Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Windscribe VPN servers seized by authorities were not encrypted

Image Description

Following last month’s seizure of a couple of its VPN servers in Ukraine, security tools provider WindScribe shockingly revealed that the seized servers weren’t encrypted.

While WindScribe contends that no user data is at risk since it doesn’t log any activities, the unencrypted server had an OpenVPN server certificate along with its private key.

In a blog post Windscribe’s founder Yegor Sak admits that anyone with the private keys could have impersonated the Windscribe servers to capture and decrypt traffic passing through them.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window

“Although we have encrypted servers in high sensitivity regions, the servers in question were running a legacy stack and were not encrypted. We are currently enacting our plan to address this,” wrote Sak.

Misconfigured servers

According to Sak, the seized servers were part of an old investigation into an activity that occurred over a year ago.

While sharing the plans to address the incident and improve Windscribe’s OpenVPN infrastructure, Sak revealed that their OpenVPN server and client configuration used the compress parameter. 

By Sak's own admission, the compress parameter was deprecated in 2018 after security researchers revealed that it could be exploited to allow adversaries to decrypt data.

For its part though, Windscribe has assured that it has “no reason to believe” that the servers were compromised or that any unauthorized access took place before the seizure.

Furthermore, Sak has promised to get their replacement server stack audited by a third-party to ensure it is completely sound.

Date

28 Jul 2021

Sources

Share

Other Blog

  • Google's AirTable rival is now officially a Google Cloud product

    Google Cloud plans to release a fully-supported version of Tables in the next year.

    Read More

  • Apple's cheaper iPads look to be in line for a Pro-level upgrade

    New iPads scheduled for later this year could bring the iPad Pro look to more affordable price points.

    Read More

  • Reddit Talk launched - We explain what it is

    Reddit has unveiled its take on a Clubhouse-like social audio product, called Reddit Talk. Moderators who want to try the feature out in their subreddit can add themselves to a waitlist for access.

    Read More

  • Sustainability: It’s all about the details

    It can seem daunting, but change doesn’t have to be extreme. It can start with a range of small but effective actions.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us