Earlier this year the Center for Democracy and Technology (CDT) met with several popular VPN providers at RightsCon in Toronto, Canada.
There the companies and the non-profit organisation worked together to formulate a list of questions that describe the basic commitments VPNs can make to signal their trustworthiness and reputation called the Signals of Trustworthy VPNs.
To learn more about this partnership and how it aims to improve transparency among VPN providers, TechRadar Pro sat down with ExpressVPN’s Vice President Harold Li.
1. To start with, can you give us a brief overview of what the Center for Democracy and Technology is?
2. Why did ExpressVPN choose to partner with CDT rather than with the likes of the more established EFF (Electronic Frontier Foundation) or others?
We support and work with a number of different digital rights advocacy organizations, including the EFF, Fight for the Future, OpenMedia, CDT, and others. In this case, the CDT initiated this effort due to their longrunning interest in helping consumers identify VPN providers that they can trust.
3. Why does the VPN market need a scheme like CDT's?
VPNs are a vital tool for anyone who cares about the privacy and security online, but actually choosing a provider that you can trust can be a daunting task. With dozens of providers to choose from, it’s easy for people to be overwhelmed or even to give up, leaving themselves vulnerable. This initiative provides important guidance, supported by an independent third-party, for consumers to evaluate which provider they can trust.
I like to describe it as a nutrition label for VPNs, providing a baseline set of facts you can compare across various services, helping everyone choose the right VPN for their privacy and security. And just as a nutrition label can help you determine which peanut butter labeled “healthy” truly is better for you, these questions and answers enable you to better judge whether a VPN service that boasts “industry-leading security” truly deserves that label.
4. The list of commitments is listed as being the basic version. Can you give me some examples of what else can be added to make it more complete?
Absolutely, this initiative just establishes a baseline for what we consider trustworthy VPN providers should do and disclose. At ExpressVPN, we believe that we can do a lot more to earn user trust, such as through our track record of advocacy for digital rights and support for associated organizations, innovation in the industry such as our open-source leak testing tool suite, and sharing detailed information about how we work every day to protect our users. The ExpressVPN Trust Center, for example, features extensive additional detail about our security practices, above and beyond what the CDT project calls for.
5. Who are the four other VPN providers you are working with on CDT? Has CDT's invite been extended to other VPN providers? If yes, what has been the feedback?
The other VPN providers who are part of the initiative so far are IVPN, Mullvad, TunnelBear, and VyprVPN. There’s absolutely an open invite for anyone to participate in this project. We want to raise the bar for security and privacy practices in the consumer VPN industry as a whole, so the more participants the better!
6. Why should VPN join CDT's scheme and how can they do it if they choose to?
A VPN industry with higher standards and better informed consumers ultimately means a more secure and private internet for everyone—and I certainly hope that any VPN provider can agree with that goal. VPNs looking to join the scheme should reach out to the CDT.
Harold Li, Vice President of ExpressVPN
- We've also highlighted the best VPN