IVPN infrastructure is ready for 5th annual security audit

IVPN News By Nick Pestell | Posted on December 28, 2022

In-line with our commitment to perform an annual security audit of IVPN systems, we have commissioned the independent security auditing organisation Cure53 to conduct a security audit at the end of February 2023. We aim to publish the results of the audit no later than April 2023.

We have recently decided to upgrade our VPN gateway servers to a new major OS version which includes many configuration changes. The scope of the audit includes a pen-test and thorough security audit of the configuration of these new VPN gateway servers which are currently in a test environment, and due to go into production following the remediation of issues found by Cure53.

A note on the chosen scope and ’no-logs’ audits:

In 2019 IVPN has commissioned a ’no-logs’ audit to demonstrate that our service is not configured to collect and store information relating to customer connections.

After considering a repeat of this audit scope, we have decided that claims around ’no logs’ audits can be misleading, or at best ambiguous to customers. We often remark that audits are just a snapshot in time. Any VPN service receiving a stamp of ’no logs’ from independent evaluators can update their systems and start collecting sensitive customer information the following day.

For this reason, our aim this year, and from now on is arranging audits that focus on parts of our systems that have undergone significant updates. We believe such reviews meaningfully contribute to improving the security of our systems.

Audit Security
We invite you to discuss this post in our Reddit community or on Twitter. You can also send your feedback to blog@ivpn.net.

Independent security audit concluded

By Nick Pestell


IVPN applications are now open source

By Viktor Vecsei


Beta IVPN Linux app released

By Viktor Vecsei

DNS traffic leak outside VPN tunnel on Android IVPN News

DNS traffic leak outside VPN tunnel on Android

Posted on June 13, 2024 by IVPN Staff

Recently we were made aware of a potential DNS traffic leak outside the VPN tunnel on Android. Even with Android OS “Always-on VPN” and “Block connections without VPN” options enabled, as per the report the plaintext DNS traffic can be observed outside the VPN tunnel.
IVPN web infrastructure security audit concluded IVPN News

IVPN web infrastructure security audit concluded

Posted on April 11, 2024 by Nick Pestell

We’re pleased to announce that a sixth annual independent security audit has concluded. The assessment focused on Web UI, backend components, API endpoints, underlying web servers, and web infrastructure. We’d like to share two key excerpts from the report:
Spotted a mistake or have an idea on how to improve this page?
Suggest an edit on GitHub.