Privacy
nthLink client apps do not store sensitive or personal information on user devices. User information is never transmitted to nthLink servers, and nthLink servers never log traffic patterns that can be used to track personally identifiable information. The client IP addresses are hashed in the server security logs to identify only the country where the traffic is originated. The key is to maintain minimal user and traffic data, necessary to ensure reliable service to the users and provide transparency to partners and sponsors. If we do not have it, no one can steal it.
Security
nthLink utilizes the strongest industrially available encryption to keep user communications private and prevents censors from performing content/packet inspection.
Encryption Standards - nthLink encrypts communications between your device and the nthLink Server using the AEAD 256-bit Chacha2020 IETF Poly 1305 cipher. AEAD ciphers offer confidentiality, integrity, and authenticity, and exhibits excellent performance on modern hardware.
Security Audits - Two security audits were conducted on nthLink in 2019 and 2020 by
Cure53, an independent digital security organization that review software against the latest security standards.
Excerpts from the audit reports:
“For this assessment, it needs to be noted that a rather strong attacker model was assumed for this project.”
“Carried out in late October and early November 2020, this project focused on the nthLink VPN App for Android, iOS, and in addition for Windows, and their respective security and privacy posture for end-users.”
“Cure53 has completed the fix verification following the penetration test and source code audit in late November 2020. The Cure53 team managed to verify all fixes that have been made available by the nthLink team. This means that all relevant and in-scope findings that Cure53 identified in the NTH-02 penetration test and source code audit are now successfully fixed and the fixes successfully addressed the reported vulnerabilities.”
You may request the audit reports as well as threat models by contacting the
nthLink support team.
Third-Party Codes - nthLink uses third-part libraries.
- Jigsaw's Outline client
- CocoaLumberjack
- badvpn
- c-ares
- libev-mingw
- libev
- mbedtls
- newtonsoft
- outline-go-tun2socks
- pcre
- sentry-android
- sentry-cocoa
- shadowsocks-libev
- sodium
- tap-windows6
Transparency
Government Requests for User Data - nthLink complies with government request for data only when compelled by an order of an U.S. court in accordance with applicable law and our terms of service. We carefully review each request received for legal sufficiency and we may reject or require greater specificity on requests that appear overly broad or vague. nthLink does not recognize any request by foreign government. We will publish relevant information annually, subject to certain limitations.
As of now, nthLink has not received any government request for user data.
Usage Restrictions - nthLink prohibit users from distributing or downloading copyright infringed materials, child pornography, or other illegal contents in accordance to US laws through the nthLink network. nthLink may receive complaints from content owners, law enforcement agencies, or other sources, and we may block connections to/from certain IP addresses that are involved in the such illegal activities.
Open Source
nthLink is committed to the open source principle and will make the nthLink codebase available to the members of the Human Rights and Internet Freedom communities through trusted channels and to the general public. The nthLink client is released under the “3-Clause BSD License” (a.k.a. New BSD License). License terms of the “3-Clause BSD License” can be found on
https://opensource.org/licenses/BSD-3-Clause. Please contact the
nthLink support team to request access to the nthLink source code.