Stay protected online. Use your favorite VPN provider.
Coming soon. Secure your network.
Use any of 26 integrated VPN providers
Control which traffic gets sent over the VPN connections
Know what happens in your network
Stream content from anywhere — everywhere
No more conflicts over bedtimes or dinners
The Vilfo extension makes your life easier
Stay protected while having an optimal gaming experience
Check the roadmap for upcoming improvements
We work hard to make Vilfo the best VPN router ever created. Security and privacy are a huge part of that.
We believe that security audits should be performed by a third-party as it’s impossible to find all issues in-house. We had read some previous articles written by ctrl.blog and appreciated his thorough and critical work and thus decided to send him a prototype.
We don't agree on all his statements and conclusions - but we agree that he found several areas where the security and privacy of Vilfo could be improved. We have already been able to fix most of those areas:
We are working on:
The Ubus API in LEDE is designed in such a way that it requires access to the credentials of a superuser in order to make API requests. Regardless if this password is stored in a database with an encrypted key the password could be decrypted with physical access to the device. We are looking for other solutions, but physical tampering is a concern that applies to all devices and is not exclusive to Vilfo.
During the development process we received a lot of feedback and understood the importance and value of being able to get insights and data to replicate users problems. Eventually, we made the decision that user experience would improve by integrating a robust support system directly into the Vilfo interface to quickly guide users and address any questions or concerns they may have.
On top of integrating Intercom directly into the user interface, we integrated Google Analytics to understand which areas need further development, and to properly understand how Vilfo is used.
Intercom & Google Analytics are used to better know where to focus development, make meaningful improvements, and improve user experience. This is how we have managed to improve the software since November together with our beta testers.
With this said we've tried our best to ensure that what's shared with Analytics is not sensitive or intrusive. Obviously we made a mistake when it comes to the MAC addresses in URLs, which is why we appreciate ctrl.blog found and reported this issue.
We do reckon that not everyone wishes to have Intercom & Google Analytics included, and we now therefore allow users to disable them.
We are very glad about our decision to send a prototype to ctrl.blog, as it resulted in a better and safer product.