They explained why they dont pay for audits in a forum post and I agreed with their reasoning, which if I remember correctly was something like:
If we paid for an audit, there’s no way you’d know we didn’t enable logging, etc, right after the auditors left.
It really is just a game of trust when it comes down to it and they feel the most trustworthy to me, but if lack of an audit changes your mind that’s okay.
Eg: You buy a sub and just connect through wireguard. You aren’t touching any AirVPN code (unless you want to use their client, which is not written in C, but you can just use the official wireguard client or any other tool to connect).
Same goes for any provider as far as I’m aware. Am I wrong?
Maybe I misread your comment, I thought you were talking about AirVPN vs Mullvad.
Anyways the C code in that repo looks like it’s just libraries they have vendored in, not specifically stuff they are writing (which a lot of apps do, but usually dont include directly in their repos), but I could be wrong didn’t look that hard.
And you can still always use a different client (I know you can with AirVPN, I assume ivpn is the same).
Sadly it does not have independent audits.
They explained why they dont pay for audits in a forum post and I agreed with their reasoning, which if I remember correctly was something like:
If we paid for an audit, there’s no way you’d know we didn’t enable logging, etc, right after the auditors left.
It really is just a game of trust when it comes down to it and they feel the most trustworthy to me, but if lack of an audit changes your mind that’s okay.
That’s just so bad, “we won’t show what we’re doing because it’s tiresome to cover it up” is what I read here.
And written in C instead of Rust, which makes the lack of audits even more terrifying.
Found the weak developer 😎.
What of theirs is written in C?
Eg: You buy a sub and just connect through wireguard. You aren’t touching any AirVPN code (unless you want to use their client, which is not written in C, but you can just use the official wireguard client or any other tool to connect).
Same goes for any provider as far as I’m aware. Am I wrong?
https://github.com/ivpn/android-app
Maybe I misread your comment, I thought you were talking about AirVPN vs Mullvad.
Anyways the C code in that repo looks like it’s just libraries they have vendored in, not specifically stuff they are writing (which a lot of apps do, but usually dont include directly in their repos), but I could be wrong didn’t look that hard.
And you can still always use a different client (I know you can with AirVPN, I assume ivpn is the same).
Ah yes, because Rust is Holy and everything must be written in it or it’s inherently untrustworthy
No thank you.
– Frost
shouldn’t you be helping unfuck Rust core utils at ubuntu or something?