I love security. I love privacy. Consequently, it will come as no surprise that I love tools that help people achieve those objectives. Equally, I have no patience for false promises, and I've been very vocal about my feelings there:
But one of them is literally called “Secure VPN”, how is this possible?!— Troy Hunt (@troyhunt) July 20, 2020
“Are You Using These VPN Apps? Personal Info Of 20 Million Users Leaked: That’s 1.2TB Data” https://t.co/BPDww70Pgo
VPNs are a great example of where a tool can be used to enhance security and privacy but often, they fall short of delivering on the promise. When you use a VPN, you're trusting a third party with your traffic and even in an increasingly "encrypted by default" web, you're taking a leap of faith with who you choose to route your bytes.
A few months ago, NordVPN sponsored this blog and we got to chatting. I had a long call with Tom Okman (that link is a good read on their background) who co-founded the company in 2012 and I expressed my dismay at the trustworthiness (or lack thereof) of so many VPNs in the market. This was before the embedded tweet above but well after I'd written about dodgy VPNs:
Whoever can see your traffic - be that your local ISP or the VPN provider you decide to use - has an enormous responsibility and you're placing a huge amount of trust in them
I really pressed Tom on the trust piece - why should people trust NordVPN? The promise of "no logs" in particular is a favourite of VPN providers yet evidently, the reality doesn't always meet the promise. Turns out they'd just had their second PWC audit to verify their claims and came out clean which is a pretty solid way of demonstrating their commitment to privacy. Having a Big Four do any sort of formal audit wouldn't have been a cheap experience and the fact Tom and co recognised the value, not just in making claims but proving them too, carries a lot of weight.
But there were also aspects of NordVPN I told Tom needed work, especially around their messaging in marketing material. Look, I get it, marketing people like to embellish but, in my view, there were occasions where that went beyond what you could reasonably expect a VPN to do. You can't on the one hand put all this work into trust and transparency and then on the other hand convey messaging that impacts trust and transparency! And yes, I have strong views on these things 😊
So Tom asked me if I'd like to become an adviser to NordVPN and invest a bit more time than just a telephone call sharing these ideas. I thought about it for a while, kept using the product, liked it, realised it's not like I'm travelling anywhere anytime soon so I've got the time and gave him a thumbs up. So here we are. I'll be devoting some cycles each month to work with NordVPN on their tools and messaging with a view to helping them make a great product even better. Yes, it's a commercial relationship but no, I won't be employed by them, will remain independent and will continue to do all the things I usually do anyway (except travel, of course).
NordVPN has done a great job getting their product out to 14 million people worldwide and frankly, that's a pretty impressive number for a tool your average consumer has no idea about. I'm looking forward to working with them on the product, reaching more people and having a greater positive impact on digital privacy.