Our thanks to BlackVPN for posting the following information on Reddit, which we simply reproduce here.
We will note however that BestVPN asked VPN providers ‘How are VPN providers handling the Heartbleed crisis?’ long before TorrentFreak published a similar (and now more up to date) article.
TorrentFreak recently asked VPN providers how they responded to the Heartbleed crisis – however the real question should be: How soon did you generate new private keys and release updated VPN configs?
VPN services that updated configs + keys (sorted by date these were available):
- VIKINGVPN: UPDATED 08 April 2014
- LIQUIDVPN: UPDATED 08 April 2014
- MULLVAD: UPDATED 09 April 2014
- TORGUARD UPDATED 09 April 2014
- VPN.AC: UPDATED 09 April 2014
- ANONYMIZER: UPDATED 10 April 2014
- PROXY.SH: UPDATED 11 April 2014
- AIRVPN: UPDATED 13 April 2014
- NORDVPN: UPDATED 16 April 2014
- BLACKVPN: UPDATED 17 April 2014
- IPREDATOR: UPDATED 19 April 2014
- IVPN: UPDATED 29 April 2014
- OCTANEVPN: UPDATED 05 May 2014
VPN services that plan to update their configs + keys soon:
- BOLEHVPN: “…which we hope to release in a month or so and are considering a complete reissue of all keys when this is released.”
- SLICKVPN: “we’re still planning to re-issue keys with the next client version, which should be updated by this weekend.”
- CRYPTOSTORM: cryptostorm’s Post-Heartbleed Certificate Upgrade Trajector
VPN services that DO NOT plan to update their configs + keys:
- PRIVATE INTERNET ACCESS: V.36 Change Log – however OpenVPN configuration files have not changed and still have the same checksum
Note: We apologize for BestVPN mangling some of the above links. Our technical expert is on holiday at the moment, and will hopefully fix the issue when he returns. In the meantime, affected URLs can be edited manually.