VikingVPN Warrant Canary -- May 2017

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

May 22nd 2017

VikingVPN, and it's parent company Viking Connections LLC, from the inception of the company to present day, has not received any of the following:

VikingVPN Warrant Canary April 2017

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

March 3rd 2017

VikingVPN, and it's parent company Viking Connections LLC, from the inception of the company to present day, has not received any of the following:

VikingVPN Warrant Canary -- March 2017

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

March 3rd 2017

VikingVPN, and it's parent company Viking Connections LLC, from the inception of the company to present day, has not received any of the following:

Requests for information - Civil or Criminal - We have never received a request for information on a specific user, nor any request for bulk user data, nor any request for metadata.

Requests to modify or weaken our services - We have never received a request to change our encryption, our security practices, or our protocols. This includes wiretap orders or implementing methods to identify users on our network.

Requests for private keys - We have never received a request for private VPN server keys, access to our website CA, or any code signing certificates we control. This includes all of our self-signed certificates in the chain used by our VPN network.

Specific Clandestine Warrants - We have never received a request under FISA 702 or Section 215 of the Patriot Act, nor any other clandestine court order.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJYukeOAAoJEDyT+fmXUj/KuJwP/i9mrh05gid7JO721ZV61San
zbVHrHmbcE8mV11dszvmn0uh5c5EArmEdZpqW5FOrjI1Cz0vPBGO5tMHvWwYyrHw
Q57N0cxcO1nJS7G2fy8j2MBkIGWUdCdbOvdYikW0LvEkOB++IBnLU/3UqY//VD2r
f0oA0nM35VHowbbiGpOWz9rk9DhrnjB/xlFACG8Ph9+h0POLTNyzpn+xD9nOHqnr
zphhmfM10pfTwsiUWAd9qFBb2lZ9rxMGvT8by0qV6huLUx77nV2pfjsA4oE6zEPw
lmCtXBHoRUdEFdWL3xsQwYhM3bRfKJMRsKBOsAUtudYCuhgyi+y0nJyCmL04zS3O
uNgKhfpd2Gldgu+CkzR34NW+imBwKa4GTHjxZ4aC7UiCDqGQDPf8sq9ill0ertN3
WqJBTf5XOkH69LFKZZri+s/EpW/tZcAisKVrNlsHJd/FxqeVZ/USBiZXbntAjOWe
SawuunayHfMb+Xx3KDM8y+ZYHmhL7Y2Y+vaOcRM1lw0QWwXo3cUqkyeJfNUUO0+I
/xjGHzMvXOIL2jb/Oq2w/kMmcxdXqbTtOKSRSelYMhCWeJhi+KGN1OiscxhvNXax
91Q9pCSHDjriaS4oGZlYrP3LSqF6FAyHVNvecVxsK8uAGHP70aJFHNLPaP2M1FnZ
y8lvTyQ4NU7RQNKPq40f
=FWGY
-----END PGP SIGNATURE-----

Understanding Googles SHA-1 Collision and OpenVPN HMAC-SHA1

I have had a couple of people email me with grave concern over the settings that our network uses for our VPN, referring to the Google (and Dutch) research project that created a SHA-1 collision on two documents.

There are a lot of things to unpack here, and we need to understand the underlying mechanics of what is going on before we can make statements about the safety or unsafety of SHA-1 in different contexts.

What Google managed to do is extremely impressive, and it wasn't something I thought we would be seeing for at least another five years. A live collision is a huge step forward in the march to kill SHA-1 and it will likely accelerate adoption of SHA-2 and increase scrutiny of KECCAK and the SHA-3 subset of it, as standards organizations like to have two algorithms ready to go at any given moment, in case one of them is found to be insecure overnight and a replacement is immediately needed for the world to continue operating online.

Security-Updates-January-12th-2017

All VikingVPN servers are undergoing routine security updates and a rolling restart will be issued to all clusters over the next few hours. Expected downtime is less than 30 seconds. If you are disconnected from the VPN network in the next few hours, you should be able to immediately reconnect to the network and use the service as normal.

If unexpected downtime occurs, this post will updated with the details of this downtime.

VikingVPN Warrant Canary -- December 2016

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

December 28th 2016

VikingVPN, and it's parent company Viking Connections LLC, from the inception of the company to present day, has not received any of the following:

Requests for information - Civil or Criminal - We have never received a request for information on a specific user, nor any request for bulk user data, nor any request for metadata.

Requests to modify or weaken our services - We have never received a request to change our encryption, our security practices, or our protocols. This includes wiretap orders or implementing methods to identify users on our network.

Requests for private keys - We have never received a request for private VPN server keys, access to our website CA, or any code signing certificates we control. This includes all of our self-signed certificates in the chain used by our VPN network.

Specific Clandestine Warrants - We have never received a request under FISA 702 or Section 215 of the Patriot Act, nor any other clandestine court order.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJYZI8PAAoJEDyT+fmXUj/KbXsP/3a3NqerXTSiJu6N8f/jFweO
GOTZ8Od4C0qo3ldowxwtRFcKt8amKzKTWNPv+wKN4sRUA5NXP6tfDdHYhDkAWdCy
hFeSNVcvG8yO9syd72sgQHy9Eoepm/dM9fbYEv+1pm/lUJ8y9QffYXYYGUlycm+u
F40keSYa13ozfVHVClPB1PqBAg21a/2wj361luaVSzWBnUF4RaRSXSy0Rh6ZJ5yX
euT+YJPT/HmYKE0ZyeFjY6OBAa2VJ8n7RgfFsSIJbTkR0dDN9kntF3vvRKvWPPPQ
jHd0y9NgjXJB53tpv0he3Ya2tPiI7dHhx6b9MVTuOM7ISor6//pISSUfkFfjPEfV
Sm1yvAHlA5svX85kEQ01e1wGHWXyTlIE7TfULBbIMlQafr6ltTaD4a6J7IIk+Zrh
NySs+BmKMkDF6vE2/zYGSW9uRZ/f8jDm9302aE3VLRF4DJo5zgp+BArFCUOBleJK
+ukamZyrdg7J4GW/vm3KpaHPZStIgxMrP9IwQtBzEpPwANBUyV6OybXyUtCNJx2X
RI3O4Khvz0Lg2W/IhqZgDFwuv9rtIUYhEHPNrEVCV1Et2Y3V+lOTdt7E410xq8fg
E4QrFyGcGh7O275wxQoHaLtvXfHKhGgdc1guwhSnTLBUTlkNE1yxoI/b96KxcZDX
/B8fsmrmkd6L6o7/1x9a
=LkS9
-----END PGP SIGNATURE-----

Seattle Cluster Migration

Due to a litany problems with our hosts in Seattle, we have decided to stop doing business with the company that was hosting our infrastructure there. The hosts did not properly respond to tickets, support was lacking, and performance of the infrastructure was below our standards.

This will lead to a temporary outage for the Seattle cluster while a new host is selected, vetted, and all of our resources are migrated over. During this transitional period, users that try to connect to Seattle will be automatically redirected to nearby clusters. We will try to minimize the length of this outage in Seattle and restore services as quickly as possible.

VikingVPN Warrant Canary -- October 2016

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

November 4th 2016

VikingVPN, and it's parent company Viking Connections LLC, from the inception of the company to present day, has not received any of the following:

Requests for information - Civil or Criminal - We have never received a request for information on a specific user, nor any request for bulk user data, nor any request for metadata.

Requests to modify or weaken our services - We have never received a request to change our encryption, our security practices, or our protocols. This includes wiretap orders or implementing methods to identify users on our network.

Requests for private keys - We have never received a request for private VPN server keys, access to our website CA, or any code signing certificates we control. This includes all of our self-signed certificates in the chain used by our VPN network.

Specific Clandestine Warrants - We have never received a request under FISA 702 or Section 215 of the Patriot Act, nor any other clandestine court order.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJYHWQkAAoJEDyT+fmXUj/Kw8MP/02Je/NFCioCoPHQyp9gnE2P
0cKObyS4bJ2L2i2p9/YCnU8CuNrRWq1tSgJKY9kTbGBz2dvySuQSv+VsxqCcnbML
QNecvDzV3T7c+KK7MF7cv8QwWsR2JysmUP1NW2Lq4k+deYIgNEqk/A4/GsUw3OKl
CeeG+EE5MtPR/g8NgflgEGoBTcnkkPbJ0KWo4iD/wvFI1W+nbsVzSzjHzEZlZncD
s+NjqJyAdhsI42b6WvL4I5XnHv0WeU7yum9flhBlImjRl55OrkDycj9s8WJPokyI
bopZH/h8DyrkJcN4m5NV0aN9HWgrSb/46MNIITNPnWHb6OJfP+JbhpBKWSqZQ/1l
qG5y0RN9E/ElVEuaBmVy36/ArQ6RxzQb60B6r2/L22dMCeUtoszGQuPv6vNN+GMc
mmAa49IbuEph304yM8qSmXVY+tHPaEDYYJJaK7F0azvJsXPzBAzX4msz7HpCACIT
p8K+oYXlYg0fpOkUBdDwPGhNAgAFnzIDtL+bDYOOX4y1wLUgREpvXg6mb2uO+qFO
QVZ2I5hFct0d62NnPP9sX53lXt8OYoN1q5pfYBrZ99eiDB8UJVHTU6bhPt5+JL3T
+I/3xg14P6JGAbA/mZw496YhaEiOA24ij7Y95dOAlyU1/0fEHTCARHuKIN/wk0q3
2eAGYzu0guDEAL0atJ6e
=u0L0
-----END PGP SIGNATURE-----

Downtime -- All Server Clusters Restarting for Routine Updates

All clusters on the Viking network are being restarted for routine security and performance updates.

Downtime is expected to be less than 5 seconds.

If you are disconnected from the Viking network during this time period, you can simply reconnect to the service immediately.

Seattle Cluster Outage

We are currently investigating an outage of the entire Seattle server cluster. This post will be updated with more information when we have it.

For now, our load balancers are referring all connection requests to Seattle to Chicago to keep users online and problem free.

We will work to restore access to Seattle as soon as possible after we can found the root cause of the outage.

Update: This outage was caused by a failure of the new ticketing system of our parent host in Seattle. We are working with them to correct the issue and services have been restored in Seattle.