SimplifiedPrivacy.com on Nostr: Great question. The short answer is "not yet, we will when further along. It already ...
Great question. The short answer is "not yet, we will when further along. It already far exceeds the security of just regular WireGuard, by even having a second isolated layer. And the high price tag of an audit would tie up funds we need for further development at this moment."
The longer answer is there are few aspects to an audit, the last one of which is unique to our situation.
a) One is eyes on the code.
b) Another is pure security.
c) But yet another factor to our's is the fingerprint. So we might be the most secure thing in the world, but it could hypothetically not be beating some type of proprietary fingerprint.
So for the last one, part c, this is very difficult to audit because the enemy is closed source. We can realistically say though that there is no known way of detecting things such as the screen size or timezone from within the environment based on how these underlying technologies work... but NOBODY knows what for example, hardware fingerprinting the CIA is doing that might even penetrate QubesOS. Even if I put up a 30k USD bounty, it would LIKELY NOT yield someone who can fingerprint it across profiles. If the technology to break outside a new graphical enviornment exists, then it exists in an NSA classified database and exceeds what any open source project can pay. Including QubesOS.
As far as pure eyes on the code, we're in the process of decentralizing the Wireguard network, and these other participants will be more eyes on the code.
As far as paying a third party security firm to audit it, we will do it when able to in the future. But keep in mind, in general for all these VPNs (and messengers) this is purely a marketing thing. As these audit shops just look at "if the firm has correctly applied the techniques and do basic DNS leaks and pen testing tools". And they can’t even guarantee that the firm is not malicious, even if it passes audit.
And they do NOT do the kind of penetration tests that real talent or the CIA/NSA is gonna do. So at the end of the day, is it worth 20 grand to a starving open source startup to get a sticker of approval? Or is the money better spent on further development, decentralize this out, and get eyes on the code through merit.. over just raw funds.
The longer answer is there are few aspects to an audit, the last one of which is unique to our situation.
a) One is eyes on the code.
b) Another is pure security.
c) But yet another factor to our's is the fingerprint. So we might be the most secure thing in the world, but it could hypothetically not be beating some type of proprietary fingerprint.
So for the last one, part c, this is very difficult to audit because the enemy is closed source. We can realistically say though that there is no known way of detecting things such as the screen size or timezone from within the environment based on how these underlying technologies work... but NOBODY knows what for example, hardware fingerprinting the CIA is doing that might even penetrate QubesOS. Even if I put up a 30k USD bounty, it would LIKELY NOT yield someone who can fingerprint it across profiles. If the technology to break outside a new graphical enviornment exists, then it exists in an NSA classified database and exceeds what any open source project can pay. Including QubesOS.
As far as pure eyes on the code, we're in the process of decentralizing the Wireguard network, and these other participants will be more eyes on the code.
As far as paying a third party security firm to audit it, we will do it when able to in the future. But keep in mind, in general for all these VPNs (and messengers) this is purely a marketing thing. As these audit shops just look at "if the firm has correctly applied the techniques and do basic DNS leaks and pen testing tools". And they can’t even guarantee that the firm is not malicious, even if it passes audit.
And they do NOT do the kind of penetration tests that real talent or the CIA/NSA is gonna do. So at the end of the day, is it worth 20 grand to a starving open source startup to get a sticker of approval? Or is the money better spent on further development, decentralize this out, and get eyes on the code through merit.. over just raw funds.