TL;DR – We no longer require customers to specify a password when connecting to the VPN as we have randomly generated usernames and the password doesn’t affect the security of the VPN tunnel in any way. You still require a password to login to the website Client Area. 

To understand more about this decision read on.

IVPN is working towards a future where mass surveillance is not a key part of our reality. To make our VPN service more accessible to customers looking for privacy protection we are introducing a new, more affordable subscription plan.

Customers signing up today have the chance to choose between IVPN Standard, covering up to 2 personal devices, and IVPN Pro covering up to 7, with additional tools such as Multihop and Port forwarding available.

Below is a detailed comparison of our new plans:

A note to current IVPN customers: all existing subscriptions are converted to IVPN Pro with the added benefit of 7 device coverage, improved from the previous limit of 5. Moving forward, IVPN Pro Quarterly plans cost $30 and will not be offered to new subscribers.

With any questions about our new plans please contact our customer service team directly.

IVPN Team

Earlier this year IVPN published results of an audit that verified our no-logging claims; we are now taking the next steps towards demonstrating trustworthiness and commitment to protecting customer privacy in a transparent way.

When picking a VPN service there are multiple criteria for evaluation, starting with questions like who owns the company behind it, whether your provider keeps logs and what happens with the data you share. Two further measures are usually on the top of the remaining list: the type of security the service provides and the connection speed you can achieve while using it.

On these two fronts, a newcomer protocol, WireGuard, offers the possibility for significant improvements to existing solutions for VPN services. While it is still in its test phase, and requires formal reviews and further audits before being ready for prime time, WireGuard clearly offers improved security and better speeds over currently-preferred protocols like OpenVPN.

Implementing WireGuard in our applications and offering its use through our service was a key priority for us last year. In a pioneering move we integrated it in our Android, iOS and macOS apps last December. Since then, feedback from our subscribers who have tested the solution have been overwhelmingly positive. As Windows was not officially supported by WireGuard at the time of our initial launch, adding the option to our app remained on our to-do list. After a recent release by the team behind the protocol, we are now happy to offer the test use of WireGuard in all of our applications.

WARNING: The WireGuard protocol is currently under heavy development and should be considered experimental. At this time we do not recommend using WireGuard except for testing or in situations where security is not critical. We keep our WireGuard VPN servers completely separate from our OpenVPN servers to ensure there are no security risks.

Existing subscribers can start testing WireGuard simply by downloading the latest version of our Windows application and enabling WireGuard in the Settings (please see our guide and FAQ for more information). If you are not using IVPN yet, you can take advantage of our 3-day obligation-free trial option to test the service.

We have further news regarding our WireGuard implementation: As a VPN provider with a chief focus on privacy protection, we have considered and evaluated the possible risks of using the protocol during our tests. Security experts in our team have identified and solved multiple issues – including users’ public IP being stored in memory indefinitely, the lack of real dynamic IP allocation and no ‘identity-hiding forward secrecy’ offered – and have taken significant steps towards eventually recommending WireGuard as a default VPN protocol to use. If you are curious about these technical solutions please review our article Using WireGuard for Privacy Protection.

If you have any feedback, questions or concerns about WireGuard for IVPN, our team is standing by for your message.

Looking forward to hearing your test impressions.

Nick Pestell &
the IVPN team

IVPN’s core mission is to help people control what information they share with others. Our VPN service solves a key privacy problem by encrypting your traffic, making it inaccessible to your ISP and anyone else who may wish to surveil your online activity.

However, there is a lot more going on in terms of privacy violations when you are connected to the Internet. Thousands of companies track your movement across websites, profile your activities and sell that information to advertisers or the highest bidding data brokers.

From the start of IVPN, almost 10 years ago, we engineered our systems to not log any data that could be tied to an individual user account. Until now our customers had no way to verify this but today we’re proud to announce the results of an independent audit conducted by Cure53.

Below is an excerpt from the conclusion (Download the full unredacted report from Cure53’s website)

“To conclude this Cure53 audit and verification of the IVPN privacy-related claims yielded very positive results. The outcomes of this March 2019 audit, paired with fluent communications as well as the general handling of every aspect discussed during the assessment, attest to the considerable dedication to privacy matters at the IVPN project. Based on the findings, it is safe to say that all of the IVPN’s privacy statements could be verified as truthful within the defined scope. The requirements for both general security claims to be considered appropriate were successfully well met for all VPN gateways.”

The scope of the audit was to verify the no-logging claims made in our privacy policy and included all IVPN systems that are involved in serving a customers VPN connection, including the VPN gateway servers and authentication servers. A total of 3 auditors spent 7 days performing the audit during March 2019. 

When we setup IVPN and configured the our systems not to log, it required a lot more than directing logs to the null device. We have a complex configuration of scripts that set up and tear down dynamic configurations for port forwarding, multi-hop etc. These scripts communicate and store state information without persisting any data to disk, one of many design decisions we’ve made as a security-focused company. 

Cure53 was able to identify only one issue which they classified as ‘low’ impact and which they said “does not negatively impact this conclusion”. The issue was that our DNS servers temporarily cache their responses to improve performance however none of this data is related to a customer IP address or user account in any way and is only stored temporarily until the cache timeout. This means that if an adversary had access to a DNS server they could see what domains had been recently resolved but not which customer IP had sent the request. Regardless we decided to disable the caching so this issue has been fully mitigated. 

We expect this report to provide another strong signal that we take our customers privacy and security very seriously and are dedicated to being as transparent as possible. If you have any questions relating to this audit please do not hesitate to contact us.