Any updates if Perfect Privacy is considering WireGuard?

Thunderrooster

Freshly Joined Member
I know at one time Perfect Privacy was not going to support WireGuard but what about now? I see more and more VPN providers offer it now.
 

webslap

Active Member
I think PP will not do that anytime soon.
Wireguard in the offiical standard version, has definitly no dynamic IP address management available.
Therefore, the Wireguard implementations in other VPN services are always limited to special apps (non-standard-wireguard clients).

For the user, this also means an increased risk that the data can remain on the server. (IP address of the client and ports used by a client must be made known to the server in advance).

therefore, for various reasons, PP will probably have exactly these fears and therefore prefer to give wireguard a wide berth at present. for the sake of the users' privacy.
 

Erenys

Junior Member
I think PP will not do that anytime soon.
(...)

For the user, this also means an increased risk that the data can remain on the server. (IP address of the client and ports used by a client must be made known to the server in advance).

therefore, for various reasons, PP will probably have exactly these fears and therefore prefer to give wireguard a wide berth at present. for the sake of the users' privacy.

I prefer no to use a vpn protocol with so much privacy deficiencies. But on the other hand these last years, some vpn providers providing wireguard have been well aware of these issues, and developped some workarounds (eg Double Nat). It should be interesting I think to discuss that.

Some useful links:

 

webslap

Active Member
Of course, there are still many reservations against Wireguard, which are also reflected in numerous critical reports. That is certainly also a reason why this protocol will not be coming to PP so soon. as far as I know the guys at PP, they will not get involved in experiments with data security. This is a conservative behavior, but it is quite understandable.
 

Erenys

Junior Member
But you could implement it and simply describe it as eventually less secure on your website, vpn client etc.
For sure, this could be considered, in presenting that as an alpha release feature. But then, despite the precautions taken, there could some persistent logs, precisely because it would be an alpha version of a system that is originally designed to need persistent logs . And so some day a PP user could be deanonymised because of these logs. Very bad for the PP reputation, as people would not take into account the fact that deanonimisation would have taken place in the context of an experimental alpha feature usage. What people would take into account is that a PP user would have been identified because of a logging system set up by PP. All around the Vpn world, PP would be named "Unperfect Privacy", "Utrustworthy Privacy" etc.
 

meinvpn

Active Member
Well. I think one of Benefits of Wireguard is the ability of fast (re-)Connects combined with less Overhead. These are important points for mobile use.

Why not Combining Wiregard and classic OpenVPN by Cascading ?

User --> Wireguard --> PP-Server IN --> OpenVPN --> PP-Server Out

In this way, Wireguard's privacy restrictions are massivly reduced, as no Logs are on the Out-Server (In and Out must under no circumstances be the same location).
 

webslap

Active Member
Wireguard certainly has some advantages to offer. But it also has many disadvantages.

For one thing, Wireguard requires the connection to be known before it is established on the server. This means that a local IP address must have been reserved for the user on the server beforehand, which means that user data must also be stored in the customer area in order to make this manageable. I think this is one of the main problems that PP wants to avoid. Because it means that they would have to manage and store more user data and the guys there don't like that at all.

The next thing is that during a wireguard connection you can also change the IP of the client and there will be no verification or error message. This means that you can't be as secure against man in the middle attacks as with other methods where this is excluded (i.e. OpenVPN or IEKv2 etc).

So also this circumstance does not speak now exactly for a Wireguard use at present.

Therefore I can understand that the Perfect-Privacy employees also have a few stomach aches to build this into their security concept.
 
Top