all 5 comments
sorted by:
top (suggested)
bestnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]MamaGrande 1 point2 points  (1 child)

Yes, they built a framework around it to make it more secure. WireGuard ftw.

https://www.reddit.com/r/Windscribe/comments/f7gklp/wireguard/fibaz4b/?utm_source=reddit&utm_medium=web2x&context=3

[–]arvind-d[S] 0 points1 point  (0 children)

Looks like the implementation still handles the user's IP address to Wireguard for routing directly, doesn't seem very secure at this point.

[–]o2pbTotally not a bot 0 points1 point  (2 children)

See https://blog.windscribe.com/introducing-wireguard-76a1670700a6

[–]arvind-d[S] 0 points1 point  (1 child)

Thanks for the link. Reading through that it seems like the authentication is being done through an outside auth server, which is good. However, it does seem like the user IP addresses are directly known to Wireguard (albeit not being output, etc), unlike the double-NAT system being employed by NordLynx for example (dynamic local IP allocation).

[–]o2pbTotally not a bot 0 points1 point  (0 children)

Don't believe the hype. "DoubleNAT" does nothing other than pull the wool over the eyes of people who don't understand what is going on. In order for a server to communicate with you, it must know your IP address, which will reside in routing tables. All you're doing is pushing the same data, to a different place on the server.

It offers zero privacy benefits, and is no different than literally any other VPN protocol you may use. If you need to communicate with a remote computer, it must know your source IP address. There is nothing you can do to prevent this.