Employee Handbook
Employee Handbook
Welcome to Windscribe
About Us
Appendix A - Glossary of Terms
WELCOME TO WINDSCRIBE
Welcome to Windscribe
So you’ve decided to work at Windscribe, or want to learn what we’re all about, and how we do things. Either way, this document will help answer any questions you may have about who we are as a company, how we do things, why we do them, what would be expected of you and how to succeed.

About Us

What is Windscribe?

Windscribe the company is a privacy and security software development firm based out of Toronto. Windscribe the software is a set of tools used to help anyone on the planet circumvent censorship, unlock and unblock restricted content and enhance their online privacy - all available for free!

Why Does Windscribe Exist?

Windscribe was started in April of 2016 after seeing so many low quality privacy options on the market. Everywhere we looked we saw slow, buggy and user-unfriendly VPN services - they had terrible customer service, and espoused a lot of mis-truths and snakeoil. In short, it was (and still is) a toxic industry, and we knew we could build something better, faster and stronger. That’s why we constantly strive to make our product better, to safeguard the privacy and security of everyone that uses our product, no matter where they are, no matter what they can afford. Privacy and security for anyone that needs it, no questions asked.

How Does Windscribe Make Money?

Windscribe operates under a freemium model, meaning that our base product is free but with some limitations (less servers to choose from and fewer features). Users wishing to get full access to our servers and features purchase our paid plans and get access to over 100 server locations around the world, R.O.B.E.R.T., port forwarding, and the ability to fully customize their online experience.

The Windscribe Corporate Philosophy

  1. Create and release the best possible products that are reliable and easy to use
  2. Do not lie, cheat, or make false promises
  3. Provide our products and services for free to those that need it most and have the least
  4. Offer fair prices to everyone else
  5. After keeping users safe and protecting their privacy, make them laugh

Don’t Forget the Memes

There are only three things anyone should take seriously in life: their business, their relationships and their health. Apart from that, laugh as much as you can, and make others laugh as much as they can. We take our business very seriously, on all levels - technical especially - but we have the ability to have a lot of fun in the process. Our customer communications are very informal, because we treat our customers like our friends. We want them to have the best possible experience and to get the best possible value from our products - all while laughing their butts off. Life isn’t always fun, it isn’t always happy, but we will be damned if we don’t crack a joke or five in the face of it all.

Social Presence

Even though we help users block social networks to minimize tracking, we still maintain a presence on most social platforms.

Products and Services

Desktop Applications

Our desktop applications on Windows, Mac and Linux are the most common way to use Windscribe. Our desktop VPN apps are jam packed with features (but sadly no jam), which includes support for:

Mobile Applications

Windscribe is one of the highest rated VPN applications on Android and iOS. The mobile app supports up to 5 different protocols as well as split routing and custom config support. Like our desktop app, Windscribe's mobile app works in all countries and provides you with a high level of protection while you are on the go.

Browser Extensions

Windscribe’s browser extension is available for Chrome, Firefox, Edge and Opera. The extension offers a multitude of additional features that complement the Windscribe PC/Mac/Linux desktop apps. These features include:

  • Client side ad-blocking
  • GPS location spoofing
  • Timezone spoofing
  • User Agent spoofing
  • WebRTC blocking

The extension can also be used on its own, and provides basic proxy capabilities within the browser it's installed on.

R.O.B.E.R.T.

R.O.B.E.R.T. is an acronym, the meaning of which was lost long ago, due to aging brains and trying to keep our memories free to remember our mothers’ birthdays. R.O.B.E.R.T. is one of the most important Windscribe features as it allows our users to manage which domains get resolved and which do not. The most practical application for R.O.B.E.R.T. is the ability to block ads by preventing “bad”/blocked domains from resolving at the DNS layer, meaning that they are blocked before even reaching a user’s device. Users can choose from 7 different block lists, or create their own custom block lists and/or allow lists to optimize their browsing experience.

Port Forwarding

Port forwarding allows Windscribe users to operate a variety of different servers on their machine(s). These include (but aren’t limited to): operating a web server; accessing a PLEX server remotely; improving torrent seeding speeds, and more! We also offer ephemeral port forwarding to all of our Pro users for up to 1 week at a time, or a permanent port forwarding solution with the purchase of a static IP.

Geo-restriction Unblocking

Unfortunately, internet access is no longer "global", as many governments, sites and internet providers block access to content for many people residing in the "wrong" countries. Though this occurs for different reasons and affects users differently, access to streaming and news content is frequently restricted for many global citizens. Windscribe laughs in the face of such restrictions, allowing our users to stream and access content to over 200 different streaming services, and hundreds of social and news platforms, in over 40 countries. We accomplish this by using a mixture of bespoke and 3rd party unblocking solutions.

Static IPs

When you connect to a Windscribe location, you are assigned a random IP address almost every time you join. This is very useful for maintaining privacy but is less than ideal for certain use cases like port forwarding, or running a web server. Much like the name suggests, Static IPs don’t change, users will always get the exact same IP every time they connect.

In most cases, each time you connect to a Windscribe server location, you will be assigned a random IP address. This is very useful for maintaining privacy, but it is less than ideal if you require a single IP address. Certain use cases, like port forwarding, or running a web server require a Static IP. Like the name suggests, Static IPs don't change, so users will always get the exact same IP every time they connect to Windscribe.

ScribeForce (Team Accounts)

People frequently tell us “Windscribe is so great, we want to force our family/employees to use it.” Since this is the only good use of force we can think of (well this, and the Star Wars definition of the word), we built ScribeForce! Now our users can purchase multiple accounts (or seats) and assign them to different people or team members in their organization, so that everyone can have a Windscribe account! ScribeForce provides a simplified billing flow as well as a streamlined team management solution from a singular interface. It’s literally never been easier to force people to protect their privacy!

Whitelabel API

These days everyone and their grandma wants to add VPN functionality to their products, but nobody wants to maintain hundreds or thousands of globally distributed servers. We don't blame them, either. It's a lot of work. The Windscribe whitelabel API allows companies to create VPN services of their own while using Windscribe’s infrastructure. They get to build their own custom VPN business with none of the hassle, and we get a piece of the pie! You know what they call that in hoity toity business circles? Genius. They call it genius. Just trust us, we are humble geniuses.

The Humans

It would be very difficult to operate Windscribe, or any other service for that matter, without humans. We love our humans, as they fulfill a wide range of roles that together help us deliver the service our customers use and love.

Systems and Networking

Windscribe is first and foremost a privacy company (hopefully you figured this out by now). For this reason we refuse to use public clouds for our critical infrastructure. In fact, the vast majority of our infrastructure is self managed on bare-metal servers in over 62 countries. The Systems and Networking team is a vital part of our company as they are in charge of designing and maintaining the secure environment that runs Windscribe and all of its components. We thank them for their service by paying them money and patting them on the back in a congratulatory, yet gentle and platonic manner.

Backend Team

The Backend Team is another vital part of Windscribe. As their name suggests, the Backend Team is responsible for building and maintaining everything users don't see when they use our application. Additionally, and again as their name suggests, they are responsible for protecting our own back ends. They are the savants responsible for the development of APIs as well as dozens of complex micro-services that keep Windscribe working properly. We also compensate them for their hard work with money and the aforementioned firm, congratulatory, yet delicately innocent pats on their backs. Not their back-ends. Just making that abundandly clear.

Systems Team

The Systems Team is a crucial, some may even say... drum roll please... vital, piece of the Windscribe pie. This team is in charge of creating and maintaining the complex web-like server infrastructure that our users rely on to keep themselves safe online. Comprised of geniuses so genius, that we can barely maintain eye-contact with them lest their genius gazes burn a hole in our retinas. Yet despite the level of geniosity, which isn't technically a word (but the person writing this went blind from staring at them for too long), they remain humble and hard working in the face of their gargantuan tasks. For all of their work, and for not blinding us all, we provide them with Compaq boxes full of money, and a complex pattern of meticulously placed back pattings.

Web Team

The Web Team is yet another vital part of Windscribe. Composed of both designers and developers, this team is in charge of maintaining user facing websites and the Windscribe extension, making them beautiful, fun to use and easy to interact with. They are the cherry on top of a delicious Windscribe ice cream sundae made of teamwork, hard work and innovation. By the way, did you notice how you suddenly want an ice cream sundae? Good, you’re paying attention, and attention is something we love. But you can’t pay a frontend team with attention, you pay them with - you guessed it - money and respectful, well placed pats on the back for their constant hard work.

Design Team

The Design Team is a force to be reckoned with. They work tirelessly to ensure the Windscribe and Control D applications, our websites and all of our content, look as sexy as possible. They balance their design and UX/UI skills with charm and stoic, battle hardened, outlooks that allow them to accomplish an incredible amount of work while making it look easy to the rest of us. We reward them handsomely with Adobe Cloud memberships, sweet sweet cash money, and well manicured pats on the back and sometimes even forearms, if the change in patting-locations is warranted. We once gave them high-fives, but they remarked that high-fives weren't aesthetic enough for their liking.

Applications Team

The Applications Team is also a vital part of our company. We know that the use of the word "vital" sounds repetitive by this point, but repetition is the key to understanding how much vitality exists at Windscribe. This team is also very special to us as it contains the geniuses that help ensure that our app works on all key platforms. There is the Desktop faction that focuses on developing and maintaining Windscribe for Windows, MacOS and Linux. Then there’s the Mobile faction that makes sure our Android, iOS and TV users are taken care of. Together they make it possible to use Windscribe on most electronic devices. And for their hard work and sacrifice, we also give them cash in the form of direct deposits and more encouraging congratulatory back pattings.

Support Team

The Support Team are the essential frontline workers at Windscribe. They are in charge of helping our users solve issues while simultaneously ensuring our quality assurance process is at its highest standard. They help point out bugs, they help people solve problems, they gracefully deal with the kindest users and fairly deal with the rudest ones, they save children from burning buildings (okay, maybe they don’t actively save kids, but maybe one of them has and hasn’t told us because they are modest). And for all this hard work they ask for nothing in return... except a salary which we gladly pay them in their local currency on a bi-weekly basis. We provide them with hearty and genial back pats as well, as they do a phenomenal job taking care of our users and providing us with the feedback necessary to ensure our apps continue to work perfectly.

QA Team

The QA team are key players at Windscribe. They are the brilliant super-sleuths in charge of finding and documenting bugs. They test our products to ensure that everything meets and exceeds expectations. They also interface between various teams to make sure the Windscribe and Control D apps are functioning properly. Without the QA team our software wouldn’t work nearly as well, which could cause our users and developers to weep, which could cause their tears to fall onto their devices resulting in potential short circuits and fires. So really, they are saving your lives and ours. Do they deserve pats on the back? You bet your sweet Pokemon card collection they do. Do they get paid for their services? You bet your sweet Pog collection they do.

Growth Team

The Growth Team focuses primarily on content creation, public relations and interfacing with our user base as well as potential future customers. This team is essential in creating and disseminating Windscribe’s core message to the world at large in the most innovative and least lame/scummy ways possible. Their primary objective is to devise ways to increase visibility of Windscribe’s content and products with the aim of onboarding new users and new hires. You can find this team writing blog content, creating memes, writing hilarious emails for millions of users, talking to journalists, making insane animations, taking care of our community - the list is too long to type. In exchange for their gargantuan amounts of work, we shower them with paychecks, promises that we will never release fellow-kids’ish corporate marketing babble, and reassuring pats on their shoulders and upper deltoids.

Operations Team

This team consists of a combination of business, organization, planning and human resources. You may notice them caring for our humans, you may notice them working on business plans to expand Windscribe and Control D into different global markets, you may notice them making our office space more awesome, you may notice them eating snacks from our unlimited snack counter, or you may not notice them at all - though this is highly unlikely because that form of advanced cloaking technology doesn’t exist yet. This team does whatever it can to ensure that as our company continues to grow and the vision scales with it. For this hard work they are congratulated with the praise and adulation that only paychecks and hearty felicitations can provide, forgoing back pats for aggressive yet sanitized handshakes, which, we quote, “makes them feel strong, like bull.”

Leadership

The leadership team comes from a strong technical background and actively participates in infrastructure and product development across every aspect of the process.

Yegor Sak Founder/”CEO”

Occasionally has good ideas and presses the payroll button. Talk to this guy about any aspect of Windscribe or Control D. No matter what the question is, he will probably give you an answer. If not, he will gently point you at the person who will.

Alex Paguis Founder/”CTO”

Do you like computers? Good, so does he. Alex oversees and actively contributes to most of the APIs, micro-services and applications we use to power and maintain Windscribe and Control D.

Mark Ulicki Founder/CIO

If it involves packets, you’ve come to the right place. We don’t use public clouds, so Mark oversees our “cloud” and the vast network of bare metal servers it is composed of. Talk to him about any aspects related to infrastructure, access to resources and the networking layer of Windscribe in general.

Aly Vellani Chief of Staff

Are you human? Good, so is Aly. Talk to him about anything related to policies (or lack thereof), tools or things you need, office provisions, forms, marketing, encouragement, and any other non-technical aspects of Windscribe. If you have a question that you are too scared to ask, or don’t know who to ask, ask him.

Tools of the Trade

Hardware

WWhen you start at Windscribe, you’re going to need a computer. We mostly offer 2 choices of hardware:
  • Macbook Pro
  • Lenovo Thinkpad

Let us know the exact specs you want, and we’ll get you a machine that best suits your needs. Some staff members may have unique requirements, in which case we are glad to provide those as well.

HR/Payroll

We use Humi HR to manage payroll, time off requests, benefit enrollment, performance reviews and everything related to human resources. You will also receive your T4 tax information through the Humi portal.

Access

While physically at the office, you’re not going to need anything to access the internal infrastructure. When you’re working remotely, you will need… drumroll please… a VPN. Unlike the VPN service offered by Windscribe, this VPN will allow you to securely access our internal infrastructure as if you’re at the office. We will supply you with office VPN credentials before your first day working with us.

Communication

  • Slack - used for day to day communications.
  • Email - secondary communication channel for more “official” conversations.
  • Calendar - helps to stay on top of various meetings and events.
  • Jitsi - it’s like Zoom, except without the spying!

Development

  • Gitlab - source control and project planning
  • IDE - use whatever IDE you’re most familiar with. We like VS Code and Jetbrains products.
  • Hypervisor - If your task requires you to run VMs, we can get you a vmWare Workstation license, or you’re welcome to use the open source Virtual Box.
  • Zeplin - all visual assets are available in Zeplin.
  • Nexus - artifact store used for all built binaries and assets

Tools and Languages

Backend infrastructure

  • Golang
  • PHP
  • Rust
  • Bash
  • Python
  • C
  • MySQL
  • Redis
  • Memcache
  • Hashicorp products

Frontend

  • React
  • Vanilla HTML/JS

VPN clients

  • C++
  • Qt
  • Swift
  • Java
  • Kotlin

Browser extensions

  • Javascript
  • React

Before You Start

So you passed the interviews! Congratulations are in order! Here is what you can expect during the onboarding process:

Employment Contract

We will send you a bunch of legal documents crafted by the finest lawyers Halifax has to offer. There are 2 main parts: the employment contract and the proprietary information agreement. These documents outline what is expected of you, your rights, and who owns the fruits of your labor completed on company time. Pretty standard stuff.

The Probation Period

Each new Windscribe staff member goes through a three month (90 day) probationary period during which time they are evaluated for their hard work, contributions and cultural fit. The probationary period also gives us an opportunity to see what new staff can offer, while offering new staff the opportunity to see if they enjoy working at Windscribe. After being onboarded, new employees can expect up to 3 performance sync ups with their manager. The first sync up will occur at the 30 day mark, where we can discuss successes, areas of improvement and general feedback. The second sync up will occur 30 days after (60 days from your onboarding for you math majors out there) to see how things are progressing. The final evaluation happens one week shy of the end of the probation period.

Choice of Hardware

We will ask you which type of device you want, you tell us, we get you the device. Simple as that. We prefer MacBook Pros and Lenovo Thinkpads, but we're open to other brands if there is a good reason for it.

The Windscribe Welcome Package

A few days before you start you will be emailed a welcome package containing:

  • Access to your @windscribe.com and/or @controld.com mailbox
  • A VPN profile to access the back office infrastructure

Your freshly minted email Inbox will contain invites to:

  • Slack
  • Humi’s HR system
  • SSO login setup for most internal services

HR and Payroll

Once you’ve gained access to your Inbox, you will notice we’ve sent you an invite from Humi HR. See it? Great, now click it. Go ahead, don’t be shy, click that link. Now you can complete our world famous HR onboarding process. You will be asked to fill out a bunch of forms and provide us with some details so that we can add you to our payroll and set you up with our benefits plan.

Our employee payroll schedule is as follows:

  • 1st - 15th of every month -> Paid on the 20th
  • 16th - 31st of every month -> Paid on the 5th

Contractors are paid during the first week of every month for the work done during the previous month.

Calendaring

Once you gain access to your Inbox, you will have a set of SSO (single sign on) credentials. They will allow you to access the Windscribe's calendaring service. It's crucial that you reference your calendar on a daily basis so as not to miss meetings and have everyone wonder where you are.

This Manual

If you can read this manual, you’re off to a great start and we would like to formally thank you for contributing to global literacy statistics.

Your First Day(s)

Much like the first day of school, the first day of work can be a bit overwhelming, but fear not, we’ve got your back. Here is what to expect on your first day:

Work Where You Want To

After the 'ol COVID malarky, Windscribe decided to become a "remote first" company. You are welcome to work from home if you’re in Toronto. If you live in another part of the world, you don’t have much choice except working from home. Unless you come visit us, which we really hope you do. Our office is awesome and we want you to see it.

Our Toronto office is open everyday, and you are welcome to come and work from here whenever you choose. If you do choose to come in, see the “in-office policy” further down in the document for additional details.

Crash Course and Training

We tried to keep this guide from turning into a Russian novel. The crash course will help fill in any blanks that you may have when it comes to Windscribe, what we do, and the relevant basics of the job you’re going to be doing. Depending on your position, the crash course can be anywhere from a few hours to 2 days. It will cover the following:

  • Networking 101
  • Technologies we use
  • Overview of Windscribe and Control D products and features

Getting Familiar

Once you get the basics out of the way, you will begin shadowing someone on your team. You will learn the specifics related to your job which may include things like:

  • Source control
  • Project management
  • Tooling
  • Conventions
  • Relevant micro-services part of the workflow

Read (and Update) the Docs

Windscribe's infrastructure is quite large, and we develop a lot of internal tools, micro-services and applications. You should take the time to familiarize yourself with the sections relevant to your tasks. Documentation is never perfect, and if it leaves questions unanswered ask your supervisor, co-worker, or literally anyone else. If they don’t know, they will point you to the person that does.

After your questions or concerns are answered, we ask that you update the relevant docs, ensuring that others have answers in the future. Doing this can result in celebrations thrown in your name.

Your Every Day

Communications

We use several communication platforms.
These include:
  • Slack - used for day to day conversations and is the primary communications channel
  • Jitsi video chat - used for team standups and company wide meetings
  • Email - used for... you guessed it - emailing

Communication tips:

  • Use relevant team specific channels for all day to day communications.
  • Avoid having discussions in Direct Messages unless you’re talking about a private matter. Discussions of a technical nature could be useful to other people, so posting them in your team channel is the wisest plan... plus it avoids the need to repeat yourself.
  • Don’t hesitate to jump into a Slack huddle, as some discussions are best suited for real time chat, and will happen quicker
  • Be polite and considerate towards your colleagues and our audience
  • We do not allow any sexist, racist or mean spirited language to be used towards employees or users
  • We do not share customer information, this includes names, email addresses, or any identifying information on any public channels, this includes Slack, Discord, etc. If it is a pressing matter, ensure that the identifying information has been scrubbed prior to sharing - or directly link to the issue itself.

Hours

Our core work hours are 9am - 5pm EST. Some staff start earlier, some start later, but we expect everyone to put in “normal hours'' on a daily basis. This means about 8hrs a day. That being said, we’re not going to time you with a stopwatch. Our primary goal at Windscribe is to complete our tasks and assignments in a reasonable and efficient timeframe. Some days you may need start a little later, or leave a little earlier, some days you may have to put in more than 8 hrs. Just remember to keep your manager and team in the loop.

Time Zones

Most of the Windscribe team resides in the Eastern Standard Time timezone, but that may change as we grow. Those of you located outside of this timezone are expected to have at least a 4 hour overlap between 9am and 5pm EST. This allows for synchronous communication between managers, staff and teams. Each team may have a slightly different overlap requirement, and it is best to speak with your team lead/manager to determine the best schedule.

Work

The work that you will be doing will differ based on your position, the following should give you a general overview of what is expected from you on a day to day basis. Not every team member will be doing everything, so the following is a general list of responsibilities:

Systems/Backend

  • Twice a week standup every Tuesday and Thursday
  • Checking the relevant Gitlab issue boards
  • Checking the relevant mailboxes for communications with hosting providers
  • Infrastructure planning
  • On-call duty for NOC operations
  • Documentation and refinement of processes and workflows
  • Having a critical mindset and always questioning the requirements. Maybe what was documented isn’t the best way to go about solving the issue.

Engineering

  • Daily standups
  • Checking the relevant Gitlab issue boards
  • Solving issues on various boards by writing code
  • Keeping an open mind to issues that may not be best solved by writing code - if you can solve a problem without writing a single line of code, do that.
  • Code review

Support

  • Weekly sync up meetings
  • Staffing the helpdesk and ensuring that support tickets are answered within the SLA times
  • Improving the knowledge base and canned responses to help people solve their own problems and eliminate the need for duplicate text to be rewritten manually every time
  • Reporting bugs to relevant development teams

Other

  • Participate in weekly/monthly meetings relevant to your position
  • Checking the relevant Gitlab issue boards

Play

“All work and no play makes Jack a dull boy” - some Person, a long time ago.

Since you decided to work at Windscribe, we hope that you actually enjoy the work that you’re doing, however there is no substitute for actual fun. After the work day is over, we invite you participate in any of the following amusements:

  • Unwind in our full motion VR simulator
  • Play a game of real world pool or ping pong
  • Get jacked at the office gym, or do some cardio
  • Come out to the occasional group lunches
  • Come out to the occasional company wide events
  • Join us for a Christmas party/rager with a fully stocked bar, DJ, and the occasional petting zoo

Meetings

General Meetings and Standups

We’re huge fans of holding as few meetings as possible. That being said, some meetings are inevitable, especially as a remote-first company. Each team has their own meeting schedule that you will learn about on your first day. Some teams have weekly meetings, others have daily standups. Nothing is ever set in stone, each team decides it’s own meeting schedule. If you can accomplish your tasks quickly, without any meetings - whether through telepathy, or other means - do that.

Company-Wide Meetings

Every Friday at 12pm Eastern Standard Time, we hold a company-wide meeting where each staff member gets a chance to speak about their weekly accomplishments and voice any questions or concerns they may have. This meeting is mandatory to attend (unless you have taken time off).

Town Hall Meetings

We hold a Town Hall meeting on the first Friday of every month in lieu of the Company-Wide meeting. This meeting allows Team Leads to showcase their teams accomplishments in detail and share learnings with the whole company. There is also a Q&A portion at the end of each Town Hall meeting where staff members can get answers to anonymously submitted questions.

Quarterly Meetings

Every second Friday of every new quarter is a special kind of Company Wide meeting where the Leadership Team summarizes quarterly business accomplishments and plans for the future of our company.

Meeting Format

The majority of Windscribe meetings are held on Jitsi (self hosted video conferencing software). If you are creating a meeting, do not forget to create a meeting room link and add it to your meeting calendar invite. If you are attending a meeting, you will require a meeting room link to do so as well.

Meeting Conduct

Just like in-person meetings, online meeting conduct requires you to be polite, concise, and considerate of other people’s time (unless, of course, the topic warrants it). This means staying on topic and avoiding personal banter until the end of meetings. Once business has concluded, feel free to socialize for a bit - we don’t get to see each other in person that often, and exchanging good stories about life, pets, or the time you ate 15 crème brulée’s in a row, keeps us together.

Ultimately, remember to be honest with comments, critiques and concerns, but always keep things constructive. Take some time to think of solutions to problems before bringing them up (within reason). Building relationships is much harder than destroying them, but the difficult path is always the most rewarding in the long term.

The Perks of Being a Windscriber

Drug and Dental (Full Time Canadian Staff Only)

Ahealthy person is a happy person. We provide 100% drug and dental coverage through Sunlife for you and your dependents. Need new glasses or a back massager? We’ve got that covered. This perk is available immediately when you start with us.

RRSP Matching (Full Time Canadian Staff Only)

We’re all going to get old one day, so it’s never too early to start planning for retirement. Even though there is a high chance we’re all going to be on UBI in a couple of decades, extra retirement cash never hurt anyone. We offer an RRSP matching program through CommonWealth. The eligibility is as follows:

  • After 1 year with Windscribe - 3% matching

The percentage contribution is that of your annual salary. Keep in mind, you would have to contribute the same amount, and we will match you up to the eligible percentage of your salary.

Options Pool

After you’ve been with us for a year, you become eligible to receive an options grant. The value of the grant depends on the position that you’re in, and has a 4 year vesting period, with 25% of the grant being unlocked every year. Options allow you to purchase equity in the company in the event of a sale, at a severely discounted price. Here's an example to paint you a picture:

  1. We grant you 10,000 options at $2 exercise price
  2. At some point in the future, there is a liquidity event (merger, sale, IPO)
  3. The share price at this point has (hopefully) increased significantly, say to $50.
  4. You exercise your options at $2, and then immediately sell the equity at $50 for a $48/share profit

There are also opportunities to earn additional options based on performance.

Bonuses

At the end of every year (before the Holiday Break), you are eligible to receive a bonus for your work contributions. These can range widely, depending on your contributions, especially going above and beyond the “call of duty” (not the game). These are done solely at management’s discretion and can include: cash, Amazon gift cards, DOGE/BTC cryptocurrency, options grants, etc.

Education

Interested in learning a new set of skills? We have a fully stocked library of videos and tutorials on any topic you can imagine. Interested in doing an online course? We’ll pay for it, as long as it’s applicable to Windscribe or Control D. We will also make exceptions if it helps us build space lasers.

Parental Leave

So the time has come for you to create a mini human! Congratulations! We offer 12 weeks of fully paid parental leave to full-time employees who have been employed for more than 1-year, so take some time to rest and raise the little one(s) - we all know what happens to kids who's parents don't have time for them - just look at Tom Hanks' kid. Yikes.

Employee Referrals

Have a friend who you think would be good for a role? Let us know, even if we’re not actively hiring for the position you think they would be suited for. If we do hire them, not only do you get to work with your friends, we’ll also give you CAD $3000 for the referral (when they pass probation).

Free Hosting and Bandwidth

We have our own datacenter right in the office, with a direct 100 Gbps line to TORIX. Do you need some hosting space for a personal project, with effectively unlimited bandwidth? We’ve got you covered.

Lifetime Windscribe VPN and Control D Memberships

Obviously we can’t forget the ultimate perk of working for a VPN company - lifetime memberships to the services we provide! These will be made available as soon as you get hired and will last a lifetime. This way, no matter where life takes you, you will always have a little piece of Windscribe protecting you online. Forever. No backsies.

Time Off

Statutory Holidays

Much like most other places in Ontario, we don’t expect Canadian Employees to work on the following days:
  • New Year's Day
  • Family Day
  • Good Friday
  • Victoria Day
  • Canada Day
  • Labour Day
  • Thanksgiving Day
  • Christmas Day
  • Boxing Day

Vacations (Full Time Canadian Employees)

We offer 3 weeks (15 workdays) of paid vacation time per year. After 3 years at Windscribe, you are also eligible to receive an additional week off. Be sure to request the time off through Humi as early as possible, so we can plan for your absence.

Holiday Shutdown

We shutdown around the holiday season. The exact days are variable year to year, but all staff can expect to be off between Christmas Eve and New Years day. Any non-statutory holidays between these two days are extra free vacation days that do not count towards your vacation days limit. This is usually 3-5 extra fully paid days. Yay extra paid vacation time!

Personal Days

We offer 10 paid personal days per year that you can request off and do the things you need to. If you’re feeling sick, be sure to request a day off through Humi HR as early as possible, ideally a day before, and notify your team/update your Slack status as well.

Emergencies

Life is random and full of surprises. We’re here to support you during the good times and the bad. If you need additional time off in cases of the unexpected, we can likely come to an understanding. Just speak to your Team Leader if anything comes up.

Roles and Responsibilities

The following details are incremental for each role, with a decreasing tolerance for mistakes/oversights with each increase in seniority.

Software Development

We use tools to solve problems, and we all have wildly varying experiences with not only the types of problems we've encountered, but also the tools we used to solve them. Our biggest assests are our past experiences and our colleagues. That's right, we found the one time it's totally cool to "use" other people. Never hesitate to ask for help from your peers.

Our Windscribe Engineering Mantra: "We're not here to write code, we're here to build the best product to solve a problem"

Junior Engineer

<2 years experience

Junior Engineers will contribute to completing tasks on our roadmap, while simultaneously learning and improving their core competencies.The ideal Jr. Engineer can evolve our of being called a "junior" quickly if they exercise the drive and initiative to learn quickly. Juniors are expected to fail often, but not in the same way, as we expect everyone to learn from their mistakes. Overall, our expectations are that Jr. Engineers are capable, but still require mentorship and on-the-job learning to be effective.

Intermediate Engineer

2-5 years experience

Intermediate Engineers are no longer considered juniors (obviously). They are usually very competent, but may still be lacking the experience to lead teams, complex implementations, or mentor others.

Senior Engineer

5+ years experience

Senior Engineers should take ownership of not only the code, but the product/feature the code intends to implement. The main difference between a Senior and Junior Engineer is experience, which just means you've failed enough times, and in enough ways, to fail much less going forward. The ideal Senior Engineer can come up with robust solutions quickly, but their true superpower is having a great attention to detail, not only to the code, but to the outcome the code has on the product. They are capable and willing to effectively mentor and guide others.

Engineering Team Lead

A Senior Engineer that is also responsible for the overall engineering approach. This includes but is not limited to: code quality, conventions, implementation philosophies.

There will almost always be more than one solution to any given problem, which is great for finding solutions, but terrible for maintaining those solutions as the scope evolves. This means we need to agree on conventions for the way we choose to solve problems. The team lead is the engineer with the final word on these conventions, which helps reduce "bikeshedding".

Systems/Networking

Intermediate Systems Engineer

An intermediate systems engineer is experienced and knowledgeable with systems and networks in general, but may lack experience with a subset of systems that the business relies on. The ideal systems engineer will make it a mission to learn any systems they are not yet familiar with on a technical level, while also gaining an understanding of the core purpose of each system with the intent to offer improvements in security, reliability, cost and/or overhead.

Senior Systems Engineer

A senior systems engineer has a full understanding of all mission critical IT services and operations, and is responsible for their uptime. The ideal senior systems engineer knows not only the systems we use, but is experienced enough to know what the business should or should not be doing (on the systems/networking level), where we need to make improvements, and how to implement them effectively. The main drive should be in using the latest technology to solve problems or achieve goals in the most efficient, cost effective and advanced way possible.

Creatives

The creatives at Windscribe must have a deep understanding of the vision and brand of both Windscribe and Control D. Since these positions are vital to the growth of our company, and our company prides itself on innovation and humor, being able to bridge the brand message with our products is of the highest priority. Having experience in copywriting, design, animation and film making are all a bonus, since we want to create unique brand and customer experiences that can effectively go to battle with our competition - and wipe the floor with them.

Customer Service

Our product is nothing without the people that use it (and pay for it). Making sure our customers are happy is critical to our success, so with that in mind, we strive to use our customers as the feedback loops for improving our products and choosing what to work on next.

Customer Representatives

The frontline soldiers in this mission are the customer support reps. The ideal rep understands the product at both the user and technical level in order to answer customer questions, as well as provide valuable QA feedback to the engineering teams. Every new interaction with a customer issue is technically a failure on our part and should be taken as an opportunity to prevent that same issue for other customers through reproduction, documentation and engineering feedback.

Customer Experience Team Lead

The ideal customer experience lead will be able to manage a team of customer experience reps, and inform the company of improvements, requests and/or demands that our regular and enterprise clients may have. Having the ability to scout out new leads, though not mandatory, is highly beneficial as well.

How to Succeed

or How I Stopped Worrying and Learned to be a Great Employee

We truly want you to do well and succeed at Windscribe. As we continue to grow, your contributions help shape us into a stronger and more innovative company. The effort you put into improving the company, our products and our culture will always be rewarded.

Nobody wants to be stuck doing the same thing for years, and we want to give you every opportunity to advance your career, no matter which department you’re working in. So what makes a truly great Windscribe employee? The following is a general list of things every person we hire should be doing in order to maximize their chances of advancement:

Learn, learn, learn!

We have compiled a ton of educational resources for you to learn from. You can also take some time to explore the multitude of privacy, security, networking and developer blogs and YouTube channels out there. We will even pay for courses if you need them! Everyone at Windscribe is constantly learning, practicing and honing new skills. Technology is constantly evolving, and we are in an era where learning is democratized, and usually available for free online.

Ask Questions

No policy, rule or convention at Windscribe is set in stone. Ask questions and raise concerns if you have them. Do not be shy, as great discussions lead to great conclusions. Remember, just because some things are done a certain way, doesn’t mean we’re not open to doing them another way. You lose nothing by asking questions or suggesting ideas, at the very least, it will give us an opportunity to explain why something is the way it is. No question is stupid when you are learning, we are all students and teachers at one time or another.

Bring Us Ideas

At Windscribe, everyone’s opinion matters. If you have ideas on how to improve the product, a process, or corporate policy, bring it up. The worst thing that can happen is that we’ll tell you why your suggestion doesn’t work, or cannot be implemented at this time. In all other cases your suggestions will improve something, and everyone wins!

Bring Us Solutions

Ideas are great, but concrete plans on how to execute them are better.. Proposals for new tools, complex features or abstract concepts may have many moving parts and restrictions. Large amounts of brownie points are given to staff who come up with great ideas that have a fully detailed plan and/or benefit analysis, as well as a technical implementation strategy (if the idea is a technical one). If you are in a position to build out the idea yourself, we will support you with the funding, tools/materials/software, and staff required to bring your vision to life. Your efforts will be reflected come bonus time.

Set Your Targets

Like the old saying goes, “dress for the job you want, not the one you have”, except we don’t care what you wear, just what you do (FYI: if you show up to work dressed in a full Predator costume you will be high fived until both of your hands hurt). For example, if you’re in a junior or intermediate position, set your standards as high as you can, then aim even higher. The process of trying to exceed your own self expectation will always lead to fruitful conclusions. It's like that other saying on cheap overused wall art goes: “Shoot for the moon, even if you miss you’ll end up in the stars.” But we prefer “Shoot for Pluto, at worst you’ll end up in Uranus”. (Sorry, our policy writing guy was away on the day this was written).

Understand Why You Do Things

We’re not looking for people to blindly do things without having an understanding of why to do them. If you’re not sure why you’re being tasked to do something, ask. We could be wrong. We’re human and we’re not infallible. Tasks could be assigned that are counterintuitive to our goals, or conflicting with other tasks. Don’t just write code, understand why the code needs to be written. If you can solve an issue without writing any lines of code, do that. In fact, write as little code as you possibly can. If you can accomplish business related goals through a new process, or with poetry or meditation, those are preferred to writing dense code that no mortal can understand.

Performance Reviews

We conduct performance reviews every 6 months. At the end of each review period, there is a short 10 question survey that you and your immediate supervisor will fill out. Then you will discuss the things you wrote and come to a common understanding. Each performance review period makes you eligible for (but does not guarantee) a salary bump or other benefits.

Appendix A - Glossary of Terms

There are many words out there, you saw some of them in the above document. However due to the nature of the service - and the nature of words - there are some that you probably have not encountered before. This section will help define common “Windscribe words” for you. It's basically a dictionary... or a windtionary.. or a dic-scri- nevermind.

VPN

Virtual Private Network, the technology behind the core feature offerings of Windscribe. It allows for two computers to establish a secure channel of communication where an outside observer has no idea what is being communicated inside of the tunnel.

Tunnel

This is not an actual tunnel. It’s an encrypted stream of bytes between two computers that allows transport of other protocols.

Proxy

Much like in the non-technical sense, a proxy is something that does something on your behalf. In our case, a proxy is a server that you send your traffic to, which in turn forwards it somewhere else. The final destination sees the IP address of the proxy server, instead of the one assigned to you by your ISP. Every VPN server we operate is effectively a proxy.

OpenVPN

A virtual private network (VPN) system (protocol) that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It implements both client and server applications.

IKE / IKEv1 / IKEv2

Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on version) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP. IKE uses X.509 certificates for authentication and a Diffie–Hellman key exchange to set up a shared session secret from which cryptographic keys are derived.

Wireguard

A new VPN tunneling protocol. It has a very small code base relative to OpenVPN or IPsec/IKev2 and is generally the most performant one. We’re working on a fork of Wireguard to add some missing functionality and make it more useful for Windscribe.

Quartermaster

Bespoke server provisioning system responsible for configuring new machines to the Windscribe network, as well as making live runtime changes.

ROBERT

ROBERT is our custom designed DNS management system that allows Windscribe users to manage the way they see the internet. With ROBERT, users can effectively block ads and trackers, as well as categories of websites. You can find the ROBERT panel in the “Account” section of the desktop and mobile app.

dig

A flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than dig.

Meeseeks

This is a microservice that acts as an agent to Quartermaster. It runs on the machine being provisioned, and is responsible for receiving and executing configuration commands.

Squid

Open source proxy server commonly used as a forward HTTP proxy. The Windscribe extension used this server in the early days.

Octo

Bespoke forward proxy server written as a replacement for squid due to various limitations. This is currently the workhorse behind the browser extension connections.

Jelly

Bespoke transparent proxy server (because Jellyfish are transparent.. get it?). This service is responsible for redirecting both VPN and proxy traffic to other exit servers.

Strongswan

Opensource IPSec + IKEv2 implementation. This is currently the server responsible for our default protocol (IKEv2).

Boringtun

A userspace wireguard implementation. We currently maintain a fork of the original written by Cloudflare, and is currently the service powering our Wireguard protocol support.

stunnel

Opensource TLS tunnel implementation. This server creates a tunnel encrypted with TLS (the same security protocol used in HTTPS connections). This is used to bypass various DPI or network inspection techniques. This is one of the tools used in our “Stealth” protocol.

wstunnel

A proxy which wraps TCP or UDP packets in the websockets (ws or wss) protocol. Provides a mechanism for masquerading VPN traffic inside of traditional https (websockets) traffic. We run OpenVPN over websockets as a connection type in our desktop clients.

NSLookup

NSLookup, or Name Server Lookup is a command line for network administration that allows a user to query DNS and return the IP address, or an IP address and return DNS information.

DNS

DNS, or Domain Name System. This protocol is responsible for translating human readable domain names, such as windscribe.com, into machine readable IP addresses

Client Side Keepalive

A mechanism for maintaining persistence of a connection initiated by the client. Assists with networks using NAT which may timeout a connection if it is perceived as idle.

Packet

In networking, a packet is a small segment of a larger message. Data sent over computer networks, such as the Internet, is divided into packets. These packets are then recombined by the computer or device that receives them.

MTU - Maximum Transmission Unit

In computer networking, the maximum transmission unit (MTU) is the size of the largest protocol data unit (PDU) that can be communicated in a single network layer transaction. The MTU relates to, but is not identical to the maximum frame size that can be transported on the data link layer, e.g. Ethernet frame.

WebRTC - Web Real-Time Communication

WebRTC is a free and open-source project providing web browsers and mobile applications with real-time communication via simple application programming interfaces.

MAC Address - Media Access Control address

A media access control address (MAC address) is a unique identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment. This use is common in Ethernet, Wi-Fi, and Bluetooth. MAC addresses are recognizable as six groups of two hexadecimal digits, separated by hyphens, colons, or without a separator.

MAC Address Spoofing

Theoretically, every network device in the world is identified by a MAC address. But not every user wants this transparency on the internet. One reason to mask your MAC address is for the protection of privacy – for example, in public WLAN networks. Spoofing your mac address allows you to hide the physical burned in identifier associated with your network interface.

IP / Internet Protocol

The Internet Protocol (IP) is a protocol, or set of rules, for routing and addressing packets of data so that they can travel across networks and arrive at the correct destination. Data traversing the Internet is divided into smaller pieces, called packets. IP information is attached to each packet, and this information helps routers to send packets to the right place. Every device or domain that connects to the Internet is assigned an IP address, and as packets are directed to the IP address attached to them, data arrives where it is needed.

IPv4

IPv4 is an IP version widely used to identify devices on a network using an addressing system. It was the first version of IP deployed for production in the ARPANET in 1983. It uses a 32-bit address scheme to store 2^32 addresses which is more than 4 billion addresses. It is considered the primary Internet Protocol since adoption of IPv6 has been slow.

IPv6

IPv6 is the most recent version of the Internet Protocol. This new IP address version is being deployed to fulfill the need for more Internet addresses. It was aimed to resolve issues that are associated with IPv4. With 128-bit address space, it allows 340 undecillion unique address space. IPv6 is also called IPng (Internet Protocol next generation).

UDP - User Datagram Protocol

In computer networking, the User Datagram Protocol (UDP) is one of the core members of the Internet protocol suite. With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol (IP) network. Prior communications are not required in order to set up communication channels or data paths. UDP uses a simple connectionless communication model with a minimum of protocol mechanisms. UDP provides checksums for data integrity, and port numbers for addressing different functions at the source and destination of the datagram. It has no handshaking dialogues, and thus exposes the user's program to any unreliability of the underlying network; there is no guarantee of delivery, ordering, or duplicate protection.

TCP - Transmission Control Protocol

The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonly referred to as TCP/IP. TCP provides reliable, ordered, and error-checked delivery of a stream of octets (bytes) between applications running on hosts communicating via an IP network. Major internet applications such as the World Wide Web, email, remote administration, and file transfer rely on TCP, which is part of the Transport Layer of the TCP/IP suite. SSL/TLS often runs on top of TCP.

Network Socket

A network socket is a software structure within a network node of a computer network that serves as an endpoint for sending and receiving data across the network. The structure and properties of a socket are defined by an application programming interface (API) for the networking architecture. Sockets are created only during the lifetime of a process of an application running in the node.

Because of the standardization of the TCP/IP protocols in the development of the Internet, the term network socket is most commonly used in the context of the Internet protocol suite, and is therefore often also referred to as Internet socket. In this context, a socket is externally identified to other hosts by its socket address, which is the triad of transport protocol, IP address, and port number.

TAP/TUN Drivers

In computer networking, TUN and TAP are kernel virtual network devices. Being network devices supported entirely in software, they differ from ordinary network devices which are backed by physical network adapters. Though both are for tunneling purposes, TUN and TAP can't be used together because they transmit and receive packets at different layers of the network stack. TUN, namely network TUNnel, simulates a network layer device and operates in layer 3 carrying IP packets. TAP, namely network TAP, simulates a link layer device and operates in layer 2 carrying Ethernet frames. TUN is used with routing. TAP can be used to create a user space network bridge.

TLS/SSL

Transport Layer Security (TLS), the successor of the now-deprecated Secure Sockets Layer (SSL), is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use as the Security layer in HTTPS remains the most publicly visible.

The TLS protocol aims primarily to provide privacy and data integrity between two or more communicating computer applications. It runs in the application layer of the Internet and is itself composed of two layers: the TLS record and the TLS handshake protocols.

Split Tunneling

Split tunneling is a computer networking concept which allows a user to access dissimilar security domains like a public network (e.g., the Internet) and a local LAN or WAN at the same time, using the same or different network connections. In our case users use both a VPN connection and their own LAN connectivity to provide different access.

Forward Proxy

A forward proxy is the most common form of a proxy server and is generally used to pass requests from an isolated, private network to the Internet through a firewall. Using a forward proxy, requests from an isolated network, or intranet, can be rejected or allowed to pass through a firewall. Requests may also be fulfilled by serving from cache rather than passing through the Internet. This allows a level of network security and lessens network traffic. Forward proxies require active/known configuration by the client. Squid (and now Octo) are the forward proxies we use to facilitate connectivity for browser extension users.

Reverse Proxy

A reverse proxy is a type of proxy server that retrieves resources on behalf of a client from one or more servers. These resources are then returned to the client, appearing as if they originated from the reverse proxy server itself. It is mainly used to balance load.

Transparent Proxy

A transparent proxy, also known as an inline proxy, intercepting proxy or forced proxy, is a server that intercepts the connection between an end-user or device and the internet. It is called “transparent” because it does so without modifying requests and responses. Jelly is our bespoke transparent proxy.

WinTun/Windows Tunnel

Wintun is a very simple and minimal TUN driver for the Windows kernel, which provides userspace programs with a simple network adapter for reading and writing packets. It is akin to Linux's /dev/net/tun and BSD's /dev/tun. Originally designed for use in WireGuard, Wintun is meant to be generally useful for a wide variety of layer 3 networking protocols and experiments.

Custom Config

Custom OpenVPN configuration that a user can inject into our desktop application instead of the default supplied by our API for connecting to standard Windscribe nodes.

ECH - Encrypted Client Hello

ECH allows the client to encrypt the SNI, the last of the unencrypted remnants of the "old Internet". Even if you currently use HTTPS with a secure DNS resolver (DoH, DoT), the SNI header is sent in plaintext, allowing your ISP or network administrator to see the websites you're accessing. ECH patches this last hole by encrypting the SNI. Currently, only Firefox supports ECH.

DoH - DNS over HTTPS

DNS-over-HTTPS is a new protocol for looking up IP addresses. The biggest difference between standard DNS and DoH is the fact that standard DNS is not encrypted. Your Internet Service Provider (ISP), or network administrator can see what domains you’re accessing, and can very easily block them on their network. This is also how most ISPs collect your browsing history, and then sell it to advertisers or hand it over to law enforcement without any warrants. DoH fixes this issue by encrypting the request with TLS, the same technology that is used to secure communications with most websites out there.

POP - Point of Presence

A physical location somewhere on Earth where servers reside.