[jamesponddotco]

To add to this, three more pieces of feedback:

1. Where is the company incorporated? This is a critical piece of information when choosing a VPN provider, and I cannot find it anywhere on your website. It should be front, and centre.

In Germany the law says you need an "Impressum" page added to your website, with your company information on it. While I do not live in Germany, I made a point of adding that page to every website I put online[1].

2. The website does not work with JS disabled. If you tell me you sell security, or privacy, and your website does not work with JS disabled, I will likely walk away.

3. In general, I tend to trust a company more if they open source their code, and if they run their business in the open. Mullvad[2], and Confirmed VPN[3] come to mind.

I would also recommend that you read, and try to meet the criteria set by the PrivacyTools folks[4], as a lot of your target audience will come from them, and trust their choices.

EDIT: Found the incorporation information in the FAQ after navigating a bit[5]. That is on me, my sincere apologies.

[1] https://i.cpimg.sh/jEtNeUSR4TEd.png

[2] https://mullvad.net/

[3] https://confirmedvpn.com/

[4] https://www.privacytools.io/providers/vpn/#criteria

[5] https://www.oeck.com/faq/privacy_and_security/

[Oeck]

Hi jamesponddotco,

Thank you very much for taking a look! Although you have found information in your edit, I will reply so that other users viewing the thread have an easier time reading it.

1) The company is incorporated in Hong Kong. Although we are Australian, the privacy laws in Australia suck. We wanted to keep our customers safe, so that is what ultimately lead to the decision. You can find this information at https://www.oeck.com/faq/ and more specifically at https://www.oeck.com/faq/privacy_and_security/

2) The website is built on top of Xenforo ( https://xenforo.com ). Our navigation, .ovpn builder, alerts and other features rely on JS in order to function properly.

3) I answered this in the post above, but here is the copy/paste.

Open Source apps - Due to the way our VPN works, we found the best solution for us was to use the libvpn libraries. They can be found at http://libvpn.com/

These libraries, unfortunately, are not open source. However, they are very powerful and the code is of good quality. Due to this, we are unable to make our apps completely open source.

Again, open sourcing the apps, although it looks good, ultimately doesn't mean anything. Any malicious activity can be done in the back-end. The apps source code may show up fine, but the back-end of the service can do whatever the owners want.

That's not to say open sourcing them isn't a good thing, it is just that aside from the fact that we can't do so, ultimately it means little if the service provider wanted to screw its customers.

Thank you for the Impressum idea. We will add that soon. It is a good idea and easily implemented.

Regards, Peter @ Oeck.

[jamesponddotco]

> Our navigation, .ovpn builder, alerts and other features rely on JS in order to function properly.

At the end of the day, that does not matter for the customer. If they have JS disabled, and you force them to enable it, you lost a customer.

As customers, we are expected to have JS enabled for signing up, and logging in, but a marketing website should not require it.

> Again, open sourcing the apps, although it looks good, ultimately doesn't mean anything. Any malicious activity can be done in the back-end.

Sure, I agree with that.

However, notice that I said "if they open source their code, and if they run their business in the open". There is a lot that you can open source, but more importantly, you can operate your business in an open, and transparent way.

Take Confirmed VPN[1] as an example. They allow you to request a read-only account to audit their infraestructure, and AWS account, to make sure they do what they say they do.

Or SourceHut[2], which make most of their business decisions in the open, for anyone to see.

Opening your code is not the only way to have an open business.

[1] https://openlyoperated.org/report/confirmedvpn

[2] https://sr.ht/~sircmpwn/sourcehut/

[Oeck]

Hi jamesponddotco,

Thanks for taking the time with this.

Unfortunately there is not much we can do about the JS. We can put up static pages for marketing, but ultimately the website is there for the user to control various things to do with their account. It also allows guests to perform various tasks.

As far as your other point about the business itself being open, we are trying to run it in that exact manner. Regarding the audit, I replied to another user ( https://news.ycombinator.com/item?id=23666681 ). However, if you have an idea on how we can run the business more open, I am happy to take it on board. We keep users in the loop, took time with our terms of service and privacy policy, as well as provided a bunch of information in the FAQ.

Regards, Peter @ Oeck.