Skip to content

Latest commit

 

History

History
46 lines (27 loc) · 5.1 KB

faq.md

File metadata and controls

46 lines (27 loc) · 5.1 KB

FAQ

Has Algo been audited?

No. This project is under active development. We're happy to accept and fix issues as they are identified. Use Algo at your own risk. If you find a security issue of any severity, please contact us on Slack.

Why aren't you using Tor?

The goal of this project is not to provide anonymity, but to ensure confidentiality of network traffic. Tor introduces new risks that are unsuitable for Algo's intended users. Namely, with Algo, users are in control over the gateway routing their traffic. With Tor, users are at the mercy of actively malicious exit nodes.

Why aren't you using Racoon, LibreSwan, or OpenSwan?

Racoon does not support IKEv2. Racoon2 supports IKEv2 but is not actively maintained. When we looked, the documentation for strongSwan was better than the corresponding documentation for LibreSwan or OpenSwan. strongSwan also has the benefit of a from-scratch rewrite to support IKEv2. I consider such rewrites a positive step when supporting a major new protocol version.

Why aren't you using a memory-safe or verified IKE daemon?

I would, but I don't know of any suitable ones. If you're in the position to fund the development of such a project, contact us. We would be interested in leading such an effort. At the very least, I plan to make modifications to strongSwan and the environment it's deployed in that prevent or significantly complicate exploitation of any latent issues.

Why aren't you using OpenVPN?

OpenVPN does not have out-of-the-box client support on any major desktop or mobile operating system. This introduces user experience issues and requires the user to update and maintain the software themselves. OpenVPN depends on the security of TLS, both the protocol and its implementations, and we simply trust the server less due to past security incidents.

Why aren't you using Alpine Linux, OpenBSD, or HardenedBSD?

Alpine Linux is not supported out-of-the-box by any major cloud provider. We are interested in supporting Free-, Open-, and HardenedBSD. Follow along or contribute to our BSD support in this issue.

I deployed an Algo server. Can you update it with new features?

No. By design, the Algo development team has no access to any Algo server that our users haved deployed. We cannot modify the configuration, update the software, or sniff the traffic that goes through your personal Algo VPN server. This prevents scenarios where we are legally compelled or hacked to push down backdoored updates that surveil our users.

As a result, once your Algo server has been deployed, it is yours to maintain. If you want to take advantage of new features available in the current release of Algo, then you have two options. You can use the SSH administrative interface to make the changes you want on your own or you can shut down the server and deploy a new one (recommended).

In the future, we will make it easier for users who want to update their own servers by providing official releases of Algo. Each official release will summarize the changes from the last release to make it easier to follow along with them.

Where did the name "Algo" come from?

Algo is short for "Al Gore", the Vice President of Networks everywhere for inventing the Internet.