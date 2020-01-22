Why 2019 was the year of Linux and open-source software

These five stories show why the future of technology belongs to Linux and open-source software.

ProtonVPN has transferred application code to the open source community in an effort to improve transparency and security standards.

On Tuesday, the virtual private network (VPN) provider, also known for ProtonMail’s secure email service, said code protection ProtonVPN applications on every system – Microsoft Windows, Apple macOS, Android and iOS – are now publicly available for review in what Switzerland-based ProtonVPN calls “natural” progression.

“There is a lack of transparency and accountability about who manages VPN services, their security qualifications, and whether they fully comply with privacy laws such as GDPR,” the company says. “Making all our applications open source is therefore a natural next step.”

Each application has also undergone a security audit by SEC Consult, which ProtonVPN says it builds on an earlier partnership with Mozilla.

In 2018, Mozilla conducted a trial with a small number of US-based Mozilla Firefox browser users to recommend ProtonVPN as a recommended service to protect their privacy and mask online activities.

Although the partnership did not continue – instead, Mozilla has created its own Firefox Private Network – the trial requires ProtonVPN technology to undergo a browser inspection as part of Mozilla’s due diligence requirements.

The Windows Audit Report (.PDF) identified two low-risk vulnerabilities related to jailbreaking and a lack of SSL certificate pinning. The macOS report (.PDF) revealed no bugs at all, while the Android audit (.PDF) detected one vulnerability with an average risk and four vulnerabilities with a low risk, the worst of which was an uncertain log-out problem.

Finally, the iOS report (.PDF) documents two vulnerabilities with an average risk and two vulnerabilities with a low risk. The most serious security issue is the use of hard-coded data and sensitive data in memory.

All vulnerabilities were accepted or resolved at the time of disclosure.

The source code for each app is now available on GitHub (Windows, macOS, Android, iOS).

“As a community-supported organization, we have a responsibility to be as transparent, responsible and accessible as possible,” says ProtonVPN. “By going open source, we can do that and at the same time serve you better.”

