VikingVPN Warrant Canary -- May 2016

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

June 19th 2016

VikingVPN, and it's parent company Viking Connections LLC, from the inception of the company to present day, has not received any of the following:

Requests for information - Civil or Criminal - We have never received a request for information on a specific user, nor any request for bulk user data, nor any request for metadata.

Requests to modify or weaken our services - We have never received a request to change our encryption, our security practices, or our protocols. This includes wiretap orders or implementing methods to identify users on our network.

Requests for private keys - We have never received a request for private VPN server keys, access to our website CA, or any code signing certificates we control. This includes all of our self-signed certificates in the chain used by our VPN network.

Specific Clandestine Warrants - We have never received a request under FISA 702 or Section 215 of the Patriot Act, nor any other clandestine court order.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXZ2EwAAoJEDyT+fmXUj/KJ7oP/3Ap9tRwCTeWu2KqaH2mkLhr
N2mJ6j/jw0T2/fqhcRZ0ejRPqd8GYR0G/lCCFiIC1jpPtPMgCeAiqlXywKxeeg7J
Jkp/wSS8F6dihyNHTf9mAQhYmWJy3QLV1Bjboxi5tSApJ/JXPDKwfUwj/UYOhZNe
IskZtBTuDDvPzr0/x0r6yvbLrdF7ilqeFz32ZknZU9e3ZrTcU6ab2/aeliwP7GTF
kc9ehQlk2ngRfV8HW4cajz9NX5RJMuSCGblID6xoKjuvdxujs9yrTGG5/7FaFH7C
bfcEtQ+afxfaSJRaJv72BMBwMbOvw4Wa1aQleJavcuv87MJver7fj7R4d+PmC+5V
X5l6a3KrwhR/C2iyPV2RYgzCiFhmM4kh7q9RqKyGy6q8b7QYiof2VK6Xf8xfnmS6
UVSIvPOs/RBO5qxBriuTnItZDdkHcQEbBgTyd3ubYfR4GWTN9OTeNxOSZR7c3pNe
ZkGVeaigt0J8581qImACn2CsGS3301MIWlg8p478Jbxh+wIHSWnORZ+I2QevukLV
zqs0+GRP9y61Xkps++cdUnVZgx9CeAau5XnB+sJVuiXqtRxTAvvhZJECHCQ9CIJy
BESf1nEwQGC5BulbiAQV+udIuHZNTgNG+bnHzZMWbuTrFr1ZI1SLsMRsTVRUVCKK
pHQ7F+N4cV4U/31tTlnu
=bSJQ
-----END PGP SIGNATURE-----
> read more

May 5th 2016 Security Updates

We will be restarting our web infrastructure for routine security updates at 3PM EST. The website will be down for approximately two minutes. There will be no interruption to the VPN network during this update.

> read more

Level 3 Outage Reported in the Northeastern US

There is a major network outage for Level 3 communications in the Northeastern US. This outage will impact customers connecting to the NYC cluster or living in the region. Time Warner Cable customers may experience total outages while emergency repairs are made. Other customers may see slower than usual speeds to NYC until the Level 3 peer comes back online.

To be clear, this situation is on transit fiber and is out of Viking's control. It will impact a huge number of websites and web services operating in the region, as Level 3 is one of the primary providers in the NE United States.

If we get any updates on the situation and a timetable, we will update this post.

> read more

VikingVPN Warrant Canary -- April 2016

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

May 2nd 2016

VikingVPN, and it's parent company Viking Connections LLC, from the inception of the company to present day, has not received any of the following:

Requests for information - Civil or Criminal - We have never received a request for information on a specific user, nor any request for bulk user data, nor any request for metadata.

Requests to modify or weaken our services - We have never received a request to change our encryption, our security practices, or our protocols. This includes wiretap orders or implementing methods to identify users on our network.

Requests for private keys - We have never received a request for private VPN server keys, access to our website CA, or any code signing certificates we control. This includes all of our self-signed certificates in the chain used by our VPN network.

Specific Clandestine Warrants - We have never received a request under FISA 702 or Section 215 of the Patriot Act, nor any other clandestine court order.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIbBAEBCAAGBQJXJ4QTAAoJEDyT+fmXUj/KidUP9i7Cn/l2YNSj6ERZpWRT0ukt
yiLCO7xqgXQ7N1E04kUL9YtT/oyrw7Ym/VeHP5gLxWwOBOpsaNW3syKPaJLJIivt
YIKAZszfaBLCCTux22qj0/J/FuHseWZtU26yCZr3teK1fblIm/+8mY9V2I/OTDof
prumjIW+TpLzlYl+d/MKCSt2wgdhfV8TpFs3jN+PmPObiZYKqLpbl/i7ZKx9Z4On
EiKx2xy1RqkdQBufQi5SjKoonjEkB9bWuIgbRxjMCQ/9+DfqYFkrmnEfRR7giTQI
PkaeNm11SZrW1e9OcXQsWYk7K/naO+ObxL3TQ3wds3Lc5+Dlm8oJPmIRz78fTfyX
WyvF7PYHO6dfal/KQ4I82ili/7Vwuz8sAFwdx/g/Mn/N0n8pkXGM5GVCnXvGO4LD
CwuHbLqB/rs7tIUnMOfmlmAnMu6FTsVdhFDfGfF3E+20/uCPwEQREznBW59DoUtF
tr8Pp/YABEaWb0PLdJpeHwckk2bGlN4Y/Giwx9U/rUDOnQ1inbIaA4cJoqP1/+pi
KhZnl4KvimTYdt7Qe9aC5LpkPgKskheYHW0uauywkHkl4G4ClarfXtoAbakbhELT
zpzOPfbs/Uio/IDJ4plYAl3RNOL5yYEIiozcjk/BL/KuOkHjT8nKsSvkj0RL4ey9
70EaeCZGJwqY3wddDaU=
=FgcJ
-----END PGP SIGNATURE-----
> read more

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

April 3rd 2015



VikingVPN, and it's parent company Viking Connections LLC, from the inception of the company to present day, has not received any of the following:



Requests for information - Civil or Criminal - We have never received a request for information on a specific user, nor any request for bulk user data, nor any request for metadata.



Requests to modify or weaken our services - We have never received a request to change our encryption, our security practices, or our protocols. This includes wiretap orders or implementing methods to identify users on our network.



Requests for private keys - We have never received a request for private VPN server keys, access to our website CA, or any code signing certificates we control. This includes all of our self-signed certificates in the chain used by our VPN network.



> read more

VikingVPN Warrant Canary -- February 2016

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256


March 2nd 2015


VikingVPN, and it's parent company Viking Connections LLC, from the inception of the company to present day, has not received any of the following:


Requests for information - Civil or Criminal - We have never received a request for information on a specific user, nor any request for bulk user data, nor any request for metadata.


Requests to modify or weaken our services - We have never received a request to change our encryption, our security practices, or our protocols. This includes wiretap orders or implementing methods to identify users on our network.


Requests for private keys - We have never received a request for private VPN server keys, access to our website CA, or any code signing certificates we control. This includes all of our self-signed certificates in the chain used by our VPN network.


> read more

Viking VPN Service OpenVPN Windows App Client Released in Open Beta!

Viking VPN Service is releasing our client for Windows PCs into Open Beta as of today.  You can download the client here.


Follow our connection guide for Windows to get it set up.  It's pretty easy and hassle free.  

It's possible that you'll get false-positives from malware or virus scanners for this app.  These false-positives are caused simply by the app being new on the market.  These false-positives will go away in time.

We have open-sourced the code for the app.  It is published on bitbucket.


> read more

VikingVPN has Completed Emergency Maintenance Related to the glibc Stack Overflow Vulnerability

We have completed emergency maintenance to respond to the Stack Overflow in glibc as disclosed in CVE-2015-7547. Google and Red Hat are credited with the disclosure and fix.

More information on the CVE can be found below:
Google Online Security: https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html

Red Hat: https://access.redhat.com/security/cve/cve-2015-7547

Proof of Concept Attack: https://github.com/fjserna/CVE-2015-7547

Our infrastructure has been patched and all server clusters have been issued rolling restarts to ensure that there is no chance of an out-of-bounds buffer being active. Google and Red Hat are confident that the vulnerability has likely not been exploited in the wild. As a precautionary measure, we will be performing an internal audit of our systems ahead of schedule to verify that all systems are secure.

> read more

VikingVPN Warrant Canary -- January 2016

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

February 6th 2015

> read more

Privacy Policy Update - February 1st 2016

We have made some minor updates to our privacy policy in order to clarify our position and procedures.

Our policies are completely unchanged, this update is to just make it more clear how we handle logging.


The specific privacy policy changes are:

We clarified that total user bandwidth is not monitored.

We clarified that total server bandwidth usage (per day) is monitored.

We clarified that we have never had to use our logging contingency plan to defend the network. It is just present in case it ever has to be used.

I also edited the formatting of the privacy policy to have consistent spacing throughout the page.

> read more