September 29, 2013
The privacy of Internet users has become an extremely hot topic this year, largely thanks to the revelations of whistleblower Edward Snowden. As a result many people have turned to VPNs in the hope of making their online browsing habits harder to track.
While this appears to be a logical move, many people forget to ask themselves a crucial question:
Roughly a year ago a new VPN provider entered the market with a rather generous offer.
The company offered free VPN connections for all, no strings attached. As a result thousands of people flocked to the new service and installed the toolbar-supported client in order to be protected from the prying eyes of their ISP and third-party monitoring outfits.
While a free VPN does indeed sound like a good offer, it was surprising to see how easily people were prepared to hook up to the servers of a totally unknown company.
The VPN service in question, which shall remain unnamed, was operated by an unknown offshore company that appeared to come out of nowhere.
The above example is not limited to free or new VPN providers.
Everyone who uses a VPN service puts an incredible amount of trust in the company they sign up with. While the highest encryption standards offer protection against direct monitoring, VPN providers can still see everything you do, if they want to.
So how do you know if you can trust your provider?
The honest answer is that you don’t.
Earlier this year we published an overview of several VPN providers who keep no logs at all. These sound like a great and safe option, but then again, you have to trust the answers they provided.
Perhaps it’s a disappointing conclusion, but despite all the state of the art encryptions these VPN companies offer, complete security remains a matter of trust. In reality this means that you have to carefully vet the VPN service you sign up with, asking yourself whether you really trust company X with all your data.
For an industry that’s worth hundreds of millions of dollars a year it is quite a surprise that these concerns haven’t been addressed more systematically. But perhaps this may change in the future.
TorrentFreak talked to several providers about the idea of setting up an independent foundation to do regular audits on a variety of security aspects. Nearly all providers welcomed such an initiative and would happily pay to be screened.
The screenings could range from an inspection of their privacy policies, through to an independent review of the technical backend, to a complete audit of the company structure. These audits are already commonplace for credit card processors and would help to build trust in the VPN industry.
Of course these audits are no guarantee against companies changing their policies afterwards, but it’s a huge improvement over the complete absence of objective information there is now.
For now, however, we are not aware of any concrete plans to start up an independent audit foundation.