Security Market Segment LS
Tuesday, 18 July 2023 02:45

Has your VPN been audited? Featured

By
Has your VPN been audited? Image by Dan Nelson from Pixabay

It’s a general truism that a reputable VPN provider will undertake regular audits. Has yours?

Broadly, there are two types of audit that any VPN provider should undertake.

Security audit: These are conducted by some third-party auditor and will identify whether a VPN platform has any vulnerabilities and what data it logs.

Privacy policy/no logs audit: The auditor will review a provider’s no-logs policy, looking at their connection and usage logs, as well as any data saved on their servers. They will then release a report detailing their findings, outlining whether the policy matches the data held on their server.

It would be reasonable to expect that audits were conducted yearly by external companies specialising in VPN privacy and security. These include the notable ‘big four’ consulting firms - Deloitte, KPMG, PwC, EY, as well as specialist cybersecurity firms such as Cure53, MDSec, VerSprite, Securitum, and Leviathan.

Recent research by UK company Independent Advisor has found that things perhaps aren’t as rosy as we might hope. In particular, the report draws attention to the very clear difference between free and paid VPN services. “As tempting as a free VPN option may be, the way these providers usually make money is unfortunately by selling data to third-party advertisers, and they often don’t have the money to invest in better security infrastructure, making users more vulnerable to data breaches and related cybercrimes.” Of course this is a very general observation, but it should give users pause for thought.

“Many VPN providers claim to maintain a no-logging policy, which generally means at a minimum they do not store any data relating to user internet activity,” notes Nick Seaver of Deloitte. “The data that is logged by some VPN services can include the time users connect and disconnect from the VPN, their real IP address and the address of the VPN server, the volume of data transmitted and connection information, such as your device, operating system and VPN software.

“For people who are using VPNs to keep their online activities confidential and secure, the provider’s logging policies are important and it’s a good idea to read the policy carefully. The policy should clearly explain what data the VPN does and does not log, for what purpose and the duration the logs are kept. Logging policies potentially enable the provider to track and store information about users’ internet activity.

“If providers log your activities in detail, they can track your internet activity and potentially share it with others. If users want a VPN for privacy and security, it’s important to choose a provider with an appropriate no-logging policy.”

The following chart is an extract from the report. It’s not comprehensive – iTWire is aware of a number of VPN solutions that are not included. Perhaps if readers wish to use a service not shown here, they should seek out audit information on the provider’s web site.

Of course, the opposite is true; just because a service is audited, doesn’t mean that some issue may be discovered in the future, particularly within the domain of the security audit.

VPN Adits

Read 1327 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here




Maximising Cloud Efficiency - LUMEN WEBINAR 23 April 2025

According to KPMG, companies typically spend 35% more on cloud than is required to deliver business objectives

The rush to the cloud has led to insufficient oversight, with many organisations struggling to balance the value of cloud agility and innovation against the need for guardrails to control costs.

Join us for an exclusive webinar on Cloud Optimisation.

In this event, the team from Lumen will explain how you can maximise cloud efficiency while reducing cost.

The session will reveal how to implement key steps for effective cloud optimisation.

Register for the event now!

REGISTER!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.

Share News tips for the iTWire Journalists? Your tip will be anonymous

Subscribe to Newsletter

*  Enter the security code shown: img0

CYBERSECURITY

PEOPLE MOVES

GUEST ARTICLES

Guest Opinion

ITWIRETV & INTERVIEWS

RESEARCH & CASE STUDIES

Channel News

Comments