Hacker News new | past | comments | ask | show | jobs | submit login

Your statement is vacant without an explanation of what kind of logging Wireguard requires. Currently, all it does is attempt to scare the user with the word "rootkit".

FWIW Jason called it A Defensive Rootkit [0].

But the parent post is wrong, the defensive rootkit is not to prevent logging, it's to prevent extracting the configuration from the kernel. It effectively makes the WireGuard configuration write-only from the perspective of userspace. WireGuard does not do any access logging by default as far as I am aware.

[0]: https://lists.zx2c4.com/pipermail/wireguard/2017-November/00...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact