Annual security audit scheduled for 2026

Consistent with our commitment to regular independent security audits, we have scheduled our eighth annual security audit with Cure53, to be conducted over the course of two weeks in July.

As in previous years, audits target systems and services that have undergone significant updates and where review provides the most value to customers in terms of security and auditability.

The most relevant addition since the previous audit is Unlinked Access, the system that allows IVPN Plus and Pro Suite subscriptions to grant access to Mailx, modDNS, and Portmaster without propagating IVPN account identifiers to those services. Read the Unlinked Access overview and the technical deep-dive for details.

Scope of the audit includes the cryptography and privacy model and the following services: generator, token and preauth, verifier and distributor.

A note on no-logs audits

Our last and only no-logs audit was conducted by Cure53 in March 2019. We have not repeated this format since.

Claims around ’no-logs’ audits can be misleading, or at best ambiguous to customers. Audits are a snapshot in time: any VPN service receiving a ’no-logs’ stamp from independent evaluators can update its systems and start collecting sensitive data the following day. We have also seen some VPN providers cite such audits as a marketing tool that creates a false sense of security. For these reasons, we will not commission further no-logs audits.

Previous audit results

Results from the 2025 audit covering Mailx and modDNS are published:

• modDNS audit results
• Mailx audit results

Nicholas Pestell
CEO
IVPN

Featured posts

Related posts