Nord Security (Nord) has released the source code of its Linux NordVPN client and associated networking libraries in the hopes of being more transparent and easing users’ security and privacy concerns.
Yesterday, Nord announced that they were making their NordVPN MeshNet private tunneling feature free for all users who install their software, even if they do not have a paid subscription.
This feature allows users to create private tunnels between other NordVPN users to access the internet through the shared network or access internal devices, such as private game servers.
As part of this announcement, NordVPN released the source code for its Linux applications and two libraries – Libtelio and Libdrop.
“We’re making these products open source as a sign of our commitment to transparency and accountability,” reads Nord’s announcement.
“We want the input and scrutiny of the coding community and to show you that we have confidence in our own software.”
All three projects are now on Nord Security’s GitHub page, with full instructions on compiling the NordVPN Linux and libraries.
The LibDrop library is part of Nord’s MeshNet feature, allowing users to send and receive files over the private tunnel.
The other library is the LibTelio networking library, which Nord says is heavily used across all NordVPN applications on all operating systems, is responsible for creating encrypted networks over the MeshNet feature.
“Open sourcing Libtelio is a particularly important step because this code forms the backbone of all our NordVPN applications, not just our Linux client,” explains Nord.
“Putting this material into the hands of the Linux community — one of the strongest open source communities currently active — encourages talented coders and developers to scrutinize our code and make our service better.”
Finally, the complete source code for the NordVPN Linux application can be downloaded and compiled, with the company encouraging users to modify it to fit their own needs.
Nord Security encourages users to scrutinize the source and report any bugs that may be found.
Security vulnerabilities in the Linux client can be reported to Nord Security’s HackerOne bug bounty program, with bugs rated as critical receiving bounties ranging from $10,000 to $50,000.
Source: www.bleepingcomputer.com