VPN (virtual private networks) are used by many to safeguard their privacy online, but not all VPNs are created equal. Some offer anonymity while at the same time depriving a user of privacy by logging that user's IP, a detail which you might only find out by asking them (and sometimes not even then).
TorrentFreak published its annual survey of privacy-oriented VPN services on Friday. That blog asked VPNs a series of 12 questions about their respective logging practices and other privacy sensitive policies. The respondents were then split into two groups: those who say they keep no logs, and those that do.
I'm still digging through the list, weighing the pros and cons, but I do know that I'm going to keep that post bookmarked. While there's no way to tell for sure whether all of the VPNs were telling the truth, this is still the single most comprehensive list of actual privacy polices (and not just the stated policies) for that industry.
Here are the questions:
1. Do you keep ANY logs which would allow you to match an IP-address and a time stamp to a user of your service? If so, exactly what information do you hold and for how long?
2. Under what jurisdiction(s) does your company operate?
3. What tools are used to monitor and mitigate abuse of your service?
4. Do you use any external email providers (e.g. Google Apps) or support tools ( e.g Live support, Zendesk) that hold information provided by users?
5. In the event you receive a DMCA takedown notice or European equivalent, how are these handled?
6. What steps are taken when a valid court order requires your company to identify an active user of your service? Has this ever happened?
7. Does your company have a warrant canary or a similar solution to alert customers to gag orders?
8. Is BitTorrent and other file-sharing traffic allowed on all servers? If not, why?
9. Which payment systems do you use and how are these linked to individual user accounts?
10. What is the most secure VPN connection and encryption algorithm you would recommend to your users? Do you provide tools such as “kill switches” if a connection drops and DNS leak protection?
11. Do you use your own DNS servers? (if not, which servers do you use?)
12. Do you have physical control over your VPN servers and network or are they outsourced and hosted by a third party (if so, which ones)? Where are your servers located?
image by larsjuh