VikingVPN Warrant Canary - September 2015

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

VikingVPN, and it's parent company Viking Connections LLC, from the inception of the company to present day, has not received any of the following:

Requests for information - Civil or Criminal - We have never received a request for information on a specific user, nor any request for bulk user data, nor any request for metadata.

Requests to modify or weaken our services - We have never received a request to change our encryption, our security practices, or our protocols. This includes wiretap orders or implementing methods to identify users on our network.

Requests for private keys - We have never received a request for private VPN server keys, access to our website CA, or any code signing certificates we control. This includes all of our self-signed certificates in the chain used by our VPN network.

Specific Clandestine Warrants - We have never received a request under FISA 702 or Section 215 of the Patriot Act, nor any other clandestine court order.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWCq/MAAoJEDyT+fmXUj/KOnsQAKpWeE5UCaCRv5vIKBYTzwI8
BSl5H5n0Qog0DLCbCtPwH6ok9mtgnyNATpFtwR2UbFQG3DcbdqPC56XYK330QWhy
ChXwDIVIPy+mOqReF3gtSmFRdsc3WZyb9cXTFieZBgBxX7Tt+3thqxl2Q8HxUcnd
gEMtc9F9fhBxS3gAcXla6tboUZRVu/g9x0xh1j/rYSuKqbC+j5xn6KTFme9jF3NA
t+nkhwAUR+Q3/Vd0PPE1e6mAArqlw7HGKnoHwBSc/Nt7mKWOx9sfxzNlENsy/YUg
GZpOw89SsCXcZhShRxeck0bR2mnqQFomFF2GCYChULKb/SgQ8NEIGUKKU3L6vhjy
1pfZb7oyXNu+Pn+FoTPtmNYoN21Cg6ni939zZR8NjkOfFoahXWCLBHtFC5PDqbhW
5A7xWuoyBD1a9kLy3eWQw2/nWT5v2c9y9BWKZheD6tRlLbeDFh6JcNLCJ1oX0NtE
SkGkuPVePu/zHk7iODMx5tHVKSHYy4tRnb292YhFUAXXHnGbZ3Xg0CLd1vxZSsmo
Fqfbzt6vvXs/BOIEt4n8CvEpzAKubX+I+255EQVaxDlTclzAMRr9e5ADAz97/L1C
iaGDg0LOeOonSFdffHuHsPdbqM4fxjPvP0UsLHUptOlktjHKlG+dIxCnhh3bH+ZZ
KdxeIIltHReS9BeBd33n
=X0Kp
-----END PGP SIGNATURE----- > read more

Policy Reversal - VikingVPN is Creating an Open-Source Custom OpenVPN Client

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

At VikingVPN we have always had two main focuses, security and speed. We do not want to be the cheapest VPN at the expense of performance, nor do we want to be the easiest to use if that means compromising security for compatibility or usability.

In the past this has lead us to only using the trusted and currently published open source clients for each device. This is because these clients are created by the people who create the code and the code is compiled by the creators in a verifiable way.

This policy has lead us down a road where a large number of users find our service cumbersome to use. Some users do not have the skills required to manage their certificates, understand revocation, or edit config files if something isn't working as it should. It also makes us slaves to the shortcomings of the default clients, that often have long-standing issues that have gone unpatched for a long time.

Because of these issues, we are reversing our policy on custom clients, and advancing with a Windows Client that will go into open-beta in the near future. It is currently in alpha testing.

This client will have the full source code available for review, so we will maintain the ability to trust and verify the code. It will be a "wrapper" around the official OpenVPN client, meaning that it will use the same source code as the vanilla client, but will be enhanced by us to improve functionality.

Our focus on the first iteration of the Windows client is focused on resolving the following issues:

1. Ease Certificate Management - Allow clients to securely manage their certificates within the app, without directly interfacing with the VikingVPN website.

2. Create Better Error Detection - Allow the app to detect if IP addresses are being managed properly. This is to eliminate problems with permissions and other error detection in the vanilla app. > read more

Updates to Transparency - Digital Signatures - Dual Warrant Canaries

The time has come for us to enhance the integrity of our blogs and increase transparency through digital signatures.

A Signed Statement Warrant Canary

While we have felt in the past that having a "dead man's switch" style warrant canary was sufficient to allay people's concerns about transparency, we have come to realize that the best solution is to both make digitally signed statements and in conjunction use the dead man's switch canary. This gives our user's the option of checking either for reassurance that our services have not been tampered with by any state-level actor.

My concerns in the past have been that I will forget to post one of our warrant canary signed statements and cause a needless panic. Upon reflection I have realized that the dead man's switch canary has the same shortcomings, and that I should simply commit to the maximum amount of transparency possible.

> read more

Chicago Primary DNS Down - Server Reset to Apply Alternatives Tonight CST

The primary DNS server that our Chicago clusters use is down. There is no outage in services as the secondary DNS server is picking up the slack. We are modifying the Primary DNS of all servers in the Chicago cluster to a ensure redundancy and keep services up and running.

No user changes are required as this is a transparent fix.

We will issue a rolling restart with the changes tonight at midnight Central Standard Time.

Only the Chicago cluster will be impacted. Downtime will be less than one second. If you are disconnected from the Chicago cluster around this time, you will be able to immediately reconnect and resume service.

There are no security implications to this change, speeds resolving domains while connected to the Chicago cluster will improve after the change goes live.

> read more


50% Off All Plans This Labor Day Weekend

We are running a labor day sale from now through the holiday weekend!

You will receive 50% off of your subscription for one billing cycle, and enhance your privacy with the most secure and fast VPN.

For all plans, use the coupon code vikinglaborday to receive your discount.

Monthly

https://vikingvpn.com/sign-up/monthly?hascoupon=true

Semi-Annual

https://vikingvpn.com/sign-up/6-month-plan?hascoupon=true

Annual

https://vikingvpn.com/sign-up/annual?hascoupon=true

The sale also applies to our high privacy Bitcoin and Dash customers! Contact support for details.

We rarely run sales and this is your only opportunity to get a discount before Black Friday!

> read more

The VikingVPN Cybersecurity Wiki

The staff of VikingVPN is working on a Cybersecurity Wiki. This Wiki is going to explain all of the major aspects of how to protect your data and privacy on and off the internet.

We will be covering all aspects of cybersecurity in high detail, to allow users to learn about how to protect themselves, as well as step-by-step generic guides on various hardening techniques.

We will be incorporating some information from our security blog into this new wiki area, the largest move being the Firefox Hardening Guide that is very popular among the privacy community.

This is a GIGANTIC topic and the world of cybersecurity is constantly evolving. We will be routinely adding to the information in the Wiki and hope to have a comprehensive guide for users completed some time in the future. We will be adding content to the Wiki regularly as well as referencing good outside sources for topics that are too broad for us to cover.

> read more

Web Server Restart for Routine Updates

The VikingVPN Web server is being restarted for routine security updates. Downtime of the website is expected to be less than two minutes. VPN services will not be affected by the restart.

If you want to keep up with updates about VikingVPN, check out VikingVPN on Google+ and VikingVPN on Twitter!

> read more

VikingVPN Has Received a Request for Information from the European Union - The Questions and Our Full Responses

VikingVPN has received a voluntary request for information from the European Commission. We have partially participated in the request and refused to answer any questions pertaining to customer data. The request contained no requests for individual user data, but had requests for some aggregate data that we also felt was too intrusive or requested information we simply do not have because we do not log our user activity.

*WARNING THIS IS A LONG AND DETAILED POST, AND IT IS NOT MOBILE FRIENDLY AS IT CONTAINS LARGE TABLES*

*SKIP TO THE END OF THIS DOCUMENT TO SEE THE STATEMENT THAT WE ATTACHED TO OUR RESPONSE*

> read more

New OpenSSL Flaw Exposed Today -- VikingVPN Impact

There is a new "severe" OpenSSL flaw that was exposed today. OpenSSL has patched the flaw and it is available on their website immediately.

The flaw exposes all clients, servers and software that use certificate validation to a bug that would allow an attacker to impersonate a trusted device. This is a total bypass of the security of the certificate system. If there are no additional layers of verification (that do not rely on the certificate system) then the system is vulnerable to attack.

This could allow an attacker to impersonate trusted servers and push malicious updates to software, or an attacker to skim security credentials, or other malicious activity that would allow deep compromise of the victim's machine.

The VikingVPN Security Impact:

This area will be updated with a graphic in the near future. We are rushing out this transparency post to show exactly what we are working on and the impact of the problem.

> read more

VikingVPN is Abandoning OpenDNS Due to Cisco Acquisition

OpenDNS has announced that they are about to be acquired by Cisco Systems. Our US server clusters have been using OpenDNS for over a year because they perform well and do not log user activity.

The acquisition of OpenDNS by Cisco Systems raises concerns about whether their logging policies will remain the same, or be silently changed. It also raises concerns about Cisco's plausible complicit participation in clandestine activities.

Due to these concerns, VikingVPN is changing all of its US infrastructure to use servers that are ran by the OpenNIC project. These are servers that are fast, regularly audited, and do not log.

The VPN server clusters will be issued rolling restarts over the next few hours to complete these changes. Downtime is expected to be less than one second. If you lose connectivity during this period, you can immediately reconnect to the service and continue using it normally.

> read more