Windscribe, privacy-tools seller, claimed it did not encrypt VPN servers owned by companies that were recently taken into custody by Ukrainian authorities. This allowed authorities to pretend to be Windscribe servers and to capture and decrypt traffic through them.Two servers in Ukraine hosted by the Ontario-based company were seized earlier this month as part of an investigation into suspicious activity one year ago. After security research revealed vulnerabilities that could enable adversaries to decrypt data, the servers that ran OpenVPN virtual private networks software were also set up to use an alternative setting.A Windscribe representative posted a July 8th post stating that there was an OpenVPN certificate and private key on the disks of the two servers. We have encrypted servers in high sensitive regions. However, the servers in question were running legacy stacks and were not encrypted. This is what we are working on.Guarantees nullWindscribes admittance highlights the dangers posed by a flurry of VPN services, many of which are new to people who have never heard of them. VPNs are used to channel all Internet traffic to an encrypted tunnel. This prevents other people from reading or tampering with data, or even detecting the IP addresses of those communicating. The VPN service decrypts traffic and then sends it to its destination.Windscribe violated industry standards, essentially negating security guarantees. Although Windscribe tried to minimize the impact by listing the requirements an attacker must meet to be successful, these are exactly the conditions VPNs are meant to protect against. Windscribe stated that the conditions and potential consequences of the attack are:AdvertisementThe attacker can gain control of your network and intercept all communications (privileged position to attack MITM)You are using a legacy DNS solver. Legacy DNS traffic is not encrypted and subject to MITM.An attacker can manipulate your unencrypted DNS questions (the DNS entries that are used to select an IP address from one of our servers).You are not using Windscribe apps (our apps connect via IP, and not DNS entries). The possible impact on the user if any of the above conditions are true. An attacker could see unencrypted traffic within your VPN tunnel.Unencrypted conversations such as HTTPS web traffic and encrypted messaging services will not be affectedAn attacker could see the destinations and source of traffic. It is important to remember this: Most internet traffic (HTTPS) is encrypted within your VPN tunnelPFS (perfect forward security) protects historical traffic from being decrypted. This is true even if the server's private key is available.OpenVPN is the only protocol affected by our servers.Three years lateThe company uses data compression to increase network performance, in addition to not using encryption. At the 2018 Black Hat security conference, Las Vegas, research revealed that Voracle is an attack that uses compression to decrypt data encrypted by OpenVPN-based VPNs. The feature was removed by OpenVPN a few months later.According to privacy-tools manufacturer, the company is currently in the process of improving its VPN offering to offer better security. These changes include:It will cease using its current OpenVPN certificate authority and instead use a new one that follows industry best practice, including the use an intermediate certificate authority (CA).All servers will be converted to in-memory servers without hard disk backing. Any data that the machines generate or contain, is only stored in RAM. It can't be accessed after a machine is shut down or rebooted.Wireguard forked version as primary VPN protocolTo allow VPN servers to continue functioning even when the core infrastructure is down, deploy a resilient authentication backend.New application features such as the ability change IP addresses without disconnecting can be enabled by requesting a static and specific IP and multi-hop client side R.O.B.E.R.T. Rules that are not stored in any databases.AdvertisementYegor Sak, Director Windscribe, outlined the steps that his company is taking in an email. These include:1. After they are turned on, all keys necessary for server function are deleted permanently from any of our servers. They are only stored in memory. Each server has unique keys and certificates that are short-lived. These keys were generated by our new CA, which is rotated. Each server certificate contains a unique identifying Common Name + SANS. OpenVPN Client Configurations New OpenVPN Server Certificate X509 Name Verification Using the Unique Common NameHe was unusually open about his lapse in writing:We make no excuses for the omission. We did not put in place security measures that were required. We felt that the article described the best way forward after conducting a threat assessment. The seizure affected as few users as possible, while addressing any unlikely scenarios that may arise. None of the user data was or remains at risk. The attacker must have complete control over the victim’s network in order to use the keys. This is one of several prerequisites as outlined above. These hypothetical scenarios are not possible because the final CA sunset process has been completed on July 20th.It is not known how many users are currently using the service. However, the company's Android app lists more than 5,000,000 installs, which indicates that there is a large user base.Windscribe servers were seized by authorities. This highlights the importance of basic VPN security hygiene, which the company did not practice. This highlights the dangers that people face when they rely on untested or poorly-known services to protect their Internet usage from prying eyes.