Privacy
nthLink operates under the philosophy that values the privacy, security, and safety of the users above other interests. Whenever there is a compromise, the decision is always made adhering to this principle. While the industry trends toward profiting from data, we remain steadfast in capturing and keeping the minimum. Our philosophy is reflected in the below practices.
- nthLink client apps do not store sensitive or personal information on user devices.
- We never ask users to register or provide any personal information.
- User information is never transmitted to nthLink servers.
- nthLink servers never log traffic patterns (sites visited, contents viewed, information exchanged, etc).
- The only data we keep is for the purpose of ensuring reliable service and providing transparency to our partners and sponsors. The client IP addresses are hashed in the server security logs to identify only the country where the traffic is originated.
- The only device data we capture is the type/operating system (e.g. Android, iOS, Windows, or MacOS).
All these policies are implemented to ensure that if hackers, government or otherwise, ever manage to gain access to our system, they will not have any data that is of value to them. They will not be able to intrude the privacy of our users.
IF WE DO NOT HAVE IT, NO ONE CAN STEAL IT.
Security
nthLink utilizes the strongest industrially available encryption to keep user communications private and prevents censors from performing content/packet inspection.
Encryption Standards - nthLink encrypts communications between your device and the nthLink Server using the AEAD 256-bit Chacha2020 IETF Poly 1305 cipher. AEAD ciphers offer confidentiality, integrity, and authenticity, and exhibits excellent performance on modern hardware.
Security Audits - Two security audits were conducted on nthLink in 2019 and 2020 by
Cure53, an independent digital security organization that review software against the latest security standards.
Excerpts from the audit reports:
“For this assessment, it needs to be noted that a rather strong attacker model was assumed for this project.”
“Carried out in late October and early November 2020, this project focused on the nthLink VPN App for Android, iOS, and in addition for Windows, and their respective security and privacy posture for end-users.”
“Cure53 has completed the fix verification following the penetration test and source code audit in late November 2020. The Cure53 team managed to verify all fixes that have been made available by the nthLink team. This means that all relevant and in-scope findings that Cure53 identified in the NTH-02 penetration test and source code audit are now successfully fixed and the fixes successfully addressed the reported vulnerabilities.”
You can download the security audit reports below.
2020 nthLink Security Audit (Performed by Cure53)
2019 nthLink Security Audit (Performed by Cure53)
Third-Party Codes - nthLink uses third-part libraries.
- Jigsaw's Outline client
- CocoaLumberjack
- badvpn
- c-ares
- libev-mingw
- libev
- mbedtls
- newtonsoft
- outline-go-tun2socks
- pcre
- sentry-android
- sentry-cocoa
- shadowsocks-libev
- sodium
- tap-windows6
Transparency
Government Requests for User Data - nthLink complies with government request for data only when compelled by an order of an U.S. court in accordance with applicable law and our terms of service. We carefully review each request received for legal sufficiency and we may reject or require greater specificity on requests that appear overly broad or vague. nthLink does not recognize any request by foreign government. We will publish relevant information annually, subject to certain limitations.
As of now, nthLink has not received any government request for user data.
Usage Restrictions - nthLink prohibit users from distributing or downloading copyright infringed materials, child pornography, or other illegal contents in accordance to US laws through the nthLink network. nthLink may receive complaints from content owners, law enforcement agencies, or other sources, and we may block connections to/from certain IP addresses that are involved in the such illegal activities.
Open Source
nthLink is committed to the open source principle and will make the nthLink codebase available to the members of the Human Rights and Internet Freedom communities through trusted channels and to the general public. The nthLink client is released under the “3-Clause BSD License” (a.k.a. New BSD License). License terms of the “3-Clause BSD License” can be found on
https://opensource.org/licenses/BSD-3-Clause. Please contact the
nthLink support team to request access to the nthLink source code.