VikingVPN, and it's parent company Viking Connections LLC, from the inception of the company to present day, has not received any of the following:
Requests for information - Civil or Criminal - We have never received a request for information on a specific user, nor any request for bulk user data, nor any request for metadata.
Requests to modify or weaken our services - We have never received a request to change our encryption, our security practices, or our protocols. This includes wiretap orders or implementing methods to identify users on our network.
Requests for private keys - We have never received a request for private VPN server keys, access to our website CA, or any code signing certificates we control. This includes all of our self-signed certificates in the chain used by our VPN network.
Specific Clandestine Warrants - We have never received a request under FISA 702 or Section 215 of the Patriot Act, nor any other clandestine court order.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE----- > read more
At VikingVPN we have always had two main focuses, security and speed. We do not want to be the cheapest VPN at the expense of performance, nor do we want to be the easiest to use if that means compromising security for compatibility or usability.
In the past this has lead us to only using the trusted and currently published open source clients for each device. This is because these clients are created by the people who create the code and the code is compiled by the creators in a verifiable way.
This policy has lead us down a road where a large number of users find our service cumbersome to use. Some users do not have the skills required to manage their certificates, understand revocation, or edit config files if something isn't working as it should. It also makes us slaves to the shortcomings of the default clients, that often have long-standing issues that have gone unpatched for a long time.
Because of these issues, we are reversing our policy on custom clients, and advancing with a Windows Client that will go into open-beta in the near future. It is currently in alpha testing.
This client will have the full source code available for review, so we will maintain the ability to trust and verify the code. It will be a "wrapper" around the official OpenVPN client, meaning that it will use the same source code as the vanilla client, but will be enhanced by us to improve functionality.
Our focus on the first iteration of the Windows client is focused on resolving the following issues:
1. Ease Certificate Management - Allow clients to securely manage their certificates within the app, without directly interfacing with the VikingVPN website.
2. Create Better Error Detection - Allow the app to detect if IP addresses are being managed properly. This is to eliminate problems with permissions and other error detection in the vanilla app. > read more
The time has come for us to enhance the integrity of our blogs and increase transparency through digital signatures.
A Signed Statement Warrant Canary
While we have felt in the past that having a "dead man's switch" style warrant canary was sufficient to allay people's concerns about transparency, we have come to realize that the best solution is to both make digitally signed statements and in conjunction use the dead man's switch canary. This gives our user's the option of checking either for reassurance that our services have not been tampered with by any state-level actor.
My concerns in the past have been that I will forget to post one of our warrant canary signed statements and cause a needless panic. Upon reflection I have realized that the dead man's switch canary has the same shortcomings, and that I should simply commit to the maximum amount of transparency possible.> read more
The primary DNS server that our Chicago clusters use is down. There is no outage in services as the secondary DNS server is picking up the slack. We are modifying the Primary DNS of all servers in the Chicago cluster to a ensure redundancy and keep services up and running.
No user changes are required as this is a transparent fix.
We will issue a rolling restart with the changes tonight at midnight Central Standard Time.
Only the Chicago cluster will be impacted. Downtime will be less than one second. If you are disconnected from the Chicago cluster around this time, you will be able to immediately reconnect and resume service.
There are no security implications to this change, speeds resolving domains while connected to the Chicago cluster will improve after the change goes live.> read more
We are running a labor day sale from now through the holiday weekend!
You will receive 50% off of your subscription for one billing cycle, and enhance your privacy with the most secure and fast VPN.
For all plans, use the coupon code vikinglaborday to receive your discount.
The sale also applies to our high privacy Bitcoin and Dash customers! Contact support for details.
We rarely run sales and this is your only opportunity to get a discount before Black Friday!> read more
The staff of VikingVPN is working on a Cybersecurity Wiki. This Wiki is going to explain all of the major aspects of how to protect your data and privacy on and off the internet.
We will be covering all aspects of cybersecurity in high detail, to allow users to learn about how to protect themselves, as well as step-by-step generic guides on various hardening techniques.
We will be incorporating some information from our security blog into this new wiki area, the largest move being the Firefox Hardening Guide that is very popular among the privacy community.
This is a GIGANTIC topic and the world of cybersecurity is constantly evolving. We will be routinely adding to the information in the Wiki and hope to have a comprehensive guide for users completed some time in the future. We will be adding content to the Wiki regularly as well as referencing good outside sources for topics that are too broad for us to cover.
The VikingVPN Web server is being restarted for routine security updates. Downtime of the website is expected to be less than two minutes. VPN services will not be affected by the restart.> read more
VikingVPN Has Received a Request for Information from the European Union - The Questions and Our Full Responses
VikingVPN has received a voluntary request for information from the European Commission. We have partially participated in the request and refused to answer any questions pertaining to customer data. The request contained no requests for individual user data, but had requests for some aggregate data that we also felt was too intrusive or requested information we simply do not have because we do not log our user activity.
*WARNING THIS IS A LONG AND DETAILED POST, AND IT IS NOT MOBILE FRIENDLY AS IT CONTAINS LARGE TABLES*> read more
There is a new "severe" OpenSSL flaw that was exposed today. OpenSSL has patched the flaw and it is available on their website immediately.
The flaw exposes all clients, servers and software that use certificate validation to a bug that would allow an attacker to impersonate a trusted device. This is a total bypass of the security of the certificate system. If there are no additional layers of verification (that do not rely on the certificate system) then the system is vulnerable to attack.
This could allow an attacker to impersonate trusted servers and push malicious updates to software, or an attacker to skim security credentials, or other malicious activity that would allow deep compromise of the victim's machine.
The VikingVPN Security Impact:
This area will be updated with a graphic in the near future. We are rushing out this transparency post to show exactly what we are working on and the impact of the problem.> read more
OpenDNS has announced that they are about to be acquired by Cisco Systems. Our US server clusters have been using OpenDNS for over a year because they perform well and do not log user activity.
The acquisition of OpenDNS by Cisco Systems raises concerns about whether their logging policies will remain the same, or be silently changed. It also raises concerns about Cisco's plausible complicit participation in clandestine activities.
Due to these concerns, VikingVPN is changing all of its US infrastructure to use servers that are ran by the OpenNIC project. These are servers that are fast, regularly audited, and do not log.
The VPN server clusters will be issued rolling restarts over the next few hours to complete these changes. Downtime is expected to be less than one second. If you lose connectivity during this period, you can immediately reconnect to the service and continue using it normally.