Last, VPN companies need to agree on standards of transparency. It
VKRXOG�EH�HDV\�WR�¿QG�RXW�ZKLFK�931�VHUYHUV�DUH�YLUWXDO�DQG�ZKHUH�
WKRVH�VHUYHUV�DUH�ORFDWHG��,W�VKRXOG�EH�HDV\�WR�¿QG�RXW�ZKR�RZQV�D�931�
FRPSDQ\�DQG�ZKHUH�LW¶V�ORFDWHG��,W�VKRXOG�EH�HDV\�WR�¿QG�UHSRUWV�RQ�KRZ�
many requests for information a company received from government
agencies, and how much information was disclosed as a result. It should
be standard practice for companies to disclose breaches and security
issues in a timely manner.
Is that all the industry needs? Probably not, but it would be an excellent
VWDUW��:LWK�FOHDUO\�GH¿QHG�VWDQGDUGV��WKLUG�SDUW\�DXGLWV�FRXOG�KDYH�IDU�
more weight and be easier to understand.
Careful readers will notice that the VTI talks quite a bit about engaging
with government to craft regulation, as well as self-regulation. There’s
certainly room for skepticism about any industry regulating itself or
dictating the terms of government regulation of that industry. But the
US government and others have often shown themselves to be, if not
actually ignorant of how technology works, then actively working to
erode the security and privacy of individuals. The renewed push for
access to encrypted messaging is just one example of why the
government doesn’t always know best.
TOOLS FOR USERS
An important point that’s not mentioned in any of the available
LQIRUPDWLRQ�DERXW�WKH�97,�LV�XVHU�YHUL¿FDWLRQ��5LJKW�QRZ��WKHUH¶V�QR�
easy, practical way for a customer to verify that their information is
being properly encrypted by the VPN—the most basic thing that a VPN
must do. Sure, they could use Wireshark to perform some packet
interception and analysis, but that’s not something the average person
(or even an experienced reviewer) should be expected to do.
7KH�$QWL�0DOZDUH�7HVWLQJ�6WDQGDUGV�2UJDQL]DWLRQ��$0762��LV�VLPLODU�
to the VTI in that it exists to foster trust in the antivirus industry.
They’ve done a lot of work to that end, but I’d argue their most useful
contribution was creating a series of tests that anyone can use to verify
that their antivirus is actually doing something.
M
a
x
E
d
d
y
