Encrypted, Zero-Logging DNS

We are excited to launch VyprDNS, our encrypted, zero-logging DNS available exclusively with VyprVPN. We developed VyprDNS to increase privacy for VyprVPN users and to defeat censorship across the world.

What is DNS and how does it affect you?

A DNS server translates hostnames (such as www.goldenfrog.com) into a computer readable IP address ( so your computer can communicate with the desired host and connect to the website. Internet users typically rely on their ISP’s DNS servers or a 3rd party DNS. Unfortunately, these 3rd party DNS servers are often configured to block websites, log a complete record of your Internet activity or redirect your requests to pages with ads – even if you use a VPN.
Why use VyprDNS?

Defeats censorship via DNS man-in-middle-attacks or filtering
Superior DNS geolocation
Never redirects your DNS requests to pages with ads

VyprDNS is built into VyprVPN. When you connect to VyprVPN, you are automatically using VyprDNS. No app updates, or action is required to use VyprDNS. Please note, VyprDNS cannot be used separately from VyprVPN.

See how VyprDNS offers superior privacy and freedom »

You can also read our infographic on “The Hidden Dangers of DNS” and how VyprDNS defeats them.

To start using VyprDNS, you must have an active VyprVPN account. VyprDNS is enabled by default in the apps or via manual setup. If you don’t have VyprVPN you can start a 3-day free trial and experience VyprDNS for yourself. Defeat censorship, prevent DNS logging and restore your online freedom today.

This infographic from Golden Frog illustrates the bigger threat to consumers for all kinds of streaming, including Amazon Instant Video, Hulu and Youtube.

As the eSports industry has grown, professional teams compete against one another in organized tournaments. The popularity of games like League of Legends and Call of Duty has spawned competitions with large cash prizes and notoriety. However, as the stakes become higher, players are forced to deal with sophisticated cyber attacks by opponents looking to gain an edge. Most common are DDoS attacks that are intended to disconnect opponents from their game by overloading a targeted IP address with a huge volume of requests (often called botnets). Gamers’ IP addresses are often scraped from unsecure applications like Skype.

VyprVPN encrypts the IP address so it cannot be scraped or identified, protecting Roughnex players from DDoS attacks.

“DDoS attacks have plagued the professional eSports industry for some time,” said Martin Hobert, chief operating officer of Roughnex. “If you are a serious gamer, a personal VPN is a must. Not only does VyprVPN protect our team from these attacks, but its speed and reliability reduce lags and disconnects for a fantastic gaming experience.”

“We’ve experimented with other VPN providers and found that VyprVPN is the easiest to set up and use. Golden Frog has many server locations throughout Europe so our players can find the fastest connection and focus on the task at hand, rather than worry about security or connectivity,” said Hobert.

VyprVPN is an ideal service for serious gamers. Golden Frog owns and manages 100% of its own servers, hardware and global network to ensure the highest levels of speed and service delivery. All VyprVPN members get unlimited bandwidth and connection speeds and are able to switch between VyprVPN servers worldwide without restrictions or download caps at no additional charge. VPN services also help gamers bypass region blocks using a safe and secure virtual tunnel, opening up a new world of online multiplayer options.

“eSports is a great example of the ever-expanding uses for VPNs,” said Sunday Yokubaitis, president, Golden Frog. “From the professional to the amateur, VyprVPN gives gamers an encrypted Internet connection that is secure, private and never throttled. Anyone who wants to dominate Titan Fall or League of Legends should consider VyprVPN.”

Global VPN provider Golden Frog told Al Arabiya News that use of its VyprVPN service continues to rise in the Middle East, adding that it now has users in practically every country in the region.

Online streaming services are getting slower, and major ISP’s are getting more powerful. 2014 has been a controversial year in terms of the architecture of the Internet, and unfortunately it looks like things aren’t going to be getting better any time soon.

One of the most controversial topics this year has been the throttling of streaming services by major ISP’s as they levy for payments from services like Netflix, who produce a high portion of bandwidth on their networks. This process has been brought to the forefront when Netflix and Comcast devised a paid transit agreement in February, which gives Netflix direct access to the Comcast network for an undisclosed sum of money.

The specifics of this deal are shrouded in complexity, however the bottom line seems to be a lose – lose situation for the average Internet user who pays ISPs for bandwidth and streaming services for TV shows, video chat, music, and more. Not only does this deal set a dangerous precedent, but it could pave the way for a compromised version of Net Neutrality in the future. “The Peering Problem” examines, the past, present, and potential future impact deals like the Comcast & Netflix agreement could have on the shape of the Internet.

JohnsTek is a Veteran Owned Small Business (VOSB) initially established in 2003, whose members have held key management positions with successful large projects completed for large U.S. Corporations and U.S. Government technology contracts. JohnsTek has vast experience with public sector industries, including telecommunications, intelligence, defense, and federal and state law enforcement. It offers business intelligence and counter intelligence solutions in the form of compliance audits on US banks, vulnerability assessments of corporate networks and information systems, and protection of corporate intellectual property.

“Many of our clients view and access proprietary and personally identifiable information, highlighting a major security concern when accessing the Internet from their mobile devices,” said Peter Moreno, Director of Commercial Services of JohnsTek. “With VyprVPN, we can now provide an easy way to establish an encrypted connection so that clients can communicate with the confidence that any information they share is secure and private.”

With a global network and points of presence throughout North America, Europe, South America and Oceana, Golden Frog has customers in 195 countries. Unlike most VPN providers, Golden Frog owns and manages 100 percent of its own servers, hardware and global network to ensure the highest levels of speed and service delivery. All VyprVPN users get unlimited bandwidth and connection speeds and are able to switch between VyprVPN servers worldwide without restrictions or download caps at no additional charge.

Last summer, the government demanded that Lavabit, an encrypted email provider, turn over private decryption keys so the government could conduct real-time e-mail monitoring of a specific Lavabit user. All concerned assume that the user in issue was Edward Snowden. Instead of turning over the private SSL keys demanded by the government, Lavabit owner Ladar Levison chose to shut down the company. He did so because the keys would have allowed the government to monitor all of Lavabit’s users, not just Snowden. The district court held Levison in contempt of court for refusing to turn over the keys.

Last week, a federal appeals court upheld the contempt order. The appeals decision was based purely on procedural grounds: Lavabit didn’t properly “preserve” its challenge to the order during the district court proceedings. Because of Lavabit’s procedural mistake, the court unfortunately did not reach the substantive issue whether the federal government overreached its statutory authority when it demanded the private keys for Lavabit customers’ encrypted email.

The substantive debate relates to whether the “technical assistance” required by the United States “pen register” and “trap and trace” statute can be used to require a service provider to hand over encryption keys to US authorities. The information and technical assistance required by the statute is to “install” the device, “unobtrusively” and “without interference.” We believe that nothing in the statute says the provider can be compelled to also turn over private keys that will allow law enforcement to decrypt so it can actually interpret the information.

Both the “pen register” and “trap and trace” laws were written to allow the government to obtain “metadata” for a single, identified user. In Lavabit’s case, however, the private keys exposed the communications for its entire user base – not a single user. Further – even though the order in Lavabit’s case and the statute both expressly limited the information the government was allowed to capture to only “non-content” “metadata” and only for Snowden – if Lavabit had handed over the keys in issue the government would have had free access to all email content, along with usernames, passwords, and other sensitive information for every Lavabit user.

This is an increasingly recurrent theme: the government claims it is not capturing content, and its demands for metadata are specific to discreet individuals, but when the truth comes out it becomes clear they are getting (or want to get) the actual content of private communications sent to and from many innocent and law-abiding citizens who have no involvement whatsoever in anything related to national security. The government then claims they discard all the “unauthorized” information they gather, but it is more likely that they actually “discard” it by sending it to their “recycle bin” in Utah, which they conveniently forget to ever “empty.”

This issue will inevitably arise again in the future, in a case where the substantive dispute is preserved. Meanwhile, we strongly suggest whenever possible you use a service provider that supplies you with your own personally held unique private key that the provider does not itself maintain. That way the service provider cannot be compelled to secretly help to the government unencrypt your personal and private information. If the government wants your property, they will have to come to you and you will be able to challenge the demand.

In the wake of the Heartbleed Bug, many Golden Frog customers have reached out to see if Golden Frog’s services were affected and whether customers need to take any action. First and foremost, rest assured all Golden Frog services are currently safe from the Heartbleed Bug. VyprVPN and the Golden Frog website have not ever used SSL libraries vulnerable to the TLS heartbeat exploit. Dump Truck’s SSL libraries were patched on April 8, 2014, and new SSL keys for the service were generated and deployed successfully. However, due to the nature of the bug, we still recommend all customers change their password, especially if you have used Dump Truck. Change your password »
Are the VyprVPN Apps Vulnerable?

Our apps use OpenSSL 1.0.1e, which is vulnerable to the Heartbleed Bug, for OpenVPN connections. However, even though the apps use a vulnerable version of OpenSSL, customer information is not at risk. To be compromised, the apps would need to connect to servers that send malicious heartbeat packets. Our apps only connect to VyprVPN servers, which do not send malicious packets. Even if the VyprVPN apps were somehow tricked into establishing a connection with a malicious server, the apps do not possess any information they are not already sending to the server. There is nothing a malicious server could gather from the client that it wouldn’t receive anyway.

We will be preparing updated versions of our apps that use non-vulnerable versions of OpenSSL, but at this time, customers are not at risk using the existing versions of the apps.
What is the Heartbleed Bug?

The Heartbleed Bug is a bug in OpenSSL’s implementation of the TLS heartbeat extension. When exploited, it allows an attacker access to the contents of the SSL server and client memory. This memory may include the SSL keys, the content of the data traversing the connection, and usernames and passwords transmitted or stored within the memory of the client and server. Because of the complete compromise of the SSL session and secret key data necessary to keep communications secure, this is considered an extremely critical bug.

We are excited to announce Private Sharing is out of Beta and ready for all Dump Truck users! Use the Dump Truck Web App to access Private Sharing and securely collaborate on files and folders with other Dump Truck users. Invite anyone to access shared folders and assign a permission level, with just their email address. When a privately shared file or folder is changed, added or deleted, the changes synchronize to all users who have joined the share.

Dump Truck Private Sharing Features

Easily invite anyone through the Dump Truck Web App to collaborate on folders
Set permission levels for users on shared folders
Read Only access supported. If you choose this option, users can view files but cannot modify them
Collaborate on files and folders and they update for all users
Move, rename and edit shared files and folders as if they were your own
Access shared files across all Dump Truck desktop, mobile and web applications

*Desktop App version 1.2.2 Update Required to Access Private Sharing

Although you can share folders via Private Sharing only through the Web App, you can access shared folders via the desktop and mobile apps. Privately shared files will be synced to your desktop using the Dump Truck desktop app. We recently updated the Dump Truck Mac and Windows apps to version 1.2.2 to support Private Sharing. Update from within the app by clicking on “Update Available” in the main menu, or you can download the latest version for Mac or Windows.