We are opening a new blog article because at 5.00am GMT on this Friday, 11th April 2014, our engineering unit undertook a complete upgrade of all our VPN infrastructures. Our VPN servers have been re-configured with new certificate authorities. They have seen the addition of various enhancements for OpenVPN. Our encryption standards have yet again been increased. And last but not least, we have been able to deploy the necessary elements to propose a beta version of a new VPN protocol we have specifically designed against deep packet inspections.
This massive upgrade means new OpenVPN templates and SSL certificates have been issued. If you are using Safejumper, you should simply restart it and everything will be working flawlessly: you will be automatically updated. If you are not using Safejumper, then you will have to download our new configuration files and certificates at the usual addresses (e.g. proxy.sh/configs).Additional notes* The VPN servers (as well as all other servers part of our network) have been re-configured with new certificate authorities, both public and private. This decision was taken in order to really make sure the Heartbleed bug would not affect your privacy. Security community has not reached consensus about whether private keys remain safe. Most providers in the VPN market do not seem to see the necessity to change private keys. We employ the precautionary principle and we decide to generate new private keys nonetheless.
* Our OpenVPN servers have seen the addition of various tweaks which have been benchmarked for several weeks to provide always better performance and speed, especially on nodes with low bandwidth capacity (e.g. Chile, Isle of Man, etc.). You should now expect better speeds across all our locations and particularly the exotic ones, especially through UDP.
* Speed has always been the element were we cannot legitimately claim supremacy in the market. This is why we have decided to opt for two evolutions that will be implemented within next couple of weeks. On one side, we will develop a smart speed-test center to suggest the better node for you (other than ping) associated with an option to suggest more nodes to be added in that specific location (we shall deliver between 1 and 4 weeks one or more new nodes in that location). On the other side, we will build a new package type that will basically replace our Dedicated package and be priced at a lower rate without setup fee, and which will allow you to have a single session on an awesome network with great bandwidth, in addition to your regular $10 network access with unlimited sessions and up to 3 devices.
* Our encryption standards have yet again been increased and we are now leading the industry with forced data encryption cipher of AES-256-CBC, solid auth protected by SHA512 and strong handshake encryption of RSA-4096. We have now reached a level where data, auth and handshake are all sufficiently encrypted until the advent of practical quantum computing. We are also offering ECC and Serpent as alpha, as we shall keep increasing our encryption standards in future as technology evolves.
* We have designed a new VPN protocol based on both OpenVPN and TOR (obfsproxy) that will allow its users to bypass any deep packet interception. In other words, it will finally allow you to flawlessly bypass any network restriction at local or national level, and truly make your online activities deeply hidden in the web. We will run this new protocol in closed beta for few months and then we will both upgrade our clients as well as provide the protocol to public as open source code for others to use (and eventually help develop).
Conclusion
It has always been our ambition to provide cutting edge VPN services with state-of-the-art security that will at the same time remain cheap, accessible, secure, evolutive and respectful of all your rights. We are fulfilling all these duties. Our prices are cheap. Our software is simple. Our network is secure. Our infrastructures are evolutive. And our operations are fully transparent when it comes to what occurs behind the scenes, with a regularly updated transparency report and a daily generated warrant canary.
We now want to act on the remaining element where we may claim supremecy: speed. Proxy.sh has always been evolving over the past months and will continue to do so in future. You should definitely be happy to stay with us, or keep an eye on us in future if you have not yet joined us or if it has been a long time you haven't tried us out. We will make procurement of new VPN nodes more adapted to customer demand and we will create a special network for a special account type with top-tier speeds.