
Ask HN: Feedback and beta test our new type of VPN service - Oeck
https://www.oeck.com/features/
======
Oeck
Hi everyone,

We are in need of beta testers for our VPN apps and service. We have a few
beta testers, but we are in need of many more.

The VPN provides new features that are unique to Oeck. We also offer high
levels of security. Any and all help would be very much appreciated.

The service is completely free for the duration of beta, so please feel free
to use the service for as long as you like.

Regards, Peter @ Oeck.

~~~
smt88
Why should we trust you with our internet traffic logs?

In my opinion, the answer is much more important than any one feature.

~~~
jamesponddotco
To add to this, three more pieces of feedback:

1\. Where is the company incorporated? This is a critical piece of information
when choosing a VPN provider, and I cannot find it anywhere on your website.
It should be front, and centre.

In Germany the law says you need an "Impressum" page added to your website,
with your company information on it. While I do not live in Germany, I made a
point of adding that page to every website I put online[1].

2\. The website does not work with JS disabled. If you tell me you sell
security, or privacy, and your website does not work with JS disabled, I will
likely walk away.

3\. In general, I tend to trust a company more if they open source their code,
and if they run their business in the open. Mullvad[2], and Confirmed VPN[3]
come to mind.

I would also recommend that you read, and try to meet the criteria set by the
PrivacyTools folks[4], as a lot of your target audience will come from them,
and trust their choices.

EDIT: Found the incorporation information in the FAQ after navigating a
bit[5]. That is on me, my sincere apologies.

[1] [https://i.cpimg.sh/jEtNeUSR4TEd.png](https://i.cpimg.sh/jEtNeUSR4TEd.png)

[2] [https://mullvad.net/](https://mullvad.net/)

[3] [https://confirmedvpn.com/](https://confirmedvpn.com/)

[4]
[https://www.privacytools.io/providers/vpn/#criteria](https://www.privacytools.io/providers/vpn/#criteria)

[5]
[https://www.oeck.com/faq/privacy_and_security/](https://www.oeck.com/faq/privacy_and_security/)

~~~
Oeck
Hi jamesponddotco,

Thank you very much for taking a look! Although you have found information in
your edit, I will reply so that other users viewing the thread have an easier
time reading it.

1) The company is incorporated in Hong Kong. Although we are Australian, the
privacy laws in Australia suck. We wanted to keep our customers safe, so that
is what ultimately lead to the decision. You can find this information at
[https://www.oeck.com/faq/](https://www.oeck.com/faq/) and more specifically
at
[https://www.oeck.com/faq/privacy_and_security/](https://www.oeck.com/faq/privacy_and_security/)

2) The website is built on top of Xenforo (
[https://xenforo.com](https://xenforo.com) ). Our navigation, .ovpn builder,
alerts and other features rely on JS in order to function properly.

3) I answered this in the post above, but here is the copy/paste.

Open Source apps - Due to the way our VPN works, we found the best solution
for us was to use the libvpn libraries. They can be found at
[http://libvpn.com/](http://libvpn.com/)

These libraries, unfortunately, are not open source. However, they are very
powerful and the code is of good quality. Due to this, we are unable to make
our apps completely open source.

Again, open sourcing the apps, although it looks good, ultimately doesn't mean
anything. Any malicious activity can be done in the back-end. The apps source
code may show up fine, but the back-end of the service can do whatever the
owners want.

That's not to say open sourcing them isn't a good thing, it is just that aside
from the fact that we can't do so, ultimately it means little if the service
provider wanted to screw its customers.

Thank you for the Impressum idea. We will add that soon. It is a good idea and
easily implemented.

Regards, Peter @ Oeck.

~~~
jamesponddotco
> Our navigation, .ovpn builder, alerts and other features rely on JS in order
> to function properly.

At the end of the day, that does not matter for the customer. If they have JS
disabled, and you force them to enable it, you lost a customer.

As customers, we are expected to have JS enabled for signing up, and logging
in, but a marketing website should not require it.

> Again, open sourcing the apps, although it looks good, ultimately doesn't
> mean anything. Any malicious activity can be done in the back-end.

Sure, I agree with that.

However, notice that I said "if they open source their code, and if they run
their business in the open". There is a lot that you can open source, but more
importantly, you can operate your business in an open, and transparent way.

Take Confirmed VPN[1] as an example. They allow you to request a read-only
account to audit their infraestructure, and AWS account, to make sure they do
what they say they do.

Or SourceHut[2], which make most of their business decisions in the open, for
anyone to see.

Opening your code is not the only way to have an open business.

[1]
[https://openlyoperated.org/report/confirmedvpn](https://openlyoperated.org/report/confirmedvpn)

[2] [https://sr.ht/~sircmpwn/sourcehut/](https://sr.ht/~sircmpwn/sourcehut/)

~~~
Oeck
Hi jamesponddotco,

Thanks for taking the time with this.

Unfortunately there is not much we can do about the JS. We can put up static
pages for marketing, but ultimately the website is there for the user to
control various things to do with their account. It also allows guests to
perform various tasks.

As far as your other point about the business itself being open, we are trying
to run it in that exact manner. Regarding the audit, I replied to another user
(
[https://news.ycombinator.com/item?id=23666681](https://news.ycombinator.com/item?id=23666681)
). However, if you have an idea on _how_ we can run the business more open, I
am happy to take it on board. We keep users in the loop, took time with our
terms of service and privacy policy, as well as provided a bunch of
information in the FAQ.

Regards, Peter @ Oeck.

