As you may have heard, Windscribe had VPN servers seized in Ukraine on 24 June this year. So far so bad.
According to Arstechnica, Windscribe had to admit that the servers were not secured well enough. According to the information, the servers were running on an old stack and were not encrypted. And so private keys were found on the hard drives of the servers. This is of course very embarrassing and has now been fixed, as we read in their new blog post. We must also praise the fact that they are now taking the in-memory stack approach, so that no private data can be found on the hard drives.
This is similar to that what we have implemented in our infrastructure for many years: Our servers run on RAM disks. This ensures that as soon as the power is disconnected from the server, no security-relevant data can be found. You could also say that Windscribe has finally copied this feature from us in 2021.
When Windscribe introduced their server-side ad and tracking blocker 'R.O.B.E.R.T.' on November 2018, we smiled a bit, as it was a copy of our 'TrackStop' which we already introduced on September 2016.
We are very honoured when our features are copied by other providers :)
It is well known that data is found by providers even though they advertise a no-logging strategy according to their marketing. It is also noticeable that these providers are just so cheap that you can say they are not free. We will never say their names or take a position on this, that is not our style. In the blog post, Windscribe took the trouble to go into the shortcomings of the competitors. We think this is bad style, from a VPN provider, which has made mistakes and tries to present itself better, but each company has to decide that for itself.
But the fact that Windscribe writes in the above-mentioned blog post that we did not have our ram disk infrastructure at the time of the server seizure in Rotterdam and assumes that data of our users should have been found, is simply a brazen insinuation. If they had instead adhered to basic journalistic standards and simply asked instead of claiming untruths, we would have been happy to clarify that our VPN servers have been running with the RAM disks since 2013. Also, despite the RAM disk, we naturally revoke certificates when we lose control of a server.
We are therefore completely justified in assuming that when our servers were seized in Rotterdam in 2016, the investigators only found a basic Linux installation with a customised configuration on the hard disks and were unable to seize any other data.
Your Perfect Privacy Team