IVPN infrastructure is ready for 5th annual security audit

IVPN News By Nick Pestell | Posted on December 28, 2022

In-line with our commitment to perform an annual security audit of IVPN systems, we have commissioned the independent security auditing organisation Cure53 to conduct a security audit at the end of February 2023. We aim to publish the results of the audit no later than April 2023.

We have recently decided to upgrade our VPN gateway servers to a new major OS version which includes many configuration changes. The scope of the audit includes a pen-test and thorough security audit of the configuration of these new VPN gateway servers which are currently in a test environment, and due to go into production following the remediation of issues found by Cure53.

A note on the chosen scope and ‘no-logs’ audits:

In 2019 IVPN has commissioned a ‘no-logs’ audit to demonstrate that our service is not configured to collect and store information relating to customer connections.

After considering a repeat of this audit scope, we have decided that claims around ‘no logs’ audits can be misleading, or at best ambiguous to customers. We often remark that audits are just a snapshot in time. Any VPN service receiving a stamp of ‘no logs’ from independent evaluators can update their systems and start collecting sensitive customer information the following day.

For this reason, our aim this year, and from now on is arranging audits that focus on parts of our systems that have undergone significant updates. We believe such reviews meaningfully contribute to improving the security of our systems.

Audit Security
We invite you to discuss this post in our Reddit community or on Twitter. You can also send your feedback to blog@ivpn.net.
IVPN News

Independent security audit concluded

By Nick Pestell

IVPN News

IVPN applications are now open source

By Viktor Vecsei

Releases

Beta IVPN Linux app released

By Viktor Vecsei

IVPN infrastructure security audit concluded IVPN News

IVPN infrastructure security audit concluded

Posted on March 15, 2023 by Nick Pestell

We’re pleased to announce that an independent security audit of the new IVPN gateway infrastructure has concluded. We recently decided it was necessary to upgrade our VPN gateway servers to a major new OS version which included many configuration changes.
IVPN apps security audit for 2022 concluded IVPN News

IVPN apps security audit for 2022 concluded

Posted on April 6, 2022 by Nick Pestell

We’re pleased to announce that an independent security audit of the IVPN apps conducted by Cure53 has concluded. Since our last audit 12 months ago we have made significant updates to apps on all platforms and judged that a new audit with similar scope is necessary this year.
Spotted a mistake or have an idea on how to improve this page?
Suggest an edit on GitHub.