Who owns your VPN? You should find out

VPN Worst Practices By Viktor Vecsei | Posted on March 3, 2021

Trust is, or should be, the number one factor in picking a VPN service. This is a point we have mentioned in previous posts in this series, but it’s worth expanding on and taking a closer look at the why.

Can you trust the service to encrypt your connection and not log any information about you? Can you trust its owners to act on your best interest when someone tries to identify you, be it a data broker or an overzealous government entity? Can you trust someone you don’t know and cannot hold accountable?

A common defense by companies hiding their ownership in the VPN industry is the following: “we are a privacy company, so our owners wish to remain anonymous”. In other cases they reason anonymous operators can fight government pressure better. These are red herring arguments. Privacy protection services don’t exist to serve their owners, they exist to serve their customers. If a government agency wants to pressure operators of large-scale VPN services, they have the means to find them.
If anything goes wrong and the VPN service bails on its promises, those in charge need to take responsibility. If a company that is supposed to protect you is registered in an obscure location, it shields the owner’s identity, which is beneficial for them, but not for you. The chance for accountability is lost.

A further reason to learn and understand who is behind the VPN service is to assess their motivation. Entrepreneurs motivated by financial gains can run services at a high quality and some may put principles before profits. Yet if those operators have a history of running malware, or investing in data mining services, their commitment to protect your privacy is less clear. If having some unwelcome connections is a reason for hiding their ownership, that is a cause for alarm.

Some popular VPNs are owned by vertically integrated conglomerates that also operate media companies and run tech comparison websites. They are not breaking any laws, yet corporate visions rarely include activism motivated by the desire to challenge a new surveillance status quo. Rather, they tend to favor structures and decisions that prefer creating shareholder value and improving financial performance indicators.

When considering other reasons for obfuscated ownership, we can only contemplate the worst cases. We have no proof on any top VPN services being secretly owned by governments or malicious actors that use them as honeypots. This is something we cannot rule out either, and the consequences are grave.

If you are evaluating VPN services, we suggest researching the owners of your top choices.

You can start with the following steps:

  1. Review their website and look for information on who operates the service: About Us pages, Terms and Conditions, Career sections.
  2. Do a DuckDuckGo search on the operators or use sources like Crunchbase or LinkedIn to find out more about their background. Based on the available information, you can determine whether their profile fits the mission of protecting your privacy.
  3. Check if the team members are listed on the website or other public spaces. Relevant activity on platforms like GitHub and LinkedIn are good signs.
  4. Do a search on Reddit and Twitter for the company and brand name and see what pops up - are there any obvious issues or reports of maleficence?

What we would consider red flags:

The VPN industry has changed considerably in the past couple of years. Gone are the days where companies serving millions of customers could get by with obfuscated ownership and unclear policies. This is a welcome trend, but transparency should be the norm for every VPN service. We hereby call on VPN providers to do the following:

  1. Fully disclose final and beneficial owners of the service, so customers know who is responsible for protecting their data.
  2. Announce the jurisdictions they operate in and publicise law enforcement response guidelines to make customer aware of their policies.
  3. Disclose team members and include information about background on your website.
Transparency
We invite you to discuss this post in our Reddit community or on Twitter. You can also send your feedback to blog@ivpn.net.
IVPN News

Independent security audit concluded

By Nick Pestell

IVPN News

IVPN applications are now open source

By Viktor Vecsei

Releases

Beta IVPN Linux app released

By Viktor Vecsei

Misleading promises of the world's fastest, anonymous, military-grade VPNs VPN Worst Practices

Misleading promises of the world's fastest, anonymous, military-grade VPNs

Posted on December 4, 2020 by Viktor Vecsei

Trust is hard to build and telling the truth is a valuable habit to support this process. Trust is also easy to lose and telling lies (even white ones) is a fast way to diminish it.
The privacy issue is real and you can't solve it with just a VPN VPN Worst Practices

The privacy issue is real and you can't solve it with just a VPN

Posted on August 13, 2020 by Viktor Vecsei

In the two previous posts in our series we have discussed even though mainstream VPN providers over-promise on their services, VPNs are useful and necessary tools for privacy protection. This third post looks beyond promises of VPNs to examine why and how sensitive data is accumulated of our lives, and what can we do about it.
Spotted a mistake or have an idea on how to improve this page?
Suggest an edit on GitHub.