The VPN industry sucks. Dozens of companies promise you the impossible dream of perfect privacy. But it’s simply a big lie. A company called Confirmed VPN wants to change that by holding VPN companies accountable.
VPN companies let you establish an encrypted tunnel between your device and a server in a data center somewhere. While nobody can see what’s inside the tunnel, the VPN company can see everything on their servers.
Many shady companies use that to analyze your browsing habits, sell them to advertisers, inject their own ads on non-secure pages or steal your identity. The worst of them can hand to authorities a ton of data about your online life.
They lie in privacy policies and often don’t even have an About page with the names of people working for those companies. They spend a ton of money buying reviews and endorsements.
Don’t trust any of them.
In other words, VPN services don’t make you more secure on the internet. Install HTTPS Everywhere, install an ad blocker and change your DNS settings to Quad9 or Cloudflare’s 188.8.131.52. Those are better steps to secure your connection.
Now that I got that out of the way, Confirmed VPN is yet another VPN service that wants to try something new. The team behind it (Duet Display’s Rahul Dewan and former iCloud engineer Johnny Lin) has open-sourced the code of its clients and server-side components. It then automatically deploys new commits on Amazon Web Services.
The company uses AWS CloudWatch to monitor unusual activity on the server to prove that they’re not downloading logs or anything like that. Security experts can also log into AWS using read-only credentials. Confirmed VPN has also completed two security audits and has a bug bounty program.
I’m not a security expert, so I can’t endorse or recommend Confirmed VPN — remember, I still think you shouldn’t use a VPN service. But this transparent approach is interesting by itself. Now let’s see how competitors react.