[CONTENT-CHANGE] Privacy-Respecting Software > Virtual Private Networks

[atomGit]

what do you think about Azire (parent is Netbouncer AB)?

there've been no independent audits yet so far as i know, but it's a smaller Swedish company operating since 2012 that claims some very enticing things...

• they physically buy, secure, install and maintain all their servers - this is the only commercial VPN i know of that does this
• wireguard
• accepts crypto, no personal info required
• and, of course, no logging, port restrictions, bandwidth caps, etc.

from their FAQ's...

Do you own the servers and how are they installed and secured?

We physically own all of our hardware, in all of our locations, including bare metal dedicated servers and switches, bringing it and installed on our own, co-located in closed racks on different data centers around the world meeting our strict security criteria, using dedicated network links and carefully chosen providers for maximum network quality and throughput. We also make sure to select locations with protective or non‑invasive laws to ensure the privacy of our customers.

They are equipped with a quad-core Intel Xeon CPU featuring special cryptographic optimizations AES-NI and 12GB of RAM for no‑compromise performance and are running in RAM without any physical hard drive disk which protect our users in case of seizure. Their software setup and installation is identical in each location, only using open-source software.

also see Server Environment and Security pages

i've been using them for many months and have been very satisfied overall with their service, much more so than with Nord or Air

[Lissy93]

Just tried it out, seems good overall. I'd approve the PR if you'd like to submit it :)

Couple of things I did notice though:

• Client applications not open source. And their only GH repo is very stale
• Android App only available through Google Play, no F-Droid or APK
• Unsure why the Android app needs external storage read/write permissions
• No kill switch option on client apps, and Linux app disconnected several times
• Their only DNS servers are in Denmark, part of the 9-Eyes
• No security audit. And no evidence to backup any of their claims
• My traffic was flowing through shared data centers, they cannot / do not physically maintain these themselves, like they made it sound like
• Relatively few locations, and expansion seems to have slowed down
• Surprisingly small throughput compared to other providers, possibly making identifying individuals easier
• When trying it out, I found performance was quite poor, and not all their advertised servers were connectable. But this could be due to my location

But didn't notice anything that put me off. And as you mentioned, 100x better than Nord and other commercial providers. I liked that they accept crypto, and the XMR payment went through fine. I usually use Mullvad, and the top-up process was very similar.

[atomGit]

Client applications not open source

i don't know anything about their apps (i don't use them) however the link for the Linux app takes you right to their github repo - whether it works or not i wouldn't know

DNS servers are in Denmark

DNS is handled by whatever server you connect to - you can see this in their config's - at least this is the case for wireguard when not using their app - however if you run wireguard on your router for example, then you have to use the DNS servers you mentioned for some reason - this didn't make sense to me, but i couldn't get WG working on my router otherwise

No security audit. And no evidence to backup any of their claims

other than some circumstantial evidence, that is true

My traffic was flowing through shared data centers, they cannot / do not physically maintain these themselves, like they made it sound like

can you elaborate? this is a show-stopper if true

my impression is that they're using shared data centers to locate their hardware (obviously they aren't building their own data centers), and then installing their own hardware in them

Relatively few locations, and expansion seems to have slowed down

this kind of supports their claim to own/install their own gear i think, else they might be provisioning servers at the rate of Nord, etc.

When trying it out, I found performance was quite poor, and not all their advertised servers were connectable. But this could be due to my location

interesting, my experience has been very different - i'm seeing far better service than with Nord or Air - stability has been rock solid - i also attribute some of this to wireguard

bandwidth may or may may not be on par with other services, but when i tested it, using WG, it was a very small percentage less than what i get from my ISP and it was better than what i got with OVPN and Nord/Air

i'm gonna contact them with your concerns and let's see what their response is before going any further

[Lissy93]

I don't have a set list of criteria for VPNs to be on the list (maybe I should put one together). But unless anyone has any serious, and factually backed up reservations about Azire, I am happy to add it to the list.

Most the negatives listed above were regarding the client apps, which shouldn't be a deal breaker since WG (and OpenVPN) are supported.

But it would be much easier if they have had an independent audit.

There's a lot of problems with VPN providers as a whole. They tend to make great claims, and it's hard to know for certain if they're true.

[atomGit]

... unless anyone has any serious, and factually backed up reservations about Azire, I am happy to add it to the list.

i opened a ticket with them that mentions all your concerns, some of which i share, so you might want to hold off until they respond

There's a lot of problems with VPN providers as a whole.

indeed! not one of them can be fully trusted, however i would also argue the same is true with Tor

i think a good VPN (whatever that means) is great for avoiding ISP monitoring and data stream injection, etc., but if it's a whistleblower or journalist whose life/freedom is at stake, it's a different story

I don't have a set list of criteria for VPNs to be on the list...

first and foremost, never trust a "free" vpn ;)

[atomGit]

if interested...

Tor versus a VPN - Which is right for you?

[atomGit]

Azire/Netbouncer finally got back to me and i'm pleased with their answers...

Q: Client applications not open source. And their only GH repo is very stale
A: It is true that the source code of our current WireGuard applications is not released yet. It will be when we feel confident that the code is ready and mature enough so that everyone will be able to review, submit issues, and contribute with merge requests.

Our GitHub currently hosts the source code of our old OpenVPN client, which is now deprecated and not maintained anymore.

Q: Android App only available through Google Play, no F-Droid or APK
A: We are planning to, at a minimum, release our Android application on F-Droid, probably at the same time we release the source code.

Q: Unsure why the Android app needs external storage read/write permissions
A: The Android application needs external storage read/write permission to be able to write debug logs, which are available from the hamburger menu. Users can then send us the log for support inquiries.

Q: No kill switch option on client apps, and Linux app disconnected several times
A: It is planned to integrate a kill-switch in our clients on all platforms where it makes sense and can be properly implemented.

The Linux client is deprecated. Linux users can use WireGuard's wg-quick directly, or better, use systemd services, for now. They also can use NetworkManager's OpenVPN GUI applet to ease the establishment of an OpenVPN tunnel.

Q: Their only DNS servers are in Denmark, part of the 9-Eyes
A: Our static public DNS servers are located in Sweden. When connecting to our service, users will be assigned with the endpoint's local DNS servers, which should keep the DNS requests internal to the location's local network. It is therefore possible to avoid country deemed untrusted.

Our static public DNS servers are listed on this page, under the "DNS servers" section:

https://www.azirevpn.com/docs/servers

Q: No security audit. And no evidence to backup any of their claims
A: We are planning to make an audit of our back-end infrastructure when we feel ready to do so. For the moment, the back-end is reworked for the release of port forwarding, which should happen in the incoming months.

Q: My traffic was flowing through shared data centers, they cannot / do not physically maintain these themselves, like they made it sound like
A: We buy all our hardware (servers and switchs), seal it, and then send it to data centers around the world. It would not be feasible to own our data centers, although we have close business links with some of them, so we know they can be trusted.

More information on these pages:

• https://www.azirevpn.com/docs/environment
• https://www.azirevpn.com/docs/security

Q: Relatively few locations, and expansion seems to have slowed down
A: See answer number 7. It is less easy to find trusted and quality data centers to send our hardware to, than simply leasing a server which can be terminated at any time.

During 2022, we are striving to expand our locations on the West Coast of the United States.

Q: Surprisingly small throughput compared to other providers, possibly making identifying individuals easier
A: We are not sure if "small throughput" refers to "low traffic" on some locations from our Status page, or if the speed when testing was not great. It usually depends on a lot of factors, but our locations are, for some of them, using Tier 1 providers directly (Cogent, Telia) so the speed should be there. Also, our servers are for the most part using 10 Gbit/s full duplex links.

Q: When trying it out, I found performance was quite poor, and not all their advertised servers were connectable. But this could be due to my location
A: Unless indicated otherwise on our Status page, all our locations are available for use. We have automatic ways to detect down locations on our side, so there should be no issue connecting to them unless an Internet Service Provider banned some of our locations' IP addresses.

We are open to answer other questions or clarify some points if our answers were not complete enough. Alicia can contact us directly to our support email address.

[Lissy93]

Awesome, thank you for communicating with them, and sharing the answers.
I'm aware they could have said anything here, and there's not really any way to verify. But this is the same for most providers and their responses seem sincere, and everything makes sense.

Added Azier to the list, in 7b6ef130c2330bb797f3a1c5042adf764a99af75 :)

[Lissy93]

Closing as added..