VyprVPN has become the first commercial VPN provider to publish a complete in-depth audit of its service.
Until its announcement on the 29th November, the Swiss-based VPN provider was known to store connection logs for 30-days. Despite being a generally robust VPN service (that retained connection logs for a relatively short period of time) VyprVPN’s logging practices have always been considered something of a black mark to its service.
This was because the logs produced a vulnerability in VyprVPN’s service. Allowing specifically for the possibility of a time correlation attack (e2e timing attack).
The biggest problem with commercial VPN services is that it is incredibly hard to verify their claims. This means that (until now) there has always been a level of trust involved in using any commercial VPN provider.
There are literally hundreds of commercial VPN providers on the market, and the reality is that many of those services have dodgy policies and insecure practices that makes using them a bit of a gamble.
To their credit, there is a group of established and generally trusted VPN providers, that are known to have strong policies and a proven track record of providing privacy for their users. Some, like Private Internet Access, for example, have even gone as far as proving their no-logs claims in court.
Until now, however, no VPN has ever published a detailed audit of its entire service. That is why VyprVPN’s audit is so important; it completely sets it apart from the rest of the VPN industry.
It is, of course, possible that as soon as the auditors walked out of the room, VyprVPN completely changed how they are running their servers. So there is still a level of trust involved (and always will be with any commercial VPN service).
What we can definitely say though, is that this is the best it is ever going to get and, realistically, we have no reason to doubt that VyprVPN is running the VPN in exactly the manner that LSG found during its recent audit.
But wait, I have heard of previous VPN audits! What gives?
While it is true that certain aspects of VPNs have been audited in the past, no VPN provider has ever published an in-depth audit of this magnitude. At the beginning of 2017, OSTIF published an audit of OpenVPN encryption. While this is useful and does produce trust in the most widely implemented VPN encryption protocol on the market, it doesn’t guarantee that providers are actually implementing the protocol securely themselves.
In 2017, the Canadian VPN provider TunnelBear paid for its VPN clients to be audited to prove that it was providing the level of encryption and security it advertises. While this is commendable and definitely helps to raise trust in their platform, it still provides no guarantees about their logging practices.
Allowing LSG to analyze its server centers, and by publishing the full audit means VyprVPN has raised the bar. VyprVPN is owned by Golden Frog - an internet conglomerate that owns the entire of its VPN network infrastructure. This means no third-party server farms are involved in providing the VPN service to its subscribers. This, along with the audit and no logs policy adds credibility to the privacy and security of the service.
With a thorough and comprehensive audit now in the public domain, VyprVPN subscribers are the first ever to profit from knowing their VPN service has had its no-log claims transparently verified. Sunday Yokubaitis, CEO of VyprVPN said:
“With this move, we have reinforced our core mission.”
“We not only want to remain the technology leader in the VPN space,
We would like to congratulate VyprVPN on the changes it has made to its service. There is no doubt in our minds that these changes make VyprVPN a force to be reckoned. We hope that other VPNs will follow suit, and not only pay for a thorough audit of their platform, but also publish the entire audit for transparency purposes.
Want to know more? Check out our VyprVPN review