    golang code is fun but really all the options to wiretap have been examined ?

    • by Anonymous Coward on Monday January 27, 2020 @07:12AM (#59660016)

      why are they coding our own VPN implementation ?

      They use OpenVPN for the actual connections.

      The implementations discussed are their client packages making OpenVPN easy to use in context of the services provided, like choice of exit-country, preventing DNS leaks, and more.

      The purpose of making their code open source is to demonstrate how they do things, including how they use OpenVPN underneath, so that anyone interested can verify that it is done securely and correctly.

      Such verification has actually been done by a third-party security firm, identifying a small number of low/medium issues in each implementation, which were subsequently either fixed or described/accepted as not being actual security problems.

      All of this is very good and they should be commended for it.

      golang code is fun but really all the options to wiretap have been examined ?

      Not sure what your point is, so I'll refrain from comment.

  • They've been accused of being associated with both Russian and Israeli intelligence. Who knows who's *actually* behind this operation and what are they doing, right now, to prove their authenticity?
    • Oh, my...we've got a live one here!

      • I always remember: if it seems too good to be true, it probably is.

        Here we have a secure, reliable vpn/email service that open sources its code.

        I use and would recommend Proton services, but I agree with the op's sentiment. It's good to ask questions.

        • It's good to ask questions, but do they have to be stupid ones? Since you are a user of Proton services, as am I, you're probably as aware as I am that they bend over backwards to be transparent and privacy-friendly, and put their servers in a place where they can defend themselves from the long, flexible noses of various governments. And it's not like there's a shortage of stuff written about them. The guy above could have done a little research and found this out himself.

    • Your use of passive voice and lack of citations disturb me.
  • So anyone can deploy their own ProtonVPN kind of service using a few commands if I understand correctly?
    • That isn't a surprise. You have been able to do that for many years with OpenVPN.

    • by gencha ( 1020671 )
      Yes. You can now set up your own VPN service and then just use that to be completely anonymous on the internet, instead of having to pay for a service from a third party. This is great!
      • by EvilSS ( 557649 )

        Yes. You can now set up your own VPN service and then just use that to be completely anonymous on the internet, instead of having to pay for a service from a third party. This is great!

        Well, sort of. If you are running your own VPN server, unless you are using a host that accepts something like bitcoin for payment, you won't be completely anonymous since the VPN IP will be back-trackable to your server host. Even then, it's possible for the hosting provider to backtrack your IP back to you, since they will see your incoming IP. So perfectly fine for running something like Netflix from a different region, but not something I'd rely on completely to hide you from a government or court (MPAA

  • How many people will build the source code themselves to ensure the binary is actually what it is supposed to be?

In the long run, every program becomes rococco, and then rubble. -- Alan Perlis

Working...